last executing test programs:

3m35.031191585s ago: executing program 0 (id=1):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}, 0x1, 0x0, 0x0, 0x4008800}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="a800000000010104000000000000000002000001240001801400018008000100e000000108000200e00000010c0002800500010000000000080008400000950304001080080015"], 0xa8}, 0x1, 0x0, 0x0, 0x400d0}, 0x40000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWRULE={0x114, 0x6, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x12}]}}}, {0x10, 0x1, 0x0, 0x1, @hash={{0x9}, @void}}, {0x28, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_USERDATA={0xa0, 0x7, 0x1, 0x0, "3cb850503ceac512b5253188fb7f9f90573b0eeec60e7298af6e9926dec38ec9e1de7ba5b695eb9a54c63e196eca113874de85396d9381fdbade3ceb5dd53e592714dd50e70494328ec3ed73e9a6d9e3f6f3c8a9241139955dcc053f988a74a57d113e4d5d8f29361835ea3c0444c9d2aad9065db37119c0f70a9f1c11fad744aba2024794be980e65bcc1acc82c35338a7672e6a8156011783c1deb"}]}, @NFT_MSG_DELCHAIN={0x40, 0x5, 0xa, 0x2915024094f4014f, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}]}], {0x14}}, 0x190}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0)
ioctl$KVM_GET_MSRS_sys(r3, 0xc008ae88, &(0x7f0000000180)={0x1, 0x0, [{0x488, 0x0, 0x200}]})
r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
chdir(&(0x7f0000000080)='./file0\x00')
setpgid(r5, r5)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r6, 0x5)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r7, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
accept(r6, 0x0, 0x0)
setpgid(0x0, r5)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x16, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c252500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1ad8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000080000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x18000000000002a0, 0xe, 0xfffffffffffffffd, &(0x7f00000001c0)="186bf7ffffffffffffffef0a3254", 0x0, 0xff, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)
write$vga_arbiter(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="746172676574205043493a31623a313a31972e3700"], 0x15)
ioctl$int_in(r4, 0x5452, &(0x7f0000000000)=0x57)
r9 = syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)="43ee25")
capget(&(0x7f00000001c0), 0x0)
process_vm_readv(r9, &(0x7f00000006c0)=[{&(0x7f0000000480)=""/93, 0x5d}], 0x1, &(0x7f0000000d40)=[{&(0x7f0000000740)=""/187, 0xbb}], 0x1, 0x0)

3m34.842150845s ago: executing program 0 (id=7):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x2, 0x80805, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = syz_io_uring_setup(0x74, &(0x7f0000000000)={0x0, 0xce94, 0x10, 0x3, 0x40004334}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r1, 0x80, &(0x7f0000000300)=@l2tp6={0xa, 0x0, 0x421, @empty, 0x401, 0x4}, 0x0, 0x0, 0x1})
io_uring_enter(r2, 0x847ba, 0x67e9, 0xe, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x4, 0x0, &(0x7f00000002c0)="5c2053a4", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x33, &(0x7f0000000040)=0xfffd, 0x4)
getsockopt$inet6_buf(r5, 0x29, 0x6, 0x0, &(0x7f00000001c0))
r6 = syz_io_uring_setup(0x54d, &(0x7f0000000040)={0x0, 0x735a, 0x100, 0x805, 0x350}, &(0x7f0000000100)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x5}]}, 0x10)
mprotect(&(0x7f0000499000/0x1000)=nil, 0x1000, 0xc)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x1, 0x2007, @fd, 0xffffffffffffff7f, 0x0, 0x0, 0x4, 0x1})
io_uring_enter(r6, 0x47bc, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000170000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404d0c4c731b168d80d1f7f1dbb33f596f8aca1f26c4e54dd3c839c63ecba701f7518abef567139fd50aba0ce94ab8786582ae2f35099ba41"], 0xfc}, 0x1, 0x0, 0x0, 0x40010}, 0x4000914)

3m33.445429224s ago: executing program 0 (id=27):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b80)=@newtaction={0x12c, 0x30, 0xeaa3ef926154e70d, 0x0, 0x0, {}, [{0x118, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_sample={0xc8, 0x2, 0x0, 0x0, {{0xb}, {0x7c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x3, 0xd, 0x10000000, 0x0, 0x3}}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x100008, 0x4d82, 0xffffffffffffffff, 0x7ff, 0x4}}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x2, 0x88, 0x6, 0x3, 0x1}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0xffffffff}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x5}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x9, 0x9e07, 0x5, 0x3, 0x9}}]}, {0x22, 0x6, "b993a266d04d68c578a189161d7b3605ae1ad871dbd78a555343b82aff5a"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x12c}}, 0x0)

3m33.385580931s ago: executing program 32 (id=27):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b80)=@newtaction={0x12c, 0x30, 0xeaa3ef926154e70d, 0x0, 0x0, {}, [{0x118, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_sample={0xc8, 0x2, 0x0, 0x0, {{0xb}, {0x7c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x3, 0xd, 0x10000000, 0x0, 0x3}}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x100008, 0x4d82, 0xffffffffffffffff, 0x7ff, 0x4}}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x2, 0x88, 0x6, 0x3, 0x1}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0xffffffff}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x5}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x9, 0x9e07, 0x5, 0x3, 0x9}}]}, {0x22, 0x6, "b993a266d04d68c578a189161d7b3605ae1ad871dbd78a555343b82aff5a"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x12c}}, 0x0)

3m7.751987427s ago: executing program 4 (id=437):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, 0x1410, 0x1, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x24001850) (async, rerun: 32)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_SET_SCAN_PARAM={{0x1}, 0xf2}}}, 0x7) (rerun: 32)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) (async)
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x7, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)

3m7.541209022s ago: executing program 4 (id=443):
r0 = inotify_init1(0x800)
inotify_add_watch(r0, &(0x7f0000000040)='.\x00', 0x0)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
inotify_init1(0x800) (async)
inotify_add_watch(r0, &(0x7f0000000040)='.\x00', 0x0) (async)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async)

3m7.461403245s ago: executing program 4 (id=448):
mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000280), 0x10d08c, &(0x7f0000000340)=ANY=[@ANYRES32])
openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x402882, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c633774262eb5ab2c7b9c5cff6ce78185d8c4dc064744e042", <r1=>0xffffffffffffffff}) (async)
r2 = syz_open_dev$loop(&(0x7f0000000100), 0x5, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r3, &(0x7f0000000000)="180c4552", 0x4)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x1, &(0x7f0000000100)=0x1, 0x4) (async)
bind$inet(r4, &(0x7f00000002c0)={0x2, 0x4e21}, 0x10) (async)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000080)={0x1, 0x6b, 0xfffe, 0x80000000, 0xfffffffe}, 0x14)
shutdown(r4, 0x2) (async)
write$P9_RREADLINK(r3, &(0x7f0000000080)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) (async)
write$binfmt_misc(r3, &(0x7f0000000a00)="d25fba56acf810795fd454b978c282664d071324d27f09f65c2e8419e67420db46a942c03c1cd4154401393899323a3b759bd5d7cf4df4ec443db0781590564563b1daff0650803a8867eb0608c7f06f994ad18272c49e4fc6512d7b8a016e741bcc9f5eb8fe5e06797aa8b597", 0x6d)
writev(r3, &(0x7f0000000300)=[{&(0x7f0000000540)="d3c32f37280206a2f0f71eb9cd8d6dad1e42ba6a1a9d74875c4523a9f863ab62ee1d6204965f22c27464a103eaef99bd6fb46fb9c4fa8a872ea4aa444060b602fb222dfb7f07b48b3eda5df30bca3a5e175a3b476a8cc8401748e74ba9d4ddb86b7832acbb123da21f791b698e8543cabf4405fa668c0f9bd4d7512dc774d129bd48e86331cc485b31ba9e81f5a531ff5682ac7ccac59cb5f83e611484f75fef9ffe81d42dd54c014b020d1fc8900390211c7f06d03d17f55c712907dd331aab66e3effe7868228cb9f92f225c5765ed73ba2c6c5ad1118b9aeda5040b54a0b814f653f537d5b105e66125709988d9d8b6c96a759177ea542359dbc8bb1c705e1505af3b212ddeaca1ef9b87db8f0bc7468b91b354c6850f7cd84161d02860ddd81c4b2c78547026b9c3de0ec6fea911df541c5be2058facc198575b14641e9df98e1e5124d691ff84b1cd09051d7b9a5fe709a38230b9357eb3d6e629ae5ac8e61dcdf22eb1f77083441e6e872e99c2347e50a545cf355a2730dbbf39e2efb5ea8a609db91ffbbafd962b195cec616ce9594536706f444e1b36e6fb14665d7f2806ecea7148034e28a115111a3ce1778355764e42f5cf54c2a896c7b4f4b75bf600e686c200186ed4a9198953b6adb90a4b7f304ecd6afc9a6f3cd384f7a7ebfbdfe93ef46c2b75eae38df42b774ef271ae3f67ce24d3802d94855f7d9d4b211fbcecce1b634aa31463aa09d24f67523a62244a2455902bfe9c615e03a820c7295b1ebd84ecaaa2ed460298242d290e72cf15edc93111a538c405d5fc29c5c4febbe664a51c40a897e3897e668440b782b93e31b3c6f11528d4ec68b1a05f4e5e8f1e31a689d3a92c9c6ca373975c790aa088e88fa33954b6a6ed17d2339088df9682e7056792aabec834c5aed2a05f695a44249844a7295ea8da6b7913ef5c8f1755c53e24fb82297929f1c64fc474d9644e567739881a9610ecbee5f8f44df0b60232608097eecddd12254cf7bf779ffbfa4c13d29bed4625d6e1fd25e06b01f3afb1fd97299bb639f13178b6f7fd6da85cb404902224b44cf712ec8b66edf1f2826d3c1a261f823ab44ef0812e6d3e9fc2bc0b3358a7153d6b873dedfbce352a619db347e149252dbfbeb66995938256c7788e95784490924a0dedc4e53d04c5c44dc27a36f8065d359e5ed6027c8e693177db9071630172ab449ad7e256bd31f45f5f92739304c45bc8f8bd67a6d9ef4372f82b984f826efe3dccd474349555cd003c00c9f31894b4b4157c4470ddfbf264ec951454421624482acd6f99ed87ac68fa29432bdb2cb2df89f4ae4f4498bad7f5f7597a36ff5f539f2017ab92a7567c086faa0b5fb47f74ec7fba29cb415b470296dabf1fa99d4b073cacaa02ff99b46c", 0x3e5}], 0x1) (async)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000400)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000000208, 0x0, 0x0, 0x2, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000020000ffffffffff00", "2809e8dbe108598948224ad54afac11d875397bd3c5240f45f819e01177d2d458dd4992861ac00", "90be8b1c55080021000c547d03d8a0f4bd00", [0x0, 0x6]}}) (async)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000200)={0x100008, "b546baa5cc590d3033de139c2996817bb959ebab028deda525e19bdeffafde25", <r5=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r5}) (async)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@mcast1, 0x1, 0x0, 0x2, 0x6}, 0x20) (async)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f00000000c0))
readv(r6, &(0x7f00000001c0)=[{&(0x7f0000000380)=""/112, 0x70}], 0x1) (async)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x2}) (async)
ioctl(r7, 0x8b32, &(0x7f0000000040))
stat(&(0x7f0000000040)='./cgroup\x00', &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, <r8=>0x0}) (async)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000180)=<r9=>0x0)
syz_open_procfs(r9, &(0x7f0000000940)='coredump_filter\x00') (async)
quotactl_fd$Q_GETNEXTQUOTA(r1, 0xffffffff80000901, r8, &(0x7f0000000100))

3m7.371701188s ago: executing program 4 (id=453):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
mknodat$loop(r0, &(0x7f00000002c0)='./file1\x00', 0x80, 0x0)
unlink(&(0x7f00000001c0)='./file1\x00')
lremovexattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)=@random={'user.', '\x00'})
rmdir(&(0x7f0000000140)='./file1\x00')
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2)

3m7.274887715s ago: executing program 4 (id=456):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r3=>0x0})
prctl$PR_SCHED_CORE(0x4d, 0x2, 0x0, 0x0, 0x0)
bind$can_j1939(r2, &(0x7f0000000340)={0x1d, r3, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000080)={0x8})
fstat(r5, &(0x7f0000000300))
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r6=>0x0})
connect$can_j1939(r5, &(0x7f0000000200)={0x1d, r6, 0x1, {}, 0xfe}, 0x18)
sendmsg$key(r4, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x2, 0x3, 0x0, 0x2, 0xc, 0x0, 0x0, 0x2, [@sadb_key={0x2, 0x8, 0x8, 0x0, "fd"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @private=0xa010102}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x60}, 0x1, 0x7}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="700000001d0000002dbd7000fbdbdf2507000000", @ANYRES32=r3, @ANYBLOB="02008007baff0300020000003000000011000000050000011c000e80050001000500000004100200050001000900000004e80100140003007d000000ff000000010000000400000008000700000000000800010064010102"], 0x70}, 0x1, 0x2000000000000000, 0x0, 0xc015}, 0x4000044)
syz_emit_ethernet(0x46, &(0x7f0000000500)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010100, {[@lsrr={0x83, 0xb, 0xe4, [@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100]}, @generic={0x89, 0x2}]}}, {{0xfffc, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x8, 0x61}}}}}}, 0x0)
getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000000), 0xfffffffffffffffc)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$igmp(0x2, 0x3, 0x2) (async)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) (async)
prctl$PR_SCHED_CORE(0x4d, 0x2, 0x0, 0x0, 0x0) (async)
bind$can_j1939(r2, &(0x7f0000000340)={0x1d, r3, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$key(0xf, 0x3, 0x2) (async)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) (async)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000080)={0x8}) (async)
fstat(r5, &(0x7f0000000300)) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) (async)
connect$can_j1939(r5, &(0x7f0000000200)={0x1d, r6, 0x1, {}, 0xfe}, 0x18) (async)
sendmsg$key(r4, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x2, 0x3, 0x0, 0x2, 0xc, 0x0, 0x0, 0x2, [@sadb_key={0x2, 0x8, 0x8, 0x0, "fd"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @private=0xa010102}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x60}, 0x1, 0x7}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="700000001d0000002dbd7000fbdbdf2507000000", @ANYRES32=r3, @ANYBLOB="02008007baff0300020000003000000011000000050000011c000e80050001000500000004100200050001000900000004e80100140003007d000000ff000000010000000400000008000700000000000800010064010102"], 0x70}, 0x1, 0x2000000000000000, 0x0, 0xc015}, 0x4000044) (async)
syz_emit_ethernet(0x46, &(0x7f0000000500)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010100, {[@lsrr={0x83, 0xb, 0xe4, [@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100]}, @generic={0x89, 0x2}]}}, {{0xfffc, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x8, 0x61}}}}}}, 0x0) (async)
getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000000), 0xfffffffffffffffc) (async)

3m7.197170055s ago: executing program 4 (id=461):
r0 = syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x22c43)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x70bd28, 0x0, {0x2, 0x20, 0x20, 0x0, 0x0, 0x0, 0x0, 0x7}}, 0x1c}}, 0xea5bc50b6199d77e)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r0])
r1 = socket(0x2, 0x80805, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x14, r2, 0x1}, 0x14}}, 0x8000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000440)='rxrpc_peer\x00', r4, 0x0, 0xfffffffffb}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000002c0)='rxrpc_peer\x00', r4}, 0x18)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f00000000c0)={{&(0x7f000001a000/0x4000)=nil, 0x4000}})
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000013000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000180)=[@cr4={0x1, 0x40002}], 0x1)
syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f00000003c0)="0f0d51f4ba3d09d1d1c758002e0f71e100b800006dc0640f017400aa66b9e408000066b81f6269e766ba000000000f309c0c0cb8d09bbaf80c66b88aeac18266efbafc0cb80900efefbafc0cedba4300ba210066ed", 0x55}], 0x1, 0x0, 0x0, 0x0)
r8 = syz_open_dev$radio(&(0x7f00000005c0), 0x1, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r8, 0xc0205648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x9b0906, 0x2, '\x00', @p_u32=&(0x7f00000000c0)}})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="4801000042000100fffffffffddbdf250200000004003880100001800c00c8000200000000000000200104801c"], 0x148}, 0x1, 0x0, 0x0, 0x8800}, 0x4040)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$tipc(&(0x7f0000003200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NETID(r10, &(0x7f00000032c0)={0x0, 0x0, &(0x7f0000003280)={&(0x7f0000003240)={0x24, r11, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {}, {0x8, 0x2, 0xf19}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)

2m51.696467713s ago: executing program 33 (id=461):
r0 = syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x22c43)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x70bd28, 0x0, {0x2, 0x20, 0x20, 0x0, 0x0, 0x0, 0x0, 0x7}}, 0x1c}}, 0xea5bc50b6199d77e)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r0])
r1 = socket(0x2, 0x80805, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x14, r2, 0x1}, 0x14}}, 0x8000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000440)='rxrpc_peer\x00', r4, 0x0, 0xfffffffffb}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000002c0)='rxrpc_peer\x00', r4}, 0x18)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f00000000c0)={{&(0x7f000001a000/0x4000)=nil, 0x4000}})
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000013000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000180)=[@cr4={0x1, 0x40002}], 0x1)
syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f00000003c0)="0f0d51f4ba3d09d1d1c758002e0f71e100b800006dc0640f017400aa66b9e408000066b81f6269e766ba000000000f309c0c0cb8d09bbaf80c66b88aeac18266efbafc0cb80900efefbafc0cedba4300ba210066ed", 0x55}], 0x1, 0x0, 0x0, 0x0)
r8 = syz_open_dev$radio(&(0x7f00000005c0), 0x1, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r8, 0xc0205648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x9b0906, 0x2, '\x00', @p_u32=&(0x7f00000000c0)}})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="4801000042000100fffffffffddbdf250200000004003880100001800c00c8000200000000000000200104801c"], 0x148}, 0x1, 0x0, 0x0, 0x8800}, 0x4040)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$tipc(&(0x7f0000003200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NETID(r10, &(0x7f00000032c0)={0x0, 0x0, &(0x7f0000003280)={&(0x7f0000003240)={0x24, r11, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {}, {0x8, 0x2, 0xf19}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)

2m36.744846102s ago: executing program 5 (id=928):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@ipv6_newrule={0x38, 0x20, 0x1, 0xffffffff, 0x0, {0xa, 0x0, 0x14, 0x40, 0x0, 0x0, 0x0, 0x7}, [@FIB_RULE_POLICY=@FRA_L3MDEV={0x5, 0x13, 0x1}, @FRA_SRC={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x17}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24040804}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x5c}}, 0x0)
r2 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x24300, 0x102)
dup3(r2, r0, 0x80000)

2m36.659879843s ago: executing program 5 (id=930):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
lstat(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
chown(&(0x7f0000000100)='./bus\x00', r0, 0xffffffffffffffff)
mount$pvfs2(&(0x7f0000000340), &(0x7f00000003c0)='./file0\x00', &(0x7f00000004c0), 0x81069, &(0x7f0000000500)={[{'&\xb0\'}}+*'}, {'\x00'}, {'syztnl0\x00'}], [{@euid_eq={'euid', 0x3d, r0}}, {@fsname={'fsname', 0x3d, '\xff\xff'}}, {@appraise_type}, {@smackfstransmute={'smackfstransmute', 0x3d, 'lowerdir'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\x00'}}, {@subj_type={'subj_type', 0x3d, 'lowerdir'}}, {@context={'context', 0x3d, 'staff_u'}}, {@smackfsroot={'smackfsroot', 0x3d, 'upperdir'}}]})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xec)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
setxattr$system_posix_acl(&(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="0200000001000000000000000400000000000500100001000c000000200000e41b0db2c54ab0750000000000"], 0x24, 0x3)
getxattr(&(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)=@known='system.posix_acl_access\x00', 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl0\x00', <r2=>0x0, 0x2f, 0xf, 0x0, 0xf, 0xc, @local, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x700, 0x8000, 0x3, 0x9}})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x42}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r3, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', r2, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$TOKEN_CREATE(0x24, &(0x7f00000005c0)={0x0, r4}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000004000000040000000a00000090000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00'], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m36.658136746s ago: executing program 5 (id=932):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x8000000000000003, {}, 0xfd}, 0x18)
sendmsg$nl_route_sched(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000004200)=@newtaction={0x1058, 0x30, 0x200, 0xf0bd29, 0x25dfdbfb, {}, [{0x1044, 0x1, [@m_police={0x1040, 0x1d, 0x0, 0x0, {{0xb}, {0x1014, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8, 0x10000, 0xc3ca, 0x7fffffff, 0x9, 0x2, 0x9, 0x1, 0x4, 0xffffffff, 0x8, 0x8, 0x1, 0x2cdd, 0x9, 0x7fffffff, 0x2, 0xe6, 0x3, 0xd, 0x10000, 0x6, 0xfffffe00, 0x1, 0x4, 0x6, 0xffffffff, 0x9, 0x3bd9, 0x2, 0x9, 0x4693207a, 0xe, 0x0, 0x9, 0x7, 0x7, 0x0, 0x8, 0x9, 0x7, 0x7, 0x200, 0x3, 0x6, 0x2, 0x0, 0x0, 0x40, 0x2, 0x84000000, 0x7, 0xdc, 0x0, 0x0, 0x0, 0x2, 0x2, 0x800, 0x7, 0x10001, 0x7, 0x1ff, 0x1ff, 0x2, 0x80, 0x6, 0xae, 0xa, 0x7, 0x8, 0x3ff, 0x4, 0x5, 0x7af, 0x6071, 0x101, 0x5, 0x2bb45a3b, 0x6, 0x401, 0x5, 0x7, 0x5a0, 0x7ff, 0x5, 0x5, 0x1, 0x9, 0x800, 0x9, 0x9, 0x8001, 0xfffffffe, 0x349, 0x6, 0x6, 0x8, 0x7, 0xffffffff, 0x4, 0x5c000000, 0x36, 0xffff1ef0, 0x5, 0x24d, 0x93e, 0x9, 0x5, 0xb, 0x200, 0x3, 0xac9, 0xffffffff, 0xd060000, 0x0, 0x1, 0x0, 0x4, 0x101, 0x400, 0xffffffff, 0x8, 0x3, 0x3, 0x1ff, 0x6, 0xfa42, 0x9, 0x2, 0x8, 0x3, 0x2, 0x5, 0x9, 0xfffffff5, 0x5, 0x0, 0x3e276cf, 0x9, 0x7, 0x4, 0xf14, 0x8, 0x7, 0x8, 0x3, 0xff, 0x2, 0x7, 0x2, 0x8, 0xa, 0x2c, 0x6b54c840, 0xfff, 0xfffff980, 0xa, 0x451, 0xa734, 0x1, 0x62, 0x9b, 0x4, 0x1000, 0x0, 0x192e, 0x4, 0xa, 0x10000, 0x3, 0x0, 0x7, 0x4, 0x47d, 0x4f8, 0xc2, 0x0, 0x6, 0xc, 0x401, 0x8000, 0x2, 0x6, 0xf, 0x5, 0x6, 0x6, 0x101, 0x8, 0x9, 0xc8b1, 0x81, 0x8, 0x9, 0x3, 0x1ff, 0x7, 0x0, 0x1000000, 0x1, 0x4, 0x1, 0x400, 0x10001, 0x5, 0x8, 0x2, 0x5, 0x6, 0xffff, 0xff, 0x6, 0x5, 0x8, 0x2, 0x2, 0x5, 0xfffffffc, 0x3, 0x0, 0x0, 0x200, 0xde, 0x7ff, 0x4909, 0x4, 0x0, 0x8, 0x5, 0x6, 0x7, 0x6, 0x6ef, 0x8, 0x7f, 0xa, 0x4, 0x7, 0x0, 0x9, 0x7, 0x52b5, 0x5, 0x80000001, 0x835, 0xfffffffe, 0x1, 0x0, 0xf75c, 0x9, 0x9, 0x7fff, 0x100, 0x4, 0x9]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0xffff, 0x3, 0x6, 0x4, 0x3ff8000, 0x0, 0xb, 0x5, 0x7, 0x9, 0x9, 0x6, 0x2, 0x1ff, 0x8, 0x6, 0xfffffffc, 0x4, 0x80000000, 0x1, 0x6, 0x5, 0x8, 0x1, 0x5, 0x5, 0x800, 0x3, 0x80, 0x1, 0x10001, 0xffffff7f, 0x9, 0x9, 0x6034, 0x200000, 0x4, 0xf, 0x0, 0x4, 0x3, 0xe2b1, 0x0, 0x0, 0x401, 0xfff, 0x9, 0xb1b8, 0x3, 0x8000, 0xf6, 0xffffffff, 0x2, 0x7ff, 0xbc, 0xfffffff8, 0x1, 0x6, 0xd81e, 0x8f9, 0xf5, 0x5, 0x800, 0xb4, 0x6, 0x71, 0xffff, 0x4, 0xa, 0x8, 0x5, 0x5, 0x7fffffff, 0x800, 0x2a10, 0x0, 0x3ff, 0x96bc, 0x7fff, 0x2, 0x7131, 0x80000001, 0x401, 0x80000001, 0x1, 0x7, 0x3, 0x2, 0x6, 0x8, 0x7, 0xfc7, 0xb, 0x97ad, 0x1, 0xf9a3, 0x4, 0x1, 0x2, 0x6, 0x6, 0xfffffb29, 0x1, 0x6, 0x5, 0x2, 0x7, 0x82c, 0x3, 0xfffff767, 0x8000, 0x10000, 0x4, 0x6, 0x9, 0xa0000000, 0xffff, 0x86f, 0x4, 0x3, 0x4ef, 0x3, 0x10000, 0x1, 0x5, 0xf, 0x7, 0x200, 0xffffff80, 0x6, 0x0, 0x8, 0x7, 0x7, 0x4, 0x7fff, 0x9, 0xb, 0x9, 0x6, 0x6, 0xc49, 0x7, 0x2, 0x5, 0xfffffffc, 0x3, 0x5, 0x99f, 0x24d, 0x2, 0x9, 0x727e, 0x414, 0x8, 0x2, 0x7, 0x4, 0x6, 0xffffffff, 0x5, 0x1d9d6799, 0xed90, 0x344, 0x9, 0x44aa, 0x9, 0x5, 0x9, 0x3, 0x7, 0x4, 0x6, 0xffff, 0x7ff, 0x9f000000, 0xffffffff, 0x4, 0x4, 0x6, 0x30000, 0x0, 0x9, 0x0, 0x8b5, 0x6, 0xfffffffa, 0x7fffffff, 0xfffffff7, 0x4, 0x764, 0x81, 0x3c3, 0x9, 0x8, 0x84, 0x5, 0x1, 0x77c7, 0xc33, 0x80000000, 0x8, 0x0, 0x0, 0x0, 0x9, 0x82, 0xd, 0x0, 0x8, 0x6, 0xc, 0x3, 0x6, 0x9, 0xa9, 0x4, 0x1, 0x1ff, 0x3973, 0x4, 0x7, 0x33ee, 0xffff, 0x5b962d4e, 0x1, 0x15a0, 0x24, 0x1, 0xfffffffc, 0x4f, 0x4, 0x3, 0xa, 0x9, 0x9, 0x7fffffff, 0x4c6f, 0xc63a, 0x1aa, 0xffffffff, 0xcfd, 0xb, 0x9, 0x1, 0x5, 0x1000, 0xc, 0x0, 0x50000000, 0x8, 0x2, 0xfffffffe, 0x35, 0x4, 0xe]}, @TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x2, 0x8, 0x5, 0x1, 0x0, 0x9407, 0x9, 0x2, 0x8, 0x1, 0x4, 0x3, 0x340c000, 0x9, 0x146, 0x1ff, 0x3, 0xa, 0xdac, 0x6, 0x8, 0x1ff, 0x9, 0x0, 0x5, 0x7, 0x9, 0x101, 0x90b9, 0x2, 0x7, 0x8, 0xc, 0x5, 0x4, 0x8, 0x8, 0x6, 0x75, 0xe, 0x4a0, 0x3, 0x95d8, 0x8e, 0x3, 0x3, 0x8, 0x4, 0xb7, 0x9d9, 0x3, 0x200, 0x1, 0x3b621ab2, 0x8001, 0x0, 0x9, 0x7, 0x0, 0x7, 0x968, 0xcdcd, 0xff, 0x97d, 0xc, 0xf, 0x1, 0xffff, 0x0, 0x9fca, 0x8, 0xfffff913, 0xfffffff7, 0x1, 0x7, 0xd, 0x2, 0xffff, 0x5d, 0xffff0001, 0x7f, 0x78c, 0x926e, 0x9, 0x8, 0xfffffffa, 0xb, 0x5, 0x0, 0x5, 0x9, 0x9, 0xa61c, 0x6, 0x1, 0xfffffff2, 0x6, 0x18000, 0x0, 0x2, 0x1, 0x9, 0x2, 0x6, 0x8, 0x5, 0x3, 0x58d5, 0x3, 0x4, 0x7, 0x9, 0x0, 0x1, 0x5, 0x7, 0xcee7, 0x5, 0x2, 0x4327, 0x8, 0x8fb, 0x2, 0x9, 0xfffffffa, 0x2, 0x5, 0xce7, 0x10, 0xff, 0x0, 0x9, 0x8001, 0x4, 0x1, 0x1ff, 0x0, 0xda, 0x8, 0x4, 0x8, 0x9, 0x6, 0x9, 0x10001, 0x8c0, 0x6, 0x3, 0x7, 0x4, 0x7, 0x0, 0x81, 0x200, 0x54b, 0xe4, 0x9, 0x5, 0x80fb, 0x0, 0x6, 0x7, 0x9eb, 0x708, 0x0, 0xf07, 0xd0, 0x0, 0x7, 0x2, 0x2, 0x5, 0x76a, 0x5, 0x8001, 0xfffffffa, 0x9, 0xa37a, 0x3ff, 0xeede, 0x14, 0x4, 0x5, 0x9, 0x8, 0x718000, 0x7, 0x10000, 0x80000000, 0x200, 0x9, 0xf, 0xfff, 0x5, 0x80000001, 0x10000, 0x9, 0x6, 0xb28d, 0x200, 0xfffffa98, 0x5, 0x5, 0xffffffff, 0xcc, 0x800, 0x7, 0x7, 0x7, 0x7, 0x4, 0xd, 0x80000, 0x0, 0xcd3, 0x3ff, 0xb, 0x6, 0x3ff, 0x20000, 0xde1, 0x3, 0x8, 0x8, 0x10, 0x10000, 0x8, 0xed50, 0x1, 0x1, 0x7fffffff, 0x9, 0xd, 0x8, 0xd5ec, 0x9eb, 0xfff, 0x0, 0x7, 0x1, 0x401, 0x3ff, 0x3, 0xfb37, 0x81, 0x0, 0x6, 0x4, 0x67, 0x51a, 0x8, 0xffffff7f, 0x7fffffff, 0x3, 0xd]}, @TCA_POLICE_RATE={0x404, 0x2, [0xfffffff7, 0x4, 0x6, 0xff, 0x7fffffff, 0x8, 0xfff, 0xff, 0x9, 0x4, 0xc58d, 0x1, 0x9, 0x5, 0x2, 0x0, 0x8, 0xb2, 0x1f8, 0x8, 0x7f, 0x10001, 0x517d, 0x4, 0x1000, 0x1, 0x8, 0x10, 0x4, 0xb, 0x7, 0x3, 0x6f3, 0x3, 0x0, 0x6, 0x6, 0xfffffff9, 0x7, 0xf50, 0x8, 0x800, 0x0, 0xf, 0x2, 0x6, 0x7, 0xa, 0x9, 0x4, 0x8, 0x70, 0x309, 0x6, 0x6, 0x0, 0x5, 0x0, 0x0, 0x4, 0x602, 0x8, 0x8, 0x3, 0xfffff000, 0xed, 0x3, 0x9, 0x8080, 0x875, 0x7, 0x6, 0x640, 0x1, 0x3ff, 0xffffffe3, 0x6b87, 0x33a, 0x6, 0x81, 0x4, 0x49a, 0x7, 0x10, 0x80000001, 0x5, 0x8, 0xc000000, 0x4819, 0x800, 0x6e94, 0x2, 0x100f1, 0x0, 0x9c38, 0xb, 0x10, 0x3, 0x7, 0x6, 0x800, 0x3, 0x2, 0x11, 0x7f, 0x40000, 0x8001, 0x3f, 0x800, 0xffffffff, 0x0, 0x6, 0x5, 0xfffffffe, 0x8, 0x4, 0x5, 0x9, 0x8, 0x6, 0x0, 0x8a0, 0x3, 0x10000, 0x3, 0x9, 0x10, 0x9, 0x401, 0xb1, 0x10, 0x5, 0x4, 0xffff995b, 0x8000, 0xffffee69, 0x2, 0xfffff000, 0x1e, 0x7fff, 0x80000001, 0x4, 0x6, 0x2, 0x7, 0x8e, 0x4, 0xfffff5b5, 0x9, 0x6, 0x10, 0x2ff9, 0xfffffff7, 0x1, 0x359e, 0x6, 0x5, 0x3, 0x1, 0x4, 0xe, 0xffff0000, 0x6, 0x4, 0xffffffff, 0x0, 0x10001, 0xcfd5, 0x5, 0x80, 0x6, 0x4, 0x5, 0x80, 0x28, 0x10, 0x47b, 0x6, 0x6, 0x8, 0x0, 0x3, 0x9c, 0x765b, 0x0, 0x0, 0xd38, 0x7ff, 0x3, 0x6429745b, 0x7fffffff, 0xff, 0xb51a, 0x6, 0x6, 0x8, 0x7, 0xc5, 0x10001, 0xffffffff, 0x1, 0x9, 0x10, 0xfffffff9, 0x1, 0xabb6, 0x1, 0x0, 0x3, 0x5, 0xbe, 0x8, 0x7ff, 0x6, 0x80000000, 0x8000000, 0x3, 0x200, 0x100, 0x81, 0xda, 0x0, 0x9e, 0x8, 0x1, 0x5, 0xe4, 0x1, 0x8f, 0x4, 0x80000001, 0xfff, 0x21c12c19, 0x1ff, 0xfffff173, 0x6, 0x7fffffff, 0x2, 0x8000, 0x4, 0x8, 0x9, 0x0, 0x1, 0x7, 0x8001, 0x8, 0xb749, 0x1, 0x0, 0x7, 0x5, 0x0, 0xbd, 0x6, 0x4]}]]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x1058}, 0x1, 0x0, 0x0, 0x4004845}, 0x480c5)

