last executing test programs:

6m12.560734458s ago: executing program 1 (id=222):
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000010c0), 0x4000, 0x0)
ioctl$DVD_WRITE_STRUCT(r0, 0x5390, &(0x7f0000001140)=@physical={0x0, 0x1, [{0x2, 0xf, 0x8, 0x9, 0x1, 0x1, 0x1, 0x4, 0x1, 0x0, 0x6fc6, 0x7, 0x3}, {0x6, 0xa, 0x0, 0x7, 0x0, 0x1, 0x3, 0x3, 0x0, 0x0, 0x1, 0x0, 0x3}, {0x9, 0x9, 0x8, 0x1, 0x2, 0x1, 0x3, 0xb, 0xb, 0x0, 0xffffffff, 0x25, 0x2}, {0x5, 0x5, 0x5, 0x2, 0x9, 0x0, 0x3, 0x8, 0x1, 0x1, 0xa, 0x8, 0x65c}]})

6m12.365144779s ago: executing program 1 (id=224):
r0 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0xb8d01, 0x0)
r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000b00), 0x901180, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
writev(r2, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
ioctl$CDROMVOLREAD(r1, 0x5313, &(0x7f0000000000))
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0)
read$FUSE(r3, &(0x7f0000000e40)={0x2020}, 0x2020)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r3, 0x4048587b, &(0x7f0000003980)={{<r4=>r0, &(0x7f0000000180)='*6^)\x00', 0x8000, &(0x7f00000001c0)={@align=0x7fff, {0x1, 0x8, 0x9, 0xffffffffffffa454}}, 0x7fffffff, &(0x7f0000000200)={@_ha_fsid}, &(0x7f0000000240)=0x7}, 0x9, &(0x7f0000003840)=[{0x2, 0x4, &(0x7f0000000280)='\x00', &(0x7f0000003a40)="de587690ed5dc353d4b3e573b225bc8a5d17b45f7dd2c86e2efee5e9fd26a2c7466a7d889397280e345e1dc33cda08a0f030bf403d4a40dde3b5a6138b6527763430f76db4a6e40a9da8e32083052104944bc5aaffe13b66ab851d5f7630ea6a25140aeff795e847bfbe9b26db64226cf290ce194ec656fcbfe11e9ab32691341b120cba83365f39f4cf18f69fe88a5bc57405441b", 0x95, 0x8}, {0x2, 0xd55, &(0x7f0000000340)='/dev/sg#\x00', &(0x7f0000000400)="398a23bda6ce63777bd29b795d5e524f25d087b7c31004595ed601956d4169258879b17e72205d42a18e06174f3ff07ef47c7f372fdc32a45dce5957ad121c7b5f5f97a4843b046f8993bf0d3b49100af45054d8c9149023fdd160e8d9450204d8364b668f37af27764ea170379a98b11ac3e6b870ffa9076ba69bcbcbed060329391493977fed03c8f0500001c81f1dde7297f5fe1bb40a39169adc797ecf3b6c9520dfb55a501af38649e19fb275b94a007801d8d9e8b608973d20cde21a0bf98a69e6bf7bae3ef74d27ae35d330aa38f2f426849eeda781396fec0e4130308b8b0f1ee494a1e0801dc6b3208b364b5bbcd7a22166b049f80709167430a587230d05968063bb308cd38c5f36bd77761d4520e9993fd1e74dd2890ead13b3fff26836a951d108c462b73581fd82da2cebebfdd225ad349d7402dbfe34565cc657a63cb5b2c1e9e9037dc9ff0bafa6652c5958d3415c604a2817f355e5b075997a23e1ebb2fd7804a5cfc9c76492c6d71fe14144d63ca2e6ee9f6747f203a7ce8aa98e6db33cc7202a510e2d62dbd5660e449e53850498cd9379181a58777940aa38e26534cd8f564181ba1ca36e40aa2b69f6176acfec165849ca0581d8b9d3d1cd2c8a61ff9000088650ded6b5c604c075ebef32f500bf8e2d63248dee03cbac6f780bbd26ee6c5d2a35a357cc4acdaba19773976e17f6cffcd81ff3c7300ed263a97a9e0aea8f14a3478252ad955226fee4f59f34f435526a2c03f0231b3acaf1f9065c4b648d72abea3e6d2be67b6d21661b934ef7aa8ca922e51b8ae34c6931fbe1e1570bc2661a1208efb094e19730b4977b5ba9f2b6ba971560c74bdfef5017ffa1a5d3dc1dc39051b438ff9b6901dba4fcb657d6daa7643708ceb84e50d05fb365337e4474f4b7b786e3819b4a09e0bd49e5e024ee83a8bc407e5634c5a5e9238e897321615287546469826d91ff11ac79c5f08c28a16a9462a57219e176cf854e1af76265faba019f198ad396b7859d8a0a07fba6a4511bcbddb9ef3dd408826e1ff9c9afdf2d65edac0ce23d4365762771302882f707af222608b663cb814dcde8880a7d18dd78d169807a0f4a65825487c1f32651c314646cb98edc8fe5a3714e72ec83791861d620ce542cbe187ea44af3e6c6e198f87f9e5b71077d3f4aaf352e78c8525c427152d63e0940d41d4891a003ca6f3087389437b7ee9cc635fa368b35c6431aced3d73e69251039b03e728c21aea7d23e656737f1039fab2c75047bb98e102862b9e3fba43a4ea385609ad1f34650f2eb0de3a9d94287bf937e33cfe3a2b882b36ce7e3838e1d792a7fefd49b3855a86c04d903fd9172ebc3a9f2c9965cf268cf27287d92fb22bba5c2f100e502cd41ac0547e7157d242538d9512b324cb5d2b3f6a143c733dc288d8607ed8c42c8f986dd66edb61a1fa99943b6c771a93d14aa1d63d1331f59e3eb1db9ffe154471e5f518b3c51483bd5c682e588ca7976309aca2a707a03c77f1799710d0119e79ea550d9eb7bc3a4cad5a493b65010fc84f0c5c96c07129ef0d7b9c72bfd74a0725009a160a8a2b2bb73273220b4a612f18335cde65db6d291656aef6cde9ff2460af2ee11085a1e1796fca3fffecc98e540694be3a4136abb3e7b6daf0762b0f644ec9d2f65d6362f84dd6b5c370e5958e19ba2c4400af71f3aef2826859e3acde37ab7c6d3d3a51d1bcf52cbf15fc9a65ca404746cfe6c17e77900c8a43dc029719de077ce625bd620d9413575d9b984c88f86e2321e5ee26f1eb9761ab6f57112324cd6086d1d00b716f9284edfca1c5def60d37fb62bcc235e3443f01313d27750907cb2a9efdf3105151c64db0e48be79dc5ed209ced960d18ae12f6eca92fc77831aae4f0b49ed37923bbce0464c8b525cbc28bf281bf146d5bb394717aba717cd80d0d294ecbec041d1a816521944b98a1c6ff2083510fae92547066a2755f0ef5cc3ed9b7602b4dddbef58b8541c2bc0423ec6739cbce0ef89c6df659065dfc5bcea2153b56a73a9e5775abff36796c2dc38a5aa5377157d6f27a73fe19176d35ab3dcd12c19717b5dedc8b908a1bab820ece40c565c8e5c747a9932080bc3dcf6780caa998cebf4ba57b56622e3549984b21c06e136baaa347cc6cca592ab386025badef161a2ee9d19d239a8ddfa15cf6526e6477fa7eb9561a387362037f35d64f2a1ee751528caa0e27be2f99fce2277d56495a12306fb1e311dba4d0561f1dcf72e06b2b1fdbc2ee4407e889dba4b4d8b7799d0f4241e7e84dacd2af13f13d64869c25fa80e4765765bc2c80ae800a02ab57f0a77bf2326f034b16bcff5db64abc7cfb7f582b39ebd3604f1806169608a6cb20f74c1def4d6f65ea4f6163c06e390484150973f9ac26455562f4ccccf89122a6e319fa75918cc0ffd09f76a7feb611e7aa93631163a98c2175f5d3111866e379609dd59fde00fc3fa90ccc17b0afba353ff8e5a40127e737156a78009e2c7e814fa9afc1c07abaa0f8084fe5be84c8bbea217e242d61eae413570786b1cda18e189c8743c53a01c2395c1e8a30b440217d272ddf42b4ae3db25ac5f5cd109886875decd07600bec80d9179c85d2ab856ee2587cd5d7b6e54ad4e793103ad99d256c281772235553b0d574c3b86b8b2fb0ca1d72fd48a038bd8ac5bfc902148c2193ebff5a7849d21259869baa8f0ae7851f9424fe3439f22a472dc7e4328427a041d7b121694f327b759a10b86cd45ae9a1af7dbf3b2381b001b23ffb2eff828f160bd187b16d0b6c23af1d9e6376d0eab00348beab3111c88726675c8721721863cf7d378061eeb307bb201facfc71eb73e4ccb1b6342befbad30b87eea7b88442895439a5a3e453361391a25c98325cbde01256dcfb1341d15cbda4063bc4a13b123f8982b8af24149023553c48f3895ce7b53cf55b41d7dbb5adccb061a0907346ed76273355a7b71b256c066a96745c2f35826d83ef411a5ec9b98cb3e23f1817d542a17d499182350d4eee2c3b40140a41eaabcb334dc6a5d9ea9fb20bd69b5f7f16857ec170b0e82ab16bf089a2495e8be1d55b4272e17bfe700e24ac0a8c1ab2561cef86f88b390abe133937d99dfe059662e7d8d036c1e89b3005a54f0ec02d029a084d73f014898864f15e2a9e5d7048e37436155524504753e38048aad32938f35d9de0bd638b132456d9689b176d3b6e84536f14701baa8b5f0be6ac51d9a3a814d82206f6d9ee1837e8081b8223179dfbf9139f03e31bb4870664fc65392a23ebf81c393bdca80624b66dd76d28792244d00e8146a1a9c473defd67b6e5954cb955d1a39c30b8c853b4a01ece87fff49aa4ac4f38240834ef7e910e584c3d2d18926fc518b9b20617718557fa5aab614fbe7f01fba12928070dc5088846948bc8eec80faf48e42ea2cadd497854aa60695ae61c0f44fbbbf358ff811666ecedc2db1c8a7d01d01c93938f6309f08a0d01395bdf1f4a4498b15fa302b57029ecb598ad44fa7a53265fb56f6d81be76a3d2c5d838afde8b9cf112f2169db8e991b6878f9bf0cedf523b699fdcced25e71e687e50e8548be974cf61a3f4d38d68ba000c9092429887fe649ad96291115c629c5d9d445f208ee9ac7fe14ec09d584a9671dc3bda147918571b7684424e55c34b37f43a09863ca783d1a3c55a5a8db11f7d7caa2654da6365e52e134689cca77a810a4ae241f5f80d7f72972072da3d9eddbc0e0da81a0674b3c7121af2838405a64cc83bdc0edcab8ad979784dc641174d30f2551dd711c916aadbec53bf0cd9fca7ebc7bf846cf323e2436ee7bddb6111102427c4b665267b52fb799d470dc04f57a54378d84fed3aca6394b91075692bc91ec6e3871d3f173ad449f1cf520035e521ee41a06323550cfec9743f5644276c06361497c26945c50a27f8e44d328680b9a61dc04fe45f5ba8e24ee4df8de131e18445bf8ce25941945e49abe6370378af2bf598d2436576dc42cab1e149db6ee5ecd56f94cc4655c8434ec49bbbebc411305f52a11cd1c8b917d1742f91471e3ceb4bdb9a3e0d931aa90132d2f800c47e64cf1acb11c0aa4bbd710b0a39aae077e9d3d574788f3794d89a5289dec8ddea3fc8f08a6cb47a2aa4cd214315d93a0a82bc3e4a4378f1abf11a621341ff619b0ce16505019f820925411f4459e4267af74444bfb70500cab36e3168263604a264ab03ae4e3760e7cf5c6ed034cca0e34063da4f6832ba701e4ace1c5d594b7321697407f99fafcf3d92ae4e3e9120d9a0312bcd10f7fc82396f8ad4f4b5f85055f1c3cd5261573b78e6c501fefb3e50c6b7d70988da9feaa1931f08754be33685ddc0d57722849896ed0505611b5310545e6b84293a3d82b3acf7ee4ecd665cce96a480c3edb03146ec6a2d04b5aad10f3573194b1a9ea5eefeffdcadf23f62b8c4b09b0bd1f276a811bb32ef88a30716eccd7f65fb334b5d09e39767d6ff4f9868bd71e469ce082220e4e90baaf4a80ea8d147a5d338cc690a807c8b1a034380cf53b21be74e4bf68ecb7190bea987efe754cafa3fb2d892e1e899d5543f18ccfd3c523f299c314d8d9bc035e234024a8ea1786215497bda52e074767184dcbf4f4075da41ac22bdd48bd5699e4b9091087b4d1e946b8c12fc9f783ae67ce89934ae2ee0f33b5b79f74aebe614da20251c56ea48a55cd0c8bff4955156a071d9aef7b444434e24a3c20888343e6aba1a1ceb0fecb206ce9a663f053b564d4151f4c18ee93638f706f2f34c15aad39c7166591dc698f7d82a2b299cb3856f40eedf75577896c380f4c3de8dbddfd3b3a87851a2f45d6640b053f7f2466837cf0cafbf00d4dcc776061efb2d72c6bcdc25080d89c84a221156f6cca0d4dfcc34f76159fe196e9c50addd2a21c39946ee8f6c6991bfaf01f75d2961c382553d0e56faa2669b947b60499dfc1234b5dc28fc9261b4e166ce74db90176a8903dc73db3b091e3cec3ffe390b95f65db07c1798ed9993fedbedad3d2ff7ddd4db295881f61d8ceca0ad90dd3240e96c6161743cddf45523f1cdfeb9ab5f7121eab74ecb28baa521a98d2c2d37902951f239f0e5a3fe6ff6fec35c7f71ee65e18fb19c139e14d49f8c81445148a47d965c2ffd728db1d286d5b8726681c7e7f21e0b298e4523bb8f1dc470ceff3d2897e1e635f8b5d90e220881751413dc43d9a1166981794dc8d578f60d2db559690da9788c2d7833e84b026f8b130dfd39ead9238b62c988d177787b78fdb113c1568fa0cb6a6a7a9508b8147b5f9da9c813f30c0fb34ff77563a215ba09186c514c256c43fb146a0861ceefd87a2d2563e923f56491ba14561ebf6ee095c08913158dbbeb2cac82aee175b898f8c978110051040cd6fcafa57b4d27e42c08a1888c8e53093fd6c107bc9f793082c5cc164dab7a2e616930238ec0230b8c456b855355fd01cd6ca12cba6b25577f0dac06aae6def9403629c8a1a32181310b5747f43d1042949edb3368fb189430e0c0ef541344b92220bc92d5c2212269a17dae0cdc3e2035e53f7c50ebee9d30b3949e7f4863bfe4f07a2d41703d35372cac1082345b30866c792a8adc3790735cca94bf4afada70ef071d1e73f9668e164a12d4ce6594e1cbe74f6a7f40a594274dc756c5d08f9aefc1f33bdc49094f2e2b67a7f7a6b47804f2fbc2d9f2c60e010ab2b983e478e3ba254ee53944e5f7655aa82aa5f01a6c9f33dca030d0c5e752616df2e1b2a34c769a9c0d8dc6566612fb4bba574f8379308", 0x1000}, {0x2, 0x7f, &(0x7f0000000380)='/^:*^}\xa4\x00', &(0x7f0000001440)="3bff4992fd9c84cc67aee08fa596e6314f3f9c7270e67e6d9ca28949f405ea128d93c131d859238a21bb7d4169be5c681da3d40c58771971675d08493c0eaddb9229f98b41af958f09a5115ee080bc4c0ece680b9395963d360712c14ccbca725928d9033d06eceab3118b70c1098e917da60e0ef487d6832b19df2d6e65ff855fe4c20dfe7f3ea1577666d3ee01f94d14fe5b93cfbc94573edf3fbcd415d2d1b71f518ce51382dc5ddc864c8e7208b676a186c321011f117926", 0xba, 0x18}, {0x2, 0x8001, &(0x7f0000001500)='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00', &(0x7f0000002380)="3b7ed93bd2d1dc71ba35421f915f41feb1f3eb65702d360b5f2016a373d8d79ef084949fd87ce6dfaaf2b8c0089fff3e2c124c18e6620d5293cc1093ddacf34c6d572451af674cf756c53c1835227eb26045acb23e564867f4565bc737c5742b155ba7626c57909b9d8575d571eab929827e8caf3e8eac74a0490b79f4d30394e75f585b5e865fa1d54cc3b45771970d787dd6fb2798f9d9c12144d960dc80e6d86baa076650d99deaa13cfa05179a9f72e7425a86a9e14d587602409500166040b185ef02de91981d8424bcc10c3296fbf2e2cfce0c9cfa13f6438f28889c92bf42963fee7a4a6f06894ac595a7d55fc2963570c80f0f834b0e44abb427e3e077403d6f3133edb34db1aa5c15de5b4c27a7dbe23580cdfba478f9d3b38441f879306e56adf07c65c78dc0430354e983c989c3dc2e131f3acdfd87071f7ef4a9c1d7724ebeb0564b1d97d91cf152d2092b9c734f8576d1f5b72ea1a17f9751326e05baa4e9d15e2e5d3c29a31910a13769f1f47202aa7b65656105710159d83836441bd31b4cc08e8d441d5b63ae0f02de7a5df4df2bee0d8264f15a9a88c0d7a9eaedbd7994349b630a1549c4726913a80a44042bf172951b2c0afb576d353e747f3fba73f8103f56a2b210ed71924059cbf3358592e737aa7b65a5780d1b01ff078577660b42a30cd4420f5a9ae1c56bc37f9d2bd82d5cfa774b535327247b6dd18abc474c3b2963797daaaa3987c7a2853fbdadd28b641920a0ab5562f35aa8bb7798778dbeac3b604c0fa5843c6049051682d9894e58ec141b324cb9cb8a098caac4fb408d453fe249cd865ec8e801d6ba887dfd0760016f52760361050e8804d8452162e78b2bf94e3300c19502265a6a2ad220ddbe4f73e09d7bf0ae92bbfd90cdefe88925581e210e100197054b835c0236299f535b9dd8fa0856fa7c5a03cb0c5c2c2245d3bf7d267c183b201c559d2b13c2fc29f2bfd24c0e399d7f6e506cb05bbb8c0f1a91017be51096b7bc002e7e48206cb189611ba6e3f1057aa0b22751bce434bd836e2fbd170f1a947fd502ad0f60e503c450aea2ebdb81ba3116cbe6ed057618fd3772506beec79762b02b11652999949f65ba12abc099c7792874429c3f6ba8e93edd61b888f9ef4c8a8b46a41387d1a37ff075974217fca3e04404fc24f855e236d9b1da21198e213efd73d40bc3d954848dfdf4693e40283e45ebbc6ab05512abcb67555fad2cb664e70dc6ef5e8c0324cc01b742b90f3395b1171b4e86a44b0fb7e4f16573781b7fdabee10e235723e025418d04ab58dcbdd11bb28c75bcea35b9ca4dda602519cd5351832d22d9747460fcbdce4baa25d6fa87fd72f159661b62eb5db070067163c26e5bd621f270200203d4be49cdfcd8d44aca09aff9f5a6bd7f55f2f3e4f5fda6077daaf2b72175c8ca46d7e7c47e6d937c4244fb490eda9a721555ee2ac4751af6d85f9a92450832c9bea02c3b17a26b9f097668ef365175a8833e01f3926c5df9d4847615244ee4556fd389f8f6d202f151e7b794a6e58e4b10790783bf237e70dd2a80f3cc2d8a2dd9ff9d865fabfa44bf0f342652d12f37377b31e1c567fcf3be47ceca76b25721c948b956e72efd5e9b859c9aed50337285f4a2031549188aa169a672b96742049ebdef7c05c644d5fe6e5463396cadaca056edac2e97464e18baed762b3cabbd2b52e9e92af11374b46bb84dd3c2a861bd53d172049001cca8db3040cd46b9dddc0c422c040130b257e4fc7a10922e13056bc3945058da0a74695d0a96cea0c5d6506f4de7c00903339fefc5769f9c44e381f804191c98a63e3f6eee08e127a9acb3d55d7a312676b2646fb523468318d95458e93c4621b4bf7527f15052f8599989b8a1a5babe19de0841fa83540bfb658a6809cef97f115237eb7be454887a26913338998a096b7553437d2a3e7ef51ba09700378abc5f6e58a4d48c0ce3dbf8d142aa093aa999332af0b708531410a9c23805e07374a27222563f1adec5cbb49df045e45a4e14ae99be89a992191c26b74b11bb023918e0c248a8e8c66aa216df9616eb748302b8c90fff22f6a4011cd97f9f4d11ffd96413f7bc71a0c360a377630508b5a71c1a2e807c50852aab4250845eacdfc012c17b3b1f5a35d4bb18b0c4a05121738c97e926473f5098eea03776881b3b128c305579633ad69b5a132e2b1edb13a496193098d40a6acd84591cba46c13d9f814cd456e0d5254a58d6232254c11190ecbd6f6e1d980ed14e4c8d6dad9e4cc23bc4d1c0636f4b1e51d24d4ee7766175c1564e80f9567ec79ecf15bcf7adb481e1cb10e588855d083c9648dcaea3a229c5d5d648da2602b56619f9c4d51766347e1da93f1505eca984e433bb2ed7e264c68929b6fd25a829d544bc20af6962ca2b3e2e8d8bb633bff21bc33eaabcb547f82815e99a7a18fda11d47c05b7ee868414a879385b279176d4ad52f67ce4a709a5e00ade50da5134954467b784e203f4986c1a139e3928ac96832cd8924f0b4bf8016de758c07e27511055df23797708b47845f5184eb0dc3408920a07a2eb0c6f8e9a24c25e23859ade5a130aedcdf4c714970661ac348aa919c49bf48f2eff766494e677303394fc49ab772ad9b1c04561a7905eb39d3a89ebbda556ea84ff6dab39736020b9001d3cb5167030f08b300c43c89db7d277351a4723628d42a33463bc508ce0975e291ef3119f4c556e93bfcc8982c1e5b4eefd29b6a90d68013875ea3c36911e70e0f4c3c892757f4b6fd74a59b51ad22506777f4ba3973cd407e82acb8ca3529db92b2c475347914b551cce975a75df3f57260f2ca9628819b6c3b3e9bd9c78ac13082db10da42ece3bdb53fc7c3d370c7e6448b5fd39d34eee2454a4bcbfcaeb080b343888c5e099581c8bfc73bf6a9f854a71b4867ba9929555684814828ed2a9dbf296db2790814daefa514ede942dbd111eaa9e556f8f97bf1c5c1ec456f8afa15fbf59e0804b172a168a99c47bf5100883a08942028b3ed7c62b956832773df1544f69081357f4b5317d10d9e65a430ffe92c7ba8a521e3999946f3a902818f0bea3373c85576079d1c9b2e19624c05b344f22a85b11458a91961a6fe6da7db5d7f39b6521144e447c2130f8763ba5b5d33b3eb9d194b047e6efc1a184bf265236fa26eba549951630a3215d271c0236f6067185e3fea8c99a70f775cc40def37350930caa69e45ac504487824c6ef5ecb1b2f23f08760d74b26470eca8b58407f3f5c19dc8731d70d0017f8beeca74be5d003dd45632aa6b6339df3997c73f15039931cffce4b0e8dc37fb5f9638ffcc27f7b82314661487d4b2b9003296214c8939c9259f7fba1d2aa954760ed7bdc89f20e652c884c75117f4b07fbdd0575d7b72a004ac6f384dcee7a5634768fc00b5be2440472d68eea03db445f8138ad12f97085af4176a5400b3093b53931ed9ca332563c0bbbf56048f9e676826e6bc26f18e4789082ed2af049a7aa70c63b6b2eee20648ecf87b7ec41ea0893685adc537c2f3511a1041084a79428b9d96d75a987699ee9bd5176cd93c8ab402af5488552c6f477ae65532d42ed3abb3df8aa1c6dfb1dd2dfde96fb9556f915bba3275d90ae7f606ebb2100412933d102d78c12d688fde47f5ca289b36a867817c3834927a528aa8ff94e00b96d32f0a2731df99c2b26b681fee84b5fe8521c7bbdadc0139a506d21c534f98852ac819dbadab5dd6fe1382c40569f6a503268f8b01502c7ef0e74a4d861852ea5a77117873a6e32c392d01c6bcce160f938de427266d68382c54211d0e038e26f621c924747a14ee015470093016ecf979c64ea919cf683b2914325d28ffa1d75db968af20c5ba12b7fb7785918c0588c1ed8621a7ac436f178694400f4d8b638445b9366ed940df681434b3a987fbf37cc41ba8810bcd61cc10f638f1b29bf29ed7b9b6f347b3dade83a02400b6d9d29c7b86105ec45818f1f5c275bffc7f41b829edb8eee560762333fb855aae2a1c5d85a2349c1b30e8bd2930ab00fc3d6da7698af0dda04cf0b93c1641a6a458685ae01e425d3b10646850b0146f330c384af316b36c8dcf40421c1346ceb7c0852ee04c20cea26dfb9f7131f29506e88294cd9a4de9018e00d52292b5b1bff78b8222b6277b0dd7b2291edeeaa3f4ca76a6cb8db14e1d268c4d9369a9f2c1bd8e598d4316aeae443a8d800f8d34da6a6207518316483ab5bb04aedb83741db020942e10c52a9365bfbe2733c553783268cf29ea86d766d083b745ee83e14c01d15b97cf8a6506e19bd4807f89b45d9137460fe2f473b430302187cf4c3d8051035ac4bd76dce5d6fa64e6b273d305505379a8de3cc34da65f61deee3df4831b20caefae9a7e25a754c73d433c8da4286da8fb1c7a8e3492c9d658fe4717d938c822aa18df7932ccbb3834236b747ad32c140ebfa8e4231bc141964e998429887bc9a6ae48294697b7364907c657d2c953c23f0dc5e2fc0bfcd9e667fb1a303d91e91649d3827b7be18a7e222796bd56cabb8c4ae80615cf891e913dcc6e58f34f976e86688d5057cc931fb0bcf98a47e7577268f1c20b85424d104414f62b7f6d8896dc846775b8a6a34efc619bc7070b97a6a6836b0dbf9fedc0edf0936988c6f6b45110f43f9ffdd8d962fd866f73f8f325bc44057af4e2ef4489b0a0a0560afd95b9fcc3dcf05a4453e5f84bde58afbcc374de3b97f78df5dc6b43ffd88d124100ca85e806bcbee5f61efd8b7fe69f6583251d73bf050f68fcf1ecc38998a531c3a49e855c955ed9cc91f0fab3ccd79fdc600c272c0caa3fd85824214d4d70a79a1f1e6d3c3c0cb7030c0d96036a41a4b75f9c2d8abcbaea31cf627581ef27d96474a9e013e4c8250a9168f8589ee4fa74062673ce6c351da1bfc8ccef26b1abd9cea724167937dacea6ac007a913d43ae21f3f55d909ae8a7667f74b90f75c8a39337942f0624b47f03da1bdfad143b23e4c686f6758ec83603ad2193538a2d4ecd229043c0e8bdcbab90e45edf2e928465a02e1bcced91428255be44fecc85373b6af249b48263fed2be8a0b025e5b81ab02367997f4081fd65a15fcfeecddcd899e71a056b6b528a1bfbb32415d3c2c87a1ecb98a7303d47a004a8c514236340d8b23555bd98fe786a54a54c0dfb513b81752b68cb7e6a919ce714bb6279c5c533cf1fd267091f14c2c2972a1c61885d7e26b139c9eeba5410091b12334315351ddc2d4de83f82d6d5d079eee9723f6de02de72ddba202451a9413121c18f13537f583f8aa569410d34439f1b3abf6a82b2cb3fd8bbce28682ad688f65be4f2f74a398d14c7e4f06dbd523e0dd1b5d56876339f2be00a1c7a1e0a5870972a84f7664201d7000ceb5d996b775e0e177736d33860cdde7afa9819e9d7ae779c19ecf3f186e85f0c41ff7cdf052b553eee29fd76778b0293a713c9e909788bf538051377ef1f3b42058172211d0795928451f5ac30404477a219352843f838128d3c7ce18cb7634d66d1006fbd844567f278130618384a1e19972645a05fbd746e0f7cf34210d10acca264acc9fa72ea103a8ed4e98b1c4dfd344c05b784e2c7e20bc0e927d281950aa3cc80775088b85670c49dc7e44680e91a31e69f431f5ac794645f74d1b687b2144b5c0e08c09def1f7aac65eac97ec2652f81900fc2d5df88efef084c90bfda36fe2d40ca9a12438f24d5f648fef8b352e33f4166e736297f4989176851ea9c847276a93d6b0c31ab6a35ae37", 0x1000, 0x8}, {0x0, 0xfffffffd, &(0x7f00000002c0)='\x00', &(0x7f00000033c0)="20d00673c17335ef7bf4f8d125be2d7c9c408196812ea8971eb3afd9fe8b09ed7de87146b2a20674a834e460a7e2386c19fd0f2233fd9308728abc772e6b98ad7949a5d0bb8f446d8a0a7da35d6b5cba9b9b49f0d7213148febb3e207046f58b3719f1e126b760abb6d83f73aeac2f2aa04044eebcef7e4615c00e4f84f77a739b", 0x81, 0x10}, {0x2, 0x1, &(0x7f0000003480)='-,^/-[$\'\x00', &(0x7f00000034c0)="572848acc2f3038ca7373601dac7af5175fbee632152f9b37a402c661059812ed989", 0x22, 0x20}, {0x1, 0x80000001, &(0x7f0000003500)='/dev/sg#\x00', &(0x7f0000003540)="cce8746999eb9ac36e65d0154b7d218ad6f9e41c09466e654804c1743113b243c030c96147585e595da75cfcb48c87192f4938a640418de0ee89d3cfdf1e1a6583bfac1b34df42054b94f8a83c1dd5417f0fa3a86b1ff1800d858aa44c9b9470c3c8f8a6a1d3e3e8bd2e435dbac12baad3f3f44433e83515c77a1e735447d56841495c91685bdc6f6f17e35e23e533777f274e4bcb658331d7e83c271079acde17227a36", 0xa4, 0x8}, {0x3, 0x0, &(0x7f0000003600)='/dev/sg#\x00', &(0x7f0000003640)="2a2bbd368402052d4e918520b5587f00fb03ef2379ef16f44626051e0b536cab1bd50d3c41d9ce5a3f00da2d525f28be19ddfafa294797f7f9c54d345172798bd38d1d593b8a88a2d4ac5808bc9dda5d699589d2639bdd8287d966a1c7fc5989f4e6542d40061479beec25e83c7341de3cb66441b714577055192af75a48aad170c6aa4843e06e2a35c4853b7ae31076efc4d58f5587f968af436e6ba5cc761e92daadf8b5a041d098ea33a5cdb08abca1125113f94c18818a1064bb9a1d65ce507f283ec4c48b63594a5e82cdf3d03cd5b2", 0xd2}, {0x0, 0x1, &(0x7f0000003740)='^-!$^\x00', &(0x7f0000003780)="6312fd7a7cb8f8b655e736e895c5d8a135a248ed8db064e85f1c03a1a313d789855e6145af17aaba66d80569c5946404ae2b9b43331136df943b5be7146d8f4be61fb7ab634b4bc8272cf98898f434f442b7ba512801b8ab1d9e77bd814730599478fe457efabc0f1fb5095176f9e9af53303f11439c522a7fa5de02ae4d89f05c159c1d8a2f1acec4ca33e8134c5dc53b92b6f791a7c86ed99e2ea3080c86a76638424f208489a613c2a091039b2be7ba3544660b3e56", 0xb7, 0x2a}]})
ioctl$BSG_SET_TIMEOUT(r4, 0x2201, &(0x7f0000003a00)=0x4)
r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
writev(r5, &(0x7f0000000300)=[{&(0x7f0000000080)="aefdda9d240103005a90f57f02703aeff0f64eb9ee07962c220852f426072a00"/42, 0x2a}], 0x1)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000003b00)={<r6=>0x0, 0xd8, "059c741cf3df2ec8adf7362e80842279dc4f8057218b04b633b0862bce27df9bb4e4ef439b77c8b4e689d3f66966a9a387d802c40e7a39842423f253925901099f732eabe317b7fc768f530b40066947cd1b2b1382566ec63ebb35337c5139861e5b2a669afea035fc04469e3bf576ce7f5e6872c588b8849571995f9b3638c6af0e6b3ff7cac99e87d88c19ed3dedeb08b80ef623b3179d07cc937358e041b0adaaeed9e1da7002bee981872942d78ea8b4a5a67efc4d5c61e505e54d743b65c2631affbd6bd3271645995374c1124782cd8dbe6b9d4da1"}, &(0x7f0000003c00)=0xe0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000003c40)={r6, 0x1, 0x9}, &(0x7f0000003c80)=0x8)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000003380)=ANY=[@ANYBLOB="2c0000002000717320000000fdaafddbdf2502101400fd0000020100000008000200ac1414bb08000100ffffffff"], 0x2c}, 0x1, 0x0, 0x0, 0x4040000}, 0x1000)
ioctl$SG_GET_PACK_ID(r5, 0x227c, &(0x7f0000000000))
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x98, &(0x7f00000000c0)={0x800, 0x1000, 0x400c}})

6m12.223957569s ago: executing program 1 (id=230):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={<r1=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000600)={r1, @in={{0x2, 0x4e21, @rand_addr=0x64010102}}}, &(0x7f00000006c0)=0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000000)={r1, @in={{0x2, 0x4e21, @broadcast}}, 0xffff, 0x2}, &(0x7f00000000c0)=0x90)

