last executing test programs:

1m2.860452432s ago: executing program 2 (id=666):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f00000003c0)="cb1498060400000043b749c87c69e647f98b5dff65b94547b4d561ee937bf8e55070dee6761709e5f39fe4138846b795d1c41d658e9df241ba4dbd3c8a60f049cd2fd2dd2d502028e0aa4fe34ff29e2d01d2191d44f38f08c3c3f4f9cd595907f4512077aa42ffbf9dbad1eef08c8aeb0a33f1251cbf4b2469faac736adbe0389cfbd300000000", 0x87, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0x8dcacfa1c6c2afd6, 0xc9100120, 0x0, 0xfffffffffffffd25)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuseblk(&(0x7f000000aa80), &(0x7f000000aac0)='./file0\x00', &(0x7f000000ab00), 0x4, &(0x7f0000000040)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xa000}})
setsockopt$inet_tcp_int(r0, 0x6, 0x7, &(0x7f0000000000)=0x1000, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400f9e3bde20064ff00000000", @ANYRES32=0x0, @ANYBLOB="00000000c81400001c0012800b00010062726964676500000c000280080031"], 0x3c}, 0x1, 0xba01}, 0x0)

1m1.995984497s ago: executing program 2 (id=674):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f00000000c0)={0x0, 0x9}) (async)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="380b000000120085ff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e00010077697265677561726400000004000280"], 0x38}}, 0x0) (async)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000003380)='ns/cgroup\x00')
ioctl$COMEDI_CMDTEST(r2, 0x8050640a, 0x0) (async)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r3, 0x6, 0x1f, 0x0, 0x0)
setsockopt$sock_int(r3, 0x1, 0x1, &(0x7f0000000300)=0x101, 0x4) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610428000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)

1m1.995378264s ago: executing program 2 (id=675):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x8a041, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@verity_off}, {@volatile}, {@index_on}], [], 0x2c})
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x169400, 0x20)
setxattr$security_capability(&(0x7f0000000080)='./file0/file1\x00', &(0x7f00000001c0), 0x0, 0x0, 0x3)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r2 = socket$inet6(0xa, 0x2, 0x0)
getsockname(r0, &(0x7f00000003c0)=@un=@abs, &(0x7f0000000180)=0x80)
r3 = accept4$vsock_stream(r0, &(0x7f0000000340)={0x28, 0x0, 0x2710, @host}, 0x10, 0x80400)
setsockopt$sock_timeval(r3, 0x1, 0x14, &(0x7f0000000380)={0x77359400}, 0x10)
setsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4)
socket$kcm(0x10, 0x2, 0x0)
r4 = socket$kcm(0x29, 0x7, 0x0)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0)
ioctl$IMADDTIMER(r5, 0x80044940, &(0x7f0000000600)=0x14)
syz_usb_disconnect(0xffffffffffffffff)
close(r5)
sendmsg$kcm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001840), 0x1, 0x0, 0x3b}, 0x4000084)
close_range(r1, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))

1m1.220308681s ago: executing program 2 (id=686):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x4d0})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='[', 0x1, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r4, &(0x7f0000000000), 0xd)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x30, 0x24, 0x400, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xd, 0x9}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}}, 0x40084)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x27dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x240048e0}, 0x4890)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x195011, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
umount2(&(0x7f0000000080)='./file0\x00', 0x0)
mount(&(0x7f0000000100)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='efs\x00', 0x20, 0x0)

1m1.1195852s ago: executing program 2 (id=689):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000080)=<r2=>0x0, &(0x7f00000000c0)=0x4)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'tunl0\x00', &(0x7f0000000100)={'tunl0\x00', <r3=>0x0, 0x700, 0x700, 0x1ff, 0x8001, {{0x2a, 0x4, 0x0, 0x2e, 0xa8, 0x66, 0x0, 0x7, 0x29, 0x0, @private=0xa010102, @remote, {[@lsrr={0x83, 0x13, 0xe7, [@dev={0xac, 0x14, 0x14, 0x1c}, @rand_addr=0x64010100, @broadcast, @remote]}, @lsrr={0x83, 0x7, 0xd0, [@initdev={0xac, 0x1e, 0x1, 0x0}]}, @ssrr={0x89, 0x13, 0x36, [@local, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010102, @empty]}, @ra={0x94, 0x4}, @cipso={0x86, 0x3e, 0x1, [{0x5, 0x4, "eb05"}, {0x2, 0x11, "6f10059b79af106513168a6192925a"}, {0x0, 0x12, "cdeda89e351d7ec019b92e235dc80e54"}, {0x0, 0xf, "b3fbb97ed4bcf7bf5922f1df95"}, {0x0, 0x2}]}, @ssrr={0x89, 0x23, 0x6e, [@private=0xa010101, @multicast1, @remote, @multicast1, @loopback, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote]}, @noop]}}}}})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'vcan0\x00', <r4=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'syztnl1\x00', &(0x7f0000000280)={'syztnl0\x00', <r5=>0x0, 0x29, 0xac, 0xfd, 0x9, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev={0xfe, 0x80, '\x00', 0x22}, 0x80, 0x7, 0x2, 0x80}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'ip6gre0\x00', <r6=>0x0, 0x2f, 0x6, 0x9, 0x2, 0x59, @local, @mcast1, 0x0, 0x700, 0x7, 0x6f96}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000540)={'gretap0\x00', &(0x7f0000000400)={'tunl0\x00', <r7=>0x0, 0x7800, 0x8000, 0x80000001, 0x5, {{0x43, 0x4, 0x0, 0x1, 0x10c, 0x67, 0x0, 0x6, 0x2f, 0x0, @loopback, @dev={0xac, 0x14, 0x14, 0x2d}, {[@cipso={0x86, 0x2b, 0x1, [{0x5, 0x10, "de26498a1a508cbb0397a45d98d3"}, {0x6, 0xc, "f7f189180c57dd62d4dc"}, {0x7, 0x9, "71ad5f00a95481"}]}, @timestamp_addr={0x44, 0x3c, 0x1d, 0x1, 0x8, [{@broadcast, 0xe}, {@dev={0xac, 0x14, 0x14, 0x12}, 0x2}, {@loopback, 0xfffffffd}, {@loopback, 0x9}, {@multicast1, 0x10}, {@remote, 0x5}, {@local, 0xffffffff}]}, @generic={0x7, 0x4, "f5da"}, @timestamp={0x44, 0x10, 0xa5, 0x0, 0x2, [0x0, 0x4, 0x5]}, @cipso={0x86, 0x46, 0x1, [{0x1, 0x11, "53776e0f41874f9bbaa5b1946b284f"}, {0x1, 0x4, "32be"}, {0x2, 0x7, "d6c625a1c4"}, {0x6, 0x7, "21fb56b6a3"}, {0x1, 0x3, "f8"}, {0x6, 0x10, "fde205c46ba041b6810ca8f40cf1"}, {0x7, 0xa, "f34d76b91b50739b"}]}, @timestamp_prespec={0x44, 0x34, 0x47, 0x3, 0x1, [{@multicast2, 0x7}, {@local, 0x7f}, {@rand_addr=0x64010100, 0x7}, {@remote, 0x8}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x7f}, {@empty, 0x7fff}]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'team0\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000640)={'syztnl2\x00', &(0x7f00000005c0)={'ip6_vti0\x00', <r9=>0x0, 0x29, 0x7, 0xdf, 0x8de, 0x5, @ipv4={'\x00', '\xff\xff', @multicast2}, @empty, 0x8000, 0x8000, 0x7, 0xb}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'batadv_slave_0\x00', <r10=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000740)={'ip6tnl0\x00', &(0x7f00000006c0)={'ip6tnl0\x00', <r11=>0x0, 0x4, 0x8, 0x8d, 0x401, 0x40, @local, @loopback, 0x61, 0x7, 0x6, 0x9}})
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000780)={@dev, <r12=>0x0}, &(0x7f00000007c0)=0x14)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000a00)={&(0x7f0000000000), 0xc, &(0x7f00000009c0)={&(0x7f0000000800)={0x1bc, r1, 0x20, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}]}]}, 0x1bc}, 0x1, 0x0, 0x0, 0x80}, 0x40)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000004, 0x8010, r0, 0x30c4000)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000a40))
getsockopt$sock_timeval(r0, 0x1, 0x42, &(0x7f0000000a80), &(0x7f0000000ac0)=0x10)
prctl$PR_CAP_AMBIENT(0x2f, 0x1, 0x22)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000b00)={'batadv_slave_0\x00'})
r13 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$SO_COOKIE(r13, 0x1, 0x39, &(0x7f0000000b40), &(0x7f0000000b80)=0x8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)=@setneightbl={0x48, 0x43, 0x20, 0x70bd25, 0x25dfdbfe, {0x1c}, [@NDTA_NAME={0xc, 0x1, 'ip6tnl0\x00'}, @NDTA_THRESH3={0x8, 0x4, 0x9}, @NDTA_NAME={0x6, 0x1, '\'\x00'}, @NDTA_PARMS={0xc, 0x6, 0x0, 0x1, [@NDTPA_MCAST_REPROBES={0x8, 0x11, 0xfff}]}, @NDTA_GC_INTERVAL={0xc, 0x8, 0x9d9}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008880}, 0x40082)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d40)={0x20, 0x1, 0x8, 0x301, 0x0, 0x0, {0x1, 0x0, 0x8}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x4000)
r14 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000e00), 0x0, 0x0)
r15 = getuid()
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000e40)={0x0, 0x0, <r16=>0x0}, &(0x7f0000000e80)=0xc)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r14, 0xc018937b, &(0x7f0000000ec0)={{0x1, 0x1, 0x18, <r17=>r0, {r15, r16}}, './file0\x00'})
r18 = socket$nl_generic(0x10, 0x3, 0x10)
r19 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000f40), r17)
sendmsg$L2TP_CMD_SESSION_CREATE(r18, &(0x7f0000001000)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f80)={0x1c, r19, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_MTU={0x6, 0x1c, 0x7ff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24008011}, 0x20008004)

1m0.830505354s ago: executing program 2 (id=690):
membarrier(0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x15)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'sit0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0xfffffffe, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040}, 0x90)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r4, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@ipv4_deladdr={0x28, 0x15, 0x300, 0x70bd2d, 0x25dfdbfe, {0x2, 0x5a6129cd35798c0d, 0x108, 0xff, r3}, [@IFA_ADDRESS={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x29}}, @IFA_BROADCAST={0x8, 0x4, @remote}]}, 0x28}, 0x1, 0x4801000000000000, 0x0, 0x44810}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r5, 0x8b2a, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f00000002c0)={{&(0x7f000088d000/0x3000)=nil, 0x3000}, 0x4})
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f0000000340)={r7, r7, 0xc, 0xc, &(0x7f0000000140)="16000fc26c7e83088fd87f93", 0x9, 0x1, 0x10cf, 0xfff, 0x8b, 0x1, 0x80000000, 'syz0\x00'})
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000240)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, &(0x7f0000000280)={0x28, 0x2, r8, 0x0, &(0x7f0000000400)="4c4b1b10256671f027b8ece6372252253433b1606412558ff0b5de602da739bf2828c48ee5cd21eeec035016079a0f9202b2858bf29c8fe970de20107748c7947adf1bd30402919a63443cefee8bcb7990ecad4178948854268ccd29fe837c28b1a11aac5a105ee2e0e3379286948f32e4372210e6c638b02b857e900f0de1aad21fe3bcdcd680b0f537845d41fa109616d53a37e7c703eb9a645e32aa1deb28a2d72f838e26cc88616388b0e508fd3aa9ab5d15014dc07643a8717284d1938e00a23c87f1d601b07d81a8fef9890a0f", 0xd0, 0x5})
r9 = syz_open_dev$video4linux(&(0x7f00000001c0), 0x316, 0x40)
ioctl$VIDIOC_S_FREQUENCY(r9, 0x402c5639, &(0x7f0000000200)={0x7, 0x1, 0x6})

1m0.784390963s ago: executing program 32 (id=690):
membarrier(0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x15)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'sit0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0xfffffffe, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040}, 0x90)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r4, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@ipv4_deladdr={0x28, 0x15, 0x300, 0x70bd2d, 0x25dfdbfe, {0x2, 0x5a6129cd35798c0d, 0x108, 0xff, r3}, [@IFA_ADDRESS={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x29}}, @IFA_BROADCAST={0x8, 0x4, @remote}]}, 0x28}, 0x1, 0x4801000000000000, 0x0, 0x44810}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r5, 0x8b2a, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f00000002c0)={{&(0x7f000088d000/0x3000)=nil, 0x3000}, 0x4})
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f0000000340)={r7, r7, 0xc, 0xc, &(0x7f0000000140)="16000fc26c7e83088fd87f93", 0x9, 0x1, 0x10cf, 0xfff, 0x8b, 0x1, 0x80000000, 'syz0\x00'})
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000240)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, &(0x7f0000000280)={0x28, 0x2, r8, 0x0, &(0x7f0000000400)="4c4b1b10256671f027b8ece6372252253433b1606412558ff0b5de602da739bf2828c48ee5cd21eeec035016079a0f9202b2858bf29c8fe970de20107748c7947adf1bd30402919a63443cefee8bcb7990ecad4178948854268ccd29fe837c28b1a11aac5a105ee2e0e3379286948f32e4372210e6c638b02b857e900f0de1aad21fe3bcdcd680b0f537845d41fa109616d53a37e7c703eb9a645e32aa1deb28a2d72f838e26cc88616388b0e508fd3aa9ab5d15014dc07643a8717284d1938e00a23c87f1d601b07d81a8fef9890a0f", 0xd0, 0x5})
r9 = syz_open_dev$video4linux(&(0x7f00000001c0), 0x316, 0x40)
ioctl$VIDIOC_S_FREQUENCY(r9, 0x402c5639, &(0x7f0000000200)={0x7, 0x1, 0x6})

3.59855422s ago: executing program 1 (id=1741):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'dh\x00', 0x1, 0x4, 0x6d}, 0x2c)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x4, 'lblcr\x00', 0x8, 0x323b, 0x56}, {@remote, 0x4e23, 0x0, 0x6, 0x12d5c, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_CONTROL(r3, 0xc0105500, &(0x7f0000000380)={0x2, 0x14, 0x4404, 0x1, 0x1e, 0xa, 0x0})
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x23, 0x1, 0x0, "4f80ff259b1c2ce2d2226bfb771f00ff065e07079c5e6f426ebb117c0caba25f", 0x47504a4d})
mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x1039c2)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
bind$bt_hci(r8, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x1e, 0x0, 0x0)
write$bt_hci(r8, &(0x7f0000000080)=ANY=[], 0x6)
sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x40, 0x2c, 0x200, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0xa, 0xffe0}, {0x7, 0x2}, {0x0, 0xd03e435611b058d6}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x8, 0x2, [@TCA_CGROUP_POLICE={0x4}]}}, @TCA_CHAIN={0x8, 0xb, 0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r9 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r9, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756a85d88a8", 0x5ea, 0x40, &(0x7f00000001c0)={0x11, 0x88a8, r7, 0x1, 0xd8, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)
mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, 0x0)

3.389345668s ago: executing program 1 (id=1743):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r2)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {0xfff3, 0xffff}, {0xa, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000085}, 0x4804)

3.388390719s ago: executing program 1 (id=1745):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
fstatfs(0xffffffffffffffff, 0x0)
r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000040)=ANY=[@ANYRESOCT=0x0], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0xa8681, 0x0)
signalfd4(r1, &(0x7f0000000180), 0x8, 0x80800)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306ef3f0b53743ff62a9000070900be0083"], 0x0}, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000014c0), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000001500)={0x2020}, 0x2020)
write$FUSE_NOTIFY_RESEND(r2, &(0x7f0000003900)={0x14}, 0x14)
syz_open_dev$evdev(&(0x7f00000000c0), 0x5, 0xa0180)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002abd70000000007b280000000c00018008000100", @ANYRES32=r6], 0x20}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4044884)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r7=>0x0})
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r7, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)

2.907340111s ago: executing program 4 (id=1749):
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[])
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0xffffffffffffff3f, 0x0, 0x2}, 0x28)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
syz_emit_ethernet(0x10f, &(0x7f0000000200)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "011458", 0xd9, 0x3a, 0xff, @local, @local, {[], @echo_request={0x80, 0x0, 0x0, 0x3, 0x8, "e8e88057237c6251f8d6cc558a72bdbcd9f703b6edb04082b625ad5eb6156e3e932d739fee3e9551f358d32dbe4ceaf2a37a920f37e8bb0a69e5ef4dceec642633ae995f55fe25f108837cf4ccee3c27ea8485ad8e5741f23ffb012660e027689d92d9d47a2d14b52a79a7a1c5ee7fa9afa6c69baa80c76b747f2ea5733cdf44e8df87c0abdadc18c10fc9a5804d8837554fcf4f8b8bdc1c6e25184d23eff3b5d4babcf155c6fa7b459ecbe6ef6194b10d7de67a289cad1bfb568f97fa8fa4109fb65543c57e4c94480b9bd77cf83ee7b0"}}}}}}, 0x0)

2.747619843s ago: executing program 4 (id=1751):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
r0 = fsopen(&(0x7f0000002200)='ramfs\x00', 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) (async)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) (async)
r2 = syz_io_uring_complete(0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000000)) (async)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

2.747361847s ago: executing program 4 (id=1752):
r0 = fsopen(&(0x7f0000000140)='mqueue\x00', 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000240)={0x2c, r2, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2b4}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x976}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r0, 0x0, 0xa)
fchdir(r4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)

2.66921481s ago: executing program 4 (id=1754):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r2)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@delchain={0x38, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {0xfff3, 0xffff}, {0xa, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x8, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000085}, 0x4804)

2.609781657s ago: executing program 4 (id=1756):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @ioapic={0x1, 0x0, 0x7a4def, 0x0, 0x0, [{0x2, 0x2, 0x1, '\x00', 0xd}, {0x4e, 0x7d, 0x7, '\x00', 0x9}, {0x2, 0x9, 0xa, '\x00', 0x7}, {0x2, 0x1, 0x1, '\x00', 0x3}, {0x81, 0xb, 0x0, '\x00', 0x6}, {0x7, 0xd, 0x7, '\x00', 0x1}, {0x4, 0x8, 0x1, '\x00', 0x4}, {0x1, 0xff, 0xf5, '\x00', 0x2}, {0x4, 0x7, 0x8, '\x00', 0x5}, {0x83, 0x81, 0x9, '\x00', 0x4}, {0x6e, 0x1, 0x40, '\x00', 0x4f}, {0x8, 0xf9, 0x5, '\x00', 0x7}, {0x7, 0x5, 0x0, '\x00', 0x80}, {0x3, 0x5, 0x0, '\x00', 0x81}, {0xff, 0x1, 0x2, '\x00', 0x80}, {0x1, 0xc, 0x67, '\x00', 0x3}, {0xfb, 0x4, 0x9, '\x00', 0x7}, {0x7, 0x5, 0xf, '\x00', 0x4}, {0x7, 0xfe, 0x46, '\x00', 0x7f}, {0x5f, 0x0, 0x8, '\x00', 0x7}, {0xf9, 0x5, 0xc, '\x00', 0x5}, {0x5, 0xdd, 0x8, '\x00', 0x5a}, {0x2, 0x1, 0xee, '\x00', 0x1}, {0xf, 0x4c, 0xf7, '\x00', 0x8}]}})