2m35.421534952s ago: executing program 5 (id=949):
syz_open_dev$usbfs(&(0x7f0000000140), 0x7, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x4, 0x0, 0x3, "e88509de7f1939e8abff005597c8ef039a5be42200", 0x13}, 0x60)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x2, 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000003300), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r3, &(0x7f0000003500)={0x0, 0x0, &(0x7f00000034c0)={&(0x7f0000003340)={0x40, r4, 0x21, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0x20, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x4}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0xcdf45964e70f9098}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x40800)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000009b000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffff80850000007100000095"], &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f00000009c0)="e0b98ddf4ce535ed9c329b6f5bec", 0x0, 0x6, 0x0, 0x0, 0xffffffffffffff3d, 0x0, 0x0}, 0x50)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x2b, &(0x7f0000001ac0)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001700010029bdf100fcdbdf2d06000000"], 0x14}}, 0x0)
bind$nfc_llcp(r2, &(0x7f0000000080)={0x27, 0x0, 0x1, 0x7, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x18}, 0x60)
r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r7, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60)
syz_open_dev$dri(0x0, 0x2, 0x2000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000100), 0x24180, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x28a5291, 0x0)
mount(0x0, &(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000040)='jfs\x00', 0x3000001, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0x6e, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60c6dd0000383afffee000000000000000000000000000bbff02000000000000000000000000000187040000000000040102000005020007c910fe8000000000000000000000000000aac204000000058900907800fe000000000000ffffffff"], 0x0)

2m35.221358364s ago: executing program 5 (id=951):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000240)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ff2000/0xe000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff2000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0}, 0x68)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000003e00090b000000000008000003"], 0x20}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="1b0000001d0001000000000004086aa42d"], 0x30}}, 0x0)
ppoll(&(0x7f0000000040)=[{r0, 0x181}, {r1, 0x8005}, {r0, 0xc060}, {r1, 0xd0d0}], 0x4, &(0x7f0000000080)={0x0, 0x3938700}, &(0x7f00000000c0)={[0x7]}, 0x8)

2m34.831451s ago: executing program 5 (id=953):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) (async)
pipe2$9p(&(0x7f0000000180)={<r1=>0xffffffffffffffff}, 0x900)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r1}, 0x8)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)={0x6, 0x0, [{0x859, 0x0, 0x3}, {0x3b4, 0x0, 0x9}, {0x40000099}, {0x0, 0x0, 0x100}, {0x881, 0x0, 0xfffffffffffffff8}, {0x9d4, 0x0, 0xfffffffffffff166}]}) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095", @ANYRES32, @ANYRES64=0x0], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
mlockall(0x2) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}}, 0x14}}, 0x0) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000005c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x62}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8000b11}}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r5, 0x0, 0xcc0, 0x0, &(0x7f0000000000)="c1188e19b95d02ff4284860186dd", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
r6 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil)
shmctl$SHM_LOCK(r6, 0xb)
r7 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000640)=[@out_dx={0xaa, 0x28, {0xc5e, 0x4, 0x7fff}}, @cpuid={0x14, 0x18, {0x8e, 0x38}}, @rdmsr={0x32, 0x18, {0xbac}}, @wr_crn={0x46, 0x20, {0x8, 0xd5d}}, @wr_crn={0x46, 0x20, {0x8, 0xffffffff}}, @code={0xa, 0x6e, {"2e6566400fe62c7e2e46df247d00a00000440f01c5c7442400daf5ad55c744240200000000c7442406000000000f011424f3430f01b0290000002e47f43664440f35362ef30f2dcdb9f7090000b84b53251aba7255ec930f30420f01ca"}}, @rdmsr={0x32, 0x18, {0x939}}, @uexit={0x0, 0x18, 0x4}, @wr_crn={0x46, 0x20, {0x8, 0x3}}, @wr_crn={0x46, 0x20, {0x4, 0xd}}, @wr_drn={0x6e, 0x20, {0x5, 0x80}}, @cpuid={0x14, 0x18, {0x5, 0x3}}, @wr_crn={0x46, 0x20, {0x0, 0x3}}, @wrmsr={0x1e, 0x20, {0x8fe, 0x10}}, @wr_crn={0x46, 0x20, {0x3, 0xb}}, @uexit={0x0, 0x18, 0xfffffffffffffff8}, @in_dx={0x82, 0x20, {0x7101, 0x4}}, @code={0xa, 0x46, {"2e0f0766450f3881a27db0000066ba6100edf30faeeff30f090f01cf8fc8108e1a0af243b2ddc4017a10a00e0000008f0910994db3"}}, @in_dx={0x82, 0x20, {0x7e9b}}, @out_dx={0xaa, 0x28, {0xcf, 0x0, 0x6}}, @wrmsr={0x1e, 0x20, {0x571, 0x5}}, @code={0xa, 0x6f, {"48b800000000000000800f23d80f21f835800000600f23f8b9800000c00f3235000400000f3066ba2100edc461de5a8444e8000000b8010000000f01c1c7442400ae000000c744240200000000ff1c2440af66b82f018ec80f07660ffd22"}}, @out_dx={0xaa, 0x28, {0x9e7d, 0x0, 0xb}}, @wrmsr={0x1e, 0x20, {0x976, 0x6}}, @cpuid={0x14, 0x18, {0xfffffff8, 0x3}}], 0x3c3})
ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000080)={0x1, 0x0, [{0x0, 0x81, 0x0, 0x9, 0x6, 0x9, 0x3}]}) (async)
mlockall(0x0) (async)
shmat(r6, &(0x7f0000ffd000/0x1000)=nil, 0x7000) (async)
shmctl$SHM_UNLOCK(r6, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x60}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000800)={r2, r0}, 0xc)

2m34.76173054s ago: executing program 34 (id=953):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) (async)
pipe2$9p(&(0x7f0000000180)={<r1=>0xffffffffffffffff}, 0x900)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r1}, 0x8)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)={0x6, 0x0, [{0x859, 0x0, 0x3}, {0x3b4, 0x0, 0x9}, {0x40000099}, {0x0, 0x0, 0x100}, {0x881, 0x0, 0xfffffffffffffff8}, {0x9d4, 0x0, 0xfffffffffffff166}]}) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095", @ANYRES32, @ANYRES64=0x0], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
mlockall(0x2) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}}, 0x14}}, 0x0) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000005c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x62}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8000b11}}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r5, 0x0, 0xcc0, 0x0, &(0x7f0000000000)="c1188e19b95d02ff4284860186dd", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
r6 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil)
shmctl$SHM_LOCK(r6, 0xb)
r7 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000640)=[@out_dx={0xaa, 0x28, {0xc5e, 0x4, 0x7fff}}, @cpuid={0x14, 0x18, {0x8e, 0x38}}, @rdmsr={0x32, 0x18, {0xbac}}, @wr_crn={0x46, 0x20, {0x8, 0xd5d}}, @wr_crn={0x46, 0x20, {0x8, 0xffffffff}}, @code={0xa, 0x6e, {"2e6566400fe62c7e2e46df247d00a00000440f01c5c7442400daf5ad55c744240200000000c7442406000000000f011424f3430f01b0290000002e47f43664440f35362ef30f2dcdb9f7090000b84b53251aba7255ec930f30420f01ca"}}, @rdmsr={0x32, 0x18, {0x939}}, @uexit={0x0, 0x18, 0x4}, @wr_crn={0x46, 0x20, {0x8, 0x3}}, @wr_crn={0x46, 0x20, {0x4, 0xd}}, @wr_drn={0x6e, 0x20, {0x5, 0x80}}, @cpuid={0x14, 0x18, {0x5, 0x3}}, @wr_crn={0x46, 0x20, {0x0, 0x3}}, @wrmsr={0x1e, 0x20, {0x8fe, 0x10}}, @wr_crn={0x46, 0x20, {0x3, 0xb}}, @uexit={0x0, 0x18, 0xfffffffffffffff8}, @in_dx={0x82, 0x20, {0x7101, 0x4}}, @code={0xa, 0x46, {"2e0f0766450f3881a27db0000066ba6100edf30faeeff30f090f01cf8fc8108e1a0af243b2ddc4017a10a00e0000008f0910994db3"}}, @in_dx={0x82, 0x20, {0x7e9b}}, @out_dx={0xaa, 0x28, {0xcf, 0x0, 0x6}}, @wrmsr={0x1e, 0x20, {0x571, 0x5}}, @code={0xa, 0x6f, {"48b800000000000000800f23d80f21f835800000600f23f8b9800000c00f3235000400000f3066ba2100edc461de5a8444e8000000b8010000000f01c1c7442400ae000000c744240200000000ff1c2440af66b82f018ec80f07660ffd22"}}, @out_dx={0xaa, 0x28, {0x9e7d, 0x0, 0xb}}, @wrmsr={0x1e, 0x20, {0x976, 0x6}}, @cpuid={0x14, 0x18, {0xfffffff8, 0x3}}], 0x3c3})
ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000080)={0x1, 0x0, [{0x0, 0x81, 0x0, 0x9, 0x6, 0x9, 0x3}]}) (async)
mlockall(0x0) (async)
shmat(r6, &(0x7f0000ffd000/0x1000)=nil, 0x7000) (async)
shmctl$SHM_UNLOCK(r6, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x60}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000800)={r2, r0}, 0xc)

2.370024633s ago: executing program 2 (id=3279):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000001040)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b09719b711b5d50101b080d29308f0e1ac6e7049b3468959b189a242a9b45f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae11a973735b36d5b1b63e91c00305d9be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c580263093ca9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6fa94fc488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c766000a5e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1386abdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060fb30e900caab415db6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3c901cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ffffff7f000000007f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca405d8c5f64fdb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb40800000077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e5e2c664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53dc10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fa6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf475bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c02b5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadbb25c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d060000008926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000100)={0x18, r1, 0x1, 0xffffffff, 0x25dfdbfc, {}, [@NBD_ATTR_SOCKETS={0x4}]}, 0x18}}, 0x20000000)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000080), r0)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="000826bd010000000800010000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4004010}, 0x4000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000640)={&(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x800, 0x0, <r7=>0xffffffffffffffff})
r8 = socket$inet6_icmp(0xa, 0x2, 0x3a)
read$FUSE(0xffffffffffffffff, &(0x7f0000001b00)={0x2020, 0x0, 0x0, <r9=>0x0}, 0x2020)
r10 = getuid()
mount$9p_fd(0x0, &(0x7f0000000580)='./file0\x00', &(0x7f00000005c0), 0x2001, &(0x7f0000000680)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[{@aname={'aname', 0x3d, 'nbd\x00'}}, {@cache_mmap}, {@cache_readahead}], [{@audit}, {@context={'context', 0x3d, 'root'}}, {@fowner_lt={'fowner<', 0xffffffffffffffff}}, {@fowner_gt={'fowner>', r9}}, {@smackfsroot={'smackfsroot', 0x3d, 'l2_drops\x00'}}, {@fowner_eq={'fowner', 0x3d, r10}}, {@audit}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r5, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)={0x17c, r6, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x17c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8001)
ioctl$sock_SIOCSIFBR(r5, 0x8941, &(0x7f0000000480)=@add_del={0x2, &(0x7f0000000440)='dvmrp0\x00'})
r11 = pidfd_getfd(0xffffffffffffffff, r5, 0x0)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000004c0)={<r12=>0x0, 0x7fffffff}, &(0x7f0000000500)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r11, 0x84, 0x22, &(0x7f0000000540)={0x3, 0x1, 0x6, 0x2, r12}, 0x10)

2.29130626s ago: executing program 2 (id=3283):
keyctl$instantiate(0xc, 0x0, &(0x7f0000000000)=@encrypted_new={'new ', 'default', 0x20, 'user:', '&\x00\x00', 0x20, 0xfff}, 0x2a, 0x0)
r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0xe, 0x2b, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x67c3, 0x0, 0x0, 0x0, 0x100}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@map_val={0x18, 0x5, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, @map_fd={0x18, 0x4}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x4}, @ringbuf_query, @ldst={0x0, 0x1, 0x4, 0x1, 0x9, 0x20, 0xfffffffffffffffc}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffc434}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @ldst={0x0, 0x2, 0x2, 0xa, 0x2, 0xffffffffffffffc4, 0xfffffffffffffffd}, @jmp={0x5, 0x1, 0x6, 0x6, 0xb, 0xfffffffffffffff0, 0xfffffffffffffffc}, @generic={0x4, 0x0, 0xf, 0x3, 0x3}, @call={0x85, 0x0, 0x0, 0xb3}]}, &(0x7f0000000200)='syzkaller\x00', 0x7, 0xf1, &(0x7f00000002c0)=""/241, 0xc1100, 0x4f, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000640)={0x81, 0xe, 0x9, 0x101}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000700)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x727}, 0x94)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x4000, @empty, 0x4}, 0x1c)
splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f00000007c0)=ANY=[@ANYBLOB="b702000000001700bfa300000000000007030000f0ffffff720af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee2922bd165a5a68488e010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7f22b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab6692422a47e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d74bf0a305790c9d644735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f535447cc0facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf00000048d2570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f09f4db033e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e7f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec50f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754d98b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8cf632c2604eab3a62a28611da1cae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412e1bdebae06edb51a134301b4627d4927287daf9dcae6720334862f3a18094f1edd9e3503379815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2f09e99f4ab5546ba1e5ad6a329f24e73a9c38eec34bd4dcc1609f6150e2de72f6599a2310c3841f4bb7f39cabc82c9fdfff5587ed4fa84090635fa3445c4cc54478b2f98320944ac7cb1c4e414556f7b0b763a00a84327cec7e11b3470f0384b27bbfdd8b2472497e7fe8c5df7e0a00641872472efa21c9ad3979e642dcc85c17ca8e084aa9689b83426e2fdaa01f500000000000000000000f9fd84fa991466ff749afe900d02281b2bb60d458340c4f68ec34835760ceca945bf181a000000c000000000b4a76515564ae189de7c1765f0ff68a0388ca8dd2aa831d0e01f0d7ce74401a58cef60e63e97a50c18de54121ce66380224ab7b9c0d4710f2347bad2c9b3e41cc738c1092728687f33e5cdb077223dc82c2137b4e3ba6791a2cd764e654f904c9505b7c5e3b2897072e747534952dcda50cde3e4deb6ebf85a04c3e415112b01eed6515c845a8a20519cd21787d560e9d8283fa8ff0c17b63ba06577c26678ff45420a1f85df47dbfc44e534f71aae5693fb5df61c5096219091ce0cd8e1e2e79bf9d37779e52007c66a00e6ded1499ed3892ed1544d1577906b52e16c734d4aec07dd15faa768c97298be87dd34ce704ffe3da8b46708cf972de4f31c0705ac933db80bdcfcb35c0d4620d4ec270ff7c9ce1b78994dd2b28b9d1c5c469d4c1a61781dce2f1b54d6138bd3f7df9e9ca613bec407c1b8d1bd0c7cb9d76eebf2f17c", @ANYRESOCT=r0], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, r1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000780)="b9ff05000000008c9c18ed0f6fd2", 0x0, 0xfe6, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$UI_DEV_CREATE(r5, 0x5501)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r4, 0x8982, &(0x7f0000000600)={0x7, 'vlan1\x00', {0xe}, 0xd0})
keyctl$read(0xb, r0, &(0x7f0000000240)=""/112, 0x349b7f55)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000000)=@encrypted_new={'new ', 'default', 0x20, 'user:', '&\x00\x00', 0x20, 0xfff}, 0x2a, 0x0) (async)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) (async)
bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0xe, 0x2b, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x67c3, 0x0, 0x0, 0x0, 0x100}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@map_val={0x18, 0x5, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, @map_fd={0x18, 0x4}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x4}, @ringbuf_query, @ldst={0x0, 0x1, 0x4, 0x1, 0x9, 0x20, 0xfffffffffffffffc}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffc434}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @ldst={0x0, 0x2, 0x2, 0xa, 0x2, 0xffffffffffffffc4, 0xfffffffffffffffd}, @jmp={0x5, 0x1, 0x6, 0x6, 0xb, 0xfffffffffffffff0, 0xfffffffffffffffc}, @generic={0x4, 0x0, 0xf, 0x3, 0x3}, @call={0x85, 0x0, 0x0, 0xb3}]}, &(0x7f0000000200)='syzkaller\x00', 0x7, 0xf1, &(0x7f00000002c0)=""/241, 0xc1100, 0x4f, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000640)={0x81, 0xe, 0x9, 0x101}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000700)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x727}, 0x94) (async)
pipe(&(0x7f0000000140)) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) (async)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x4000, @empty, 0x4}, 0x1c) (async)
splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f00000007c0)=ANY=[@ANYBLOB="b702000000001700bfa300000000000007030000f0ffffff720af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee2922bd165a5a68488e010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7f22b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab6692422a47e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d74bf0a305790c9d644735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f535447cc0facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf00000048d2570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f09f4db033e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e7f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec50f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754d98b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8cf632c2604eab3a62a28611da1cae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412e1bdebae06edb51a134301b4627d4927287daf9dcae6720334862f3a18094f1edd9e3503379815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2f09e99f4ab5546ba1e5ad6a329f24e73a9c38eec34bd4dcc1609f6150e2de72f6599a2310c3841f4bb7f39cabc82c9fdfff5587ed4fa84090635fa3445c4cc54478b2f98320944ac7cb1c4e414556f7b0b763a00a84327cec7e11b3470f0384b27bbfdd8b2472497e7fe8c5df7e0a00641872472efa21c9ad3979e642dcc85c17ca8e084aa9689b83426e2fdaa01f500000000000000000000f9fd84fa991466ff749afe900d02281b2bb60d458340c4f68ec34835760ceca945bf181a000000c000000000b4a76515564ae189de7c1765f0ff68a0388ca8dd2aa831d0e01f0d7ce74401a58cef60e63e97a50c18de54121ce66380224ab7b9c0d4710f2347bad2c9b3e41cc738c1092728687f33e5cdb077223dc82c2137b4e3ba6791a2cd764e654f904c9505b7c5e3b2897072e747534952dcda50cde3e4deb6ebf85a04c3e415112b01eed6515c845a8a20519cd21787d560e9d8283fa8ff0c17b63ba06577c26678ff45420a1f85df47dbfc44e534f71aae5693fb5df61c5096219091ce0cd8e1e2e79bf9d37779e52007c66a00e6ded1499ed3892ed1544d1577906b52e16c734d4aec07dd15faa768c97298be87dd34ce704ffe3da8b46708cf972de4f31c0705ac933db80bdcfcb35c0d4620d4ec270ff7c9ce1b78994dd2b28b9d1c5c469d4c1a61781dce2f1b54d6138bd3f7df9e9ca613bec407c1b8d1bd0c7cb9d76eebf2f17c", @ANYRESOCT=r0], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, r1}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000780)="b9ff05000000008c9c18ed0f6fd2", 0x0, 0xfe6, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) (async)
ioctl$UI_DEV_CREATE(r5, 0x5501) (async)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r4, 0x8982, &(0x7f0000000600)={0x7, 'vlan1\x00', {0xe}, 0xd0}) (async)
keyctl$read(0xb, r0, &(0x7f0000000240)=""/112, 0x349b7f55) (async)