6m12.221456966s ago: executing program 1 (id=232):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x1cb)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000200)='.\x00', 0x0, 0x8b7840, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x18000000000002a0, 0x22, 0x0, &(0x7f0000000040)="b90103600040f000009e0ff008001fffffe100004000638877fb080600017f020001", 0x0, 0x104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x0)
ioctl$I2C_SLAVE(r5, 0x703, 0x60)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffd0900010073797a30000000000900030073797a300200000074000000060a010400000000000000000100000008000b400000000038000480340001800a0001006d617463680000002400028008000300e4edf2b708000240000000000e000100636f6e6e6c6162656c0000000900010073797a30"], 0xe8}}, 0x0)
move_mount(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x7)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(r8, r7, 0x0)
ioctl$KDSKBENT(r6, 0x4b47, &(0x7f0000000080)={0x0, 0x7f, 0x700})

6m12.154551782s ago: executing program 0 (id=236):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
ioctl$CDROM_GET_MCN(r1, 0x5311, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0x4)
r5 = socket$netlink(0x10, 0x3, 0x4)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a1c000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000100)={0x1, 0x0, [{0x1, 0x0, 0x5, 0x7, 0x803, 0x3fffffff, 0x2}]})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x486, 0x0, 0x2}]})
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000000)={0x2, 0xfffd, @dev={0xac, 0x14, 0x14, 0x6}}, 0x10)
sendmsg$rds(r6, &(0x7f0000001d00)={&(0x7f00000017c0)={0x2, 0x0, @private=0xa010001}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@cswp={0x58, 0x114, 0x7, {{0x7, 0xc882}, 0x0, 0x0, 0x70, 0x6, 0xf204, 0xb, 0x0, 0x343b}}], 0x58}, 0x0)

6m12.065251097s ago: executing program 1 (id=238):
prctl$PR_GET_TSC(0x43, &(0x7f0000000040)) (async)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) (async)
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x48000, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000400)={'batadv0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f00000000c0)="ea3d8100", 0x4, 0xb01, &(0x7f0000000080)={0x11, 0x8100, r4}, 0x14) (async)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) (async, rerun: 32)
ioctl$SIOCSIFHWADDR(r5, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random='\x00\x00\b\x00'}) (async, rerun: 32)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r6) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000108, 0x0, 0xad}]}) (async, rerun: 64)
sendmsg$NL80211_CMD_SET_CQM(r7, 0x0, 0x4) (rerun: 64)
ioctl$SIOCSIFHWADDR(r6, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
syz_clone3(&(0x7f0000000100)={0x20000, 0x0, 0x0, 0x0, {0x34}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)

6m11.855178025s ago: executing program 0 (id=243):
r0 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000140), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = epoll_create(0x0)
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r1, &(0x7f0000000200)={0x20000000})
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x100, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_VENDOR_DATA={0xc8, 0xc5, "cdb3baf5b82d6b6665d3f7cb670366bfda1238fa29a0f2702f4017ffbb676fae3a5dcede142f50af7eaaf1ddd9a5a192ae273a1e222f4b460cc0615a2ce8c346fb2ad9b505822ba1d3407808e281e54be57a218b34175ed7c6c62dfa1bfd82b7556fef5e117b090d1db1d28381f995b37c96c8b487e0ef898102ab431d7eb75b9a830a17a8077b2e0b0f6ba64e3287059a4c0d843c7e09d2e2ece2ef6ba0d86c455c6e0f5ee6bca887adf80593af75228eeb84c09d355c5477ab22a0f6ec502c86f6333a"}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x200}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x1ce}, @NL80211_ATTR_VENDOR_DATA={0x4}, @NL80211_ATTR_VENDOR_ID={0x8}]}, 0x100}, 0x1, 0x0, 0x0, 0x4004810}, 0x5)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x2c, r0, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x2}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040000}, 0x4)

6m11.854974211s ago: executing program 0 (id=244):
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, &(0x7f0000000000)) (async)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, &(0x7f0000000000))
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_emit_ethernet(0x66, &(0x7f0000000100)=ANY=[@ANYBLOB="0180c2000003aaaaaaaaaaaa86dd6000000000303a00fe8000000000000000000000000000bbff02000000000000000000000000000002009078000005dc608cb02b00002f0000000000040080000000000000000001000000000000000000000000000000008a398238d0247e6c65fc7e5bb1969d2f7329d94b44d7ac23fc994f1382c7c117f4f78177ece479eaca1c4a12615cb5ba4d51f6e1ed6c7572a9314690411d86"], 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000500)={[0xb, 0x9, 0xfffffffffffffffd, 0x10000003, 0x10000, 0x3, 0x4002004c2, 0x10002, 0x9, 0x3, 0x400, 0x4, 0x89, 0xfffffffffffffffe, 0x8, 0x8b], 0x100000, 0x240046})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6m11.775625461s ago: executing program 1 (id=245):
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x9, 0x30}, &(0x7f0000000040)=0xc)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
setsockopt$inet6_tcp_int(r0, 0x11a, 0x3, &(0x7f0000000100)=0x304, 0x4)

6m11.658365045s ago: executing program 32 (id=245):
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x9, 0x30}, &(0x7f0000000040)=0xc)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
setsockopt$inet6_tcp_int(r0, 0x11a, 0x3, &(0x7f0000000100)=0x304, 0x4)

6m11.604853029s ago: executing program 0 (id=247):
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044050}, 0x40)
syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="020000002720073acfe6be212443ac36c6730f8674b5fa80300d8cb28136e37c244d88f18be2d194ebce4d922436654aa6f20764c9d36a2e12530418339bc1e7aec860c11e1f29afe501f72a8d92a3a77f95e52ee9b93641b7314da57cdde5abe55cb88f2995a3304727771862a2c35837997cb08dd796d95dae7b0d93a3b5923a4c5ae947538a431269ba2c2d3592b7f1c617885f6f8789370e4767a9708ffdcfa76f601cc9c48ea099a9c0b5f5189517fed03bd212b57f91c2bdb31207ff207d105eae0e8722791fa27787de1df633654a9e4bd39522161a49cd82e31e54a01ab1127093a70daa245fd44eb34b64"], 0x7)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260218110000", @ANYRESDEC, @ANYBLOB="0000000000000000b7080000d14db4564e873fa7da3403000000007b8af8ff00000000bfa20000000000000702000002ffffffb703100008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x39, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x4bd1bfda, 0x0, 0x6}, 0x1c)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
r4 = syz_open_dev$sg(&(0x7f0000000080), 0xffff0000, 0x40)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000280)=<r5=>0x0)
sched_setscheduler(r5, 0x3, &(0x7f00000004c0)=0x8)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000040000009e", @ANYRESHEX=r4])
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
socket(0x10, 0x80002, 0x0)
socket(0x10, 0x80002, 0x0)
r6 = syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/cgroup\x00')
r7 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
open_by_handle_at(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="20000000f1000000", @ANYRES64=r7], 0x0)
pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="08000300000000000000bf0000000000000046b6119b3e899ba0ec9a5d4a35055199a3a518a088903ba399b29b49b70ace453d7bda6313d2907624206c739d7794f1a55bf4e72bd012bc99f4f7e02dd3c9ba1027cee048441b433006e5f0ceeccf8bdef9f482383eb4293ad85acfbbd1572837f1499d684fa2e642a44d895d496ebfabbdb8a821cadbe65d3855b46ae2fe54b268ee39a7d37a4157d86e0af1617f389d4478367201cdc011714b4e9755e1b2cc473e8c2d9f1c90d7339c65d1de86ac035a5c0a6cc7ec43ebc2811b7145285caf5945f8f65ab7c508d54ff70761b14dfbcd6ffa511656ba4eede1fdd4fb2664a92bce427048fa0d63b3389cf37898fba79c5e8f504248c38f74cb4dd5d082e7f9a1c9bd394639d8b90c3884c891442c32469abf952ebf40699c64173a45666669da3793fdfe1743", @ANYRES32=r3, @ANYBLOB="10005a800c0000800500020001000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

6m11.52546579s ago: executing program 0 (id=249):
r0 = openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) (async)
unshare(0x22020600) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0x8, 0x4, 0x4, 0x4}, 0x50) (async)
r2 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) (async)
r3 = fsmount(r2, 0x0, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1, <r4=>0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000340)=r3}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r4}, &(0x7f0000000380), &(0x7f00000002c0)=r3}, 0x20) (async)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000003c0)={'pcl818\x00', [0x4f23, 0x2, 0x1, 0x4000, 0x1, 0x5, 0xa, 0xd287, 0xa, 0xfd, 0xffeffffa, 0x23, 0x4, 0x1, 0x6, 0x101, 0xf7fffffe, 0x1, 0x2, 0x1, 0x8, 0x927, 0xeb96, 0x401, 0xb, 0xe69, 0x6, 0x10008, 0x3, 0x1cdc, 0xfbfffff8]}) (async)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/pm_print_times', 0x20206, 0xac)
sendfile(r6, r6, 0x0, 0x68)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) (async)
r7 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00'}) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)}) (async)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, &(0x7f0000000000), 0x0) (async)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) (async)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000000)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0) (async)
r8 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x80)
ioctl$HIDIOCSREPORT(r8, 0x400c4808, &(0x7f00000000c0)={0x2, 0x200, 0xfffffffe})
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000122000/0x1000)=nil, 0x1000, &(0x7f0000000000)) (async)
read$FUSE(r9, &(0x7f0000000640)={0x2020}, 0x2020) (async)
ioctl$HIDIOCGUSAGES(r8, 0xd01c4813, &(0x7f0000000700)={{0x3, 0x100, 0x3, 0x200, 0x10000, 0x3}, 0x222, [0x0, 0x3ff, 0x7f, 0x5, 0xb, 0x5, 0x9, 0xfffffff7, 0x3fe95139, 0x0, 0x1, 0x2, 0x6, 0x1, 0x9, 0x5, 0xc, 0x80, 0x4, 0xe0000000, 0x0, 0x2, 0x4, 0x80, 0x5, 0x1f9df48e, 0x8, 0x3, 0x2, 0xb, 0x8, 0x4, 0xfffffffc, 0x100, 0x9, 0x3, 0xa, 0x4, 0x7ffb, 0x679, 0x8, 0x7, 0xfffffc8c, 0xfffffffd, 0x69a3, 0x3, 0x6, 0x8, 0xfffffff7, 0x1, 0x401, 0x9, 0x24000000, 0x1, 0x2, 0x5073, 0x5, 0x0, 0xdd85, 0xffff7fff, 0x7, 0x1, 0x2, 0x3, 0x5, 0x8, 0xa, 0x5, 0x9, 0x1c00, 0x8, 0x5, 0x8, 0x5, 0x3, 0x8, 0x9, 0x4d, 0x10e, 0x9, 0x1, 0x1, 0x8, 0x400, 0x7, 0x2030, 0x10000, 0x8001, 0x2, 0x4, 0x2e05, 0x2, 0x4, 0x2, 0x3, 0x8, 0xffffffff, 0x6, 0x5, 0x400, 0x6, 0x8, 0xd5d, 0x8, 0x1, 0x2, 0x10001, 0x401, 0x1, 0xfffffff8, 0x3, 0xfffffff1, 0x7, 0x7, 0x9, 0xf, 0x6, 0x2, 0x9, 0x0, 0x0, 0x8, 0x4, 0x5, 0x0, 0x5, 0xc4c2, 0x571, 0xae, 0x8, 0x401, 0x9, 0x28, 0x6, 0x0, 0x9, 0x8, 0xc11, 0x38, 0xfffffffe, 0x9, 0x3ff, 0x0, 0x5, 0x6, 0x3, 0x3, 0xb, 0x8, 0x1, 0x80000000, 0x9, 0x5, 0x5, 0x6e6adada, 0x7, 0xffff, 0x8, 0xf, 0xaf6, 0x3, 0x0, 0x4, 0x0, 0x7, 0xa3a, 0x1, 0xac, 0x7, 0x3, 0x8, 0x4, 0x78c, 0x6c, 0x3, 0x40000000, 0x72, 0x2, 0x7, 0xfffffffb, 0x8, 0x8, 0x6, 0x9, 0x3b, 0x7, 0xa75, 0x3, 0x241, 0xe, 0x0, 0xc15, 0x8, 0x8000, 0x10001, 0x7, 0x5, 0x1, 0x3, 0x7, 0x0, 0x0, 0x6, 0x4, 0x1, 0x7, 0x69, 0x800, 0x1, 0x9, 0xfffffffb, 0x3ff, 0x1ff, 0x0, 0x3, 0x1, 0x3, 0x2643, 0x1, 0x7, 0x8000, 0x4, 0x8, 0x200, 0x252, 0x7fff, 0x93fa, 0xa2b, 0x80, 0x5, 0x8, 0xff, 0x8, 0x1000, 0x8, 0x5, 0xff, 0xfff, 0x10, 0x2, 0x4, 0x1, 0x3, 0x1, 0x6, 0x7, 0xc8b, 0x0, 0x7, 0x7, 0x6, 0x240000, 0x8, 0x4, 0x7, 0x18, 0x1000, 0x2, 0x5, 0xfffffff4, 0x3, 0x6, 0x2, 0x0, 0xfadb, 0x9, 0x8, 0x2, 0x8, 0x5, 0x0, 0x80000000, 0x9, 0x100, 0x1, 0x10000, 0x9, 0xb, 0x4, 0x10000, 0x10040, 0x6, 0x1ff, 0x81, 0x800000, 0x1, 0x1, 0xd63, 0x9, 0x1, 0x1, 0x7, 0x0, 0x8, 0x8, 0x3, 0xe, 0x2, 0x8ced, 0xfff, 0x4, 0xfff, 0x9a0, 0x6, 0x1, 0x3, 0x1, 0x0, 0xfdd, 0x7, 0x6, 0x4, 0x4, 0x1634, 0x9, 0x0, 0x400, 0x6, 0x8, 0xb1, 0x80000001, 0x7, 0x9, 0x2000, 0x6, 0x7f, 0x7, 0x0, 0x5, 0xe, 0x3, 0x80000001, 0x2, 0x2, 0x3, 0x4, 0x2, 0x7, 0x3, 0xffffff80, 0x100, 0x80000000, 0x5, 0x6, 0xfffffff8, 0x679, 0x6, 0x2, 0x7, 0x59af, 0x4, 0xb, 0x7, 0xfeae, 0x0, 0x1, 0x9, 0x5, 0x800, 0x3, 0x7, 0x9, 0x0, 0x5, 0x9, 0x4ca4, 0xf7, 0x7f, 0x4, 0x4, 0x3, 0xf0ff, 0x2, 0xfffffff8, 0x3, 0x7, 0x3, 0x8, 0x4, 0x6, 0x7ff, 0x8, 0x0, 0x2, 0x800, 0x6, 0xe, 0x4, 0x81, 0x101, 0xde40, 0x6, 0xffff7fff, 0xfffff800, 0x3ff, 0x4, 0x5, 0x40, 0x1, 0x5, 0xfad, 0xeb, 0x2, 0x0, 0x0, 0x200, 0x1, 0x10, 0x1, 0x101, 0xff, 0x3, 0x4, 0x262ce847, 0x2, 0x8, 0x1, 0x9, 0x3, 0x7, 0x5, 0x5, 0x3, 0x0, 0x8, 0x6, 0x4, 0x4a6, 0x5d9, 0x3, 0x9, 0x4, 0x5, 0x3, 0xf, 0x9, 0x2, 0xe, 0x1, 0x4, 0xfffffff8, 0xf, 0x10, 0x7, 0xdb, 0x1498, 0xe, 0xe2e, 0x0, 0x100, 0x5, 0x9, 0x7, 0x8, 0x5, 0xfffffee1, 0x9c5e, 0x9, 0x7, 0x4, 0x0, 0x1, 0x5, 0x7fff, 0x7, 0x6, 0xfffffffa, 0x7, 0x8, 0x8, 0x5, 0x7, 0x8, 0xf, 0x4, 0x8001, 0x7fff, 0xa, 0xff, 0x1925, 0x18, 0x9, 0x0, 0x0, 0xd7, 0x7fff, 0xfffffff8, 0x2, 0x4, 0x0, 0x5, 0x8, 0x2, 0x7f, 0x9, 0x9, 0x5, 0x5, 0xb606, 0x6, 0x9b10, 0x8, 0x6, 0x4, 0x580, 0x1, 0x3, 0x8e, 0x2, 0x4, 0x1, 0x101, 0x9, 0x8, 0x3, 0x4, 0x3, 0x9, 0x6a, 0x6, 0xd452, 0x8, 0x2, 0x3, 0x9, 0xffffffff, 0x5, 0x5, 0x1ff, 0x9, 0x6, 0x26f, 0x4, 0x9, 0x100, 0x6, 0x1, 0x4, 0x5, 0x100, 0x2, 0x0, 0x8, 0x0, 0x4, 0xffff, 0xffff, 0x3, 0x4, 0x363, 0x5, 0x8, 0x9, 0x9, 0x1, 0x96bc, 0x1, 0x9, 0x5, 0x7b45, 0x3, 0xc, 0xd1, 0x5, 0x401, 0x156, 0x12000, 0x1, 0x9b, 0x2f, 0x1, 0x401, 0x80000001, 0x4, 0x8, 0x1000, 0x8, 0x5, 0x38f5, 0x2, 0x5, 0x0, 0x3dd, 0x5, 0x308, 0xfffffff7, 0x30, 0x0, 0xfff, 0x0, 0x4, 0x9, 0xe, 0x9, 0x7, 0xff, 0x800, 0x2dc, 0xffff, 0x4, 0x5, 0x80000001, 0x2, 0x1c6, 0x9, 0x8, 0x1ff, 0x0, 0x9ae7, 0xd3, 0x2, 0x80000000, 0x7f, 0x5, 0x9d3, 0x8, 0xffffffff, 0x5fc5, 0x3, 0xd47, 0x3, 0x9, 0x6, 0x4, 0x7, 0x8, 0x8b, 0x3, 0x2ec2, 0x7, 0x3, 0x10, 0xfff, 0x200, 0x47, 0x2, 0x8, 0x81, 0x2, 0x9, 0x3, 0xb, 0x800, 0x3, 0x0, 0x100, 0xbe9, 0x7, 0xb, 0xfffffff9, 0x3, 0x10, 0x10000, 0x5, 0x6, 0x0, 0x5, 0x8, 0x6, 0x7, 0x0, 0x1, 0x7, 0x88, 0x80000001, 0x5, 0xf028, 0x2, 0x25, 0x0, 0x3, 0x7, 0x9, 0x8, 0x1, 0x4, 0x1, 0x8, 0x6, 0x7f, 0xb4f, 0x8, 0x2, 0x200, 0x6fe, 0x0, 0x4, 0x8, 0x71, 0x10000, 0x5, 0x1000, 0x6, 0x9, 0x4, 0x200, 0x7, 0x1, 0x2, 0x22, 0x3, 0x4, 0x5, 0x4, 0xfe88, 0x45, 0x7, 0x0, 0x6, 0x1, 0xc, 0x16a54, 0xc03f, 0x7, 0x6, 0x6, 0x81, 0x10, 0xe7fd, 0x3, 0x6, 0x7, 0x8d9, 0xb315, 0x8, 0x6, 0xb, 0xc9, 0xf, 0x800, 0x3ff, 0x100, 0xb, 0xffffffff, 0x6, 0x5bc9, 0x1, 0x6, 0x1a800, 0x7, 0x81, 0x5, 0x7f, 0x0, 0x2, 0x40, 0xb, 0x9, 0x1ff, 0xe, 0x0, 0x3, 0x1000, 0x1, 0x200, 0x7fffffff, 0x1, 0x8a5, 0x7, 0x4, 0x8, 0xf856, 0x0, 0x9e, 0x8, 0x6, 0x0, 0x40, 0x800, 0x7, 0x80, 0x0, 0x1ff, 0x7, 0xed, 0x8, 0x8000, 0x1, 0x4, 0x180, 0x8, 0x9, 0x0, 0x5, 0x1ff, 0x3, 0x5, 0xb, 0xfffffe01, 0x1000, 0x3, 0xffff, 0x5, 0xb, 0xd7de, 0xfffffffe, 0xff, 0x4, 0xff, 0x3000, 0x4, 0x1000, 0xa3, 0x84d, 0x3, 0x1, 0x8, 0x3, 0xb, 0x6, 0x3, 0xfffff000, 0x3ff, 0x5, 0x80000000, 0x9, 0x33c00000, 0x9, 0x1000, 0x10, 0x4, 0x3, 0xfca, 0x4, 0x3, 0xfff, 0x8, 0x6, 0x7, 0x10, 0x5ad2, 0x8001, 0x1, 0x134, 0xfffeffff, 0x7, 0x1, 0x5, 0x4, 0x6, 0xe, 0x6, 0x101, 0x6, 0x7fff, 0x60, 0xffff0000, 0x400, 0x6, 0x40000000, 0x101, 0x0, 0x101, 0x5, 0x2, 0x936, 0x6, 0x5b2, 0x81, 0x7, 0x3c45, 0x1, 0x9, 0x100, 0x1, 0xc, 0xffff0000, 0x5, 0xff000000, 0x5, 0x699, 0x3dd, 0xd398, 0x7ff, 0x2, 0x1, 0x5, 0x3, 0x100, 0x800, 0x2, 0x2, 0xa1a7, 0xca2, 0xfffff385, 0x4, 0x10000, 0x77, 0x10000, 0xbbc4, 0xc2, 0x81, 0xd0f, 0x401, 0x1, 0x3ff, 0xabe, 0x3f8, 0x9, 0x222b, 0x3, 0x2, 0x6, 0x4, 0x200, 0x0, 0x1, 0x4, 0xfffffffb, 0x9, 0x8, 0x5, 0x9777, 0xa16, 0x400, 0xffff200c, 0x9, 0x1, 0x4, 0xa, 0x6, 0x8d, 0x10, 0x3, 0x1, 0x11f5, 0x1, 0x0, 0x3, 0x4f4e, 0x3, 0x3, 0xa, 0x4, 0x1a7f, 0x3, 0xd, 0xffffffff, 0x8, 0xa, 0x401, 0x7, 0xff, 0x7, 0x8, 0xd83, 0x2, 0x10, 0x9, 0x2, 0xffffff81, 0x5, 0xc42c, 0x3ff, 0x1ff, 0x6, 0xc, 0x6, 0x7fffffff, 0x8b, 0x2, 0x101, 0x7, 0xb, 0x4, 0x9, 0x2, 0xffffffff, 0xa0, 0x4, 0x10001, 0xffffffff, 0x8001, 0x4, 0x5cd, 0x2, 0x7f, 0x8, 0x7, 0x6, 0xd7, 0x3, 0x4, 0x3, 0x1, 0x9, 0xd83, 0xc, 0x8000, 0xb9e, 0x9, 0x401, 0x3, 0x1, 0x10001, 0x7f, 0x8, 0x1, 0x1927, 0x4e6, 0x2, 0x8, 0x1, 0xc9a1, 0x9, 0xffff8001, 0xf, 0x7fffffff, 0xfffffffa, 0x5, 0x8, 0x8, 0x5, 0x3, 0x9, 0x6, 0x8b, 0x600, 0x2, 0x200, 0x80000001, 0x8, 0x5, 0xfff]}) (async)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r5, 0xfffffffc) (async)
accept4$netrom(r5, &(0x7f0000000680)={{}, [@remote, @bcast, @remote, @bcast, @remote, @netrom, @default, @null]}, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)

6m11.243816699s ago: executing program 0 (id=250):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00000000000000000a0000000000000002000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000001000500000000000000000000000000000000000000965622adebe1ffea8fe52b18f4709342af8a24eea0df205c53837b39091448483215931507f2d89683652a077510aaefa0ec1b3cee222cc3e0a2965b729506a38cc81ea089d3d63427f20f7b730b80f8c848fece5a6a2f6a0ca3c683d0531ba1527ea549bb85d5ef7b28362567"], 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000080)=0x1494)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$packet(0x11, 0x3, 0x300)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {0xb, 0xb}, {0x1, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x696, 0x9, 0x1, 0xc}, 0xb, 0x40000003, 0x32, 0x5, 0x9, 0x7, 0x9, 0x1d, 0x1, 0xffffff5c, {0xffff1c72, 0x23, 0x3, 0x8, 0xfffffffe, 0x7583}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x404c800}, 0x8000)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r8)
sendmsg$TIPC_CMD_ENABLE_BEARER(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x0, 0x4})

6m11.151061503s ago: executing program 33 (id=250):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00000000000000000a0000000000000002000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000001000500000000000000000000000000000000000000965622adebe1ffea8fe52b18f4709342af8a24eea0df205c53837b39091448483215931507f2d89683652a077510aaefa0ec1b3cee222cc3e0a2965b729506a38cc81ea089d3d63427f20f7b730b80f8c848fece5a6a2f6a0ca3c683d0531ba1527ea549bb85d5ef7b28362567"], 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000080)=0x1494)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$packet(0x11, 0x3, 0x300)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {0xb, 0xb}, {0x1, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x696, 0x9, 0x1, 0xc}, 0xb, 0x40000003, 0x32, 0x5, 0x9, 0x7, 0x9, 0x1d, 0x1, 0xffffff5c, {0xffff1c72, 0x23, 0x3, 0x8, 0xfffffffe, 0x7583}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x404c800}, 0x8000)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r8)
sendmsg$TIPC_CMD_ENABLE_BEARER(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x0, 0x4})

5m28.265699444s ago: executing program 3 (id=842):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46f8e)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg/0:0:0:0\x00', 0x2, 0x0)
ioctl$SG_SET_TIMEOUT(r2, 0x2201, &(0x7f00000000c0)=0x2)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_GET_RESERVED_SIZE(r3, 0x2272, &(0x7f0000000180))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)

5m27.41589581s ago: executing program 3 (id=845):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x1d}, @jmp={0x5, 0x0, 0xd, 0x7, 0x2, 0x100, 0x4}, @exit], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r0 = socket$kcm(0x29, 0x0, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e21, @loopback}, 0x0, 0x0, 0x4}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000200)="2f93b9ef81be1f8c6ebd0937a258164a72242fb73038ad9c6e86a7590b95bb3d7678d22492af7f77c66cf786a6f9b2781f0928307f44ed98f6ec7a9136840a02681cae1ffcbbb50e1b81562f6d40d5b4ba8ded98897bab2f4053cd9cf827e3339d13060de7153651def7390256b4177f1e88ebf05a64766a8f4ab4636f6f6a99480611f053d9870f38e818b75fcbf2b8059be3acc5efee1acb8d4c2c853bf993b9909badcd1ce75a311c10b77b897dcc21a966c6104220f12f6fbb8a83c462186ae4c0ac15ef2a1b6b58d4", 0xcb}, {&(0x7f0000000300)="70e5d5ee3fea7d4d67597543a02b5f6330e7d0de53f1450ba3de0e1705d9026838563cf412cd5c8f5aa99a23a51d68e85e36f9d7fc600e349382ea", 0x3b}, {&(0x7f0000000340)="b1294c7abc9339f01d3afee4bf14aa369817708ffb703cd0a30c3264f58ed37dbcb61bb686825d0dd4c2411033038df9dffa882b8bbb4f78e95d11a0cf60681ffa4203eb140fd7aa93117da882674beadcc9daab8af91a08d90860be02a8424dbacbe688156882ade8cff2c8b8c8baf8153bd23561ddb93e44885c0fbc5b55daee852783d2793320b939f160e2b820d2e0eb5664727fc3a9c4222eb93a3801ff45fd70cc8ef6", 0xa6}, {&(0x7f0000000400)="3e8ae4761451893fec9157e820ee5e5ef5cc8b41b639508990802eec6e4ecc97b3331affa7e501c327da729d25c8dd77eaddf3218066f708e3d6834d25f7405d853b6fa99335397732e9eacff8525003126fee74a2af42fdbc6c3289cf93bc1c6c03b26a6e3db8cf2cbcd2d72afeb46d4e8bda62b8226d9cc0ece0652b542bc306ed0985f3f475cd2b04fe380e7e8c4e2b868b9738e78cb35422160eae8aef002faf6c2d860cf8d6dd0e337fcdff5969b29eeb668c9fee42f2134cd0bab14a4087a5ce44aa014de376095c01e88c155c", 0xd0}], 0x4}, 0x20008040)

5m27.396775027s ago: executing program 3 (id=846):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000004f40)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0x9, @dev={0xfe, 0x80, '\x00', 0x24}, 0xa}, 0x1c, &(0x7f0000001780), 0x0, &(0x7f00000017c0)=[@flowinfo={{0x14, 0x29, 0xb, 0x7}}, @dstopts={{0xd8, 0x29, 0x37, {0x3b, 0x17, '\x00', [@generic={0x1, 0xb3, "f48e34cde6e037f9c4ad1bf4ea930b63ed99d4aca141ac212046121f28b425643503c14afc5d346f0116a9bdbd42b7d5e16128588f9f9b668a8ce35df6dc5680d5f372b70f75e2b51fb324997cd9098ddaf3c05a7630ccc8588e3c497dbf9c20343a8e9d75970bffb76340a7cb072e048fcd4e7cdca97a9dd96a29f22946be45d21aa7bc8f92538e291a7752e4a6ce255df9d79f01e1344a0dcf7239bbef645b9e91d124888accce71f9deb314f4e724d16990"}, @jumbo={0xc2, 0x4, 0x4}]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x1000}}, @rthdr={{0x58, 0x29, 0x39, {0x89, 0x8, 0x1, 0x0, 0x0, [@local, @empty, @empty, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}]}}}], 0x160}}], 0x1, 0x4044)

5m27.395668205s ago: executing program 3 (id=847):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x4380, 0x0)
r1 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000000), 0x80400, 0x0)
r2 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000380)={0x0, &(0x7f0000000180)=[@nested_intel_vmwrite_mask={0x154, 0x38, {0x2, @guest16=0x806, 0x9, 0x7}}, @nested_amd_clgi={0x17f, 0x10}, @nested_vmresume={0x130, 0x18, 0x1}, @nested_create_vm={0x12d, 0x18, 0x3}, @wr_drn={0x68, 0x20, {0x3, 0x1000}}, @set_irq_handler={0xc8, 0x20, {0x38}}, @nested_amd_vmsave={0x183, 0x18, 0x2}, @nested_create_vm={0x12d, 0x18, 0x2}, @nested_amd_invlpga={0x17d, 0x20, {0x54000, 0x4fae}}, @nested_load_code={0x12e, 0x7c, {0x3, "66baf80cb857954988ef66bafc0cb001ee66baf80cb85eb69680ef66bafc0c66b8240066ef64440f23c1b9800000c00f3235008000000f30430f060f9b02410f013508000000c4a150568a5b00000042c03209b976030000b8f33f0000ba000000000f30"}}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x0, @guest_nat=0x680e, 0x2, 0x9, 0x8}}, @rdmsr={0x66, 0x18, {0x388}}], 0x1d4})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, &(0x7f00000003c0)="c4c2fd17c7c7442400e0f25d26c74424021f300000c7442406000000000f011424ea305b197319010fc79d00000000f30fc73581000000660fec09c4c2bdaf1f9a126d000026012e2e640fc7730064660feca8c5ee5470", 0x57}], 0x1, 0x20, &(0x7f0000000480), 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r3 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
truncate(0x0, 0x442)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_pidfd_open(r4, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r5, 0xff02, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r7, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8000, 0x64}, [@IFLA_GROUP={0x8}, @IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}]}, 0x34}}, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x204000, 0x6d)
finit_module(r3, 0x0, 0x0)
preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0xa)

5m27.285814819s ago: executing program 3 (id=848):
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000140), &(0x7f00000001c0)=0x60, 0x80800)
sendmsg$inet(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)="fc", 0x1}], 0x1}, 0x20040d4)
close(r0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000004c0)=@bpf_tracing={0x1a, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x5, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x782d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xbec5}, 0x94)
r2 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x30, 0x3a, 0x0, @remote, @local, {[], @dest_unreach={0x1, 0x3, 0x0, 0xf2, '\x00', {0x4, 0x6, '\x00', 0xd, 0x33, 0xff, @local, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x33}}}}}}}}}, 0x0)
r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x1000d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3c}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x4})
ioctl(r4, 0x8b1a, &(0x7f0000000040))
mount(&(0x7f0000000b40)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000080)='msdos\x00', 0x20000a, 0x0)

5m26.915858352s ago: executing program 3 (id=860):
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000000d06010200000000000000000500000211000300686173683a69702c706f727400000000050001"], 0x38}, 0x1, 0x0, 0x0, 0x20008040}, 0x40048100)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x60042, 0x0)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) (async)
write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002000300fffeffffdf020000000000004000000000000000030300ef0000000000000000080038000100040004000d000300000000800000000000000000000007000000000000000800000000004000050000000000000002"], 0x78) (async)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) (async, rerun: 32)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (rerun: 32)
ioctl$SNDCTL_SEQ_SYNC(r0, 0x5101)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000000)="b80cbd14d4f13fe8f9cff468c954ee7b4213a2f35492bb16cb19be8f8b674324c7b316b1cbf770e699d36e8449f602ed2ef2bf66c0fe31974780a37f148d08958555dd1cdcf7c60b6b2cc4395f8ba7eb19d4417c238ffd976b89459932a579291c7cb4461c6a194ae9a70ccd9fbfb6e5629e03e9590be538b524eebecc3e6664877486378ac732e5e6ea6077b5af775adcabbc1a9dd089ef31a00177882ea9e2f01057106b66e1b0eee71b74d94b824ad68e61575e7fe3dca4c7b117be15b4cfcad6de9960299976e0b1c21cefd940c745ad0a5d4d829d645290f3568d146cd8ff05935118c6f64e7a145d2d535e6a6204ff543f942d890ddbb0ef151960d773")

5m26.871725052s ago: executing program 34 (id=860):
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000000d06010200000000000000000500000211000300686173683a69702c706f727400000000050001"], 0x38}, 0x1, 0x0, 0x0, 0x20008040}, 0x40048100)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x60042, 0x0)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) (async)
write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002000300fffeffffdf020000000000004000000000000000030300ef0000000000000000080038000100040004000d000300000000800000000000000000000007000000000000000800000000004000050000000000000002"], 0x78) (async)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) (async, rerun: 32)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (rerun: 32)
ioctl$SNDCTL_SEQ_SYNC(r0, 0x5101)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000000)="b80cbd14d4f13fe8f9cff468c954ee7b4213a2f35492bb16cb19be8f8b674324c7b316b1cbf770e699d36e8449f602ed2ef2bf66c0fe31974780a37f148d08958555dd1cdcf7c60b6b2cc4395f8ba7eb19d4417c238ffd976b89459932a579291c7cb4461c6a194ae9a70ccd9fbfb6e5629e03e9590be538b524eebecc3e6664877486378ac732e5e6ea6077b5af775adcabbc1a9dd089ef31a00177882ea9e2f01057106b66e1b0eee71b74d94b824ad68e61575e7fe3dca4c7b117be15b4cfcad6de9960299976e0b1c21cefd940c745ad0a5d4d829d645290f3568d146cd8ff05935118c6f64e7a145d2d535e6a6204ff543f942d890ddbb0ef151960d773")