2.517502052s ago: executing program 4 (id=1760):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$cdc_ncm(0x5, 0x91, &(0x7f0000000100)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7f, 0x2, 0x1, 0x0, 0xa0, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "0e813182f858"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0xa, 0x6, 0x1, 0x1}, {0x6, 0x24, 0x1a, 0x33, 0x3}, [@obex={0x5, 0x24, 0x15, 0x8}, @call_mgmt={0x5, 0x24, 0x1, 0x1}, @mbim={0xc, 0x24, 0x1b, 0x8199, 0xdf7, 0x4d, 0x0, 0x5, 0x7}, @network_terminal={0x7, 0x24, 0xa, 0xc, 0xfe, 0x0, 0xd}]}, {{0x9, 0x5, 0x81, 0x3, 0x600, 0x9, 0x2, 0x3}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x6, 0xd0, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x0, 0x7, 0xff}}}}}}}]}}, &(0x7f0000000640)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x200, 0x7, 0xe6, 0xff, 0xbf}, 0x28, &(0x7f0000000200)={0x5, 0xf, 0x28, 0x2, [@wireless={0xb, 0x10, 0x1, 0x4, 0x50, 0x4, 0x7, 0x0, 0x9}, @ssp_cap={0x18, 0x10, 0xa, 0x5, 0x3, 0x8080, 0x0, 0xf000, [0x7e30, 0x1e, 0x3f]}]}, 0x8, [{0x33, &(0x7f0000000240)=@string={0x33, 0x3, "a23a6bc74bbce02a00ce698bdf1cad4cea390b89aaea75c0a9e78793e6589b21f9fdcd3497d6ba9e1e1b16ad4585dfc98a"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x2c09}}, {0xb8, &(0x7f0000000300)=@string={0xb8, 0x3, "269e95d8f0361cdff0dbd92ab3a6b742b066d7f550841441272cae38ab0cde67f48304862cdcdeac6972d6656ae41d53c755ab49f8b0259fa79b9b1456052de60d0e5e5ea5459cf5c992e6688c79290a577123d3109f6af0426abe18b7934475f6b2cc756fd2c6041d4d2cb8faa63b8a34d2134ce2e64fd87106c6e4d2c6581a4a631f6622b9a6122b202e2185847d2b59041c9b37cbbb4ca71282a6cdf3867318098b022e3b6b3a378076f7422e4498bd84c8451767"}}, {0xcb, &(0x7f00000003c0)=@string={0xcb, 0x3, "d5d8568f3feefac5ef39042f2aa73b9435d021c4b1eed43d64318d3294ad6badbc74f9d517be0f9b811af84c513f882c77e9eaf006b14860dcc3fb5c840ddfffb6d218680afc81ac4f36b903aab557f5460f80249b816c53da167e073fcb505bf142d250e38d0c5db9f30bf9f21e720a2ca10cdc85fc00cf33303c87931b621066cd70c4fec3582e150ef853b373a829f6f888b4ce68f62496887c22cf56120af0056b9e62c532f328d05de7d6b326cfe69501e23cdf67a8c111485072c6f13c546fddc3b7b8e082bd"}}, {0xa9, &(0x7f00000004c0)=@string={0xa9, 0x3, "5c1af5d744d9480ceb4287f39aa8fde398b66584739940f075989add9532431fb1fcf68b2a9f362c7e44232aecc6a93c1dd862b14d9daceaeb0fe8e37ed8ae471e9373a5b2ece956f2f8d26af0d357a30f8aeb0fc9e94ff0c946496396fc714152108421842907fbdfcc38ccf58943ba6a1b3f081825df034f7ab9c1a76d94c81d0a4ce30213e595f8711326b7fe0537ea969010cb967e1a6417f615824653fbab7a5cbfac5e30"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x1c0a}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x415}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x280a}}]})
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002640)=@newtaction={0xe94, 0x30, 0x3f, 0x0, 0x0, {}, [{0xe80, 0x1, [@m_pedit={0xe7c, 0x1, 0x0, 0x0, {{0xa}, {0xe50, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x2c, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0xfffffffc, 0x0, 0x0, 0x0, 0x100, 0x81}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x5943}, {0x0, 0x800000, 0x0, 0xfffffffc}, {}, {}, {0x0, 0x0, 0x0, 0x1a}, {}, {0x0, 0x2}, {0x0, 0xa2}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x1cbe}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x1}, {0x0, 0x0, 0x56800000}, {}, {0x8, 0x10000000}, {}, {0x0, 0xfffffffe, 0x400000}, {0x1, 0xfffffffc}, {}, {}, {}, {0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x4, 0xffffff6a}, {0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x800000}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x0, 0x0, 0x10000000, 0x0, 0x0, 0x8}, {0x0, 0x7fffffff}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x27a}, {0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {0x0, 0x4, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0xfffffffc, 0x0, 0x0, 0xfffffffc}, {}, {0x0, 0x2}, {0x9, 0x0, 0x0, 0x4}, {}, {0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x80000000}, {0x0, 0x0, 0xa, 0x0, 0x200}, {0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {0x0, 0x0, 0xffffffff}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0xf49, 0x0, 0x0, 0x1}, {0xc}, {}, {0x0, 0x0, 0x2b7f}, {0x3ff, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x6}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0xcfc, 0x0, 0x0, 0xfffffffc}, {}, {}, {0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0x800}, {0xfffffffb, 0x0, 0x0, 0x0, 0xa92}, {}, {0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {0x0, 0x40000000, 0x1, 0x0, 0x10001}, {0x0, 0x0, 0x20}, {}, {0x80000, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, {0xfffffffc}, {}, {}, {}, {0x0, 0xa, 0xfffffffc}, {0x0, 0x0, 0x0, 0x8}, {0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xfff}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x40, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4c}, {}, {0x0, 0x0, 0x0, 0x1, 0x2}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x2}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x4, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x2}, {0x5}, {}, {}, {0x0, 0x1}, {}, {}, {0x7, 0x1}, {}, {}, {0x0, 0x1}, {}, {}, {0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe94}, 0x1, 0x0, 0x0, 0x40004000}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="280100"], 0x128}, 0x4004000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r2, 0x0)
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002)
r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x20480, 0x0)
getsockopt$rose(r3, 0x104, 0x1, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

1.319560532s ago: executing program 3 (id=1772):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000000100010000000000000000000000000a20000000000a0102"], 0x10c}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xffffffffffffff77}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791048000000000071004300000000009500000000000000db74589d4b38cc306ac390649f72dea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e2e01d50bc3347475750472719cc516fa14b769e7f385ba72c60242263c05ddab05e37efe81b8bffc35cdf2ac0d93263ff755d611c4cca1684b1470af6a83366aa430ad2d700b186da622d6fba70000000000000000000000000200"/173], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)

1.307421359s ago: executing program 3 (id=1774):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd70000000007b280000000c00018008000100", @ANYRES32=r2], 0x20}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4044884)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000780)=ANY=[@ANYBLOB="48010000100001000000000000000000e00000020000000000000000000000000a010101000000000000000000000000000000004e2100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffdfff0000000000000000000000000000000033000000fe8000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000000004000000010000000000000000000a000000000000000000000048000100736861323536000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000048460000000000000000000000000008001d00000000000800220003"], 0x148}}, 0x0)

1.229116423s ago: executing program 3 (id=1776):
ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x4b4e, 0x17)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000000)={0x6, 0x8})
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
recvmsg$can_bcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)=""/190, 0xbe}, {&(0x7f0000000140)=""/201, 0xc9}], 0x2, &(0x7f0000000280)=""/117, 0x75}, 0x102)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x1, 0x0, 0x0, 0x4, 0x2})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$IP_SET_OP_GET_BYINDEX(r1, 0x1, 0x53, &(0x7f00000003c0)={0x7, 0x7, 0x2}, &(0x7f0000000400)=0x28)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), r2)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'dvmrp1\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x60, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5}, @ETHTOOL_A_COALESCE_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x1}, @ETHTOOL_A_COALESCE_PKT_RATE_LOW={0x8, 0xd, 0xfffff001}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x4001)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000600)={0x5}, 0x4)
r5 = getuid()
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)=@ipmr_newroute={0x70, 0x18, 0x800, 0x70bd2b, 0x25dfdbff, {0x80, 0x20, 0x14, 0x8, 0x0, 0x2, 0xfd, 0x2, 0x3000}, [@RTA_DPORT={0x6, 0x1d, 0x4e23}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @ILA_ATTR_LOCATOR={0xc, 0x1, 0xff}}, @RTA_SPORT={0x6, 0x1c, 0x4e23}, @RTA_NH_ID={0x8, 0x1e, 0x1}, @RTA_FLOW={0x8, 0xb, 0x4}, @RTA_GATEWAY={0x8, 0x5, @multicast2}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP_TOS={0x5, 0x5, 0xe}}, @RTA_UID={0x8, 0x19, r5}, @RTA_IIF={0x8, 0x3, r4}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r6 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r6, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000008c0)={&(0x7f00000007c0)={0xc8, 0x3ed, 0x100, 0x70bd25, 0x25dfdbff, "7c8168d23cf7be874700542ba1187893905370e37f76045e0d77a20acb90dd5a045178df7d8295f3f1b999b402363386794b0ee9cec64ab22d2ccc46bcbd599897d0bd662e2e65725a4010dc04d1862eb57d97cc0573539801d1b823353cadf546759665bc2e69cd6739fbaa22be7dad569de4240d5b2c5250cd46e498ec1babe9fc5e1a009b720f5563064d309575bc847a58e535e338ca21e5458b3c663e4e3240d945f56709c5e57bde7cd7f53b6c67e1d42d33", ["", "", "", ""]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000004}, 0x84)
ioctl$EVIOCSCLOCKID(r1, 0x400445a0, &(0x7f0000000940)=0x3)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x1e, 0xa, &(0x7f0000000980)=@raw=[@alu={0x7, 0x0, 0xd, 0x4, 0x5cc633e41a23ae8f}, @generic={0x4, 0x7, 0x5, 0x7fff, 0xfffffbff}, @jmp={0x5, 0x0, 0x5, 0xa, 0x3, 0x40, 0x10}, @alu={0x7, 0x0, 0xd, 0x5, 0x5, 0x6, 0xfffffffffffffffc}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x8}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffb}], &(0x7f0000000a00)='syzkaller\x00', 0xf, 0xf7, &(0x7f0000000a40)=""/247, 0x40f00, 0x0, '\x00', r4, @fallback=0x13, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000b40)={0x0, 0xe, 0xaab6, 0x4}, 0x10, 0xffffffffffffffff, r1, 0x6, 0x0, &(0x7f0000000b80)=[{0x5, 0x5, 0x8, 0xb}, {0x5, 0x1, 0x0, 0x5}, {0x4, 0x5, 0xd, 0x1}, {0x4, 0x1, 0x7, 0x5}, {0x4, 0x5, 0x3, 0x9}, {0x4, 0x3, 0x0, 0x9}], 0x10, 0xf795}, 0x94)
ioctl$sock_SIOCDELRT(r6, 0x890c, &(0x7f0000000cc0)={0x0, @xdp={0x2c, 0x3, r4, 0x1b}, @generic={0x2, "6bdcb5184b449cb23cea6d6d4078"}, @xdp={0x2c, 0x7, r4, 0x12}, 0x5, 0x0, 0x0, 0x0, 0x5, 0x0, 0xdee, 0x5, 0x3})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000d40)='rxrpc_retransmit\x00', r7, 0x0, 0xfffffffffffffffc}, 0x18)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r6, 0x942e, 0x0)
read$FUSE(r1, &(0x7f0000000dc0)={0x2020, 0x0, <r8=>0x0}, 0x2020)
r9 = getegid()
write$FUSE_STATX(r1, &(0x7f0000002e00)={0x130, 0x0, r8, {0x8, 0x4, 0x0, '\x00', {0x200, 0x933, 0x7, 0x40, r5, r9, 0x1000, '\x00', 0x285, 0x1, 0xa38, 0xe, {0x3, 0x6}, {0x7, 0xffffff21}, {0xe}, {0x9, 0x1}, 0x158a, 0xffffd906, 0xfffffff9, 0x6}}}, 0x130)
dup3(r7, r1, 0x80000)
getpeername$tipc(r1, &(0x7f0000002f40)=@id, &(0x7f0000002f80)=0x10)
setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, &(0x7f0000002fc0)={0xc, {{0x2, 0x4e21, @private=0xa010102}}}, 0x88)
sendmsg$AUDIT_GET(r1, &(0x7f0000003140)={&(0x7f0000003080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000003100)={&(0x7f00000030c0)={0x10, 0x3e8, 0x20, 0x70bd2a, 0x25dfdbfd, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000040)
sendto$inet6(r1, &(0x7f0000003180)="180b1d19c9b3d0ee246bdab6c5087e8fc82155003a85", 0x16, 0x4008000, &(0x7f00000031c0)={0xa, 0x4e20, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}, 0x20000}, 0x1c)
close(r1)

1.140027385s ago: executing program 3 (id=1779):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = open(&(0x7f0000000080)='./file0\x00', 0x800, 0xc8)
r3 = syz_io_uring_setup(0x5fac, &(0x7f0000002040)={0x0, 0x0, 0x20000, 0x8, 0x800000, 0x0, r2}, &(0x7f0000000100)=<r4=>0x0, &(0x7f00000000c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x2, r0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0}})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x101840, 0x0) (async)
add_key$user(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff)
io_uring_enter(r3, 0x27e2, 0x0, 0x0, 0x0, 0x0) (async)
prctl$PR_SET_SECUREBITS(0x1c, 0x2) (async)
sendmmsg$unix(r1, &(0x7f000000f7c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8081}}], 0xf000, 0x800)

300.106071ms ago: executing program 1 (id=1787):
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@gettaction={0x74, 0x32, 0x800, 0x70bd2b, 0x25dfdbff, {}, [@action_gd=@TCA_ACT_TAB={0x54, 0x1, [{0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3ff}}, {0xc, 0x1a, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x14, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0x14, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}]}, 0x74}, 0x1, 0x0, 0x0, 0x80d1}, 0x34008098)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r3, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x604ab000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000180)=0x40)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r5, 0x8927, &(0x7f0000000380)={'ip6tnl0\x00', 0x0})
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000d5c", @ANYRES16=r4, @ANYBLOB="000125bd7000ffdbdf2509000000"], 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x4000080)
r6 = socket$tipc(0x1e, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r6, 0x8982, &(0x7f0000000240)={0x0, 'vlan0\x00', {0x2}, 0x5})
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xfffffd61, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', r2, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r8 = socket$kcm(0x29, 0x2, 0x0)
r9 = socket$inet6(0xa, 0x803, 0x6)
connect$inet6(r9, &(0x7f0000000200)={0xa, 0x80, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1c)
ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e0, &(0x7f0000000180)={r9, r7})
r10 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$mixer_OSS_ALSAEMULVER(r10, 0x80044df9, &(0x7f00000000c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)

299.476596ms ago: executing program 1 (id=1789):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x30]}}}}]})
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x420, &(0x7f00000000c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]})
r0 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000100), 0x20000, 0x0)
execveat(r0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000300)={[&(0x7f00000001c0)='^/\x89@/\x00', &(0x7f0000000200)='(.\x00', &(0x7f0000000240)='\x00', &(0x7f0000000280)='!]:\x00', &(0x7f00000002c0)='=relative']}, &(0x7f0000000580)={[&(0x7f0000000340)='tmpfs\x00', &(0x7f00000003c0)='\x00', &(0x7f0000000400)=':\x00', &(0x7f0000000440)='tmpfs\x00', &(0x7f0000000480)='tmpfs\x00', &(0x7f00000004c0)='mpol', &(0x7f0000000500)='[\x99+@\x00', &(0x7f0000000540)=':{/[-[]{\x00']}, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000380)=0xe9)

299.224693ms ago: executing program 3 (id=1790):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000240)={[0x5837, 0x8, 0x7, 0x4000000000000e51, 0xfffffffffffffffe, 0x5479, 0x1035, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0xbf4, 0xfff, 0x8000000000005, 0xe], 0x2000, 0x80cd4})
ioctl$KVM_CAP_X86_GUEST_MODE(r1, 0x4068aea3, &(0x7f0000000300))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4008451}, 0x20040041)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r6, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x20, r7, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000200)=0x60)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

297.980794ms ago: executing program 0 (id=1791):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = socket$packet(0x11, 0x3, 0x300) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', <r2=>0x0})
setsockopt$packet_int(r1, 0x107, 0xb, &(0x7f0000000080)=0x8, 0x4) (async)
setsockopt$packet_int(r1, 0x107, 0x1c, 0x0, 0x0)
sendto$packet(r1, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aa", 0xf, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14)

297.05393ms ago: executing program 1 (id=1792):
r0 = syz_open_dev$dri(&(0x7f0000000500), 0xe6, 0x800)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b)
write$P9_RLERROR(r2, 0x0, 0xa)
setrlimit(0x1, &(0x7f0000000140))
ptrace(0x10, r1)
ptrace$setsig(0x4203, r1, 0x1000, &(0x7f00000002c0)={0x2d, 0xd5, 0x80})
ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x400464d1, &(0x7f0000000400)=0x8)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r4, 0x0, <r5=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r3, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r5, 0x0, 0x0, 0x0, 0x0, 0x9})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000440)={0x48, 0x6, r5, 0x334, 0x0, 0x0, 0x8, 0x34cabe, 0xe177b, 0xffffffffffffff7b})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, &(0x7f0000000080)={[{@quota}, {@usrquota_inode_hardlimit={'usrquota_inode_hardlimit', 0x3d, [0x37]}}]})
r6 = syz_open_procfs(0xffffffffffffffff, 0x0)
read$FUSE(r6, &(0x7f00000020c0)={0x2020}, 0x2020)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file3\x00', 0x105042, 0x0)
mount(0x0, &(0x7f0000000040)='./file3\x00', &(0x7f0000000000)='ceph\x00', 0x0, &(0x7f0000000380)='acl')
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r8, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfb, 0x4000000}, 0xc)
getsockopt$netlink(r8, 0x10e, 0x9, &(0x7f0000001100)=""/4096, &(0x7f0000000040)=0x1000)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@bridge_newneigh={0x5c, 0x1c, 0x100, 0x70bd2d, 0x25dfdbfe, {0x1c, 0x0, 0x0, 0x0, 0x3, 0xa0, 0x4}, [@NDA_MASTER={0x8, 0x9, 0x7}, @NDA_DST_IPV6={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0xf}}, @NDA_FDB_EXT_ATTRS={0x14, 0xe, 0x0, 0x1, [@NFEA_ACTIVITY_NOTIFY={0x5, 0x1, 0x7b}, @NFEA_DONT_REFRESH={0x4}, @NFEA_DONT_REFRESH={0x4}]}, @NDA_PROBES={0x8, 0x4, 0x7}, @NDA_PROTOCOL={0x5, 0xc, 0x4}]}, 0x5c}}, 0x8000)

209.319098ms ago: executing program 0 (id=1793):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000600)={0x0, 0x0, 0x54})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@x86={0x2, 0x5, 0x17, 0x0, 0x3, 0x0, 0x2, 0x79, 0xff, 0x8, 0x1, 0x1, 0x0, 0x8, 0x5, 0x8, 0x72, 0x7, 0xba, '\x00', 0x3})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000580)=@newsa={0x110, 0x1a, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x9e6}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@offload={0xc, 0x1c, {0x0, 0x1}}, @coaddr={0x14, 0xe, @in=@empty}]}, 0x110}, 0x1, 0x0, 0x0, 0x48000}, 0x0)