2.130287056s ago: executing program 2 (id=3284):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)='\\\x00\x00\x00', 0x4}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040))
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', <r3=>0x0})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f00000004c0)={r3, 0x3, 0x6, @random="0584ec9129f1"}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0xfffffffe, 0x2000001, {0x0, 0x0, 0x20, r3, {0x7, 0xa}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054)

1.108548171s ago: executing program 6 (id=3290):
syz_emit_ethernet(0x9a, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd6000008000641100fe8000000000000000000000000000bbff02000000000000000000000000000100004e22004d9078020000000000000000000000eaf12af8010d489432cc01f9f39c6526ece5d260cc5eb9cabfc2c9f4513d3dfb201f3a70a41ef6c2fca06a9bd768d5f176c198150020000000000000000010009514b06796dbf2ea9e520f1475c8f65b"], 0x0)
syz_emit_ethernet(0x9a, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd6000008000641100fe8000000000000000000000000000bbff02000000000000000000000000000100004e22004d9078020000000000000000000000eaf12af8010d489432cc01f9f39c6526ece5d260cc5eb9cabfc2c9f4513d3dfb201f3a70a41ef6c2fca06a9bd768d5f176c198150020000000000000000010009514b06796dbf2ea9e520f1475c8f65b"], 0x0) (async)

1.105637928s ago: executing program 1 (id=3292):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) (async)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c) (async)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x5)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in=@multicast2, @in=@loopback, 0x4e23, 0x0, 0x1, 0x4, 0xa}, {0xbd1, 0x0, 0x40000003}, {0x81, 0x2}, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d3, 0xff}, 0x0, @in6=@local, 0x0, 0x0, 0x0, 0x7, 0xffff, 0x0, 0x10000}}, 0xe8) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in=@multicast2, @in=@loopback, 0x4e23, 0x0, 0x1, 0x4, 0xa}, {0xbd1, 0x0, 0x40000003}, {0x81, 0x2}, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d3, 0xff}, 0x0, @in6=@local, 0x0, 0x0, 0x0, 0x7, 0xffff, 0x0, 0x10000}}, 0xe8)
ioctl$AUTOFS_IOC_READY(r0, 0x9360, 0x6acd)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xffe0)
r3 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
ioctl$NS_GET_NSTYPE(r3, 0xb703, 0x0)

1.104384265s ago: executing program 6 (id=3293):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup(r0) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x618142, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x24004001}, 0x800) (async, rerun: 64)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056842bb002552d215f6", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e00000018000280140011"], 0x48}}, 0x0) (rerun: 64)
getsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000180), &(0x7f0000000280)=0x8)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000}) (async)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x2}, 0x3})
r4 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="080086dd0001110004000000a60c6eec00be00442ffffe8000000000000000000000000000aaff02000000000000000000000000000104206558"], 0xfdef) (async)
socket$nl_xfrm(0x10, 0x3, 0x6)

1.00996205s ago: executing program 1 (id=3294):
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x6000)
setresuid(0xee01, r1, r1)
fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000001c0)={{}, {0x1, 0x1}, [{0x2, 0x4, r1}], {0x4, 0x4}, [], {0x10, 0x2}}, 0x2c, 0x1)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x13}, 0x7}, 0x1c)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

1.008901882s ago: executing program 6 (id=3295):
r0 = socket$kcm(0x29, 0x2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x2)
r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000040)={0x55, 0x0, 0x3016, 0xffffffff, 0x4, 0x8, 0x81})
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r2, 0x800448d3, &(0x7f0000000080)={@any, 0x8, 0x1, 0x5, 0x3, 0x3b8d, "60f581031ea527d94b33568fbf554bdd4ae263c0653f09c445f5b3e624af14cf0ba8a09488769b3a9850a8b5a92d4bf646fb193e1d63b44c4583495976ed4836fedc62fd16fa34928d6a516e17f243fec85e7ab6dc8ab9648508ef2e12f5cc2b0288b02799becafc14749e5d082144e5e4a15869fb655e07e5ae5c84ca44c2e7"})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000700)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000200)={0x4a0, r4, 0x400, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TX_RATES={0x14c, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x50, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x25, 0x2, [{0x0, 0x4}, {0x0, 0x8}, {0x6, 0x9}, {0x1, 0x2}, {0x0, 0x5}, {0x1, 0x5}, {0x2, 0x2}, {0x6, 0x7}, {0x6, 0x3}, {0x2, 0x4}, {0x1, 0x3}, {0x3, 0x5}, {0x4, 0x6}, {0x1, 0x3}, {0x7}, {0x4, 0x2}, {0x7, 0x9}, {0x4, 0x8}, {0x6, 0x9}, {0x0, 0x6}, {0x2}, {0x2, 0x9}, {0x3, 0x3}, {0x2, 0x4}, {0x6}, {0x1}, {0x4, 0x1}, {0x3, 0x6}, {0x1}, {0x7, 0x3}, {0x0, 0x4}, {0x0, 0x5}, {0x1, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xc2, 0x200, 0x7, 0x4, 0x0, 0xe3, 0x40, 0x1]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_2GHZ={0x80, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x1, 0x5d, 0x2, 0x9a8f, 0x8, 0x5, 0x5]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0xde0a, 0x90f7, 0xa0d8, 0x6, 0x800, 0x2, 0x7]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x9, 0x7ff, 0x90, 0xffff, 0x7fff, 0x1, 0xf]}}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0xf, 0x3, 0x48, 0xc, 0x48, 0x18, 0xb, 0x60, 0x1, 0x30, 0x16, 0x1, 0x4, 0x6, 0x3d, 0x3, 0x12, 0x3, 0x6, 0x18]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x16, 0x62, 0x3, 0xc]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_2GHZ={0x78, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xfff9, 0xc7cb, 0x9, 0x1, 0x5, 0x4, 0x3ff]}}, @NL80211_TXRATE_HT={0x39, 0x2, [{0x4, 0x6}, {0x1, 0x5}, {0x4, 0x5}, {0x2, 0x6}, {0x0, 0x9}, {0x2}, {0x0, 0x7}, {0x1, 0x6}, {0x4, 0x2}, {0x5, 0xa}, {0x0, 0x4}, {0x1}, {0x7, 0xa}, {0x1, 0x3}, {0x7, 0xa}, {0x0, 0x5}, {0x7, 0x3}, {0x0, 0x2}, {0x5, 0x8}, {0x0, 0x1}, {0x1, 0x1}, {0x5, 0x4}, {0x2, 0x4}, {0x5, 0xa}, {0x6}, {0x3, 0x4}, {0x2, 0x2}, {0x5, 0x2}, {0x3, 0x7}, {0x0, 0x7}, {0x2, 0x3}, {0x4, 0x4}, {0x7, 0x4}, {0x6, 0x6}, {0x3, 0x9}, {0x0, 0x9}, {0x6, 0x2}, {0x0, 0x1}, {0x1, 0xa}, {0x5}, {0x0, 0x7}, {0x2, 0x7}, {0x4, 0x6}, {0x1, 0xa}, {0x2, 0x8}, {0x3, 0x6}, {0x7, 0x5}, {0x1, 0x2}, {0x5}, {0x5, 0x5}, {0x4, 0x1}, {0x0, 0x6}, {0x5, 0x2}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xff, 0x6, 0x9, 0x1, 0x10, 0x6, 0x77a, 0x4]}}]}]}, @NL80211_ATTR_TX_RATES={0x1fc, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x58, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4c, 0x2, [{0x1, 0x5}, {0x1, 0xa}, {0x4, 0x4}, {0x0, 0x8}, {0x5}, {0x2, 0xa}, {0x6, 0x6}, {0x2, 0xa}, {0x2, 0x7}, {0x4, 0x7}, {0x4, 0x3}, {0x1, 0x5}, {0x4, 0x5}, {0x6, 0x5}, {0x1}, {0x0, 0x3}, {0x2, 0xa}, {0x7, 0x5}, {0x1, 0x6}, {0x0, 0x3}, {0x6, 0x3}, {0x5, 0x7}, {0x7, 0x1}, {0x3, 0x8}, {0x1, 0x7}, {0x3, 0x3}, {0x3, 0x6}, {0x6, 0x2}, {0x3, 0x5}, {0x4}, {0x6, 0x7}, {0x3, 0x1}, {0x3, 0x8}, {0x2, 0x1}, {0x1}, {0x1, 0x8}, {0x3, 0x9}, {0x3, 0xa}, {0x0, 0x6}, {0x3, 0x9}, {0x0, 0x6}, {0x3, 0x7}, {0x6}, {0x0, 0x9}, {0x1, 0x1}, {0x0, 0x4}, {0x3, 0x8}, {0x1, 0x8}, {0x6, 0x6}, {0x4, 0x7}, {0x6, 0x9}, {0x5, 0x4}, {0x0, 0x2}, {0x4, 0x3}, {0x3, 0xa}, {0x3, 0x4}, {0x6, 0x2}, {0x3, 0xa}, {0x0, 0x8}, {0x5, 0x1}, {0x5, 0x8}, {0x1, 0x2}, {0x5, 0x2}, {0x5, 0xa}, {0x0, 0x4}, {0x6, 0x1}, {0x2, 0x5}, {0x6}, {0x6, 0x8}, {0x5, 0x7}, {0x2, 0x8}, {0x7, 0x5}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_6GHZ={0x8c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x48]}, @NL80211_TXRATE_HT={0x37, 0x2, [{0x2, 0xa}, {0x1}, {0x4, 0x3}, {0x5, 0x8}, {0x7, 0x1}, {0x6, 0x3}, {0x4, 0x2}, {0x2, 0x5}, {0x5, 0x4}, {0x1, 0x1}, {0x0, 0x4}, {0x0, 0x5}, {0x7, 0x9}, {0x4}, {0x2, 0xa}, {0x2}, {0x1}, {0x1, 0x9}, {0x4, 0xa}, {0x1}, {0x1, 0x6}, {0x6, 0x8}, {0x7, 0x2}, {0x0, 0xa}, {0x5, 0x2}, {0x2, 0x8}, {0x3, 0x2}, {0x4, 0x3}, {0x6, 0x2}, {0x0, 0x8}, {0x1, 0x5}, {0x4, 0x8}, {0x6, 0x6}, {0x7, 0x7}, {0x4, 0x2}, {0x4, 0x5}, {0x0, 0xa}, {0x1}, {0x2, 0x9}, {0x1, 0x5}, {0x7, 0x1}, {0x4, 0x8}, {0x2, 0x3}, {0x2, 0xa}, {0x2, 0x5}, {0x5, 0x1}, {0x6, 0x8}, {0x3, 0xa}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x9}]}, @NL80211_TXRATE_LEGACY={0xb, 0x1, [0x24, 0x16, 0xb, 0x9, 0x3, 0xb, 0x6c]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x100, 0x8, 0x2, 0xa, 0x8, 0x6, 0x74a, 0x7f]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x4, 0x8, 0x4, 0x2, 0x1ff, 0xba4, 0x9]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x7, 0x7, 0x1, 0x1, 0x6, 0x5, 0x3b]}}]}, @NL80211_BAND_6GHZ={0x74, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x6, 0xf, 0x6, 0x9199, 0x985d, 0x5, 0x9]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x2ec1, 0x3, 0x81, 0xd, 0x1, 0x6, 0x5cd0]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x38, 0x2, [{0x7, 0x5}, {0x1, 0xa}, {0x1, 0x8}, {0x4}, {0x4, 0x9}, {0x6, 0x9}, {0x6, 0x6}, {0x4, 0x1}, {0x1, 0x8}, {0x4, 0x1}, {0x0, 0x4}, {0x4, 0x3}, {0x0, 0x8}, {0x4}, {0x6, 0x5}, {0x6, 0x2}, {0x7, 0x8}, {0x4}, {0x0, 0x3}, {0x5, 0x8}, {0x1, 0x2}, {0x7, 0x3}, {0x2, 0xa}, {0x3, 0x6}, {0x5, 0x4}, {0x5, 0x9}, {0x0, 0x7}, {0x1, 0x3}, {0x3, 0x4}, {0x0, 0x9}, {0x6, 0x4}, {0x1, 0xa}, {0x6, 0x4}, {0x4, 0x1}, {0x0, 0xa}, {0x6, 0x7}, {0x5, 0x2}, {0x7, 0x4}, {0x4, 0x7}, {0x6, 0x6}, {0x6, 0x7}, {0x7, 0x6}, {0x2, 0x7}, {0x6, 0x4}, {0x3, 0x6}, {0x4, 0x5}, {0x1, 0x1}, {0x6, 0x3}, {0x2, 0x4}, {0x0, 0x1}, {0x1, 0x3}, {}]}]}, @NL80211_BAND_2GHZ={0x24, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x0, 0x1}, {0x2, 0x3}, {0x7, 0x4}, {0x2, 0x5}, {0x7, 0x1}, {0x6, 0x9}, {0x0, 0x8}, {0x5, 0x1}, {0x1, 0xa}, {0x2, 0x3}, {0x7, 0x9}, {0x6, 0x5}]}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_60GHZ={0x44, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x1, 0x4, 0x6, 0x8f, 0x9, 0xf, 0x8]}}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x24, 0x36, 0x2, 0xc, 0x6c, 0x24, 0x9, 0x18, 0x16, 0x48, 0x6, 0x4, 0x4, 0x16, 0x32, 0x5]}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0xc]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_2GHZ={0x38, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x22, 0x2, [{0x7, 0x6}, {0x6, 0x7}, {0x7, 0x2}, {0x6, 0x7}, {0x7, 0x6}, {0x7, 0x3}, {0x7, 0x3}, {0x1, 0x7}, {0x4, 0x6}, {0x7, 0x2}, {0x6, 0xa}, {0x5, 0x4}, {0x5, 0x2}, {0x2, 0x7}, {0x7, 0x2}, {0x0, 0x2}, {0x4, 0x4}, {0x0, 0x7}, {0x3, 0x9}, {0x5, 0x6}, {0x1, 0x5}, {0x4, 0x5}, {0x4}, {0x1, 0x8}, {0x3, 0x9}, {0x7, 0x9}, {0x5, 0x7}, {0x4, 0xa}, {0x6, 0x9}, {0x0, 0x1}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}]}, @NL80211_ATTR_TX_RATES={0x7c, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x44, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x3f, 0x2, [{0x4, 0x5}, {0x1, 0x3}, {0x1, 0x3}, {0x1, 0x5}, {0x6, 0x8}, {0x6, 0x9}, {0x5, 0x1}, {0x1, 0x1}, {0x6, 0xa}, {0x0, 0x1}, {0x4, 0x9}, {0x6, 0x9}, {0x4, 0x4}, {0x6, 0xa}, {0x5, 0x1}, {0x5, 0x6}, {0x2}, {0x1, 0xa}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x8}, {0x0, 0x2}, {0x7, 0x4}, {0x1, 0x7}, {0x0, 0x2}, {0x0, 0x5}, {0x5, 0x5}, {0x2, 0xa}, {0x7, 0x4}, {0x4, 0x4}, {0x1, 0x7}, {0x2, 0x8}, {0x1, 0x3}, {0x5, 0x3}, {0x4}, {0x1, 0x4}, {0x7, 0x8}, {0x4, 0x3}, {0x2}, {0x0, 0x6}, {0x3, 0x9}, {0x0, 0x4}, {0x7, 0x5}, {0x3, 0x3}, {0x3, 0x1}, {0x3, 0x4}, {0x2}, {0x7, 0x4}, {0x0, 0x6}, {0x1, 0x7}, {0x2}, {}, {0x1, 0x2}, {0x6, 0x5}, {0x3, 0x2}, {0x0, 0x4}, {}, {0x1, 0xa}, {0x6, 0x1}]}]}, @NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_60GHZ={0x20, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x4, 0x7, 0xa566, 0x5, 0x4, 0x6]}}, @NL80211_TXRATE_GI={0x5}]}]}, @NL80211_ATTR_TX_RATES={0xc0, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x24, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0x18, 0x6c, 0x60, 0x48, 0x3, 0x36]}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0x30, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xfff7, 0x9, 0x2, 0x4, 0xe, 0x3, 0x8, 0x400]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0xd, 0x2, [{0x0, 0x5}, {0x0, 0x7}, {0x4, 0xa}, {0x7, 0xa}, {0x4, 0x9}, {0x3, 0x6}, {0x7, 0xa}, {0x2, 0x4}, {0x2, 0x6}]}]}, @NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x8001, 0x80, 0x3, 0x7fff, 0x3, 0x81, 0x3, 0x4]}}]}, @NL80211_BAND_2GHZ={0x50, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x8, 0x5, 0x4, 0x40, 0x85a, 0x5, 0x4]}}, @NL80211_TXRATE_HT={0x23, 0x2, [{0x2, 0x8}, {0x5, 0x1}, {0x1, 0x2}, {0x5, 0xa}, {0x7, 0x7}, {0x2, 0x4}, {0x2, 0x4}, {0x6, 0x6}, {0x6, 0x2}, {0x2, 0x4}, {0x7, 0x6}, {0x5}, {0x5, 0x7}, {0x4, 0x4}, {0x1, 0x3}, {0x3, 0x5}, {0x0, 0x1}, {0x6, 0x6}, {0x0, 0x1}, {0x4, 0x1}, {0x4, 0xa}, {0x6, 0x7}, {0x1, 0x7}, {0x0, 0x2}, {0x6, 0xa}, {0x3, 0x5}, {0x1, 0x7}, {0x0, 0x4}, {0x4, 0xa}, {0x6, 0x2}, {0x2, 0x5}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xe, 0x7, 0xf, 0x6, 0x6, 0x4, 0xcd, 0x6]}}]}]}]}, 0x4a0}, 0x1, 0x0, 0x0, 0x40080d1}, 0x40)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f0000000740)=@isdn, 0x80, &(0x7f0000000940)=[{&(0x7f00000007c0)=""/8, 0x8}, {&(0x7f0000000800)=""/127, 0x7f}, {&(0x7f0000000880)=""/11, 0xb}, {&(0x7f00000008c0)=""/119, 0x77}], 0x4, &(0x7f0000000980)=""/144, 0x90}, 0x20)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000a80)={'batadv_slave_1\x00', <r6=>0x0})
sendmsg$netlink(r3, &(0x7f0000000c80)={&(0x7f0000000ac0)=@proc={0x10, 0x0, 0x25dfdbff, 0x1000}, 0xc, &(0x7f0000000c40)=[{&(0x7f0000000b00)={0x138, 0x40, 0x100, 0x70bd2a, 0x25dfdbfe, "", [@nested={0x8, 0xd6, 0x0, 0x1, [@nested={0x4, 0x115}, @generic]}, @generic="95acf9a641684362265792d896b82349f2fa254764b5e97672b17a8d2a73282ce67b290bd09006442a1f554f6c3e49eca6608b27c17951d107b7a260f2fe955d2122ca9f5507420fa826f0962722c03cee94da048818b29dd728c2eafd960095567291999049ad1189912b5b0c9710f205d2ed0c24277b423a0a378404cebba818160c121c5146f1a3b2", @generic="687826cb69ea373a2f3b543bf0593134f25fcd56351bac3b1fe1f016ac8fb0c0f9a01b5edb60c811f94a076b909b290bcb4b9c177f0992e3d75f4407986fc26b56f471b879dd9288d0c597f69e4ac40306f7e02ebc239137e1c1edb84cec4118a69e5e59c857c0209be41ab2a5f26282004de663fbd26e36c9d49594a95da32df7951e772162a3a15fb6d6eea112cfb70b1b9108b9e8"]}, 0x138}], 0x1, 0x0, 0x0, 0x1}, 0x200048d0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = geteuid()
sendmsg$nl_xfrm(r7, &(0x7f0000000e40)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000e00)={&(0x7f0000000d00)=@getpolicy={0xc8, 0x15, 0x20, 0x70bd2b, 0x25dfdbfe, {{@in=@multicast1, @in6=@empty, 0x4e20, 0x0, 0x4e24, 0x7f, 0xa, 0x80, 0xa0, 0x6e, r6, r8}, 0x6e6bba}, [@replay_val={0x10, 0xa, {0x70bd27, 0x70bd2c, 0x8}}, @user_kmaddress={0x2c, 0x13, {@in=@loopback, @in6=@remote, 0x0, 0x2}}, @replay_esn_val={0x2c, 0x17, {0x4, 0x70bd27, 0x70bd2a, 0x70bd29, 0x70bd26, 0x101, [0x8, 0x3, 0x80000001, 0xd674]}}, @replay_val={0x10, 0xa, {0x70bd25, 0x70bd28, 0x3}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x40844}, 0x4000000)
r9 = openat$random(0xffffffffffffff9c, &(0x7f0000001100), 0x1a00c1, 0x0)
syz_clone3(&(0x7f0000001340)={0x2b2085000, &(0x7f0000001140)=<r10=>0xffffffffffffffff, &(0x7f0000001180), &(0x7f00000011c0)=<r11=>0x0, {0x14}, &(0x7f0000001200)=""/44, 0x2c, &(0x7f0000001240)=""/157, &(0x7f0000001300)=[0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0], 0x8}, 0x58)
read$FUSE(0xffffffffffffffff, &(0x7f00000013c0)={0x2020, 0x0, 0x0, 0x0, <r12=>0x0}, 0x2020)
sendmsg$netlink(r3, &(0x7f0000003480)={0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000000e80)={0x15c, 0x34, 0x8, 0x70bd2d, 0x25dfdbfc, "", [@generic="0894f255dd9efc3ec8983d647be977ab2b8e6f9a840db91513cdd6ecbdaa39f7b7484c8176c633e48541c7b7b98193dfe94847b0496e60899f989b8ea2094eebde27c4b74cf7091060a21108f246f4e8c3b128d9b054d6437a118cf09dbde549c7783a6225be8e7f52305eddabda74c278e203a88d7f1fe9e1e36da8bff067ea203505e24f", @generic="ef1b0d7f2d349e83313fe67bdc1d7991aa4a89ff6f6807237a960cf270ab39c3494be00d80ac5bc8e518fb24db2126eaf345c3da9f80ac9bec9c0c2a901b2f7e1d5e07ce84257f5cccdc4529e53483782bb7f63cbb24e782a5199be52dff45dc0815b6ac4725bb3f3f4c910d", @generic="8d1feab8bd1e8888ff491cab7428a3e98ffd08832ef8a5352aa002a2cf72f3037aed8206164ad862f37707c44a14fd7f9b0c0946afff158ef14b9693e056696f6d609636dca4926e0fc69b95914c90a3e7b657b90dc00050698c62"]}, 0x15c}, {&(0x7f0000001000)={0xbc, 0x22, 0x200, 0x70bd28, 0x25dfdbfb, "", [@generic="17d7d31f463a4675936ddff032735c16a3dfddbb1221747c80a4099eaa68339546f2b4db26dac34ff53d6703dbfe65194c8845be0221a4751cddfa82f450218880da27bdc977c258a0856596e81fea9c8fceb4144210b780a6d7e2c290e756c7814694d3fe7e40ff73bd637572e7e303b1ca34b374770dba6ee6654b17aec90092a7d42c448ac53467a5e37ed3f278766f674772f5fab19c307112fa54892859fa20b1443e474ae429ad"]}, 0xbc}], 0x2, &(0x7f0000003400)=[@rights={{0x24, 0x1, 0x1, [r1, r2, r2, r9, r3]}}, @cred={{0x1c, 0x1, 0x2, {r11, r8, r12}}}, @rights={{0x30, 0x1, 0x1, [r7, r2, r0, r7, r2, r3, r0, r2]}}], 0x78, 0x48004}, 0x4000)
r13 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000034c0), 0x200)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(r13, 0x80045400, &(0x7f0000003500))
r14 = openat$procfs(0xffffffffffffff9c, &(0x7f0000003540)='/proc/bus/input/devices\x00', 0x0, 0x0)
r15 = syz_init_net_socket$ax25(0x3, 0x5, 0x8)
getsockname$ax25(r15, &(0x7f0000003580)={{0x3, @null}, [@null, @bcast, @rose, @remote, @null, @null, @netrom, @default]}, &(0x7f0000003600)=0x48)
ioctl$F2FS_IOC_SET_PIN_FILE(r10, 0x4004f50d, &(0x7f0000003640)=0x1)
socket(0x18, 0x5, 0x4)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000036c0)={r11, r14, 0x0, 0x1, &(0x7f0000003680)='\x00'}, 0x30)
socket$alg(0x26, 0x5, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(0xffffffffffffffff, 0x81204101, &(0x7f0000003740))

940.210329ms ago: executing program 6 (id=3296):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket(0x10, 0x3, 0x0) (async)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r3, 0x3b82, &(0x7f0000000180)={0x18, r4, 0x1, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}]})
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r7}, 0x10) (async, rerun: 32)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) (rerun: 32)

790.041909ms ago: executing program 3 (id=3297):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000180)={0x53, 0x0, 0x6, 0xa, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000000)="1201b9000000", 0x0, 0x0, 0x1, 0x0, 0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000801000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0x68)
io_uring_setup(0xd, &(0x7f0000000040)={0x0, 0x24c8a1, 0x1c891, 0x8, 0xd1})
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)

699.374454ms ago: executing program 3 (id=3298):
r0 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
io_uring_register$IORING_REGISTER_NAPI(r0, 0x1b, &(0x7f0000000000)={0xd, 0x9}, 0x1)
r3 = socket$isdn(0x22, 0x2, 0x22)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000600)=[{&(0x7f0000001080)=""/216, 0xd8}], 0x1})
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$FS_IOC_GETFSUUID(r4, 0x80111500, &(0x7f0000000040))
io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0)

567.736709ms ago: executing program 3 (id=3299):
r0 = syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r0, 0xc0884123, &(0x7f0000000080))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x70, 0x0, 0x1, 0x401, 0x11, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0x4, 0xf}]}, 0x70}}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000340), 0x201)
write$vga_arbiter(r3, &(0x7f0000000380)=@other={'trylock', ' ', 'mem'}, 0xc)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={r5, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xd4}, 0x9c)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000140)={0x2, 0x401, 0x800e, 0x1ff, 0x7, 0x80000001, 0x7, 0x0, <r6=>0x0}, &(0x7f0000000180)=0x20)
getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f00000001c0)={r5, 0x3, 0x0, 0xffff, 0xffff, 0x6, 0xaee5, 0x0, {r6, @in6={{0xa, 0x4e24, 0x80000001, @mcast1, 0x3}}, 0x4, 0x8, 0x0, 0x10000, 0x9}}, &(0x7f0000000300)=0xb0)