5m23.523350993s ago: executing program 4 (id=900):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x3fb, 0x1, 0x70bd2c, 0x25dfdbfc}, 0x10}, 0x1, 0x0, 0x0, 0xc000}, 0x20000080)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000340)={<r3=>r2})
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r5, r4, &(0x7f00000000c0)=0x58, 0x8)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000070000009536809c44df5c21b160f0f31ab6a9f4578f637f26ce0974d401000000eae8637b48efc2430001fe0da238420e65b8dc41af31460e95e5d95f61faa16008b818730d8dcffaa954478f759d0e2746f85eb4b8eaa48426f04d21d0dcbaeead329a06d04ff21d451f6db705a6d2b1a578adc36253c275e08ff46978074aaa8b0a011a66babe480f27860ac1bc5331e61454190f7c33dcfa9f0f1fcf7ef16cec5ab8cd11c1d9b1e50c"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000200)={r3})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x488c4}, 0xc000)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e3, &(0x7f0000000180)={r2, r6})
fcntl$notify(r1, 0x402, 0x2a)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r4)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000600)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_STOP_NAN(r3, &(0x7f0000000780)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)=ANY=[@ANYBLOB='\x00\x00', @ANYRES16=r7, @ANYBLOB="200027bd7000ffdbdf257400000008000300", @ANYRES32=r8, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4801}, 0x40000)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x1, 0x4, 0x401, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x8010)
sendmsg$NFULNL_MSG_CONFIG(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x1, 0x4, 0x301, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
r11 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000006800010000000000000000000a00001d00000000080006000000000004000b00"], 0x24}}, 0x0)
connect$inet6(r11, &(0x7f0000000080)={0xa, 0x4e20, 0x1, @loopback, 0x5}, 0x1c)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000300)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r12, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c000000170a01080000000000000000020000080900020073797a30f30000000900010073797a3000"], 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r13 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
setsockopt$bt_BT_VOICE(r13, 0x112, 0xb, &(0x7f0000000000)=0x60, 0x2)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000540)={r11})

5m23.031376279s ago: executing program 4 (id=901):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv6_getaddr={0x40, 0x16, 0x11, 0x70bd2c, 0x25dfdbfe, {0xa, 0x0, 0x40, 0xff, r2}, [@IFA_ADDRESS={0x14, 0x1, @mcast2}, @IFA_LOCAL={0x14, 0x2, @private2}]}, 0x40}}, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000001140)={<r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})

5m22.574880827s ago: executing program 4 (id=904):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000004f40)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0x9, @dev={0xfe, 0x80, '\x00', 0x24}, 0xa}, 0x1c, &(0x7f0000001780)=[{0x0}], 0x1, &(0x7f00000017c0)=[@flowinfo={{0x14, 0x29, 0xb, 0x7}}, @dstopts={{0xd8, 0x29, 0x37, {0x3b, 0x17, '\x00', [@generic={0x1, 0xb3, "f48e34cde6e037f9c4ad1bf4ea930b63ed99d4aca141ac212046121f28b425643503c14afc5d346f0116a9bdbd42b7d5e16128588f9f9b668a8ce35df6dc5680d5f372b70f75e2b51fb324997cd9098ddaf3c05a7630ccc8588e3c497dbf9c20343a8e9d75970bffb76340a7cb072e048fcd4e7cdca97a9dd96a29f22946be45d21aa7bc8f92538e291a7752e4a6ce255df9d79f01e1344a0dcf7239bbef645b9e91d124888accce71f9deb314f4e724d16990"}, @jumbo={0xc2, 0x4, 0x4}]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x1000}}, @rthdr={{0x58, 0x29, 0x39, {0x89, 0x8, 0x1, 0x0, 0x0, [@local, @empty, @empty, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}]}}}], 0x160}}], 0x1, 0x4044)

5m22.515628053s ago: executing program 4 (id=905):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
setrlimit(0x7, &(0x7f0000000400))
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x599681)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]})
pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) (async)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) (async)
chroot(&(0x7f0000000100)='./file0\x00') (async)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0) (async)
fsopen(&(0x7f0000000240)='ramfs\x00', 0x1) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
fsmount(r0, 0x0, 0x0) (async)
fchdir(r1) (async)
setrlimit(0x7, &(0x7f0000000400)) (async)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0) (async)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) (async)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x599681) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) (async)
pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00') (async)

5m22.433666831s ago: executing program 4 (id=907):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280), 0x440602, 0x0)
recvfrom(r0, &(0x7f0000002640)=""/4093, 0xffd, 0x40002162, &(0x7f00000025c0)=@qipcrtr={0x2a, 0x4, 0xfffffffe}, 0x80)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r1, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000010000000000000000000000a5000000a000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xb9)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="120000000748e7fddaa9eca510d5240300000800", @ANYRES32, @ANYBLOB='\v\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000100"/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xe, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="04"], 0x10)
close(r3)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r2}, &(0x7f0000000080), &(0x7f0000000840)=r3}, 0x20)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001580), 0x0, 0x0)
ioctl$XFS_IOC_FSBULKSTAT_SINGLE(r4, 0xc0205866, &(0x7f00000007c0)={&(0x7f00000001c0)=0x7, 0x1, &(0x7f0000000940)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000340)})
read$msr(r5, &(0x7f00000002c0)=""/51, 0x33)
ioctl$sock_netdev_private(r1, 0x8949, &(0x7f0000000000))
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$WPAN_SECURITY_LEVEL(r5, 0x0, 0x2, &(0x7f0000000200), &(0x7f0000000240)=0x4)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000003c0)={0x2000000000000020, &(0x7f0000000380)=[{0x6, 0x3, 0x0, 0x7fff0006}]})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r7)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r8, 0x0)
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r9, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r10 = accept(r7, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x8000080}, 0x1)
close_range(r6, 0xffffffffffffffff, 0x0)

5m22.155807195s ago: executing program 4 (id=908):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000020a010200000000000000000a0000060900010073797a310000000008000240000000018c000000020a010100000000000000000000000369000600e62807258a6d38caf4cb1d7a776a7a05e57912414e63207c5e61d47bb4016b21bd5593b033b0968722f2f0f4818a1a13fbb43e79d0ae674d071c0164df9d3701cc15211300766b6ebe326ada9e49cca5c2a07460e46e35eabfb48a4cd2cd83790d7e705b010000000900010073797a31000000001c000000090a030000000000000000000a00000208000c40"], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000)
syz_open_dev$char_usb(0xc, 0xb4, 0x9)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a3100000000140003800800014000000000"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd0002800800"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x0, 0x7a}, 0xc)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00')
syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
preadv(r2, &(0x7f00000002c0)=[{&(0x7f0000000000)=""/171, 0xab}, {&(0x7f0000000180)=""/235, 0xeb}], 0x2, 0x3, 0x0)
ioctl$BTRFS_IOC_ADD_DEV(r2, 0xb701, 0x0)

5m22.089668851s ago: executing program 35 (id=908):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000020a010200000000000000000a0000060900010073797a310000000008000240000000018c000000020a010100000000000000000000000369000600e62807258a6d38caf4cb1d7a776a7a05e57912414e63207c5e61d47bb4016b21bd5593b033b0968722f2f0f4818a1a13fbb43e79d0ae674d071c0164df9d3701cc15211300766b6ebe326ada9e49cca5c2a07460e46e35eabfb48a4cd2cd83790d7e705b010000000900010073797a31000000001c000000090a030000000000000000000a00000208000c40"], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000)
syz_open_dev$char_usb(0xc, 0xb4, 0x9)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a3100000000140003800800014000000000"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd0002800800"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x0, 0x7a}, 0xc)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00')
syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
preadv(r2, &(0x7f00000002c0)=[{&(0x7f0000000000)=""/171, 0xab}, {&(0x7f0000000180)=""/235, 0xeb}], 0x2, 0x3, 0x0)
ioctl$BTRFS_IOC_ADD_DEV(r2, 0xb701, 0x0)

1m36.912780652s ago: executing program 5 (id=2983):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="1000000000000000100100000e00000018000000000000001001000001"], 0x28}, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000280)="0f01c867f30f5fdf0fd5850d00000066baf80cb87432f88fef66bafc0c66b8cf0366ef0fc76900490fc72d8300000066baf80cb82c44028cef66bafc0cb0bbee400fc73366bad104ed0f380b357f840000", 0x51}], 0x1, 0x43, 0x0, 0x0) (async)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000140)={{0xffff1000, 0xeeee8000, 0x4, 0xf6, 0x2, 0xf3, 0xd7, 0x8, 0x7, 0x1, 0x9, 0x5}, {0x50000, 0x200000, 0xd, 0x5, 0x3, 0x8, 0x5, 0x0, 0x80, 0xfc, 0xfc, 0x4}, {0x200000, 0x4, 0xb, 0x6, 0xff, 0x3, 0x0, 0x5, 0xef, 0x27, 0xd5, 0x2}, {0x4000, 0x6000, 0x9, 0x9, 0x8f, 0x4, 0x83, 0xfc, 0xb, 0xb, 0x9, 0x3}, {0xffffffff, 0x0, 0x3, 0x2, 0x6, 0x1, 0x9, 0x2, 0x3, 0x3, 0x0, 0xe4}, {0x25000, 0xffff1000, 0xf, 0x7, 0x3, 0x0, 0xde, 0x9, 0x3, 0x0, 0x4, 0x30}, {0xdddd0000, 0x9000, 0xc, 0x1, 0x8, 0x3, 0x2, 0x6, 0x91, 0x8, 0x9, 0x88}, {0x8000000, 0x2000, 0x10, 0x6, 0x7f, 0x8, 0x5, 0x10, 0x7, 0x3, 0x80, 0x87}, {0x6000, 0x7fff}, {0x8080000, 0x9}, 0x50000, 0x0, 0x0, 0x400408, 0x6, 0x8000, 0xeeef0000, [0x6, 0x5, 0x5, 0x11]}) (async)
add_key$fscrypt_v1(0x0, &(0x7f0000000180)={'fscrypt:', @desc3}, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f00000000c0)=@x86={0x60, 0x4, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x1, 0x0, 0x0, 0x8, 0x0, 0xff, 0xff, 0x0, '\x00', 0x0, 0x1}) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x9000, 0x9, 0x10001, 0xfffffffd, 0x0, [{0x2, 0x2, 0x87, '\x00', 0x8}, {0x9, 0x8, 0x2, '\x00', 0xa}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x2, 0x2, 0xf5, '\x00', 0xf}, {0x9, 0x0, 0xc, '\x00', 0xfb}, {0x0, 0x7f, 0x54, '\x00', 0xff}, {0x71, 0xd5, 0xed, '\x00', 0x7c}, {0x3, 0x4, 0x1}, {0x81, 0x5, 0xb, '\x00', 0x8}, {0xd7, 0xd, 0x8, '\x00', 0xa}, {0x0, 0x28, 0x7, '\x00', 0xdc}, {0x40, 0x1, 0x5, '\x00', 0xc}, {0xfe, 0x3, 0x26}, {0xcf, 0xfa, 0xb, '\x00', 0x5}, {0xf, 0x6, 0x5, '\x00', 0x10}, {0x39, 0x2, 0x6, '\x00', 0x8}, {0x9, 0x6, 0x2, '\x00', 0x8}, {0x5, 0x7, 0x5, '\x00', 0xc}, {0x7, 0x1, 0x7}, {0x0, 0x80, 0xfe, '\x00', 0x81}, {0x1, 0xc, 0x80, '\x00', 0x8}, {0x10, 0x3, 0x3, '\x00', 0x10}, {0x1, 0x23, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4, '\x00', 0x8}]}}) (async)
r4 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0)
ioctl$SG_IO(r4, 0x2285, &(0x7f0000000140)={0x53, 0x0, 0x109, 0x0, @buffer={0x0, 0xf5ff, 0x0}, &(0x7f00000001c0)="1538b9edff00000008ffffff01a26ccc143bc638b65f69d33b5ab57cf52671dc2d7b21178e751ed07500d83b77ea4beb9c4d4c362f69d05192fac58367ffe9779c6752fbdfc72b65c241364dee74e143fd791b70a2bbdbf4d0eb9b5ea7d2a2487b11a25a69d07e232a840bb5bacb14fd42890807191c52c541e28eba71ee2994d17e53d06732a861fbe148757981fdb1a412d834198e1aa1f5241010e87578fb4069800e64d8d46304771ab67e0325aa78c0b404aaa733e2eb7ec56870b6932912eb693d2a48fce52a88fa8f1250bda6fb2825d72773800f3ea37fbf9fd2038bd92db025776dbd835b638d3a3972f76886a46f1bbcbefeebbbbb1ccfa26db44577cdee28d0f61a4d4c", 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usbip_server_init(0x2)

1m34.872279569s ago: executing program 5 (id=2993):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf2000000000000015000200000001103d200100000000009500000000000000bc26000000000000bf67000000000000070300000fff070067020000030000001606000000000078bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf2000000000000015000200000001103d200100000000009500000000000000bc26000000000000bf67000000000000070300000fff070067020000030000001606000000000078bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6}, 0x94) (async)

1m34.802912914s ago: executing program 5 (id=2988):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r1=>0x0}) (async, rerun: 64)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000000)={0x28, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_GATE_ANNOUNCEMENTS={0x5, 0x11, 0x1}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x94}, 0x4000040) (async, rerun: 64)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r2, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000001c0)={0x1d0, r3, 0x100, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x8, 0xc}}}}, [@NL80211_ATTR_FRAME={0xb4, 0x33, @mgmt_frame=@reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x80}, @broadcast, @broadcast, @from_mac=@device_b, {0x1, 0x40}, @value=@ver_80211n={0x0, 0x34e1, 0x3, 0x1, 0x0, 0x1, 0x1}}, 0x201, 0x9, @random=0x2, @val, @val={0x2d, 0x1a, {0x40, 0x3, 0x5, 0x0, {0x5, 0xe, 0x0, 0x5}, 0x800, 0xffffad11, 0x3}}, [{0xdd, 0x41, "5b43685dcb8a054a73b3496716128180615e890db42e53af6b31b9d6e8b1997a349bc74c325c91830bfa50adf3aa3c44111a5dd134b11353e4bf56bf304efc623e"}, {0xdd, 0x2b, "af52d134b6883e035291d360352b8f49adf350c8ad498636914ab15011f42ec4de90622f50d720877eea0c"}]}}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_FRAME={0xbe, 0x33, @mgmt_frame=@auth={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x8}, @device_a, @broadcast, @random="4105f14ecd50", {0x3, 0x80}}, 0x0, 0x1, 0x46, @void, [{0xdd, 0x9a, "7e2b35d9b12de817b84ff052e1c8c2f6c7b4cdf9a44ed5661ec212b15a15bfaad3c5cbbe80da2c67fe4abeda237fa3af031d23616b42da6b33c3960c4967f4ce984be4caa179ee13398ce9451358f65c2c52dd4ce9b0e663597e546daab891b0df1bffa5250e81b02f8d7d84ce033e5ba553cb0c3c892faf726867e2f955dcbc1d9c3b3f9aec4cb36a619819a3b59007549ff3fde5570a18a674"}]}}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@pspoll}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x20048000}, 0x880) (rerun: 64)

1m34.702307791s ago: executing program 5 (id=2991):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000200)=""/161, 0xa1, 0x9)
write$cgroup_int(r0, &(0x7f00000000c0)=0x8, 0x12)
r1 = socket$inet(0x2, 0x3, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x9, 0x3, 0x250, 0x0, 0xffffffff, 0xffffffff, 0x120, 0xffffffff, 0x1b8, 0xffffffff, 0xffffffff, 0x1b8, 0xffffffff, 0x3, &(0x7f0000000100), {[{{@ip={@remote, @multicast1, 0xff, 0xff000000, 'xfrm0\x00', 'vxcan1\x00', {}, {0x1b307fdd21389e6}, 0xa, 0x2, 0x20}, 0x0, 0xc0, 0x120, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0xc, 0x1, 0x2}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @empty, 0x9, 0x5, [0x25, 0x3, 0x1b, 0x34, 0x2e, 0x2a, 0xd, 0xd, 0x18, 0x1c, 0x3a, 0x3, 0xf, 0x2c, 0x4, 0x17], 0x2, 0x6, 0x1}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2b0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000140)={<r2=>0x0, 0x3, 0x4, 0x0, 0x3, 0x401}, &(0x7f0000000180)=0x14)
fsetxattr$security_evm(r1, &(0x7f00000002c0), &(0x7f0000000300)=@ng={0x4, 0x8, "dfc7304f79a2541e42d9d3a0d4221d1fd4f0"}, 0x14, 0x2)
setsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f00000001c0)=@assoc_value={r2, 0xfffffff9}, 0x8)
umount2(&(0x7f0000000340)='./file0\x00', 0x8)

1m34.631790942s ago: executing program 5 (id=2994):
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
socket$netlink(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000001, 0x11, r0, 0x0)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000067c0), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000854}, 0x40)
bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x5, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)

1m34.308357534s ago: executing program 5 (id=3001):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c0001800600060088470000971b02"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4008011}, 0xc000) (async)
ioctl$KVM_CAP_XEN_HVM(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000300)={0x26, 0x0, 0x18})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0}) (async)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000b53fb9a3ec676649b46c0a40697fffc3ef7172c0e20f56a10a749984fc753178e6be44ce3b598654c2cc7bab7a7bba03dcb584358c8f038a968fd149cd4fb937cd8a", @ANYRES16=r3, @ANYBLOB="030329bd7080ffdbdf250a00000008000300", @ANYRES32=r2, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x48000}, 0x44) (async)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r4=>r1}, './file0\x00'})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000100)={'gretap0\x00', &(0x7f0000000500)={'gretap0\x00', <r5=>0x0, 0x8, 0x8, 0x7, 0x0, {{0x12, 0x4, 0x3, 0x7, 0x48, 0x65, 0x0, 0x5, 0x29, 0x0, @multicast1, @multicast1, {[@ssrr={0x89, 0x13, 0x13, [@loopback, @dev={0xac, 0x14, 0x14, 0x3b}, @remote, @loopback]}, @timestamp_prespec={0x44, 0xc, 0x5c, 0x3, 0x2, [{@dev={0xac, 0x14, 0x14, 0xc}, 0x6}]}, @timestamp_addr={0x44, 0x14, 0x4e, 0x1, 0x2, [{@private=0xa010101, 0x9}, {@broadcast}]}]}}}}})
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="080f26bd91010006f80000000000000000c1", @ANYRES32=r5, @ANYBLOB="050030000100000008000b00ff01000008003c00ff0100000500290001000000050035000900000008000b0005000000"], 0x4c}, 0x1, 0x0, 0x0, 0x85}, 0x4000)

1m34.164155392s ago: executing program 36 (id=3001):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c0001800600060088470000971b02"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4008011}, 0xc000) (async)
ioctl$KVM_CAP_XEN_HVM(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000300)={0x26, 0x0, 0x18})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0}) (async)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000b53fb9a3ec676649b46c0a40697fffc3ef7172c0e20f56a10a749984fc753178e6be44ce3b598654c2cc7bab7a7bba03dcb584358c8f038a968fd149cd4fb937cd8a", @ANYRES16=r3, @ANYBLOB="030329bd7080ffdbdf250a00000008000300", @ANYRES32=r2, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x48000}, 0x44) (async)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r4=>r1}, './file0\x00'})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000100)={'gretap0\x00', &(0x7f0000000500)={'gretap0\x00', <r5=>0x0, 0x8, 0x8, 0x7, 0x0, {{0x12, 0x4, 0x3, 0x7, 0x48, 0x65, 0x0, 0x5, 0x29, 0x0, @multicast1, @multicast1, {[@ssrr={0x89, 0x13, 0x13, [@loopback, @dev={0xac, 0x14, 0x14, 0x3b}, @remote, @loopback]}, @timestamp_prespec={0x44, 0xc, 0x5c, 0x3, 0x2, [{@dev={0xac, 0x14, 0x14, 0xc}, 0x6}]}, @timestamp_addr={0x44, 0x14, 0x4e, 0x1, 0x2, [{@private=0xa010101, 0x9}, {@broadcast}]}]}}}}})
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="080f26bd91010006f80000000000000000c1", @ANYRES32=r5, @ANYBLOB="050030000100000008000b00ff01000008003c00ff0100000500290001000000050035000900000008000b0005000000"], 0x4c}, 0x1, 0x0, 0x0, 0x85}, 0x4000)

3.882921821s ago: executing program 7 (id=4013):
r0 = syz_open_dev$sg(&(0x7f0000000140), 0x1, 0x260142)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
ioprio_set$pid(0x2, 0x0, 0x2000)
syz_clone3(&(0x7f0000000180)={0x8081000, 0x0, 0x0, 0x0, {0x1c}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000005000000a30c0394"])
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_int(r1, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4)
recvmmsg(r1, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x48840, 0x0)
ioctl$VIDIOC_DV_TIMINGS_CAP(r2, 0xc0905664, &(0x7f0000000080)={0x0, 0x0, '\x00', @bt={0x51, 0x9, 0x2, 0x9, 0x5, 0x80000000, 0x1c, 0x8}})

3.731864576s ago: executing program 7 (id=4020):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@gettaction={0x28, 0x32, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}]}, 0x28}}, 0x800)
ioctl$sock_x25_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x2}, 0xa, 'syzkaller0\x00'})
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
write$binfmt_elf32(r2, &(0x7f0000000840)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0x25, 0xba, 0x7, 0x1000, 0x2, 0x3, 0x8, 0x242, 0x38, 0x2ea, 0x1, 0x10, 0x20, 0x1, 0x7, 0xa, 0x7}, [{0x7, 0x1, 0x9, 0x1, 0x0, 0xfffffff9, 0x8, 0x7ff}], "33c42d4874a49c8d68c8e054edfbeb86026e010cd83bc4e2cbc85e07762276da89db7b163c9eec9b76f28771d0732e65c0c7e4a718316e5000acc69b612bd6eea4f96118626b16a98e5e6f52a145ae80253df01b062077ad7a58c8fc57e642c763e8f335e575a8bebfe64f797065a62a5c10cfafedb9f226ec06ae5712281e2294edb63014ae886f947cbe6353f2c1e9ccc7d68568dee2705275eb691c4aaa6c8255903e6eadd5f28f9014dc8b3e8235bdcd8308054e4a3dea63fb6873ad5336580763433b53a0daf811471f3fb0ff5b93073e8e0c523a90c3beaeb4458a7d7115661a2f99454f02a48c40a4282b641ea2e49bc28a6d9201305b50f2386199da09616d0fdd071557d6734400a762a3490d83ef8ea762ae64596341081601ff293e0a793b316701b89522e96e7b217a0f5598cc2de68547ac6f9ec48ec3743b478e7cf3190cf8d305e6579e782b873fa8e1b455fce77896c9c531ab43cf713e7a02339bb77f216761ab397441d94d4e175b371b211a2b93d5b259027b65ceaef49655e3b8955202a6b379737291336021a4be03bb78090709b0addc1b7e6fd396dcb553d928b4fe12e847a6821ce6bc19f933078182173c37d216e678b82609e93e4af0efa9b4f66233e442d1502266f955c8d2c0bb63916321d49fc5239dca04082ed3db624e8260b1407cefd8905ee2206dc548b0c4c5aa2c8a8a3b306fce88e855d8627a64cccef5f0784882dacb3d5fff4d256d9b35eaa37944b2620c760a9e973f0722dbbfcb07a1df416ff5432e36cd53b01793d10973798cda7e68936df5792c56ff37faa245fc9b308a715031ffa48de6efc5fd76b24193657133aa736d0ffccaa18305fe92a585983ebaf740e8033f73f34403322a0941eb634f28d8f2d74d58bf06c70ac739cad3ee93336ebb7bfdfcea03a303527a14d49d6821041a05d666268eb2966820ff7e612df0f9d3ccd059faa061796ab044fd685ead2002ed69edf72ad5fc1d228f57dd5e5065f90df9dea89cdae369e13b54f96e45fae70bf8e66e43d226e0e037f3b8e48697ccdfb43cb945bfd4d69caa993a82fce138b0ab33f686b7553b4066167ab2a58b556c5edeb1c5a2b731f058ebf5d6102345c34288790e762efceb98836361670a12dc254c5a5c6c828ab55524cced66599550fcedf666957695b31eb506e3873651903cb6c392382afe95eed491234b59936db46bed041dd3eaf6413bc8147cb8f65c9ea32d4fe75e62d4ae9b993ee3364b623f70dbf5fc99541478bd0cde5f7d70be0433dd07b337a98cc88e472adbc1ebae9409f4bd09895bf0f2405cdc1003b87002bddebd5877c71363cfefa0a7f22d6f84507b61010db2dff21d4ab77509571d0e83188b008755209df4268c53e7bbdcc58f31ab428d5cdd54cd885a90e9b9ebc771f0754d83d3bcfcb5628c7b634c1fb8dcf0b857a71c7c1ec67ff79bf6153f322d4b32bd896b22b81f3d849be3d6455b0892a828d59b73c2a90e5cd065eb1783fdeb0b7197029bb0bc202d667039e6b8879adcbd1dc306a52db42acf86c65a98adb2bc11c10020ef4e24d56b708c2af3b71b90602d1a76dd71ae5d61ab59e092210723efc14c2ea9a4483f1f1b4f3663c07eec1bef0041161d91dd6c1a039e125604acfe6f13e1eef626a04c54f79c15036ad7a9f83344bc53ff975cdb66789584cff134bbcbef55637307507d13b53aa341e3bbea1d4caca18ae7e190f66ce377957e942b16f4cb566d738f68e0a476ce8ae096c8c020f48c885afb0e62b8d9af93d4af940771b2f135aa5eabef8f51ee00a20cb5a4d33b5de352864e301d78b27c5231c258607987252d179ee47e2c2a58202edbabfb79967e8dea94f1cf2404a46c8b91b7d7c8bc185357b871e4fef141be315278398f69a1a7c43250ed2272cc59b094b96da0dfb0b10b0737728e8e3369114c0267376a01ca61c1ddea08a47cbd47921e7261d347bf80a66e9b690c2f7d52ebace5b10c05b04931f77582be1dea6fa5a55665e20af837026a008c09bd992293233197f5daaed69de53353d996a201a78e21184e774bf1f0481ae48389ecc41eb20d2b1d78efbf46d9b15867f329421ebfcbe846df6d1d2cf235ddbe6c9217e9408fb2d835ccf0ff27e4d753d53d173f5489ae3bb7631ce6bdf7c2cd6d9c5d0b84f9b10ece46ad171cf14d30ab581ad3c807a22afe8a45b3bdb46df4147e5fe4a24b7dc43e9b366e"}, 0x688)

3.730440847s ago: executing program 7 (id=4022):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/188, 0xbc)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ncm(0x2, 0xb, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1)

1.609588988s ago: executing program 7 (id=4059):
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ap_ssid, 0x6, 0x0)

1.544069178s ago: executing program 7 (id=4060):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x4000000000000030)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200000000000)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x80000000, 0x4, 0xc2, 0x4f, 0x40, 0x2, 0x90, 0x1, 0x4, 0x48, 0x8, 0x0, 0x9}, {0xb, 0xa6f2, 0x6, 0x8, 0x9, 0xff, 0x4, 0x1, 0xa, 0x13, 0x5, 0x6, 0x109}, {0x800001ff, 0x7, 0xd, 0x10, 0x25, 0xff, 0x0, 0xfb, 0x4, 0x15, 0x0, 0x2, 0x4}], 0x9})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x67a, 0x6, 0xf3b8, 0x0, 0x1000, 0x400, 0x4002004c4, 0x1000, 0x0, 0x97, 0x10, 0x0, 0x3, 0x4], 0xeeee8000, 0x400})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r6 = gettid()
timer_create(0x2, &(0x7f000049efa0)={0x0, 0x7, 0x4, @tid=r6}, &(0x7f0000044000))
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f000006b000)={{0x77359400}, {0x0, 0x9}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x24, r5, 0x5, 0x4000000, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000380)={'pimreg\x00', 0x5005})
write$tun(r9, &(0x7f0000000040)=ANY=[@ANYBLOB="03050c000885190006"], 0x3a)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r10, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000140)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @val={0x4, 0x6, {0x0, 0x3, 0x3}}, @void, @void, @void, @void}, 0x3d)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x0)