138.951238ms ago: executing program 0 (id=1794):
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x7}}, './file0\x00'})
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000040)=0x5, 0x4)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
sendmsg$NL80211_CMD_DEL_PMK(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, r1, 0x400, 0xa813, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x40)
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY(r0, 0x5000940f, &(0x7f0000000240)={{r2}, "d71c82e5835438b42d18edab5d3842f4507f2fe962586e625bda3733628fa408ac63a7cbe355b9a6a010d0af82e4ad3dc90eab93b21cb03a3be5a98955c70747a797b9ac9056af3029076a715be9173210851d041c743bebab8275f3f7f17344fdf09f027709862545b7a5723ae80aab27d66c52adaacf476eb77a497577bf4a446bd7fb895154b1f60d6c279d43fe5b0aaa8b61581e73feb923d7ac33e97e37ea0529de7978ec84a28ede5a98e3ac3b7ccc606a8e85f5b52e53cdf2440037921ec919dc1a8a9fecdc4db9205ee501b3dcd012a339f441f512a47ebe6061fed738ebb3bbb6628f20ebf6ee8b24d37377db47ba0efde7f88a3a93339b31a446571c468298a054934212098997a080f9936b0d4e3b304ce569f3f956cb542ae2660779a39463a2a20c0efa013b24baaa5fb5796e72352abc53df6a1a37e0ee7d13d5e0cb7b2cadd987f1728e426dc1d9b3e6bb3bcaeeef70488fdba98f4e5965182dd147436eec290611785d295c53967d4afec84a19c14d29c39fb7f0fc7e4840a36f2c1f108c90dd51fa3c5d95172c759afa65e98c326ff12dac411668a92c35db247fa434e1d05293bde0bed0c6c14d8be3db3e25b9ab532fed3ffcf008c8ad025879155114f24a466f3278154114c7f1cce95b03b014c08bd715de98b9f8283c6f8e2df06618cfd3e0c8ed1490d72a9e633f8d7d83238d1d153b8d091c83c95a9a54d73f91594f306693bddc2a25f9250d76018622a812d2f7d3180caafee89d7de43e5e1152291ead6f33c43096a8307e215824e9c3119ee6a0b63f73b112796c2e5b4511cd9ea94f3bd90c21f4415db2a86da4b8084ed4ca467d6c81ddb1d069a0be1e26a49d607d8607c8914eb6975cbaa99cdc4e84e149acc0b8015b42e0f2c9ab9fd367ed3a944e3ad4aabc124e4f02de3cc1c7ccc2fa8391249c5fd30d54a6f5403c6298f9971e9c0080db3dbbf8299c196fcc7bd408b0d8af440bbf3d2be55248acdef00bd55f79e4fbb4f0846fab26c0215b6001c1b8a8f0d48b5932c9c873ac57620acdf7ffb321961502d2c7d0e64b6364d2f3aa8cfcd792c7c22fc842b8066907c51bfb6fd470b6580096ba05e25c344788a3fe58d8be14bd43c33eea918b260e855f8b1831fd0e5ddbb8af211d329f0765cd9d6ccf95c307ce94e33ad8bab30aae078c71c489b2eb8c5a347a2b433d9b0731dceb6d7e52791088df4b48c138fb1a585d62e6fd651548be1ea5d10a04909797b748db32aaf856303bf11e4c3ee95d7fe284d07b636111bb4f65ffd65c26475754cc2f2851bd91f21aca2e8b1648b93e503df153fe50468e481e95e5b084f274a3276cf66598090e023c97884376def332320c2b45c156bd0675ff1495d6a28fc2c55cf82d3b585fb08ebbb350feac5b3e1e4dc01c4a265398b254a51c498fb60e0e675d4dcbf027516b05c81bb5f78fd3685dc399df52a50a066772b1bd37b25af860dd39635a580fd057f64f7f8df7d6766e1ad3dbaf10ad9aed42a0e69a5d7569b0ebf636994b47dc11844b6fda45968a805f6deda631d471b75bdd4127c4431a7be00c7c4527ae0bb9bd9d8dcc6ec59ac797a34c9e1effe1d16a694acd122b766e90fc4eb2c6a35d03e35d2dae4406ea0d0bc85328d5529316080f4f88432099c3442c76da7deaaaaa10a4fbd096922ed8511c931b449a876ee794641d8384cdaa7330af21b02f063dbc894de46ffaaaeffe451c3065c9acd874d7c857279ff3eb0e8688a14987b215d37c821037defd9907b43f8aa7618eca7d7b1cc0a7dfcf43ea1ff0587af98df29008b54327d5ab0ee7398b87e950ee857494978a003fab18a1ce581d7e8a5d4e1450a2c80c12d4dc5b9229e7ca0336907952b0814fb07e6743a62c0e78d8204744a4aab4915c298a4700f809611b2e2874e81d6285d2926213272f1d6e738d782063a25c2334178a31390d13002d9068ee042630cac79d58db55e70fdd09906df879efaa582b5d747deed80762e7c18fa3ebc2fb4cb0d67fd01296e80b0f2a4dca12be5714b5e522762fb9d10ff716eee8acab2dac82ffac2bca2d1bfb8fe348a6e2afbd7be56bcb1088796e3f550111424c20e49bb8d6dd9af69b4c6b57e7f8165e34473aac706e4e6f9843f0ae868971fac3da64030d26ebc44531a472901ae0c6355a11e4d023413b657fa0998e73a315fa29e64e41a2747f429a8925e876c8ea738bbd324cd65e63241624f38a71e3eaf3328bd16ecc0996ea889758bfe9e077ff0bc06efe3e838ecc7fa72b2dc6638e3361c3a0c486d813f0205bcd21f6442ae0ad35ee2f55fbf279d42874dbff29de9a55b71b94f5c395936522d08487b76e921e064135b72cb704f8bc77f6d20ddf134c20c1db486ab488234e3ff945db12c50891d73136ecbdb8c8bc7dc6862a0b3a829b2e31c62ff275e07f1ab1d48c75781af24749974f77684c1bdc614db2f1b0c1e9f254fcc75e3b40119d59e46e6ffb65eb86c5e1a5ed1e709ffe6df00766e67868d36fb59bc44a152e9b59962d6cca5a6d92db5f437ee08acb2be177ae45e4b8dfdf8f4454f15c16aea6d74afcf0fa6a24913d3fe790b0a86336fd5d4d90429b2bb01d5a5de6046e9dd7085ded66fa2a10886b7580482092ea26233d65fd38a6eb90b1e95d74e64778341dbece18d15a366faeabbf639ad9704952958bdbb5e1ede006d1235410f75f85c3f050cba6a7678bf7ef87ed7d5d695961feda68f0e1ce85a8785e58c67cd0dcbe3b77b893a5a9494c234863bde93f7c686e2df9744bda2339445d1cdb273c4af5e7e9cd675db6b2b962ff3c05750e1082a0d8b2a643e190a025ec37864655ab4959c7a29c08ec4667d2eaa0659e28d22cfdcf316a4715c20595f43cd62a7fc94b3702c6bdfb2d4df6e5e45495590d458a4143d99977dc6d3f0629709adb19ae7488595e02609e4aaa9fcdce5f9c6bafb719971dd59623fa6ed73683dd1bff4b2e14bb82d87c479c1f6cc9f52af51c23607a57b1415f2d1eaf563ac67ac5057a4004039a584a8bbcb3f324c3f386e107a8c0d3c941b7a97811222b02fd24ff59c01a80fe6672143ab76535486a35ebeaf6a7da43fe3279d6580186717514b629424276d974b050cdc32c072ad76da8fea322c9ab1a57466dd02436398319b66072ac990ea6aa390a783437d7f0039b17491fc584231f784ba87df893a2284593983a0f6bd0ac841748ccddf12f42bd4b7e5739dbeebccac88fd28673c3b3de2117080f9539fb1e46f9f253ad0493a8464f76423c49582a5e1325d85a351573bf1916b7bcf38cbe25058f7d92bdb5b77bfc26790a1feb52f34672fd090e7039c59426899282c11ce8dc13c554f47c196c3b367aa2fa4050b751ba31130b589176ba8de7210baef2097df2d51a5045f1e6f1ef49e85337291a0007e481daa22db852a4b1ce346649e6b8f9b3dbaa615afdb60eabc39a91223294144b3ab6070cf447e40dd56d0ebbe44cd84aa6045f3bda67a83fae805f4001b621a0ed7150a2c5bc713b9a0650c6f4199088d113f46209f6fe874ef0938b40dc9c8948cf50895e0799eb6c2b8bab703a2f6a75f10c81a69172a3ff4c9f312c90a624a36e001f7c87f60fcc80980516ecd835445c022f4690450184e1141f578b570e2fd440dd9d2e3944aa9aff0be3c11262decf4326f65ff2c95dffd51c5f4bf1c604d8126101d4c4c815120c32b9c6311262a7364366c26458f3d99783227ed04f9c7f744565a33efc389d288e469d360fc76d189e1bb7fd678099e71b3110a7636ff66af4656e4b4e4c48f282d3b9cdd5441d4552e5d2e9c286645760b7beee7d90f7a9ac88117290833fe12d429e5e0a762fd32a6c6e9f954e359a2d6a3b879fc46c09da7cde6a4297f80b1bf3f5dbe5947352574a86903b7c52afc9d817449285f5124e232376fdeec104ce42a511e4f37dbb3a8006e2dce99ea5620372c0a1df8aa736c4e8074c17af9d6df55897d0fc1116fec29f50a12924c605d53b2211b95d1362a2f22954a82f1a1e978cc22fff32705826bdf3bd68c9124bb460b9a5040615d6bf316e5d990a83ed642b28e2f547965ee0590d9fb7d2ddd5c18b4ca4d51686585a6ed2fa92eff7de7d15d27e542f27ba95dce57a4591c787a16b759045dce0d7b7326fb95a0d570d20c08e3a2025aee5f18ce8556d389ae6c946b7d6e4b5570be70b5b7b444781403ccb8443710d1015e8bf8c148bc48f997ffdcf7215cfc149e4fa55c1a0fd28a4aa5c10a2ef0a5defcb6c285296cf21261bfbda5cbf36a00baaef385e6fe39b9682d2cb203ce74f100432cf3a9780e4366257f14b9bfa89af826413b84af75a89aedcbc67a63fc5819d6c28b6cc76ef9e2416f984424cb3dcba34daeba77aeabb1e66c3f425aec01c58a07a78443cba5afa34150afe4fbccf60c0a860e9f3748385e3ca2f961188bc6832d46daa393baf7e0b50cb50f66713e5d668da1f50d8f4c19ac19101d846cce8a07056dba60e4f6ad4230152940cc5e8cf209014459dab48b4ce545f8903d737a9fbccb83029b659128792123286afbab555fe687a6b54acfa591a7e1af8bdcd4b644f54dccba3bf0d1b20c3e55376b926bcc5b2b352d636b50c96e02e6ddd01e261d65a88195ab452bf7f9859fec25e17ba759b8851f5e0e9d11e7a058985dd93b1bec3c6435355714f5c17e694d82277c3527a79ae26d5c162677b6e25f51e21f962eee425c4c5367b80d3af19416008afc0afd892e394fffb8df895a4fe624b6f573e5744c2d363f849e938fce440cf9d6839480afc000c190987b98a3cd5439c91ff8f5578f54685aab93e474da46f7eeb1d47a6300815db4cdd67f42ab3367792fee656ae2fe4ab7bef153ae9bf11f41886f6c5a6db2c032334c2ed3382dc8c88592790510c025ad25b7560c308a60695d63c1d8ee281f57dd9a9916608c8540dd046502ce0f99f2e300473532ca045f73e4cbb48b8918b6f50eaa0e8529fa101567a3bf441ac465273c006240f709bbce3b2963a1b428cdfa5463fef4f466c27ad356e1a3c97bfb5d3d1107091390ff6064407801fdab5c16928fc7c98ae8c4e160a122d23a53478363cb809f074e29a601689cf20d5d96b8b319fe5ad885a458fd1feaddf6e5cbbc499a14eee9aa9df3ad9edc6949e843530394801160f0935e91d7f6d54f157b40311690ca0e9fbe78959190455b2ae2cea7ec0e4b9cd264b620de6ca47019a1e989043af5e8d221f0de9a27414f2d8d129af319389398938544050c0daf1370273f0924df32a3d767cceaa1635d632f1e4e331c8f5dc14b0ce12eb9b99324d467341bd773d71a2745da83a12c6a28aa10776d15bf39cf7219e4d9b251ddc93de045caf89b7732fb547f32583a80f00a6dc77973dce0a3c54ed0d69ef4ca2d59f122bf6f9a5a444d5a2188a1a1595b13ed0cc8edebbf68864d2d2e7c68d3afa78a7bc9fb5a254743f0269e049e3303c14a6a419b9eb524b3d2279703d22e05571c589f3fefc67fef5cee1c7de97b18dd6c04d1e7ee2a0596ca67e2d4338e4fa9c1bc4126a78d96283ae9744542fb659d3232806872d9a4beacbae1dde3ad03382db03c020ec698dd523f4f17aca438e93b43d8fa5facee5607751ac75d80c3bc2092594726227a2c3815f3d51ccf3fabebbfd2c679090bc3c05d147a05dbb81eb2f2b30d63874c831f87543f3b1757f2aad676b70aeb504a15ab3566af7721d79b64160906de8b47d1763f376522000c7a1f190316644fc89ddd845"}) (async)
recvmmsg(r0, &(0x7f0000002c00)=[{{&(0x7f0000001240)=@phonet, 0x80, &(0x7f0000001400)=[{&(0x7f00000012c0)=""/113, 0x71}, {&(0x7f0000001340)=""/175, 0xaf}], 0x2, &(0x7f0000001440)=""/255, 0xff}, 0x7}, {{&(0x7f0000001540)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x80, &(0x7f0000002900)=[{&(0x7f00000015c0)=""/32, 0x20}, {&(0x7f0000001600)=""/1, 0x1}, {&(0x7f0000001640)=""/176, 0xb0}, {&(0x7f0000001700)=""/160, 0xa0}, {&(0x7f00000017c0)=""/170, 0xaa}, {&(0x7f0000001880)=""/4096, 0x1000}, {&(0x7f0000002880)=""/84, 0x54}], 0x7, &(0x7f0000002980)=""/185, 0xb9}, 0xfffffffe}, {{&(0x7f0000002a40)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000002b00)=[{&(0x7f0000002ac0)=""/47, 0x2f}], 0x1, &(0x7f0000002b40)=""/139, 0x8b}, 0x9}], 0x3, 0x40010122, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000002cc0)={0xbd}, 0x1)
ioctl$AUTOFS_IOC_ASKUMOUNT(r2, 0x80049370, &(0x7f0000002d00))
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002d80), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002dc0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000002e80)={&(0x7f0000002d40)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000002e40)={&(0x7f0000002e00)={0x40, r3, 0x200, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x1, 0x0, 0x1, 0x0, {0x9, 0x1, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x1, 0x7, 0x3a}}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x8881}, 0x11)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000002f80)={&(0x7f0000002ec0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000002f40)={&(0x7f0000002f00)={0x28, 0x2, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0x2}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x8810}, 0x20050080) (async)
sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f0000003080)={&(0x7f0000002fc0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000003040)={&(0x7f0000003000)={0x38, r3, 0x10, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x7fffffff, 0x4c}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x4}, @NL80211_ATTR_NOACK_MAP={0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040094}, 0x0) (async)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f00000030c0), r0)
sendmsg$NL80211_CMD_GET_POWER_SAVE(r0, &(0x7f00000031c0)={&(0x7f0000003100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000003180)={&(0x7f0000003140)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040040) (async)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f00000032c0)={&(0x7f0000003200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000003280)={&(0x7f0000003240)={0x3c, r5, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x2}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8801}, 0x10)
write$yama_ptrace_scope(r0, &(0x7f0000003300)='3\x00', 0x2) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003380), r0)
sendmsg$NL80211_CMD_SET_REG(r6, &(0x7f0000003440)={&(0x7f0000003340)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000003400)={&(0x7f00000033c0)={0x1c, r7, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_DFS_REGION={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044804}, 0x80)
sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000003540)={&(0x7f0000003480)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000003500)={&(0x7f00000034c0)={0x40, 0x6, 0x6, 0x302, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r6, 0x4008941a, &(0x7f0000003580)) (async)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f00000035c0)={{0x1, 0x1, 0x18, <r8=>r0, {0x8}}, './file1\x00'})
sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000003700)={&(0x7f0000003600)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000036c0)={&(0x7f0000003640)={0x4c, r7, 0x300, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000810) (async)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000003780)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r0, &(0x7f0000003880)={&(0x7f0000003740)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000003840)={&(0x7f00000037c0)={0x4c, r7, 0x300, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0xffffffff, 0x8}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x44}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x77}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x8}]}, 0x4c}}, 0x40010)
r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000038c0)='/proc/sys/net/ipv4/vs/sloppy_tcp\x00', 0x2, 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(r10, 0x4008550d, &(0x7f0000003900))
ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r8, 0x8983, &(0x7f0000003940)={0x2, 'vcan0\x00', {0x31}, 0x9})

138.785738ms ago: executing program 0 (id=1795):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
process_mrelease(0xffffffffffffffff, 0x0)
sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYRES8=0x0], 0x24}, 0x1, 0x0, 0x0, 0x240000c4}, 0x24000000)

69.797038ms ago: executing program 0 (id=1796):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@ipv4_newroute={0x38, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, @LWTUNNEL_IP_OPT_ERSPAN_VER={0x5, 0x1, 0x2}}}}]}, 0x38}}, 0x0) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000001fc0), r1)
sendmsg$NFC_CMD_DEV_DOWN(r1, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000002180)={&(0x7f0000002140)={0x1c, r2, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000084}, 0x8800) (async, rerun: 64)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000d40)=ANY=[@ANYBLOB="6000000010000104a0518fd50000000000000000", @ANYRES32=0x0, @ANYBLOB="096b0200000000002c00128009000100626f6e64000000001c00028006001900ff0300000800090001000000080007000000000014003500626f6e6430"], 0x60}, 0x1, 0x0, 0x0, 0x20004040}, 0x4000054) (async, rerun: 64)
r3 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000000000009441"])
r4 = socket(0x10, 0x3, 0x0) (async, rerun: 64)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={<r5=>0x0}, &(0x7f0000000140)=0xc) (rerun: 64)
sendmsg$nl_generic(r4, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xc0, 0x12, 0x100, 0x70bd2b, 0x25dfdbff, {0x7}, [@typed={0x8, 0x50, 0x0, 0x0, @pid=r5}, @generic="831675e2080a3ed87a0f8b853434c3fca938098e8917736d8818bbd2376c561babf16c3c0f7da37a30700c2eb8c8e1a64a61b9f7fa1717c53f2c6bfae113c45cd398022512d8f313ff2ed4c2661e32f7b7abfa5b0a9541c75d5896f129a378a653a1276d3a9182038bbd815e68cdf9c5398809027d72652584cb4c19c160dc0f6e21c213ebef00307e39aa83a9f018b720688e6f55ac650585a9320cf0e520f39f"]}, 0xc0}, 0x1, 0x0, 0x0, 0x800}, 0x24008050) (async)
sendmmsg(r4, &(0x7f0000000000), 0x0, 0x0)

68.572914ms ago: executing program 0 (id=1797):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}]}})
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x0, 0x0, 0x0, 0x13}]}}, 0x0, 0x26, 0x0, 0x0, 0xfbc}, 0x28)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x9, 0x4, 0x4, 0x2, 0x80, 0x1, 0x0, '\x00', 0x0, r1, 0x1, 0x1}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0)={r2}, 0x4)
r3 = syz_open_dev$evdev(&(0x7f0000000880), 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x2e, 0x9, 0x70bf27, 0x0, {0x4}, [@typed={0x8, 0x18, 0x0, 0x0, @binary="05ac0f00"}]}, 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="040100001a0001000000000000000000fc010000000000000000000000461481eda825702b000000000000000000000100000000000000000000000032000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe800000000000000000000000000037000000003c0000007f000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000002000400600000000000000014000e00fc0200"/188], 0x104}}, 0x0)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r6, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x9, "c46e9fd1a84b7fefa0bf2cca6beb9363a680b652a86bcf56a1b9f4e6b54cc6beca5462202c484c10ca5386103a5ccbe47b7b9aa6d8d701a3ba6a6c0ce8b978", 0x1}, 0x60)
sendmmsg(r6, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
ioctl$EVIOCGLED(r3, 0x80284511, 0x0)

0s ago: executing program 3 (id=1798):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = dup2(r0, r0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f00000004c0)={0x947, {{0xa, 0x4e23, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, 0x88)
ioctl$vim2m_VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000380)=0x2)
r2 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f0000000180)={0x80000000, 0x0, &(0x7f0000000280)})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r6, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x0, 0x4, 0x0, 0x0, @sint={0xf9ce, 0x1}}]})
r7 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x80002, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0xc, 0x12, r7, 0xffffe000)
ioctl$KVM_IRQ_LINE_STATUS(r6, 0xc008ae67, &(0x7f0000000140)={0x0, 0x401})
listen(r4, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000900)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a843500200600fe8000000000c6000000000000000000bbfe8000000010000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="80660000907803ff080a00000008000000050000"], 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
r8 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4)
r9 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r9, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x4004040}, 0x0)

kernel console output (not intermixed with test programs):