567.125929ms ago: executing program 2 (id=3300):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000640)='io_uring_complete\x00', r1}, 0x18)
r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x7fff, 0x40024e}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @local}, {0x2, 0xffff, @private}, 0xd0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x0, 0x9})
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c00000024000100000000000000000000000000060003"], 0x1c}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002f3144e8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cdff00000001020014bb000001000000002300001300030005000020000002"], 0x80}}, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r6, &(0x7f00000000c0), 0x2c8, 0x0)
sendmsg$IPSET_CMD_PROTOCOL(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, 0x1, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008814}, 0x8810)
r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_SMBUS(r7, 0x720, &(0x7f0000000040)={0x0, 0x0, 0x3, &(0x7f0000000080)={0x0, "7ea08680448ae1cd0313388152f6a5dcd36f82e3050721215ed97a9793ecd18a42"}})
syz_emit_vhci(&(0x7f00000002c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0xbf, 0x1, 0x407}}}, 0x7)
sendmsg$nl_generic(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x24, 0x34, 0x1, 0x470bd2b, 0x25dbdbfe, {0x4}, [@typed={0x8, 0x4, 0x0, 0x0, @u32=0x2}, @typed={0x8, 0x5, 0x0, 0x0, @uid}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040050}, 0x24000080)

500.078083ms ago: executing program 6 (id=3301):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x1)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6d207ee5}, 0x8)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{0x0}], 0x1}}], 0x1, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000140)={0x0, 0x0, 0x9}, 0x8)

499.737237ms ago: executing program 1 (id=3302):
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={<r0=>0xffffffffffffffff, 0x1, 0x9, 0x10001})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x7)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(r1, 0x0, 0x486, &(0x7f0000000040), &(0x7f0000000100)=0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=@newqdisc={0x2c, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10, 0xe}}, [@TCA_RATE={0x6, 0x5, {0x80, 0x7f}}]}, 0x2c}}, 0x4048000)

431.581777ms ago: executing program 1 (id=3303):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) (async)
r1 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cryptd(cbc-des3_ede-asm)\x00'}, 0x58) (async)
bind$alg(r2, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cryptd(cbc-des3_ede-asm)\x00'}, 0x58)
ioctl(r1, 0x2, &(0x7f0000000040)="108baa1ee13a55c28e157fedbc4c3b3c949090437c07d56e66449192fecdfaae622132f4f0e0c9159e156fffc94b2c07d887fe2a337c466e126744ce55d8fc6fbefc481d873e77e4df30108017d1e0e3f229e9a4559e14a2a90d8a0cc640eeebe0bf0c7180badbe3592749c4d3b1a2fe30fb69af33656d77dd8276d085da028bef5532827f7e4e72c894787646211665b72630e857918615e5b983c095467a3841ce26f543c6387f9c0131baba266ad9c640e07d52b982")
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
writev(r0, &(0x7f0000019880)=[{&(0x7f0000000400)="fb", 0xffffff5c}, {&(0x7f00000197c0)="1902eb02d5e5f29e59e1a7caec33eb76d2430da474d87e367f6598d026438b65eda8341073b6752abdcee080c8e1e876b25227c37d7dd79886ce33f13e857c8eda1cecf6ac36c03dbf54e3cb5136da5a33fee76fb3113f8b6700e9e5fc006b8eed665fed48738d59395ad07438c3610ae3976aac75caf2facafa21c25be3c2", 0x7f}], 0x2)

431.068957ms ago: executing program 6 (id=3304):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x4) (async, rerun: 32)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f00003f6000/0x1000)=nil) (async, rerun: 32)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async, rerun: 64)
syz_clone(0x200000, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
r0 = syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/168, 0xa8}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x74}], 0x1, 0x0) (async, rerun: 32)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000480)='/dev/comedi2\x00', 0x2080, 0x0) (rerun: 32)
ioctl$COMEDI_SUBDINFO(r1, 0x80486402, &(0x7f00000004c0))
timer_create(0x8, 0x0, &(0x7f0000000080))

430.255299ms ago: executing program 3 (id=3305):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff) (async)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, &(0x7f0000000080)={0x1, 0x8, 0x5}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r3=>0x0}) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff}) (async)
r5 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r5, &(0x7f0000000180)=ANY=[], 0x78) (async)
sendfile(r4, r5, &(0x7f00000001c0), 0x8) (async)
fcntl$addseals(r5, 0x409, 0x8) (async)
mmap(&(0x7f00003a2000/0x3000)=nil, 0x3000, 0x0, 0x13, r5, 0x3e7d000) (async)
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x30, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)

349.864774ms ago: executing program 3 (id=3306):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = userfaultfd(0x801)
syz_emit_ethernet(0x5d, &(0x7f0000000200)=ANY=[], &(0x7f0000000680)={0x3, 0x3, [0x28b, 0x8ee, 0x4f3, 0x237]})
syz_emit_ethernet(0x6a, &(0x7f0000000740)=ANY=[@ANYBLOB="01f280c20000000180c200000008004500005c000000000011907800000000e00000014e2517c100489078030000000200000062b9d705aa3b572cab9e4565145b574ad6d3761751672cccdb8ca1cbebfda570f2cfeae67bbd8bd6f8864257d91a249bc2dfb32bfb8b526f8d369735e44a285aba2034457b509f27b304cca969058c0070c8a0aacf377a7654e99e01bcd68bdfb988a8b71687cb6956f32889aeeb6ba42f25157aff068cd19a573a0b85ba0b281fcda8a8262dec962871b6e86c4bd7fee13288ffd0bf2f5a3df51db2700d6a67cc3faa3be3de534e9bdbd1bd63fca0bf728d547abdd20434de19ab697c0705dee463010e3ea980ad06e0cc2ed5cdabf4f2f5cbb150227be7ae74dbe5035326b95a908d90de8a850d0ef92faa6b16e241cf0a055e5390a260cc43b701a0dcae0daec6d89b0004e3a5d71be16fe85b8d5c75131e13284bbef0c0fabbba3a49fd6475ceee57f4b3e4dd20877736ab1635d6f0d8a37bd65a0970dadabc8eb08f5412b3300fda41113bade068f414002fc3673da4adbb67f893c96420adbbdd3339911e47e045095fc770617c824072172d564887d7c0fac4283e472e28b2e64ce12a5e79cf0eb36d8d0bb449a8309d7f5858"], 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x400000, 0x3, 0x2})
sched_rr_get_interval(0x0, &(0x7f00000000c0)={0x0, <r1=>0x0})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000040)={{&(0x7f0000b7a000/0x2000)=nil, 0x2000}})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYRESHEX, @ANYRESHEX=r1], 0x7c}, 0x1, 0x0, 0x0, 0x810}, 0x40004814)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
read$FUSE(r2, 0x0, 0xfdeb)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000002ec0)=ANY=[@ANYBLOB="84010000000000009c110000000000008510000002000000850000007600000095000000000000009500a5050000000077d8f3b4000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d75357f21699cdc6751dfb265a0e3ccae669e173a649c1cfd6587d472d64e7cc955d77578f4c35235138d5421f9453559c35da860e8ef14142b2a3e314422b854421eed734ceb1efeecb9c66854c3b3ffe1b4ce25d7c983c005c03bf3a48dfe3e26e7a23129d6606fd28a697a9d552af6d9a9df2c3af333e2008e11bbec0727cb3f647535deb6277f5696833a71011a7d06602e2fd5234712596b696418f163d1a13ed38a682f87925bfa753f541cd027edd68149ee99eebc6f7d6dd4ae59af7588c8e1f4efab57644ccb1973d7879b70a70001040000000000000000d7900a820b63278f4e9a217b98ef7042ad2a923132f208fd8289eaf8cd00000000000009d27d753a300800000000000000a5686f2fccc33e3e34c3969c5ad781302d40e97a8ad10ce0cbe17366d5ac6af2fca2360a15b80400d52040ef7b28d300747877e176fe4c4b8e40dbf260f5a9f7eee30293c1b163b795d0aef4deb851a30000f569dc8f39943f889008e1ec914faa9e6cd0b3b4b3b5db666ebeb49d6a62019d76459e70b459543c4ac42e53b4ad4c77cff373ebd95848f01864e456969cd28000170996016aceb583df5ee4dd722e8c350af489f9a900000000a0dcc36b3d7c734a9cce0439f832a20d7cbdcda5dff3ba92dd66afb9d74aa222038994dcd3e7784dbea1e51a15b0f1a040cc63177f8fafa3192fc8e5552da1a982ab8dfe31ad1a0968faa47c2069d6bf09c3aa4f0fc128cb578d99b08a150b4cc4b22f6a464c6398c952519818a44a1b223ff502df87865c276588ea478e328e8277e811b99ce1acfecaf8e2c55ccc4b8eae0a61635514e99ffd438784060f23ba74c0b30b1180d935832deb686d789ba1d436d116394534e88492a42b8bf050c719661a2dc50b3a1dcfbc871e5c27e3d7260f6fa589e40000b89db451ff994845f6b49c12e89291398bcb3c06ef1289f74e0b0e2cab592d35f82a69e7284223a171c616b1f0fee6c4711d7aecb69746064d2c096554975d605ebebf3d5cf32a9a09915ae3f3d4eb96615d7b237da56cd5e9904a19e145f25b6d98eb2c019967f553b61d0e80d6913cee9f8d18469a654a239a84a85debbc02846ac5791278f18c6759e3b513a68284d2efc30587e433431b2896a3bd48020af67e9ac071b2dd6dc3b9efae4ff03558fa619aea909c7f2416e7e7da1c51ccc7e6ac27412f728dc6d80da8adf317ca863ed683897321f8c8bb5a5d953d6783b7a06353ee496bbdff418de3e53234df87756eb99e330253cf5da4aa1a9648a38f07e2d302b4165983db4f7b8972923fffa8c03c288512a3a38fbd7c816a44634f7a03fab30811b7b93257bea4369ba46024dee5e9b0b2c3d3324e9b7c1f99ab9bb3f498b1485373b79ec84a67dad4e37575dab87ce55a9a69ed856a4c4410d1242ac1bd1539094a641cc086c2c53e363beafc74ab4e9ff320373705cbf5644586ffe60d293944fa2d9dc18b55f1af5c42f27747bef1ffd0c1766f062d47d61bf9f64e6ee288fa7fc12d48da526527b9f5c318c93ec447cb8b5eee7aa8a1e85696af3dfef96657c0545c8ebd96528d9c28828e5befd80d684b03b6d153da3e3cbd3bfbf4a9375b8ad04a1d241bcb5d5505cb6cc7a44e2e24bd0b1ca4879caaff59d0ce39dc7f3fea447f4e46967855208e63ec988bd2692afefbed2b001205e4b30ee8fe417defa566a73ace8f01f7181de0ef25f1744896a3c38859e6148c42454949cd64b1a888e7fe9c2d86bb01023b6ddeb67f5eb038af3e460c771518a4126c338b0390d459361e03adf6e6b558b3651a0e33d101b5febfff8279421778d4a914512ca803da18db6fcf89715c2d338f78d8b9220171b41f528f857a7cb79ca990de1208777e13faaa9b9cb9e67797b07d9eb9e909410b50c5d981d9a72aa36498b630519d1530ef00000000000000000000373494cd59e8ba04ec8db8379bd2044c652dff399a9f8bfa4e9c507f049d18837464276830461ee203ba51f6102d262fc9a26bc3638ecce24e65c55da6efaa462f03d0e119c963a8c7a522b59f5a7b44d018cb2648383073d9e032492cae44350bc0a85697f431392eb22cae093e85954af97d6d7b2e6e8f43353062275ad1578a431594243452a2bfb89f91d8eaac038e9e17136e7c698f73faaabb3d00000000000080014573789425c4c32da528d89356aa6d2ae6da082e756c80cf39053431080ea6cbf9997a5a0ddad0b9d12bc3f880476ab32f0feaac5f16e61f7b72b8c9082eec423c6b3eaecfdcc9ec72795e7696421c83b76c2d6bac19bc875d009679778d8ef97d7e05329649d97b0dc54bea9b650873de2d3d702690176e0b23ee5cb5e469a8d1612d611722e6200e3a297d92f8e1de98326c5ef2b89d4e2d47767cd755783e5d865e373338e96ceb8399f296c59b2d70ca27735ecaff62982616d3ac1ab041733bce119d8002a6c8a2b08b32551b2313b1a2ff41b3f04af61c69c85cb2da48215727271bac2ffdeb62d9f5dc4845f1c3f63dc806e615ee8d28d6d7f181e30807afa27f41d0364c746a65a4af7464db68f3c433d88dd625db35fded2c86d75af88efaf20c8b37c644b6c4e773a9589200faa553bc92f952b75ddbfa18ab73979f46947b35914286d2499a0b8c970000000000000000f4fe74e0c26ab52329bd600627b256ca44dd121ffc8dbb6e5f70cbe03efccac70375b30cc927574d254d1b46c607e8b1ca7d1511568c3ef4b6b885f4582bdcef74e5e010627fc8e4fe00000000000000000000869d9640f06b11df2971909b90133983308ea4f033de613763f32d913bcbe9dd082a6fff197a20730269e6cfd31275395833f1c2b8a50a94c30cceae2a11fe9b9b835d0da73891c0b3ce22dea6bf31e7f51808cf72f44b4455b77a778440795e152dc1b7bb0a5636aa4742ce4d331a47de5836539cdf289176527277b70c8162aaf6f9475418b478329f3565450acfaf41ba88c7eab8cabfa97e35081967bb92a264b07e8003d2f15537e72a1e4ca5ec1e2aaaf8236ecdefbaf512c75e636b6b6f518ad20521f909b12e9bc97e408e0dc82f950d12705f35708bc862196abb27e8d7991b5273987f38c4706289ff4f6130cee76465d487a07a74452f87da2029bd3debd9870335d58d3fe1ac80574fa3ea312997ab81bc6f569ffdb10ba3f20a86d95128d13e0c778998d3b3114bfb07bd61e4bff8a5e2ce4aa572c63e09b44ca4a181bcfe4eec3ce843c65c4948169fe639a186acc2b4a96c6b8d4d2e6d53ab97bea01eab953e6e89e3af34d4ada217bc6fda0fb2095c49195d0d6f365ca80a955b9ec81240a84ef672afa369fc8e3d444ba35d0f51a0065a3b982d09dfc6874fc0d8079b185447cb8a695e132d4d613a529d9c77e2a8f7320ecf698e8a2b170fd601dc1a9767a38b10788e92d1356f6a6c1bcfb2d31b46e735db13f1be80bac1b6be04fd98610000000000000000000000000000139af5493f74751c5e2501a4936bc4a0fa516117f4ccadc692003adee0a080eba2f1059660c0ee0e9aec72d4d0fe095632e4f641b0e34c611c5b3e0ba05fa36542d4f237dda323910672a9097d68398fd3539686e4288db0d6bf7cb8a1835f46dfe11865a66ef47e736dada06677a5bca133d6cbc8fe5c4557e51b006bdccd7c5f32ff1d9e8b130f77df09236870fb3de5b87b4f8acc13df534eba329b8667b4dd0c"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
sendmsg$inet_sctp(r3, &(0x7f0000000700)={&(0x7f0000000040)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x2c000815}, 0x881)
r4 = dup(r3)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0xa}}, 0x20)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x9, 0x0, 0x111, 0xf}}, 0x20)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002700)=ANY=[@ANYBLOB="c474000042000701feffffff00000000037c0000ec0242805b021a80d501ee80fb8d136da31edc546f500c8cfa08a5c5754b91c2df21434977915ca20818805268c77c40d30d690be101237fe2d4f76ecbd0a3a72fd24530e0c798c833077a5f872fe39e7969b90d69bc920c426d98543a115113b491e8cfedcadf90301401d69f157034d9236f5296c5e7672ee37ff38111b6bc2648ab6aa17910a3404651fb2e87661960284b3708021087b3018adc0e3ee9906d0091bff50dab42528573bd5e64cd4432fff76b731360a6287463cc2bcb8cdfabeb537ef6be5f442a4ad6d97e9197a72790584202a68843cd90cf7b4d17bd354efba83e56231126b41743aecfd0bca0e7fbaecefd57f3da424405f5bbee4940eb3d75c66e85767aebc33dc0474446f5b777bfb24d9d811574b0124053ef4d4041aedaa9382a720c76fd8af91024a3abc4f3b0c968bb09b994e2a5c5da74ccbc86ed9dcbc7f827af348bae3c609ebacfcd1c145b8fb4e866bba160d595fd8027174aaa3d1ff903eb3053b6fbf0693acc2b14b95a134ba6d55a853e51f2394e6e202013ca10fa9f99b79730aa957b93219e2f2ec64749b88b0e0cdfea1a5c7f47fc2fdf7d30809c89905c3e0e896aeda66adcabed006a0da29cb0a48491d4c1097750365e0c02e15106c9bd8926e34e43a9108ba8729e4cdaca2d7ed99700000004002c800400ee0004002c80b4dfec08383fe7db080f4e90f4f7ed53618ec09a3f4af45e1b81cc948f38db20641761807964a90070731a1c4c7134321838a59a55ebdbfbc725f2fadb0964e32c0335a5366c75c36269f8d7e0fafaeddedd96882d37d55b7f11e9fa4831f636410dae304267004ed4ba7f681d970c0400ad80001400ae002001000000000000000000000000000208005800ac1e01010400758069003a0005482336b4a905f43e90a19cf7edbb2356f7002fa5414748bf9734f53e2a2dab6a0b4ac7154b6aee5efbbf3cfa3692ea4e29f961e5d09163f61ee64ad41014412031ecb95750ddd395ef93a30105426a37b4ea9945e8552e27099fe2ff422ee477953acc39000000c47101"], 0x74c4}, 0x1, 0x0, 0x0, 0xc004}, 0xc000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
shutdown(r3, 0x1)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
r6 = userfaultfd(0x801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0))

267.02892ms ago: executing program 2 (id=3307):
r0 = socket$netlink(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa41, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x440, 0x0)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0x280801, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, r4, {0x2}}, './file0\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e000000004000028006000100fe0f000004000480280003800c000100400000000600000082370c4ad9d73df1ff6ad058724338000c000100ff0400003f8c0000d8fd010006000000", @ANYRES32, @ANYBLOB="08000500", @ANYRES16=r2], 0x8c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x80)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200fffe540004802800018007000100637400001c0002800800014000000002080002400000001005000300010000002800018007000100637400001c0002800800024000000011080004400000000c05000300010000000900010073797a30000000000900020073797a32"], 0xa8}, 0x1, 0x0, 0x0, 0x840}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0000001000030500000008b373c928b8dcff1342000007000000000000d81308232fe6a3ff0025f07086ea7b565f555879576eccef26b1a6802f8b0fd9ad7aa807b1eb555358cbdba90e00000000000000a15be5a641d11bcbe423e2a33d5c2682620be03a0c", @ANYRES32=0x0, @ANYBLOB="0000000006100000140012800b00010062726964676500000400028008000a00", @ANYRES32=r2, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0)

140.071549ms ago: executing program 2 (id=3308):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[<r2=>0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r1})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000380)={0x1, r2, r1})
syz_usb_connect(0x2, 0x2d, 0x0, 0x0)
r3 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f00000000c0)={0x1d, r4, 0x8000000000000003, {}, 0xfd}, 0x18)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x202, 0x30fb48eb9146406f)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x284})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r6, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, 0x0)
ioctl$DRM_IOCTL_AGP_FREE(r5, 0x40206435, &(0x7f0000000080))
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000015003a0a00000000000000000b000000"], 0x14}}, 0x44080)
sendmsg$NLBL_UNLABEL_C_STATICADD(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)
close(0x3)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r8=>r5}, './file0\x00'})
ioctl$DRM_IOCTL_AUTH_MAGIC(r8, 0x40046411, &(0x7f0000000040))

139.801861ms ago: executing program 1 (id=3309):
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/card0/oss_mixer\x00', 0x101100, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r3, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x3c, 0x2c, 0x73f, 0x600, 0x25dfcbfb, {0x0, 0x0, 0x0, r6, {}, {0xfff2, 0xffff}, {0xffff, 0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0xfff2, 0xe}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010)
read$proc_mixer(r0, &(0x7f00000002c0)=""/254, 0xfe)
syz_emit_ethernet(0x7e, &(0x7f0000000280)=ANY=[@ANYBLOB="ffffffffffffffffffffff481100fe8000000000000001000000000000bbff0200000000000000000000000000014aff114ac164336a878b9c900000462291b3ccaf4c63521df8f969a9a3ef8377d86e2c44330fb0558fc99fa615e832d5f00ce4a5807ebb53fbfc8fbe4761a7cfe44dcf95"], 0x0)

89.311333ms ago: executing program 3 (id=3310):
modify_ldt$write2(0x11, &(0x7f0000000040)={0x0, 0x20000000}, 0x10)
modify_ldt$read(0x0, &(0x7f0000001840)=""/4105, 0x1009)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002700)=ANY=[], 0x74c4}}, 0xc000)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000880)={'syztnl2\x00', 0x0, 0x29, 0x83, 0x7, 0x80000400, 0x7b, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private0, 0x3c20, 0x700, 0x1, 0x8}})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000001c0)=0x2)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETVNETLE(r6, 0x400454dc, &(0x7f00000000c0)=0x1)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r5, 0x5386, &(0x7f0000000040))
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SG_NEXT_CMD_LEN(r5, 0x2283, &(0x7f0000000080)=0xc8)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/bus/input/handlers\x00', 0x0, 0x0)
preadv(r9, &(0x7f0000002600)=[{&(0x7f0000000140)=""/77, 0x4d}], 0x1, 0x96f00, 0x7)
sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[@ANYBLOB="15fcffdf", @ANYRES16=r8, @ANYBLOB="0100000000000000000401000000000000000141000000140017000000000000040169623a7767310000"], 0x30}, 0x1, 0x0, 0x0, 0x2004c045}, 0x0)

0s ago: executing program 1 (id=3311):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x20040055}, 0x40) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1de0000080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
io_setup(0x10001, &(0x7f0000000000)=<r2=>0x0) (async)
r3 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0)
io_cancel(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x6, 0x1, r1, &(0x7f00000003c0)="847541b0d934551fa3bd8d5408998e81d8115496c458ba09ccbc9e03597bfc403c70af513b31d1a29606ad83360c9aad11963d6a5af07a399381ff074c252ff6bfee31b76e6385c91e03a12f12bc437a24874105f638268910b2c7d2cf37a064f209d0db3160765d6993dc727290cf997c3d4a46dc21e65d4977cfe3830b7ccd3b3eff34a1640820a0e61dcbc3cacc5b4caedd882b7b26233d46487cfd0bcbdba4f5b2fbab749b955d07f05422bfc3e27fb391aaed1d6283fcbd6eb9dd3bdd663e1d3f42eade3675ca313b95fe0430f989c4", 0xd2, 0x9, 0x0, 0x1, r3}, &(0x7f0000000340)) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "ffd7"}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)

0s ago: executing program 1 (id=3312):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x20, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000140)={<r2=>0x0, 0x1})
migrate_pages(0x0, 0x6, 0x0, &(0x7f0000000100)=0x9) (async)
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r1, 0xc01064c5, &(0x7f0000000100)={&(0x7f00000000c0)=[r2], 0x1}) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x74, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_CHAIN_COUNTERS={0x4c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x9f3}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xc}, @NFTA_COUNTER_PACKETS={0x3}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x409}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x7}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7ff}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_ID={0x8}]}], {0x14, 0x10}}, 0xbc}}, 0x0)

kernel console output (not intermixed with test programs):