1.42280409s ago: executing program 6 (id=4064):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x72) (async)
ftruncate(r0, 0x527) (async)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r1=>r0, {<r2=>0xffffffffffffffff, 0xee01}}, './file0\x00'})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000100)={'syztnl2\x00', &(0x7f0000000080)={'ip6gre0\x00', <r3=>0x0, 0x4, 0x0, 0x82, 0xffff0000, 0x4c, @private2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7800, 0x7800, 0x80d2}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000140)={'syztnl1\x00', <r4=>r3, 0x8000, 0x40, 0x6d, 0xffff, {{0x12, 0x4, 0x1, 0x33, 0x48, 0x68, 0x0, 0x7, 0x4, 0x0, @local, @multicast1, {[@timestamp={0x44, 0xc, 0x38, 0x0, 0x8, [0x5, 0x43cb]}, @end, @timestamp={0x44, 0x24, 0xb3, 0x0, 0x4, [0x3, 0x3, 0x45, 0x1ff, 0x8, 0x8, 0x8, 0x5]}]}}}}})
clock_gettime(0x0, &(0x7f0000000200)={<r5=>0x0, <r6=>0x0})
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)=@multiplanar_mmap={0x800, 0x4, 0x4, 0x800000, 0xff, {r5, r6/1000+60000}, {0x2, 0x8, 0x1, 0x4, 0x9, 0xc, "b49c7621"}, 0x6, 0x1, {&(0x7f0000000240)=[{0xe04, 0x2, {0x3}, 0x4}, {0xffff8001, 0x0, {0x2}, 0x74}]}, 0x0, 0x0, <r7=>0xffffffffffffffff})
mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4) (async)
futex_waitv(&(0x7f0000001480)=[{0x0, &(0x7f0000000340)=0x5, 0x82}, {0x8916, &(0x7f0000000380)=0x1, 0x2}, {0x4, &(0x7f00000003c0)=0x6}, {0xd7, &(0x7f0000000400)=0x3, 0x82}, {0x0, &(0x7f0000000440)=0x8, 0x82}, {0x7, &(0x7f0000000480)=0xd5e9, 0x82}, {0x4, &(0x7f00000004c0)=0x2, 0x82}, {0x5, &(0x7f0000000500)=0x400, 0x2}, {0x9, &(0x7f0000000540)=0xf, 0x2}, {0x3, &(0x7f0000000580), 0x2}, {0x4, &(0x7f00000005c0)=0x7, 0x2}, {0x1, &(0x7f0000000600)=0x3, 0x82}, {0xffffffffffffffa2, &(0x7f0000000640)=0x2, 0x82}, {0x3, &(0x7f0000000680)=0x3, 0x82}, {0xffffffff, &(0x7f00000006c0)=0x5, 0x82}, {0x1101ea54, &(0x7f0000000700)=0xa2c, 0x82}, {0xfff, &(0x7f0000000740)=0x9, 0x2}, {0x5934542b, &(0x7f0000000780)=0x8001, 0x2}, {0x2, &(0x7f00000007c0)=0x8, 0x82}, {0x10000, &(0x7f0000000800)=0xffffffff, 0x82}, {0x5, &(0x7f0000000840)=0x8000000000000001, 0x82}, {0x9, &(0x7f0000000880)=0xfffffffffffffffc, 0x82}, {0xffffffffffff0000, &(0x7f00000008c0)=0x654, 0x2}, {0xfffffffffffffff9, &(0x7f0000000900)=0x10000, 0x82}, {0x4, &(0x7f0000000940)=0xaa0, 0x82}, {0xa, &(0x7f0000000980)=0x2, 0x82}, {0x7, &(0x7f00000009c0)=0x5e, 0x2}, {0x132f411e, &(0x7f0000000a00)=0x6, 0x82}, {0x8, &(0x7f0000000a40)=0x6237, 0x82}, {0x100000001, &(0x7f0000000a80)=0x9233, 0x82}, {0x9, &(0x7f0000000ac0)=0x4, 0x82}, {0xf479, &(0x7f0000000b00)=0x3, 0x2}, {0x80000001, &(0x7f0000000b40)=0xc75, 0x82}, {0x80, &(0x7f0000000b80)=0x3b6, 0x82}, {0x7, &(0x7f0000000bc0)=0x7ff, 0x82}, {0x80, &(0x7f0000000c00)=0x166, 0x82}, {0x5, &(0x7f0000000c40)=0x4, 0x82}, {0x789c7915, &(0x7f0000000c80)=0x5, 0x82}, {0xb6a, &(0x7f0000000cc0)=0xb382, 0x2}, {0xfffffffffffffffd, &(0x7f0000000d00)=0xee, 0x2}, {0x9, &(0x7f0000000d40)=0x6, 0x82}, {0x3, &(0x7f0000000d80)=0x2, 0x82}, {0x4, &(0x7f0000000dc0)=0x10000, 0x2}, {0x1, &(0x7f0000000e00)=0x8, 0x83}, {0x0, &(0x7f0000000e40)=0x8, 0x2}, {0x6, &(0x7f0000000e80)=0x2, 0x82}, {0xe, &(0x7f0000000ec0)=0x7, 0x2}, {0x7ff8000000, &(0x7f0000000f00)=0x9, 0x2}, {0xd, &(0x7f0000000f40)=0x6, 0x82}, {0xfff, &(0x7f0000000f80)=0x3, 0x82}, {0x1, &(0x7f0000000fc0)=0x7, 0x82}, {0x881, &(0x7f0000001000)=0x4, 0x82}, {0x5, &(0x7f0000001040)=0x2, 0x2}, {0x0, &(0x7f0000001080)=0x1, 0x2}, {0x9, &(0x7f00000010c0)=0x6}, {0x6238, &(0x7f0000001100)=0x2, 0x82}, {0xfffffffffffffffb, &(0x7f0000001140), 0x2}, {0x9, &(0x7f0000001180)=0x5, 0x82}, {0x5, &(0x7f00000011c0)=0x9, 0x43}, {0x3, &(0x7f0000001200)=0x53f1, 0x82}, {0x1, &(0x7f0000001240)=0x8, 0x82}, {0x71, &(0x7f0000001280)=0xffffffffffffffff, 0x82}, {0x4, &(0x7f00000012c0)=0x5, 0x2}, {0x0, &(0x7f0000001300)=0x4, 0x2}, {0x7, &(0x7f0000001340)=0xd346, 0x2}, {0x1, &(0x7f0000001380)=0xb400000000000, 0x2}, {0x9, &(0x7f00000013c0)=0x1, 0x82}, {0xd, &(0x7f0000001400)=0x8, 0x82}, {0x6d, &(0x7f0000001440)=0x6e28, 0x2}], 0x45, 0x0, &(0x7f0000001b00)={0x0, 0x3938700}, 0x1) (async)
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r7, 0x8040942d, &(0x7f0000001b40))
r8 = openat$cgroup_ro(r1, &(0x7f0000001b80)='memory.events\x00', 0x0, 0x0) (async, rerun: 64)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000001c80)={'ip6tnl0\x00', &(0x7f0000001c00)={'ip6_vti0\x00', <r9=>r4, 0x2, 0x7, 0x80, 0x2, 0xe, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8651, 0x7, 0xfffffffc, 0x4}}) (rerun: 64)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000001dc0)={'syztnl2\x00', &(0x7f0000001cc0)={'syztnl2\x00', <r10=>r4, 0x7800, 0x10, 0x1, 0x9, {{0x37, 0x4, 0x3, 0x2a, 0xdc, 0x65, 0x0, 0x81, 0x2f, 0x0, @loopback, @local, {[@end, @timestamp={0x44, 0x24, 0xe2, 0x0, 0x0, [0x2, 0xfffffffd, 0x7, 0x4, 0xe4, 0x7, 0x5d27, 0x7]}, @timestamp_prespec={0x44, 0x3c, 0xe1, 0x3, 0x1, [{@broadcast, 0x82}, {@empty, 0x401}, {@remote, 0x8001}, {@broadcast, 0x1}, {@remote, 0x1}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8}, {@remote, 0x1}]}, @timestamp_prespec={0x44, 0xc, 0xd, 0x3, 0x2, [{@local, 0xf}]}, @timestamp_prespec={0x44, 0x3c, 0x30, 0x3, 0x1, [{@dev={0xac, 0x14, 0x14, 0x13}, 0x2f}, {@multicast1, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x40000000}, {@multicast1, 0x1000}, {@local, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xff}, {@local, 0xfffffffa}]}, @timestamp_prespec={0x44, 0x1c, 0x30, 0x3, 0x3, [{@empty, 0xffff}, {@private=0xa010100}, {@private=0xa010101, 0x9}]}]}}}}}) (async)
getsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000001e00)={@local, <r11=>0x0}, &(0x7f0000001e40)=0x14)
sendmsg$nl_route(r8, &(0x7f0000001f80)={&(0x7f0000001bc0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000001e80)=@RTM_DELMDB={0xb8, 0x55, 0x500, 0x70bd26, 0x25dfdbfe, {0x7, r9}, [@MDBA_SET_ENTRY={0x20, 0x1, {r3, 0x0, 0x2, 0x3, {@ip4=@initdev={0xac, 0x1e, 0xb, 0x0}}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r10, 0x0, 0x3, 0x4, {@in6_addr=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x86dd}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r11, 0x1, 0x1, 0x1, {@in6_addr=@dev={0xfe, 0x80, '\x00', 0xc}, 0x800}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r4, 0x0, 0x7, 0x0, {@in6_addr=@remote, 0x86dd}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r4, 0x0, 0x0, 0x1, {@ip4=@rand_addr=0x64010100, 0x800}}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x40000}, 0x804) (async)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000020c0)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000001fc0)="c2add535135a5f6b00afbfa74d23769fdbd04ceb746c850011150d9bca7c90555a6bfd63feb0266fd0bc0409fc672aa11183395073e8d488b27c9ac941a7b8d5dfa5ffdeb626143f7249c98764d291b97ccd373c06d874d68509846f84222d6acc8e7bb70bbadf34fe35ebf0199411330ef2bf914063cecb59d7353d07c2e26cc85bd325756e0dfd0c6de4c07de40beb0c214adcce22c53b12c529d55e81cd12ca1c328f4e26739fdf42a9c4389d861452b2bfa515f702e2ffbb8bac048018caa4853ed52b9404758db5715fdc790409d1ef", 0xd2, r8}, 0x68) (async, rerun: 32)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f0000002140)) (async, rerun: 32)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000002180)={[{0x2d, 'memory'}, {0x2b, 'perf_event'}, {0x2d, 'cpu'}, {0x2b, 'cpuset'}, {0x0, 'net_prio'}, {0x2b, 'cpuacct'}, {0x2d, 'rlimit'}, {0x2b, 'io'}, {0x2d, 'io'}]}, 0x44) (async, rerun: 32)
ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000002240)={0x0, {0x2, 0x4e20, @multicast2}, {0x2, 0x4e23, @multicast1}, {0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, 0x0, 0xfff, &(0x7f0000002200)='vlan0\x00', 0x9, 0xfffffffffffffffb, 0xffff}) (async, rerun: 32)
sendmsg$can_bcm(r1, &(0x7f0000002380)={0x0, 0x0, &(0x7f0000002340)={&(0x7f00000022c0)={0x2, 0xb0, 0x3, {}, {0x77359400}, {0x3, 0x1}, 0x1, @canfd={{0x2, 0x1, 0x0, 0x1}, 0x3f, 0x3, 0x0, 0x0, "57893694a66db1263a3037c5014daaab8b5a6861e9df618c7f080d841a9cc2a1a4de65ba5199f8c61c7c23fc49d9fcad282f122c6474a75cd74224986223bc37"}}, 0x80}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) (async)
clock_gettime(0x0, &(0x7f0000002400)={<r12=>0x0, <r13=>0x0})
futex(&(0x7f00000023c0)=0x1, 0xc, 0x1, &(0x7f0000002440)={r12, r13+60000000}, &(0x7f0000002480), 0x2) (async)
r14 = syz_open_dev$evdev(&(0x7f00000024c0), 0x200, 0x10800)
ioctl$NILFS_IOCTL_GET_SUSTAT(r14, 0x80306e85, &(0x7f0000002500)) (async, rerun: 32)
lseek(r1, 0x7, 0x2) (rerun: 32)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f00000027c0)={<r15=>0x0}, &(0x7f0000002800)=0xc)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000002840)={0x0, 0x0, <r16=>0x0}, &(0x7f0000002880)=0xc)
sendmmsg$unix(r8, &(0x7f0000002900)=[{{&(0x7f0000002540)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000002780)=[{&(0x7f00000025c0)="e5bd6a105497de2d7eef13d48fb1e7c828cb5444b3f0da2fe4f7feb20dd02ee8f010422d03868c670ceebb3460e7371d433820ac121ac48379d848d7f593e713a132426d74bbc6e2cce150057cdafcfd9fd3befd3e190d77e1e1438c3a94ba899ab58d45291d3ae6e59d6d53d2ed83d9c3de067f17bdf2d8b05505579945f6fc75485b2113b9384c482c94d2f1cb9c951051ff54295c549f6589b7c5f2614c4867d3fa363d96cbbcbad2ef0df48315fca2", 0xb1}, {&(0x7f0000002680)="7b6d69d0c1f1ff3ee8c2db40bd2fa14270294a2833a7e1c5091572acc59a6b9a4052fe6263bfdb6f0cf3d70ce02b7bbbdd1647623eba5a1a8847dee39b500d3ccd857c2a439d65da6b8a174281abf3810e518650eb04ffb93bc3645c13121bde1a5498e063501714d5dcd7ab662850cc9a245bc5a9124019c17611f697a65dd5f4554f230c205b9d730fbfef3e30af34b7583f", 0x93}, {&(0x7f0000002740)="c0925b22567714e6f95e95957fd6c1a23b17fc2b6eb51ed595ef462d9a36aa3a", 0x20}], 0x3, &(0x7f00000028c0)=[@cred={{0x1c, 0x1, 0x2, {r15, r2, r16}}}, @rights={{0x14, 0x1, 0x1, [r14]}}], 0x38, 0x20000000}}], 0x1, 0x8004) (async)
ioctl$UI_DEV_CREATE(r1, 0x5501)

1.324022779s ago: executing program 6 (id=4065):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@ipv6_newrule={0x4c, 0x20, 0x1, 0x0, 0x25dfdbfc, {0xa, 0x80, 0x4908d13283d17e5f, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3001a}, [@FIB_RULE_POLICY=@FRA_SUPPRESS_PREFIXLEN={0x8, 0xe, 0xc}, @FRA_SRC={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x40000)
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000000)={{r0}, 0xeb65, 0x6, 0x6})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0)

1.323717683s ago: executing program 6 (id=4066):
r0 = socket$kcm(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a01d1561b8662e132fe000a000007090001cc9b4375ad2093b3fb1c7605a30073797a31000000000900030073797a320100000014000000110001c2e35d41bcdad62ad78d87b2885644f60401efffdb5b571a3fe5168fb71ebaf3bdcd4cfc8ca596048ec3cbcc3f0452faa3e41c05715df559b3f329da76faae3c2d", @ANYRESOCT=r0, @ANYRESOCT=r1, @ANYRESDEC=r1, @ANYBLOB="5ab45c131565b2e0433bb5b49e5bf8206dd82862f0f7796fbf29773f8d1471f72b35295dde09d878de637ddb44dd970508c2ad74eaedd66d3d0700e0246d216de0b6a14ceed843780c2b02294d413b4c27cb013b49596279a80e8922b4da06fb462de38fd0a0c073632d8d1964347cb79fc7c9de6a0bcbe5037b0ed93d3c0406363c9e9f325d1b91562e3efd"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="20000000070a01020000000000000000000000060900010073fc3ed39d698757d36b5d62a068d15cfa8f9cf1ce78232c08722ab055e2f9154e9e564dbe5cadc8c71950c7366ffe802de938ac6f5f012aec1132b42c84a3a77c4807a0c3e6ffe840e675f398c82d039366fda0260000000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x200000d1}, 0x8084)
r3 = socket(0x2, 0x80805, 0x0)
ptrace(0x10, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010102, 0x4e1d, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@local, 0x4e23, 0x2, 0xcd}}, 0x44)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x20, 0x0, 0x7fffffff}]})
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
ioctl$BTRFS_IOC_SCRUB(r4, 0xc400941b, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x180)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYRESDEC=r5, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="420000001000010000000000000000000500000a34000000060a010400100000000000000a0000010900010073797a310000000008000a400000000000140000001100010000000000000000000000000a00"/92], 0x5c}}, 0x20040040)
read$FUSE(r5, &(0x7f0000002140)={0x2020, 0x0, <r7=>0x0}, 0x2020)
syz_fuse_handle_req(r5, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d80762ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0xffffffffffffffff, {0xffffffffffffffff, 0x2, 0x80000001, 0x0, 0x0, 0x10000004, {0x40, 0xd08, 0x0, 0xfe, 0x0, 0x0, 0x7, 0x0, 0x122, 0x6000, 0x10000, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = userfaultfd(0x801)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r9, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
sendmsg$nl_route(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ab5137e8f7e4e7ac14e7e1562d8f01eae0f77823b20db4e4baee1d222f03033c01e1f4768a1635bb0b2c9c49b9b7f288808594455df8ab2f162c4c72b918cdb84e335610e548c2633bea690b37eb72512f3918a4e7941fc4d3edcdeb7ed356317a2e71f2e5a2c95a4d3eb88fdd44e956c3ed0568a975bafd6b074e9ba54e74d54fce318acc3f6fd20c01b17f1683706eab025b16ce94f767bc9a7ca36e26b85a10ea49e5db8dcdc62b1494b2c2c5e70c13e9c918"], 0x48}, 0x1, 0x0, 0x0, 0x8050}, 0x40)
write$FUSE_INIT(r5, &(0x7f0000000440)={0x50, 0x0, r7, {0x7, 0x29, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x50)

893.747175ms ago: executing program 8 (id=4070):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x3, 0x81, 0xffffffff})
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x400000, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x111, 0x5}}, 0x20)
r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r2, 0x0)
capget(&(0x7f0000000040)={0x20071026, r2}, &(0x7f0000000080)={0x6, 0x9, 0x80000000, 0x1, 0x4cfdb800, 0x2})
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000340)={0x15, 0x110, 0xfa08, {r1, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4, @loopback}, @in={0x2, 0x4000, @broadcast}}}, 0x118)

892.411455ms ago: executing program 8 (id=4072):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$KDFONTOP_COPY(r0, 0x4b72, &(0x7f0000000400)={0x3, 0x1, 0x18, 0xb, 0x1b0}) (async, rerun: 32)
r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) (rerun: 32)
r2 = signalfd4(r1, &(0x7f0000000480)={[0xb6b9]}, 0x8, 0x80000) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r2, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, r3, 0x20, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, ["", "", "", ""]}, 0x1c}}, 0x4040000)
getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000640)=0x1, &(0x7f0000000680)=0x4) (async, rerun: 32)
ioctl$KDSKBMETA(r2, 0x4b63, &(0x7f00000006c0)=0x3) (async, rerun: 32)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), r2)
sendmsg$TIPC_NL_BEARER_ADD(r2, &(0x7f0000000980)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000780)={0x194, r5, 0xbd5dcca92ddd2040, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x164, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd89a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x853}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb2}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x200, @mcast1, 0xb9f}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0xaa4f, @mcast2, 0x2}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x80000000}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x3, @remote, 0x2}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x8, @private1, 0x7fffffff}}}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @loopback}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0xfff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000}}}}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff21}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}]}, 0x194}, 0x1, 0x0, 0x0, 0x50}, 0x30000001) (async)
sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a00)={0xc4, r3, 0xa1e, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_REG_RULES={0x90, 0x22, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x80}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x80000001}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0xfffffffb}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0xf42}, @NL80211_ATTR_FREQ_RANGE_START={0x8}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x400}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x6}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x3e0}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x200}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x401}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x1}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x99}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x8}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0xc4}, 0x1, 0x0, 0x0, 0x50000}, 0x4) (async)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000bc0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x3c, r6, 0x300, 0x70bd2d, 0x25dfdbfc, {{}, {}, {0x20, 0x17, {0x1b, 0x7b, @l2={'eth', 0x3a, 'bond_slave_0\x00'}}}}, [""]}, 0x3c}}, 0x4004001) (async)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000d00), r2)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r2, &(0x7f0000000e40)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000e00)={&(0x7f0000000d40)={0x88, r7, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}}]}, 0x88}, 0x1, 0x0, 0x0, 0x810}, 0x40000) (async, rerun: 32)
ioctl$XFS_IOC_BULKSTAT(r1, 0x8040587f, &(0x7f0000001000)={{0x6, 0x7, 0x7, 0x1, 0x4}, &(0x7f0000000e80)=[{}, {}]}) (async, rerun: 32)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001080)) (async)
r8 = syz_open_dev$vcsa(&(0x7f00000010c0), 0x10000, 0x440) (async, rerun: 32)
r9 = syz_genetlink_get_family_id$smc(&(0x7f0000001140), r2) (rerun: 32)
sendmsg$SMC_PNETID_FLUSH(r8, &(0x7f0000001200)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000011c0)={&(0x7f0000001180)={0x14, r9, 0x20, 0x70bd29, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x10000}, 0x4000) (async)
sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000012c0)={&(0x7f0000001280)={0x30, 0x5, 0x6, 0x700, 0x0, 0x0, {0x2, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x30}}, 0x14) (async)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, &(0x7f0000001400)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000013c0)={&(0x7f0000001380)={0x30, r3, 0x0, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_OPER_CLASS={0x5}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000004)
sendmsg$NL80211_CMD_SET_PMKSA(r2, &(0x7f0000001500)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000014c0)={&(0x7f0000001480)={0x30, r3, 0x4, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x8, 0x6e}}}}, [@NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x8fe}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x26002814) (async)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000001580), r2)
sendmsg$DEVLINK_CMD_RATE_SET(r2, &(0x7f0000001640)={&(0x7f0000001540), 0xc, &(0x7f0000001600)={&(0x7f00000015c0)={0x20, r10, 0x8, 0x70bd27, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x10000}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008044}, 0x40000) (async)
ioctl$DVB_DVR_DMX_EXPBUF(r8, 0xc00c6f3e, &(0x7f0000001680)={0x7, 0x0, <r11=>r1})
sendmsg$NL80211_CMD_TDLS_MGMT(r11, &(0x7f0000001780)={&(0x7f00000016c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001740)={&(0x7f0000001700)={0x1c, r3, 0x404, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0xf6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) (async)
ioctl$TCSETSF(r8, 0x5404, &(0x7f00000017c0)={0xf42d, 0x3, 0x3ff, 0x2, 0x16, "7a92a3c092f17b15483ecaae27fcef8427e418"}) (async)
write$fb(r11, &(0x7f0000001800)="4ea3a7faa35028a5a1d1f25d787e52c627d870074a4bfe007c0b819c9f031bca8edf821ef84d23711166fa109c97c830e753ab7fcc969f32c1dd6bbc0541f3426d855cfcfda402eb2133c7aaeae39169bdd667d8571beb5404e53ea352e56f7471820782adee511fa95c7d3e8944ed67b6d64030ef988042f37814cca7fc83093a517212956717544f1e41bd4ad45b7edfef5f7b2341310861454337346aa998fa", 0xa1)

814.301341ms ago: executing program 8 (id=4073):
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x40300, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="58000000020605000000000000000000000000001400078005001400090000000800124008001f000500010006000000050005000200000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x58}}, 0x0) (async)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="58000000020605000000000000000000000000001400078005001400090000000800124008001f000500010006000000050005000200000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x58}}, 0x0)
ioctl$CDROMRESET(r0, 0x5312)

814.08974ms ago: executing program 2 (id=4074):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000006080)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000ac03000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000380)={r2, r4, 0x25, 0x0, @val=@tracing={0x0, 0x5a7}}, 0x20)
syz_emit_ethernet(0xc5, &(0x7f0000000440)={@local, @empty, @void, {@ipv6={0x86dd, @dccp_packet={0x3, 0x6, '7c\f', 0x8f, 0x21, 0xff, @empty, @ipv4={'\x00', '\xff\xff', @remote}, {[], {{0x4e24, 0x4e24, 0x4, 0x1, 0xf, 0x0, 0x0, 0x6, 0x3, "21f0bf", 0x6, '4sV'}, "f53a064dbdc9d592c13f94c89dbb3541578176802502db6b178639541edad043e6090318cc77389a184f7d5c788e2c4a3c91390c0f77ad5dcf495cd4fdebaddddaad241d750187bc33c5ac4d55b9cd3d3241ab47c17913984fdf9b961633e7f4b4247beb31b3ba97eeb9b18fc924755bbba13454021af586d3f88b0787b074"}}}}}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newlink={0x54, 0x10, 0x401, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @loopback}]}}}, @IFLA_TXQLEN={0x8, 0xd, 0x20000006}]}, 0x54}}, 0x0)

681.643076ms ago: executing program 8 (id=4075):
fspick(0xffffffffffffff9c, 0x0, 0xf)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x180502)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c2)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa04, 0x0)
r1 = socket(0x1e, 0x5, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda)
listen(r1, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r2 = socket(0x1e, 0x5, 0x0)
sendmsg$tipc(r2, &(0x7f0000000080)={&(0x7f0000000100)=@name, 0x10, 0x0}, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000, 0x0, 0x2}, 0x1c)
accept4$nfc_llcp(r1, 0x0, 0x0, 0x0)
sendmsg$tipc(r2, &(0x7f0000000640)={&(0x7f0000000300), 0x10, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0)
mkdir(&(0x7f0000000100)='./bus\x00', 0xe8)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000a80)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@volatile}]})
r3 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r3, &(0x7f0000002780)={0x2020}, 0x5ecfb203)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'macvlan0\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000305000000000020000000000000", @ANYRES32=0x0, @ANYBLOB="15e3000000000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r4, @ANYBLOB="0a000100aaaa00"], 0x48}}, 0x0)

681.327711ms ago: executing program 2 (id=4076):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f0000000040)={r5, 0x101}, 0x8)
setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000180)={r5, 0x10, 0x42, 0x6}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xfff2}, {0xf, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x0, 0x8000, 0x1402}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x24044092)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd26, 0x25dfdbfb, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {}, {0xc, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x55}, 0xc010)

681.11565ms ago: executing program 2 (id=4077):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="0f01c30f01c80f20d9b9800000c00f3235004000000f30f30f6fe3c4e39179e6000f013166baf80cb86fd29189ef66bafc0cec66b8df008ee8c4c1e1df9e00000000", 0x42}], 0x1, 0x44, 0x0, 0x0) (async)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) (async)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) (async)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) (async)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) (async)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x1000, 0x0, 0x3}, 0x20) (async)
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3}) (async)
r5 = syz_open_dev$dvb_frontend(&(0x7f00000015c0), 0x0, 0x400)
ioctl$FE_GET_PROPERTY(r5, 0x80106f53, &(0x7f0000000400)={0x38, &(0x7f0000000500)}) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)

548.18076ms ago: executing program 8 (id=4078):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000500), 0xee8, 0x5042)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/fscaps', 0x20940, 0x1e2)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000140)={r2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8004, 0x0, 0x0, 0x5, 0x4, "6fa715e63fee9cb07f3c19ed0c04afcaba06f6d9584488da0162d4cc7030ec4f7b9ab89b3e19b47b6669f6bdb9c400", "8bc975aabbbbe9e4cbb0e98d43a12e12538b330e6fe3bce73919393417abdc6c58f0abd4f0c29b3c71757f74bc429c808f46e9cda4584203143a0b9705fb16b6", "666f1d5f5c43005b310134ce9a6d0369862b72c1f9f4980a2346c4dd62ad8050", [0x6, 0x61fe]}})
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r2, 0xc01064bd, &(0x7f0000001340)={&(0x7f0000000340)="a63eb5c0303fe632855474048fa8ff1f0e8ff8d321677ff80581ed6e0acbe36d4d9260ca8abf394a1ae785d70781dcf0291e4202c7ef8b5f8c634c6683926966b34078b61fd1a5d8537b1e75de7acfac981e2d6cad3573de6b342f1d327c6efe4c4e295ee921b26ecfe407cf0cee4ef78a64c9036df2cd03c7475b0f35a7ce53f6274cb6fd67b6ec08e50b5fe0bfcdcada613eabe8fb834cc3d12ec71a527b669f029d71cfaae754964fb7d468681387d14ee5be3d514596b74f690a1375737c6fb32957cc6723a09146d4c195ec7731ac2919aa860b68b1ed46d31b9c82b7c9ede60bd8077d3246756f92b166e255b11eca933dd129d8bdfc8bf9e46485161df872187ac2d5260abb7cb2bf266bc2a2101cda07d9babe9bdca22b369c77ae94980312dad8ec348c37fbfa7f2d48467874a2b08a37d3bb383fd491e3ea45648ea7e59c03269dd7068b6090364fa16a73091fedceecae454691f08eed533bbaf023fbde3a307fdc8d3f4c7e992623953d6e03199d2de82425371b12233248b13216de0c8a40d9400ddb5619617667a19b07f64e84560f98b02cd49c556d46c7a62e2acb35179eda5599896f4d8c1da8c5406fdcb51ae2fab72fe6b2533f0148ca8643875fe067ec667c6873b0e7360a89b60f5901e7547d94379c1a908f5c6be125f1ecae1ecb9b8f389ed372eb8f1ce0f5db98f7cc9b4e862622af1b6fe0d4451f59f337a5399e2713d8d246218436517257051e3c0aaebbfb197c734d821b4f09c8aecaee0350a98414265d1ce7d01930c54078e93f5ae41129d92930a1e106949ecef6ae20e9bfb1537cd5ab161b66fe77027e895aabf644d14e3849b4e610b1bfe01d0dd2e0cb9a06f51d96525bc87f1bcf00a2af77e10f2dbb88650990e2cfcfcea35d67333e0dbcf21aa40e38da5058e1d379cb39cc7127bd9cf3dfcd54db7fac6d55fbe7eb2b4b4a7bcf3df25fc55b96786a8b7d4689c9a7a2c9fa1bf4146acec6d6cc50ca9b37b6be428ef9d32e5047f551ae6ab3add877a857b68900b002c657689e41857943fcfb505d264642649cd4aaa1185f606765eec566f5bce3934d67a1b4f0e5d5def618848268a69304183088ead056767de3e6bb9501a6049cafd28560aa3f01cfda1160c5b3c778237234d656b53ef0582fc3dfd4b0beff3b9e47f61c86cf54a3db3f0b8653ffd027dca02086dee54baa38e15bc13314d816f1c554b0656673f79075a40c57f72d8cc7bad8cc6ebd6dc63c919445e7f3cb92f5a7ecd73bafdd0aade9d1ac81058580590576189f72139fa0dd5f099de0bfed5c077151d1c42c025e0c3e5e52d774c94e991b9b4179dbba399db6892d155ba496c6f74618bd920863cdc55f378af72d07fbaefbf287e5ad5ae807f3c10fb13bda87cf91bc4609c739ed10f85291f7ff871c66014e6e5a16986a41170354700d99b37384f7b2e8d0b4f20b6d2c352bbf48674a9b6b20cb8731361acc4defe91b63f99774514dbee92dcb1cc51fb8b55e9d972702f5e2dc1b606a6dcba6d8b865d1900071e6edddc3cb1b52fcb5a69998326be345a2adf104bf4b20e0cb7259c35e81d9beaef2be1ef059659213a66cde352ecf026b607fef6adef7bf5c60bfdb56b5bd2976f2d194245978655e18b90c0bdfe646bc4dd9b633dd8ab3b215a35376082660d851c68f744bf37b6f9b57c26ce6621c4816957b3aa8c1256e049754e75b6cfc66dc7fd0d7cff01152ad312aa438756f2828ea4e91c8d655420759c5d16463e13a0044d8c7fff740ce1168930e5453085e2d6ec6642ccddd4d2d11a46cdd184eec7ab9a49168a73377c8b00786043ff1cb807b8f727eed276140a0f9861f349a660757814674c4139f7b3f3110b5a70227fe2536928581a6c6d0ba7cb6063569886e26d816b0c79412e93c553a7b3218d0465543b2908247b8993ae7ffd41fd42a778be71c43ce88865f7672f4e76baa14256fa104acef673818421cb1ba8e7a426c2f5a01caa4ab87d583310f2c0c7267664a0158032e29235e53575401fb6d1510f0b4f63f64deb3823d7ff4968f044623fcfe70cf0d278f48b24987c096c782bc0e26f0deb5181c9c915e0fc027dab9d4a3bc616c15d8051e4027d19010b11e063297376374585ac787b2cb487d02544d9fe5b5270894218effc59b7fa625cc8a30cdd3a28a20b4c2f75f3d88785ac7c734f24248f2d549d26c46cd7e4b58ae5e89df5c38dd25b1596ea7f5341a26224bb4b16a4e67862351b619b9df47644931c65e24a27dd338bdcf41991d0784d7e285be4357c8cbe983f7d609ad0029cbb9170935befdae7de458824e49708af4f6ffbd1d36101b78707ada6b8c5cbcf7d20f9d6c21720e1fee77dfb3d9bd835c1e8790c56f964b843f3a55c20f9df260452a161cab00e4d0bdf686c238479d1a0715af00161f30500c469c01ce543df60442ed58d66120cdfc26e77756c2012802ab7804e89e1179db77e714cce99dcd8b69c715dad173f1bf2a4b06b8d6ccfef7bc6675c116276efe1bfebaf1a856541bdd1331a8a2773078506babfe9cee3c62066a7594c7f9244c16dfbbaa85df3746980cc2335a44837bfd107f43ed738098ac1aa7338e202c0a1e3f0c5816542767237cb0628f36978ce5c56e0de8a592b8f82b8bf180cb0149623c1eb16bf3ff91861627eb8b40949a8a7dda489ecba946488a8823e65fef1ddddea183e4d6914c784631e24ab097b7a18b90138e84bb1d09a122eec838deda6a2de6e94245f283f79e418d04a934c09574d1f4286e39b588dca69ef2b87d0aa4f55ae20c7115a6ef32f3ce9fa58fc77e3a846d78696366a54699473d99380f18d8a205d0046d585dad43a89325e6fd0d8714213f5104188cc2cb4404f5d144167f4d0226ecddefacb3a6da9fc9a9ab7e10944af5ee7a50194de33ed031bfe2c2d82c41c61eaa4a88f6492aade395b5aa269fe3853fb3db03fa78d70c5f62c3a2cfa190f40c7ab330e37d1c8be8e7b4bdea888a5b6ba2c64cd8a3b9f7b0c4975181451432b530c285cbce1611358df9a8a0c4970c33bb3483c95f19c0d51301e058fc25a04c2a3326a5c2664997b85ec5d213bcaa072246fee29598686d014dd15b6bd777d8b5827b2d449fc100f6ae1c034aed6d192777423af50959ee2c2c979e21d11df32751bfbe9ba44d709dd68cf33fca6c016715630d6803e917150aa2eac6e02a703c720312680c555c87afefccb15f892d23f5e8221ddaf317652052d097b2139f962e2ea86dcb28d4b2c7cbd9b7949f41f4f39eaccac50af0d5ef487fdee988ecf3bc3d7223445f9d2ee6ca392fee43ee2156c28cdee83c26bf0d9dbff2898152ca1da318d44a4bfd1f8d0fa888785df3043619a6a59343f9e703b278db30e0af867fda7d81453027291503fc80e1026e17372dfb60950f3681a4d8634a4a76437a534046fcb95e43501012609be99921e5d64dcdd8508676a2d79dd12b2a11d16f45c3af4524cf00fae7133f68537d0990adae071ec56bc34959ea3bb4b6e16daaae8e6925814aed88b7a972e6c09dc73a70db48e181033c8e7bb42e7724a1fe4ddf5b94efb2b381cfb79532fd5564e58d4514250031453437f2ddd5b5f3a57bb01a9329b0218328d8fa9424c4bf204d551f0bd5476084a6df57bd25bbc406b5e7e325927a696b99b7542acdec5652eb529903d7b961de98ac46be6c3ffff3b1467e040635720d2323cc94b1e031da856a57df6e5dd9401c42350c5daaae643ae2b0eabf80445deda5651346c2d11f5bffa0ccbdbc5177f00aebed2f3e4600adb89f2d76250e79a5ec2cca7846d0892a1e7d4db91d0819c007f2e0b3f090f613d416bacbea63396d2a60c1265c8695b397bc1e67683cd593984b6958539b08aecb16797c1d2ffaf8bcf2f9afd2c1e99ca12e77ed83e6565dee680fa598870dc8fb60159dae2b19bb9a534ec8eb212cc3444bc2f12d5820b5cea0120009742d1a68097259c5c2323be353f527c3230dcdf3f2548933090fb0546f99b6f5e2b3489e15dda67994d0227c6c4bfdf028c56eca4af08d95648181a3593ff0ad16c78e5d55ab6ce30fbe66489c1270cbc92d17a62fa121e029897343769c2c64f3d171b399004c3a86aef3e40d0fc4f14aef592e815db4858a3532ddeee5f1304abd13173d12f0011beea6d7d4251c1e823521047b2c0c5f623538b389ebbc01c7225347c19622046806384e169b682b4d83fa4aeebc5f5f2d5d2071ddd89c573c361b33713aa0ad9964ffa99b48e93956091fe5f811da112c657c9c955544f9490464f0e27474a6e12aa76d00c9aa8f31a8f39f492eedee34a1bb92382579f2fcf29b0808fa0815fc591b9ce2df7b53877ebec81610901e30867b95cd8fa9dda490b87b815c7a0b7df69767fee1807793aaeeb8795dbf277cd05f9d319bc2229126134e26dee04049e65039398c3c4612fc54d4717bac9d2844f5582571c8637145de313a5951436451616dd89a61ec84412790be6e47acbf2c8d4aa233cb88f800d63c5313d81ef124ed8707bbd148833510ac1b14cb51e0b39bec9641651c12337ca00982617e6c855905483bcbeedc4d8dab2730f4fb4485486e5b734617908865ab34ae3ca4bc1a038684239b6d769836bcff2ff6f125896feb96cb872f3904c2bf136f37e88bd251a8660e9c14827323e23e9b927dc0a231994db3ba3a85457c095914185127a2cb1c535e81ff88b08a58276f6344eb90f166063a33165c3549d442922dc01928436e8f7c626bc74132e6f36edf6062dae50076a47907855ba54fcd170cea40376bb2ebfa86e34e546b5f10170b3961feb4f14b3995b1742c645e46ca416fcf6427494d4c35eb713e38d186c48c5a5214a6d1078f90449fcddf3c6d64e7db7de1a8f9959f23f34d66ca212de1a93d9f72c847c6f869e70f1193665887f7db0f46fb38ff060d2e4a29daab412a638b07e0c9cfa2749fbfc04e0026ab736b7aa9386a557e1f659106e9b7e608e833c7d9eff8f16b7654e52b8ab073cef03012e0cb604310b3ea09645b093eeb1fce991dc485db9423106437d6bbe57960a0fb83f8f04835b6df08be7f906bc6b97445af4814a8f4f0b5be36a4e3fc92c71cfca9ea398dafef7489207c1a42e51ca45a2695c4d8c4d376ab702c32145b6815c08a0948e6c92133abb078faee7dbb05418bfccaa4d764ec83d6ea5d735a182d08927d9b97d0c78d1d2f32f57b6ed7e971f54bf9f4d8f72ada7c29baba2d00cf0a51ea7ca4b2870724ef8e85599a2d8c64acdc7eda9457c2b51a60b4f0ff0e22f223f0ab01d3033e7be464e604e104251f1f059f21aac86a7e73285a1504936dc7dd694da26a04602400e7debf94f2202aa637820c8949a75e91dd250af9e00624ebc677ffad3dbfd71b3b36cb879a4211c57cb8f68576d0fc3de0fb12c04d9e3b1f76cacd165f11ecb1c482e2166d5ce581cb674bbc7bcd6f90232bc419035e3060b2cf99cc8f5d2c566c60e32b88b9428518d5d059361ead8ee23b2eb21c05302c773e2be760e8f91f930e70b0eee5d662bca39699845cb9f12d825403950c2de357181d0359647533614284e3bd5d189884e3a1d104dde9527907370e9b97029a38b988713a62f11cae10ae290c6131e437eaf3492c8f8c7f95dd5370a617cc9b188f69d41a3b100a85bfc5080b4784f1d8e1f73a69b4b2a849c22ccf2373f483474eec6ddfb4dbbdabf9e1d991eec0dc833a5532fb4800f1e0244c247cce9d0b4f3018acad3df4c45cfe53eca21ea697b40d3df7", 0x1000})