  T40] audit: type=1400 audit(2000000002.440:544): avc:  denied  { open } for  pid=11001 comm="syz.4.791" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  108.164325][   T40] audit: type=1400 audit(2000000002.440:545): avc:  denied  { map } for  pid=11001 comm="syz.4.791" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  108.182631][T11007] mkiss: ax0: crc mode is auto.
[  108.188941][T11007] netlink: 8 bytes leftover after parsing attributes in process `syz.0.793'.
[  108.191906][T11007] netlink: 'syz.0.793': attribute type 19 has an invalid length.
[  108.210409][   T40] audit: type=1400 audit(2000000002.520:546): avc:  denied  { setopt } for  pid=11013 comm="syz.3.795" lport=53318 faddr=fe80::aa fport=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  108.299924][T11031] binder: 11029:11031 ioctl 4018620d 0 returned -22
[  108.301582][T11026] bridge2: port 1(gretap0) entered blocking state
[  108.306747][T11026] bridge2: port 1(gretap0) entered disabled state
[  108.309732][T11026] gretap0: entered allmulticast mode
[  108.313647][T11026] gretap0: entered promiscuous mode
[  108.320133][T11026] bridge2: port 2(veth0_to_bond) entered blocking state
[  108.325692][T11026] bridge2: port 2(veth0_to_bond) entered disabled state
[  108.328371][T11026] veth0_to_bond: entered allmulticast mode
[  108.334445][T11026] veth0_to_bond: entered promiscuous mode
[  108.396081][T11041] ieee802154 phy0 wpan0: encryption failed: -22
[  108.422496][T11046] vxfs: WRONG superblock magic 00000000 at 1
[  108.427035][T11046] vxfs: WRONG superblock magic 00000000 at 8
[  108.429421][T11046] vxfs: can't find superblock.
[  108.436736][T11050] ip6t_srh: unknown srh invflags 4000
[  108.515176][T11063] binder: 11061:11063 ioctl 4018620d 0 returned -22
[  108.634955][T11079] input: syz1 as /devices/virtual/input/input18
[  108.693813][ T5296] Bluetooth: hci0: command tx timeout
[  108.919633][T11125] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input19
[  109.093711][T11164] smc: net device bond0 applied user defined pnetid SYZ0
[  109.122993][T11169] bridge1: entered promiscuous mode
[  109.163407][ T6020] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  109.283189][T11189] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  109.285894][T11189] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  109.289690][T11189] vhci_hcd vhci_hcd.0: Device attached
[  109.297854][T11189] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(7)
[  109.300083][T11189] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  109.302670][T11189] vhci_hcd vhci_hcd.0: Device attached
[  109.306721][T11197] vhci_hcd: connection closed
[  109.307097][T11190] vhci_hcd: connection closed
[  109.309967][ T1155] vhci_hcd: stop threads
[  109.313681][ T1155] vhci_hcd: release socket
[  109.315246][ T1155] vhci_hcd: disconnect device
[  109.316970][ T1155] vhci_hcd: stop threads
[  109.318861][ T1155] vhci_hcd: release socket
[  109.331204][ T1155] vhci_hcd: disconnect device
[  109.335970][ T6020] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  109.340719][ T6020] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  109.345930][ T6020] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  109.351533][ T6020] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  109.356765][ T6020] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.363836][ T6020] usb 5-1: config 0 descriptor??
[  109.506723][T11211] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55 sclass=netlink_route_socket pid=11211 comm=syz.4.830
[  109.511072][T11211] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=11211 comm=syz.4.830
[  109.515975][T11211] __nla_validate_parse: 5 callbacks suppressed
[  109.515990][T11211] netlink: 532 bytes leftover after parsing attributes in process `syz.4.830'.
[  109.790264][ T6020] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  109.846597][T11236] netlink: 340 bytes leftover after parsing attributes in process `syz.1.833'.
[  109.849027][T11237] binder: 11234:11237 ioctl c0306201 0 returned -14
[  110.076416][T11263] netlink: 12 bytes leftover after parsing attributes in process `syz.0.819'.
[  110.127266][T11262] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.146115][T11262] bond0: (slave ip6gretap1): making interface the new active one
[  110.149269][T11262] bond0: (slave ip6gretap1): Enslaving as an active interface with an up link
[  110.157417][T11300] bridge2: entered promiscuous mode
[  110.163983][T11300] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=11300 comm=syz.1.841
[  110.224509][T11311] netlink: 'syz.4.842': attribute type 1 has an invalid length.
[  110.227805][T11311] netlink: 96 bytes leftover after parsing attributes in process `syz.4.842'.
[  110.231519][T11311] netlink: 1 bytes leftover after parsing attributes in process `syz.4.842'.
[  110.235649][T11311] netlink: 658 bytes leftover after parsing attributes in process `syz.4.842'.
[  110.297293][T11320] netlink: 8 bytes leftover after parsing attributes in process `syz.4.844'.
[  110.301030][T11320] netlink: 12 bytes leftover after parsing attributes in process `syz.4.844'.
[  110.309760][T11213] orangefs_mount: mount request failed with -4
[  110.417437][T11326] netlink: 'syz.4.845': attribute type 5 has an invalid length.
[  110.420563][T11326] netlink: 8 bytes leftover after parsing attributes in process `syz.4.845'.
[  110.426471][T11326] macsec0: entered promiscuous mode
[  110.428928][T11326] macsec0: entered allmulticast mode
[  110.431262][T11326] veth1_macvtap: entered allmulticast mode
[  110.530289][T11343] netlink: 4 bytes leftover after parsing attributes in process `syz.4.850'.
[  110.600281][ T5940] Bluetooth: hci5: sending frame failed (-49)
[  110.602581][ T5948] Bluetooth: hci5: Opcode 0x1003 failed: -49
[  110.648046][T11354] binder: 11353:11354 unknown command 0
[  110.650603][T11354] binder: 11353:11354 ioctl c0306201 200000000080 returned -22
[  110.655370][T11354] binder: BINDER_SET_CONTEXT_MGR already set
[  110.657985][T11354] binder: 11353:11354 ioctl 4018620d 200000000180 returned -16
[  110.662193][T11354] netlink: 'syz.4.852': attribute type 1 has an invalid length.
[  110.766806][T11362] xfrm0 speed is unknown, defaulting to 1000
[  110.773029][ T5948] Bluetooth: hci0: command tx timeout
[  111.216021][T11408] loop2: detected capacity change from 0 to 7
[  111.219516][T11408]  loop2: p1
[  111.220637][T11408] loop2: partition table partially beyond EOD, truncated
[  111.225354][T11408] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  111.259749][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  111.305910][T11424] openvswitch: netlink: Key 32 has unexpected len 0 expected 2
[  111.545200][T11437] : entered promiscuous mode
[  111.621157][T11442] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pid=11442 comm=syz.0.867
[  111.626698][T11442] netlink: 'syz.0.867': attribute type 1 has an invalid length.
[  111.629528][T11442] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11442 comm=syz.0.867
[  112.032969][   T24] usb 5-1: reset high-speed USB device number 4 using dummy_hcd
[  112.183464][   T24] usb 5-1: device firmware changed
[  112.187870][ T6022] usb 5-1: USB disconnect, device number 4
[  112.334763][ T6022] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  112.361147][   T40] kauditd_printk_skb: 85 callbacks suppressed
[  112.361162][   T40] audit: type=1400 audit(2000000006.668:632): avc:  denied  { create } for  pid=11473 comm="syz.3.873" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  112.372599][   T40] audit: type=1400 audit(2000000006.678:633): avc:  denied  { sys_admin } for  pid=11473 comm="syz.3.873" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  112.375953][T11476] (syz.4.872,11476,3):ocfs2_get_sector:1714 ERROR: status = -5
[  112.385623][T11476] (syz.4.872,11476,3):ocfs2_sb_probe:753 ERROR: status = -5
[  112.388316][T11476] (syz.4.872,11476,3):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  112.391060][T11476] (syz.4.872,11476,3):ocfs2_fill_super:1177 ERROR: status = -5
[  112.409562][T11478] netlink: 'syz.3.874': attribute type 83 has an invalid length.
[  112.484168][ T6022] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  112.490124][ T6022] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  112.493355][ T6022] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  112.496020][ T6022] usb 5-1: Product: syz
[  112.497417][ T6022] usb 5-1: Manufacturer: syz
[  112.499041][ T6022] usb 5-1: SerialNumber: syz
[  112.613166][ T5296] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  112.707667][ T6022] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  112.744688][T11501] xfrm0 speed is unknown, defaulting to 1000
[  112.802615][T11505] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized
[  112.905452][   T40] audit: type=1400 audit(2000000007.218:634): avc:  denied  { read write } for  pid=11449 comm="syz.0.869" name="lp0" dev="devtmpfs" ino=3048 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  112.913090][   T40] audit: type=1400 audit(2000000007.218:635): avc:  denied  { open } for  pid=11449 comm="syz.0.869" path="/dev/usb/lp0" dev="devtmpfs" ino=3048 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  112.959089][    C2] usblp0: nonzero write bulk status received: -71
[  112.959256][ T1029] usb 5-1: USB disconnect, device number 5
[  112.966624][ T1029] usblp0: removed
[  113.000456][T11601] futex_wake_op: syz.1.882 tries to shift op by -1; fix this program
[  113.023267][T11601] erspan2: entered promiscuous mode
[  113.073998][   T40] audit: type=1400 audit(2000000007.388:636): avc:  denied  { relabelfrom } for  pid=11604 comm="syz.1.883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  113.082829][   T40] audit: type=1400 audit(2000000007.388:637): avc:  denied  { relabelto } for  pid=11604 comm="syz.1.883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  113.140890][T11612] netlink: 'syz.1.884': attribute type 10 has an invalid length.
[  113.143815][T11612] dummy0: entered promiscuous mode
[  113.147499][T11612] bridge0: port 1(dummy0) entered blocking state
[  113.149884][T11612] bridge0: port 1(dummy0) entered disabled state
[  113.152055][T11612] dummy0: entered allmulticast mode
[  113.199967][   T40] audit: type=1400 audit(2000000007.508:638): avc:  denied  { ioctl } for  pid=11615 comm="syz.4.885" path="/dev/nullb0" dev="devtmpfs" ino=707 ioctlcmd=0x127b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  113.209951][   T40] audit: type=1400 audit(2000000007.518:639): avc:  denied  { create } for  pid=11615 comm="syz.4.885" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  113.221099][   T40] audit: type=1400 audit(2000000007.528:640): avc:  denied  { getopt } for  pid=11615 comm="syz.4.885" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  113.228419][T11616] netlink: 'syz.4.885': attribute type 8 has an invalid length.
[  113.360224][   T40] audit: type=1400 audit(2000000007.668:641): avc:  denied  { execute } for  pid=11623 comm="syz.4.887" path="/dev/video8" dev="devtmpfs" ino=976 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  113.640158][T11656] Cannot find add_set index 1 as target
[  114.125878][   T10] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  114.252925][   T10] usb 8-1: device descriptor read/64, error -71
[  114.387364][T11714] netlink: 'syz.1.908': attribute type 30 has an invalid length.
[  114.494281][   T10] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  114.566383][T11732] sctp: [Deprecated]: syz.4.915 (pid 11732) Use of int in maxseg socket option.
[  114.566383][T11732] Use struct sctp_assoc_value instead
[  114.577784][T11732] fuse: Bad value for 'fd'
[  114.623628][   T10] usb 8-1: device descriptor read/64, error -71
[  114.657076][T11748] __nla_validate_parse: 11 callbacks suppressed
[  114.657088][T11748] netlink: 48 bytes leftover after parsing attributes in process `syz.0.917'.
[  114.692390][T11752] Bluetooth: MGMT ver 1.23
[  114.734428][   T10] usb usb8-port1: attempt power cycle
[  114.743706][T11762] fuse: Bad value for 'user_id'
[  114.746195][T11762] fuse: Bad value for 'user_id'
[  114.822909][   T60] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  114.942764][T11786] netlink: 4 bytes leftover after parsing attributes in process `syz.4.925'.
[  114.950619][T11786] tmpfs: Bad value for 'mpol'
[  114.972957][   T60] usb 6-1: Using ep0 maxpacket: 8
[  114.977007][   T60] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  114.980748][   T60] usb 6-1: config 0 has no interface number 0
[  114.983728][   T60] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  114.990296][   T60] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  114.990939][T11789] netlink: 48 bytes leftover after parsing attributes in process `syz.0.926'.
[  114.995248][   T60] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  115.002277][   T60] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  115.007580][T11792] netlink: 48 bytes leftover after parsing attributes in process `syz.0.926'.
[  115.010973][   T60] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  115.016417][   T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.027285][   T60] usb 6-1: config 0 descriptor??
[  115.038042][   T60] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  115.073342][   T10] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  115.094550][   T10] usb 8-1: device descriptor read/8, error -71
[  115.146739][T11813] binder: 11812:11813 ioctl c0306201 0 returned -14
[  115.208193][T11820] loop2: detected capacity change from 0 to 7
[  115.212170][T11820]  loop2: p1
[  115.214662][T11820] loop2: partition table partially beyond EOD, truncated
[  115.218309][T11820] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  115.265321][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  115.333288][   T10] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  115.354201][   T10] usb 8-1: device descriptor read/8, error -71
[  115.464041][   T10] usb usb8-port1: unable to enumerate USB device
[  115.751654][T11885] fuse: Bad value for 'fd'
[  115.812733][T11893] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.817474][T11893] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.844406][ T6022] xfrm0 speed is unknown, defaulting to 1000
[  115.931256][T11899] fuse: Bad value for 'fd'
[  115.935682][T11899] fuse: Bad value for 'fd'
[  116.016967][ T5296] Bluetooth: hci2: unexpected event for opcode 0x1000
[  116.659470][T11920] netlink: 8 bytes leftover after parsing attributes in process `syz.4.951'.
[  116.736818][T11924] bridge1: entered promiscuous mode
[  116.739122][T11924] bridge1: entered allmulticast mode
[  116.876864][T11934] syzkaller0: entered promiscuous mode
[  116.878807][T11934] syzkaller0: entered allmulticast mode
[  117.107555][T11962] netlink: 16 bytes leftover after parsing attributes in process `syz.4.959'.
[  117.113452][T11958] xfrm0 speed is unknown, defaulting to 1000
[  117.129938][T11959] xfrm0 speed is unknown, defaulting to 1000
[  117.265039][   T10] usb 6-1: USB disconnect, device number 13
[  117.270461][   T10] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  117.383073][ T6022] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  117.532912][ T6022] usb 9-1: Using ep0 maxpacket: 16
[  117.536046][ T6022] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  117.539639][ T6022] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  117.542986][ T6022] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  117.547229][ T6022] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  117.550651][ T6022] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.559951][ T6022] usb 9-1: config 0 descriptor??
[  117.590290][T12034] netlink: 8 bytes leftover after parsing attributes in process `syz.3.963'.
[  117.819168][T12043] syzkaller0: entered promiscuous mode
[  117.821059][T12043] syzkaller0: entered allmulticast mode
[  117.909003][   T40] kauditd_printk_skb: 15 callbacks suppressed
[  117.909015][   T40] audit: type=1400 audit(2000000012.218:657): avc:  denied  { connect } for  pid=12038 comm="syz.3.965" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  117.977270][ T6022] input: HID 0955:7214 Haptics as /devices/virtual/input/input20
[  118.005737][ T6022] shield 0003:0955:7214.0004: Registered Thunderstrike controller
[  118.009329][ T6022] shield 0003:0955:7214.0004: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0
[  118.080761][T10994] Bluetooth: (null): Too short H5 packet
[  118.083817][T10994] Bluetooth: (null): Invalid header checksum
[  118.085901][T10994] Bluetooth: (null): Invalid header checksum
[  118.135776][T12065] netlink: 64 bytes leftover after parsing attributes in process `syz.1.968'.
[  118.167800][   T40] audit: type=1400 audit(2000000012.478:658): avc:  denied  { read } for  pid=11971 comm="syz.4.961" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  118.167846][T11974] random: crng reseeded on system resumption
[  118.184289][ T1155] Bluetooth: (null): Invalid header checksum
[  118.184695][T11974] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  118.186323][T12069] ptm ptm1: ldisc open failed (-12), clearing slot 1
[  118.192242][T11974] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  118.333584][ T6022] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  118.334589][   T10] usb 9-1: USB disconnect, device number 2
[  118.337395][ T6022] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  118.343703][ T6022] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  118.354292][   T40] audit: type=1400 audit(2000000012.668:659): avc:  denied  { audit_read } for  pid=12081 comm="syz.1.971" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  118.450164][T12117] netlink: 'syz.1.977': attribute type 2 has an invalid length.
[  118.507511][T12129] netlink: 64 bytes leftover after parsing attributes in process `syz.0.981'.
[  118.546324][T12132] netlink: 'syz.3.982': attribute type 1 has an invalid length.
[  118.551683][T12135] syzkaller0: entered promiscuous mode
[  118.556788][T12135] syzkaller0: entered allmulticast mode
[  118.579144][T12132] 8021q: adding VLAN 0 to HW filter on device bond3
[  118.586457][T12132] netlink: 20 bytes leftover after parsing attributes in process `syz.3.982'.
[  118.612660][T12132] bond3: (slave geneve2): making interface the new active one
[  118.618603][T12132] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  118.621529][   T90] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.626776][   T90] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.630773][   T90] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.642888][   T90] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.671854][T12184] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=12184 comm=syz.3.988
[  118.698330][T12188] CIFS mount error: No usable UNC path provided in device string!
[  118.698330][T12188] 
[  118.702662][T12188] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  118.741689][T12194] macsec1: entered allmulticast mode
[  118.744476][T12194] bridge0: entered allmulticast mode
[  118.747090][T12194] bridge0: port 2(macsec1) entered blocking state
[  118.749755][T12194] bridge0: port 2(macsec1) entered disabled state
[  118.756542][T12194] bridge0: left allmulticast mode
[  118.869443][T12209] vet�0_virt_wif: renamed from lo (while UP)
[  118.971232][T12229] syzkaller0: entered promiscuous mode
[  118.973172][T12229] syzkaller0: entered allmulticast mode
[  118.981671][   T40] audit: type=1326 audit(2000000013.288:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12232 comm="syz.1.999" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f716ab8f7c9 code=0x0
[  119.181226][T12250] binder: BINDER_SET_CONTEXT_MGR already set
[  119.184262][T12250] binder: 12249:12250 ioctl 4018620d 200000000040 returned -16
[  119.245531][T12253] binder: 12249:12253 unknown command 0
[  119.247537][T12253] binder: 12249:12253 ioctl c0306201 200000000100 returned -22
[  119.427049][T12257] loop2: detected capacity change from 0 to 7
[  119.430208][ T5951]  loop2: p1
[  119.431759][ T5951] loop2: partition table partially beyond EOD, truncated
[  119.435592][ T5951] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  119.444499][T12257]  loop2: p1
[  119.445758][T12257] loop2: partition table partially beyond EOD, truncated
[  119.448398][T12257] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  119.475272][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  119.496484][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  119.528785][   T40] audit: type=1400 audit(2000000013.838:661): avc:  denied  { recv } for  pid=5915 comm="syz-executor" saddr=127.0.0.1 src=45790 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  119.561655][   T40] audit: type=1400 audit(2000000013.868:662): avc:  denied  { map_create } for  pid=12275 comm="syz.0.1010" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  119.568107][   T40] audit: type=1400 audit(2000000013.868:663): avc:  denied  { bpf } for  pid=12275 comm="syz.0.1010" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  119.575161][   T40] audit: type=1400 audit(2000000013.868:664): avc:  denied  { map_read map_write } for  pid=12275 comm="syz.0.1010" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  119.581880][   T40] audit: type=1400 audit(2000000013.868:665): avc:  denied  { prog_load } for  pid=12275 comm="syz.0.1010" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  119.588336][   T40] audit: type=1400 audit(2000000013.868:666): avc:  denied  { perfmon } for  pid=12275 comm="syz.0.1010" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  120.006455][T12344] program syz.3.1012 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  120.054759][ T5296] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  120.057990][ T5296] Bluetooth: hci2: Injecting HCI hardware error event
[  120.061599][ T5296] Bluetooth: hci2: hardware error 0x00
[  120.100950][T12347] __nla_validate_parse: 5 callbacks suppressed
[  120.100964][T12347] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1013'.
[  120.111765][T12346] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1013'.
[  120.142194][T12366] loop2: detected capacity change from 0 to 7
[  120.146909][ T5951]  loop2: p1
[  120.148434][ T5951] loop2: partition table partially beyond EOD, truncated
[  120.151458][ T5951] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  120.165568][T12366]  loop2: p1
[  120.166755][T12366] loop2: partition table partially beyond EOD, truncated
[  120.170756][T12366] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  120.200156][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  120.218740][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  120.260024][T12389] FAULT_INJECTION: forcing a failure.
[  120.260024][T12389] name failslab, interval 1, probability 0, space 0, times 1
[  120.266693][T12389] CPU: 2 UID: 0 PID: 12389 Comm: syz.3.1021 Not tainted syzkaller #0 PREEMPT(full) 
[  120.266716][T12389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  120.266726][T12389] Call Trace:
[  120.266733][T12389]  <TASK>
[  120.266740][T12389]  dump_stack_lvl+0x16c/0x1f0
[  120.266782][T12389]  should_fail_ex+0x512/0x640
[  120.266815][T12389]  ? fs_reclaim_acquire+0xae/0x150
[  120.266841][T12389]  should_failslab+0xc2/0x120
[  120.266865][T12389]  __kmalloc_noprof+0xdd/0x870
[  120.266891][T12389]  ? tomoyo_encode2+0x100/0x3e0
[  120.266922][T12389]  ? tomoyo_encode2+0x100/0x3e0
[  120.266947][T12389]  tomoyo_encode2+0x100/0x3e0
[  120.266979][T12389]  tomoyo_encode+0x29/0x50
[  120.267004][T12389]  tomoyo_realpath_from_path+0x18f/0x6e0
[  120.267038][T12389]  tomoyo_path_number_perm+0x245/0x580
[  120.267060][T12389]  ? tomoyo_path_number_perm+0x237/0x580
[  120.267086][T12389]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  120.267111][T12389]  ? find_held_lock+0x2b/0x80
[  120.267153][T12389]  ? find_held_lock+0x2b/0x80
[  120.267169][T12389]  ? hook_file_ioctl_common+0x145/0x410
[  120.267194][T12389]  ? __fget_files+0x20e/0x3c0
[  120.267222][T12389]  security_file_ioctl+0x9b/0x240
[  120.267249][T12389]  __x64_sys_ioctl+0xb7/0x210
[  120.267271][T12389]  do_syscall_64+0xcd/0xf80
[  120.267291][T12389]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.267308][T12389] RIP: 0033:0x7f390138f7c9
[  120.267324][T12389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.267341][T12389] RSP: 002b:00007f390230a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  120.267358][T12389] RAX: ffffffffffffffda RBX: 00007f39015e5fa0 RCX: 00007f390138f7c9
[  120.267369][T12389] RDX: 0000200000000c00 RSI: 00000000c0306201 RDI: 0000000000000003