222.043366][   T40] audit: type=1400 audit(2000000110.359:25589): avc:  denied  { listen } for  pid=14351 comm="syz.6.2505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  222.051917][   T40] audit: type=1400 audit(2000000110.369:25590): avc:  denied  { connect } for  pid=14351 comm="syz.6.2505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  222.059108][   T40] audit: type=1400 audit(2000000110.379:25591): avc:  denied  { accept } for  pid=14351 comm="syz.6.2505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  222.063372][T14352] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  222.065483][   T40] audit: type=1400 audit(2000000110.379:25592): avc:  denied  { watch } for  pid=14351 comm="syz.6.2505" path="/379/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  222.081847][   T40] audit: type=1400 audit(2000000110.379:25593): avc:  denied  { watch_sb watch_reads } for  pid=14351 comm="syz.6.2505" path="/379/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  222.111480][   T40] audit: type=1400 audit(2000000110.429:25594): avc:  denied  { ioctl } for  pid=14357 comm="syz.1.2506" path="socket:[52217]" dev="sockfs" ino=52217 ioctlcmd=0x8910 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  222.117685][T14363] veth1: entered promiscuous mode
[  222.120945][T14363] veth1: entered allmulticast mode
[  222.149327][   T40] audit: type=1400 audit(2000000110.469:25595): avc:  denied  { create } for  pid=14366 comm="syz.1.2508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  222.155360][   T40] audit: type=1400 audit(2000000110.469:25596): avc:  denied  { read } for  pid=14364 comm="syz.6.2509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  222.226431][ T6023] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  222.269034][T14378] 8021q: VLANs not supported on ip_vti0
[  222.274221][T14382] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in;
[  222.274221][T14382]    program syz.6.2511 not setting count and/or reply_len properly
[  222.366693][T14387] FAULT_INJECTION: forcing a failure.
[  222.366693][T14387] name failslab, interval 1, probability 0, space 0, times 1
[  222.370946][T14387] CPU: 2 UID: 0 PID: 14387 Comm: syz.6.2514 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  222.370965][T14387] Tainted: [L]=SOFTLOCKUP
[  222.370969][T14387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  222.370976][T14387] Call Trace:
[  222.370980][T14387]  <TASK>
[  222.370984][T14387]  dump_stack_lvl+0x16c/0x1f0
[  222.371020][T14387]  should_fail_ex+0x512/0x640
[  222.371034][T14387]  ? fs_reclaim_acquire+0xae/0x150
[  222.371052][T14387]  should_failslab+0xc2/0x120
[  222.371068][T14387]  __kmalloc_noprof+0xeb/0x910
[  222.371079][T14387]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  222.371099][T14387]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  222.371116][T14387]  tomoyo_realpath_from_path+0xc2/0x6e0
[  222.371134][T14387]  ? tomoyo_profile+0x47/0x60
[  222.371145][T14387]  tomoyo_path_number_perm+0x245/0x580
[  222.371159][T14387]  ? tomoyo_path_number_perm+0x237/0x580
[  222.371191][T14387]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  222.371206][T14387]  ? find_held_lock+0x2b/0x80
[  222.371236][T14387]  ? find_held_lock+0x2b/0x80
[  222.371253][T14387]  ? hook_file_ioctl_common+0x144/0x410
[  222.371267][T14387]  ? __fget_files+0x20e/0x3c0
[  222.371287][T14387]  security_file_ioctl+0x9b/0x240
[  222.371303][T14387]  __x64_sys_ioctl+0xb7/0x210
[  222.371340][T14387]  do_syscall_64+0xcd/0xf80
[  222.371371][T14387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.371386][T14387] RIP: 0033:0x7efd6b38f7c9
[  222.371395][T14387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  222.371406][T14387] RSP: 002b:00007efd6c25b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  222.371417][T14387] RAX: ffffffffffffffda RBX: 00007efd6b5e5fa0 RCX: 00007efd6b38f7c9
[  222.371424][T14387] RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000003
[  222.371430][T14387] RBP: 00007efd6c25b090 R08: 0000000000000000 R09: 0000000000000000
[  222.371437][T14387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  222.371443][T14387] R13: 00007efd6b5e6038 R14: 00007efd6b5e5fa0 R15: 00007ffe947fb6a8
[  222.371458][T14387]  </TASK>
[  222.371462][T14387] ERROR: Out of memory at tomoyo_realpath_from_path.
[  222.391997][ T6023] usb 8-1: Using ep0 maxpacket: 16
[  222.444499][ T6023] usb 8-1: config 0 has no interfaces?
[  222.448156][ T6023] usb 8-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  222.451120][ T6023] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.453781][ T6023] usb 8-1: Product: syz
[  222.455084][ T6023] usb 8-1: Manufacturer: syz
[  222.459047][ T6023] usb 8-1: SerialNumber: syz
[  222.462978][ T6023] usb 8-1: config 0 descriptor??
[  222.639218][T14401] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14401 comm=syz.1.2518
[  222.827085][T14414] FAULT_INJECTION: forcing a failure.
[  222.827085][T14414] name failslab, interval 1, probability 0, space 0, times 0
[  222.832450][T14414] CPU: 1 UID: 0 PID: 14414 Comm: syz.1.2524 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  222.832481][T14414] Tainted: [L]=SOFTLOCKUP
[  222.832487][T14414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  222.832497][T14414] Call Trace:
[  222.832505][T14414]  <TASK>
[  222.832513][T14414]  dump_stack_lvl+0x16c/0x1f0
[  222.832545][T14414]  should_fail_ex+0x512/0x640
[  222.832562][T14414]  ? fs_reclaim_acquire+0xae/0x150
[  222.832596][T14414]  should_failslab+0xc2/0x120
[  222.832621][T14414]  __kmalloc_noprof+0xeb/0x910
[  222.832639][T14414]  ? tomoyo_encode2+0x100/0x3e0
[  222.832671][T14414]  ? tomoyo_encode2+0x100/0x3e0
[  222.832695][T14414]  tomoyo_encode2+0x100/0x3e0
[  222.832725][T14414]  tomoyo_encode+0x29/0x50
[  222.832750][T14414]  tomoyo_realpath_from_path+0x18f/0x6e0
[  222.832785][T14414]  tomoyo_path_number_perm+0x245/0x580
[  222.832807][T14414]  ? tomoyo_path_number_perm+0x237/0x580
[  222.832832][T14414]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  222.832857][T14414]  ? find_held_lock+0x2b/0x80
[  222.832910][T14414]  ? find_held_lock+0x2b/0x80
[  222.832936][T14414]  ? hook_file_ioctl_common+0x144/0x410
[  222.832960][T14414]  ? __fget_files+0x20e/0x3c0
[  222.832991][T14414]  security_file_ioctl+0x9b/0x240
[  222.833020][T14414]  __x64_sys_ioctl+0xb7/0x210
[  222.833044][T14414]  do_syscall_64+0xcd/0xf80
[  222.833072][T14414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.833090][T14414] RIP: 0033:0x7fae60b8f7c9
[  222.833105][T14414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  222.833122][T14414] RSP: 002b:00007fae61a86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  222.833139][T14414] RAX: ffffffffffffffda RBX: 00007fae60de5fa0 RCX: 00007fae60b8f7c9
[  222.833151][T14414] RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000003
[  222.833162][T14414] RBP: 00007fae61a86090 R08: 0000000000000000 R09: 0000000000000000
[  222.833172][T14414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  222.833183][T14414] R13: 00007fae60de6038 R14: 00007fae60de5fa0 R15: 00007fff484929d8
[  222.833210][T14414]  </TASK>
[  222.833768][T14414] ERROR: Out of memory at tomoyo_realpath_from_path.
[  222.926040][T14422] overlayfs: failed to resolve './file1/file0': -2
[  223.072977][T14434] netdevsim netdevsim6 netdevsim0: IPsec offload requires 128 bit authentication
[  223.158657][T14443] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  223.162453][T14443] netlink: 'syz.6.2533': attribute type 7 has an invalid length.
[  223.187109][ T5942] Bluetooth: hci1: command 0x0406 tx timeout
[  223.189608][T14448] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  223.259279][T14458] tmpfs: Unknown parameter 'appraise'
[  223.406467][T14467] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1617207373 (3234414746 ns) > initial count (443187862 ns). Using initial count to start timer.
[  223.426532][T14474] Invalid argument reading file caps for ./file0
[  223.505247][T14490] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=14490 comm=syz.1.2545
[  223.657080][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout
[  223.658192][ T6011] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  223.661972][ T6011] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  223.769198][T14521] random: crng reseeded on system resumption
[  223.792175][T14523] overlay: Unknown parameter '/'
[  223.795298][T14523] overlayfs: overlapping lowerdir path
[  223.908398][T14531] batadv_slave_1: entered promiscuous mode
[  224.129559][T14537] CIFS mount error: No usable UNC path provided in device string!
[  224.129559][T14537] 
[  224.133052][T14537] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  224.142305][T14537] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=14537 comm=syz.1.2561
[  224.605682][T14556] loop5: detected capacity change from 0 to 2640
[  224.608746][T13941] buffer_io_error: 40 callbacks suppressed
[  224.608759][T13941] Buffer I/O error on dev loop5, logical block 0, async page read
[  224.613993][T13941] Buffer I/O error on dev loop5, logical block 0, async page read
[  224.623860][T13941] Buffer I/O error on dev loop5, logical block 0, async page read
[  224.627023][T13941] Buffer I/O error on dev loop5, logical block 0, async page read
[  224.630041][T13941] Buffer I/O error on dev loop5, logical block 0, async page read
[  224.633056][T13941] Buffer I/O error on dev loop5, logical block 0, async page read
[  224.636108][T13941] Buffer I/O error on dev loop5, logical block 0, async page read
[  224.639206][T13941] Buffer I/O error on dev loop5, logical block 0, async page read
[  224.642121][T13941] ldm_validate_partition_table(): Disk read failed.
[  224.644505][T13941] Buffer I/O error on dev loop5, logical block 0, async page read
[  224.647527][T13941] Buffer I/O error on dev loop5, logical block 0, async page read
[  224.650489][T13941] Dev loop5: unable to read RDB block 0
[  224.652610][T13941]  loop5: unable to read partition table
[  224.656465][T14556] ldm_validate_partition_table(): Disk read failed.
[  224.659659][T14556] Dev loop5: unable to read RDB block 0
[  224.662098][T14556]  loop5: unable to read partition table
[  224.667145][T14556] loop_reread_partitions: partition scan of loop5 (3�����) failed (rc=-5)
[  224.672487][T14527] batadv_slave_1: left promiscuous mode
[  224.710474][T14559] __nla_validate_parse: 13 callbacks suppressed
[  224.710485][T14559] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2570'.
[  224.715527][T14559] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2570'.
[  224.904464][    T9] usb 8-1: USB disconnect, device number 7
[  225.385972][T14603] validate_nla: 1 callbacks suppressed
[  225.385983][T14603] netlink: 'syz.1.2582': attribute type 13 has an invalid length.
[  225.395885][T14603] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  225.817398][ T6011] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  225.819421][ T6011] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  225.826476][ T5942] Bluetooth: hci1: command 0x0406 tx timeout
[  225.862639][T14632] futex_wake_op: syz.3.2589 tries to shift op by 32; fix this program
[  225.917208][T14634] netlink: 'syz.3.2590': attribute type 1 has an invalid length.
[  225.919782][T14634] netlink: 'syz.3.2590': attribute type 1 has an invalid length.
[  225.923078][T14634] netlink: 'syz.3.2590': attribute type 1 has an invalid length.
[  226.011372][T14637] netlink: 'syz.3.2591': attribute type 10 has an invalid length.
[  227.896376][ T5942] Bluetooth: hci4: command 0x0c1a tx timeout
[  227.897099][ T6011] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  227.901201][ T6011] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  229.976482][ T6011] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  229.976496][ T5942] Bluetooth: hci2: command 0x0419 tx timeout
[  229.978975][ T6011] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  230.119626][T14646] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2592'.
[  230.167639][T14646] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2592'.
[  230.171877][T14646] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2592'.
[  230.191877][   T40] kauditd_printk_skb: 48 callbacks suppressed
[  230.191888][   T40] audit: type=1400 audit(2000000118.509:25645): avc:  denied  { read } for  pid=14654 comm="syz.6.2598" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  230.195090][T14650] binder: BINDER_SET_CONTEXT_MGR already set
[  230.203510][   T40] audit: type=1400 audit(2000000118.509:25646): avc:  denied  { mount } for  pid=14649 comm="syz.3.2597" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  230.206151][T14650] binder: 14649:14650 ioctl 4018620d 2000000000c0 returned -16
[  230.210577][   T40] audit: type=1400 audit(2000000118.509:25647): avc:  denied  { read } for  pid=14649 comm="syz.3.2597" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  230.223286][   T40] audit: type=1400 audit(2000000118.509:25648): avc:  denied  { open } for  pid=14649 comm="syz.3.2597" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  230.231892][   T40] audit: type=1400 audit(2000000118.509:25649): avc:  denied  { ioctl } for  pid=14649 comm="syz.3.2597" path="/dev/binderfs/binder0" dev="binder" ino=13 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  230.240314][   T40] audit: type=1400 audit(2000000118.509:25650): avc:  denied  { set_context_mgr } for  pid=14649 comm="syz.3.2597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  230.248456][   T40] audit: type=1400 audit(2000000118.519:25651): avc:  denied  { open } for  pid=14654 comm="syz.6.2598" path="/dev/ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  230.256934][   T40] audit: type=1400 audit(2000000118.519:25652): avc:  denied  { ioctl } for  pid=14654 comm="syz.6.2598" path="/dev/ppp" dev="devtmpfs" ino=730 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  230.265218][   T40] audit: type=1400 audit(2000000118.559:25653): avc:  denied  { unmount } for  pid=5935 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  230.274761][   T40] audit: type=1400 audit(2000000118.589:25654): avc:  denied  { ioctl } for  pid=14659 comm="syz.2.2600" path="/dev/vhost-vsock" dev="devtmpfs" ino=1301 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  230.344821][T14674] netlink: 'syz.2.2603': attribute type 13 has an invalid length.
[  230.369165][T14670] netlink: 'syz.6.2602': attribute type 13 has an invalid length.
[  230.415301][T14679] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1000 sclass=netlink_route_socket pid=14679 comm=syz.3.2605
[  230.497492][T14690] syzkaller1: entered promiscuous mode
[  230.499298][T14690] syzkaller1: entered allmulticast mode
[  230.509553][T14690] ip6t_srh: unknown srh invflags 4000
[  230.599807][T14697] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=244 sclass=netlink_route_socket pid=14697 comm=syz.3.2611
[  230.709217][T14711] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2616'.
[  230.712151][T14711] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2616'.
[  230.726505][T14714] Cannot find del_set index 2 as target
[  230.802558][T14723] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2620'.
[  230.805722][T14723] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  230.811588][T14700] overlayfs: statfs failed on './file0'
[  230.842641][T14725] comedi comedi0: fl512: I/O port conflict (0xd,16)
[  230.846454][T14726] comedi comedi0: fl512: I/O port conflict (0xd,16)
[  230.857328][T14725] xt_NFQUEUE: number of total queues is 0
[  230.965213][T14746] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  230.979873][T14748] veth1_to_batadv: entered promiscuous mode
[  231.027423][T14755] comedi: No check for data length of config insn id 1997 is implemented
[  231.037463][T14755] comedi: Add a check to check_insn_config_length in drivers/comedi/comedi_fops.c
[  231.042246][T14755] comedi: Assuming n=15 is correct
[  231.155678][T14777] xt_hashlimit: size too large, truncated to 1048576
[  231.324454][T14791] binder: 14789:14791 ioctl 5403 2000000000c0 returned -22
[  231.324888][T14798] binder: 14789:14798 ioctl 5403 2000000000c0 returned -22
[  231.590748][T14801] blktrace: Concurrent blktraces are not allowed on loop12
[  231.739427][T14809] loop6: detected capacity change from 0 to 524288000
[  231.782954][T14811] overlay: ./file0 is not a directory
[  232.178004][T14821] orangefs_devreq_write_iter: total:0: must be at least:8240:
[  232.181129][T14830] *****************************************************
[  232.184059][T14830] ORANGEFS Device Error:  You cannot open the device file 
[  232.184067][T14830] 
[  232.184067][T14830] /dev/pvfs2-req more than once.  Please make sure that
[  232.184067][T14830] there are no 
[  232.189645][T14830] instances of a program using this device
[  232.189645][T14830] currently running. (You must verify this!)
[  232.199527][T14830] For example, you can use the lsof program as follows:
[  232.202310][T14830] 'lsof | grep pvfs2-req' (run this as root)
[  232.204619][T14830]   open_access_count = 1
[  232.207789][T14830] *****************************************************
[  232.268993][T14844] ISOFS: Unable to identify CD-ROM format.
[  232.300998][T14852] netlink: 'syz.1.2663': attribute type 10 has an invalid length.
[  232.310819][T14852] netlink: 'syz.1.2663': attribute type 10 has an invalid length.
[  232.314106][T14852] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2663'.
[  232.318199][T14852] team0: entered promiscuous mode
[  232.320221][T14852] team_slave_1: entered promiscuous mode
[  232.324087][T14852] 8021q: adding VLAN 0 to HW filter on device team0
[  232.327749][T14852] bridge0: port 3(team0) entered blocking state
[  232.330489][T14852] bridge0: port 3(team0) entered disabled state
[  232.333089][T14852] team0: entered allmulticast mode
[  232.335221][T14852] team_slave_1: entered allmulticast mode
[  232.340734][T14852] bridge0: port 3(team0) entered blocking state
[  232.343366][T14852] bridge0: port 3(team0) entered forwarding state
[  232.505122][T14885] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2674'.
[  232.509795][T14886] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2674'.
[  232.688762][T14900] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2679'.
[  233.302003][T14911] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  233.588347][T14942] x_tables: ip6_tables: mh match: only valid for protocol 135
[  233.627652][   T75] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  233.631140][   T75] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  233.633812][   T75] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  233.666366][   T75] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  233.806087][T14959] mac80211_hwsim hwsim31 wlan0: entered promiscuous mode
[  234.166519][ T6011] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  234.318409][ T6011] usb 6-1: config index 0 descriptor too short (expected 39, got 27)
[  234.321758][ T6011] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  234.325772][ T6011] usb 6-1: config 0 interface 0 has no altsetting 0
[  234.331108][ T6011] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  234.334833][ T6011] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  234.340665][ T6011] usb 6-1: Product: syz
[  234.342743][ T6011] usb 6-1: Manufacturer: syz
[  234.345097][ T6011] usb 6-1: SerialNumber: syz
[  234.354078][ T6011] usb 6-1: config 0 descriptor??
[  234.360852][ T6011] hub 6-1:0.0: bad descriptor, ignoring hub
[  234.363538][ T6011] hub 6-1:0.0: probe with driver hub failed with error -5
[  234.370945][ T6011] usb 6-1: selecting invalid altsetting 0
[  234.992383][T14990] tipc: Started in network mode
[  234.993981][T14990] tipc: Node identity 7f000001, cluster identity 4711
[  234.999150][T14990] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  235.004817][T14990] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  235.196283][   T40] kauditd_printk_skb: 23234 callbacks suppressed
[  235.196295][   T40] audit: type=1326 audit(2000000123.509:48889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14899 comm="syz.3.2679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f726cd8f7c9 code=0x7ff00000
[  235.205449][   T40] audit: type=1326 audit(2000000123.519:48890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14899 comm="syz.3.2679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f726cd8f7c9 code=0x7ff00000
[  235.219381][   T40] audit: type=1326 audit(2000000123.529:48891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14899 comm="syz.3.2679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f726cd8f7c9 code=0x7ff00000
[  235.226916][   T40] audit: type=1326 audit(2000000123.529:48892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14899 comm="syz.3.2679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f726cd8f7c9 code=0x7ff00000
[  235.228084][T15016] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  235.236304][   T40] audit: type=1326 audit(2000000123.529:48893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14899 comm="syz.3.2679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f726cd8f7c9 code=0x7ff00000
[  235.237623][T15016] SELinux: failed to load policy
[  235.243816][   T40] audit: type=1326 audit(2000000123.529:48894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14899 comm="syz.3.2679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f726cd8f7c9 code=0x7ff00000
[  235.255062][   T40] audit: type=1326 audit(2000000123.529:48895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14899 comm="syz.3.2679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f726cd8f7c9 code=0x7ff00000
[  235.263893][   T40] audit: type=1326 audit(2000000123.529:48896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14899 comm="syz.3.2679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f726cd8f7c9 code=0x7ff00000
[  235.271313][   T40] audit: type=1326 audit(2000000123.529:48897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14899 comm="syz.3.2679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f726cd8f7c9 code=0x7ff00000
[  235.271497][T14972] usb 6-1: reset high-speed USB device number 11 using dummy_hcd
[  235.278409][   T40] audit: type=1326 audit(2000000123.529:48898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14899 comm="syz.3.2679" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f726cd8f7c9 code=0x7ff00000
[  235.368557][T15025] netlink: 'syz.2.2724': attribute type 10 has an invalid length.
[  235.371692][T15025] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.374112][T15025] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.381935][T15025] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.384370][T15025] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.386888][T15025] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.389150][T15025] bridge0: port 1(bridge_slave_0) entered forwarding state
[  235.393593][T15025] bridge0: entered allmulticast mode
[  235.395694][T15025] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  235.450954][T14972] usb 6-1: device firmware changed
[  235.453466][ T6004] usb 6-1: USB disconnect, device number 11
[  235.626303][ T6004] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  235.797602][ T6004] usb 6-1: config index 0 descriptor too short (expected 39, got 27)
[  235.800130][ T6004] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  235.803054][ T6004] usb 6-1: config 0 interface 0 has no altsetting 0
[  235.807504][ T6004] usb 6-1: string descriptor 0 read error: -22
[  235.809467][ T6004] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  235.812339][ T6004] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  235.816691][ T6004] usb 6-1: config 0 descriptor??
[  235.819989][ T6004] hub 6-1:0.0: bad descriptor, ignoring hub
[  235.821914][ T6004] hub 6-1:0.0: probe with driver hub failed with error -5
[  235.826934][ T6004] usb 6-1: selecting invalid altsetting 0
[  235.850828][T15041] binder: 15040:15041 ioctl c0306201 0 returned -14
[  235.858196][T15041] __nla_validate_parse: 5 callbacks suppressed
[  235.858207][T15041] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2727'.
[  235.858225][T15042] binder: 15040:15042 ioctl c0306201 0 returned -14
[  236.000420][T15048] xt_CONNSECMARK: invalid mode: 0
[  236.027731][T14972] vlan2: entered promiscuous mode
[  236.029505][T14972] bridge0: entered promiscuous mode
[  236.051027][T15048] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2729'.
[  236.146713][   T73] usb 6-1: USB disconnect, device number 12
[  236.222834][T15058] netlink: 'syz.6.2732': attribute type 1 has an invalid length.
[  236.264675][T15064] 9p: Bad value for 'wfdno'
[  236.482393][T15072] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2736'.
[  236.485640][T15072] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2736'.
[  236.488709][T15072] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2736'.
[  236.491673][T15072] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2736'.
[  236.495000][T15072] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2736'.
[  236.498435][T15072] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2736'.
[  236.502208][T15072] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2736'.
[  236.505911][T15072] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2736'.
[  236.575416][T15077] netlink: 'syz.6.2737': attribute type 2 has an invalid length.
[  236.580549][T15077] netlink: 'syz.6.2737': attribute type 1 has an invalid length.
[  236.583351][T15077] netlink: 'syz.6.2737': attribute type 1 has an invalid length.
[  236.673489][T15082] ALSA: seq fatal error: cannot create timer (-19)
[  236.779309][T15099] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0
[  236.819822][T15095] IPVS: stopping master sync thread 15099 ...
[  237.022860][T15139] program syz.2.2755 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  237.046958][T15143] No buffer was provided with the request
[  237.089039][T15142] netlink: 'syz.6.2756': attribute type 1 has an invalid length.
[  237.114820][T15142] bond5: (slave geneve4): making interface the new active one
[  237.118216][T15142] bond5: (slave geneve4): Enslaving as an active interface with an up link
[  237.121282][   T12] netdevsim netdevsim6 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[  237.124201][   T12] netdevsim netdevsim6 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[  237.144732][   T12] netdevsim netdevsim6 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[  237.150530][   T12] netdevsim netdevsim6 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[  237.332967][T15168] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(3)
[  237.335074][T15168] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  237.335452][T15168] vhci_hcd vhci_hcd.0: Device attached
[  237.344034][T15157] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  237.347794][T15168] vhci_hcd vhci_hcd.0: port 0 already used
[  237.353073][T15169] vhci_hcd: connection closed
[  237.353316][   T46] vhci_hcd vhci_hcd.6: stop threads
[  237.356676][   T46] vhci_hcd vhci_hcd.6: release socket
[  237.358371][   T46] vhci_hcd vhci_hcd.6: disconnect device
[  237.377058][T15177] sg_write: process 598 (syz.1.2763) changed security contexts after opening file descriptor, this is not allowed.
[  237.570947][T15190] fuse: Unknown parameter 'user_؝'
[  237.704055][T15201] syz.2.2772 uses old SIOCAX25GETINFO
[  238.196452][    T9] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  238.200239][T15233] 0�: renamed from hsr0 (while UP)
[  238.203910][T15233] 0�: entered allmulticast mode
[  238.205829][T15233] hsr_slave_0: entered allmulticast mode
[  238.208832][T15233] hsr_slave_1: entered allmulticast mode
[  238.211607][T15233] A link change request failed with some changes committed already. Interface 
70� may have been left with an inconsistent configuration, please check.
[  238.346431][    T9] usb 7-1: Using ep0 maxpacket: 8
[  238.349500][    T9] usb 7-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 127, changing to 10
[  238.353139][    T9] usb 7-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  238.358056][    T9] usb 7-1: config 1 interface 0 has no altsetting 0
[  238.443003][T15241] kAFS: unable to lookup cell '(,c��L'
[  238.748054][T15251] netlink: 'syz.1.2790': attribute type 1 has an invalid length.
[  238.764540][T15251] 8021q: adding VLAN 0 to HW filter on device bond3
[  238.780834][T15251] bond3: (slave geneve2): making interface the new active one
[  238.783976][T15251] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  238.954272][T15260] netlink: 'syz.1.2792': attribute type 1 has an invalid length.
[  238.960039][T15260] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  239.009305][T15265] netlink: 'syz.1.2793': attribute type 10 has an invalid length.
[  239.218078][T15277] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=22 sclass=netlink_tcpdiag_socket pid=15277 comm=syz.6.2797
[  239.314377][T15279] orangefs_devreq_write_iter: total:0: must be at least:8240:
[  239.559121][T15299] MTD: Couldn't look up '/dev/sg0': -15
[  239.561735][T15299] /dev/sg0: Can't lookup blockdev
[  240.371270][   T40] kauditd_printk_skb: 4536 callbacks suppressed
[  240.371282][   T40] audit: type=1400 audit(2000000128.689:53435): avc:  denied  { getopt } for  pid=15328 comm="syz.3.2815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  240.380172][   T40] audit: type=1400 audit(2000000128.689:53436): avc:  denied  { create } for  pid=15328 comm="syz.3.2815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  240.440193][T15332] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  240.442987][T15332] overlayfs: missing 'lowerdir'
[  240.635197][T15340] overlay: ./bus is not a directory
[  240.635277][T15341] .: Can't lookup blockdev
[  240.674220][T15346] FAULT_INJECTION: forcing a failure.
[  240.674220][T15346] name failslab, interval 1, probability 0, space 0, times 0
[  240.679690][T15346] CPU: 2 UID: 0 PID: 15346 Comm: syz.6.2820 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  240.679710][T15346] Tainted: [L]=SOFTLOCKUP
[  240.679714][T15346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  240.679720][T15346] Call Trace:
[  240.679724][T15346]  <TASK>
[  240.679729][T15346]  dump_stack_lvl+0x16c/0x1f0
[  240.679750][T15346]  should_fail_ex+0x512/0x640
[  240.679762][T15346]  ? fs_reclaim_acquire+0xae/0x150
[  240.679779][T15346]  should_failslab+0xc2/0x120
[  240.679800][T15346]  __kmalloc_noprof+0xeb/0x910
[  240.679814][T15346]  ? tomoyo_encode2+0x100/0x3e0
[  240.679834][T15346]  ? tomoyo_encode2+0x100/0x3e0
[  240.679849][T15346]  tomoyo_encode2+0x100/0x3e0
[  240.679867][T15346]  tomoyo_encode+0x29/0x50
[  240.679884][T15346]  tomoyo_realpath_from_path+0x18f/0x6e0
[  240.679904][T15346]  tomoyo_path_number_perm+0x245/0x580
[  240.679918][T15346]  ? tomoyo_path_number_perm+0x237/0x580
[  240.679933][T15346]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  240.679949][T15346]  ? find_held_lock+0x2b/0x80
[  240.679979][T15346]  ? find_held_lock+0x2b/0x80
[  240.679996][T15346]  ? hook_file_ioctl_common+0x144/0x410
[  240.680010][T15346]  ? __fget_files+0x20e/0x3c0
[  240.680029][T15346]  security_file_ioctl+0x9b/0x240
[  240.680046][T15346]  __x64_sys_ioctl+0xb7/0x210
[  240.680061][T15346]  do_syscall_64+0xcd/0xf80
[  240.680079][T15346]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.680090][T15346] RIP: 0033:0x7efd6b38f7c9
[  240.680100][T15346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  240.680111][T15346] RSP: 002b:00007efd6c25b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  240.680122][T15346] RAX: ffffffffffffffda RBX: 00007efd6b5e5fa0 RCX: 00007efd6b38f7c9
[  240.680129][T15346] RDX: 00002000000000c0 RSI: 00000000c058565d RDI: 0000000000000004
[  240.680136][T15346] RBP: 00007efd6c25b090 R08: 0000000000000000 R09: 0000000000000000
[  240.680143][T15346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  240.680149][T15346] R13: 00007efd6b5e6038 R14: 00007efd6b5e5fa0 R15: 00007ffe947fb6a8
[  240.680164][T15346]  </TASK>
[  240.680174][T15346] ERROR: Out of memory at tomoyo_realpath_from_path.
[  240.798751][   T40] audit: type=1400 audit(2000000129.119:53438): avc:  denied  { setopt } for  pid=15351 comm="syz.1.2823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  240.804899][   T40] audit: type=1400 audit(2000000129.119:53437): avc:  denied  { read } for  pid=15351 comm="syz.1.2823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  240.818851][T15354] netlink: 'syz.6.2824': attribute type 1 has an invalid length.
[  240.831758][   T40] audit: type=1400 audit(2000000129.149:53439): avc:  denied  { mounton } for  pid=15359 comm="syz.3.2825" path="/syzcgroup/unified/syz3" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  240.831772][T15360] MTD: Couldn't look up '/dev/sg0': -15
[  240.843004][T15360] /dev/sg0: Can't lookup blockdev
[  240.889023][T15364] netlink: 'syz.1.2827': attribute type 10 has an invalid length.
[  240.891623][T15364] __nla_validate_parse: 62 callbacks suppressed
[  240.891633][T15364] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2827'.
[  240.917895][   T40] audit: type=1400 audit(2000000129.239:53440): avc:  denied  { map } for  pid=15365 comm="syz.6.2828" path="/dev/ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  240.925291][   T40] audit: type=1400 audit(2000000129.239:53441): avc:  denied  { ioctl } for  pid=15365 comm="syz.6.2828" path="socket:[57140]" dev="sockfs" ino=57140 ioctlcmd=0x943c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  240.972212][   T40] audit: type=1400 audit(2000000129.289:53442): avc:  denied  { getopt } for  pid=15371 comm="syz.6.2832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  240.974268][    T9] usb 7-1: string descriptor 0 read error: -71
[  240.982923][    T9] usb 7-1: New USB device found, idVendor=0c70, idProduct=f010, bcdDevice= 0.40
[  240.991370][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.005085][    T9] usb 7-1: can't set config #1, error -71
[  241.007111][T15377] FAULT_INJECTION: forcing a failure.
[  241.007111][T15377] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  241.010431][T15379] netlink: 'syz.2.2834': attribute type 1 has an invalid length.
[  241.013239][T15377] CPU: 2 UID: 0 PID: 15377 Comm: syz.1.2833 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  241.013258][T15377] Tainted: [L]=SOFTLOCKUP
[  241.013261][T15377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  241.013269][T15377] Call Trace:
[  241.013273][T15377]  <TASK>
[  241.013277][T15377]  dump_stack_lvl+0x16c/0x1f0
[  241.013297][T15377]  should_fail_ex+0x512/0x640
[  241.013311][T15377]  _copy_from_user+0x2e/0xd0
[  241.013330][T15377]  video_usercopy+0xee2/0x16c0
[  241.013347][T15377]  ? __pfx___video_do_ioctl+0x10/0x10
[  241.013360][T15377]  ? selinux_kernel_read_file+0xd0/0x120
[  241.013377][T15377]  ? __pfx_video_usercopy+0x10/0x10
[  241.013401][T15377]  v4l2_ioctl+0x1bd/0x250
[  241.013414][T15377]  ? __pfx_v4l2_ioctl+0x10/0x10
[  241.013428][T15377]  __x64_sys_ioctl+0x18e/0x210
[  241.013444][T15377]  do_syscall_64+0xcd/0xf80
[  241.013462][T15377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.013473][T15377] RIP: 0033:0x7fae60b8f7c9
[  241.013482][T15377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  241.013493][T15377] RSP: 002b:00007fae61a86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  241.013504][T15377] RAX: ffffffffffffffda RBX: 00007fae60de5fa0 RCX: 00007fae60b8f7c9
[  241.013511][T15377] RDX: 00002000000000c0 RSI: 00000000c058565d RDI: 0000000000000004
[  241.013517][T15377] RBP: 00007fae61a86090 R08: 0000000000000000 R09: 0000000000000000
[  241.013523][T15377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  241.013529][T15377] R13: 00007fae60de6038 R14: 00007fae60de5fa0 R15: 00007fff484929d8
[  241.013544][T15377]  </TASK>
[  241.016025][    T9] usb 7-1: USB disconnect, device number 14
[  241.046178][T15382] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2835'.
[  241.098567][T15386] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2836'.
[  241.130416][T15380] 8021q: adding VLAN 0 to HW filter on device bond2
[  241.135556][T15380] bond1: (slave bond2): making interface the new active one
[  241.138282][T15380] bond1: (slave bond2): Enslaving as an active interface with an up link
[  241.163887][T15379] bond1: (slave gretap1): Enslaving as a backup interface with an up link
[  241.204995][T15400] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2840'.
[  241.218409][T15400] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2840'.
[  241.239498][T15406] input: syz0 as /devices/virtual/input/input27
[  241.267484][T15407] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2841'.
[  241.537924][   T40] audit: type=1400 audit(2000000129.859:53443): avc:  denied  { compute_member } for  pid=15409 comm="syz.1.2842" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  241.649083][T15418] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2843'.
[  241.689288][T15422] openvswitch: netlink: Unknown key attributes 2
[  241.729592][T15427] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2847'.
[  241.759280][T15430] syz.2.2848 (15430): /proc/15429/oom_adj is deprecated, please use /proc/15429/oom_score_adj instead.
[  241.803446][T15432] can: request_module (can-proto-0) failed.
[  241.824210][   T40] audit: type=1400 audit(2000000130.139:53444): avc:  denied  { create } for  pid=15437 comm="syz.6.2851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  241.925304][T15446] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  242.003880][T15452] tmpfs: Cannot enable quota on remount
[  242.072470][T15457] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2306 sclass=netlink_route_socket pid=15457 comm=syz.6.2860
[  242.544995][T15503] libceph: resolve '�@��e2��OAq���cz' (ret=-3): failed