546.997157ms ago: executing program 2 (id=4079):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x8, [@fwd={0x2}, @ptr={0x0, 0x0, 0x0, 0x2, 0x3}, @func={0x6}]}, {0x0, [0x0, 0x61, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x44}, 0x20)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4})

546.498775ms ago: executing program 8 (id=4080):
r0 = socket$inet6(0xa, 0x1, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000080)=0x5, 0x4)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r2, 0x0, 0x0, 0x0, <r3=>0x0})
ioctl$IOMMU_GET_HW_INFO(r1, 0x3b8a, &(0x7f0000000380)={0x24, 0x0, r3, 0x1c, &(0x7f00000003c0)=""/28})
sendto$inet6(r0, &(0x7f0000000480)='\b', 0x1, 0x20040012, &(0x7f00000000c0)={0xa, 0x4e22, 0x27b6a97, @local, 0x9}, 0x1c)
getsockopt$bt_hci(r0, 0x84, 0x6d, &(0x7f00000006c0)=""/4097, &(0x7f0000000040)=0x1001)

483.03768ms ago: executing program 2 (id=4081):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[], 0x3c}}, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000004c0)=0x8)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000180)=@sack_info={r2, 0x5, 0x101}, 0xc)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter6\x00')
socket(0x80000000000000a, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="480000001400030400000000000000000a3f0000", @ANYRES32=r5, @ANYBLOB="14000200ff2300000000000000000000000000011400060000000000060000000000000000000000080008000004"], 0x48}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYRESDEC, @ANYRES32=r8, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES8=r6], 0x3c}}, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
preadv(r3, 0x0, 0x0, 0x9ea, 0x3ff)

477.651271ms ago: executing program 2 (id=4082):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000500)="f7750000000000000000000000000000074d32e4e2d6420ef6c6d477f18e1af4741a4f37d8ae2f64aee4f07e8c29390d4290daa9c4e0f4cf8741a0df00001314c71be70d2f89d6947c6a1a4ba6798e24ef4f97b36f0cda1a11ab23bfd7038857b95502e50449cd2646aa67ff2fb66d4c037fc6c8a509a7ed3eaa101665d8411871a6ea432886baa30a7af36bcd308a2a0ed21e8cd83936a9c3b4bcf28bb65d0a96dcba8e0aa50c59976e1a9ba89c10e826c5cf", 0xb3}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}, {&(0x7f0000000980)="8d69", 0x2}], 0x4, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4}], 0x1, 0x40800)
sendmsg$NFT_BATCH(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES16=0x0, @ANYRES8=r0, @ANYRESOCT=r0], 0xf8}, 0x1, 0x0, 0x0, 0x40}, 0x8880)
recvmmsg(r0, &(0x7f0000000900)=[{{&(0x7f0000000280)=@caif=@dgm, 0x80, &(0x7f0000000800)=[{&(0x7f0000000a00)=""/143, 0x8f}, {&(0x7f00000006c0)=""/39, 0x27}, {&(0x7f0000000680)=""/13, 0xd}, {&(0x7f0000000ac0)=""/110, 0x6e}, {&(0x7f0000000740)=""/160, 0xa0}], 0x5, &(0x7f0000000b40)=""/112, 0x70}, 0x4}], 0x1, 0x0, &(0x7f0000000940))
getresuid(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f0000000000)=0x5, 0x4)
r5 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r6, &(0x7f0000000080), 0x12)
bind$x25(r7, &(0x7f0000000180), 0x12)
setsockopt$MRT6_DEL_MFC(r6, 0x29, 0xcd, &(0x7f00000000c0)={{0xa, 0x4e23, 0x6, @empty, 0xffffffff}, {0xa, 0x4e21, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0xffffffffffffffff, {[0x1, 0x2, 0x7, 0x4, 0x8, 0x9, 0xa9, 0x7]}}, 0x5c)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x20, 0x0, 0x7, 0x301, 0x0, 0x0, {}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0)
syz_open_dev$vcsu(&(0x7f0000000340), 0x5bad, 0x40)
sendmsg$NFNL_MSG_ACCT_DEL(r8, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000080)={0x20, 0x3, 0x7, 0x301, 0x0, 0x0, {0x5, 0x0, 0xfffc}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x20044800)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r5, 0xc2604111, &(0x7f0000000d40)={0x3, [[0x3, 0x9, 0x0, 0xfffffffe, 0x7f, 0x1, 0x1ff, 0x7], [0x2f5a, 0x0, 0x101, 0x81, 0x1, 0xfffffffe, 0x7ff, 0xf], [0x2, 0x5d3, 0xb4, 0x10, 0x1, 0x1, 0x80000000, 0x4]], '\x00', [{0xfffffff7, 0x8, 0x0, 0x1, 0x1}, {0x3, 0x8000}, {0x0, 0x40, 0x1}, {0x6, 0x9, 0x1, 0x1, 0x0, 0x1}, {0x1, 0x3}, {0x8000, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x7fff, 0xe}, {0x1000, 0x6b, 0x1, 0x0, 0x1, 0x1}, {0x8, 0xe6a1}, {0x2, 0x9, 0x1, 0x1}, {0x28e, 0xf31, 0x0, 0x1, 0x0, 0x1}, {0x4, 0x2, 0x0, 0x1}], '\x00', 0xff7ffff9})
close_range(r5, 0xffffffffffffffff, 0x0)
r9 = openat2(r5, &(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000200)={0x240041, 0x18a, 0x26}, 0x18)
bind$inet(r9, &(0x7f0000000080)={0x2, 0x5e21, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
sendmmsg$inet(r4, &(0x7f0000000440)=[{{&(0x7f0000000140)={0x2, 0x4e24, @multicast1}, 0x10, 0x0}}], 0x1, 0x44008004)
write$binfmt_misc(r4, &(0x7f0000000300), 0xfdef)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000003c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffd5b}}]}}, 0x0)

374.113171ms ago: executing program 6 (id=4083):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_add_vcpu$x86(0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000300)={0xc9, 0x0, 0xc})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008801}, 0x41)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000009c40)=[{{0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f0000001ac0)="2871482d0274a3f5fb038d1a344f5c73ad7c2c8cbd5fab5f8ad66201c764595148f635a1343d61a45c3dd7791250e2c0663947e80b7b92f4a2ddd70af1ab27812fae582e095977411ce305ff685975fa3d64cac1b8ce0cab21b6d464ea1f4220adf3d0cc7d2d708c8e928d74ee9156e91551ce746529d03b4fb7fcd0b6fe31f469decfc7146517e258388192183efe9b4e681e8c87ed183dfa745c70b12b2a96a913f6e5edeb9e0e9fad18dad5488818ff09197cf51fd3d1a2221cc1e6ee1d2cb96f79feaa36c37abc156dde7adc68ab3bac38ba5859c8e31b7e30a954817b85a1583f81662d3e4312526f68b1cb816ad64c0cc5e820bea42382470438fbc858c57fef6490134bfa739d5b46d227556982fa678b463c6bed478483c807566e97ef83769e68c6c6154e090b94dbfa06f8f76429b939ec4aa44fa68dee1e3ce04ca710ab508c3aced405a687c067265fdadf55d6834ffbc6e20381b275a055bfdda91b304d01f12c951f530b32b5d379b19ea1a466c3cdc58c7c433334e029f6dcca621d7eb41d8db4f1714270c5baf17cf136c885b23a75fc5d8622b28340fd8f8a55fd3acd7e063727799f1a04b565c4382ccce1cd08c256e40e7c5698e01d1a8e2094e03adb64a582b8e9a92889ed065001345cbecb04f19fa9d4e19a28ab7ec6571a6274c34cc764b8644cbc4897f09b70aa4614d1ee25806ae5f630c6bfdeedc608ccfd1f497a59a2db760eaec838a8f5b052355171a713700a0d5f1cd261ca7f392fdf19ffa48d6643d752055cc3946586b7bea93d868c57b74b3449e9ef17b64ab2336e44b12dcbdea5e934218e6cc07b202644676d0c90c53192cca7874c2782d9f7f3f1c1e6919ce6c4fcc86d59d5a7edadad51b76c8155d3970e24c1a7d442d9a4257121ca53bd4584c3e95d15114a28f947112f91c87b331cec3b202a4964d2df297b91df62858b0cf93b3bf35417b609d92928edfcde893947d613b708f9490e3d9451e871836be8eec9336c5d95fa0a0b17b45d7f889fa8597d56e41fc949c1d5ad5c2a203bec2098c3fae7e4e4a2508c00473bc1291578e7de410491569831b2df8dd39944ba3eb9dfbfe80642fdecd0f1eb9c7664c1642cda82a821f35a88f9cb2ebc814e85eac8c80e0e02399289a8fc1b23bd109859ce8bfd1cd3e6ede5fced50d8fcc06816b6b3c03c247b32d2f113673474cf16a0b18de60d5c250b34723fdb0b67d79859e7362981b3b2c91663e138466959a33c3394b7f0cf7310b473c29fc1781531cd9d071c26d18d7bc5efc9c1c85741dc816510916dc162d663c81c17d51989e35a7bc71a7500cdb4cea50c7f1291d825e1ccd6e55623a218a7366f487bf82f945cb2f974b45b6fbc17d4ca10951ba66494dfcb949589db491798c008259ff04e5999d56e8dada47b8337d20be34dd3bf2c1e284d4fe41fb12056c428c1dadb2ecbdeab166ed07323a0f309c49c50f0dd9b5bd36de07de77dd9517674a4861f8c4a52322b83dc7db1268dea6ad79063e9ad96478e662965ae55d66f60d3870acce1f0be266dc719fbbed4226ebabef2f12fd695a08644f178521c6c6c0a0feadec469ea35dcbdae5a5ca519524b167537b52b4900a9bbe392e315086e9f8a41aba998f7291c778732baf1f94ef778c34a7ab78d1fd27083c0ea0aa1f68ca6fd2b11a3f37c51e9e2881aca3528a89b4a1baf01021342f8dac5a8bf67f310af789d22a93a30bafe114fc6f9eedbcad0cbc6a38174a048f73414e189f5946452602b277e3de1a5dfb2d49129c752d1a1d30c3b95b9ffb8f27f84a4fec8b16e68d9dfb868591ba2679b298b497fb1249f631476a1f1621f671a81613445f2361fbbd8cc658e3fcb7578f289f105d3f32d25c7e5c7a9174a", 0x541}], 0x1, 0x0, 0x0, 0x40d1}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40840}}], 0x2, 0x40000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

92.718689ms ago: executing program 6 (id=4084):
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x22}, 0x48)
read(r0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000080), 0x42, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=v'])

3.776286ms ago: executing program 7 (id=4085):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x20100, 0x0)
r3 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
sendfile(r3, r2, 0x0, 0x80009)
ptrace(0x10, r1)
ptrace$poke(0x420f, r1, 0x0, 0xfffffffffffffffd)
ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000080)=r1)
r4 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x5, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000000)=0x1)

0s ago: executing program 6 (id=4086):
r0 = syz_open_dev$loop(&(0x7f0000000280), 0x80010b, 0xc00c0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/freeze_filesystems', 0x82801, 0x8e)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x6, 0x4000000000000ffd, 0x0, 0x0, 0x1d, 0x14, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5d69098c8b534464c516bdd8a0f350000e35abdb80e38f5eb010001", "32d8cc263d9e234b02000000000000004a6783cdd3dfe7800b2d7b6aa54cc5001fcaed1e831fa79a000000020000000000000400", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x8, 0x5]}})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000240)={0x11})
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
r2 = syz_open_dev$loop(&(0x7f00000001c0), 0xffffffffffff8000, 0x2)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f00000003c0)={0x0, {}, 0x0, {}, 0x3, 0x5, 0x13, 0x4, "b4ee45cffb9a2bd1d745b55acf5f829acb763946f3b1a9ee5a64fb349b7b9957f8d4666d1f2cb14d5c2002f7effd96099dfa53fdd90981ff4086bf0e5b378752", "e40a0c315c26c12c0dacd8700c09600d7271f57b8936effee21db5752e2b268d", [0x0, 0x2]})
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x18, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180200002020702500000000002020207b0af8ff00000000bda100000000000026010000f8ffffffb702000008000000b703000000000000850000004b00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)

kernel console output (not intermixed with test programs):