[  120.267379][T12389] RBP: 00007f390230a090 R08: 0000000000000000 R09: 0000000000000000
[  120.267390][T12389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.267400][T12389] R13: 00007f39015e6038 R14: 00007f39015e5fa0 R15: 00007ffe86fb9808
[  120.267426][T12389]  </TASK>
[  120.267443][T12389] ERROR: Out of memory at tomoyo_realpath_from_path.
[  120.288244][ T6021] hid-generic 0005:0006:5508.0005: hidraw1: BLUETOOTH HID vc3.34 Device [syz0] on aa:aa:aa:aa:aa:aa
[  120.424241][T12401] program syz.3.1023 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  120.497526][T12407] SELinux:  Context system_u:object_r:unconfined_execmem_exec_t:s0 is not valid (left unmapped).
[  120.500613][T12427] openvswitch: netlink: Missing key (keys=40, expected=100)
[  120.532350][T12431] FAULT_INJECTION: forcing a failure.
[  120.532350][T12431] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  120.536915][T12431] CPU: 1 UID: 0 PID: 12431 Comm: syz.3.1031 Not tainted syzkaller #0 PREEMPT(full) 
[  120.536929][T12431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  120.536936][T12431] Call Trace:
[  120.536939][T12431]  <TASK>
[  120.536943][T12431]  dump_stack_lvl+0x16c/0x1f0
[  120.536959][T12431]  should_fail_ex+0x512/0x640
[  120.536978][T12431]  _copy_from_user+0x2e/0xd0
[  120.536989][T12431]  binder_ioctl+0x5df/0x7200
[  120.537007][T12431]  ? tomoyo_path_number_perm+0x18d/0x580
[  120.537026][T12431]  ? __pfx_binder_ioctl+0x10/0x10
[  120.537039][T12431]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  120.537053][T12431]  ? do_vfs_ioctl+0x128/0x14f0
[  120.537065][T12431]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  120.537077][T12431]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  120.537097][T12431]  ? hook_file_ioctl_common+0x145/0x410
[  120.537113][T12431]  ? selinux_file_ioctl+0x180/0x270
[  120.537128][T12431]  ? selinux_file_ioctl+0xb4/0x270
[  120.537144][T12431]  ? __pfx_binder_ioctl+0x10/0x10
[  120.537155][T12431]  __x64_sys_ioctl+0x18e/0x210
[  120.537168][T12431]  do_syscall_64+0xcd/0xf80
[  120.537179][T12431]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.537190][T12431] RIP: 0033:0x7f390138f7c9
[  120.537199][T12431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.537210][T12431] RSP: 002b:00007f390230a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  120.537220][T12431] RAX: ffffffffffffffda RBX: 00007f39015e5fa0 RCX: 00007f390138f7c9
[  120.537226][T12431] RDX: 0000200000000c00 RSI: 00000000c0306201 RDI: 0000000000000003
[  120.537232][T12431] RBP: 00007f390230a090 R08: 0000000000000000 R09: 0000000000000000
[  120.537238][T12431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.537244][T12431] R13: 00007f39015e6038 R14: 00007f39015e5fa0 R15: 00007ffe86fb9808
[  120.537257][T12431]  </TASK>
[  120.537262][T12431] binder: 12430:12431 ioctl c0306201 200000000c00 returned -14
[  120.582145][T12434] lo speed is unknown, defaulting to 1000
[  120.616490][T12434] lo speed is unknown, defaulting to 1000
[  120.620181][T12434] lo speed is unknown, defaulting to 1000
[  120.629160][T12434] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  120.660356][T12442] pimreg: entered allmulticast mode
[  120.671359][T12434] lo speed is unknown, defaulting to 1000
[  120.675971][T12434] lo speed is unknown, defaulting to 1000
[  120.679676][T12434] lo speed is unknown, defaulting to 1000
[  120.683535][T12434] lo speed is unknown, defaulting to 1000
[  120.687650][T12434] lo speed is unknown, defaulting to 1000
[  120.837024][T12476] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1043'.
[  120.840485][T12476] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1043'.
[  120.858077][T12474] netlink: 'syz.4.1042': attribute type 39 has an invalid length.
[  120.969992][T12489] netlink: 'syz.3.1046': attribute type 58 has an invalid length.
[  121.453416][T12522] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1054'.
[  121.764353][T12540] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1058'.
[  121.807218][T12545] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1060'.
[  121.819365][T12545] netlink: 'syz.3.1060': attribute type 2 has an invalid length.
[  121.823170][T12545] netlink: 'syz.3.1060': attribute type 1 has an invalid length.
[  122.071393][T12580] netlink: 'syz.3.1067': attribute type 4 has an invalid length.
[  122.090095][T12581] netlink: 'syz.3.1067': attribute type 4 has an invalid length.
[  122.108360][   T60] Process accounting resumed
[  122.126240][T12588] afs: Unknown parameter 'dynile0'
[  122.134445][ T5296] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  122.205310][T12603] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1072'.
[  122.205655][T12599] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  122.209653][T12603] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1072'.
[  122.217832][T12599] block device autoloading is deprecated and will be removed.
[  122.637237][T12697] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1081'.
[  122.992176][   T40] kauditd_printk_skb: 149 callbacks suppressed
[  122.992191][   T40] audit: type=1400 audit(2000000017.298:816): avc:  denied  { connect } for  pid=12770 comm="syz.3.1086" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  123.001743][   T40] audit: type=1400 audit(2000000017.308:817): avc:  denied  { write } for  pid=12770 comm="syz.3.1086" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  123.016382][   T40] audit: type=1400 audit(2000000017.328:818): avc:  denied  { egress } for  pid=28 comm="ksoftirqd/1" saddr=fe80::1b daddr=ff02::2 netif=wpan1 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[  123.024664][   T40] audit: type=1400 audit(2000000017.328:819): avc:  denied  { sendto } for  pid=28 comm="ksoftirqd/1" saddr=fe80::1b daddr=ff02::2 netif=wpan1 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[  123.174288][T12783] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  123.177805][   T40] audit: type=1400 audit(2000000017.488:820): avc:  denied  { setopt } for  pid=12784 comm="syz.0.1090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  123.186530][   T40] audit: type=1400 audit(2000000017.488:821): avc:  denied  { create } for  pid=12784 comm="syz.0.1090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  123.193329][   T40] audit: type=1400 audit(2000000017.488:822): avc:  denied  { write } for  pid=12784 comm="syz.0.1090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  123.199945][   T40] audit: type=1400 audit(2000000017.488:823): avc:  denied  { nlmsg_write } for  pid=12784 comm="syz.0.1090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  123.230080][   T40] audit: type=1400 audit(2000000017.538:824): avc:  denied  { bind } for  pid=12788 comm="syz.0.1091" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  123.237271][   T40] audit: type=1400 audit(2000000017.538:825): avc:  denied  { name_bind } for  pid=12788 comm="syz.0.1091" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  123.269708][T12795] /dev/nullb0: Can't lookup blockdev
[  123.273058][T12795] syz.0.1092 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  123.419878][T12809] syz_tun: entered allmulticast mode
[  123.537584][T12815] netlink: zone id is out of range
[  123.621699][T12825] 8021q: VLANs not supported on wg1
[  123.653195][    C3] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  123.713943][T12831] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  124.021069][T12847] afs: Unknown parameter 'dy^'
[  124.048733][T12847] binder_alloc: binder_alloc_mmap_handler: 12846 200000ffe000-200000fff000 already mapped failed -16
[  124.196145][T12803] syz_tun: left allmulticast mode
[  124.311759][T12865] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  124.311759][T12865]    program syz.3.1115 not setting count and/or reply_len properly
[  124.331322][T12859] SELinux: failed to load policy
[  124.824639][T12907] syzkaller0: entered promiscuous mode
[  124.826615][T12907] syzkaller0: entered allmulticast mode
[  125.024130][T12920] xfrm0 speed is unknown, defaulting to 1000
[  125.028221][T12920] lo speed is unknown, defaulting to 1000
[  125.081518][T12936] xfrm0 speed is unknown, defaulting to 1000
[  125.084456][T12936] lo speed is unknown, defaulting to 1000
[  125.322402][T12978] SELinux: security_context_str_to_sid (ramfs) failed with errno=-22
[  125.334482][T12984] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[  125.335263][T12982] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  125.353068][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  125.356047][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  125.358795][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  125.427048][T12997] QAT: Stopping all acceleration devices.
[  125.462569][T13004] dlm: no locking on control device
[  125.476684][T13004] binder: BINDER_SET_CONTEXT_MGR already set
[  125.478838][T13004] binder: 13003:13004 ioctl 4018620d 200000000040 returned -16
[  125.484994][T13004] __nla_validate_parse: 6 callbacks suppressed
[  125.485009][T13004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1143'.
[  125.523143][T13004] chnl_net:caif_netlink_parms(): no params data found
[  125.628315][T13032] dlm: no locking on control device
[  125.720724][T13045] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1152'.
[  125.723954][T13045] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1152'.
[  125.727028][T13045] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1152'.
[  125.736017][   T46] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  125.736080][T13045] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1152'.
[  125.739804][   T46] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  125.743449][T13045] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1152'.
[  125.749482][T13045] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1152'.
[  125.757702][   T46] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  125.760506][   T46] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  125.841918][T13056] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1155'.
[  125.890825][T13062] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1158'.
[  125.895017][T13062] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1158'.
[  125.966310][T13074] vlan2: entered promiscuous mode
[  125.968035][T13071] 9pnet: Could not find request transport: v
[  125.968808][T13074] vlan2: entered allmulticast mode
[  125.977752][T13074] hsr_slave_1: entered allmulticast mode
[  126.034621][T13080] openvswitch: netlink: Invalid MD length 60718 for MD type 0
[  126.037096][T13080] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  126.109379][T13082] /dev/nullb0: Can't lookup blockdev
[  126.533999][T13118] loop2: detected capacity change from 0 to 7
[  126.537257][T13118]  loop2: p1
[  126.538367][T13118] loop2: partition table partially beyond EOD, truncated
[  126.541812][T13118] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  126.567406][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  126.674543][T13201] netlink: 'syz.0.1181': attribute type 1 has an invalid length.
[  126.696125][T13201] bond4: entered promiscuous mode
[  126.700232][T13201] 8021q: adding VLAN 0 to HW filter on device bond4
[  126.741257][T13201] 8021q: adding VLAN 0 to HW filter on device bond5
[  126.748174][T13201] bond4: (slave bond5): making interface the new active one
[  126.750981][T13201] bond5: entered promiscuous mode
[  126.755367][T13201] bond4: (slave bond5): Enslaving as an active interface with an up link
[  126.794520][T13279] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=13279 comm=syz.4.1183
[  126.851866][T13288] loop2: detected capacity change from 0 to 7
[  126.864726][T13288]  loop2: p1
[  126.865946][T13288] loop2: partition table partially beyond EOD, truncated
[  126.869285][T13288] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  126.905434][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  128.073334][T13350] xfrm0 speed is unknown, defaulting to 1000
[  128.077727][T13350] lo speed is unknown, defaulting to 1000
[  128.155876][   T40] kauditd_printk_skb: 63 callbacks suppressed
[  128.155893][   T40] audit: type=1400 audit(2000000022.468:889): avc:  denied  { unmount } for  pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  128.214545][   T12] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0xb
[  128.344228][T13402] netlink: 'syz.1.1200': attribute type 1 has an invalid length.
[  128.375658][   T40] audit: type=1400 audit(2000000022.688:890): avc:  denied  { read } for  pid=13403 comm="syz.0.1202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  128.398237][T13407] netlink: 'syz.1.1203': attribute type 21 has an invalid length.
[  128.401845][T13407] IPv6: NLM_F_CREATE should be specified when creating new route
[  128.437925][   T40] audit: type=1400 audit(2000000022.748:891): avc:  denied  { execute_no_trans } for  pid=13406 comm="syz.1.1203" path="/268/file0" dev="tmpfs" ino=1413 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  128.496082][   T40] audit: type=1400 audit(2000000022.808:892): avc:  denied  { ioctl } for  pid=13409 comm="syz.1.1204" path="socket:[35283]" dev="sockfs" ino=35283 ioctlcmd=0xf509 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  128.548091][   T40] audit: type=1400 audit(2000000022.858:893): avc:  denied  { listen } for  pid=13411 comm="syz.1.1205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  128.558106][   T40] audit: type=1400 audit(2000000022.858:894): avc:  denied  { connect } for  pid=13411 comm="syz.1.1205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  128.568754][   T40] audit: type=1400 audit(2000000022.858:895): avc:  denied  { ioctl } for  pid=13411 comm="syz.1.1205" path="socket:[37335]" dev="sockfs" ino=37335 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  128.862954][   T34] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  128.994092][   T40] audit: type=1400 audit(2000000023.308:896): avc:  denied  { mounton } for  pid=13424 comm="syz.4.1209" path="/syzcgroup/unified/syz4" dev="cgroup2" ino=186 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  129.013208][   T34] usb 6-1: device descriptor read/64, error -71
[  129.089107][   T40] audit: type=1400 audit(2000000023.398:897): avc:  denied  { bind } for  pid=13445 comm="syz.3.1213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  129.100159][   T40] audit: type=1400 audit(2000000023.408:898): avc:  denied  { accept } for  pid=13435 comm="syz.4.1212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  129.252941][   T34] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  129.382946][   T34] usb 6-1: device descriptor read/64, error -71
[  129.483270][   T24] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  129.493297][   T34] usb usb6-port1: attempt power cycle
[  129.603011][    T9] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  129.622996][   T24] usb 9-1: device descriptor read/64, error -71
[  129.746947][T13543] Can't find ip_set type hash:i
[  129.762913][    T9] usb 8-1: Using ep0 maxpacket: 32
[  129.774555][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  129.779427][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  129.785801][    T9] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  129.789749][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.794256][    T9] usb 8-1: config 0 descriptor??
[  129.843295][   T34] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  129.864906][   T34] usb 6-1: device descriptor read/8, error -71
[  129.873035][   T24] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  130.003006][   T24] usb 9-1: device descriptor read/64, error -71
[  130.102977][   T34] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  130.113222][   T24] usb usb9-port1: attempt power cycle
[  130.124152][   T34] usb 6-1: device descriptor read/8, error -71
[  130.221890][T13529] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  130.227767][T13529] cramfs: wrong magic
[  130.234523][   T34] usb usb6-port1: unable to enumerate USB device
[  130.245032][    T9] usbhid 8-1:0.0: can't add hid device: -71
[  130.251044][    T9] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  130.260840][    T9] usb 8-1: USB disconnect, device number 9
[  130.463188][   T24] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  130.483659][   T24] usb 9-1: device descriptor read/8, error -71
[  130.722966][   T24] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  130.753419][   T24] usb 9-1: device descriptor read/8, error -71
[  130.773154][T13641] __nla_validate_parse: 13 callbacks suppressed
[  130.773166][T13641] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1232'.
[  130.863206][   T24] usb usb9-port1: unable to enumerate USB device
[  130.877935][T13646] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1234'.
[  130.957839][T13652] loop2: detected capacity change from 0 to 7
[  130.962346][ T5951]  loop2: p1
[  130.964045][ T5951] loop2: partition table partially beyond EOD, truncated
[  130.967753][ T5951] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  130.977026][T13652]  loop2: p1
[  130.978573][T13652] loop2: partition table partially beyond EOD, truncated
[  130.981512][T13652] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  131.002513][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  131.016713][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  131.432319][T13687] fuse: Bad value for 'fd'
[  131.618154][T13695] netlink: 212 bytes leftover after parsing attributes in process `syz.3.1246'.
[  131.656410][T13700] syzkaller0: entered promiscuous mode
[  131.658270][T13700] syzkaller0: entered allmulticast mode
[  131.681656][T13706] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1248'.
[  131.792169][T13718] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1251'.
[  131.817541][T13718] dlm: non-version read from control device 0
[  131.893146][T13725] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1253'.
[  132.023338][T13730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1255'.
[  132.628307][ T1424] ieee802154 phy0 wpan0: encryption failed: -22
[  132.632069][ T1424] ieee802154 phy1 wpan1: encryption failed: -22
[  132.976235][T13725] hsr_slave_0: left promiscuous mode
[  132.979565][T13725] hsr_slave_1: left promiscuous mode
[  133.103305][T13757] input: syz1 as /devices/virtual/input/input22
[  133.123144][T13757] loop6: detected capacity change from 0 to 524287487
[  133.135322][T13757] buffer_io_error: 27 callbacks suppressed
[  133.135338][T13757] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.143118][T13757] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.146470][T13757] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.149265][T13757] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.152554][T13757] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.156676][T13757] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.159777][T13754] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1258'.
[  133.160262][T13757] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.167254][T13757] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.168751][   T40] kauditd_printk_skb: 32 callbacks suppressed
[  133.168765][   T40] audit: type=1400 audit(2000000027.478:931): avc:  denied  { open } for  pid=13753 comm="syz.4.1258" path="/dev/ptyqd" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  133.170549][T13757] ldm_validate_partition_table(): Disk read failed.
[  133.177294][T13754] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1258'.
[  133.183149][   T40] audit: type=1400 audit(2000000027.498:932): avc:  denied  { ioctl } for  pid=13753 comm="syz.4.1258" path="/dev/ptyqd" dev="devtmpfs" ino=140 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  133.184451][T13757] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.190429][   T40] audit: type=1400 audit(2000000027.508:933): avc:  denied  { append } for  pid=13756 comm="syz.1.1259" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  133.213981][T13757] Buffer I/O error on dev loop6, logical block 0, async page read
[  133.218292][T13757] Dev loop6: unable to read RDB block 0
[  133.221270][T13757]  loop6: unable to read partition table
[  133.224054][T13757] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  133.238382][T13771] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1261'.
[  133.242510][T13771] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  133.308725][   T40] audit: type=1400 audit(2000000027.618:934): avc:  denied  { getopt } for  pid=13783 comm="syz.3.1263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  133.318523][T13771] batman_adv: batadv0: Removing interface: batadv_slave_1
[  133.355029][T13773] netlink: 'syz.4.1262': attribute type 4 has an invalid length.
[  133.355973][   T40] audit: type=1400 audit(2000000027.668:935): avc:  denied  { watch } for  pid=13799 comm="syz.3.1266" path="/319/bus" dev="tmpfs" ino=1686 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  133.368064][   T40] audit: type=1400 audit(2000000027.678:936): avc:  denied  { watch_sb watch_reads } for  pid=13799 comm="syz.3.1266" path="/319/bus" dev="tmpfs" ino=1686 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  133.454940][   T40] audit: type=1400 audit(2000000027.768:937): avc:  denied  { watch watch_reads } for  pid=13811 comm="syz.3.1268" path="/320" dev="tmpfs" ino=1687 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  133.518717][   T40] audit: type=1400 audit(2000000027.828:938): avc:  denied  { mount } for  pid=13819 comm="syz.0.1270" name="/" dev="hugetlbfs" ino=37501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  133.589910][T13826] overlayfs: failed to clone lowerpath
[  134.446011][T13824] netem: change failed
[  134.477560][T13830] fuse: Bad value for 'fd'
[  134.531879][T13844] cgroup: subsys name conflicts with all
[  134.610372][T13870] rdma_rxe: rxe_newlink: failed to add xfrm0
[  134.612606][   T40] audit: type=1400 audit(2000000028.918:939): avc:  denied  { create } for  pid=13865 comm="syz.4.1281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  134.631555][   T40] audit: type=1400 audit(2000000028.938:940): avc:  denied  { create } for  pid=13865 comm="syz.4.1281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  134.639224][T13875] netlink: 'syz.3.1284': attribute type 1 has an invalid length.
[  134.674316][T13875] 8021q: adding VLAN 0 to HW filter on device bond4
[  134.706987][T13876] veth11: entered promiscuous mode
[  134.712066][T13876] bond4: (slave veth11): Enslaving as an active interface with a down link
[  134.760490][T13987] nbd: must specify a device to reconfigure
[  134.841646][T13993] macvlan2: entered promiscuous mode
[  134.845144][T13993] macvlan2: entered allmulticast mode
[  134.847914][T13993] bond1: entered promiscuous mode
[  134.850344][T13993] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  134.857186][T13993] bond1: left promiscuous mode
[  134.960844][T14037] loop2: detected capacity change from 0 to 7
[  134.964224][T14037]  loop2: p1
[  134.965371][T14037] loop2: partition table partially beyond EOD, truncated
[  134.968607][T14037] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  135.015994][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  135.047002][T14042] could not allocate digest TFM handle sha3-512-ce
[  135.084904][T14054] comedi comedi0: board detection failed
[  135.108050][T14057] syzkaller0: entered promiscuous mode
[  135.110738][T14057] syzkaller0: entered allmulticast mode
[  135.186237][T14071] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14071 comm=syz.4.1297
[  135.199160][T14079] netlink: 'syz.1.1299': attribute type 17 has an invalid length.
[  135.268023][T14079] batman_adv: batadv0: Interface deactivated: gretap1
[  135.671265][T14125] input: syz1 as /devices/virtual/input/input23
[  135.727044][T14135] NILFS (nullb0): couldn't find nilfs on the device
[  135.735245][T14129] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  135.757693][T14141] nfs: Unknown parameter 'yzkaller'
[  135.763238][T14144] nbd: must specify at least one socket
[  135.811184][T14150] syzkaller0: entered promiscuous mode
[  135.815027][T14150] syzkaller0: entered allmulticast mode
[  135.893481][T14157] netlink: 'syz.0.1316': attribute type 13 has an invalid length.
[  136.001253][T14172] __nla_validate_parse: 5 callbacks suppressed
[  136.001268][T14172] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1320'.
[  136.057019][T14212] netlink: 'syz.1.1321': attribute type 30 has an invalid length.
[  136.100571][T14245] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14245 comm=syz.1.1321