syzkaller
syzkaller login: [  242.713250][T15519] batadv_slave_0: entered promiscuous mode
[  242.715470][T15519] batadv_slave_0: entered allmulticast mode
[  242.758953][T15524] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  242.937546][T15535] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
[  242.960835][T15539] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2885'.
[  242.963841][T15538] usb usb8: usbfs: process 15538 (syz.1.2884) did not claim interface 0 before use
[  242.964121][T15539] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2885'.
[  243.033157][T15543] nbd: must specify a size in bytes for the device
[  243.168958][T15551] bridge0: port 3(veth0_to_bridge) entered blocking state
[  243.171479][T15551] bridge0: port 3(veth0_to_bridge) entered disabled state
[  243.173931][T15551] veth0_to_bridge: entered allmulticast mode
[  243.179331][T15551] veth0_to_bridge: entered promiscuous mode
[  243.182535][T15551] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  243.191773][T15551] bridge0: port 3(veth0_to_bridge) entered blocking state
[  243.194168][T15551] bridge0: port 3(veth0_to_bridge) entered forwarding state
[  243.281367][T15553] netlink: 'syz.3.2889': attribute type 2 has an invalid length.
[  243.690600][T15579] loop4: detected capacity change from 0 to 7
[  243.700089][T15579]  loop4: [CUMANA/ADFS] p1 [ADFS] p1
[  243.702409][T15579] loop4: partition table partially beyond EOD, truncated
[  243.705647][T15579] loop4: p1 size 2989602745 extends beyond EOD, truncated
[  243.758309][T13941] udevd[13941]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  244.126185][T15625] 0�: renamed from hsr0 (while UP)
[  244.129572][T15625] 0�: entered allmulticast mode
[  244.131175][T15625] hsr_slave_0: entered allmulticast mode
[  244.132950][T15625] hsr_slave_1: entered allmulticast mode
[  244.135752][T15625] A link change request failed with some changes committed already. Interface 
70� may have been left with an inconsistent configuration, please check.
[  244.142223][T15625] xt_nat: multiple ranges no longer supported
[  244.198274][T15638] program syz.2.2912 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  244.581894][T15660] netlink: 'syz.3.2919': attribute type 4 has an invalid length.
[  244.866056][T15676] rdma_op ffff8880567ea1f0 conn xmit_rdma 0000000000000000
[  244.866124][T15677] rdma_op ffff888056b3c1f0 conn xmit_rdma 0000000000000000
[  245.029345][T15690] openvswitch: netlink: Flow actions attr not present in new flow.
[  245.195865][T15700] xt_l2tp: invalid flags combination: 8
[  245.376513][T15714] FAULT_INJECTION: forcing a failure.
[  245.376513][T15714] name failslab, interval 1, probability 0, space 0, times 0
[  245.382210][T15714] CPU: 2 UID: 0 PID: 15714 Comm: syz.6.2936 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  245.382241][T15714] Tainted: [L]=SOFTLOCKUP
[  245.382248][T15714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  245.382258][T15714] Call Trace:
[  245.382265][T15714]  <TASK>
[  245.382272][T15714]  dump_stack_lvl+0x16c/0x1f0
[  245.382303][T15714]  should_fail_ex+0x512/0x640
[  245.382321][T15714]  ? fs_reclaim_acquire+0xae/0x150
[  245.382350][T15714]  should_failslab+0xc2/0x120
[  245.382376][T15714]  __kmalloc_noprof+0xeb/0x910
[  245.382394][T15714]  ? tomoyo_encode2+0x100/0x3e0
[  245.382424][T15714]  ? tomoyo_encode2+0x100/0x3e0
[  245.382448][T15714]  tomoyo_encode2+0x100/0x3e0
[  245.382476][T15714]  tomoyo_encode+0x29/0x50
[  245.382500][T15714]  tomoyo_realpath_from_path+0x18f/0x6e0
[  245.382535][T15714]  tomoyo_path_number_perm+0x245/0x580
[  245.382558][T15714]  ? tomoyo_path_number_perm+0x237/0x580
[  245.382584][T15714]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  245.382609][T15714]  ? find_held_lock+0x2b/0x80
[  245.382662][T15714]  ? find_held_lock+0x2b/0x80
[  245.382689][T15714]  ? hook_file_ioctl_common+0x144/0x410
[  245.382713][T15714]  ? __fget_files+0x20e/0x3c0
[  245.382743][T15714]  security_file_ioctl+0x9b/0x240
[  245.382771][T15714]  __x64_sys_ioctl+0xb7/0x210
[  245.382796][T15714]  do_syscall_64+0xcd/0xf80
[  245.382824][T15714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.382842][T15714] RIP: 0033:0x7efd6b38f7c9
[  245.382858][T15714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.382876][T15714] RSP: 002b:00007efd6c25b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  245.382893][T15714] RAX: ffffffffffffffda RBX: 00007efd6b5e5fa0 RCX: 00007efd6b38f7c9
[  245.382905][T15714] RDX: 0000200000000080 RSI: 000000008010640b RDI: 0000000000000003
[  245.382917][T15714] RBP: 00007efd6c25b090 R08: 0000000000000000 R09: 0000000000000000
[  245.382928][T15714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  245.382938][T15714] R13: 00007efd6b5e6038 R14: 00007efd6b5e5fa0 R15: 00007ffe947fb6a8
[  245.382964][T15714]  </TASK>
[  245.382983][T15714] ERROR: Out of memory at tomoyo_realpath_from_path.
[  245.417979][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  245.470300][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  245.474998][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  245.479046][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  245.482855][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  245.488160][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  245.493190][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  245.498443][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  245.536492][T15734] netlink: 'syz.2.2941': attribute type 1 has an invalid length.
[  245.539760][T15734] netlink: 'syz.2.2941': attribute type 1 has an invalid length.
[  245.548170][T15739] tipc: Enabled bearer <eth:team0>, priority 0
[  245.549144][T15736] tmpfs: Bad value for 'mpol'
[  245.724695][T15757] SET target dimension over the limit!
[  245.936503][T15771] comedi: valid board names for 8255 driver are:
[  245.939610][T15771]  8255
[  245.942683][T15771] comedi: valid board names for vmk80xx driver are:
[  245.945568][T15771]  vmk80xx
[  245.947030][T15771] comedi: valid board names for usbduxsigma driver are:
[  245.949950][T15771]  usbduxsigma
[  245.951513][T15771] comedi: valid board names for usbduxfast driver are:
[  245.954405][T15771]  usbduxfast
[  245.955849][T15771] comedi: valid board names for usbdux driver are:
[  245.959501][T15771]  usbdux
[  245.960591][T15771] comedi: valid board names for ni6501 driver are:
[  245.963444][T15771]  ni6501
[  245.964492][T15771] comedi: valid board names for dt9812 driver are:
[  245.976532][T15771]  dt9812
[  245.977900][T15771] comedi: valid board names for ni_labpc_cs driver are:
[  245.980412][T15771]  ni_labpc_cs
[  245.993621][T15773] __nla_validate_parse: 11 callbacks suppressed
[  245.993640][T15773] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2952'.
[  245.997140][T15771] comedi: valid board names for ni_daq_700 driver are:
[  246.026279][T15771]  ni_daq_700
[  246.027717][T15771] comedi: valid board names for labpc_pci driver are:
[  246.030297][T15771]  labpc_pci
[  246.031634][T15771] comedi: valid board names for adl_pci9118 driver are:
[  246.034411][T15771]  pci9118dg
[  246.035783][T15771]  pci9118hg
[  246.038304][T15771]  pci9118hr
[  246.039766][T15771] comedi: valid board names for 8255_pci driver are:
[  246.041866][T15771]  8255_pci
[  246.042859][T15771] comedi: valid board names for s526 driver are:
[  246.045016][T15771]  s526
[  246.056528][T15771] comedi: valid board names for multiq3 driver are:
[  246.059241][T15771]  multiq3
[  246.060529][T15771] comedi: valid board names for pcmuio driver are:
[  246.063271][T15771]  pcmuio48
[  246.064623][T15771]  pcmuio96
[  246.065911][T15771] comedi: valid board names for pcmmio driver are:
[  246.068633][T15771]  pcmmio
[  246.069815][T15771] comedi: valid board names for pcmda12 driver are:
[  246.072457][T15771]  pcmda12
[  246.073734][T15771] comedi: valid board names for pcmad driver are:
[  246.081403][T15771]  pcmad12
[  246.082702][T15771]  pcmad16
[  246.083962][T15771] comedi: valid board names for ni_labpc driver are:
[  246.086186][T15771]  lab-pc-1200
[  246.099052][T15771]  lab-pc-1200ai
[  246.100711][T15771]  lab-pc+
[  246.101775][T15771] comedi: valid board names for atmio16 driver are:
[  246.104524][T15771]  atmio16
[  246.105777][T15771]  atmio16d
[  246.109409][T15771] comedi: valid board names for ni_at_ao driver are:
[  246.111621][T15771]  at-ao-6
[  246.112887][T15771]  at-ao-10
[  246.114188][T15771] comedi: valid board names for ni_at_a2150 driver are:
[  246.117114][T15771]  ni_at_a2150
[  246.118532][T15771] comedi: valid board names for adq12b driver are:
[  246.121364][T15771]  adq12b
[  246.122700][T15771] comedi: valid board names for mpc624 driver are:
[  246.125402][T15771]  mpc624
[  246.126725][T15771] comedi: valid board names for c6xdigio driver are:
[  246.129373][T15771]  c6xdigio
[  246.130682][T15771] comedi: valid board names for aio_iiro_16 driver are:
[  246.133484][T15771]  aio_iiro_16
[  246.134902][T15771] comedi: valid board names for aio_aio12_8 driver are:
[  246.141436][T15771]  aio_aio12_8
[  246.142909][T15771]  aio_ai12_8
[  246.144300][T15771]  aio_ao12_4
[  246.145668][T15771] comedi: valid board names for fl512 driver are:
[  246.149228][T15771]  fl512
[  246.150397][T15771] comedi: valid board names for dmm32at driver are:
[  246.153801][T15771]  dmm32at
[  246.157685][T15771] comedi: valid board names for dt282x driver are:
[  246.160521][T15771]  dt2821
[  246.161781][T15771]  dt2821-f
[  246.166337][T15771]  dt2821-g
[  246.167606][T15771]  dt2823
[  246.168577][T15771]  dt2824-pgh
[  246.169757][T15771]  dt2824-pgl
[  246.174661][T15771]  dt2825
[  246.175866][T15771]  dt2827
[  246.177677][T15771]  dt2828
[  246.178890][T15771]  dt2829
[  246.188590][T15771]  dt21-ez
[  246.189898][T15771]  dt23-ez
[  246.191060][T15771]  dt24-ez
[  246.192070][T15771]  dt24-ez-pgl
[  246.193243][T15771] comedi: valid board names for dt2817 driver are:
[  246.195576][T15771]  dt2817
[  246.199407][T15771] comedi: valid board names for dt2815 driver are:
[  246.201697][T15771]  dt2815
[  246.202725][T15771] comedi: valid board names for dt2814 driver are:
[  246.204931][T15771]  dt2814
[  246.205945][T15771] comedi: valid board names for dt2811 driver are:
[  246.209605][T15771]  dt2811-pgh
[  246.210893][T15771]  dt2811-pgl
[  246.212270][T15771] comedi: valid board names for dt2801 driver are:
[  246.214471][T15771]  dt2801
[  246.215546][T15771] comedi: valid board names for das6402 driver are:
[  246.227663][T15771]  das6402-12
[  246.228994][T15771]  das6402-16
[  246.230323][T15771] comedi: valid board names for das1800 driver are:
[  246.232608][T15771]  das-1701st
[  246.233788][T15771]  das-1701st-da
[  246.235316][T15771]  das-1702st
[  246.240866][T15771]  das-1702st-da
[  246.242373][T15771]  das-1702hr
[  246.243579][T15771]  das-1702hr-da
[  246.245062][T15771]  das-1701ao
[  246.246962][T15771]  das-1702ao
[  246.248399][T15771]  das-1801st
[  246.249620][T15771]  das-1801st-da
[  246.250862][T15771]  das-1802st
[  246.252323][T15771]  das-1802st-da
[  246.253587][T15771]  das-1802hr
[  246.254713][T15771]  das-1802hr-da
[  246.255951][T15771]  das-1801hc
[  246.259860][T15771]  das-1802hc
[  246.261077][T15771]  das-1801ao
[  246.262244][T15771]  das-1802ao
[  246.263610][T15771] comedi: valid board names for das800 driver are:
[  246.265801][T15771]  das-800
[  246.267255][T15771]  cio-das800
[  246.268940][T15771]  das-801
[  246.269960][T15771]  cio-das801
[  246.271142][T15771]  das-802
[  246.272895][T15771]  cio-das802
[  246.274269][T15771]  cio-das802/16
[  246.275987][T15771] comedi: valid board names for isa-das08 driver are:
[  246.279747][T15771]  isa-das08
[  246.280912][T15771]  das08-pgm
[  246.282031][T15771]  das08-pgh
[  246.283284][T15771]  das08-pgl
[  246.284757][T15771]  das08-aoh
[  246.285892][T15771]  das08-aol
[  246.289396][T15771]  das08-aom
[  246.290588][T15771]  das08/jr-ao
[  246.291789][T15771]  das08jr-16-ao
[  246.292999][T15771]  pc104-das08
[  246.294339][T15771]  das08jr/16
[  246.296031][T15771] comedi: valid board names for das16m1 driver are:
[  246.301774][T15771]  das16m1
[  246.303299][T15771] comedi: valid board names for dac02 driver are:
[  246.307046][T15771]  dac02
[  246.308445][T15771] comedi: valid board names for rti802 driver are:
[  246.311504][T15771]  rti802
[  246.312931][T15771] comedi: valid board names for rti800 driver are:
[  246.315950][T15771]  rti800
[  246.319784][T15771]  rti815
[  246.321062][T15771] comedi: valid board names for pcm3724 driver are:
[  246.323676][T15771]  pcm3724
[  246.324930][T15771] comedi: valid board names for pcl818 driver are:
[  246.328184][T15771]  pcl818l
[  246.329299][T15771]  pcl818h
[  246.330679][T15771]  pcl818hd
[  246.331999][T15771]  pcl818hg
[  246.333273][T15771]  pcl818
[  246.334493][T15771]  pcl718
[  246.335682][T15771]  pcm3718
[  246.337047][T15771] comedi: valid board names for pcl816 driver are:
[  246.339749][T15771]  pcl816
[  246.340962][T15771]  pcl814b
[  246.342219][T15771] comedi: valid board names for pcl812 driver are:
[  246.344866][T15771]  pcl812
[  246.346124][T15771]  pcl812pg
[  246.350119][T15771]  acl8112pg
[  246.351542][T15771]  acl8112dg
[  246.352889][T15771]  acl8112hg
[  246.354393][T15771]  a821pgl
[  246.355724][T15771]  a821pglnda
[  246.355733][T15771]  a821pgh
[  246.355739][T15771]  a822pgl
[  246.355744][T15771]  a822pgh
[  246.355750][T15771]  a823pgl
[  246.355756][T15771]  a823pgh
[  246.355763][T15771]  pcl813
[  246.355768][T15771]  pcl813b
[  246.355774][T15771]  acl8113
[  246.355780][T15771]  iso813
[  246.378768][T15771]  acl8216
[  246.380176][T15771]  a826pg
[  246.381443][T15771] comedi: valid board names for pcl730 driver are:
[  246.384286][T15771]  pcl730
[  246.385524][T15771]  iso730
[  246.396282][T15771]  acl7130
[  246.397603][T15771]  pcm3730
[  246.406449][T15771]  pcl725
[  246.407602][T15771]  p8r8dio
[  246.408618][T15771]  acl7225b
[  246.409632][T15771]  p16r16dio
[  246.410671][T15771]  pcl733
[  246.411656][T15771]  pcl734
[  246.412658][T15771]  opmm-1616-xt
[  246.413860][T15771]  pearl-mm-p
[  246.422146][T15771]  ir104-pbf
[  246.423267][T15771] comedi: valid board names for pcl726 driver are:
[  246.430552][T15771]  pcl726
[  246.431653][T15771]  pcl727
[  246.432704][T15771]  pcl728
[  246.433675][T15771]  acl6126
[  246.434748][T15771]  acl6128
[  246.435724][T15771] comedi: valid board names for pcl724 driver are:
[  246.441087][T15771]  pcl724
[  246.442080][T15771]  pcl722
[  246.443036][T15771]  pcl731
[  246.444036][T15771]  acl7122
[  246.445072][T15771]  acl7124
[  246.446131][T15771]  pet48dio
[  246.447573][T15771]  pcmio48
[  246.448577][T15771]  onyx-mm-dio
[  246.456401][T15771] comedi: valid board names for pcl711 driver are:
[  246.458443][T15771]  pcl711
[  246.459431][T15771]  pcl711b
[  246.460509][T15771]  acl8112hg
[  246.461579][T15771]  acl8112dg
[  246.462675][T15771] comedi: valid board names for amplc_pc263 driver are:
[  246.464907][T15771]  pc263
[  246.465847][T15771] comedi: valid board names for amplc_pc236 driver are:
[  246.470861][T15771]  pc36at
[  246.471859][T15771] comedi: valid board names for amplc_dio200 driver are:
[  246.474119][T15771]  pc212e
[  246.475197][T15771]  pc214e
[  246.476153][T15771]  pc215e
[  246.477760][T15771]  pc218e
[  246.478769][T15771]  pc272e
[  246.479715][T15771] comedi: valid board names for comedi_parport driver are:
[  246.481921][T15771]  comedi_parport
[  246.483049][T15771] comedi: valid board names for comedi_test driver are:
[  246.485315][T15771]  comedi_test
[  246.486539][T15771] comedi: valid board names for comedi_bond driver are:
[  246.488669][T15771]  comedi_bond
[  246.540461][ T6023] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  246.707319][ T6023] usb 8-1: too many configurations: 144, using maximum allowed: 8
[  246.712139][ T6023] usb 8-1: unable to read config index 0 descriptor/start: -61
[  246.715376][ T6023] usb 8-1: can't read configurations, error -61
[  246.756860][   T40] kauditd_printk_skb: 32 callbacks suppressed
[  246.756879][   T40] audit: type=1400 audit(2000000002.620:53477): avc:  denied  { bind } for  pid=15810 comm="syz.2.2963" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  246.769672][T15811] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2963'.
[  246.856934][ T6023] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  246.867327][   T40] audit: type=1400 audit(2000000002.740:53478): avc:  denied  { append } for  pid=15812 comm="syz.1.2964" name="001" dev="devtmpfs" ino=767 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  247.008086][ T6023] usb 8-1: too many configurations: 144, using maximum allowed: 8
[  247.013839][ T6023] usb 8-1: unable to read config index 0 descriptor/start: -61
[  247.016565][ T6023] usb 8-1: can't read configurations, error -61
[  247.020198][ T6023] usb usb8-port1: attempt power cycle
[  247.039078][T15815] binder: 15814:15815 ioctl c0306201 200000000040 returned -22
[  247.170524][T15827] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2968'.
[  247.366334][ T6023] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  247.387828][ T6023] usb 8-1: too many configurations: 144, using maximum allowed: 8
[  247.392944][ T6023] usb 8-1: unable to read config index 0 descriptor/start: -61
[  247.396138][ T6023] usb 8-1: can't read configurations, error -61
[  247.526315][ T6023] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  247.547487][ T6023] usb 8-1: too many configurations: 144, using maximum allowed: 8
[  247.551597][ T6023] usb 8-1: unable to read config index 0 descriptor/start: -61
[  247.554434][ T6023] usb 8-1: can't read configurations, error -61
[  247.558534][ T6023] usb usb8-port1: unable to enumerate USB device
[  247.725117][T15842] binder: 15841:15842 unknown command 0
[  247.727768][T15842] binder: 15841:15842 ioctl c0306201 200000000080 returned -22
[  247.825696][   T40] audit: type=1400 audit(2000000003.690:53479): avc:  denied  { wake_alarm } for  pid=15846 comm="syz.1.2975" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  248.031931][T15854] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=15854 comm=syz.2.2976
[  248.301965][   T40] audit: type=1400 audit(2000000004.170:53480): avc:  denied  { append } for  pid=15867 comm="syz.2.2980" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  248.309655][T15868] input: syz1 as /devices/virtual/input/input28
[  248.319821][   T40] audit: type=1400 audit(2000000004.190:53481): avc:  denied  { map } for  pid=15867 comm="syz.2.2980" path="socket:[62062]" dev="sockfs" ino=62062 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  248.329907][   T40] audit: type=1400 audit(2000000004.190:53482): avc:  denied  { read } for  pid=15867 comm="syz.2.2980" path="socket:[62062]" dev="sockfs" ino=62062 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  248.527748][T15878] FAULT_INJECTION: forcing a failure.
[  248.527748][T15878] name failslab, interval 1, probability 0, space 0, times 0
[  248.532024][T15878] CPU: 3 UID: 0 PID: 15878 Comm: syz.2.2984 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  248.532042][T15878] Tainted: [L]=SOFTLOCKUP
[  248.532045][T15878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  248.532052][T15878] Call Trace:
[  248.532057][T15878]  <TASK>
[  248.532061][T15878]  dump_stack_lvl+0x16c/0x1f0
[  248.532081][T15878]  should_fail_ex+0x512/0x640
[  248.532092][T15878]  ? __kmalloc_noprof+0xca/0x910
[  248.532105][T15878]  should_failslab+0xc2/0x120
[  248.532120][T15878]  __kmalloc_noprof+0xeb/0x910
[  248.532129][T15878]  ? find_held_lock+0x2b/0x80
[  248.532147][T15878]  ? do_insnlist_ioctl+0x15f/0x750
[  248.532166][T15878]  ? do_insnlist_ioctl+0x15f/0x750
[  248.532180][T15878]  do_insnlist_ioctl+0x15f/0x750
[  248.532196][T15878]  ? _copy_from_user+0x59/0xd0
[  248.532217][T15878]  comedi_unlocked_ioctl+0x1793/0x2eb0
[  248.532238][T15878]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  248.532259][T15878]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  248.532274][T15878]  ? do_vfs_ioctl+0x128/0x14f0
[  248.532287][T15878]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  248.532300][T15878]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  248.532322][T15878]  ? hook_file_ioctl_common+0x144/0x410
[  248.532337][T15878]  ? selinux_file_ioctl+0x180/0x270
[  248.532429][T15878]  ? selinux_file_ioctl+0xb4/0x270
[  248.532448][T15878]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  248.532466][T15878]  __x64_sys_ioctl+0x18e/0x210
[  248.532481][T15878]  do_syscall_64+0xcd/0xf80
[  248.532498][T15878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.532510][T15878] RIP: 0033:0x7fca7c18f7c9
[  248.532520][T15878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  248.532530][T15878] RSP: 002b:00007fca7d07a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  248.532542][T15878] RAX: ffffffffffffffda RBX: 00007fca7c3e5fa0 RCX: 00007fca7c18f7c9
[  248.532549][T15878] RDX: 0000200000000080 RSI: 000000008010640b RDI: 0000000000000003
[  248.532556][T15878] RBP: 00007fca7d07a090 R08: 0000000000000000 R09: 0000000000000000
[  248.532563][T15878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  248.532569][T15878] R13: 00007fca7c3e6038 R14: 00007fca7c3e5fa0 R15: 00007fff299d4d18
[  248.532584][T15878]  </TASK>
[  248.553716][   T40] audit: type=1326 audit(2000000004.420:53483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15879 comm="syz.6.2985" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd6b38f7c9 code=0x7ffc0000
[  248.629044][   T40] audit: type=1326 audit(2000000004.450:53484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15879 comm="syz.6.2985" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd6b38f7c9 code=0x7ffc0000
[  248.638419][   T40] audit: type=1326 audit(2000000004.450:53485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15879 comm="syz.6.2985" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd6b38f7c9 code=0x7ffc0000
[  248.648305][   T40] audit: type=1326 audit(2000000004.450:53486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15879 comm="syz.6.2985" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd6b38f7c9 code=0x7ffc0000
[  248.680543][T15880] XFS (nbd6): SB validate failed with error -5.
[  248.715003][T15895] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2988'.
[  248.735522][T15895] netlink: 'syz.1.2988': attribute type 1 has an invalid length.
[  248.740218][T15895] netlink: 14436 bytes leftover after parsing attributes in process `syz.1.2988'.
[  248.904984][T15916] nbd: couldn't find device at index -2144010236
[  248.907739][T15917] nbd: couldn't find device at index -2144010236
[  248.948728][T15918] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2995'.
[  249.136573][    C0] net_ratelimit: 22068 callbacks suppressed
[  249.136585][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  249.142300][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  249.146259][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  249.150043][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  249.153809][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  249.157761][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  249.161607][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  249.164546][T15927] PID 15927 killed due to inadequate hugepage pool
[  249.165400][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  249.166400][T15932] lo: Caught tx_queue_len zero misconfig
[  249.166420][T15932] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  249.181955][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  249.186865][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  249.229100][T15936] syzkaller0: entered promiscuous mode
[  249.231714][T15936] syzkaller0: entered allmulticast mode
[  249.260399][T15936] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  249.318036][T15943] tipc: Resetting bearer <eth:syzkaller0>
[  249.378214][T15943] tipc: Disabling bearer <eth:syzkaller0>
[  249.518914][T15958] CIFS mount error: No usable UNC path provided in device string!
[  249.518914][T15958] 
[  249.523258][T15958] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  249.550746][T15958] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3006'.
[  249.554599][T15958] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3006'.
[  249.561119][T15965] CIFS mount error: No usable UNC path provided in device string!
[  249.561119][T15965] 
[  249.566109][T15965] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  249.726429][T13297] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[  249.878192][T13297] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  249.882670][T13297] usb 7-1: config 0 interface 0 has no altsetting 0
[  249.889542][T13297] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  249.893072][T13297] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  249.906473][T13297] usb 7-1: Product: syz
[  249.908137][T13297] usb 7-1: Manufacturer: syz
[  249.909927][T13297] usb 7-1: SerialNumber: syz
[  249.914068][T13297] usb 7-1: config 0 descriptor??
[  249.933057][T13297] usb 7-1: selecting invalid altsetting 0
[  250.149339][ T6023] usb 7-1: USB disconnect, device number 15
[  250.349884][T15982] binder: 15981:15982 ioctl c0306201 200000000040 returned -22
[  250.523698][ T5942] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  250.534158][ T5942] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  250.545837][ T5942] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  250.549864][ T5942] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  250.553600][ T5942] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  250.590426][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  250.594930][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  250.599338][ T5949] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  250.602862][ T5949] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  250.607294][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  250.707423][T15993] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3016'.
[  250.768695][T15993] 
: renamed from bond0
[  250.907842][T15987] chnl_net:caif_netlink_parms(): no params data found
[  250.975519][T15987] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.978038][T15987] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.980493][T15987] bridge_slave_0: entered allmulticast mode
[  250.983219][T15987] bridge_slave_0: entered promiscuous mode
[  250.986814][T15987] bridge0: port 2(bridge_slave_1) entered blocking state
[  250.989203][T15987] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.991732][T15987] bridge_slave_1: entered allmulticast mode
[  250.994464][T15987] bridge_slave_1: entered promiscuous mode
[  251.012268][T15987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  251.017536][T15987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  251.036688][T15987] team0: Port device team_slave_0 added
[  251.041221][T15987] team0: Port device team_slave_1 added
[  251.056008][T15987] batman_adv: batadv0: Adding interface: batadv_slave_0
[  251.058335][T15987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  251.066435][T15987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  251.086432][T13297] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  251.098076][T15987] batman_adv: batadv0: Adding interface: batadv_slave_1