nterface activated: batadv_slave_1
[  375.806059][   T41] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  375.821568][   T41] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  375.832853][   T41] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  375.837397][   T41] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  376.024057][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  376.026736][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  376.067156][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  376.070231][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  376.354313][T19077] fuse: Unknown parameter 'fd0x0000000000000004'
[  376.524604][T19096] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3088'.
[  376.568737][ T5950] Bluetooth: hci3: command tx timeout
[  376.685464][T19108] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3091'.
[  376.697125][   T40] audit: type=1400 audit(1776653067.166:7606): avc:  denied  { setattr } for  pid=19107 comm="syz.6.3091" name="HIDP" dev="sockfs" ino=86753 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  376.701861][T19108] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3091'.
[  376.755239][T19112] netlink: 184 bytes leftover after parsing attributes in process `syz.6.3092'.
[  376.759008][T19112] xt_socket: unknown flags 0xd0
[  376.813122][ T5950] Bluetooth: hci4: command tx timeout
[  377.524729][   T40] audit: type=1400 audit(1776653067.996:7607): avc:  denied  { read open } for  pid=19146 comm="syz.2.3099" path="/" dev="configfs" ino=26 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  377.661973][T19160] geneve2: entered promiscuous mode
[  377.664007][T19160] geneve2: entered allmulticast mode
[  377.723943][T19162] can: request_module (can-proto-0) failed.
[  377.802243][ T1161] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  377.980355][T19183] netlink: 56 bytes leftover after parsing attributes in process `syz.7.3108'.
[  378.082611][T19180] wlan0 speed is unknown, defaulting to 1000
[  378.204449][T19190] syzkaller0: entered promiscuous mode
[  378.218649][T19190] syzkaller0: entered allmulticast mode
[  378.282802][   T40] audit: type=1400 audit(1776653068.756:7608): avc:  denied  { create } for  pid=19194 comm="syz.7.3110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  378.300288][   T40] audit: type=1400 audit(1776653068.766:7609): avc:  denied  { setopt } for  pid=19194 comm="syz.7.3110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  378.346701][T19180] wg1 speed is unknown, defaulting to 1000
[  378.659005][ T5950] Bluetooth: hci3: command tx timeout
[  378.919523][   T40] audit: type=1400 audit(1776653069.396:7610): avc:  denied  { connect } for  pid=19214 comm="syz.7.3114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  379.776530][   T40] audit: type=1400 audit(1776653070.246:7611): avc:  denied  { setopt } for  pid=19234 comm="syz.8.3119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  379.783655][   T40] audit: type=1400 audit(1776653070.256:7612): avc:  denied  { connect } for  pid=19234 comm="syz.8.3119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  380.733582][ T5950] Bluetooth: hci3: command tx timeout
[  382.067027][T19264] netlink: 'syz.8.3128': attribute type 1 has an invalid length.
[  382.522810][T19287] syz.7.3131 uses old SIOCAX25GETINFO
[  382.568068][   T40] audit: type=1400 audit(1776653073.036:7613): avc:  denied  { write } for  pid=19289 comm="syz.6.3134" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  382.577029][T19292] netlink: 'syz.8.3135': attribute type 11 has an invalid length.
[  382.589158][   T40] audit: type=1400 audit(1776653073.036:7614): avc:  denied  { open } for  pid=19289 comm="syz.6.3134" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  382.609161][   T40] audit: type=1400 audit(1776653073.076:7615): avc:  denied  { ioctl } for  pid=19289 comm="syz.6.3134" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0xaea3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  382.688873][T19297] FAULT_INJECTION: forcing a failure.
[  382.688873][T19297] name failslab, interval 1, probability 0, space 0, times 0
[  382.705620][T19297] CPU: 0 UID: 0 PID: 19297 Comm: syz.6.3137 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  382.705641][T19297] Tainted: [L]=SOFTLOCKUP
[  382.705645][T19297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  382.705652][T19297] Call Trace:
[  382.705656][T19297]  <TASK>
[  382.705662][T19297]  dump_stack_lvl+0x100/0x190
[  382.705682][T19297]  should_fail_ex.cold+0x5/0xa
[  382.705699][T19297]  ? tomoyo_realpath_from_path+0xb6/0x690
[  382.705712][T19297]  should_failslab+0xc2/0x120
[  382.705725][T19297]  __kmalloc_noprof+0xe0/0x850
[  382.705742][T19297]  ? kfree+0x1dd/0x6c0
[  382.705758][T19297]  tomoyo_realpath_from_path+0xb6/0x690
[  382.705773][T19297]  tomoyo_path_number_perm+0x23c/0x580
[  382.705790][T19297]  ? tomoyo_path_number_perm+0x22e/0x580
[  382.705808][T19297]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  382.705839][T19297]  ? find_held_lock+0x2b/0x80
[  382.705850][T19297]  ? __fget_files+0x215/0x3d0
[  382.705863][T19297]  ? hook_file_ioctl_common+0x149/0x410
[  382.705877][T19297]  ? __fget_files+0x215/0x3d0
[  382.705892][T19297]  ? __fget_files+0x21f/0x3d0
[  382.705907][T19297]  security_file_ioctl+0xd3/0x230
[  382.705919][T19297]  __x64_sys_ioctl+0xb7/0x210
[  382.705932][T19297]  do_syscall_64+0x10b/0xf80
[  382.705943][T19297]  ? clear_bhb_loop+0x40/0x90
[  382.705958][T19297]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.705970][T19297] RIP: 0033:0x7fc657b9c819
[  382.705980][T19297] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  382.705991][T19297] RSP: 002b:00007fc658a10028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  382.706003][T19297] RAX: ffffffffffffffda RBX: 00007fc657e15fa0 RCX: 00007fc657b9c819
[  382.706010][T19297] RDX: 0000200000000100 RSI: 00000000c00c64d2 RDI: 0000000000000003
[  382.706017][T19297] RBP: 00007fc658a10090 R08: 0000000000000000 R09: 0000000000000000
[  382.706024][T19297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  382.706030][T19297] R13: 00007fc657e16038 R14: 00007fc657e15fa0 R15: 00007ffefc4433b8
[  382.706045][T19297]  </TASK>
[  382.706050][T19297] ERROR: Out of memory at tomoyo_realpath_from_path.
[  382.879244][T19310] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  382.881637][T19310] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  383.279592][T19328] FAULT_INJECTION: forcing a failure.
[  383.279592][T19328] name failslab, interval 1, probability 0, space 0, times 0
[  383.283587][T19328] CPU: 0 UID: 0 PID: 19328 Comm: syz.6.3149 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  383.283605][T19328] Tainted: [L]=SOFTLOCKUP
[  383.283609][T19328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  383.283616][T19328] Call Trace:
[  383.283621][T19328]  <TASK>
[  383.283625][T19328]  dump_stack_lvl+0x100/0x190
[  383.283645][T19328]  should_fail_ex.cold+0x5/0xa
[  383.283662][T19328]  ? tomoyo_encode2+0xfb/0x3c0
[  383.283674][T19328]  should_failslab+0xc2/0x120
[  383.283686][T19328]  __kmalloc_noprof+0xe0/0x850
[  383.283703][T19328]  ? d_absolute_path+0x136/0x1b0
[  383.283716][T19328]  tomoyo_encode2+0xfb/0x3c0
[  383.283730][T19328]  tomoyo_encode+0x29/0x50
[  383.283741][T19328]  tomoyo_realpath_from_path+0x18c/0x690
[  383.283757][T19328]  tomoyo_path_number_perm+0x23c/0x580
[  383.283774][T19328]  ? tomoyo_path_number_perm+0x22e/0x580
[  383.283793][T19328]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  383.283824][T19328]  ? find_held_lock+0x2b/0x80
[  383.283834][T19328]  ? __fget_files+0x215/0x3d0
[  383.283847][T19328]  ? hook_file_ioctl_common+0x149/0x410
[  383.283861][T19328]  ? __fget_files+0x215/0x3d0
[  383.283877][T19328]  ? __fget_files+0x21f/0x3d0
[  383.283892][T19328]  security_file_ioctl+0xd3/0x230
[  383.283904][T19328]  __x64_sys_ioctl+0xb7/0x210
[  383.283916][T19328]  do_syscall_64+0x10b/0xf80
[  383.283926][T19328]  ? clear_bhb_loop+0x40/0x90
[  383.283941][T19328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.283953][T19328] RIP: 0033:0x7fc657b9c819
[  383.283963][T19328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  383.283973][T19328] RSP: 002b:00007fc658a10028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  383.283985][T19328] RAX: ffffffffffffffda RBX: 00007fc657e15fa0 RCX: 00007fc657b9c819
[  383.283992][T19328] RDX: 0000200000000100 RSI: 00000000c00c64d2 RDI: 0000000000000003
[  383.283998][T19328] RBP: 00007fc658a10090 R08: 0000000000000000 R09: 0000000000000000
[  383.284005][T19328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.284011][T19328] R13: 00007fc657e16038 R14: 00007fc657e15fa0 R15: 00007ffefc4433b8
[  383.284026][T19328]  </TASK>
[  383.284036][T19328] ERROR: Out of memory at tomoyo_realpath_from_path.
[  383.408363][T19338] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=50 sclass=netlink_tcpdiag_socket pid=19338 comm=syz.8.3151
[  383.416216][T19336] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  383.480005][T19340] macvtap0: entered allmulticast mode
[  383.492905][T19340] veth0_macvtap: entered allmulticast mode
[  383.849137][T19373] FAULT_INJECTION: forcing a failure.
[  383.849137][T19373] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  383.854564][T19373] CPU: 1 UID: 0 PID: 19373 Comm: syz.7.3162 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  383.854591][T19373] Tainted: [L]=SOFTLOCKUP
[  383.854597][T19373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  383.854608][T19373] Call Trace:
[  383.854615][T19373]  <TASK>
[  383.854622][T19373]  dump_stack_lvl+0x100/0x190
[  383.854649][T19373]  should_fail_ex.cold+0x5/0xa
[  383.854676][T19373]  _copy_from_user+0x2e/0xd0
[  383.854698][T19373]  drm_ioctl+0x520/0xc60
[  383.854719][T19373]  ? __pfx_drm_gem_change_handle_ioctl+0x10/0x10
[  383.854746][T19373]  ? __pfx_drm_ioctl+0x10/0x10
[  383.854773][T19373]  ? selinux_file_ioctl+0x13b/0x290
[  383.854792][T19373]  ? selinux_file_ioctl+0xb6/0x290
[  383.854810][T19373]  ? __pfx_drm_ioctl+0x10/0x10
[  383.854827][T19373]  __x64_sys_ioctl+0x18e/0x210
[  383.854847][T19373]  do_syscall_64+0x10b/0xf80
[  383.854863][T19373]  ? clear_bhb_loop+0x40/0x90
[  383.854885][T19373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.854903][T19373] RIP: 0033:0x7fcc4d59c819
[  383.854918][T19373] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  383.854935][T19373] RSP: 002b:00007fcc4e491028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  383.854951][T19373] RAX: ffffffffffffffda RBX: 00007fcc4d815fa0 RCX: 00007fcc4d59c819
[  383.854963][T19373] RDX: 0000200000000100 RSI: 00000000c00c64d2 RDI: 0000000000000003
[  383.854973][T19373] RBP: 00007fcc4e491090 R08: 0000000000000000 R09: 0000000000000000
[  383.854982][T19373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.854993][T19373] R13: 00007fcc4d816038 R14: 00007fcc4d815fa0 R15: 00007ffd0bd12728
[  383.855016][T19373]  </TASK>
[  383.855043][T19370] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3482940618 (6965881236 ns) > initial count (504378442 ns). Using initial count to start timer.
[  383.925244][T19369] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3482940618 (6965881236 ns) > initial count (504378442 ns). Using initial count to start timer.
[  383.955053][   T40] audit: type=1400 audit(1776653074.428:7616): avc:  denied  { open } for  pid=19368 comm="syz.8.3161" path="/dev/ptyr4" dev="devtmpfs" ino=147 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  383.972006][   T40] audit: type=1400 audit(1776653074.438:7617): avc:  denied  { ioctl } for  pid=19368 comm="syz.8.3161" path="/dev/ptyr4" dev="devtmpfs" ino=147 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  384.057067][T19385] hpfs: hpfs_map_sector(): read error
[  384.588350][ T6016] usb 12-1: new full-speed USB device number 5 using dummy_hcd
[  384.618605][   T50] usb 11-1: new high-speed USB device number 33 using dummy_hcd
[  384.745740][ T6016] usb 12-1: unable to read config index 0 descriptor/start: -71
[  384.749628][ T6016] usb 12-1: can't read configurations, error -71
[  384.772114][   T50] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  384.782117][   T50] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  384.785377][   T50] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  384.795596][   T50] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  384.801015][   T50] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.819857][   T50] usb 11-1: config 0 descriptor??
[  385.212957][ T2147] block nbd0: Possible stuck request ffff8880295e7000: control (read@0,1024B). Runtime 210 seconds
[  385.216467][ T2147] block nbd0: Possible stuck request ffff8880295e71c0: control (read@1024,1024B). Runtime 210 seconds
[  385.220117][ T2147] block nbd0: Possible stuck request ffff8880295e7380: control (read@2048,1024B). Runtime 210 seconds
[  385.223566][ T2147] block nbd0: Possible stuck request ffff8880295e7540: control (read@3072,1024B). Runtime 210 seconds
[  385.250405][   T50] plantronics 0003:047F:FFFF.000A: reserved main item tag 0xd
[  385.270283][   T50] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  385.530223][   T40] audit: type=1400 audit(1776653076.008:7618): avc:  denied  { write } for  pid=19393 comm="syz.6.3170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  385.551277][ T6145] usb 11-1: USB disconnect, device number 33
[  385.860513][T19409] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3176'.
[  385.865605][T19409] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3176'.
[  385.873890][T19409] geneve2: entered promiscuous mode
[  385.875750][T19409] geneve2: entered allmulticast mode
[  386.328330][ T6145] usb 11-1: new full-speed USB device number 34 using dummy_hcd
[  386.480363][ T6145] usb 11-1: config 1 interface 0 altsetting 60 endpoint 0x81 has invalid maxpacket 528, setting to 64
[  386.487599][ T6145] usb 11-1: config 1 interface 0 altsetting 60 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  386.491285][T19447] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3186'.
[  386.497161][ T6145] usb 11-1: config 1 interface 0 has no altsetting 0
[  386.506569][ T6145] usb 11-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  386.512009][T19447] netlink: 'syz.8.3186': attribute type 32 has an invalid length.
[  386.513437][ T6145] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.528381][ T6145] usb 11-1: Product: 嘜࿣秽ᱬ➦㤣楌૮夑栂䖒°윳ឋ〶͇��斨�떚���뀯低鞚�ꄿ�括დ��⽲��售묷③䵕잇瀇ཪ찖ᑇ﹢�Ჵⴌ�㡪�踕訔ᮥ⚣俾�‗횎���罰픭榰旪밗虈܋梫뺙馾��ꓒ�槜僡ᙑ많꯺�좼⧗뫆뒡牶莇⠒➟逆�
[  386.548470][ T6145] usb 11-1: Manufacturer: Г
[  386.549985][ T6145] usb 11-1: SerialNumber: syz
[  386.560463][T19414] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  386.761993][T19468] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621
[  386.792662][ T6145] usbhid 11-1:1.0: can't add hid device: -71
[  386.794649][ T6145] usbhid 11-1:1.0: probe with driver usbhid failed with error -71
[  386.809451][ T6145] usb 11-1: USB disconnect, device number 34
[  387.578876][T19505] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  387.581407][T19505] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  387.587355][T19505] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  387.595649][T19505] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  387.599853][T19505] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  387.607235][T19505] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  387.616149][T19505] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  387.620204][T19505] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  387.624255][T19505] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  387.636041][T19505] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  387.638136][T19505] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  387.656994][T19505] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  387.773791][T19514] netlink: 'syz.6.3202': attribute type 4 has an invalid length.
[  387.832724][T19521] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3202'.
[  388.145941][   T40] audit: type=1400 audit(1776653078.618:7619): avc:  denied  { getopt } for  pid=19548 comm="syz.2.3208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  388.205569][   T40] audit: type=1326 audit(1776653078.678:7620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19540 comm="syz.6.3206" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc657b9c819 code=0x0
[  388.388337][   T50] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  388.518346][   T50] usb 7-1: device descriptor read/64, error -71
[  388.758328][   T50] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  388.888535][   T50] usb 7-1: device descriptor read/64, error -71
[  388.998573][   T50] usb usb7-port1: attempt power cycle
[  389.054311][T19567] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3212'.
[  389.145739][   T40] audit: type=1400 audit(1776653079.618:7621): avc:  denied  { read } for  pid=19566 comm="syz.6.3212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  389.238477][T19574] dns_resolver: Unsupported server list version (0)
[  389.241781][T19574] nfs4: Unknown parameter '
yz:'
[  389.338558][   T50] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  389.358693][   T50] usb 7-1: device descriptor read/8, error -71
[  389.608522][   T50] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  389.608957][ T5950] Bluetooth: hci1: command 0x0c1a tx timeout
[  389.610333][   T62] Bluetooth: hci2: command 0x0c1a tx timeout
[  389.629692][   T50] usb 7-1: device descriptor read/8, error -71
[  389.690709][ T5950] Bluetooth: hci3: command 0x0c1a tx timeout
[  389.690745][   T62] Bluetooth: hci4: command 0x0c1a tx timeout
[  389.758651][   T50] usb usb7-port1: unable to enumerate USB device
[  389.790833][   T40] audit: type=1400 audit(1776653080.268:7622): avc:  denied  { shutdown } for  pid=19596 comm="syz.6.3224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  389.900960][T19602] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3226'.
[  389.976945][T19611] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  389.980189][T19611] SELinux: failed to load policy
[  389.984840][T19611] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3229'.
[  389.988580][T19611] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3229'.
[  389.990713][T19609] ntfs3(sr0): Primary boot signature is not NTFS.
[  389.997477][T19609] ntfs3(sr0): try to read out of volume at offset 0xf800
[  390.079890][T19609] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  390.120622][   T40] audit: type=1400 audit(1776653080.598:7623): avc:  denied  { write } for  pid=19621 comm="syz.7.3233" name="001" dev="devtmpfs" ino=758 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  390.131780][   T40] audit: type=1400 audit(1776653080.598:7624): avc:  denied  { map } for  pid=19621 comm="syz.7.3233" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=758 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  390.592556][T19648] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3241'.
[  390.725801][T19656] netlink: 132 bytes leftover after parsing attributes in process `syz.6.3244'.
[  390.773431][T19660] xt_hashlimit: size too large, truncated to 1048576
[  390.778943][T19661] netlink: 'syz.6.3246': attribute type 5 has an invalid length.
[  390.871522][   T40] audit: type=1400 audit(1776653081.348:7625): avc:  denied  { node_bind } for  pid=19666 comm="syz.8.3248" src=52768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  390.990137][   T40] audit: type=1400 audit(1776653081.468:7626): avc:  denied  { create } for  pid=19675 comm="syz.8.3252" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  391.000362][   T40] audit: type=1400 audit(1776653081.478:7627): avc:  denied  { map } for  pid=19675 comm="syz.8.3252" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=94895 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  391.014696][   T40] audit: type=1400 audit(1776653081.478:7628): avc:  denied  { read write } for  pid=19675 comm="syz.8.3252" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=94895 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  391.030086][T19676] erspan1: entered promiscuous mode
[  391.146138][T19682] kAFS: unable to lookup cell '1'
[  391.410283][T19707] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  391.410283][T19707] The task syz.2.3262 (19707) triggered the difference, watch for misbehavior.
[  391.414493][T19705] bpq0: entered promiscuous mode
[  391.418109][T19705] bpq0: entered allmulticast mode
[  391.602737][T19723] __nla_validate_parse: 1 callbacks suppressed
[  391.602751][T19723] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3267'.
[  391.611339][T19723] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.688472][ T5950] Bluetooth: hci1: command 0x0c1a tx timeout
[  391.689335][   T62] Bluetooth: hci2: command 0x0c1a tx timeout
[  391.768622][   T62] Bluetooth: hci4: command 0x0c1a tx timeout
[  391.778535][   T62] Bluetooth: hci3: command 0x0c1a tx timeout
[  392.335466][T19755] netlink: 65039 bytes leftover after parsing attributes in process `syz.7.3275'.
[  392.346089][T19755] netlink: 'syz.7.3275': attribute type 1 has an invalid length.
[  392.426610][T19757] FAULT_INJECTION: forcing a failure.
[  392.426610][T19757] name failslab, interval 1, probability 0, space 0, times 0
[  392.433030][T19757] CPU: 3 UID: 0 PID: 19757 Comm: syz.8.3276 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  392.433049][T19757] Tainted: [L]=SOFTLOCKUP
[  392.433054][T19757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  392.433061][T19757] Call Trace:
[  392.433066][T19757]  <TASK>
[  392.433070][T19757]  dump_stack_lvl+0x100/0x190
[  392.433089][T19757]  should_fail_ex.cold+0x5/0xa
[  392.433105][T19757]  should_failslab+0xc2/0x120
[  392.433132][T19757]  __kmalloc_cache_noprof+0x7a/0x6f0
[  392.433148][T19757]  ? drm_prime_add_buf_handle+0x58/0x590
[  392.433163][T19757]  ? idr_alloc+0xdd/0x130
[  392.433176][T19757]  drm_prime_add_buf_handle+0x58/0x590
[  392.433192][T19757]  drm_gem_change_handle_ioctl+0x316/0x4e0
[  392.433211][T19757]  ? __pfx_drm_gem_change_handle_ioctl+0x10/0x10
[  392.433230][T19757]  ? find_held_lock+0x2b/0x80
[  392.433240][T19757]  ? drm_dev_exit+0x41/0x60
[  392.433250][T19757]  ? drm_dev_exit+0x41/0x60
[  392.433264][T19757]  drm_ioctl_kernel+0x1f3/0x3e0
[  392.433274][T19757]  ? __pfx_drm_gem_change_handle_ioctl+0x10/0x10
[  392.433292][T19757]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  392.433307][T19757]  drm_ioctl+0x5e6/0xc60
[  392.433319][T19757]  ? __pfx_drm_gem_change_handle_ioctl+0x10/0x10
[  392.433358][T19757]  ? __pfx_drm_ioctl+0x10/0x10
[  392.433386][T19757]  ? selinux_file_ioctl+0x13b/0x290
[  392.433398][T19757]  ? selinux_file_ioctl+0xb6/0x290
[  392.433410][T19757]  ? __pfx_drm_ioctl+0x10/0x10
[  392.433421][T19757]  __x64_sys_ioctl+0x18e/0x210
[  392.433434][T19757]  do_syscall_64+0x10b/0xf80
[  392.433444][T19757]  ? clear_bhb_loop+0x40/0x90
[  392.433458][T19757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.433470][T19757] RIP: 0033:0x7f1530f9c819
[  392.433481][T19757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  392.433492][T19757] RSP: 002b:00007f1531da2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  392.433503][T19757] RAX: ffffffffffffffda RBX: 00007f1531215fa0 RCX: 00007f1530f9c819
[  392.433511][T19757] RDX: 0000200000000100 RSI: 00000000c00c64d2 RDI: 0000000000000003
[  392.433518][T19757] RBP: 00007f1531da2090 R08: 0000000000000000 R09: 0000000000000000
[  392.433524][T19757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  392.433530][T19757] R13: 00007f1531216038 R14: 00007f1531215fa0 R15: 00007ffd3857e5a8
[  392.433545][T19757]  </TASK>
[  392.553392][T19765] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3281'.
[  392.556149][T19765] openvswitch: netlink: nsh attr 8 is out of range max 3
[  392.585950][T19768] netlink: 'syz.8.3282': attribute type 3 has an invalid length.
[  392.590702][T19768] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3282'.
[  392.808667][T19793] FAULT_INJECTION: forcing a failure.
[  392.808667][T19793] name failslab, interval 1, probability 0, space 0, times 0
[  392.816473][T19793] CPU: 3 UID: 0 PID: 19793 Comm: syz.8.3290 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  392.816496][T19793] Tainted: [L]=SOFTLOCKUP
[  392.816503][T19793] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  392.816513][T19793] Call Trace:
[  392.816520][T19793]  <TASK>
[  392.816527][T19793]  dump_stack_lvl+0x100/0x190
[  392.816553][T19793]  should_fail_ex.cold+0x5/0xa
[  392.816577][T19793]  should_failslab+0xc2/0x120
[  392.816594][T19793]  __kmalloc_cache_noprof+0x7a/0x6f0
[  392.816615][T19793]  ? drm_prime_add_buf_handle+0x58/0x590
[  392.816634][T19793]  ? idr_alloc+0xdd/0x130
[  392.816653][T19793]  drm_prime_add_buf_handle+0x58/0x590
[  392.816677][T19793]  drm_gem_change_handle_ioctl+0x316/0x4e0
[  392.816704][T19793]  ? __pfx_drm_gem_change_handle_ioctl+0x10/0x10
[  392.816726][T19793]  ? find_held_lock+0x2b/0x80
[  392.816742][T19793]  ? drm_dev_exit+0x41/0x60
[  392.816756][T19793]  ? drm_dev_exit+0x41/0x60
[  392.816776][T19793]  drm_ioctl_kernel+0x1f3/0x3e0
[  392.816791][T19793]  ? __pfx_drm_gem_change_handle_ioctl+0x10/0x10
[  392.816814][T19793]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  392.816837][T19793]  drm_ioctl+0x5e6/0xc60
[  392.816855][T19793]  ? __pfx_drm_gem_change_handle_ioctl+0x10/0x10
[  392.816881][T19793]  ? __pfx_drm_ioctl+0x10/0x10
[  392.816901][T19793]  ? selinux_file_ioctl+0x13b/0x290
[  392.816918][T19793]  ? selinux_file_ioctl+0xb6/0x290
[  392.816935][T19793]  ? __pfx_drm_ioctl+0x10/0x10
[  392.816951][T19793]  __x64_sys_ioctl+0x18e/0x210
[  392.816969][T19793]  do_syscall_64+0x10b/0xf80
[  392.816980][T19793]  ? clear_bhb_loop+0x40/0x90
[  392.817001][T19793]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.817018][T19793] RIP: 0033:0x7f1530f9c819
[  392.817032][T19793] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  392.817047][T19793] RSP: 002b:00007f1531da2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  392.817064][T19793] RAX: ffffffffffffffda RBX: 00007f1531215fa0 RCX: 00007f1530f9c819
[  392.817071][T19793] RDX: 0000200000000100 RSI: 00000000c00c64d2 RDI: 0000000000000003
[  392.817080][T19793] RBP: 00007f1531da2090 R08: 0000000000000000 R09: 0000000000000000
[  392.817090][T19793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  392.817099][T19793] R13: 00007f1531216038 R14: 00007f1531215fa0 R15: 00007ffd3857e5a8
[  392.817122][T19793]  </TASK>
[  392.819834][T19795] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3292'.
[  392.878949][T19799] netlink: 'syz.6.3292': attribute type 10 has an invalid length.
[  392.920721][T19799] team0: Device ipvlan1 failed to register rx_handler
[  392.940761][T19809] xt_hashlimit: size too large, truncated to 1048576
[  392.973507][T19811] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3298'.
[  393.151474][T19839] FAULT_INJECTION: forcing a failure.
[  393.151474][T19839] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  393.159497][T19839] CPU: 1 UID: 0 PID: 19839 Comm: syz.8.3305 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  393.159516][T19839] Tainted: [L]=SOFTLOCKUP
[  393.159520][T19839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  393.159527][T19839] Call Trace:
[  393.159531][T19839]  <TASK>
[  393.159536][T19839]  dump_stack_lvl+0x100/0x190
[  393.159554][T19839]  should_fail_ex.cold+0x5/0xa
[  393.159572][T19839]  _copy_to_user+0x32/0xd0
[  393.159586][T19839]  simple_read_from_buffer+0xcb/0x170
[  393.159601][T19839]  proc_fail_nth_read+0x1af/0x230
[  393.159685][T19839]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  393.159705][T19839]  ? rw_verify_area+0xce/0x6d0
[  393.159723][T19839]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  393.159741][T19839]  vfs_read+0x1e4/0xb30
[  393.159754][T19839]  ? __pfx_vfs_read+0x10/0x10
[  393.159764][T19839]  ? __fget_files+0x215/0x3d0
[  393.159781][T19839]  ? __fget_files+0x21f/0x3d0
[  393.159798][T19839]  ksys_read+0x12a/0x250
[  393.159808][T19839]  ? __pfx_ksys_read+0x10/0x10
[  393.159821][T19839]  ? rcu_is_watching+0x12/0xc0
[  393.159895][T19839]  do_syscall_64+0x10b/0xf80
[  393.159905][T19839]  ? clear_bhb_loop+0x40/0x90
[  393.159919][T19839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.159931][T19839] RIP: 0033:0x7f1530f5d04e
[  393.159941][T19839] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  393.159952][T19839] RSP: 002b:00007f1531da1fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  393.159964][T19839] RAX: ffffffffffffffda RBX: 00007f1531da26c0 RCX: 00007f1530f5d04e
[  393.159971][T19839] RDX: 000000000000000f RSI: 00007f1531da20a0 RDI: 0000000000000004
[  393.159977][T19839] RBP: 00007f1531da2090 R08: 0000000000000000 R09: 0000000000000000
[  393.159984][T19839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  393.159990][T19839] R13: 00007f1531216038 R14: 00007f1531215fa0 R15: 00007ffd3857e5a8
[  393.160005][T19839]  </TASK>
[  393.173699][T19825] syz.7.3300 (19825): drop_caches: 2
[  393.388351][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  393.388364][   T40] audit: type=1400 audit(1776653083.858:7635): avc:  denied  { read } for  pid=19848 comm="syz.2.3307" name="btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  393.407850][   T40] audit: type=1400 audit(1776653083.858:7636): avc:  denied  { open } for  pid=19848 comm="syz.2.3307" path="/dev/btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  393.416829][   T40] audit: type=1400 audit(1776653083.878:7637): avc:  denied  { ioctl } for  pid=19848 comm="syz.2.3307" path="/dev/btrfs-control" dev="devtmpfs" ino=1342 ioctlcmd=0xaf11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  393.503389][T19848] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  393.589012][T19862] macsec1: entered promiscuous mode
[  393.591394][T19862] macsec1: entered allmulticast mode
[  393.685599][   T40] audit: type=1400 audit(1776653084.158:7638): avc:  denied  { connect } for  pid=19874 comm="syz.6.3315" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  393.744088][T19878] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3315'.
[  393.752774][T19881] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3316'.
[  393.755169][T19878] syz_tun: entered promiscuous mode
[  393.769649][   T62] Bluetooth: hci2: command 0x0c1a tx timeout
[  393.771640][ T5950] Bluetooth: hci1: command 0x0c1a tx timeout
[  393.783792][T19878] syz_tun: refused to change device tx_queue_len
[  393.848413][ T5950] Bluetooth: hci3: command 0x0c1a tx timeout
[  393.848666][   T62] Bluetooth: hci4: command 0x0c1a tx timeout
[  394.088545][T19901] comedi comedi0: bad chanlist[0]=0x000001ff chan=511 range length=1
[  394.088920][T19898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3320'.
[  394.414428][T19920] netpci0: tun_chr_ioctl cmd 1074025678
[  394.416248][T19920] netpci0: group set to 0
[  394.419700][T19919] netpci0: tun_chr_ioctl cmd 1074025673
[  394.685649][T19936] QAT: failed to copy from user cfg_data.
[  394.773792][T19943] netlink: 'syz.2.3327': attribute type 1 has an invalid length.
[  394.776295][T19943] netlink: 'syz.2.3327': attribute type 1 has an invalid length.
[  394.782165][T19943] netlink: 9172 bytes leftover after parsing attributes in process `syz.2.3327'.
[  395.044727][   T40] audit: type=1804 audit(1776653085.518:7639): pid=19957 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.3330" name="/newroot/77/file0/file0" dev="9p" ino=81264713 res=1 errno=0
[  395.074166][   T40] audit: type=1400 audit(1776653085.548:7640): avc:  denied  { accept } for  pid=19963 comm="syz.6.3332" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  395.438100][T19977] SELinux: failed to load policy
[  395.441020][T19977] netlink: 'syz.6.3337': attribute type 1 has an invalid length.
[  395.472676][T19976] netlink: 'syz.2.3336': attribute type 7 has an invalid length.
[  395.475873][T19976] netlink: 'syz.2.3336': attribute type 7 has an invalid length.
[  395.536174][T19980] syzkaller1: entered promiscuous mode
[  395.541612][T19980] syzkaller1: entered allmulticast mode
[  395.988335][ T6034] usb 13-1: new high-speed USB device number 6 using dummy_hcd
[  396.148954][ T6034] usb 13-1: Using ep0 maxpacket: 32
[  396.154173][ T6034] usb 13-1: config 0 has no interfaces?
[  396.186662][ T6034] usb 13-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  396.196126][ T6034] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.202037][ T6034] usb 13-1: Product: syz
[  396.204295][ T6034] usb 13-1: Manufacturer: syz
[  396.208492][ T6034] usb 13-1: SerialNumber: syz
[  396.227978][ T6034] usb 13-1: config 0 descriptor??
[  396.464115][T19983] kAFS: unable to lookup cell 'syz1'
[  396.467488][  T851] usb 13-1: USB disconnect, device number 6
[  396.512746][   T40] audit: type=1800 audit(1776653086.988:7641): pid=20013 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.2.3348" name="/newroot/80/file0" dev="tmpfs" ino=432 res=0 errno=0
[  396.542731][T20026] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžq
Ó†ØÈÌONEOUT'
[  396.547032][T20026] ALSA: mixer_oss: invalid index 1374389
[  396.604414][T20035] dns_resolver: Unsupported content type (94)
[  397.139482][T20066] __nla_validate_parse: 2 callbacks suppressed
[  397.139497][T20066] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3368'.
[  397.225026][T20075] bridge_slave_0: left allmulticast mode
[  397.227359][T20075] bridge_slave_0: left promiscuous mode
[  397.231210][T20075] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.247855][T20075] bridge_slave_1: left allmulticast mode
[  397.255084][T20075] bridge_slave_1: left promiscuous mode
[  397.258789][T20075] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.267229][T20075] bond0: (slave bond_slave_0): Releasing backup interface
[  397.305143][T20075] bond0: (slave bond_slave_1): Releasing backup interface
[  397.388852][T20083] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3371'.
[  397.396404][T20075] team0: Port device team_slave_0 removed
[  397.413250][T20075] team0: Port device team_slave_1 removed
[  397.415002][T20085] FAULT_INJECTION: forcing a failure.
[  397.415002][T20085] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  397.419035][T20075] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  397.426892][T20075] batman_adv: batadv0: Removing interface: batadv_slave_0
[  397.428304][T20085] CPU: 2 UID: 0 PID: 20085 Comm: syz.7.3374 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  397.428331][T20085] Tainted: [L]=SOFTLOCKUP
[  397.428338][T20085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  397.428349][T20085] Call Trace:
[  397.428356][T20085]  <TASK>
[  397.428363][T20085]  dump_stack_lvl+0x100/0x190
[  397.428390][T20085]  should_fail_ex.cold+0x5/0xa
[  397.428416][T20085]  _copy_from_user+0x2e/0xd0
[  397.428439][T20085]  copy_msghdr_from_user+0x9f/0x4f0
[  397.428538][T20085]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  397.428572][T20085]  ? __pfx__kstrtoull+0x10/0x10
[  397.428601][T20085]  ___sys_sendmsg+0x106/0x1e0
[  397.428628][T20085]  ? __pfx____sys_sendmsg+0x10/0x10
[  397.428663][T20085]  ? find_held_lock+0x2b/0x80
[  397.428696][T20085]  __sys_sendmmsg+0x205/0x430
[  397.428719][T20085]  ? __pfx___sys_sendmmsg+0x10/0x10
[  397.428746][T20085]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  397.428775][T20085]  ? fput+0x79/0x100
[  397.428797][T20085]  ? ksys_write+0x1ac/0x250
[  397.428815][T20085]  ? __pfx_ksys_write+0x10/0x10
[  397.428836][T20085]  __x64_sys_sendmmsg+0x9c/0x100
[  397.428854][T20085]  ? lockdep_hardirqs_on+0x78/0x100
[  397.428882][T20085]  do_syscall_64+0x10b/0xf80
[  397.428897][T20085]  ? clear_bhb_loop+0x40/0x90
[  397.428919][T20085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.428937][T20085] RIP: 0033:0x7fcc4d59c819
[  397.428952][T20085] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  397.428969][T20085] RSP: 002b:00007fcc4e491028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  397.428986][T20085] RAX: ffffffffffffffda RBX: 00007fcc4d815fa0 RCX: 00007fcc4d59c819
[  397.428997][T20085] RDX: 0000000000000001 RSI: 0000200000004040 RDI: 0000000000000004
[  397.429008][T20085] RBP: 00007fcc4e491090 R08: 0000000000000000 R09: 0000000000000000
[  397.429018][T20085] R10: 0000000000040000 R11: 0000000000000246 R12: 0000000000000001
[  397.429028][T20085] R13: 00007fcc4d816038 R14: 00007fcc4d815fa0 R15: 00007ffd0bd12728
[  397.429052][T20085]  </TASK>
[  397.511088][T20075] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  397.514270][T20075] batman_adv: batadv0: Removing interface: batadv_slave_1
[  397.521927][T20075] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  397.539501][T20090] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3375'.
[  397.551632][T20076] team0: Mode changed to "loadbalance"
[  397.619015][T20097] netlink: 'syz.7.3377': attribute type 64 has an invalid length.
[  397.630865][T20097] netlink: 'syz.7.3377': attribute type 4 has an invalid length.
[  397.634113][T20097] netlink: 152 bytes leftover after parsing attributes in process `syz.7.3377'.
[  397.749354][T20103] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  398.050404][T20098] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  398.178445][T20116] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3381'.
[  398.230327][T20120] netlink: 'syz.7.3382': attribute type 1 has an invalid length.
[  398.251065][T20124] FAULT_INJECTION: forcing a failure.
[  398.251065][T20124] name failslab, interval 1, probability 0, space 0, times 0
[  398.270099][T20124] CPU: 1 UID: 0 PID: 20124 Comm: syz.8.3385 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  398.270119][T20124] Tainted: [L]=SOFTLOCKUP
[  398.270123][T20124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  398.270184][T20124] Call Trace:
[  398.270275][T20124]  <TASK>
[  398.270280][T20124]  dump_stack_lvl+0x100/0x190
[  398.270381][T20124]  should_fail_ex.cold+0x5/0xa
[  398.270457][T20124]  ? sock_kmalloc+0x111/0x170
[  398.270511][T20124]  should_failslab+0xc2/0x120
[  398.270596][T20124]  __kmalloc_noprof+0xe0/0x850
[  398.270697][T20124]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  398.270834][T20124]  sock_kmalloc+0x111/0x170
[  398.270850][T20124]  hash_alloc_result+0xd7/0x150
[  398.270881][T20124]  hash_sendmsg+0x6d4/0x10a0
[  398.270897][T20124]  ____sys_sendmsg+0x9e1/0xb70
[  398.270913][T20124]  ? __pfx_hash_sendmsg+0x10/0x10
[  398.270925][T20124]  ? __pfx_____sys_sendmsg+0x10/0x10
[  398.270943][T20124]  ? __pfx__kstrtoull+0x10/0x10
[  398.270962][T20124]  ___sys_sendmsg+0x190/0x1e0
[  398.270979][T20124]  ? __pfx____sys_sendmsg+0x10/0x10
[  398.271002][T20124]  ? find_held_lock+0x2b/0x80
[  398.271021][T20124]  __sys_sendmmsg+0x205/0x430
[  398.271035][T20124]  ? __pfx___sys_sendmmsg+0x10/0x10
[  398.271051][T20124]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  398.271109][T20124]  ? fput+0x79/0x100
[  398.271187][T20124]  ? ksys_write+0x1ac/0x250
[  398.271198][T20124]  ? __pfx_ksys_write+0x10/0x10
[  398.271212][T20124]  __x64_sys_sendmmsg+0x9c/0x100
[  398.271224][T20124]  ? lockdep_hardirqs_on+0x78/0x100
[  398.271243][T20124]  do_syscall_64+0x10b/0xf80
[  398.271253][T20124]  ? clear_bhb_loop+0x40/0x90
[  398.271267][T20124]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.271279][T20124] RIP: 0033:0x7f1530f9c819
[  398.271290][T20124] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  398.271301][T20124] RSP: 002b:00007f1531da2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  398.271313][T20124] RAX: ffffffffffffffda RBX: 00007f1531215fa0 RCX: 00007f1530f9c819
[  398.271320][T20124] RDX: 0000000000000001 RSI: 0000200000004040 RDI: 0000000000000004
[  398.271330][T20124] RBP: 00007f1531da2090 R08: 0000000000000000 R09: 0000000000000000
[  398.271337][T20124] R10: 0000000000040000 R11: 0000000000000246 R12: 0000000000000001
[  398.271344][T20124] R13: 00007f1531216038 R14: 00007f1531215fa0 R15: 00007ffd3857e5a8
[  398.271395][T20124]  </TASK>
[  398.772099][T20150] netlink: 'syz.8.3394': attribute type 1 has an invalid length.
[  398.777850][T20150] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3394'.
[  398.807571][T20155] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3395'.
[  398.949983][T20163] FAULT_INJECTION: forcing a failure.
[  398.949983][T20163] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  398.954039][T20163] CPU: 1 UID: 0 PID: 20163 Comm: syz.7.3398 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  398.954056][T20163] Tainted: [L]=SOFTLOCKUP
[  398.954060][T20163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  398.954068][T20163] Call Trace:
[  398.954073][T20163]  <TASK>
[  398.954078][T20163]  dump_stack_lvl+0x100/0x190
[  398.954110][T20163]  should_fail_ex.cold+0x5/0xa
[  398.954129][T20163]  _copy_to_user+0x32/0xd0
[  398.954143][T20163]  simple_read_from_buffer+0xcb/0x170
[  398.954222][T20163]  proc_fail_nth_read+0x1af/0x230
[  398.954309][T20163]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  398.954329][T20163]  ? rw_verify_area+0xce/0x6d0
[  398.954346][T20163]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  398.954364][T20163]  vfs_read+0x1e4/0xb30
[  398.954378][T20163]  ? __pfx_vfs_read+0x10/0x10
[  398.954388][T20163]  ? __fget_files+0x215/0x3d0
[  398.954409][T20163]  ? __fget_files+0x21f/0x3d0
[  398.954426][T20163]  ksys_read+0x12a/0x250
[  398.954436][T20163]  ? __pfx_ksys_read+0x10/0x10
[  398.954449][T20163]  ? rcu_is_watching+0x12/0xc0
[  398.954600][T20163]  do_syscall_64+0x10b/0xf80
[  398.954611][T20163]  ? clear_bhb_loop+0x40/0x90
[  398.954625][T20163]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.954637][T20163] RIP: 0033:0x7fcc4d55d04e
[  398.954646][T20163] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  398.954657][T20163] RSP: 002b:00007fcc4e490fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  398.954669][T20163] RAX: ffffffffffffffda RBX: 00007fcc4e4916c0 RCX: 00007fcc4d55d04e