[  136.311648][T14269] loop2: detected capacity change from 0 to 7
[  136.317115][T14269]  loop2: p1
[  136.318494][T14269] loop2: partition table partially beyond EOD, truncated
[  136.321314][T14269] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  136.346794][T14275] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=14275 comm=syz.0.1331
[  136.348287][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  136.356011][T14282] sock: sock_set_timeout: `syz.1.1333' (pid 14282) tries to set negative timeout
[  136.568812][T14295] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1336'.
[  136.613022][   T34] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[  136.764131][   T34] usb 6-1: config 1 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  136.768936][   T34] usb 6-1: config 1 interface 0 has no altsetting 0
[  136.772777][   T34] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  136.776329][   T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.779486][   T34] usb 6-1: Product: syz
[  136.780985][   T34] usb 6-1: Manufacturer: syz
[  136.782556][   T34] usb 6-1: SerialNumber: syz
[  137.014284][   T34] usb 6-1: bad CDC descriptors
[  137.019241][   T34] usb 6-1: USB disconnect, device number 18
[  137.550472][T14116] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  137.572988][ T5296] Bluetooth: hci0: command 0x0c1a tx timeout
[  137.634964][T14329] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1343'.
[  137.652652][T14329] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1343'.
[  137.657316][T14329] netlink: 4532 bytes leftover after parsing attributes in process `syz.0.1343'.
[  137.676904][T14337] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1344'.
[  137.685147][T14307] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1337'.
[  137.704975][T14345] openvswitch: netlink: IP tunnel dst address not specified
[  137.716257][T14337] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1344'.
[  137.726091][T14337] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1344'.
[  138.101280][T14388] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=14388 comm=syz.3.1357
[  138.425680][   T40] kauditd_printk_skb: 32 callbacks suppressed
[  138.425697][   T40] audit: type=1400 audit(138.340:973): avc:  denied  { ioctl } for  pid=14418 comm="syz.4.1364" path="socket:[38785]" dev="sockfs" ino=38785 ioctlcmd=0x660c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  138.665728][   T40] audit: type=1400 audit(138.580:974): avc:  denied  { unmount } for  pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  138.730584][T14446] lo: MTU too low for tipc bearer
[  138.732449][T14446] tipc: Enabling of bearer <eth:lo> rejected, failed to enable media
[  138.820442][   T40] audit: type=1400 audit(138.730:975): avc:  denied  { shutdown } for  pid=14448 comm="syz.4.1372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  138.922030][T14464] netlink: 'syz.4.1375': attribute type 4 has an invalid length.
[  138.958074][   T40] audit: type=1400 audit(138.870:976): avc:  denied  { create } for  pid=14466 comm="syz.4.1376" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  138.964589][   T40] audit: type=1400 audit(138.870:977): avc:  denied  { ioctl } for  pid=14466 comm="syz.4.1376" path="socket:[39217]" dev="sockfs" ino=39217 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  138.999905][T14469] veth5: entered promiscuous mode
[  139.005170][T14469] team0: Port device veth5 added
[  139.118137][   T40] audit: type=1400 audit(139.030:978): avc:  denied  { ioctl } for  pid=14538 comm="syz.4.1380" path="socket:[41208]" dev="sockfs" ino=41208 ioctlcmd=0x4943 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  139.129742][T14540] delete_channel: no stack
[  139.214863][T14550] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1381'.
[  139.236344][T14558] vlan0: entered promiscuous mode
[  139.238341][T14558] vlan0: entered allmulticast mode
[  139.240070][T14558] veth0_vlan: entered allmulticast mode
[  139.249345][T14558] team0: Port device vlan0 added
[  139.306189][   T40] audit: type=1400 audit(139.220:979): avc:  denied  { mounton } for  pid=14560 comm="syz.4.1384" path="/proc/486/task" dev="proc" ino=40144 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  139.315277][   T40] audit: type=1400 audit(139.230:980): avc:  denied  { mount } for  pid=14560 comm="syz.4.1384" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  139.458906][T14574] xfrm0 speed is unknown, defaulting to 1000
[  139.461977][T14574] lo speed is unknown, defaulting to 1000
[  139.481703][T14585] input: syz1 as /devices/virtual/input/input25
[  139.980707][T14608] ip6tnl0: Caught tx_queue_len zero misconfig
[  140.039053][T14614] cgroup: No subsys list or none specified
[  140.479438][T14644] 9p: Unknown Cache mode or invalid value fs
[  141.284272][T14645] macvtap1: entered promiscuous mode
[  141.286115][T14645] macvtap1: entered allmulticast mode
[  141.288140][T14645] veth1_to_bridge: entered allmulticast mode
[  141.290387][T14645] veth1_to_bridge: entered promiscuous mode
[  141.293818][T14645] team0: Device macvtap1 failed to register rx_handler
[  141.297383][T14645] veth1_to_bridge: left allmulticast mode
[  141.299750][T14645] veth1_to_bridge: left promiscuous mode
[  141.321081][T14656] __nla_validate_parse: 2 callbacks suppressed
[  141.321098][T14656] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1400'.
[  141.328899][T14656] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1400'.
[  141.333010][T14656] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1400'.
[  141.337098][T14656] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1400'.
[  141.341241][T14656] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1400'.
[  141.345825][T14656] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1400'.
[  141.350122][T14572] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  141.350353][T14656] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1400'.
[  141.357251][T14656] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1400'.
[  141.361385][T14656] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1400'.
[  141.365803][T14656] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1400'.
[  141.391295][T14658] futex_wake_op: syz.4.1401 tries to shift op by -1; fix this program
[  141.422977][ T5296] Bluetooth: hci0: command 0x0c1a tx timeout
[  141.478552][   T40] audit: type=1400 audit(141.390:981): avc:  denied  { setopt } for  pid=14662 comm="syz.0.1404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  141.564808][T14748] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  141.608739][T14752] loop2: detected capacity change from 0 to 7
[  141.611939][ T5951]  loop2: p1
[  141.613565][ T5951] loop2: partition table partially beyond EOD, truncated
[  141.616304][ T5951] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  141.631362][T14752]  loop2: p1
[  141.632795][T14752] loop2: partition table partially beyond EOD, truncated
[  141.638322][T14752] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  141.676606][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  141.700773][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  141.818743][   T40] audit: type=1400 audit(141.730:982): avc:  denied  { read } for  pid=5647 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  142.245005][T14834] FAT-fs (loop1): unable to read boot sector
[  142.249261][T14844] rdma_rxe: rxe_newlink: failed to add xfrm0
[  142.312120][T14848] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65024 sclass=netlink_route_socket pid=14848 comm=syz.1.1430
[  142.363095][T14852] openvswitch: netlink: IP tunnel dst address not specified
[  142.413323][ T6021] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  142.566377][T14866] 8021q: adding VLAN 0 to HW filter on device bond42
[  142.574968][ T6021] usb 9-1: config index 0 descriptor too short (expected 39, got 27)
[  142.578650][ T6021] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  142.583350][ T6021] usb 9-1: config 0 interface 0 has no altsetting 0
[  142.588919][T14866] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  142.590076][ T6021] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  142.593413][T14866] bond42: (slave macvlan2): Enslaving as a backup interface with a down link
[  142.597052][ T6021] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  142.601537][ T6021] usb 9-1: Product: syz
[  142.603422][ T6021] usb 9-1: Manufacturer: syz
[  142.605509][ T6021] usb 9-1: SerialNumber: syz
[  142.614379][ T6021] usb 9-1: config 0 descriptor??
[  142.621106][ T6021] hub 9-1:0.0: bad descriptor, ignoring hub
[  142.628968][ T6021] hub 9-1:0.0: probe with driver hub failed with error -5
[  142.634616][ T6021] usb 9-1: selecting invalid altsetting 0
[  143.436118][   T40] kauditd_printk_skb: 14 callbacks suppressed
[  143.436133][   T40] audit: type=1400 audit(143.350:997): avc:  denied  { bind } for  pid=14954 comm="syz.0.1443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  143.470921][T14957] CIFS mount error: No usable UNC path provided in device string!
[  143.470921][T14957] 
[  143.477877][T14957] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  143.478570][   T40] audit: type=1400 audit(143.390:998): avc:  denied  { execute } for  pid=14958 comm="syz.0.1445" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=40280 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  143.532997][T14836] usb 9-1: reset high-speed USB device number 7 using dummy_hcd
[  143.704279][T14836] usb 9-1: device firmware changed
[  143.707625][ T6021] usb 9-1: USB disconnect, device number 7
[  143.708293][T14970] netlink: 'syz.0.1448': attribute type 1 has an invalid length.
[  143.713997][   T40] audit: type=1400 audit(143.630:999): avc:  denied  { create } for  pid=14969 comm="syz.0.1448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  143.722217][   T40] audit: type=1400 audit(143.630:1000): avc:  denied  { write } for  pid=14969 comm="syz.0.1448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  143.749908][T14970] bond6: entered promiscuous mode
[  143.752087][T14970] 8021q: adding VLAN 0 to HW filter on device bond6
[  143.753892][   T40] audit: type=1400 audit(143.670:1001): avc:  denied  { execmod } for  pid=14988 comm="syz.1.1449" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=40294 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  143.872948][ T6021] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  143.920856][T15031] geneve1: entered promiscuous mode
[  143.934722][T15035] sctp: [Deprecated]: syz.1.1456 (pid 15035) Use of int in max_burst socket option.
[  143.934722][T15035] Use struct sctp_assoc_value instead
[  143.967818][T15040] netlink: 'syz.0.1457': attribute type 46 has an invalid length.
[  144.046710][T15047] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  144.051843][T15047] Error validating options; rc = [-22]
[  144.054998][ T6021] usb 9-1: config index 0 descriptor too short (expected 39, got 27)
[  144.058507][ T6021] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  144.063416][ T6021] usb 9-1: config 0 interface 0 has no altsetting 0
[  144.071065][ T6021] usb 9-1: string descriptor 0 read error: -22
[  144.074148][ T6021] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  144.078010][ T6021] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  144.093438][ T6021] usb 9-1: config 0 descriptor??
[  144.104252][ T6021] hub 9-1:0.0: bad descriptor, ignoring hub
[  144.106826][ T6021] hub 9-1:0.0: probe with driver hub failed with error -5
[  144.109513][T15061] IPv6: NLM_F_CREATE should be specified when creating new route
[  144.111762][ T6021] usb 9-1: selecting invalid altsetting 0
[  144.167541][   T40] audit: type=1400 audit(144.080:1002): avc:  denied  { wake_alarm } for  pid=15075 comm="syz.1.1466" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  144.207963][T15083] Cannot find set identified by id 65534 to match
[  144.240417][T15088] MINIX-fs: blocksize too small for device
[  144.261537][T15084] cgroup: Unknown subsys name 'cpuset'
[  144.301167][T14836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.304268][T14836] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.304326][T15094] netlink: 'syz.0.1471': attribute type 5 has an invalid length.
[  144.311260][   T40] audit: type=1400 audit(144.220:1003): avc:  denied  { setattr } for  pid=14835 comm="syz.4.1428" name="tun" dev="devtmpfs" ino=720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tun_tap_device_t tclass=chr_file permissive=1
[  144.317450][T15094] ip6erspan0: entered promiscuous mode
[  144.370341][   T40] audit: type=1400 audit(144.280:1004): avc:  denied  { create } for  pid=15122 comm="syz.1.1472" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  144.511344][T15145] /dev/sr0: Can't lookup blockdev
[  144.511468][T15144] /dev/sr0: Can't lookup blockdev
[  144.514101][   T24] usb 9-1: USB disconnect, device number 8
[  144.564021][T15158] xt_bpf: check failed: parse error
[  144.565488][   T40] audit: type=1400 audit(144.480:1005): avc:  denied  { accept } for  pid=15156 comm="syz.0.1476" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  144.570706][T15158] random: crng reseeded on system resumption
[  144.583042][   T40] audit: type=1400 audit(144.480:1006): avc:  denied  { read write } for  pid=15139 comm="syz.1.1474" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  144.798472][T15170] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  145.323199][ T5296] Bluetooth: hci1: Malformed Event: 0x2f
[  145.455112][T15224] loop2: detected capacity change from 0 to 7
[  145.458378][ T5951]  loop2: p1
[  145.459628][ T5951] loop2: partition table partially beyond EOD, truncated
[  145.462943][ T5951] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  145.479649][T15225] netdevsim netdevsim1: Direct firmware load for .
[  145.479649][T15225]  failed with error -2
[  145.480737][T15224]  loop2: p1
[  145.485807][T15225] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  145.485807][T15225] 
[  145.492666][T15224] loop2: partition table partially beyond EOD, truncated
[  145.497857][T15224] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  145.509768][ T5345]  loop2: p1
[  145.511285][ T5345] loop2: partition table partially beyond EOD, truncated
[  145.523708][ T5345] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  145.557019][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  145.583618][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  145.596512][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  145.613478][T15249] bridge3: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms)
[  145.679460][T15255] qnx4: no qnx4 filesystem (no root dir).
[  145.727880][T15261] netlink: 'syz.0.1503': attribute type 18 has an invalid length.
[  145.776806][T15263] bond2 (unregistering): Released all slaves
[  145.855414][T15336] netlink: 'syz.4.1507': attribute type 4 has an invalid length.
[  146.375387][T15367] tmpfs: Unknown parameter '01777777777777777777777'
[  146.379127][T15364] xfrm0 speed is unknown, defaulting to 1000
[  146.388625][T15364] lo speed is unknown, defaulting to 1000
[  146.488935][T15394] __nla_validate_parse: 45 callbacks suppressed
[  146.488952][T15394] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1516'.
[  146.525957][T15394] overlayfs: failed to clone upperpath
[  146.762981][ T6021] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  146.777146][T15415] loop2: detected capacity change from 0 to 7
[  146.781314][T15415]  loop2: p1
[  146.782515][T15415] loop2: partition table partially beyond EOD, truncated
[  146.786513][T15415] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  146.820610][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  146.835458][T15426] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1524'.
[  146.838561][T15426] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1524'.
[  146.842274][T15426] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1524'.
[  146.846375][T15426] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1524'.
[  146.859175][T15419] kernel profiling enabled (shift: 6)
[  146.935515][ T6021] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  146.938611][ T6021] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  146.942208][ T6021] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  146.945593][ T6021] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  146.949974][ T6021] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  146.956611][ T6021] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  146.960573][ T6021] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  146.964084][ T6021] usb 6-1: Product: syz
[  146.965471][ T6021] usb 6-1: Manufacturer: syz
[  146.974377][ T6021] cdc_wdm 6-1:1.0: skipping garbage
[  146.976672][ T6021] cdc_wdm 6-1:1.0: skipping garbage
[  146.980569][ T6021] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  146.983809][ T6021] cdc_wdm 6-1:1.0: Unknown control protocol
[  147.077189][T15440] Unknown options in mask b7f2
[  147.236652][T15509] sctp: [Deprecated]: syz.3.1530 (pid 15509) Use of int in max_burst socket option.
[  147.236652][T15509] Use struct sctp_assoc_value instead
[  147.321998][T15511] "syz.3.1531" (15511) uses obsolete ecb(arc4) skcipher
[  147.359131][T15516] loop2: detected capacity change from 0 to 7
[  147.363055][T15516]  loop2: p1
[  147.364687][T15516] loop2: partition table partially beyond EOD, truncated
[  147.367527][T15516] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  147.407730][ T5951] udevd[5951]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  147.538572][T15533] x_tables: ip_tables: time.0 match: invalid size 24 (kernel) != (user) 32
[  147.658151][T15548] bond0: entered allmulticast mode
[  147.660351][T15548] bond_slave_0: entered allmulticast mode
[  147.663793][T15548] bond_slave_1: entered allmulticast mode
[  147.753477][T15559] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  147.919305][T15580] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1546'.
[  148.003076][ T6021] usb 9-1: new full-speed USB device number 9 using dummy_hcd
[  148.051254][T15588] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1549'.
[  148.059162][T15588] xt_nfacct: accounting object `syz0' does not exist
[  148.164392][ T6021] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  148.167978][ T6021] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[  148.171435][ T6021] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  148.174971][ T6021] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.191876][T15565] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  148.200871][T15565] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  148.207865][ T6021] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  148.242859][T15610] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1551'.
[  148.245962][T15610] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1551'.
[  148.257829][T15610] bridge3: entered promiscuous mode
[  148.259639][T15610] bridge3: entered allmulticast mode
[  148.284610][T15610] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1551'.
[  148.315041][T15610] bridge4: entered promiscuous mode
[  148.317211][T15610] bridge4: entered allmulticast mode
[  148.343638][T15617] xfrm0 speed is unknown, defaulting to 1000
[  148.347295][T15617] lo speed is unknown, defaulting to 1000
[  148.366040][T15629] netlink: 'syz.3.1552': attribute type 4 has an invalid length.
[  148.404324][T15610] netlink: 'syz.0.1551': attribute type 1 has an invalid length.
[  148.408698][ T6021] usb 9-1: USB disconnect, device number 9
[  148.719353][   T40] kauditd_printk_skb: 19 callbacks suppressed
[  148.719369][   T40] audit: type=1400 audit(148.630:1026): avc:  denied  { bind } for  pid=15687 comm="syz.3.1556" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  148.872992][ T6021] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  149.003043][ T6021] usb 9-1: device descriptor read/64, error -71
[  149.243274][ T6021] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  149.372993][ T6021] usb 9-1: device descriptor read/64, error -71
[  149.483090][ T6021] usb usb9-port1: attempt power cycle
[  149.532282][ T1029] usb 6-1: USB disconnect, device number 19
[  149.582591][T15718] comedi comedi3: dt2817: I/O port conflict (0x9,5)
[  149.716020][   T40] audit: type=1400 audit(149.630:1027): avc:  denied  { listen } for  pid=15734 comm="syz.3.1570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  149.717066][T15731] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  149.725120][   T40] audit: type=1400 audit(149.640:1028): avc:  denied  { accept } for  pid=15734 comm="syz.3.1570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  149.742502][T15731] picdev_read: 77 callbacks suppressed
[  149.742514][T15731] kvm: pic: non byte read
[  149.759507][T15731] kvm: pic: level sensitive irq not supported
[  149.760943][T15731] kvm: pic: non byte read
[  149.769279][T15731] kvm: pic: non byte read
[  149.772608][T15731] kvm: pic: non byte read
[  149.776289][T15731] kvm: pic: non byte read
[  149.832955][ T6021] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  149.853977][ T6021] usb 9-1: device descriptor read/8, error -71
[  149.904855][   T40] audit: type=1400 audit(149.820:1029): avc:  denied  { getopt } for  pid=15743 comm="syz.3.1571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  149.926659][   T40] audit: type=1400 audit(149.840:1030): avc:  denied  { ioctl } for  pid=15748 comm="syz.1.1572" path="/dev/fuse" dev="devtmpfs" ino=105 ioctlcmd=0xe503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  150.070954][   T40] audit: type=1400 audit(149.980:1031): avc:  denied  { append } for  pid=15757 comm="syz.3.1576" name="mouse1" dev="devtmpfs" ino=1297 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  150.103033][ T6021] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  150.123503][   T40] audit: type=1400 audit(150.040:1032): avc:  denied  { ioctl } for  pid=15757 comm="syz.3.1576" path="/dev/input/mouse1" dev="devtmpfs" ino=1297 ioctlcmd=0xae41 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  150.123670][ T6021] usb 9-1: device descriptor read/8, error -71
[  150.141883][   T40] audit: type=1400 audit(150.050:1033): avc:  denied  { listen } for  pid=15759 comm="syz.0.1577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  150.253153][ T6021] usb usb9-port1: unable to enumerate USB device
[  150.306231][   T40] audit: type=1400 audit(150.210:1034): avc:  denied  { name_bind } for  pid=15771 comm="syz.0.1581" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  150.443932][   T40] audit: type=1400 audit(150.360:1035): avc:  denied  { read write } for  pid=15787 comm="syz.3.1585" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  150.457016][T15788] netlink: 'syz.3.1585': attribute type 1 has an invalid length.
[  150.473087][T15788] 8021q: adding VLAN 0 to HW filter on device bond5
[  150.478661][T15788] bond5: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  150.485653][T15788] bond5: entered allmulticast mode
[  150.499942][T15788] bond5: (slave ip6gretap2): Enslaving as an active interface with an up link
[  150.554529][T15825] netlink: 'syz.3.1586': attribute type 10 has an invalid length.
[  150.558032][T15825] syz_tun: entered promiscuous mode
[  150.562635][T15825] syz_tun: entered allmulticast mode
[  150.568491][T15825] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  150.802772][T15848] syzkaller0: entered promiscuous mode
[  150.806392][T15848] syzkaller0: entered allmulticast mode
[  150.956185][T15859] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15859 comm=syz.4.1595
[  151.013069][   T54] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  151.129000][T15874] netlink: 'syz.0.1598': attribute type 1 has an invalid length.
[  151.167540][   T54] usb 8-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  151.172326][   T54] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.182912][   T54] usb 8-1: Product: syz
[  151.185214][   T54] usb 8-1: Manufacturer: syz
[  151.187268][   T54] usb 8-1: SerialNumber: syz
[  151.214565][T15921] netlink: 'syz.4.1599': attribute type 10 has an invalid length.
[  151.218223][T15921] team0: entered promiscuous mode
[  151.220464][T15921] team_slave_0: entered promiscuous mode
[  151.223856][T15921] team_slave_1: entered promiscuous mode
[  151.227077][T15921] bridge0: port 3(team0) entered blocking state
[  151.229654][T15921] bridge0: port 3(team0) entered disabled state
[  151.232148][T15921] team0: entered allmulticast mode