[  251.100425][T15987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  251.108562][T15987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  251.132519][T15987] hsr_slave_0: entered promiscuous mode
[  251.134845][T15987] hsr_slave_1: entered promiscuous mode
[  251.137279][T15987] debugfs: 'hsr0' already exists in 'hsr'
[  251.139117][T15987] Cannot create hsr debugfs directory
[  251.228703][T15987] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  251.232873][T15987] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.238575][T13297] usb 7-1: config index 0 descriptor too short (expected 39, got 27)
[  251.241278][T13297] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  251.244438][T13297] usb 7-1: config 0 interface 0 has no altsetting 0
[  251.250083][T13297] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  251.253077][T13297] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  251.256075][T13297] usb 7-1: Product: syz
[  251.258142][T13297] usb 7-1: Manufacturer: syz
[  251.260050][T13297] usb 7-1: SerialNumber: syz
[  251.264415][T13297] usb 7-1: config 0 descriptor??
[  251.270579][T13297] hub 7-1:0.0: bad descriptor, ignoring hub
[  251.273106][T13297] hub 7-1:0.0: probe with driver hub failed with error -5
[  251.278838][T13297] usb 7-1: selecting invalid altsetting 0
[  251.363735][T15987] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  251.367932][T15987] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.426376][ T6023] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  251.456540][T15987] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  251.460111][T15987] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.561200][T15987] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  251.565555][T15987] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.576338][ T6023] usb 6-1: Using ep0 maxpacket: 8
[  251.581980][ T6023] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  251.586582][ T6023] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  251.590773][ T6023] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  251.594996][ T6023] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  251.600169][ T6023] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  251.603927][ T6023] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  251.616446][T16017] usb 7-1: reset high-speed USB device number 16 using dummy_hcd
[  251.620630][T16017] usb 7-1: device reset changed ep0 maxpacket size!
[  251.628466][T13297] usb 7-1: USB disconnect, device number 16
[  251.675276][T16017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  251.685636][T16017] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  251.776315][T13297] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  251.811753][T15987] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  251.812530][ T6023] usb 6-1: GET_CAPABILITIES returned 0
[  251.826299][ T6023] usbtmc 6-1:16.0: can't read capabilities
[  251.829187][T15987] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  251.838960][T15987] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  251.849717][T15987] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  251.926323][T13297] usb 7-1: Using ep0 maxpacket: 8
[  251.940476][T13297] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  251.944412][T13297] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  251.949672][T13297] usb 7-1: config 1 has no interface number 1
[  251.952343][T13297] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  251.953335][T15987] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.959915][T13297] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  251.962774][T13297] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.965377][T13297] usb 7-1: Product: ࠝ
[  251.967364][T13297] usb 7-1: Manufacturer: ⼳ꢶ睘ꎴⵤ裇ꍒॵ삢ꡧⱳ瘻⿐ᘅ䦩ꫫ䟲揨↥Ꙧ༗阺ᥒ렼ゴ鑼ஷ珐⺴ℍ叞ᅊ厳ầꍌ雷밸뇦᱾譊焛읲ᘍ̧毤⿲欧እ葫娾⹜싴뚁㩎㌲퉥뫙鍫
[  251.975010][T13297] usb 7-1: SerialNumber: syz
[  251.996824][T15987] 8021q: adding VLAN 0 to HW filter on device team0
[  252.004396][T15717] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.006776][T15717] bridge0: port 1(bridge_slave_0) entered forwarding state
[  252.014563][    C2] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  252.023035][ T6004] usb 6-1: USB disconnect, device number 13
[  252.038243][ T1260] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.040566][ T1260] bridge0: port 2(bridge_slave_1) entered forwarding state
[  252.190506][T13297] usb 7-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  252.207872][T13297] usb 7-1: USB disconnect, device number 17
[  252.296522][T15987] 8021q: adding VLAN 0 to HW filter on device batadv0
[  252.323924][T15987] veth0_vlan: entered promiscuous mode
[  252.332312][T15987] veth1_vlan: entered promiscuous mode
[  252.346930][T15987] veth0_macvtap: entered promiscuous mode
[  252.362862][T15987] veth1_macvtap: entered promiscuous mode
[  252.373403][T15987] batman_adv: batadv0: Interface activated: batadv_slave_0
[  252.378693][T15987] batman_adv: batadv0: Interface activated: batadv_slave_1
[  252.436486][ T1260] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  252.443479][ T1260] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  252.457590][  T171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  252.462338][  T171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  252.474669][   T40] kauditd_printk_skb: 95 callbacks suppressed
[  252.474681][   T40] audit: type=1400 audit(2000000008.339:53582): avc:  denied  { mounton } for  pid=15987 comm="syz-executor" path="/syzkaller.G52vh6/syz-tmp" dev="sda1" ino=2043 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  252.484875][   T40] audit: type=1400 audit(2000000008.349:53583): avc:  denied  { mounton } for  pid=15987 comm="syz-executor" path="/syzkaller.G52vh6/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  252.493210][   T40] audit: type=1400 audit(2000000008.349:53584): avc:  denied  { mounton } for  pid=15987 comm="syz-executor" path="/syzkaller.G52vh6/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=65051 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  252.503711][   T40] audit: type=1400 audit(2000000008.359:53585): avc:  denied  { mounton } for  pid=15987 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  252.616358][ T5942] Bluetooth: hci3: command tx timeout
[  252.736395][T16044] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3023'.
[  253.776083][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  253.779155][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  253.796281][T16054] netlink: 'syz.1.3025': attribute type 4 has an invalid length.
[  253.800178][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  253.806931][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  253.896564][T16059] netlink: 'syz.2.3027': attribute type 10 has an invalid length.
[  253.900391][T16059] mac80211_hwsim hwsim32 wlan1: entered allmulticast mode
[  253.909130][T16059] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  253.912506][T16059] netlink: 'syz.2.3027': attribute type 10 has an invalid length.
[  253.959296][T16059] netlink: 'syz.2.3027': attribute type 10 has an invalid length.
[  253.966024][T16059] netlink: 'syz.2.3027': attribute type 10 has an invalid length.
[  253.989319][T16059] netlink: 'syz.2.3027': attribute type 10 has an invalid length.
[  253.992850][T16059] netlink: 'syz.2.3027': attribute type 10 has an invalid length.
[  253.999473][T16059] netlink: 'syz.2.3027': attribute type 10 has an invalid length.
[  254.002510][T16059] netlink: 'syz.2.3027': attribute type 10 has an invalid length.
[  254.005152][T16059] netlink: 'syz.2.3027': attribute type 10 has an invalid length.
[  254.009799][T16066] IPv6: Can't replace route, no match found
[  254.077679][   T40] audit: type=1400 audit(2000000009.949:53586): avc:  denied  { map } for  pid=16069 comm="syz.2.3032" path="socket:[65237]" dev="sockfs" ino=65237 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  254.096681][   T40] audit: type=1400 audit(2000000009.949:53587): avc:  denied  { map } for  pid=16069 comm="syz.2.3032" path="socket:[65237]" dev="sockfs" ino=65237 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  254.106161][   T40] audit: type=1400 audit(2000000009.949:53588): avc:  denied  { read } for  pid=16069 comm="syz.2.3032" path="socket:[65237]" dev="sockfs" ino=65237 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  254.146349][    C0] net_ratelimit: 24434 callbacks suppressed
[  254.146365][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  254.153500][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  254.158427][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  254.163310][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  254.168098][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  254.171975][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  254.176291][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  254.181156][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  254.186036][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  254.190980][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  254.385175][T16080] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3037'.
[  254.696485][ T5942] Bluetooth: hci3: command tx timeout
[  255.307185][T16095] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3041'.
[  255.442148][T16107] program syz.1.3044 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  255.452885][T16107] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  255.455677][T16107] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  255.459528][T16107] vhci_hcd vhci_hcd.0: Device attached
[  255.462373][T16111] vhci_hcd: connection closed
[  255.462550][ T1143] vhci_hcd vhci_hcd.1: stop threads
[  255.466168][ T1143] vhci_hcd vhci_hcd.1: release socket
[  255.468850][ T1143] vhci_hcd vhci_hcd.1: disconnect device
[  255.766312][   T40] audit: type=1400 audit(2000000011.629:53589): avc:  denied  { connect } for  pid=16114 comm="syz.2.3047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  255.778950][   T40] audit: type=1400 audit(2000000011.629:53590): avc:  denied  { setopt } for  pid=16114 comm="syz.2.3047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  255.812005][   T40] audit: type=1400 audit(2000000011.679:53591): avc:  denied  { listen } for  pid=16117 comm="syz.3.3048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  255.823931][T16118] XFS (nbd3): no-recovery mounts must be read-only.
[  256.025124][T16128] 8021q: VLANs not supported on sit0
[  256.191680][T16149] program syz.1.3056 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  256.195627][T16149] ata1.00: non-matching transfer count (0/2304)
[  256.443670][T16160] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3060'.
[  256.476717][ T5991] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  256.644558][ T5991] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  256.656394][ T5991] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  256.660629][ T5991] usb 8-1: config 0 interface 0 has no altsetting 0
[  256.687632][ T5991] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  256.691512][ T5991] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  256.695161][ T5991] usb 8-1: Product: syz
[  256.716463][ T5991] usb 8-1: Manufacturer: syz
[  256.719730][ T5991] usb 8-1: SerialNumber: syz
[  256.728894][ T5991] usb 8-1: config 0 descriptor??
[  256.744587][ T5991] hub 8-1:0.0: bad descriptor, ignoring hub
[  256.749861][ T5991] hub 8-1:0.0: probe with driver hub failed with error -5
[  256.767554][ T5991] usb 8-1: selecting invalid altsetting 0
[  256.787241][ T5942] Bluetooth: hci3: command tx timeout
[  257.113026][T16191] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3068'.
[  257.554727][   T40] kauditd_printk_skb: 5 callbacks suppressed
[  257.554744][   T40] audit: type=1400 audit(2000000013.419:53597): avc:  denied  { call } for  pid=16210 comm="syz.6.3075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  257.689418][T16151] usb 8-1: reset high-speed USB device number 12 using dummy_hcd
[  257.839495][T16151] usb 8-1: device firmware changed
[  257.847194][ T5991] usb 8-1: USB disconnect, device number 12
[  257.926461][T16226] xt_hashlimit: Unknown mode mask 84, kernel too old?
[  257.932347][   T40] audit: type=1400 audit(2000000013.799:53598): avc:  denied  { map } for  pid=16224 comm="syz.6.3078" path="/570/file0/file1" dev="9p" ino=71827929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  258.006364][ T5991] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  258.148812][   T40] audit: type=1400 audit(2000000014.019:53599): avc:  denied  { relabelto } for  pid=16227 comm="syz.2.3079" name="206" dev="tmpfs" ino=1115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0"
[  258.163289][   T40] audit: type=1400 audit(2000000014.019:53600): avc:  denied  { associate } for  pid=16227 comm="syz.2.3079" name="206" dev="tmpfs" ino=1115 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:crond_var_run_t:s0"
[  258.165150][ T5991] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  258.175989][   T40] audit: type=1400 audit(2000000014.019:53601): avc:  denied  { add_name } for  pid=16227 comm="syz.2.3079" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0"
[  258.182873][ T5991] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  258.189597][   T40] audit: type=1400 audit(2000000014.019:53602): avc:  denied  { create } for  pid=16227 comm="syz.2.3079" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  258.193496][ T5991] usb 8-1: config 0 interface 0 has no altsetting 0
[  258.206816][ T5991] usb 8-1: string descriptor 0 read error: -22
[  258.210156][ T5991] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  258.212639][   T40] audit: type=1400 audit(2000000014.019:53603): avc:  denied  { associate } for  pid=16227 comm="syz.2.3079" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  258.214010][ T5991] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  258.222767][   T40] audit: type=1400 audit(2000000014.019:53604): avc:  denied  { mounton } for  pid=16227 comm="syz.2.3079" path="/206/file0" dev="tmpfs" ino=1120 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  258.222815][   T40] audit: type=1400 audit(2000000014.019:53605): avc:  denied  { mount } for  pid=16227 comm="syz.2.3079" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  258.222852][   T40] audit: type=1400 audit(2000000014.019:53606): avc:  denied  { remount } for  pid=16227 comm="syz.2.3079" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  258.266722][ T5991] usb 8-1: config 0 descriptor??
[  258.275163][ T5991] hub 8-1:0.0: bad descriptor, ignoring hub
[  258.278297][ T5991] hub 8-1:0.0: probe with driver hub failed with error -5
[  258.285069][ T5991] usb 8-1: selecting invalid altsetting 0
[  258.588354][ T5991] usb 8-1: USB disconnect, device number 13
[  258.856383][ T5942] Bluetooth: hci3: command tx timeout
[  259.100386][T16266] validate_nla: 57 callbacks suppressed
[  259.100404][T16266] netlink: 'syz.6.3088': attribute type 12 has an invalid length.
[  259.104942][T16266] netlink: 'syz.6.3088': attribute type 29 has an invalid length.
[  259.108953][T16266] netlink: 148 bytes leftover after parsing attributes in process `syz.6.3088'.
[  259.119341][T16266] netlink: 'syz.6.3088': attribute type 2 has an invalid length.
[  259.126328][T16266] netlink: 'syz.6.3088': attribute type 3 has an invalid length.
[  259.134502][T16266] netlink: 15 bytes leftover after parsing attributes in process `syz.6.3088'.
[  259.141863][T16263] xt_NFQUEUE: number of queues (5) out of range (got 65536)
[  259.156393][    C0] net_ratelimit: 25302 callbacks suppressed
[  259.156410][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  259.162529][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  259.166889][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  259.170818][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  259.175538][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  259.179798][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  259.183781][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  259.187718][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  259.191695][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  259.195989][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  259.254954][T16301] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3091'.
[  259.263610][T16301] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3091'.
[  259.329697][T16304] ip6t_rpfilter: unknown options
[  259.843758][T16327] ./cgroup: Can't lookup blockdev
[  260.068533][T16334] netlink: 'syz.2.3102': attribute type 4 has an invalid length.
[  260.079460][T16334] ieee802154 phy0 wpan0: encryption failed: -126
[  260.082256][T16334] xt_hashlimit: invalid interval
[  260.235008][   T54] hid_parser_main: 22 callbacks suppressed
[  260.239095][   T54] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  260.246951][   T54] hid-generic 0000:0000:0000.000B: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  260.333482][T16343] binder: 16339:16343 ioctl c00c620f 2000000001c0 returned -22
[  260.603492][T16359] netlink: 'syz.3.3109': attribute type 1 has an invalid length.
[  260.781467][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  261.394607][T16371] vxlan0: entered promiscuous mode
[  261.396477][T16371] vxlan0: entered allmulticast mode
[  261.398739][T16280] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  261.401669][T16280] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  261.404842][T16280] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  261.409813][T16280] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  261.555171][T16384] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3116'.
[  261.730276][T16389] netlink: 'syz.6.3119': attribute type 142 has an invalid length.
[  262.022444][T16406] netlink: 200 bytes leftover after parsing attributes in process `syz.3.3124'.
[  262.034457][T16406] team_slave_0: entered promiscuous mode
[  262.037841][T16406] team_slave_1: entered promiscuous mode
[  262.057403][T16406] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  262.364237][T16419] 9p: Bad value for 'rfdno'
[  262.924859][T16441] kAFS: unable to lookup cell 'syz0'
[  262.946166][T16441] lo: Caught tx_queue_len zero misconfig
[  263.019117][T16445] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3135'.
[  263.023090][T16445] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3135'.
[  263.145854][T16449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3137'.
[  263.308203][T16463] gfs2: gfs2 mount does not exist
[  263.366630][T16466] gfs2: gfs2 mount does not exist
[  263.492299][T16477] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16477 comm=syz.2.3142
[  263.673838][   T40] kauditd_printk_skb: 15 callbacks suppressed
[  263.673850][   T40] audit: type=1400 audit(2000000019.539:53622): avc:  denied  { read } for  pid=16485 comm="syz.2.3146" path="socket:[67184]" dev="sockfs" ino=67184 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  263.739520][   T40] audit: type=1400 audit(2000000019.609:53623): avc:  denied  { mounton } for  pid=16485 comm="syz.2.3146" path="/proc/669/cgroup" dev="proc" ino=67872 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  263.762129][   T40] audit: type=1400 audit(2000000019.619:53624): avc:  denied  { accept } for  pid=16485 comm="syz.2.3146" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  263.875310][   T40] audit: type=1400 audit(2000000019.739:53625): avc:  denied  { append } for  pid=16492 comm="syz.1.3148" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  263.877286][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.889413][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.893592][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.897924][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.901810][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.905154][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.908685][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.911755][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.915247][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.919721][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.923371][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.928136][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.932049][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.940511][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.944772][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.949402][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.953090][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.957765][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.961148][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.965663][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.976086][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.982361][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.988387][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.992321][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.997520][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  264.001434][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  264.005431][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  264.009507][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  264.013311][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  264.016509][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  264.019822][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  264.023893][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  264.028332][T16493] program syz.1.3148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  264.166321][    C1] net_ratelimit: 32118 callbacks suppressed
[  264.166334][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  264.166496][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  264.168993][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  264.173473][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  264.178459][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  264.182281][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  264.186390][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  264.191184][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  264.195652][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  264.200184][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  265.231853][T16522] overlay: Bad value for 'workdir'
[  265.720430][T16528] binder: 16527:16528 ioctl 40046205 0 returned -22
[  265.727678][T16528] pim6reg1: entered promiscuous mode
[  265.730125][T16528] pim6reg1: entered allmulticast mode
[  266.035806][T16537] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3162'.
[  266.322699][   T40] audit: type=1400 audit(2000000022.189:53626): avc:  denied  { setattr } for  pid=16543 comm="syz.2.3164" name="NETLINK" dev="sockfs" ino=67965 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  266.615389][T16563] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1539 sclass=netlink_route_socket pid=16563 comm=syz.2.3169
[  266.676022][T16563] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16563 comm=syz.2.3169
[  266.803268][T16567] input: syz1 as /devices/virtual/input/input31
[  266.918084][T16570] Invalid logical block size (131072)
[  266.975448][T16572] Option '�'M�O��' to dns_resolver key: bad/missing value
[  267.318642][T16291] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  267.332775][   T40] audit: type=1400 audit(2000000023.189:53627): avc:  denied  { write } for  pid=16584 comm="syz.3.3176" name="card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  267.347943][   T40] audit: type=1400 audit(2000000023.199:53628): avc:  denied  { create } for  pid=16571 comm="syz.2.3172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  267.479586][T16593] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3178'.
[  267.539630][T16596] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16596 comm=syz.6.3178
[  267.552001][T16596] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3178'.
[  267.620518][T16596] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3178'.
[  267.805761][T16583] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  268.348257][T16620] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3186'.
[  268.373785][T16620] 8021q: adding VLAN 0 to HW filter on device bond1
[  269.176282][    C1] net_ratelimit: 42662 callbacks suppressed
[  269.176302][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  269.176481][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  269.178481][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  269.182546][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  269.185214][T16665] bridge_slave_1: Caught tx_queue_len zero misconfig
[  269.194170][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  269.194610][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  269.197001][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  269.201009][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  269.205003][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  269.208556][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  269.265268][T16668] sctp: [Deprecated]: syz.6.3199 (pid 16668) Use of struct sctp_assoc_value in delayed_ack socket option.
[  269.265268][T16668] Use struct sctp_sack_info instead
[  269.277775][   T40] audit: type=1400 audit(2000000025.139:53629): avc:  denied  { map } for  pid=16664 comm="syz.6.3199" path="socket:[68832]" dev="sockfs" ino=68832 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  269.437592][T16675] can0: slcan on ttyS3.
[  269.843805][T16675] can0 (unregistered): slcan off ttyS3.
[  269.852636][T16688] can0: slcan on ttyS3.
[  269.960422][ T5949] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  269.964191][ T5949] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  269.969337][ T5949] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  269.972983][ T5949] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  269.977153][ T5949] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  270.128964][T16692] chnl_net:caif_netlink_parms(): no params data found
[  270.177041][T16687] can0 (unregistered): slcan off ttyS3.
[  270.313910][T16692] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.316909][T16692] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.319961][T16692] bridge_slave_0: entered allmulticast mode
[  270.323760][T16692] bridge_slave_0: entered promiscuous mode
[  270.328396][T16692] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.331294][T16692] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.334305][T16692] bridge_slave_1: entered allmulticast mode
[  270.339822][T16692] bridge_slave_1: entered promiscuous mode
[  270.355215][T16692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  270.361800][T16692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  270.378866][T16692] team0: Port device team_slave_0 added
[  270.382874][T16692] team0: Port device team_slave_1 added
[  270.485226][T16692] batman_adv: batadv0: Adding interface: batadv_slave_0