[  398.954676][T20163] RDX: 000000000000000f RSI: 00007fcc4e4910a0 RDI: 0000000000000005
[  398.954682][T20163] RBP: 00007fcc4e491090 R08: 0000000000000000 R09: 0000000000000000
[  398.954689][T20163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.954695][T20163] R13: 00007fcc4d816038 R14: 00007fcc4d815fa0 R15: 00007ffd0bd12728
[  398.954710][T20163]  </TASK>
[  399.007975][T20164] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  399.027695][T20164] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  399.115044][   T40] audit: type=1400 audit(1776653089.588:7642): avc:  denied  { ioctl } for  pid=20169 comm="syz.8.3401" path="socket:[97439]" dev="sockfs" ino=97439 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  399.248554][T20172] sp0: Synchronizing with TNC
[  399.306625][T20184] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3404'.
[  399.661666][   T62] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  399.773333][T20216] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3413'.
[  399.875773][T20227] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3418'.
[  400.035715][T20239] ip6gre1: entered promiscuous mode
[  400.037714][T20239] ip6gre1: entered allmulticast mode
[  400.166705][T20248] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57886 sclass=netlink_route_socket pid=20248 comm=syz.7.3425
[  400.267626][T20260] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  400.271030][T20260] SELinux: failed to load policy
[  400.272203][T20263] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0
[  400.681332][T20282] netlink: 'syz.8.3434': attribute type 4 has an invalid length.
[  401.018441][   T40] audit: type=1400 audit(1776653091.488:7643): avc:  denied  { create } for  pid=20291 comm="syz.7.3438" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  401.089862][T20297] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  401.327920][T20307] kAFS: unable to lookup cell '1'
[  401.618634][   T40] audit: type=1326 audit(1776653092.098:7644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20284 comm="syz.8.3435" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1530f9c819 code=0x7fc00000
[  401.629135][   T40] audit: type=1326 audit(1776653092.098:7645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20284 comm="syz.8.3435" exe="/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f1530f9c819 code=0x7fc00000
[  401.648311][   T40] audit: type=1326 audit(1776653092.098:7646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20284 comm="syz.8.3435" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1530f9c819 code=0x7fc00000
[  401.660420][   T40] audit: type=1326 audit(1776653092.098:7647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20284 comm="syz.8.3435" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1530f9c819 code=0x7fc00000
[  401.678284][   T40] audit: type=1326 audit(1776653092.098:7648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20284 comm="syz.8.3435" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1530f9c819 code=0x7fc00000
[  402.240801][T20334] wlan0 speed is unknown, defaulting to 1000
[  402.330739][T20334] wg1 speed is unknown, defaulting to 1000
[  402.624605][T20349] netlink: 'syz.8.3455': attribute type 1 has an invalid length.
[  402.649547][T20349] 8021q: adding VLAN 0 to HW filter on device bond1
[  402.680579][T20349] bond1: (slave veth5): Enslaving as an active interface with a down link
[  402.690992][T20349] 8021q: adding VLAN 0 to HW filter on device batadv1
[  402.693322][T20349] bond1: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[  402.812162][   T40] audit: type=1326 audit(1776653093.288:7649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20351 comm="syz.6.3456" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc657b9c819 code=0x0
[  402.850347][T20356] __nla_validate_parse: 5 callbacks suppressed
[  402.850360][T20356] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3458'.
[  402.864418][T20356] hsr_slave_1 (unregistering): left promiscuous mode
[  403.286685][T20372] 9pnet_virtio: no channels available for device syz
[  403.672731][T20384] netlink: 'syz.8.3472': attribute type 12 has an invalid length.
[  404.034595][T20391] netlink: 'syz.6.3474': attribute type 21 has an invalid length.
[  404.043536][T20391] netlink: 'syz.6.3474': attribute type 6 has an invalid length.
[  404.045998][T20391] netlink: 132 bytes leftover after parsing attributes in process `syz.6.3474'.
[  404.057229][T20391] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3474'.
[  404.162090][T20400] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3476'.
[  404.445728][T20412] xt_hashlimit: size too large, truncated to 1048576
[  404.555383][T20418] ptrace attach of "/syz-executor exec"[20421] was attempted by "/syz-executor exec"[20418]
[  404.562539][T20422] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.3483'.
[  404.764014][T20439] overlayfs: failed to resolve 'euid<00000000000000000000': -2
[  404.770298][T20439] overlay: Bad value for 'index'
[  404.870139][   T62] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  405.042453][T20459] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  405.044826][T20459] IPv6: NLM_F_CREATE should be set when creating new route
[  405.530334][T20484] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20484 comm=syz.8.3504
[  405.535456][T20485] netlink: 'syz.8.3504': attribute type 9 has an invalid length.
[  405.538087][T20484] netlink: 'syz.8.3504': attribute type 9 has an invalid length.
[  405.905371][T20509] binder: 20508:20509 ioctl c0306201 2000000004c0 returned -14
[  406.106539][T20517] sp0: Synchronizing with TNC
[  406.378759][  T851] usb 11-1: new high-speed USB device number 35 using dummy_hcd
[  406.550051][  T851] usb 11-1: config index 0 descriptor too short (expected 39, got 27)
[  406.552851][  T851] usb 11-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  406.557372][  T851] usb 11-1: config 0 interface 0 has no altsetting 0
[  406.564105][  T851] usb 11-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  406.569070][  T851] usb 11-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  406.572656][  T851] usb 11-1: Product: syz
[  406.575141][  T851] usb 11-1: Manufacturer: syz
[  406.577752][  T851] usb 11-1: SerialNumber: syz
[  406.621767][  T851] usb 11-1: config 0 descriptor??
[  406.629921][  T851] hub 11-1:0.0: bad descriptor, ignoring hub
[  406.633706][  T851] hub 11-1:0.0: probe with driver hub failed with error -5
[  406.645410][  T851] usb 11-1: selecting invalid altsetting 0
[  406.985636][T20539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  407.005829][T20539] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.045258][T20517] netlink: 6 bytes leftover after parsing attributes in process `syz.6.3514'.
[  407.058526][ T6017] usb 12-1: new high-speed USB device number 7 using dummy_hcd
[  407.141810][T11860] usb 11-1: USB disconnect, device number 35
[  407.219493][ T6017] usb 12-1: Using ep0 maxpacket: 32
[  407.228504][ T6017] usb 12-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  407.234276][ T6017] usb 12-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  407.240410][ T6017] usb 12-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  407.247999][ T6017] usb 12-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  407.254096][ T6017] usb 12-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  407.257059][ T6017] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.262401][ T6017] usb 12-1: Product: syz
[  407.263829][ T6017] usb 12-1: Manufacturer: syz
[  407.265594][ T6017] usb 12-1: SerialNumber: syz
[  407.283226][    C1] imon 12-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  407.297916][ T6017] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:155.0/input/input35
[  407.504088][ T6017] imon 12-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  407.510035][ T6017]  (id 0x00)
[  407.558543][ T6017] rc_core: IR keymap rc-imon-pad not found
[  407.560482][ T6017] Registered IR keymap rc-empty
[  407.562083][ T6017] imon 12-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  407.565250][ T6017] imon 12-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  407.720201][ T6017] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:155.0/rc/rc0
[  407.727351][ T6017] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:155.0/rc/rc0/input36
[  407.737500][ T6017] imon 12-1:155.0: iMON device (15c2:ffdc, intf0) on usb<12:7> initialized
[  407.903124][ T6034] usb 12-1: USB disconnect, device number 7
[  408.099708][T20565] futex_wake_op: syz.6.3529 tries to shift op by 32; fix this program
[  408.571220][T20587] netlink: 'syz.8.3538': attribute type 13 has an invalid length.
[  408.628493][T20587] netlink: 48 bytes leftover after parsing attributes in process `syz.8.3538'.
[  408.751304][T20594] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3540'.
[  408.828573][ T1164] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  408.834483][T20609] netlink: 'syz.2.3544': attribute type 2 has an invalid length.
[  408.857548][T20609] netlink: 'syz.2.3544': attribute type 1 has an invalid length.
[  409.656550][T20643] UBIFS error (pid: 20643): cannot open "c:::", error -22
[  409.689639][T20642] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3554'.
[  409.762316][T20651] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3558'.
[  409.808185][T20654] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  409.867085][T20659] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20659 comm=syz.7.3559
[  410.097168][T20670] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3565'.
[  410.120052][   T40] audit: type=1400 audit(1776653356.599:7650): avc:  denied  { getopt } for  pid=20671 comm="syz.6.3564" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  410.176400][   T62] Bluetooth: hci3: unexpected event for opcode 0x2035
[  410.213038][T20672] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3564'.
[  410.479070][T20691] comedi comedi1: pcl816: I/O port conflict (0x20000,16)
[  411.127701][T20713] overlayfs: unescaped trailing colons in lowerdir mount option.
[  411.138542][T20715] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3580'.
[  411.313753][T20720] netlink: 3852 bytes leftover after parsing attributes in process `syz.6.3582'.
[  411.446213][T20731] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3585'.
[  411.656638][T20744] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3589'.
[  411.772744][T20738] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  411.805033][T20738] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  411.811225][T20738] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  411.818332][T20738] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  412.190131][  T851] usb 11-1: new low-speed USB device number 36 using dummy_hcd
[  412.190571][T20768] overlayfs: empty lowerdir
[  412.360155][  T851] usb 11-1: Invalid ep0 maxpacket: 32
[  412.371371][T20774] netlink: 'syz.7.3599': attribute type 4 has an invalid length.
[  412.488546][  T851] usb 11-1: new low-speed USB device number 37 using dummy_hcd
[  412.638358][  T851] usb 11-1: Invalid ep0 maxpacket: 32
[  412.642364][  T851] usb usb11-port1: attempt power cycle
[  412.988621][  T851] usb 11-1: new low-speed USB device number 38 using dummy_hcd
[  412.996034][T20795] 8021q: adding VLAN 0 to HW filter on device bond2
[  413.009905][T20795] ipvlan2: entered allmulticast mode
[  413.011631][T20795] bond2: entered allmulticast mode
[  413.015344][T20795] program syz.8.3605 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  413.019432][  T851] usb 11-1: Invalid ep0 maxpacket: 32
[  413.021726][T20795] ata1.00: invalid transfer count 0
[  413.022998][T20805] ufs: You didn't specify the type of your ufs filesystem
[  413.022998][T20805] 
[  413.022998][T20805] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  413.022998][T20805] 
[  413.022998][T20805] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  413.031136][T20795] bridge3: entered allmulticast mode
[  413.035451][T20795] bond2: (slave bridge3): Enslaving as an active interface with an up link
[  413.079206][T20805] ufs: ufstype=old is supported read-only
[  413.081567][T20809] tipc: Started in network mode
[  413.082497][T20805] ufs: ufs_fill_super(): bad magic number
[  413.083364][T20809] tipc: Node identity ac141424, cluster identity 4711
[  413.101025][T20809] tipc: New replicast peer: 10.1.1.0
[  413.103866][T20809] tipc: Enabled bearer <udp:syz1>, priority 10
[  413.114465][   T40] audit: type=1400 audit(1776653359.589:7651): avc:  denied  { module_load } for  pid=20808 comm="syz.8.3610" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  413.114537][T20809] Invalid ELF header type: 47786 != 1
[  413.158420][  T851] usb 11-1: new low-speed USB device number 39 using dummy_hcd
[  413.190343][  T851] usb 11-1: Invalid ep0 maxpacket: 32
[  413.193241][  T851] usb usb11-port1: unable to enumerate USB device
[  413.760882][   T62] Bluetooth: unknown link type 49
[  413.766710][   T62] Bluetooth: hci1: connection err: -111
[  413.769244][ T5950] Bluetooth: hci2: command 0x0c1a tx timeout
[  413.848866][   T62] Bluetooth: hci3: command 0x0c1a tx timeout
[  413.848945][ T5950] Bluetooth: hci4: command 0x0c1a tx timeout
[  413.850920][   T62] Bluetooth: hci1: command 0x0c1a tx timeout
[  413.891787][T20834] veth0_vlan: entered allmulticast mode
[  413.953073][T20834] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  414.117123][ T6017] tipc: Node number set to 2886997028
[  414.588315][T17882] usb 13-1: new high-speed USB device number 7 using dummy_hcd
[  414.738611][T17882] usb 13-1: Using ep0 maxpacket: 8
[  414.741792][T17882] usb 13-1: config index 0 descriptor too short (expected 301, got 45)
[  414.746251][T17882] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  414.752089][T17882] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  414.757731][T17882] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  414.763542][T17882] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  414.777953][T17882] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  414.781202][T17882] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.015981][T20840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.021878][T20840] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.030909][T20843] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.036075][T20843] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.046693][T17882] usb 13-1: usb_control_msg returned -32
[  415.051741][T17882] usbtmc 13-1:16.0: can't read capabilities
[  415.140751][T20842] bridge0: port 2(bridge_slave_1) entered disabled state
[  415.143427][T20842] bridge0: port 1(bridge_slave_0) entered disabled state
[  415.249354][ T6045] usb 13-1: USB disconnect, device number 7
[  415.307388][ T2147] block nbd0: Possible stuck request ffff8880295e7000: control (read@0,1024B). Runtime 240 seconds
[  415.312169][ T2147] block nbd0: Possible stuck request ffff8880295e71c0: control (read@1024,1024B). Runtime 240 seconds
[  415.316451][ T2147] block nbd0: Possible stuck request ffff8880295e7380: control (read@2048,1024B). Runtime 240 seconds
[  415.323302][ T2147] block nbd0: Possible stuck request ffff8880295e7540: control (read@3072,1024B). Runtime 240 seconds
[  415.532478][T20852] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2570 sclass=netlink_route_socket pid=20852 comm=syz.2.3621
[  415.577719][T20842] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  415.587782][T20842] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  415.899952][T20863] __nla_validate_parse: 2 callbacks suppressed
[  415.899967][T20863] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3622'.
[  415.950781][T20861] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20861 comm=syz.7.3622
[  416.269778][T20860] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3622'.
[  416.277583][T20860] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3622'.
[  416.286140][T20860] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20860 comm=syz.7.3622
[  416.779245][T20871] netlink: 'syz.2.3625': attribute type 1 has an invalid length.
[  416.784024][T20871] netlink: 'syz.2.3625': attribute type 1 has an invalid length.
[  416.787199][T20871] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  416.828619][T20878] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  416.843094][T20878] romfs: unable to set blocksize
[  416.843094][T20878] 
[  416.927825][T20880] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  416.939169][T20878] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  417.208443][ T6034] usb 13-1: new high-speed USB device number 8 using dummy_hcd
[  417.371834][ T6034] usb 13-1: Using ep0 maxpacket: 8
[  417.375886][ T6034] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  417.380832][ T6034] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  417.385144][ T6034] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  417.389420][ T6034] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  417.395002][ T6034] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  417.398837][ T6034] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.433312][ T1161] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  417.438619][ T1161] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  417.453440][T20887] pimreg: tun_chr_ioctl cmd 1074025677
[  417.462901][T20887] pimreg: linktype set to 825
[  417.467491][ T1161] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  417.475767][ T1161] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  417.607012][ T6034] usb 13-1: GET_CAPABILITIES returned 0
[  417.608935][ T6034] usbtmc 13-1:16.0: can't read capabilities
[  417.828763][ T6034] usb 13-1: USB disconnect, device number 8
[  418.071688][T20901] netlink: 'syz.6.3634': attribute type 3 has an invalid length.
[  418.074367][T20901] netlink: 'syz.6.3634': attribute type 1 has an invalid length.
[  418.077548][T20901] netlink: 228 bytes leftover after parsing attributes in process `syz.6.3634'.
[  418.085710][T20901] netlink: 'syz.6.3634': attribute type 3 has an invalid length.
[  418.088626][T20901] netlink: 'syz.6.3634': attribute type 1 has an invalid length.
[  418.091233][T20901] netlink: 228 bytes leftover after parsing attributes in process `syz.6.3634'.
[  418.150184][T20907] netlink: 'syz.6.3635': attribute type 1 has an invalid length.
[  418.178742][T20907] bond2: entered promiscuous mode
[  418.182862][T20907] bond2: entered allmulticast mode
[  418.184855][T20907] 8021q: adding VLAN 0 to HW filter on device bond2
[  418.194963][T20907] erspan1: entered allmulticast mode
[  418.441414][T20915] netlink: 'syz.8.3638': attribute type 11 has an invalid length.
[  418.444032][T20915] netlink: 44 bytes leftover after parsing attributes in process `syz.8.3638'.
[  418.457561][T20919] 8021q: adding VLAN 0 to HW filter on device bond2
[  418.465716][T20915] binder: BINDER_SET_CONTEXT_MGR already set
[  418.467787][T20915] binder: 20914:20915 ioctl 4018620d 200000001000 returned -16
[  419.175304][T20936] fuse: Bad value for 'fd'
[  421.238965][T20930] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  421.241060][T20930] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  421.247130][T20930] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  421.249475][T20930] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  421.309036][T20914] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  421.400784][T20966] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  421.445144][T20977] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3660'.
[  421.521999][T20984] kernel profiling enabled (shift: 63)
[  421.538168][T20984] profiling shift: 63 too large
[  421.546225][T20987] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[  421.701520][T20997] xt_policy: input policy not valid in POSTROUTING and OUTPUT
[  421.757525][T21000] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3669'.
[  421.845244][T21008] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3671'.
[  421.848407][T21008] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3671'.
[  422.427839][T21013] xt_hashlimit: size too large, truncated to 1048576
[  422.457574][T21016] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3674'.
[  422.590447][ T6035] libceph: connect (1)[c::]:6789 error -101
[  422.592693][ T6035] libceph: mon0 (1)[c::]:6789 connect error
[  422.650386][   T24] libceph: connect (1)[c::]:6789 error -101
[  422.652677][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  422.695265][   T40] audit: type=1400 audit(1776653369.169:7652): avc:  denied  { create } for  pid=21019 comm="syz.6.3675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  422.848478][ T6035] libceph: connect (1)[c::]:6789 error -101
[  422.850524][ T6035] libceph: mon0 (1)[c::]:6789 connect error
[  422.908557][   T24] libceph: connect (1)[c::]:6789 error -101
[  422.911639][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  422.963739][   T40] audit: type=1400 audit(1776653369.439:7653): avc:  denied  { create } for  pid=21034 comm="syz.7.3677" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  423.025030][T21038] netlink: 40 bytes leftover after parsing attributes in process `syz.7.3678'.
[  423.288587][T20832] Bluetooth: hci3: command 0x0c1a tx timeout
[  423.288643][T19593] Bluetooth: hci1: command 0x0c1a tx timeout
[  423.291601][T20832] Bluetooth: hci4: command 0x0c1a tx timeout
[  423.293635][T19593] Bluetooth: hci2: command 0x0c1a tx timeout
[  423.358688][ T6035] libceph: connect (1)[c::]:6789 error -101
[  423.362329][ T6035] libceph: mon0 (1)[c::]:6789 connect error
[  423.420554][   T24] libceph: connect (1)[c::]:6789 error -101
[  423.423789][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  423.536558][T21044] Bluetooth: hci0: command 0x1003 tx timeout
[  423.537348][   T62] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  423.975347][   T40] audit: type=1800 audit(1776653370.449:7654): pid=21054 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.8.3683" name="/newroot/193/file0" dev="tmpfs" ino=1017 res=0 errno=0
[  424.653334][   T24] libceph: connect (1)[c::]:6789 error -101
[  424.656187][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  424.728591][T17882] libceph: connect (1)[c::]:6789 error -101
[  424.730670][T17882] libceph: mon0 (1)[c::]:6789 connect error
[  425.577545][T21020] ceph: No mds server is up or the cluster is laggy
[  425.577568][T21025] ceph: No mds server is up or the cluster is laggy
[  425.643973][T11860] libceph: connect (1)[c::]:6789 error -101
[  425.646676][T11860] libceph: mon0 (1)[c::]:6789 connect error
[  426.000151][T21055] netlink: 'syz.2.3684': attribute type 4 has an invalid length.
[  426.196086][T21059] kthread_run failed with err -4
[  426.666110][T21096] bridge0: port 3(ipvlan2) entered blocking state
[  426.671955][T21096] bridge0: port 3(ipvlan2) entered disabled state
[  426.676942][T21096] ipvlan2: entered allmulticast mode
[  426.683166][T21096] bridge0: entered allmulticast mode
[  426.696358][T21096] ipvlan2: left allmulticast mode
[  426.701225][T21096] bridge0: left allmulticast mode
[  427.254760][T21100] tmpfs: Bad value for 'mpol'
[  427.268632][T21102] netlink: 112 bytes leftover after parsing attributes in process `syz.8.3698'.
[  427.307220][T21109] netlink: 'syz.8.3700': attribute type 1 has an invalid length.
[  427.311084][T21110] netlink: 'syz.8.3700': attribute type 1 has an invalid length.
[  427.326423][T21109] 8021q: adding VLAN 0 to HW filter on device bond3
[  427.363770][T21110] bond3: (slave veth9): Enslaving as an active interface with a down link
[  427.368879][T21112] tipc: Enabling <eth:lo> not permitted
[  427.370712][T21112] tipc: Enabling of bearer <eth:lo> rejected, failed to enable media
[  427.400821][T21109] 8021q: adding VLAN 0 to HW filter on device batadv1
[  427.404180][T21114] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3701'.
[  427.410871][T21109] bond3: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[  427.492622][T21118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3703'.
[  427.499073][T21118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3703'.
[  427.502323][T21118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3703'.
[  427.505232][T21118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3703'.
[  427.508185][T21118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3703'.
[  427.511747][T21118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3703'.
[  427.514719][T21118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3703'.
[  427.517632][T21118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3703'.
[  427.634032][T21131] bond3: option xmit_hash_policy: invalid value (6)
[  427.649356][T21131] bond3 (unregistering): Released all slaves
[  427.980572][T21143] hugetlbfs: Bad value for 'uid'
[  427.982220][T21143] hugetlbfs: Bad value for 'uid'
[  428.243245][T21157] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  428.245332][T21157] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  428.249125][T21157] vhci_hcd vhci_hcd.0: Device attached
[  428.254628][T21157] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(7)
[  428.256715][T21157] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  428.261052][T21157] vhci_hcd vhci_hcd.0: Device attached
[  428.265798][T21166] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(14)
[  428.267908][T21166] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  428.271577][T21157] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(10)
[  428.273692][T21157] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  428.276199][T21166] vhci_hcd vhci_hcd.0: Device attached
[  428.279187][T21157] vhci_hcd vhci_hcd.0: Device attached
[  428.292858][T21168] vhci_hcd: connection closed
[  428.292891][T21169] vhci_hcd: connection closed
[  428.293133][  T105] vhci_hcd vhci_hcd.2: stop threads
[  428.294448][T21164] vhci_hcd: connection closed
[  428.295167][T21160] vhci_hcd: connection closed
[  428.302578][  T105] vhci_hcd vhci_hcd.2: release socket
[  428.310721][  T105] vhci_hcd vhci_hcd.2: disconnect device
[  428.312918][  T105] vhci_hcd vhci_hcd.2: stop threads
[  428.314585][  T105] vhci_hcd vhci_hcd.2: release socket
[  428.316848][   T40] audit: type=1804 audit(1776653374.789:7655): pid=21173 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.7.3718" name="/newroot/172/file0" dev="tmpfs" ino=910 res=1 errno=0
[  428.318593][  T105] vhci_hcd vhci_hcd.2: disconnect device
[  428.322433][T21175] binder: BINDER_SET_CONTEXT_MGR already set
[  428.322481][T21175] binder: 21172:21175 ioctl 4018620d 200000000100 returned -16
[  428.339154][  T105] vhci_hcd vhci_hcd.2: stop threads
[  428.340903][  T105] vhci_hcd vhci_hcd.2: release socket
[  428.344899][  T105] vhci_hcd vhci_hcd.2: disconnect device
[  428.348447][  T105] vhci_hcd vhci_hcd.2: stop threads
[  428.350148][  T105] vhci_hcd vhci_hcd.2: release socket
[  428.354813][  T105] vhci_hcd vhci_hcd.2: disconnect device
[  428.911538][T21209] netlink: 'syz.6.3728': attribute type 21 has an invalid length.
[  428.918960][T21209] netlink: 'syz.6.3728': attribute type 4 has an invalid length.
[  428.922301][T21209] netlink: 'syz.6.3728': attribute type 5 has an invalid length.
[  429.271562][T21231] ptrace attach of "/syz-executor exec"[18559] was attempted by ""[21231]
[  429.582654][T21251] x_tables: arp_tables: NFQUEUE target: not valid for this family
[  429.688345][T17882] usb 7-1: new low-speed USB device number 22 using dummy_hcd
[  429.793118][   T40] audit: type=1400 audit(1776653376.269:7656): avc:  denied  { shutdown } for  pid=21258 comm="syz.8.3746" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  429.794086][T21259] fuse: Unknown parameter '000000000000000000050x0000000000000007'
[  429.841154][T17882] usb 7-1: config index 0 descriptor too short (expected 1307, got 27)
[  429.843976][T17882] usb 7-1: config 0 has an invalid interface number: 0 but max is -1
[  429.848523][T17882] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 0
[  429.852500][T17882] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  429.858187][T17882] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  429.862901][T17882] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  429.868259][T17882] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  429.886378][T17882] usb 7-1: string descriptor 0 read error: -22
[  429.891219][T17882] usb 7-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  429.894179][T17882] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.898962][T17882] usb 7-1: config 0 descriptor??
[  429.905382][T17882] hub 7-1:0.0: bad descriptor, ignoring hub
[  429.907422][T17882] hub 7-1:0.0: probe with driver hub failed with error -5
[  429.916511][T17882] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input39
[  429.925453][   T40] audit: type=1326 audit(1776653376.399:7657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21258 comm="syz.8.3746" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1530f9c819 code=0x0
[  430.104835][T21264] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  430.109452][T21264] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  430.192184][ T6035] usb 7-1: USB disconnect, device number 22
[  430.490573][T21286] genirq: Flags mismatch irq 4. 00200000 (pcl818) vs. 00200080 (ttyS0)
[  431.996106][T21311] FAULT_INJECTION: forcing a failure.
[  431.996106][T21311] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  432.003645][T21311] CPU: 2 UID: 0 PID: 21311 Comm: syz.2.3764 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  432.003665][T21311] Tainted: [L]=SOFTLOCKUP
[  432.003669][T21311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  432.003739][T21311] Call Trace:
[  432.003838][T21311]  <TASK>
[  432.003843][T21311]  dump_stack_lvl+0x100/0x190
[  432.003952][T21311]  should_fail_ex.cold+0x5/0xa
[  432.004081][T21311]  _copy_from_user+0x2e/0xd0
[  432.004106][T21311]  ucma_write+0x128/0x330
[  432.004182][T21311]  ? __pfx_ucma_write+0x10/0x10
[  432.004197][T21311]  ? bpf_lsm_file_permission+0x9/0x10
[  432.004264][T21311]  ? security_file_permission+0x76/0x210
[  432.004278][T21311]  ? rw_verify_area+0xce/0x6d0
[  432.004349][T21311]  vfs_write+0x2aa/0x1070
[  432.004361][T21311]  ? __pfx_ucma_write+0x10/0x10
[  432.004376][T21311]  ? __pfx_vfs_write+0x10/0x10
[  432.004387][T21311]  ? find_held_lock+0x2b/0x80
[  432.004453][T21311]  ? __fget_files+0x215/0x3d0
[  432.004514][T21311]  ? __fget_files+0x215/0x3d0
[  432.004529][T21311]  ? __fget_files+0x21f/0x3d0
[  432.004547][T21311]  ksys_write+0x1f8/0x250
[  432.004558][T21311]  ? __pfx_ksys_write+0x10/0x10
[  432.004570][T21311]  ? rcu_is_watching+0x12/0xc0
[  432.004640][T21311]  do_syscall_64+0x10b/0xf80
[  432.004694][T21311]  ? clear_bhb_loop+0x40/0x90
[  432.004708][T21311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.004720][T21311] RIP: 0033:0x7f599519c819
[  432.004731][T21311] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  432.004742][T21311] RSP: 002b:00007f59960bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  432.004754][T21311] RAX: ffffffffffffffda RBX: 00007f5995415fa0 RCX: 00007f599519c819
[  432.004761][T21311] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 0000000000000003
[  432.004767][T21311] RBP: 00007f59960bb090 R08: 0000000000000000 R09: 0000000000000000
[  432.004774][T21311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  432.004780][T21311] R13: 00007f5995416038 R14: 00007f5995415fa0 R15: 00007ffe07b35ab8
[  432.004836][T21311]  </TASK>
[  432.162388][T21316] could not allocate digest TFM handle sha384-ssse3
[  432.512219][T21341] comedi comedi1: aio_aio12_8: I/O port conflict (0xc,32)
[  432.651031][T21353] FAULT_INJECTION: forcing a failure.
[  432.651031][T21353] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  432.655337][T21353] CPU: 0 UID: 0 PID: 21353 Comm: syz.8.3775 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  432.655356][T21353] Tainted: [L]=SOFTLOCKUP
[  432.655360][T21353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  432.655367][T21353] Call Trace:
[  432.655373][T21353]  <TASK>
[  432.655378][T21353]  dump_stack_lvl+0x100/0x190
[  432.655397][T21353]  should_fail_ex.cold+0x5/0xa
[  432.655415][T21353]  _copy_from_user+0x2e/0xd0
[  432.655429][T21353]  ucma_resolve_addr+0xa0/0x270
[  432.655447][T21353]  ? __pfx_ucma_resolve_addr+0x10/0x10
[  432.655482][T21353]  ? __pfx_ucma_resolve_addr+0x10/0x10
[  432.655498][T21353]  ucma_write+0x1fb/0x330
[  432.655513][T21353]  ? __pfx_ucma_write+0x10/0x10
[  432.655527][T21353]  ? bpf_lsm_file_permission+0x9/0x10
[  432.655545][T21353]  ? security_file_permission+0x76/0x210
[  432.655559][T21353]  ? rw_verify_area+0xce/0x6d0
[  432.655577][T21353]  vfs_write+0x2aa/0x1070
[  432.655589][T21353]  ? __pfx_ucma_write+0x10/0x10
[  432.655605][T21353]  ? __pfx_vfs_write+0x10/0x10
[  432.655615][T21353]  ? find_held_lock+0x2b/0x80
[  432.655626][T21353]  ? __fget_files+0x215/0x3d0
[  432.655639][T21353]  ? __fget_files+0x215/0x3d0
[  432.655676][T21353]  ? __fget_files+0x21f/0x3d0
[  432.655692][T21353]  ksys_write+0x1f8/0x250
[  432.655703][T21353]  ? __pfx_ksys_write+0x10/0x10
[  432.655716][T21353]  ? rcu_is_watching+0x12/0xc0
[  432.655736][T21353]  do_syscall_64+0x10b/0xf80
[  432.655747][T21353]  ? clear_bhb_loop+0x40/0x90
[  432.655760][T21353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.655772][T21353] RIP: 0033:0x7f1530f9c819
[  432.655782][T21353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  432.655792][T21353] RSP: 002b:00007f1531da2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  432.655804][T21353] RAX: ffffffffffffffda RBX: 00007f1531215fa0 RCX: 00007f1530f9c819
[  432.655811][T21353] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 0000000000000003
[  432.655818][T21353] RBP: 00007f1531da2090 R08: 0000000000000000 R09: 0000000000000000
[  432.655825][T21353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  432.655831][T21353] R13: 00007f1531216038 R14: 00007f1531215fa0 R15: 00007ffd3857e5a8
[  432.655845][T21353]  </TASK>
[  432.811302][T21359] ucma_write: process 516 (syz.7.3777) changed security contexts after opening file descriptor, this is not allowed.
[  432.816067][   T62] Bluetooth: hci3: unknown advertising packet type: 0x82
[  432.816129][   T62] Bluetooth: hci3: Dropping invalid advertising data
[  432.829117][   T62] Bluetooth: hci3: Malformed LE Event: 0x02
[  432.829469][T21360] ubi31: detaching mtd0
[  432.845070][T21360] ubi31: mtd0 is detached
[  433.060322][T21366] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  433.068269][T21366] block device autoloading is deprecated and will be removed.
[  433.209764][T21368] __nla_validate_parse: 37 callbacks suppressed
[  433.209833][T21368] netlink: 212368 bytes leftover after parsing attributes in process `syz.8.3780'.
[  434.296842][T21368] erspan1: left promiscuous mode
[  434.299612][T21368] macsec1: left promiscuous mode
[  434.306704][   T13] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  434.310023][   T13] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  434.313456][   T13] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  434.317170][   T13] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  435.272694][T21323] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  435.341470][T21379] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3786'.
[  435.361956][T21379] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3786'.
[  435.406429][T21386] FAULT_INJECTION: forcing a failure.
[  435.406429][T21386] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  435.411653][T21386] CPU: 0 UID: 0 PID: 21386 Comm: syz.2.3787 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  435.411671][T21386] Tainted: [L]=SOFTLOCKUP
[  435.411675][T21386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  435.411682][T21386] Call Trace:
[  435.411687][T21386]  <TASK>
[  435.411691][T21386]  dump_stack_lvl+0x100/0x190
[  435.411710][T21386]  should_fail_ex.cold+0x5/0xa
[  435.411728][T21386]  _copy_to_user+0x32/0xd0
[  435.411742][T21386]  simple_read_from_buffer+0xcb/0x170
[  435.411757][T21386]  proc_fail_nth_read+0x1af/0x230
[  435.411863][T21386]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  435.411884][T21386]  ? rw_verify_area+0xce/0x6d0
[  435.411901][T21386]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  435.411920][T21386]  vfs_read+0x1e4/0xb30
[  435.411933][T21386]  ? __pfx_vfs_read+0x10/0x10
[  435.411943][T21386]  ? __fget_files+0x215/0x3d0
[  435.411964][T21386]  ? __fget_files+0x21f/0x3d0
[  435.411992][T21386]  ksys_read+0x12a/0x250
[  435.412007][T21386]  ? __pfx_ksys_read+0x10/0x10
[  435.412024][T21386]  ? rcu_is_watching+0x12/0xc0
[  435.412051][T21386]  do_syscall_64+0x10b/0xf80
[  435.412067][T21386]  ? clear_bhb_loop+0x40/0x90
[  435.412085][T21386]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.412097][T21386] RIP: 0033:0x7f599515d04e
[  435.412107][T21386] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  435.412118][T21386] RSP: 002b:00007f59960bafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  435.412129][T21386] RAX: ffffffffffffffda RBX: 00007f59960bb6c0 RCX: 00007f599515d04e
[  435.412137][T21386] RDX: 000000000000000f RSI: 00007f59960bb0a0 RDI: 0000000000000004
[  435.412143][T21386] RBP: 00007f59960bb090 R08: 0000000000000000 R09: 0000000000000000
[  435.412150][T21386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  435.412156][T21386] R13: 00007f5995416038 R14: 00007f5995415fa0 R15: 00007ffe07b35ab8
[  435.412171][T21386]  </TASK>
[  435.412896][T21388] xt_hashlimit: size too large, truncated to 1048576
[  435.478962][T21392] bridge0: port 1(bridge_slave_0) entered disabled state
[  435.489069][T21391] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  435.503833][T21391] block device autoloading is deprecated and will be removed.
[  435.513281][T21392] bridge_slave_0 (unregistering): left allmulticast mode
[  435.515610][T21392] bridge_slave_0 (unregistering): left promiscuous mode
[  435.517874][T21392] bridge0: port 1(bridge_slave_0) entered disabled state
[  435.626703][   T40] audit: type=1400 audit(1776653382.099:7658): avc:  denied  { getopt } for  pid=21402 comm="syz.2.3794" lport=49094 faddr=255.255.255.254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  435.790804][   T40] audit: type=1400 audit(1776653382.259:7659): avc:  denied  { mounton } for  pid=21408 comm="syz.7.3797" path="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  435.926625][T21415] rdma_rxe: rxe_newlink: failed to add bond0
[  435.940025][T21415] bond0: entered promiscuous mode
[  435.943791][T21415] batadv0: entered promiscuous mode
[  435.946630][T21415] debugfs: 'hsr1' already exists in 'hsr'
[  435.949211][T21415] Cannot create hsr debugfs directory
[  435.951602][T21415] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network
[  435.955805][T21415] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network
[  435.962160][T21415] 8021q: adding VLAN 0 to HW filter on device hsr1
[  435.967171][T21415] bond0: left promiscuous mode
[  435.970350][T21415] batadv0: left promiscuous mode
[  436.025220][   T40] audit: type=1400 audit(1776653382.499:7660): avc:  denied  { lock } for  pid=21421 comm="syz.7.3802" path="socket:[102218]" dev="sockfs" ino=102218 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  436.058435][ T6045] usb 11-1: new high-speed USB device number 40 using dummy_hcd
[  436.208313][ T6045] usb 11-1: Using ep0 maxpacket: 8
[  436.213272][ T6045] usb 11-1: config index 0 descriptor too short (expected 301, got 45)
[  436.218384][ T6045] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  436.228315][ T6045] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  436.231226][ T6045] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  436.234322][ T6045] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  436.248500][ T6045] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  436.251576][ T6045] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  436.477054][ T6045] usb 11-1: GET_CAPABILITIES returned 0
[  436.481349][ T6045] usbtmc 11-1:16.0: can't read capabilities
[  436.552877][T21449] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=21449 comm=syz.2.3810
[  436.574683][T21449] netlink: 'syz.2.3810': attribute type 1 has an invalid length.
[  436.604775][T21449] 8021q: adding VLAN 0 to HW filter on device bond3
[  436.650642][T21449] bond3: (slave geneve2): making interface the new active one
[  436.655686][T21449] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  436.823524][T21458] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  436.828812][T21458] block device autoloading is deprecated and will be removed.
[  437.040871][    C0] usbtmc 11-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  437.061012][   T40] audit: type=1400 audit(1776653383.539:7661): avc:  denied  { read } for  pid=21470 comm="syz.2.3818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  437.198575][T17912] usb 13-1: new high-speed USB device number 9 using dummy_hcd
[  437.250008][T21476] netlink: 'syz.2.3819': attribute type 3 has an invalid length.
[  437.350739][T17912] usb 13-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  437.358333][T17912] usb 13-1: config 0 interface 0 has no altsetting 0
[  437.370482][T17912] usb 13-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  437.375047][T17912] usb 13-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  437.382061][T17912] usb 13-1: Product: syz
[  437.386535][T17912] usb 13-1: Manufacturer: syz
[  437.389715][T17912] usb 13-1: SerialNumber: syz
[  437.398340][T17912] usb 13-1: config 0 descriptor??
[  437.405639][T17912] usb 13-1: selecting invalid altsetting 0
[  437.604544][T21464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  437.608590][T21464] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  437.614263][ T6145] usb 13-1: USB disconnect, device number 9