[  151.235114][T15921] team_slave_0: entered allmulticast mode
[  151.237569][T15921] team_slave_1: entered allmulticast mode
[  151.240153][T15921] veth5: entered allmulticast mode
[  151.245615][T15921] bridge0: port 3(team0) entered blocking state
[  151.248595][T15921] bridge0: port 3(team0) entered forwarding state
[  151.387369][   T34] hid_parser_main: 5 callbacks suppressed
[  151.387382][   T34] hid-generic 0006:0004:0009.0006: unknown main item tag 0x0
[  151.392405][   T34] hid-generic 0006:0004:0009.0006: unknown main item tag 0x0
[  151.396702][   T34] hid-generic 0006:0004:0009.0006: unknown main item tag 0x0
[  151.399461][   T54] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[  151.404112][   T34] hid-generic 0006:0004:0009.0006: hidraw1: VIRTUAL HID v0.04 Device [syz1] on syz0
[  151.406717][   T54] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[  151.410978][   T54] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  151.416561][   T54] lan78xx 8-1:1.0: probe with driver lan78xx failed with error -71
[  151.424301][   T54] usb 8-1: USB disconnect, device number 10
[  151.455966][T15948] fido_id[15948]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  151.958378][T15961] veth15: entered promiscuous mode
[  152.060975][T16027] __nla_validate_parse: 10 callbacks suppressed
[  152.060987][T16027] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1611'.
[  152.377591][T16056] devtmpfs: Cannot change global quota limit on remount
[  152.412639][T16054] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1616'.
[  152.417220][T16054] overlayfs: missing 'workdir'
[  152.419329][T16062] dummy0: left allmulticast mode
[  152.420972][T16062] bridge0: port 1(dummy0) entered disabled state
[  152.427731][T16062] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  152.460374][T16065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1620'.
[  152.464970][T16066] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1620'.
[  152.500444][T16071] netlink: 'syz.0.1622': attribute type 1 has an invalid length.
[  152.546372][T16071] bond8: (slave bridge5): making interface the new active one
[  152.550322][T16071] bond8: (slave bridge5): Enslaving as an active interface with an up link
[  152.591922][T16112] syz.3.1624 (16112) used greatest stack depth: 17816 bytes left
[  152.645158][T16124] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  152.658870][T16126] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1627'.
[  152.826808][T16144] team0: No ports can be present during mode change
[  152.830913][T16144] tipc: Started in network mode
[  152.833590][T16144] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  152.836867][T16144] tipc: Enabled bearer <eth:team0>, priority 0
[  152.872933][    T9] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  153.023058][    T9] usb 6-1: Using ep0 maxpacket: 16
[  153.027953][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  153.034671][    T9] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  153.038782][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.042418][    T9] usb 6-1: Product: syz
[  153.044738][    T9] usb 6-1: Manufacturer: syz
[  153.047884][    T9] usb 6-1: SerialNumber: syz
[  153.053157][    T9] usb 6-1: config 0 descriptor??
[  153.059187][    T9] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  153.064834][    T9] em28xx 6-1:0.0: DVB interface 0 found: bulk
[  153.071439][T16159] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1637'.
[  153.140872][T16166] SELinux:  policydb magic number 0x4b07fa81 does not match expected magic number 0xf97cff8c
[  153.144916][T16166] SELinux: failed to load policy
[  153.356954][T16188] syzkaller0: entered promiscuous mode
[  153.358842][T16188] syzkaller0: entered allmulticast mode
[  153.445958][T16206] rdma_rxe: rxe_newlink: failed to add xfrm0
[  153.464659][T16208] rdma_rxe: rxe_newlink: failed to add xfrm0
[  153.490987][T16205] batadv_slave_1: entered promiscuous mode
[  153.537493][T16213] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1653'.
[  153.600908][T16203] batadv_slave_1: left promiscuous mode
[  153.601783][ T5296] Bluetooth: hci3: ACL packet too small
[  153.660485][    T9] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  153.712353][T16225] input: syz1 as /devices/virtual/input/input27
[  153.954531][   T29] tipc: Node number set to 11578026
[  154.313623][    T9] em28xx 6-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  154.320417][    T9] em28xx 6-1:0.0: board has no eeprom
[  154.393077][    T9] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  154.396400][    T9] em28xx 6-1:0.0: dvb set to bulk mode.
[  154.404768][   T10] em28xx 6-1:0.0: Binding DVB extension
[  154.420810][    T9] usb 6-1: USB disconnect, device number 20
[  154.424912][    T9] em28xx 6-1:0.0: Disconnecting em28xx
[  154.437814][   T10] em28xx 6-1:0.0: Registering input extension
[  154.440034][    T9] em28xx 6-1:0.0: Closing input extension
[  154.458781][    T9] em28xx 6-1:0.0: Freeing device
[  154.577807][T16281] IPVS: length: 77 != 8
[  154.676011][   T40] kauditd_printk_skb: 18 callbacks suppressed
[  154.676021][   T40] audit: type=1400 audit(154.590:1054): avc:  denied  { name_bind } for  pid=16292 comm="syz.4.1667" src=65530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=rawip_socket permissive=1
[  154.894091][   T40] audit: type=1400 audit(154.800:1055): avc:  denied  { setopt } for  pid=16325 comm="syz.0.1675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  154.957721][T16324] FAULT_INJECTION: forcing a failure.
[  154.957721][T16324] name failslab, interval 1, probability 0, space 0, times 0
[  154.962711][T16324] CPU: 0 UID: 0 PID: 16324 Comm: syz.1.1674 Not tainted syzkaller #0 PREEMPT(full) 
[  154.962727][T16324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  154.962734][T16324] Call Trace:
[  154.962738][T16324]  <TASK>
[  154.962742][T16324]  dump_stack_lvl+0x16c/0x1f0
[  154.962770][T16324]  should_fail_ex+0x512/0x640
[  154.962791][T16324]  ? fs_reclaim_acquire+0xae/0x150
[  154.962818][T16324]  should_failslab+0xc2/0x120
[  154.962833][T16324]  __kmalloc_noprof+0xdd/0x870
[  154.962849][T16324]  ? tomoyo_encode2+0x100/0x3e0
[  154.962868][T16324]  ? tomoyo_encode2+0x100/0x3e0
[  154.962884][T16324]  tomoyo_encode2+0x100/0x3e0
[  154.962902][T16324]  tomoyo_encode+0x29/0x50
[  154.962930][T16324]  tomoyo_realpath_from_path+0x18f/0x6e0
[  154.962948][T16324]  ? tomoyo_profile+0x47/0x60
[  154.962960][T16324]  tomoyo_path_number_perm+0x245/0x580
[  154.962974][T16324]  ? tomoyo_path_number_perm+0x237/0x580
[  154.962990][T16324]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  154.963005][T16324]  ? find_held_lock+0x2b/0x80
[  154.963028][T16324]  ? find_held_lock+0x2b/0x80
[  154.963038][T16324]  ? hook_file_ioctl_common+0x145/0x410
[  154.963053][T16324]  ? __fget_files+0x20e/0x3c0
[  154.963073][T16324]  security_file_ioctl+0x9b/0x240
[  154.963093][T16324]  __x64_sys_ioctl+0xb7/0x210
[  154.963106][T16324]  do_syscall_64+0xcd/0xf80
[  154.963118][T16324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.963129][T16324] RIP: 0033:0x7f716ab8f7c9
[  154.963138][T16324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.963148][T16324] RSP: 002b:00007f716b979038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  154.963159][T16324] RAX: ffffffffffffffda RBX: 00007f716ade5fa0 RCX: 00007f716ab8f7c9
[  154.963165][T16324] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  154.963171][T16324] RBP: 00007f716b979090 R08: 0000000000000000 R09: 0000000000000000
[  154.963177][T16324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.963183][T16324] R13: 00007f716ade6038 R14: 00007f716ade5fa0 R15: 00007ffed4661848
[  154.963197][T16324]  </TASK>
[  155.051240][T16324] ERROR: Out of memory at tomoyo_realpath_from_path.
[  155.092529][   T40] audit: type=1400 audit(155.000:1056): avc:  denied  { write } for  pid=16341 comm="syz.4.1678" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  155.098161][T16343] gfs2: not a GFS2 filesystem
[  155.150962][T16350] @: renamed from vlan0 (while UP)
[  155.152314][T16352] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  155.237089][T16358] bond9: Unable to set down delay as MII monitoring is disabled
[  155.242632][T16358] bond9 (unregistering): Released all slaves
[  155.340494][T16443] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1685'.
[  155.423405][    C1] sr 2:0:0:0: [sr0] tag#19 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  155.426807][    C1] sr 2:0:0:0: [sr0] tag#19 CDB: Regenerate(16) 82 5a 86 a5 26 a3 50 1f b1 dd 8d ff 3e 90 d6 f5
[  155.467303][T16463] netlink: 'syz.4.1690': attribute type 46 has an invalid length.
[  155.470042][T16463] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1690'.
[  155.474343][T16463] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1690'.
[  155.541666][T16469] comedi comedi3: multiq3: I/O port conflict (0x2,16)
[  155.682018][T16481] FAULT_INJECTION: forcing a failure.
[  155.682018][T16481] name failslab, interval 1, probability 0, space 0, times 0
[  155.688421][T16481] CPU: 3 UID: 0 PID: 16481 Comm: syz.3.1692 Not tainted syzkaller #0 PREEMPT(full) 
[  155.688445][T16481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  155.688456][T16481] Call Trace:
[  155.688462][T16481]  <TASK>
[  155.688469][T16481]  dump_stack_lvl+0x16c/0x1f0
[  155.688493][T16481]  should_fail_ex+0x512/0x640
[  155.688520][T16481]  ? __kmalloc_cache_noprof+0x5f/0x770
[  155.688549][T16481]  should_failslab+0xc2/0x120
[  155.688572][T16481]  __kmalloc_cache_noprof+0x72/0x770
[  155.688597][T16481]  ? rcu_is_watching+0x12/0xc0
[  155.688622][T16481]  ? vhost_task_create+0xe5/0x370
[  155.688657][T16481]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  155.688685][T16481]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  155.688708][T16481]  ? vhost_task_create+0xe5/0x370
[  155.688730][T16481]  vhost_task_create+0xe5/0x370
[  155.688756][T16481]  ? __pfx_vhost_task_create+0x10/0x10
[  155.688779][T16481]  ? look_up_lock_class+0x6b/0x130
[  155.688804][T16481]  ? __pfx_vhost_task_fn+0x10/0x10
[  155.688834][T16481]  ? __pfx___mutex_lock+0x10/0x10
[  155.688860][T16481]  kvm_mmu_post_init_vm+0x1b7/0x380
[  155.688883][T16481]  kvm_arch_vcpu_ioctl_run+0x66/0x1860
[  155.688903][T16481]  ? kvm_vcpu_ioctl+0x149a/0x1660
[  155.688935][T16481]  kvm_vcpu_ioctl+0x5eb/0x1660
[  155.688963][T16481]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  155.688989][T16481]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  155.689012][T16481]  ? do_vfs_ioctl+0x128/0x14f0
[  155.689032][T16481]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  155.689052][T16481]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  155.689089][T16481]  ? hook_file_ioctl_common+0x145/0x410
[  155.689116][T16481]  ? selinux_file_ioctl+0x180/0x270
[  155.689140][T16481]  ? selinux_file_ioctl+0xb4/0x270
[  155.689168][T16481]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  155.689194][T16481]  __x64_sys_ioctl+0x18e/0x210
[  155.689216][T16481]  do_syscall_64+0xcd/0xf80
[  155.689236][T16481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.689253][T16481] RIP: 0033:0x7f390138f7c9
[  155.689267][T16481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.689284][T16481] RSP: 002b:00007f390230a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  155.689302][T16481] RAX: ffffffffffffffda RBX: 00007f39015e5fa0 RCX: 00007f390138f7c9
[  155.689338][T16481] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  155.689348][T16481] RBP: 00007f390230a090 R08: 0000000000000000 R09: 0000000000000000
[  155.689358][T16481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.689368][T16481] R13: 00007f39015e6038 R14: 00007f39015e5fa0 R15: 00007ffe86fb9808
[  155.689393][T16481]  </TASK>
[  155.807846][    T9] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  155.974799][    T9] usb 9-1: too many configurations: 9, using maximum allowed: 8
[  155.979416][    T9] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  155.983706][    T9] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  155.988565][    T9] usb 9-1: config 0 interface 0 has no altsetting 0
[  155.992669][    T9] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  155.997178][    T9] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  156.001748][    T9] usb 9-1: config 0 interface 0 has no altsetting 0
[  156.006259][    T9] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  156.010235][    T9] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  156.015460][    T9] usb 9-1: config 0 interface 0 has no altsetting 0
[  156.020008][    T9] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  156.023355][    T9] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  156.028128][    T9] usb 9-1: config 0 interface 0 has no altsetting 0
[  156.032462][    T9] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  156.037024][    T9] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  156.041809][    T9] usb 9-1: config 0 interface 0 has no altsetting 0
[  156.045710][    T9] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  156.049205][    T9] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  156.053916][    T9] usb 9-1: config 0 interface 0 has no altsetting 0
[  156.057873][    T9] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  156.061627][    T9] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  156.066516][    T9] usb 9-1: config 0 interface 0 has no altsetting 0
[  156.070640][    T9] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  156.074638][    T9] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  156.079587][    T9] usb 9-1: config 0 interface 0 has no altsetting 0
[  156.084859][    T9] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  156.089132][    T9] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  156.092754][    T9] usb 9-1: Product: syz
[  156.094960][    T9] usb 9-1: Manufacturer: syz
[  156.097079][    T9] usb 9-1: SerialNumber: syz
[  156.102372][    T9] usb 9-1: config 0 descriptor??
[  156.110099][    T9] yurex 9-1:0.0: USB YUREX device now attached to Yurex #0
[  156.319679][T16469] binder: 16467:16469 ioctl c0306201 200000000180 returned -14
[  156.333443][T16469] binder: 16467:16469 ioctl c0306201 200000000040 returned -14
[  156.340786][    T9] usb 9-1: USB disconnect, device number 14
[  156.343583][   T40] audit: type=1400 audit(156.260:1057): avc:  denied  { read } for  pid=16509 comm="syz.1.1698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  156.353072][    T9] yurex 9-1:0.0: USB YUREX #0 now disconnected
[  156.497902][T16538] syzkaller0: entered promiscuous mode
[  156.499877][T16538] syzkaller0: entered allmulticast mode
[  156.630002][T16550] vlan2: entered promiscuous mode
[  156.631691][T16550] bridge0: entered promiscuous mode
[  156.633025][T16557] loop6: detected capacity change from 0 to 2640
[  156.638786][T16557] buffer_io_error: 7 callbacks suppressed
[  156.638800][T16557] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.645165][T16557] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.648620][T16557] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.652210][T16557] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.656404][T16557] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.663365][T16557] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.667108][T16557] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.669862][T16557] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.672472][T16557] ldm_validate_partition_table(): Disk read failed.
[  156.675914][T16557] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.678645][T16557] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.681515][T16557] Dev loop6: unable to read RDB block 0
[  156.683777][T16557]  loop6: unable to read partition table
[  156.685680][   T40] audit: type=1400 audit(156.600:1058): avc:  denied  { setopt } for  pid=16559 comm="syz.0.1707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  156.692024][T16557] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  156.695513][   T40] audit: type=1400 audit(156.600:1059): avc:  denied  { connect } for  pid=16559 comm="syz.0.1707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  156.752218][   T40] audit: type=1400 audit(156.660:1060): avc:  denied  { map } for  pid=16553 comm="syz.1.1706" path="/dev/loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  156.943771][T16578] FAULT_INJECTION: forcing a failure.
[  156.943771][T16578] name failslab, interval 1, probability 0, space 0, times 0
[  156.948057][T16578] CPU: 0 UID: 0 PID: 16578 Comm: syz.4.1712 Not tainted syzkaller #0 PREEMPT(full) 
[  156.948072][T16578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  156.948078][T16578] Call Trace:
[  156.948082][T16578]  <TASK>
[  156.948087][T16578]  dump_stack_lvl+0x16c/0x1f0
[  156.948101][T16578]  should_fail_ex+0x512/0x640
[  156.948118][T16578]  ? __kmalloc_cache_node_noprof+0x62/0x790
[  156.948133][T16578]  should_failslab+0xc2/0x120
[  156.948147][T16578]  __kmalloc_cache_node_noprof+0x75/0x790
[  156.948158][T16578]  ? __get_vm_area_node+0x101/0x330
[  156.948174][T16578]  ? __get_vm_area_node+0x101/0x330
[  156.948186][T16578]  __get_vm_area_node+0x101/0x330
[  156.948198][T16578]  ? __lock_acquire+0x433/0x22f0
[  156.948214][T16578]  __vmalloc_node_range_noprof+0x271/0x1480
[  156.948229][T16578]  ? vhost_task_create+0x1d2/0x370
[  156.948250][T16578]  ? vhost_task_create+0x1d2/0x370
[  156.948268][T16578]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  156.948287][T16578]  ? rcu_is_watching+0x12/0xc0
[  156.948314][T16578]  ? vhost_task_create+0x1d2/0x370
[  156.948329][T16578]  __vmalloc_node_noprof+0xad/0xf0
[  156.948346][T16578]  ? vhost_task_create+0x1d2/0x370
[  156.948365][T16578]  copy_process+0x2c40/0x74e0
[  156.948383][T16578]  ? __pfx_copy_process+0x10/0x10
[  156.948395][T16578]  ? lockdep_init_map_type+0x5c/0x270
[  156.948410][T16578]  ? lockdep_init_map_type+0x5c/0x270
[  156.948425][T16578]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  156.948442][T16578]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  156.948456][T16578]  vhost_task_create+0x1d2/0x370
[  156.948471][T16578]  ? __pfx_vhost_task_create+0x10/0x10
[  156.948486][T16578]  ? look_up_lock_class+0x6b/0x130
[  156.948501][T16578]  ? __pfx_vhost_task_fn+0x10/0x10
[  156.948518][T16578]  ? __pfx___mutex_lock+0x10/0x10
[  156.948538][T16578]  kvm_mmu_post_init_vm+0x1b7/0x380
[  156.948551][T16578]  kvm_arch_vcpu_ioctl_run+0x66/0x1860
[  156.948563][T16578]  ? kvm_vcpu_ioctl+0x149a/0x1660
[  156.948583][T16578]  kvm_vcpu_ioctl+0x5eb/0x1660
[  156.948600][T16578]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  156.948615][T16578]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  156.948628][T16578]  ? do_vfs_ioctl+0x128/0x14f0
[  156.948641][T16578]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  156.948652][T16578]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  156.948674][T16578]  ? hook_file_ioctl_common+0x145/0x410
[  156.948690][T16578]  ? selinux_file_ioctl+0x180/0x270
[  156.948706][T16578]  ? selinux_file_ioctl+0xb4/0x270
[  156.948722][T16578]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  156.948743][T16578]  __x64_sys_ioctl+0x18e/0x210
[  156.948762][T16578]  do_syscall_64+0xcd/0xf80
[  156.948782][T16578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.948798][T16578] RIP: 0033:0x7efe7a98f7c9
[  156.948812][T16578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.948829][T16578] RSP: 002b:00007efe7b7da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  156.948846][T16578] RAX: ffffffffffffffda RBX: 00007efe7abe5fa0 RCX: 00007efe7a98f7c9
[  156.948853][T16578] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  156.948859][T16578] RBP: 00007efe7b7da090 R08: 0000000000000000 R09: 0000000000000000
[  156.948865][T16578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.948871][T16578] R13: 00007efe7abe6038 R14: 00007efe7abe5fa0 R15: 00007ffc60f83518
[  156.948886][T16578]  </TASK>
[  156.948962][T16578] syz.4.1712: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1
[  157.085577][T16578] CPU: 1 UID: 0 PID: 16578 Comm: syz.4.1712 Not tainted syzkaller #0 PREEMPT(full) 
[  157.085598][T16578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  157.085609][T16578] Call Trace:
[  157.085615][T16578]  <TASK>
[  157.085622][T16578]  dump_stack_lvl+0x16c/0x1f0
[  157.085644][T16578]  warn_alloc+0x248/0x3a0
[  157.085671][T16578]  ? __pfx_warn_alloc+0x10/0x10
[  157.085694][T16578]  ? rcu_is_watching+0x12/0xc0
[  157.085712][T16578]  ? trace_kmalloc+0x2b/0xb0
[  157.085731][T16578]  ? __get_vm_area_node+0x101/0x330
[  157.085754][T16578]  ? __kasan_kmalloc+0x8a/0xb0
[  157.085774][T16578]  ? __get_vm_area_node+0x208/0x330
[  157.085799][T16578]  __vmalloc_node_range_noprof+0xaf5/0x1480
[  157.085829][T16578]  ? vhost_task_create+0x1d2/0x370
[  157.085859][T16578]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  157.085885][T16578]  ? rcu_is_watching+0x12/0xc0
[  157.085904][T16578]  ? vhost_task_create+0x1d2/0x370
[  157.085926][T16578]  __vmalloc_node_noprof+0xad/0xf0
[  157.085946][T16578]  ? vhost_task_create+0x1d2/0x370
[  157.085972][T16578]  copy_process+0x2c40/0x74e0
[  157.086000][T16578]  ? __pfx_copy_process+0x10/0x10
[  157.086019][T16578]  ? lockdep_init_map_type+0x5c/0x270
[  157.086043][T16578]  ? lockdep_init_map_type+0x5c/0x270
[  157.086065][T16578]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  157.086090][T16578]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  157.086111][T16578]  vhost_task_create+0x1d2/0x370
[  157.086133][T16578]  ? __pfx_vhost_task_create+0x10/0x10
[  157.086155][T16578]  ? look_up_lock_class+0x6b/0x130
[  157.086181][T16578]  ? __pfx_vhost_task_fn+0x10/0x10
[  157.086211][T16578]  ? __pfx___mutex_lock+0x10/0x10
[  157.086235][T16578]  kvm_mmu_post_init_vm+0x1b7/0x380
[  157.086256][T16578]  kvm_arch_vcpu_ioctl_run+0x66/0x1860
[  157.086274][T16578]  ? kvm_vcpu_ioctl+0x149a/0x1660
[  157.086305][T16578]  kvm_vcpu_ioctl+0x5eb/0x1660
[  157.086340][T16578]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  157.086368][T16578]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  157.086390][T16578]  ? do_vfs_ioctl+0x128/0x14f0
[  157.086408][T16578]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  157.086426][T16578]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  157.086459][T16578]  ? hook_file_ioctl_common+0x145/0x410
[  157.086484][T16578]  ? selinux_file_ioctl+0x180/0x270
[  157.086507][T16578]  ? selinux_file_ioctl+0xb4/0x270
[  157.086531][T16578]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  157.086554][T16578]  __x64_sys_ioctl+0x18e/0x210
[  157.086573][T16578]  do_syscall_64+0xcd/0xf80
[  157.086607][T16578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.086625][T16578] RIP: 0033:0x7efe7a98f7c9
[  157.086638][T16578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.086654][T16578] RSP: 002b:00007efe7b7da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  157.086669][T16578] RAX: ffffffffffffffda RBX: 00007efe7abe5fa0 RCX: 00007efe7a98f7c9
[  157.086679][T16578] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  157.086688][T16578] RBP: 00007efe7b7da090 R08: 0000000000000000 R09: 0000000000000000
[  157.086698][T16578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.086706][T16578] R13: 00007efe7abe6038 R14: 00007efe7abe5fa0 R15: 00007ffc60f83518
[  157.086730][T16578]  </TASK>
[  157.086812][T16578] Mem-Info:
[  157.225606][T16578] active_anon:28421 inactive_anon:97 isolated_anon:0
[  157.225606][T16578]  active_file:2343 inactive_file:54149 isolated_file:0
[  157.225606][T16578]  unevictable:18165 dirty:536 writeback:0
[  157.225606][T16578]  slab_reclaimable:12831 slab_unreclaimable:116715
[  157.225606][T16578]  mapped:26079 shmem:18799 pagetables:1472
[  157.225606][T16578]  sec_pagetables:309 bounce:0
[  157.225606][T16578]  kernel_misc_reclaimable:0
[  157.225606][T16578]  free:366462 free_pcp:15195 free_cma:0
[  157.243099][T16578] Node 0 active_anon:98676kB inactive_anon:388kB active_file:7708kB inactive_file:216368kB unevictable:12676kB isolated(anon):0kB isolated(file):0kB mapped:104372kB dirty:2140kB writeback:0kB shmem:60024kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:16656kB pagetables:5476kB sec_pagetables:1232kB all_unreclaimable? no Balloon:0kB
[  157.243488][T16583] netlink: ct family unspecified
[  157.254723][T16578] Node 1 active_anon:15124kB inactive_anon:0kB active_file:1664kB inactive_file:228kB unevictable:59984kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:15172kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:176kB pagetables:312kB sec_pagetables:4kB all_unreclaimable? no Balloon:0kB