[  270.487621][T16692] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  270.495881][T16692] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  270.502351][T16692] batman_adv: batadv0: Adding interface: batadv_slave_1
[  270.504545][T16692] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  270.520774][T16692] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  270.600359][T16717] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29037 sclass=netlink_route_socket pid=16717 comm=syz.3.3215
[  270.607909][T16692] hsr_slave_0: entered promiscuous mode
[  270.612136][T16692] hsr_slave_1: entered promiscuous mode
[  270.615367][T16692] debugfs: 'hsr0' already exists in 'hsr'
[  270.617618][T16692] Cannot create hsr debugfs directory
[  270.836450][T13205] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  270.986359][T13205] usb 6-1: Using ep0 maxpacket: 32
[  270.989725][T13205] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  270.993612][T13205] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  270.997785][T13205] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  271.003160][T13205] usb 6-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  271.008125][T13205] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.013472][T13205] usb 6-1: config 0 descriptor??
[  271.272176][T13205] usbhid 6-1:0.0: can't add hid device: -71
[  271.274818][T13205] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  271.286905][T13205] usb 6-1: USB disconnect, device number 14
[  271.439073][T16692] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  271.443829][T16692] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.448820][T16692] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  271.565260][T16739] Cannot find add_set index 65532 as target
[  271.908232][T16692] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  271.913090][T16692] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.920724][T16692] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  271.942370][T16746] syzkaller0: entered promiscuous mode
[  271.946092][T16746] syzkaller0: entered allmulticast mode
[  272.038109][   T40] audit: type=1400 audit(2000000027.909:53630): avc:  denied  { map } for  pid=16752 comm="syz.1.3222" path="socket:[68539]" dev="sockfs" ino=68539 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  272.052866][   T40] audit: type=1400 audit(2000000027.919:53631): avc:  denied  { read } for  pid=16752 comm="syz.1.3222" path="socket:[68539]" dev="sockfs" ino=68539 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  272.062621][ T5949] Bluetooth: hci0: command tx timeout
[  272.176870][T16761] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3223'.
[  272.245448][T16692] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  272.249978][T16692] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.254333][T16692] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  272.372294][T16692] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  272.377145][T16692] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.381477][T16692] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  272.507735][T16284] veth0_to_bridge: left allmulticast mode
[  272.510232][T16284] veth0_to_bridge: left promiscuous mode
[  272.527586][T16775] ocfs2: Unknown parameter 'l���р(uD��h���p�BIE}g����l#:��|^�e"�#�F��Ož>9�c'
[  272.537760][T16284] bridge0: port 3(veth0_to_bridge) entered disabled state
[  272.543280][   T40] audit: type=1400 audit(2000000028.409:53632): avc:  denied  { mount } for  pid=16774 comm="syz.1.3227" name="/" dev="hugetlbfs" ino=69222 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  272.551427][   T40] audit: type=1400 audit(2000000028.419:53633): avc:  denied  { ioctl } for  pid=16774 comm="syz.1.3227" path="/dev/cpu/3/msr" dev="devtmpfs" ino=93 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  272.561033][T16284] bridge_slave_1: left allmulticast mode
[  272.562832][T16284] bridge_slave_1: left promiscuous mode
[  272.564715][T16284] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.571992][T16284] bridge_slave_0: left allmulticast mode
[  272.574365][T16284] bridge_slave_0: left promiscuous mode
[  272.578388][T16284] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.665702][T16782] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3229'.
[  272.897249][   T40] audit: type=1400 audit(2000000028.759:53634): avc:  denied  { setattr } for  pid=16780 comm="syz.2.3230" name="/" dev="9p" ino=71827685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  272.945599][T16284] bond3 (unregistering): (slave ip6gretap1): Releasing active interface
[  273.149342][T16284] bond5 (unregistering): (slave geneve4): Releasing active interface
[  273.176619][T16284] bond2 (unregistering): (slave geneve2): Releasing active interface
[  273.411732][T16284] bond1 (unregistering): (slave bridge2): Releasing active interface
[  273.780926][T16284] 
 (unregistering): (slave bond_slave_0): Releasing backup interface
[  273.784986][T16284] bond_slave_0: left promiscuous mode
[  273.790250][T16284] 
 (unregistering): (slave bond_slave_1): Releasing backup interface
[  273.794003][T16284] bond_slave_1: left promiscuous mode
[  273.798592][T16284] 
 (unregistering): (slave batadv0): Releasing backup interface
[  273.802368][T16284] batadv0: left promiscuous mode
[  273.806023][T16284] 
 (unregistering): Released all slaves
[  273.929922][T16284] bond1 (unregistering): Released all slaves
[  274.054451][T16284] bond2 (unregistering): Released all slaves
[  274.136353][ T5949] Bluetooth: hci0: command tx timeout
[  274.206679][T16284] bond3 (unregistering): Released all slaves
[  274.217112][T16284] bond4 (unregistering): Released all slaves
[  274.228570][T16284] bond5 (unregistering): Released all slaves
[  274.240340][T16781] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3230'.
[  274.392258][   T40] audit: type=1400 audit(2000000030.259:53635): avc:  denied  { getopt } for  pid=16792 comm="syz.1.3233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  274.399603][T16793] net_ratelimit: 22316 callbacks suppressed
[  274.399613][T16793] ICMPv6: NA: 00:00:00:00:00:00 advertised our address fe80::aa on syz_tun!
[  274.401727][T16284] tipc: Left network mode
[  274.409264][T16795] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3233'.
[  274.485120][T16795] team0: left allmulticast mode
[  274.487719][T16795] team_slave_1: left allmulticast mode
[  274.489631][T16795] bridge0: port 3(team0) entered disabled state
[  274.493563][T16795] bridge_slave_1: left allmulticast mode
[  274.495419][T16795] bridge_slave_1: left promiscuous mode
[  274.498359][T16795] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.502071][T16795] bridge_slave_0: left allmulticast mode
[  274.503873][T16795] bridge_slave_0: left promiscuous mode
[  274.505711][T16795] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.638328][T16692] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  274.649311][   T73] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  274.677419][T16692] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  274.688260][T16692] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  274.695370][T16692] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  274.779609][T16815] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  274.782583][T16815] IPv6: NLM_F_CREATE should be set when creating new route
[  274.790194][T16284] hsr_slave_0: left promiscuous mode
[  274.794288][T16284] hsr_slave_1: left promiscuous mode
[  274.798076][T16284] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  274.801441][T16284] batman_adv: batadv0: Removing interface: batadv_slave_0
[  274.805434][T16284] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  274.810757][T16284] batman_adv: batadv0: Removing interface: batadv_slave_1
[  274.818114][T16284] veth1_macvtap: left promiscuous mode
[  274.820521][T16284] veth0_macvtap: left promiscuous mode
[  274.968107][   T40] audit: type=1400 audit(2000000030.839:53636): avc:  denied  { bind } for  pid=16818 comm="syz.1.3238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  275.031050][T16823] binder: 16822:16823 ioctl 3b85 200000000280 returned -22
[  275.035775][T16823] fuse: Unknown parameter '0x0000000000000007'
[  275.284743][T16284] team0 (unregistering): Port device team_slave_1 removed
[  275.322147][T16284] team0 (unregistering): Port device team_slave_0 removed
[  275.330325][   T40] audit: type=1400 audit(2000000031.199:53637): avc:  denied  { setopt } for  pid=16826 comm="syz.2.3240" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  275.772365][T16692] 8021q: adding VLAN 0 to HW filter on device bond0
[  275.787271][T16692] 8021q: adding VLAN 0 to HW filter on device team0
[  275.805703][T16282] bridge0: port 1(bridge_slave_0) entered blocking state
[  275.809010][T16282] bridge0: port 1(bridge_slave_0) entered forwarding state
[  275.820988][T16282] bridge0: port 2(bridge_slave_1) entered blocking state
[  275.824172][T16282] bridge0: port 2(bridge_slave_1) entered forwarding state
[  276.005347][T16692] 8021q: adding VLAN 0 to HW filter on device batadv0
[  276.054999][T16855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3249'.
[  276.090669][T16854] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3249'.
[  276.105291][T16284] IPVS: stop unused estimator thread 0...
[  276.216472][ T5949] Bluetooth: hci0: command tx timeout
[  276.244244][T16692] veth0_vlan: entered promiscuous mode
[  276.260600][T16692] veth1_vlan: entered promiscuous mode
[  276.289169][T16692] veth0_macvtap: entered promiscuous mode
[  276.295675][T16692] veth1_macvtap: entered promiscuous mode
[  276.311255][T16692] batman_adv: batadv0: Interface activated: batadv_slave_0
[  276.319674][T16692] batman_adv: batadv0: Interface activated: batadv_slave_1
[  276.332295][T16179] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  276.336103][T16179] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  276.343301][   T40] audit: type=1400 audit(2000000032.209:53638): avc:  denied  { setopt } for  pid=16869 comm="syz.1.3253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  276.352471][T16179] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  276.361801][T16179] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  276.414101][T16179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  276.426561][T16179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  276.436832][   T40] audit: type=1400 audit(2000000032.309:53639): avc:  denied  { map } for  pid=16873 comm="syz.1.3254" path="socket:[70041]" dev="sockfs" ino=70041 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  276.453043][T16294] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  276.455614][T16294] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  276.469942][   T40] audit: type=1400 audit(2000000032.339:53640): avc:  denied  { setcheckreqprot } for  pid=16877 comm="syz.1.3255" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  276.506358][T16884] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3256'.
[  276.594797][T16890] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16890 comm=syz.6.3258
[  276.613529][   T40] audit: type=1400 audit(2000000032.479:53641): avc:  denied  { accept } for  pid=16889 comm="syz.6.3258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  276.886410][   T54] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  276.931025][T16914] loop5: detected capacity change from 0 to 9
[  276.939923][T16914] Dev loop5: unable to read RDB block 9
[  276.942390][T16914]  loop5: unable to read partition table
[  276.944994][T16914] loop5: partition table beyond EOD, truncated
[  276.956983][T16914] loop_reread_partitions: partition scan of loop5 (�被x������ ) failed (rc=-5)
[  277.048479][   T54] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  277.064607][   T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  277.064640][   T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  277.064660][   T54] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  277.064702][   T54] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  277.064721][   T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.069112][   T54] usb 6-1: config 0 descriptor??
[  277.118177][T16923] qnx4: unable to read the superblock
[  277.123791][   T40] audit: type=1400 audit(2000000032.989:53642): avc:  denied  { accept } for  pid=16921 comm="syz.2.3267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  277.383371][T16940] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3273'.
[  277.751704][   T54] usbhid 6-1:0.0: can't add hid device: -71
[  277.754503][   T54] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  277.758918][   T54] usb 6-1: USB disconnect, device number 16
[  278.030273][T16945] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=66 sclass=netlink_audit_socket pid=16945 comm=syz.3.3275
[  278.278527][T16957] nbd: must specify a size in bytes for the device
[  278.296346][ T5949] Bluetooth: hci0: command tx timeout
[  278.344752][T16965] netlink: 'syz.1.3282': attribute type 2 has an invalid length.
[  278.344806][T16966] netlink: 'syz.1.3282': attribute type 2 has an invalid length.
[  278.353882][T16965] !: entered promiscuous mode
[  278.360474][T16970] trusted_key: encrypted_key: insufficient parameters specified
[  278.366386][T16965] netlink: 'syz.1.3282': attribute type 2 has an invalid length.
[  278.369803][T16965] !: left promiscuous mode
[  278.406850][   T54] usb 11-1: new high-speed USB device number 15 using dummy_hcd
[  278.413447][T16961] could not allocate digest TFM handle cryptd(blake2b-160)
[  278.427909][   T40] audit: type=1400 audit(2000000034.299:53643): avc:  denied  { ioctl } for  pid=16967 comm="syz.2.3283" path="socket:[70798]" dev="sockfs" ino=70798 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  278.439836][T16976] trusted_key: encrypted_key: insufficient parameters specified
[  278.545710][T16982] netlink: 'syz.1.3285': attribute type 1 has an invalid length.
[  278.557628][   T40] audit: type=1400 audit(2000000034.429:53644): avc:  denied  { ioctl } for  pid=16978 comm="syz.1.3285" path="/dev/usbmon0" dev="devtmpfs" ino=737 ioctlcmd=0x9204 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  278.576325][   T54] usb 11-1: Using ep0 maxpacket: 32
[  278.580478][   T54] usb 11-1: config 0 has an invalid descriptor of length 241, skipping remainder of the config
[  278.584833][   T54] usb 11-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  278.590532][   T54] usb 11-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  278.593932][   T54] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.599454][   T54] usb 11-1: config 0 descriptor??
[  278.602607][T16982] openvswitch: netlink: IP tunnel dst address not specified
[  278.746369][T13205] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  278.812424][   T54] usb 11-1: string descriptor 0 read error: -71
[  278.817181][T16953] syz_tun: entered allmulticast mode
[  278.820786][   T54] usbhid 11-1:0.0: couldn't find an input interrupt endpoint
[  278.829219][   T54] usb 11-1: USB disconnect, device number 15
[  278.896460][T13205] usb 7-1: Using ep0 maxpacket: 8
[  278.900972][T13205] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  278.905076][T13205] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  278.910328][T13205] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  278.914772][T13205] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  278.920731][T13205] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  278.924589][T13205] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.137391][T13205] usb 7-1: GET_CAPABILITIES returned 0
[  279.139923][T13205] usbtmc 7-1:16.0: can't read capabilities
[  279.347899][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  279.352321][T16981] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3284'.
[  279.470487][T16953] syz_tun: left allmulticast mode
[  279.518120][   T54] usb 7-1: USB disconnect, device number 18
[  279.550304][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  279.550316][   T40] audit: type=1400 audit(2000000035.419:53647): avc:  denied  { bind } for  pid=17005 comm="syz.1.3292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  279.688176][T17021] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3296'.
[  279.702541][T17021] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3296'.
[  279.719084][T17021] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3296'.
[  279.732383][T17021] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3296'.
[  279.745182][T17021] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3296'.
[  279.759525][T17021] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3296'.
[  279.770883][T17021] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3296'.
[  279.782740][T17021] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3296'.
[  280.096936][ T6004] delete_channel: no stack
[  280.132156][   T40] audit: type=1400 audit(2000000035.999:53648): avc:  denied  { getopt } for  pid=17031 comm="syz.1.3302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  280.167560][   T40] audit: type=1400 audit(2000000036.039:53649): avc:  denied  { getopt } for  pid=17027 comm="syz.3.3299" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  280.310240][T17030] netlink: 'syz.2.3300': attribute type 5 has an invalid length.
[  280.347696][T17057] netlink: 'syz.3.3306': attribute type 1 has an invalid length.
[  280.365474][T17060] netlink: 'syz.2.3307': attribute type 1 has an invalid length.
[  280.417357][T17060] bond5: entered promiscuous mode
[  280.421253][T17060] 8021q: adding VLAN 0 to HW filter on device bond5
[  280.562137][T17070] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17070 comm=syz.1.3309
[  280.685223][T17086] ------------[ cut here ]------------
[  280.688084][T17086] WARNING: mm/page_alloc.c:5216 at __alloc_frozen_pages_noprof+0x309/0x2430, CPU#1: syz.1.3312/17086
[  280.692577][T17086] Modules linked in:
[  280.695800][T17086] CPU: 1 UID: 0 PID: 17086 Comm: syz.1.3312 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  280.695878][   T40] audit: type=1400 audit(2000000036.559:53650): avc:  denied  { write } for  pid=5922 comm="syz-executor" path="pipe:[2772]" dev="pipefs" ino=2772 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  280.700519][T17086] Tainted: [L]=SOFTLOCKUP
[  280.700532][T17086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  280.700545][T17086] RIP: 0010:__alloc_frozen_pages_noprof+0x309/0x2430
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  280.720302][T17086] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 c1 ec 60 09 83 fe 0a 0f 86 0c fe ff ff 80 3d 0a 43 56 0e 00 75 0b c6 05 01 43 56 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8
[  280.728866][T17086] RSP: 0018:ffffc9000cf277c8 EFLAGS: 00010246
[  280.730981][T17086] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  280.733727][T17086] RDX: 0000000000000000 RSI: 0000000000000015 RDI: 0000000000040cc0
[  280.738485][T17086] RBP: 0000000000000015 R08: 0000000000000005 R09: 0000000000000009
[  280.741340][T17086] R10: 0000000000000015 R11: ffff8880496b0b30 R12: 0000000000040cc0
[  280.744225][T17086] R13: 1ffff920019e4f0f R14: ffffffff9ac46ac4 R15: 0000000000000015
[  280.747203][T17086] FS:  00007fae61a656c0(0000) GS:ffff8880d69f1000(0000) knlGS:0000000000000000
[  280.750297][T17086] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  280.752648][T17086] CR2: 00007fae60b73460 CR3: 000000005923f000 CR4: 0000000000352ef0
[  280.755347][T17086] Call Trace:
[  280.756877][T17086]  <TASK>
[  280.757930][T17086]  ? is_bpf_text_address+0x94/0x1a0
[  280.759668][T17086]  ? kernel_text_address+0x8d/0x100
[  280.761499][T17086]  ? __kernel_text_address+0xd/0x40
[  280.763489][T17086]  ? unwind_get_return_address+0x59/0xa0
[  280.765388][T17086]  ? arch_stack_walk+0xa6/0x100
[  280.767388][T17086]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  280.769651][T17086]  ? stack_trace_save+0x8e/0xc0
[  280.771336][T17086]  ? __pfx_stack_trace_save+0x10/0x10
[  280.773401][T17086]  ? __lock_acquire+0x436/0x2890
[  280.775482][T17086]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  280.777876][T17086]  ? policy_nodemask+0xea/0x4e0
[  280.779485][T17086]  alloc_pages_mpol+0x1fb/0x550
[  280.781452][T17086]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  280.783220][T17086]  ? find_held_lock+0x2b/0x80
[  280.784791][T17086]  ___kmalloc_large_node+0x10c/0x150
[  280.787053][T17086]  __kmalloc_large_node_noprof+0x1c/0x70
[  280.788879][T17086]  __kmalloc_noprof.cold+0xc/0x62
[  280.790528][T17086]  ? drm_syncobj_array_find+0x35/0x3c0
[  280.792507][T17086]  ? drm_syncobj_array_find+0x35/0x3c0
[  280.794540][T17086]  drm_syncobj_array_find+0x35/0x3c0
[  280.796563][T17086]  drm_syncobj_signal_ioctl+0x20c/0x450
[  280.798412][T17086]  ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10
[  280.800378][T17086]  ? drm_dev_exit+0x41/0x60
[  280.801858][T17086]  drm_ioctl_kernel+0x1f4/0x3e0
[  280.803488][T17086]  ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10
[  280.805498][T17086]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  280.807402][T17086]  drm_ioctl+0x5c9/0xc30
[  280.808849][T17086]  ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10
[  280.810874][T17086]  ? __pfx_drm_ioctl+0x10/0x10
[  280.812483][T17086]  ? selinux_file_ioctl+0x180/0x270
[  280.814207][T17086]  ? selinux_file_ioctl+0xb4/0x270
[  280.815926][T17086]  ? __pfx_drm_ioctl+0x10/0x10
[  280.817509][T17086]  __x64_sys_ioctl+0x18e/0x210
[  280.819101][T17086]  do_syscall_64+0xcd/0xf80
[  280.820579][T17086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.822496][T17086] RIP: 0033:0x7fae60b8f7c9
[  280.823941][T17086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.830053][T17086] RSP: 002b:00007fae61a65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  280.832746][T17086] RAX: ffffffffffffffda RBX: 00007fae60de6090 RCX: 00007fae60b8f7c9
[  280.835294][T17086] RDX: 0000200000000100 RSI: 00000000c01064c5 RDI: 0000000000000004
[  280.837870][T17086] RBP: 00007fae60c13f91 R08: 0000000000000000 R09: 0000000000000000
[  280.840359][T17086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  280.842866][T17086] R13: 00007fae60de6128 R14: 00007fae60de6090 R15: 00007fff484929d8
[  280.845367][T17086]  </TASK>
[  280.846444][T17086] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  280.848741][T17086] CPU: 1 UID: 0 PID: 17086 Comm: syz.1.3312 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  280.852153][T17086] Tainted: [L]=SOFTLOCKUP
[  280.853536][T17086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  280.857287][T17086] Call Trace:
[  280.858368][T17086]  <TASK>
[  280.859342][T17086]  dump_stack_lvl+0x3d/0x1f0
[  280.860822][T17086]  vpanic+0x640/0x6f0
[  280.862152][T17086]  ? __alloc_frozen_pages_noprof+0x309/0x2430
[  280.864356][T17086]  panic+0xca/0xd0
[  280.865606][T17086]  ? __pfx_panic+0x10/0x10
[  280.867221][T17086]  ? check_panic_on_warn+0x1f/0xb0
[  280.868881][T17086]  check_panic_on_warn+0xab/0xb0
[  280.870477][T17086]  __warn+0x108/0x3c0
[  280.871810][T17086]  __report_bug+0x2a0/0x520
[  280.873270][T17086]  ? __alloc_frozen_pages_noprof+0x309/0x2430
[  280.875294][T17086]  ? __pfx___report_bug+0x10/0x10
[  280.877155][T17086]  ? __lock_acquire+0x436/0x2890
[  280.878817][T17086]  ? __alloc_frozen_pages_noprof+0x309/0x2430
[  280.880791][T17086]  report_bug+0xb2/0x220
[  280.882198][T17086]  ? __alloc_frozen_pages_noprof+0x309/0x2430
[  280.884368][T17086]  handle_bug+0x127/0x260
[  280.885774][T17086]  exc_invalid_op+0x17/0x50
[  280.887288][T17086]  asm_exc_invalid_op+0x1a/0x20
[  280.888830][T17086] RIP: 0010:__alloc_frozen_pages_noprof+0x309/0x2430
[  280.891037][T17086] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 c1 ec 60 09 83 fe 0a 0f 86 0c fe ff ff 80 3d 0a 43 56 0e 00 75 0b c6 05 01 43 56 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8
[  280.897717][T17086] RSP: 0018:ffffc9000cf277c8 EFLAGS: 00010246
[  280.899659][T17086] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  280.902165][T17086] RDX: 0000000000000000 RSI: 0000000000000015 RDI: 0000000000040cc0
[  280.904677][T17086] RBP: 0000000000000015 R08: 0000000000000005 R09: 0000000000000009
[  280.907227][T17086] R10: 0000000000000015 R11: ffff8880496b0b30 R12: 0000000000040cc0
[  280.909711][T17086] R13: 1ffff920019e4f0f R14: ffffffff9ac46ac4 R15: 0000000000000015
[  280.912269][T17086]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  280.914262][T17086]  ? is_bpf_text_address+0x94/0x1a0
[  280.916046][T17086]  ? kernel_text_address+0x8d/0x100
[  280.917816][T17086]  ? __kernel_text_address+0xd/0x40
[  280.919513][T17086]  ? unwind_get_return_address+0x59/0xa0
[  280.921304][T17086]  ? arch_stack_walk+0xa6/0x100
[  280.922983][T17086]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  280.925145][T17086]  ? stack_trace_save+0x8e/0xc0
[  280.926523][T17086]  ? __pfx_stack_trace_save+0x10/0x10
[  280.928111][T17086]  ? __lock_acquire+0x436/0x2890
[  280.929646][T17086]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  280.931430][T17086]  ? policy_nodemask+0xea/0x4e0
[  280.933030][T17086]  alloc_pages_mpol+0x1fb/0x550
[  280.934604][T17086]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  280.936341][T17086]  ? find_held_lock+0x2b/0x80
[  280.938056][T17086]  ___kmalloc_large_node+0x10c/0x150
[  280.939826][T17086]  __kmalloc_large_node_noprof+0x1c/0x70
[  280.941763][T17086]  __kmalloc_noprof.cold+0xc/0x62
[  280.943504][T17086]  ? drm_syncobj_array_find+0x35/0x3c0
[  280.945846][T17086]  ? drm_syncobj_array_find+0x35/0x3c0
[  280.948209][T17086]  drm_syncobj_array_find+0x35/0x3c0
[  280.950746][T17086]  drm_syncobj_signal_ioctl+0x20c/0x450
[  280.953367][T17086]  ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10
[  280.956527][T17086]  ? drm_dev_exit+0x41/0x60
[  280.958729][T17086]  drm_ioctl_kernel+0x1f4/0x3e0
[  280.961020][T17086]  ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10
[  280.963688][T17086]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  280.965977][T17086]  drm_ioctl+0x5c9/0xc30
[  280.967697][T17086]  ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10
[  280.969770][T17086]  ? __pfx_drm_ioctl+0x10/0x10
[  280.971421][T17086]  ? selinux_file_ioctl+0x180/0x270
[  280.973078][T17086]  ? selinux_file_ioctl+0xb4/0x270
[  280.974785][T17086]  ? __pfx_drm_ioctl+0x10/0x10
[  280.976533][T17086]  __x64_sys_ioctl+0x18e/0x210
[  280.978161][T17086]  do_syscall_64+0xcd/0xf80
[  280.979731][T17086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.981682][T17086] RIP: 0033:0x7fae60b8f7c9
[  280.983182][T17086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.989838][T17086] RSP: 002b:00007fae61a65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  280.992694][T17086] RAX: ffffffffffffffda RBX: 00007fae60de6090 RCX: 00007fae60b8f7c9
[  280.995568][T17086] RDX: 0000200000000100 RSI: 00000000c01064c5 RDI: 0000000000000004
[  280.998054][T17086] RBP: 00007fae60c13f91 R08: 0000000000000000 R09: 0000000000000000
[  281.000660][T17086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  281.003134][T17086] R13: 00007fae60de6128 R14: 00007fae60de6090 R15: 00007fff484929d8
[  281.005659][T17086]  </TASK>
[  281.007486][T17086] Kernel Offset: disabled
[  281.008899][T17086] Rebooting in 86400 seconds..