[  437.679463][  T851] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  437.848282][  T851] usb 7-1: Using ep0 maxpacket: 8
[  437.851988][  T851] usb 7-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  437.855337][  T851] usb 7-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  437.858672][  T851] usb 7-1: config 0 interface 0 has no altsetting 0
[  437.860811][  T851] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  437.863572][  T851] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.868046][  T851] usb 7-1: config 0 descriptor??
[  438.051659][T21492] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  438.058182][T21492] block device autoloading is deprecated and will be removed.
[  438.078676][ T6145] usb 13-1: new high-speed USB device number 10 using dummy_hcd
[  438.208689][ T6145] usb 13-1: device descriptor read/64, error -71
[  438.292614][  T851] mcp2221 0003:04D8:00DD.000B: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  438.448303][ T6145] usb 13-1: new high-speed USB device number 11 using dummy_hcd
[  438.480783][T17912] usb 7-1: USB disconnect, device number 23
[  438.578399][ T6145] usb 13-1: device descriptor read/64, error -71
[  438.698671][ T6145] usb usb13-port1: attempt power cycle
[  438.814150][T17882] usb 11-1: USB disconnect, device number 40
[  438.870125][T21508] netlink: 'syz.7.3831': attribute type 1 has an invalid length.
[  438.872735][T21508] netlink: 'syz.7.3831': attribute type 2 has an invalid length.
[  439.023549][T21512] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3833'.
[  439.030197][T21512] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3833'.
[  439.042725][   T40] audit: type=1400 audit(1776653385.519:7662): avc:  denied  { mount } for  pid=21511 comm="syz.2.3833" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  439.048325][ T6145] usb 13-1: new high-speed USB device number 12 using dummy_hcd
[  439.069661][ T6145] usb 13-1: device descriptor read/8, error -71
[  439.108979][T21514] ip6gre2: entered promiscuous mode
[  439.111114][T21514] ip6gre2: entered allmulticast mode
[  439.130754][T21514] syz.7.3834 (21514) used greatest stack depth: 19632 bytes left
[  439.201539][T21522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3836'.
[  439.204457][T21522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3836'.
[  439.207349][T21522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3836'.
[  439.318601][ T6145] usb 13-1: new high-speed USB device number 13 using dummy_hcd
[  439.339641][ T6145] usb 13-1: device descriptor read/8, error -71
[  439.448728][ T6145] usb usb13-port1: unable to enumerate USB device
[  439.489708][T21517] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  439.622967][T21547] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  439.855652][   T59] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  440.018345][T13995] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  440.158475][T13995] usb 7-1: device descriptor read/64, error -71
[  440.294042][   T40] audit: type=1326 audit(1776653386.769:7663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21571 comm="syz.6.3852" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc657b9c819 code=0x0
[  440.398616][T13995] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  440.528358][T13995] usb 7-1: device descriptor read/64, error -71
[  440.638730][T13995] usb usb7-port1: attempt power cycle
[  440.932276][T21586] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2571 sclass=netlink_route_socket pid=21586 comm=syz.7.3857
[  440.978566][T13995] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  440.999882][T13995] usb 7-1: device descriptor read/8, error -71
[  441.238377][T13995] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  441.259771][T13995] usb 7-1: device descriptor read/8, error -71
[  441.369020][T13995] usb usb7-port1: unable to enumerate USB device
[  442.441113][T21618] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3869'.
[  442.453268][T21618] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21618 comm=syz.8.3869
[  442.594306][T21621] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  442.597958][T21621] block device autoloading is deprecated and will be removed.
[  442.649499][T21620] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3870'.
[  442.653936][T21620] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3870'.
[  442.948037][T21628] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  442.953099][T21628] block device autoloading is deprecated and will be removed.
[  443.178374][T21647] Cannot find map_set index 3 as target
[  443.264569][T21653] GUP no longer grows the stack in syz.2.3881 (21653): 200000007000-20000000a000 (200000004000)
[  443.290036][T21653] CPU: 3 UID: 0 PID: 21653 Comm: syz.2.3881 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  443.290070][T21653] Tainted: [L]=SOFTLOCKUP
[  443.290077][T21653] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  443.290088][T21653] Call Trace:
[  443.290096][T21653]  <TASK>
[  443.290103][T21653]  dump_stack_lvl+0x100/0x190
[  443.290133][T21653]  gup_vma_lookup.cold+0x83/0x96
[  443.290157][T21653]  __get_user_pages+0x241/0x32a0
[  443.290229][T21653]  ? xdp_umem_create+0x65e/0x11f0
[  443.290300][T21653]  ? xsk_setsockopt+0x7d8/0xab0
[  443.290315][T21653]  ? do_sock_setsockopt+0xf3/0x1d0
[  443.290374][T21653]  ? __pfx___get_user_pages+0x10/0x10
[  443.290390][T21653]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.290406][T21653]  __gup_longterm_locked+0x279/0x16f0
[  443.290421][T21653]  ? __lock_acquire+0x480/0x2630
[  443.290438][T21653]  ? __pfx___gup_longterm_locked+0x10/0x10
[  443.290480][T21653]  pin_user_pages+0x13c/0x160
[  443.290497][T21653]  ? __pfx_pin_user_pages+0x10/0x10
[  443.290512][T21653]  ? __kvmalloc_node_noprof+0x37b/0xa00
[  443.290582][T21653]  ? security_capset+0x250/0x270
[  443.290601][T21653]  xdp_umem_create+0x739/0x11f0
[  443.290622][T21653]  xsk_setsockopt+0x7d8/0xab0
[  443.290645][T21653]  ? __pfx_xsk_setsockopt+0x10/0x10
[  443.290660][T21653]  ? find_held_lock+0x2b/0x80
[  443.290669][T21653]  ? __fget_files+0x215/0x3d0
[  443.290685][T21653]  ? selinux_socket_setsockopt+0x6a/0x80
[  443.290702][T21653]  ? __pfx_xsk_setsockopt+0x10/0x10
[  443.290718][T21653]  do_sock_setsockopt+0xf3/0x1d0
[  443.290733][T21653]  __sys_setsockopt+0x195/0x220
[  443.290748][T21653]  __x64_sys_setsockopt+0xbd/0x160
[  443.290761][T21653]  do_syscall_64+0x10b/0xf80
[  443.290771][T21653]  ? clear_bhb_loop+0x40/0x90
[  443.290786][T21653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.290797][T21653] RIP: 0033:0x7f599519c819
[  443.290807][T21653] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  443.290818][T21653] RSP: 002b:00007f59960bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  443.290836][T21653] RAX: ffffffffffffffda RBX: 00007f5995415fa0 RCX: 00007f599519c819
[  443.290844][T21653] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000001
[  443.290850][T21653] RBP: 00007f5995232c91 R08: 0000000000000020 R09: 0000000000000000
[  443.290856][T21653] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000000
[  443.290863][T21653] R13: 00007f5995416038 R14: 00007f5995415fa0 R15: 00007ffe07b35ab8
[  443.290878][T21653]  </TASK>
[  443.476571][T21659] overlayfs: unescaped trailing colons in lowerdir mount option.
[  443.631718][T21656] netlink: 'syz.7.3882': attribute type 4 has an invalid length.
[  443.713740][T21673] netlink: 44 bytes leftover after parsing attributes in process `syz.8.3887'.
[  443.728343][T21673] netlink: 'syz.8.3887': attribute type 6 has an invalid length.
[  443.741628][T21673] netlink: 'syz.8.3887': attribute type 5 has an invalid length.
[  443.758298][T21673] netlink: 'syz.8.3887': attribute type 4 has an invalid length.
[  443.765036][T21677] sock: sock_timestamping_bind_phc: sock not bind to device
[  443.994662][T21690] loop9: detected capacity change from 0 to 524287999
[  443.997764][T21690] Buffer I/O error on dev loop9, logical block 0, async page read
[  444.000758][T21690] Buffer I/O error on dev loop9, logical block 0, async page read
[  444.003301][T21690] Buffer I/O error on dev loop9, logical block 0, async page read
[  444.005842][T21690] Buffer I/O error on dev loop9, logical block 0, async page read
[  444.011205][T21690] Buffer I/O error on dev loop9, logical block 0, async page read
[  444.013966][T21690] Buffer I/O error on dev loop9, logical block 0, async page read
[  444.016554][T21690] Buffer I/O error on dev loop9, logical block 0, async page read
[  444.019475][T21690] Buffer I/O error on dev loop9, logical block 0, async page read
[  444.022358][T21690] ldm_validate_partition_table(): Disk read failed.
[  444.024473][T21690] Buffer I/O error on dev loop9, logical block 0, async page read
[  444.027010][T21690] Buffer I/O error on dev loop9, logical block 0, async page read
[  444.030276][T21690] Dev loop9: unable to read RDB block 0
[  444.032334][T21690]  loop9: unable to read partition table
[  444.034270][T21690] loop_reread_partitions: partition scan of loop9 (3Ÿ¾x) failed (rc=-5)
[  444.131962][T21690] ldm_validate_partition_table(): Disk read failed.
[  444.141314][T21690] Dev loop9: unable to read RDB block 0
[  444.147405][T21690]  loop9: unable to read partition table
[  444.150723][T21690] loop_reread_partitions: partition scan of loop9 (3Ÿ¾x) failed (rc=-5)
[  444.568059][T21701] syz.6.3896 (21701): drop_caches: 2
[  444.652866][   T40] audit: type=1400 audit(1776653391.129:7664): avc:  denied  { create } for  pid=21706 comm="syz.8.3899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  444.665401][   T40] audit: type=1400 audit(1776653391.139:7665): avc:  denied  { write } for  pid=21706 comm="syz.8.3899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  444.736967][T21714] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3900'.
[  444.747732][T21714] netlink: 'syz.2.3900': attribute type 1 has an invalid length.
[  444.752043][T21714] netlink: 'syz.2.3900': attribute type 2 has an invalid length.
[  444.754620][T21714] netlink: 'syz.2.3900': attribute type 1 has an invalid length.
[  444.757125][T21714] netlink: 'syz.2.3900': attribute type 3 has an invalid length.
[  444.761566][T21714] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3900'.
[  444.814166][T21720] netlink: 'syz.6.3902': attribute type 14 has an invalid length.
[  444.840952][T21719] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3901'.
[  444.844125][T21719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3901'.
[  444.955500][T21738] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  445.277835][T21762] random: crng reseeded on system resumption
[  445.344917][T21773] bond4: option downdelay: invalid value (18446744073709551615)
[  445.347814][T21773] bond4: option downdelay: allowed values 0 - 2147483647
[  445.355453][T21773] bond4 (unregistering): Released all slaves
[  445.371831][ T2147] block nbd0: Possible stuck request ffff8880295e7000: control (read@0,1024B). Runtime 270 seconds
[  445.376147][ T2147] block nbd0: Possible stuck request ffff8880295e71c0: control (read@1024,1024B). Runtime 270 seconds
[  445.380501][ T2147] block nbd0: Possible stuck request ffff8880295e7380: control (read@2048,1024B). Runtime 270 seconds
[  445.385525][ T2147] block nbd0: Possible stuck request ffff8880295e7540: control (read@3072,1024B). Runtime 270 seconds
[  445.511378][T21776] wlan0 speed is unknown, defaulting to 1000
[  445.612318][T21776] wg1 speed is unknown, defaulting to 1000
[  445.735844][   T40] audit: type=1400 audit(1776653392.209:7666): avc:  denied  { read } for  pid=21795 comm="syz.2.3924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  445.798590][  T851] usb 13-1: new low-speed USB device number 14 using dummy_hcd
[  445.843158][T21805] SET target dimension over the limit!
[  445.899041][T21806] sd 0:0:0:0: PR command failed: 1026
[  445.900896][T21806] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  445.903119][T21806] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  445.906354][T21806] comedi comedi3: mpc624: a I/O base address must be specified
[  445.940201][T21812] qrtr: Invalid version 0
[  445.948697][  T851] usb 13-1: device descriptor read/64, error -71
[  446.150327][T21825] IPv6: NLM_F_CREATE should be specified when creating new route
[  446.150359][T21824] netlink: 'syz.7.3933': attribute type 1 has an invalid length.
[  446.166833][T21824] bond1: entered promiscuous mode
[  446.168814][T21824] 8021q: adding VLAN 0 to HW filter on device bond1
[  446.188756][  T851] usb 13-1: new low-speed USB device number 15 using dummy_hcd
[  446.276498][T21839] bond4: (slave geneve3): making interface the new active one
[  446.281976][T21839] bond4: (slave geneve3): Enslaving as an active interface with an up link
[  446.285187][ T1157] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[  446.291054][ T1157] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[  446.293884][ T1157] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[  446.296662][ T1157] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[  446.318779][  T851] usb 13-1: device descriptor read/64, error -71
[  446.438513][  T851] usb usb13-port1: attempt power cycle
[  446.573893][   T40] audit: type=1400 audit(1776653393.049:7667): avc:  denied  { connect } for  pid=21857 comm="syz.6.3941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  446.654078][T21864] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  446.709415][   T40] audit: type=1400 audit(1776653393.189:7668): avc:  denied  { map } for  pid=21863 comm="syz.2.3942" path="socket:[106201]" dev="sockfs" ino=106201 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  446.788306][  T851] usb 13-1: new low-speed USB device number 16 using dummy_hcd
[  446.819388][  T851] usb 13-1: device descriptor read/8, error -71
[  446.903462][T21880] IPVS: Scheduler module ip_vs_sip not found
[  446.957767][T21884] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  446.961509][T21884] block device autoloading is deprecated and will be removed.
[  447.078666][  T851] usb 13-1: new low-speed USB device number 17 using dummy_hcd
[  447.120984][  T851] usb 13-1: device descriptor read/8, error -71
[  447.171768][T21891] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3949'.
[  447.202742][   T40] audit: type=1400 audit(1776653393.679:7669): avc:  denied  { read } for  pid=21893 comm="syz.2.3950" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  447.228788][  T851] usb usb13-port1: unable to enumerate USB device
[  447.394133][T21899] fuse: Bad value for 'fd'
[  447.539632][T21904] sch_tbf: peakrate 7 is lower than or equals to rate 7 !
[  447.540867][T21906] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3952'.
[  447.542069][T21905] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3952'.
[  447.547944][T21905] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3952'.
[  447.556680][ T1157] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  447.557174][T21906] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3952'.
[  447.562713][ T1157] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  447.566071][ T1157] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  447.571015][ T1157] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  447.576710][T21906] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3952'.
[  447.888407][T17882] usb 11-1: new high-speed USB device number 41 using dummy_hcd
[  448.039038][T17882] usb 11-1: Using ep0 maxpacket: 8
[  448.042155][T17882] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  448.045846][T17882] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  448.049704][T17882] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  448.052964][T17882] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  448.057157][T17882] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  448.060776][T17882] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.268390][T17882] usb 11-1: GET_CAPABILITIES returned 0
[  448.270140][T17882] usbtmc 11-1:16.0: can't read capabilities
[  448.470844][T21910] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  448.479816][T21910] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  448.555119][  T851] usb 11-1: USB disconnect, device number 41
[  449.160204][T21938] blktrace: Concurrent blktraces are not allowed on sg0
[  449.271193][T21942] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  449.279484][T21942] block device autoloading is deprecated and will be removed.
[  449.762886][T21961] option changes via remount are deprecated (pid=21960 comm=syz.6.3972)
[  449.771156][   T40] audit: type=1400 audit(1776653396.249:7670): avc:  denied  { connect } for  pid=21960 comm="syz.6.3972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  450.164852][T21996] sp0: Synchronizing with TNC
[  450.170848][T21997] hugetlbfs: syz.7.3981 (21997): Using mlock ulimits for SHM_HUGETLB is obsolete
[  450.201197][T21996] sp0: Found TNC
[  450.215366][T21995] block device autoloading is deprecated and will be removed.
[  450.215460][   T40] audit: type=1400 audit(1776653396.689:7671): avc:  denied  { setattr } for  pid=21994 comm="syz.2.3982" name="ttyprintk" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  450.248076][T22002] __nla_validate_parse: 5 callbacks suppressed
[  450.248088][T22002] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3983'.
[  450.276766][T21994] [U] è`
[  450.351581][   T40] audit: type=1400 audit(1776653396.829:7672): avc:  denied  { name_bind } for  pid=22005 comm="syz.8.3984" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  450.359920][T22006] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  450.609938][   T40] audit: type=1400 audit(1776653397.079:7673): avc:  denied  { append } for  pid=22020 comm="syz.8.3988" name="001" dev="devtmpfs" ino=767 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  450.620899][T22021] 8021q: VLANs not supported on vxcan1
[  450.710748][   T40] audit: type=1326 audit(1776653397.189:7674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22025 comm="syz.8.3989" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1530f9c819 code=0x0
[  450.730252][T22019] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  450.800236][T22030] validate_nla: 4 callbacks suppressed
[  450.800249][T22030] netlink: 'syz.2.3991': attribute type 1 has an invalid length.
[  450.805756][T22031] netlink: 'syz.2.3991': attribute type 1 has an invalid length.
[  450.810937][T22034] SELinux:  policydb magic number 0x30303030 does not match expected magic number 0xf97cff8c
[  450.814889][T22034] SELinux: failed to load policy
[  451.354599][T22045] x_tables: duplicate underflow at hook 1
[  451.642141][T22050] overlayfs: failed to resolve './file0': -2
[  451.857183][T22053] delete_channel: no stack
[  452.224726][T22065] tmpfs: Unknown parameter 'grpquota_inode_hardlimit½1'
[  452.322192][T22069] hpfs: Bad magic ... probably not HPFS
[  452.326827][T22069] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4001'.
[  452.417846][T22071] netlink: 20 bytes leftover after parsing attributes in process `syz.8.4002'.
[  453.098710][T21985] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  453.230478][T22089] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  453.236575][T22089] block device autoloading is deprecated and will be removed.
[  453.396683][T22104] /dev/sg0: Can't lookup blockdev
[  453.504191][T22115] netlink: 207952 bytes leftover after parsing attributes in process `syz.6.4014'.
[  453.579943][ T1341] IPVS: starting estimator thread 0...
[  453.593376][T22129] loop2: detected capacity change from 0 to 7
[  453.598072][T22129] Dev loop2: unable to read RDB block 7
[  453.601686][T22129]  loop2: unable to read partition table
[  453.604672][T22129] loop2: partition table beyond EOD, truncated
[  453.606982][T22129] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  453.651413][T22137] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  453.651606][T22135] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  453.657671][T22135] block device autoloading is deprecated and will be removed.
[  453.669503][T22127] IPVS: using max 45 ests per chain, 108000 per kthread
[  453.898554][  T851] usb 12-1: new high-speed USB device number 8 using dummy_hcd
[  454.013488][   T40] audit: type=1400 audit(1776653400.489:7675): avc:  denied  { shutdown } for  pid=22171 comm="syz.8.4032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  454.019610][T22175] devpts: Bad value for 'max'
[  454.023116][   T40] audit: type=1400 audit(1776653400.499:7676): avc:  denied  { remount } for  pid=22173 comm="syz.6.4034" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  454.064418][   T40] audit: type=1804 audit(1776653400.539:7677): pid=22184 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.8.4036" name="/newroot/284/file0/file0" dev="9p" ino=81264713 res=1 errno=0
[  454.069322][  T851] usb 12-1: Using ep0 maxpacket: 32
[  454.076542][  T851] usb 12-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  454.082166][  T851] usb 12-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  454.085072][  T851] usb 12-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  454.087635][  T851] usb 12-1: Product: syz
[  454.089588][  T851] usb 12-1: Manufacturer: syz
[  454.091114][  T851] usb 12-1: SerialNumber: syz
[  454.095940][  T851] usb 12-1: config 0 descriptor??
[  454.100944][T22142] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  454.104328][  T851] hub 12-1:0.0: bad descriptor, ignoring hub
[  454.106324][  T851] hub 12-1:0.0: probe with driver hub failed with error -5
[  454.148619][   T40] audit: type=1400 audit(1776653400.629:7678): avc:  denied  { unmount } for  pid=18795 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  454.332728][T22198] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4041'.
[  454.393922][T22199] program syz.6.4040 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  454.412095][T22209] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4038'.
[  454.416724][T22209] netlink: 7 bytes leftover after parsing attributes in process `syz.8.4038'.
[  454.469256][T22206] block nbd6: shutting down sockets
[  454.491177][T22214] syz.2.4042: vmalloc error: size 3509858304, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  454.499145][T22214] CPU: 0 UID: 0 PID: 22214 Comm: syz.2.4042 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  454.499175][T22214] Tainted: [L]=SOFTLOCKUP
[  454.499182][T22214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  454.499194][T22214] Call Trace:
[  454.499202][T22214]  <TASK>
[  454.499210][T22214]  dump_stack_lvl+0x100/0x190
[  454.499239][T22214]  warn_alloc.cold+0x95/0x1c1
[  454.499365][T22214]  ? __pfx_warn_alloc+0x10/0x10
[  454.499391][T22214]  ? mark_held_locks+0x40/0x70
[  454.499416][T22214]  ? lockdep_hardirqs_on+0x78/0x100
[  454.499450][T22214]  ? stack_depot_save_flags+0x479/0x9d0
[  454.499486][T22214]  ? vb2_vmalloc_alloc+0x135/0x410
[  454.499567][T22214]  __vmalloc_node_range_noprof+0x136c/0x1630
[  454.499592][T22214]  ? v4l2_ioctl+0x1bd/0x250
[  454.499672][T22214]  ? __x64_sys_ioctl+0x18e/0x210
[  454.499691][T22214]  ? do_syscall_64+0x10b/0xf80
[  454.499709][T22214]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.499737][T22214]  ? vb2_vmalloc_alloc+0x135/0x410
[  454.499792][T22214]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  454.499830][T22214]  ? vb2_vmalloc_alloc+0x135/0x410
[  454.499851][T22214]  vmalloc_user_noprof+0x9e/0xe0
[  454.499876][T22214]  ? vb2_vmalloc_alloc+0x135/0x410
[  454.499902][T22214]  vb2_vmalloc_alloc+0x135/0x410
[  454.499923][T22214]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  454.499945][T22214]  __vb2_queue_alloc+0x8d5/0x1160
[  454.499992][T22214]  vb2_core_create_bufs+0x5fa/0xa30
[  454.500030][T22214]  ? __pfx_vb2_core_create_bufs+0x10/0x10
[  454.500062][T22214]  ? rcu_is_watching+0x12/0xc0
[  454.500093][T22214]  ? __mutex_lock+0x26d/0x1b10
[  454.500117][T22214]  vb2_create_bufs+0x40c/0x830
[  454.500149][T22214]  ? __pfx_vb2_create_bufs+0x10/0x10
[  454.500177][T22214]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  454.500298][T22214]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  454.500325][T22214]  v4l_create_bufs+0x17d/0x270
[  454.500357][T22214]  __video_do_ioctl+0xb2a/0xdf0
[  454.500385][T22214]  ? __might_fault+0xc5/0x140
[  454.500414][T22214]  ? __pfx___video_do_ioctl+0x10/0x10
[  454.500450][T22214]  video_usercopy+0x47d/0x1700
[  454.500476][T22214]  ? __pfx___video_do_ioctl+0x10/0x10
[  454.500502][T22214]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  454.500524][T22214]  ? __pfx_video_usercopy+0x10/0x10
[  454.500567][T22214]  v4l2_ioctl+0x1bd/0x250
[  454.500592][T22214]  ? __pfx_v4l2_ioctl+0x10/0x10
[  454.500619][T22214]  __x64_sys_ioctl+0x18e/0x210
[  454.500640][T22214]  do_syscall_64+0x10b/0xf80
[  454.500658][T22214]  ? clear_bhb_loop+0x40/0x90
[  454.500681][T22214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.500701][T22214] RIP: 0033:0x7f599519c819
[  454.500720][T22214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  454.500739][T22214] RSP: 002b:00007f59960bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  454.500758][T22214] RAX: ffffffffffffffda RBX: 00007f5995415fa0 RCX: 00007f599519c819
[  454.500771][T22214] RDX: 0000200000001580 RSI: 00000000c100565c RDI: 0000000000000004
[  454.500783][T22214] RBP: 00007f5995232c91 R08: 0000000000000000 R09: 0000000000000000
[  454.500795][T22214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  454.500808][T22214] R13: 00007f5995416038 R14: 00007f5995415fa0 R15: 00007ffe07b35ab8
[  454.500836][T22214]  </TASK>
[  454.500844][T22214] Mem-Info:
[  454.537249][T22218] netlink: 20 bytes leftover after parsing attributes in process `syz.8.4044'.
[  454.540294][T22214] active_anon:9178 inactive_anon:2925 isolated_anon:0
[  454.540294][T22214]  active_file:14413 inactive_file:13673 isolated_file:0
[  454.540294][T22214]  unevictable:1768 dirty:35 writeback:0
[  454.540294][T22214]  slab_reclaimable:9717 slab_unreclaimable:129601
[  454.540294][T22214]  mapped:23835 shmem:1906 pagetables:12557
[  454.540294][T22214]  sec_pagetables:317 bounce:0
[  454.540294][T22214]  kernel_misc_reclaimable:0
[  454.540294][T22214]  free:394466 free_pcp:13426 free_cma:0
[  454.624967][T22214] Node 0 active_anon:18328kB inactive_anon:11316kB active_file:1552kB inactive_file:6116kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:6780kB dirty:132kB writeback:0kB shmem:3556kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:19712kB pagetables:30304kB sec_pagetables:1248kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  454.635429][T22214] Node 1 active_anon:18384kB inactive_anon:384kB active_file:56100kB inactive_file:48576kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:88932kB dirty:8kB writeback:0kB shmem:4068kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:928kB pagetables:19924kB sec_pagetables:20kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  454.649488][T22214] Node 0 DMA free:12264kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:128kB inactive_anon:128kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:128kB local_pcp:32kB free_cma:0kB
[  454.659555][T22214] lowmem_reserve[]: 0 1229 1229 1229 1229
[  454.661574][T22214] Node 0 DMA32 free:385808kB boost:0kB min:27472kB low:34340kB high:41208kB reserved_highatomic:0KB free_highatomic:0KB active_anon:18240kB inactive_anon:11188kB active_file:1548kB inactive_file:6116kB unevictable:3536kB writepending:140kB zspages:0kB present:2080628kB managed:1259052kB mlocked:0kB bounce:0kB free_pcp:40860kB local_pcp:8000kB free_cma:0kB
[  454.672210][T22214] lowmem_reserve[]: 0 0 0 0 0
[  454.674461][T22214] Node 1 Normal free:1180064kB boost:0kB min:39768kB low:49708kB high:59648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:18384kB inactive_anon:384kB active_file:56100kB inactive_file:48576kB unevictable:3536kB writepending:8kB zspages:11064kB present:2097152kB managed:1781884kB mlocked:0kB bounce:0kB free_pcp:12108kB local_pcp:7608kB free_cma:0kB
[  454.685101][T22214] lowmem_reserve[]: 0 0 0 0 0
[  454.686847][T22214] Node 0 DMA: 56*4kB (UM) 49*8kB (UM) 50*16kB (UM) 57*32kB (UM) 37*64kB (UM) 20*128kB (UM) 4*256kB (UM) 2*512kB (UM) 2*1024kB (UM) 0*2048kB 0*4096kB = 12264kB
[  454.693585][T22214] Node 0 DMA32: 4166*4kB (UME) 4369*8kB (UME) 2819*16kB (UME) 1777*32kB (UME) 1372*64kB (UME) 606*128kB (UME) 195*256kB (UME) 29*512kB (UM) 2*1024kB (M) 0*2048kB 0*4096kB = 385776kB
[  454.699398][T22214] Node 1 Normal: 1974*4kB (UME) 1735*8kB (UME) 1601*16kB (UME) 1546*32kB (UME) 1155*64kB (UME) 677*128kB (UME) 454*256kB (UME) 331*512kB (UME) 202*1024kB (UME) 36*2048kB (UME) 87*4096kB (UME) = 1180064kB
[  454.705674][T22214] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  454.710916][T22214] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  454.714075][T22214] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  454.717162][T22214] Node 1 hugepages_total=4 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  454.720432][T22214] 33279 total pagecache pages
[  454.721979][T22214] 3273 pages in swap cache
[  454.723440][T22214] Free swap  = 61228kB
[  454.724805][T22214] Total swap = 124996kB
[  454.726125][T22214] 1048443 pages RAM
[  454.727384][T22214] 0 pages HighMem/MovableOnly
[  454.729556][T22214] 284369 pages reserved
[  454.730929][T22214] 0 pages cma reserved
[  454.864335][T22234] blktrace: Concurrent blktraces are not allowed on sg0
[  454.949102][T22232] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  455.190298][ T6045] usb 12-1: USB disconnect, device number 8
[  455.221388][   T40] audit: type=1400 audit(1776653401.699:7679): avc:  denied  { execute } for  pid=22243 comm="syz.8.4052" path="pipe:[108535]" dev="pipefs" ino=108535 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  455.380236][   T40] audit: type=1400 audit(1776653401.859:7680): avc:  denied  { write } for  pid=22247 comm="syz.6.4053" name="/" dev="9p" ino=81264711 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  455.382036][T22250] dvmrp1: entered allmulticast mode
[  455.395183][T22250] dvmrp1: left allmulticast mode
[  455.544168][   T62] Bluetooth: hci1: adv larger than maximum supported
[  455.549011][T22252] [U] 
[  455.612758][   T40] audit: type=1400 audit(1776653402.089:7681): avc:  denied  { map } for  pid=22254 comm="syz.8.4057" path="socket:[109556]" dev="sockfs" ino=109556 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  455.625334][   T40] audit: type=1400 audit(1776653402.089:7682): avc:  denied  { accept } for  pid=22254 comm="syz.8.4057" path="socket:[109556]" dev="sockfs" ino=109556 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  455.851434][   T40] audit: type=1326 audit(1776653402.329:7683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22265 comm="syz.7.4060" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcc4d59c819 code=0x0
[  456.010927][T22270] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  456.071887][T22284] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4066'.
[  456.094520][T22284] fuse: Bad value for 'fd'
[  456.097634][T22284] netlink: 46 bytes leftover after parsing attributes in process `syz.6.4066'.
[  456.603940][T22306] ip6gretap0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  456.629516][T22303] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  456.738851][T22308] macvtap1: entered promiscuous mode
[  456.741391][T22308] macvtap1: entered allmulticast mode
[  456.743128][T22308] veth1_vlan: entered allmulticast mode
[  456.799613][T22318] loop6: detected capacity change from 0 to 8
[  456.836906][T22322] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  456.959380][   T40] audit: type=1400 audit(1776653403.439:7684): avc:  denied  { setopt } for  pid=22326 comm="syz.2.4082" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  457.259115][ T6045] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  457.300508][T22334] 9p: Could not find request transport: v
[  457.346434][T22337] loop5: detected capacity change from 0 to 7
[  457.389768][T22337] 
[  457.390701][T22337] ======================================================
[  457.392882][T22337] WARNING: possible circular locking dependency detected
[  457.392998][T22339] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  457.394999][T22337] syzkaller #0 Tainted: G             L     
[  457.395007][T22337] ------------------------------------------------------
[  457.395011][T22337] syz.6.4086/22337 is trying to acquire lock:
[  457.395018][T22337] ffff88801ce86210 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9c/0xf0
[  457.408370][T22337] 
[  457.408370][T22337] but task is already holding lock:
[  457.410440][ T6045] usb 7-1: config index 0 descriptor too short (expected 64859, got 72)
[  457.410862][T22337] ffff8880289489b0 (&q->q_usage_counter(io)#22){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  457.416746][ T6045] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  457.417853][T22337] 
[  457.417853][T22337] which lock already depends on the new lock.
[  457.417853][T22337] 
[  457.417860][T22337] 
[  457.417860][T22337] the existing dependency chain (in reverse order) is:
[  457.421969][ T6045] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.424662][T22337] 
[  457.424662][T22337] -> #2 (&q->q_usage_counter(io)#22){++++}-{0:0}:
[  457.424851][T22337]        blk_alloc_queue+0x610/0x790
[  457.429092][ T6045] usb 7-1: Product: syz
[  457.430955][T22337]        blk_mq_alloc_queue+0x174/0x290
[  457.430974][T22337]        __blk_mq_alloc_disk+0x29/0x120
[  457.430989][T22337]        loop_add+0x498/0xb60
[  457.434525][ T6045] usb 7-1: Manufacturer: syz
[  457.436099][T22337]        loop_init+0x1d3/0x200
[  457.436118][T22337]        do_one_initcall+0x121/0x750
[  457.437861][ T6045] usb 7-1: SerialNumber: syz
[  457.439531][T22337]        kernel_init_freeable+0x6ea/0x7b0
[  457.439551][T22337]        kernel_init+0x1f/0x1e0
[  457.439619][T22337]        ret_from_fork+0x72b/0xd50
[  457.439706][T22337]        ret_from_fork_asm+0x1a/0x30
[  457.456387][T22337] 
[  457.456387][T22337] -> #1 (fs_reclaim){+.+.}-{0:0}:
[  457.458671][T22337]        fs_reclaim_acquire+0xc4/0x100
[  457.460540][T22337]        kmem_cache_alloc_noprof+0x4c/0x6e0
[  457.462411][T22337]        __kernfs_iattrs+0x124/0x3e0
[  457.463435][ T6045] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  457.464089][T22337]        __kernfs_setattr+0x4d/0x3c0
[  457.469195][T22337]        kernfs_iop_setattr+0xda/0x130
[  457.470925][T22337]        notify_change+0xb25/0x1330
[  457.472633][T22337]        do_truncate+0x1df/0x240
[  457.474322][T22337]        path_openat+0x2a55/0x31a0
[  457.475950][T22337]        do_file_open+0x20e/0x430
[  457.477540][T22337]        do_sys_openat2+0x10d/0x1e0
[  457.479248][T22337]        __x64_sys_openat+0x12d/0x210
[  457.480983][T22337]        do_syscall_64+0x10b/0xf80
[  457.482610][T22337]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.484630][T22337] 
[  457.484630][T22337] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}:
[  457.487256][T22337]        __lock_acquire+0x14b8/0x2630
[  457.489127][T22337]        lock_acquire+0x1b1/0x370
[  457.490790][T22337]        down_read+0x99/0x450
[  457.492319][T22337]        kernfs_iop_getattr+0x9c/0xf0
[  457.494010][T22337]        vfs_getattr_nosec+0x2d4/0x430
[  457.495801][T22337]        vfs_getattr+0x4a/0x60
[  457.497336][T22337]        loop_query_min_dio_size.isra.0+0x117/0x250
[  457.499381][T22337]        lo_ioctl+0x13aa/0x1bc0
[  457.500950][T22337]        blkdev_ioctl+0x5ad/0x6f0
[  457.502569][T22337]        __x64_sys_ioctl+0x18e/0x210
[  457.504237][T22337]        do_syscall_64+0x10b/0xf80
[  457.505862][T22337]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.507890][T22337] 
[  457.507890][T22337] other info that might help us debug this:
[  457.507890][T22337] 
[  457.511089][T22337] Chain exists of:
[  457.511089][T22337]   &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#22
[  457.511089][T22337] 
[  457.515489][T22337]  Possible unsafe locking scenario:
[  457.515489][T22337] 
[  457.517842][T22337]        CPU0                    CPU1
[  457.519546][T22337]        ----                    ----
[  457.521292][T22337]   lock(&q->q_usage_counter(io)#22);
[  457.522985][T22337]                                lock(fs_reclaim);
[  457.525016][T22337]                                lock(&q->q_usage_counter(io)#22);
[  457.527446][T22337]   rlock(&root->kernfs_iattr_rwsem);
[  457.529174][T22337] 
[  457.529174][T22337]  *** DEADLOCK ***
[  457.529174][T22337] 
[  457.531693][T22337] 3 locks held by syz.6.4086/22337:
[  457.533348][T22337]  #0: ffff888028ad3430 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_global_lock_killable+0x30/0xb0
[  457.536414][T22337]  #1: ffff8880289489b0 (&q->q_usage_counter(io)#22){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  457.539870][T22337]  #2: ffff8880289489e8 (&q->q_usage_counter(queue)#6){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  457.543635][T22337] 
[  457.543635][T22337] stack backtrace:
[  457.545528][T22337] CPU: 0 UID: 0 PID: 22337 Comm: syz.6.4086 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  457.545544][T22337] Tainted: [L]=SOFTLOCKUP
[  457.545549][T22337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  457.545643][T22337] Call Trace:
[  457.545740][T22337]  <TASK>
[  457.545746][T22337]  dump_stack_lvl+0x100/0x190
[  457.545763][T22337]  print_circular_bug.cold+0x178/0x1c7
[  457.545782][T22337]  check_noncircular+0x146/0x160
[  457.545798][T22337]  __lock_acquire+0x14b8/0x2630
[  457.545814][T22337]  lock_acquire+0x1b1/0x370
[  457.545827][T22337]  ? kernfs_iop_getattr+0x9c/0xf0
[  457.545840][T22337]  ? __pfx___might_resched+0x10/0x10
[  457.545943][T22337]  down_read+0x99/0x450
[  457.545957][T22337]  ? kernfs_iop_getattr+0x9c/0xf0
[  457.545968][T22337]  ? find_held_lock+0x2b/0x80
[  457.545977][T22337]  ? __pfx_down_read+0x10/0x10
[  457.545988][T22337]  ? kernfs_root+0xee/0x2a0
[  457.546000][T22337]  kernfs_iop_getattr+0x9c/0xf0
[  457.546013][T22337]  vfs_getattr_nosec+0x2d4/0x430
[  457.546028][T22337]  ? __pfx_kernfs_iop_getattr+0x10/0x10
[  457.546043][T22337]  vfs_getattr+0x4a/0x60
[  457.546057][T22337]  loop_query_min_dio_size.isra.0+0x117/0x250
[  457.546070][T22337]  ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10
[  457.546088][T22337]  lo_ioctl+0x13aa/0x1bc0
[  457.546100][T22337]  ? __pfx_lo_ioctl+0x10/0x10
[  457.546111][T22337]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  457.546127][T22337]  ? kasan_quarantine_put+0x104/0x240
[  457.546310][T22337]  ? blk_get_meta_cap+0xd4/0x6c0
[  457.546324][T22337]  ? __pfx_blk_get_meta_cap+0x10/0x10
[  457.546340][T22337]  ? blkdev_common_ioctl+0x515/0x2b80
[  457.546355][T22337]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  457.546371][T22337]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  457.546514][T22337]  ? do_vfs_ioctl+0x226/0x13e0
[  457.546524][T22337]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  457.546534][T22337]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  457.546548][T22337]  ? __fget_files+0x215/0x3d0
[  457.546561][T22337]  ? __pfx_lo_ioctl+0x10/0x10
[  457.546573][T22337]  blkdev_ioctl+0x5ad/0x6f0
[  457.546587][T22337]  ? __pfx_blkdev_ioctl+0x10/0x10
[  457.546601][T22337]  ? selinux_file_ioctl+0x13b/0x290
[  457.546611][T22337]  ? selinux_file_ioctl+0xb6/0x290
[  457.546622][T22337]  ? __pfx_blkdev_ioctl+0x10/0x10
[  457.546637][T22337]  __x64_sys_ioctl+0x18e/0x210
[  457.546648][T22337]  do_syscall_64+0x10b/0xf80
[  457.546658][T22337]  ? clear_bhb_loop+0x40/0x90
[  457.546671][T22337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.546683][T22337] RIP: 0033:0x7fc657b9c819
[  457.546694][T22337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  457.546705][T22337] RSP: 002b:00007fc658a10028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  457.546716][T22337] RAX: ffffffffffffffda RBX: 00007fc657e15fa0 RCX: 00007fc657b9c819
[  457.546723][T22337] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003
[  457.546729][T22337] RBP: 00007fc657c32c91 R08: 0000000000000000 R09: 0000000000000000
[  457.546736][T22337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  457.546742][T22337] R13: 00007fc657e16038 R14: 00007fc657e15fa0 R15: 00007ffefc4433b8
[  457.546790][T22337]  </TASK>
[  457.565394][   T40] audit: type=1400 audit(1776653404.029:7685): avc:  denied  { firmware_load } for  pid=11860 comm="kworker/3:6" path="/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw" dev="sda1" ino=313 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  457.576086][    C1] blk_print_req_error: 1 callbacks suppressed
[  457.576105][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  457.590650][T11860] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  457.591116][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  457.672810][    C0] buffer_io_error: 24 callbacks suppressed
[  457.672871][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  457.678692][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  457.681593][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[  457.684657][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  457.687502][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[  457.690647][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  457.693500][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[  457.696320][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  457.699248][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[  458.648395][T11860] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  458.651265][T11860] ath9k_htc: Failed to initialize the device
[  458.668104][T11860] usb 7-1: ath9k_htc: USB layer deinitialized
[  459.913554][T13995] usb 7-1: USB disconnect, device number 28
[  462.940608][ T5354] udevd[5354]: worker [5963] /devices/virtual/block/nbd0 timeout; kill it
[  462.944945][ T5354] udevd[5354]: seq 17492 '/devices/virtual/block/nbd0' killed