[  157.256300][T16583] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  157.269188][T16578] Node 0 DMA free:5376kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1032kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:328kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:212kB local_pcp:104kB free_cma:0kB
[  157.285115][T16578] lowmem_reserve[]: 0 1236 1236 1236 1236
[  157.287530][T16578] Node 0 DMA32 free:51404kB boost:0kB min:27548kB low:34432kB high:41316kB reserved_highatomic:0KB free_highatomic:0KB active_anon:97768kB inactive_anon:388kB active_file:7708kB inactive_file:216368kB unevictable:12348kB writepending:2140kB zspages:0kB present:2080628kB managed:1266680kB mlocked:0kB bounce:0kB free_pcp:24212kB local_pcp:2368kB free_cma:0kB
[  157.301217][T16578] lowmem_reserve[]: 0 0 0 0 0
[  157.302922][T16578] Node 1 Normal free:1408568kB boost:0kB min:39692kB low:49612kB high:59532kB reserved_highatomic:0KB free_highatomic:0KB active_anon:15124kB inactive_anon:0kB active_file:1664kB inactive_file:228kB unevictable:59984kB writepending:4kB zspages:0kB present:2097152kB managed:1781892kB mlocked:0kB bounce:0kB free_pcp:36256kB local_pcp:12384kB free_cma:0kB
[  157.307827][T16583] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=255 sclass=netlink_route_socket pid=16583 comm=syz.0.1713
[  157.313704][T16578] lowmem_reserve[]: 0 0 0 0 0
[  157.313730][T16578] Node 0 DMA: 9*4kB (UM) 7*8kB (UM) 7*16kB (M) 4*32kB (M) 3*64kB (UM) 0*128kB 1*256kB (U) 1*512kB (M) 2*1024kB (U) 1*2048kB (U) 0*4096kB = 5388kB
[  157.313838][T16578] Node 0 DMA32: 564*4kB (UME) 209*8kB (ME) 52*16kB (UME) 166*32kB (UME) 54*64kB (UME) 26*128kB (UME) 16*256kB (UME) 11*512kB (ME) 18*1024kB (UM) 1*2048kB (U) 1*4096kB (U) = 51160kB
[  157.313933][T16578] Node 1 Normal: 110*4kB (UME) 34*8kB (UME) 33*16kB (UME) 123*32kB (UME) 92*64kB (UME) 44*128kB (UME) 21*256kB (UM) 16*512kB (UM) 4*1024kB (UM) 1*2048kB (M) 335*4096kB (UM) = 1408568kB
[  157.336852][T16578] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  157.340172][T16578] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  157.343841][T16578] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  157.346958][T16578] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  157.350768][T16578] 91684 total pagecache pages
[  157.352746][T16578] 0 pages in swap cache
[  157.354588][T16578] Free swap  = 124996kB
[  157.356228][T16578] Total swap = 124996kB
[  157.357935][T16578] 1048443 pages RAM
[  157.359356][T16578] 0 pages HighMem/MovableOnly
[  157.360953][T16578] 282460 pages reserved
[  157.362387][T16578] 0 pages cma reserved
[  157.365755][T16587] overlayfs: failed to clone upperpath
[  157.514001][T16600] __nla_validate_parse: 1 callbacks suppressed
[  157.514015][T16600] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1716'.
[  157.523495][T16599] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1716'.
[  157.626100][T16616] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1718'.
[  157.629304][T16616] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1718'.
[  157.646695][T16616] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  157.649712][T16616] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  157.762928][   T10] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  157.877861][T16631] dns_resolver: Unsupported server list version (0)
[  157.891179][   T40] audit: type=1400 audit(157.800:1061): avc:  denied  { getopt } for  pid=16630 comm="syz.3.1726" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  157.923417][   T10] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  157.926677][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  157.929511][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  157.933136][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  157.936182][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  157.939248][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  157.943982][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  157.950240][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  157.954179][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  157.958263][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  157.961396][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  157.964876][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  157.968406][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  157.971393][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  157.974429][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  157.977765][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  157.982401][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  157.985824][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  157.989729][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  157.992593][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  157.995764][T16634] FAULT_INJECTION: forcing a failure.
[  157.995764][T16634] name failslab, interval 1, probability 0, space 0, times 0
[  157.995781][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  157.995796][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  158.000310][T16634] CPU: 3 UID: 0 PID: 16634 Comm: syz.3.1727 Not tainted syzkaller #0 PREEMPT(full) 
[  158.000330][T16634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  158.000340][T16634] Call Trace:
[  158.000359][T16634]  <TASK>
[  158.000366][T16634]  dump_stack_lvl+0x16c/0x1f0
[  158.000401][T16634]  should_fail_ex+0x512/0x640
[  158.000431][T16634]  ? __kmalloc_noprof+0xca/0x870
[  158.000457][T16634]  should_failslab+0xc2/0x120
[  158.000479][T16634]  __kmalloc_noprof+0xdd/0x870
[  158.000503][T16634]  ? lsm_blob_alloc+0x68/0x90
[  158.000527][T16634]  ? lsm_blob_alloc+0x68/0x90
[  158.000543][T16634]  lsm_blob_alloc+0x68/0x90
[  158.000562][T16634]  security_task_alloc+0x2d/0x260
[  158.000581][T16634]  copy_process+0x21ac/0x74e0
[  158.000612][T16634]  ? __pfx_copy_process+0x10/0x10
[  158.000633][T16634]  ? lockdep_init_map_type+0x5c/0x270
[  158.000657][T16634]  ? lockdep_init_map_type+0x5c/0x270
[  158.000681][T16634]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  158.000706][T16634]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  158.000727][T16634]  vhost_task_create+0x1d2/0x370
[  158.000752][T16634]  ? __pfx_vhost_task_create+0x10/0x10
[  158.000773][T16634]  ? look_up_lock_class+0x6b/0x130
[  158.000799][T16634]  ? __pfx_vhost_task_fn+0x10/0x10
[  158.000826][T16634]  ? __pfx___mutex_lock+0x10/0x10
[  158.000851][T16634]  kvm_mmu_post_init_vm+0x1b7/0x380
[  158.000872][T16634]  kvm_arch_vcpu_ioctl_run+0x66/0x1860
[  158.000890][T16634]  ? kvm_vcpu_ioctl+0x149a/0x1660
[  158.000919][T16634]  kvm_vcpu_ioctl+0x5eb/0x1660
[  158.000946][T16634]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  158.000970][T16634]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  158.000991][T16634]  ? do_vfs_ioctl+0x128/0x14f0
[  158.001010][T16634]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  158.001028][T16634]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  158.001061][T16634]  ? hook_file_ioctl_common+0x145/0x410
[  158.001087][T16634]  ? selinux_file_ioctl+0x180/0x270
[  158.001109][T16634]  ? selinux_file_ioctl+0xb4/0x270
[  158.001134][T16634]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  158.001173][T16634]  __x64_sys_ioctl+0x18e/0x210
[  158.001193][T16634]  do_syscall_64+0xcd/0xf80
[  158.001211][T16634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.001226][T16634] RIP: 0033:0x7f390138f7c9
[  158.001239][T16634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.001254][T16634] RSP: 002b:00007f390230a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  158.001270][T16634] RAX: ffffffffffffffda RBX: 00007f39015e5fa0 RCX: 00007f390138f7c9
[  158.001280][T16634] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  158.001310][T16634] RBP: 00007f390230a090 R08: 0000000000000000 R09: 0000000000000000
[  158.001320][T16634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.001329][T16634] R13: 00007f39015e6038 R14: 00007f39015e5fa0 R15: 00007ffe86fb9808
[  158.001548][T16634]  </TASK>
[  158.103581][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  158.106210][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  158.110221][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  158.116848][   T10] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  158.119837][   T10] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  158.122329][   T10] usb 6-1: Product: syz
[  158.123852][   T10] usb 6-1: Manufacturer: syz
[  158.125431][   T10] usb 6-1: SerialNumber: syz
[  158.129622][   T10] usb 6-1: config 0 descriptor??
[  158.135308][   T10] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[  158.375336][T16602] loop5: detected capacity change from 0 to 7
[  158.457196][T16659] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1730'.
[  158.486285][    C0] usb 6-1: yurex_control_callback - control failed: -71
[  158.486528][   T34] usb 6-1: USB disconnect, device number 21
[  158.495792][   T34] yurex 6-1:0.0: USB YUREX #0 now disconnected
[  158.553328][ T5951] Dev loop5: unable to read RDB block 7
[  158.555901][ T5951]  loop5: unable to read partition table
[  158.558750][ T5951] loop5: partition table beyond EOD, truncated
[  158.624327][T16659] gretap0: entered promiscuous mode
[  158.687860][T16670] macvlan0: entered promiscuous mode
[  158.695694][T16670] netlink: 'syz.4.1731': attribute type 1 has an invalid length.
[  158.698245][T16670] netlink: 'syz.4.1731': attribute type 2 has an invalid length.
[  158.764866][T16602] Dev loop5: unable to read RDB block 7
[  158.769801][T16602]  loop5: unable to read partition table
[  158.772401][T16602] loop5: partition table beyond EOD, truncated
[  158.776229][T16602] loop_reread_partitions: partition scan of loop5 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  158.838739][T16692] ALSA: seq fatal error: cannot create timer (-16)
[  158.938266][T16696] input: syz0 as /devices/virtual/input/input29
[  159.446095][   T54] IPVS: starting estimator thread 0...
[  159.449356][T16741] usb usb8: check_ctrlrecip: process 16741 (syz.1.1741) requesting ep 01 but needs 81
[  159.452440][T16741] usb usb8: usbfs: process 16741 (syz.1.1741) did not claim interface 0 before use
[  159.467106][T16741] syzkaller0: entered promiscuous mode
[  159.468945][T16741] syzkaller0: entered allmulticast mode
[  159.546299][T16743] IPVS: using max 45 ests per chain, 108000 per kthread
[  159.548224][ T1029] libceph: connect (1)[c::]:6789 error -101
[  159.550962][ T1029] libceph: mon0 (1)[c::]:6789 connect error
[  159.556740][T16729] ceph: No mds server is up or the cluster is laggy
[  159.658845][   T40] audit: type=1326 audit(159.570:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16767 comm="syz.1.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f716ab8f7c9 code=0x7ffc0000
[  159.670696][   T40] audit: type=1326 audit(159.570:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16767 comm="syz.1.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f716ab8f7c9 code=0x7ffc0000
[  159.683809][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  159.683819][   T40] audit: type=1326 audit(159.600:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16767 comm="syz.1.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f716ab8f3cb code=0x7ffc0000
[  159.696579][   T40] audit: type=1326 audit(159.600:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16767 comm="syz.1.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f716ab8f3cb code=0x7ffc0000
[  159.793752][   T40] audit: type=1326 audit(159.710:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16767 comm="syz.1.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f716ab8f3cb code=0x7ffc0000
[  159.873201][   T40] audit: type=1326 audit(159.790:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16767 comm="syz.1.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f716ab8f3cb code=0x7ffc0000
[  159.890638][T16778] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1746'.
[  159.943269][   T54] usb 6-1: new low-speed USB device number 22 using dummy_hcd
[  159.954036][   T40] audit: type=1326 audit(159.870:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16767 comm="syz.1.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f716ab8f3cb code=0x7ffc0000
[  159.966804][   T40] audit: type=1326 audit(159.870:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16767 comm="syz.1.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f716ab8f3cb code=0x7ffc0000
[  159.977143][   T40] audit: type=1326 audit(159.870:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16767 comm="syz.1.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f716ab8f3cb code=0x7ffc0000
[  160.023216][   T40] audit: type=1326 audit(159.940:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16767 comm="syz.1.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f716ab8f3cb code=0x7ffc0000
[  160.032201][T16788] xfrm0 speed is unknown, defaulting to 1000
[  160.035595][T16788] lo speed is unknown, defaulting to 1000
[  160.083554][   T54] usb 6-1: device descriptor read/64, error -71
[  160.208663][   T40] audit: type=1326 audit(160.120:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16767 comm="syz.1.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f716ab8f3cb code=0x7ffc0000
[  160.220678][   T40] audit: type=1326 audit(160.130:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16767 comm="syz.1.1745" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f716ab8f3cb code=0x7ffc0000
[  160.261196][T16829] overlayfs: overlapping lowerdir path
[  160.309720][T16833] kernel read not supported for file /blkio.bfq.io_wait_time_recursive (pid: 16833 comm: syz.4.1752)
[  160.353248][   T54] usb 6-1: new low-speed USB device number 23 using dummy_hcd
[  160.493139][   T54] usb 6-1: device descriptor read/64, error -71
[  160.603576][   T54] usb usb6-port1: attempt power cycle
[  160.667105][T16867] IPv6: NLM_F_CREATE should be specified when creating new route
[  160.746530][T16872] lo: Caught tx_queue_len zero misconfig
[  160.763917][ T6021] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  160.903233][ T6021] usb 9-1: device descriptor read/64, error -71
[  160.963130][   T54] usb 6-1: new low-speed USB device number 24 using dummy_hcd
[  160.983547][   T54] usb 6-1: device descriptor read/8, error -71
[  161.014105][   T10] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  161.014141][ T5296] Bluetooth: hci1: command 0x0c1a tx timeout
[  161.016338][   T10] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  161.153006][ T6021] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  161.243164][   T54] usb 6-1: new low-speed USB device number 25 using dummy_hcd
[  161.263766][   T54] usb 6-1: device descriptor read/8, error -71
[  161.293083][ T6021] usb 9-1: device descriptor read/64, error -71
[  161.373477][   T54] usb usb6-port1: unable to enumerate USB device
[  161.403330][ T6021] usb usb9-port1: attempt power cycle
[  161.699611][T16899] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1772'.
[  161.743159][ T6021] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  161.763535][ T6021] usb 9-1: device descriptor read/8, error -71
[  161.799029][T16916] xt_CONNSECMARK: invalid mode: 0
[  162.003017][ T6021] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  162.023393][ T6021] usb 9-1: device descriptor read/8, error -71
[  162.133128][ T6021] usb usb9-port1: unable to enumerate USB device
[  162.646396][T16944] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1786'.
[  162.935876][T16967] ceph: No source
[  163.093093][   T10] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  163.095684][   T10] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  163.102943][    C1] ------------[ cut here ]------------
[  163.106794][    C1] workqueue: cannot queue hci_cmd_timeout on wq hci3
[  163.109069][    C1] WARNING: kernel/workqueue.c:2257 at 0x0, CPU#1: swapper/1/0
[  163.111711][    C1] Modules linked in:
[  163.113306][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  163.116357][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  163.120004][    C1] RIP: 0010:__queue_work+0xca1/0x10e0
[  163.121962][    C1] Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d 53 86 04 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 20 ad 39 00 90 0f 0b 90 e9 15 f6
[  163.128535][    C1] RSP: 0018:ffffc900006a0be8 EFLAGS: 00010046
[  163.130644][    C1] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11004e31132
[  163.133410][    C1] RDX: ffff8880297df178 RSI: ffffffff8a540c10 RDI: ffffffff9088a710
[  163.136088][    C1] RBP: ffff888027188978 R08: 0000000000000005 R09: 0000000000000000
[  163.138789][    C1] R10: 0000000000000100 R11: 00000000ffffffff R12: 1ffff920000d418f
[  163.141877][    C1] R13: ffffffff81843200 R14: 0000000000000101 R15: ffff8880297df000
[  163.144926][    C1] FS:  0000000000000000(0000) GS:ffff8880d6a9e000(0000) knlGS:0000000000000000
[  163.147925][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  163.150495][    C1] CR2: 000000110c2a6057 CR3: 0000000051399000 CR4: 0000000000352ef0
[  163.153162][    C1] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[  163.155828][    C1] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  163.158345][    C1] Call Trace:
[  163.159463][    C1]  <IRQ>
[  163.160454][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  163.162399][    C1]  call_timer_fn+0x19a/0x5a0
[  163.163923][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  163.165686][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  163.167557][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  163.169492][    C1]  ? __run_timers+0x559/0xae0
[  163.171072][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  163.172973][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  163.174943][    C1]  __run_timers+0x569/0xae0
[  163.176430][    C1]  ? __pfx___run_timers+0x10/0x10
[  163.178084][    C1]  run_timer_base+0x114/0x190
[  163.179596][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  163.181361][    C1]  ? rcu_is_watching+0x12/0xc0
[  163.182941][    C1]  run_timer_softirq+0x1a/0x40
[  163.184523][    C1]  handle_softirqs+0x219/0x8b0
[  163.186190][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  163.187925][    C1]  __irq_exit_rcu+0x109/0x170
[  163.189496][    C1]  irq_exit_rcu+0x9/0x30
[  163.190930][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  163.192770][    C1]  </IRQ>
[  163.193768][    C1]  <TASK>
[  163.194777][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  163.196772][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  163.198722][    C1] Code: 96 76 02 e9 d3 2f 03 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 13 03 2c 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  163.204956][    C1] RSP: 0018:ffffc90000177de8 EFLAGS: 00000282
[  163.207036][    C1] RAX: 00000000001789bf RBX: 0000000000000001 RCX: ffffffff8b5e56f9
[  163.210061][    C1] RDX: 0000000000000000 RSI: ffffffff8daa2b04 RDI: ffffffff8bf1cd20
[  163.213014][    C1] RBP: ffffed1003b54498 R08: 0000000000000001 R09: ffffed100d4a672d
[  163.215686][    C1] R10: ffff88806a53396b R11: 00000000ffffffff R12: 0000000000000001
[  163.218336][    C1] R13: ffff88801daa24c0 R14: ffffffff9085b9d0 R15: 0000000000000000
[  163.221021][    C1]  ? ct_kernel_exit+0x139/0x190
[  163.222741][    C1]  default_idle+0x13/0x20
[  163.224235][    C1]  default_idle_call+0x6c/0xb0
[  163.225840][    C1]  do_idle+0x38d/0x500
[  163.227297][    C1]  ? __pfx_do_idle+0x10/0x10
[  163.228965][    C1]  cpu_startup_entry+0x4f/0x60
[  163.230610][    C1]  start_secondary+0x21d/0x2b0
[  163.232190][    C1]  ? __pfx_start_secondary+0x10/0x10
[  163.233935][    C1]  common_startup_64+0x13e/0x148
[  163.235720][    C1]  </TASK>
[  163.236840][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  163.239243][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  163.242240][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  163.245726][    C1] Call Trace:
[  163.246827][    C1]  <IRQ>
[  163.247781][    C1]  dump_stack_lvl+0x3d/0x1f0
[  163.249309][    C1]  vpanic+0x640/0x6f0
[  163.250630][    C1]  panic+0xca/0xd0
[  163.251864][    C1]  ? __pfx_panic+0x10/0x10
[  163.253350][    C1]  ? check_panic_on_warn+0x1f/0xb0
[  163.255050][    C1]  check_panic_on_warn+0xab/0xb0
[  163.256681][    C1]  __warn+0x108/0x3c0
[  163.258045][    C1]  __report_bug+0x2a0/0x520
[  163.259542][    C1]  ? __pfx___report_bug+0x10/0x10
[  163.261180][    C1]  ? do_idle+0x38d/0x500
[  163.262533][    C1]  ? cpu_startup_entry+0x4f/0x60
[  163.264132][    C1]  ? start_secondary+0x21d/0x2b0
[  163.265804][    C1]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  163.267549][    C1]  report_bug_entry+0xb2/0x220
[  163.269133][    C1]  ? __queue_work+0xca1/0x10e0
[  163.270720][    C1]  handle_bug+0x18a/0x260
[  163.272168][    C1]  exc_invalid_op+0x17/0x50
[  163.273793][    C1]  asm_exc_invalid_op+0x1a/0x20
[  163.275472][    C1] RIP: 0010:__queue_work+0xca1/0x10e0
[  163.277231][    C1] Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d 53 86 04 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 20 ad 39 00 90 0f 0b 90 e9 15 f6
[  163.283484][    C1] RSP: 0018:ffffc900006a0be8 EFLAGS: 00010046
[  163.285510][    C1] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11004e31132
[  163.288063][    C1] RDX: ffff8880297df178 RSI: ffffffff8a540c10 RDI: ffffffff9088a710
[  163.290626][    C1] RBP: ffff888027188978 R08: 0000000000000005 R09: 0000000000000000
[  163.293184][    C1] R10: 0000000000000100 R11: 00000000ffffffff R12: 1ffff920000d418f
[  163.295777][    C1] R13: ffffffff81843200 R14: 0000000000000101 R15: ffff8880297df000
[  163.298389][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  163.300356][    C1]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  163.302153][    C1]  ? __queue_work+0xc70/0x10e0
[  163.303741][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  163.305685][    C1]  call_timer_fn+0x19a/0x5a0
[  163.307204][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  163.308891][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  163.310805][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  163.312707][    C1]  ? __run_timers+0x559/0xae0
[  163.314274][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  163.316211][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  163.318121][    C1]  __run_timers+0x569/0xae0
[  163.319637][    C1]  ? __pfx___run_timers+0x10/0x10
[  163.321338][    C1]  run_timer_base+0x114/0x190
[  163.323019][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  163.324762][    C1]  ? rcu_is_watching+0x12/0xc0
[  163.326458][    C1]  run_timer_softirq+0x1a/0x40
[  163.328056][    C1]  handle_softirqs+0x219/0x8b0
[  163.329672][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  163.331444][    C1]  __irq_exit_rcu+0x109/0x170
[  163.333070][    C1]  irq_exit_rcu+0x9/0x30
[  163.334561][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  163.336439][    C1]  </IRQ>
[  163.337407][    C1]  <TASK>
[  163.338378][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  163.340276][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  163.342097][    C1] Code: 96 76 02 e9 d3 2f 03 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 13 03 2c 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  163.350652][    C1] RSP: 0018:ffffc90000177de8 EFLAGS: 00000282
[  163.352605][    C1] RAX: 00000000001789bf RBX: 0000000000000001 RCX: ffffffff8b5e56f9
[  163.355145][    C1] RDX: 0000000000000000 RSI: ffffffff8daa2b04 RDI: ffffffff8bf1cd20
[  163.357700][    C1] RBP: ffffed1003b54498 R08: 0000000000000001 R09: ffffed100d4a672d
[  163.360253][    C1] R10: ffff88806a53396b R11: 00000000ffffffff R12: 0000000000000001
[  163.362801][    C1] R13: ffff88801daa24c0 R14: ffffffff9085b9d0 R15: 0000000000000000
[  163.365396][    C1]  ? ct_kernel_exit+0x139/0x190
[  163.367074][    C1]  default_idle+0x13/0x20
[  163.368478][    C1]  default_idle_call+0x6c/0xb0
[  163.370404][    C1]  do_idle+0x38d/0x500
[  163.371904][    C1]  ? __pfx_do_idle+0x10/0x10
[  163.373477][    C1]  cpu_startup_entry+0x4f/0x60
[  163.375037][    C1]  start_secondary+0x21d/0x2b0
[  163.376602][    C1]  ? __pfx_start_secondary+0x10/0x10
[  163.378324][    C1]  common_startup_64+0x13e/0x148
[  163.379912][    C1]  </TASK>
[  163.381652][    C1] Kernel Offset: disabled
[  163.383217][    C1] Rebooting in 86400 seconds..