last executing test programs:

3m16.224979937s ago: executing program 0 (id=140):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000000, 0x5d032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
syz_clone(0x11, 0x0, 0x3e, 0x0, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x18, &(0x7f0000000100)=0x9, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0xb6, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x3)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304}, "dce02de9d7bd466b", "72e64b3892cb7025848c9f40363cf916", "cfff3c66", "e2b768b4bb9e0d9b"}, 0x28)
sendto$inet6(r2, &(0x7f0000000300)='S', 0xfffffffffffffe94, 0xc000, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0x40, 0x24, 0xd0f, 0x70bd26, 0x25dfdbfc, {0x60, 0x0, 0x0, r4, {0x0, 0xfff0}, {0xffff, 0xffff}, {0x14, 0xc}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0xffffffc0, 0xb, 0x1}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8004}, 0x0)
userfaultfd(0x801) (async)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000000, 0x5d032, 0xffffffffffffffff, 0x0) (async)
userfaultfd(0x80801) (async)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)) (async)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) (async)
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) (async)
syz_clone(0x11, 0x0, 0x3e, 0x0, 0x0, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
setsockopt$inet6_tcp_int(r2, 0x6, 0x18, &(0x7f0000000100)=0x9, 0x4) (async)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0xb6, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) (async)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x3) (async)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304}, "dce02de9d7bd466b", "72e64b3892cb7025848c9f40363cf916", "cfff3c66", "e2b768b4bb9e0d9b"}, 0x28) (async)
sendto$inet6(r2, &(0x7f0000000300)='S', 0xfffffffffffffe94, 0xc000, 0x0, 0x0) (async)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) (async)
close(r2) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) (async)
socket$inet_smc(0x2b, 0x1, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00'}) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0x40, 0x24, 0xd0f, 0x70bd26, 0x25dfdbfc, {0x60, 0x0, 0x0, r4, {0x0, 0xfff0}, {0xffff, 0xffff}, {0x14, 0xc}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0xffffffc0, 0xb, 0x1}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8004}, 0x0) (async)

3m15.965938185s ago: executing program 0 (id=146):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='mnt/encrypted_dir\x00', 0x200)
mount(0x0, 0x0, 0x0, 0x1214040, 0x0)
set_mempolicy(0x2002, &(0x7f0000000000)=0x9, 0x9)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='mnt/encrypted_dir\x00', 0x200) (async)
mount(0x0, 0x0, 0x0, 0x1214040, 0x0) (async)
set_mempolicy(0x2002, &(0x7f0000000000)=0x9, 0x9) (async)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11}, &(0x7f0000000000)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) (async)
syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
pipe(&(0x7f0000000040)) (async)

3m14.494643839s ago: executing program 0 (id=164):
r0 = socket$kcm(0x10, 0x0, 0x0)
r1 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x3, 0x90000)
ioctl$USBDEVFS_FREE_STREAMS(r2, 0x8008551d, &(0x7f00000000c0)={0xe7f1, 0x7, [{0x4}, {0xd}, {0x8, 0x1}, {0x8}, {0x1}, {0xf}, {0xe}]})
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r1, 0x800442d4, &(0x7f0000000000)=0xe1df)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002cbd702000dcdf251a0000004c00228004000080041800803400008008000100ff0000000800070001010000080004004725ffff080003000000000000000700070000000800030005000000040000800300008004000080060021"], 0x68}, 0x1, 0x0, 0x0, 0x4008145}, 0x8000)
sendmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb9200a4831371400000069bd6efb2502eaf60d000300020400bf050005001201", 0x2e}], 0x1}, 0x0)

3m14.396636661s ago: executing program 0 (id=166):
pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x3008002, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76695a74696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x9, 0x2}, 0x10)
write(r1, &(0x7f00000000c0)="1b0000001e005f025145e9676a2cbf0dffffffff01000000000000", 0x1b)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x7ffe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r5, {0xe, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1a29d}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffff55a, 0x4, 0x8, 0x3, 0x9}, 0x73}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x884}, 0x2)
close(r3)
socket(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r6, &(0x7f0000000280)={&(0x7f0000000540)=@xdp={0x2c, 0x0, r5, 0x42}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000002c0)="27030200dc0f14000e00203c002400004000ff8400000066c1532cc10200000003125ce882cbf490d90812533f00", 0x2e}], 0x1}, 0x4005)
chdir(&(0x7f0000000100)='./file0\x00')
r7 = creat(&(0x7f0000000000)='./file0\x00', 0x6a)
write$binfmt_elf32(r7, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200018"], 0x69)
mkdir(&(0x7f0000000280)='./cgroup\x00', 0x151)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r7, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x20, 0x0, 0x10, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x200, 0x4d}}}}, ["", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r8, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "71a19060009f0000000000000000001aa241d3c6895c4100", 0x800000})

3m14.236426505s ago: executing program 0 (id=169):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
fcntl$setstatus(r0, 0x4, 0x2400)
write(r0, &(0x7f0000001240)="e184d6a2", 0x4)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x618001, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r3, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='stat\x00')
read$FUSE(r4, &(0x7f0000004180)={0x2020}, 0x2020)
sendto$l2tp(r4, &(0x7f00000000c0)="d4e5af3c4d8dadfd2d44bae7f73e9fe68cdc124734091b13e244e3ff1481037eaaabe87f823c", 0x26, 0x20048894, 0x0, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x0, 0x2, 0x1, 0x0, @adapter={0x80000001, 0xd, 0xfff, 0x3, 0x8}}]})
ioctl$KVM_CAP_X2APIC_API(r3, 0x4068aea3, &(0x7f0000000240)={0x81, 0x0, 0x1})
socket(0x11, 0x6, 0xd)
ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f00000002c0)={0x0, 0xffffffff})
ioctl$KDSKBMODE(r1, 0x4b45, &(0x7f0000000080)=0x3)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r5, 0x89f1, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f0000000000)=@ethtool_cmd={0x0, 0x0, 0x0, 0x200, 0x2, 0x0, 0x0, 0x0, 0xdb, 0x4, 0x0, 0xfffff7fc, 0x4, 0x0, 0x0, 0x47, [0xfffffffc, 0x80]}})
socket$nl_generic(0x10, 0x3, 0x10) (async)
fcntl$setstatus(r0, 0x4, 0x2400) (async)
write(r0, &(0x7f0000001240)="e184d6a2", 0x4) (async)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x618001, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
ioctl$KVM_CAP_EXIT_HYPERCALL(r3, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) (async)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='stat\x00') (async)
read$FUSE(r4, &(0x7f0000004180)={0x2020}, 0x2020) (async)
sendto$l2tp(r4, &(0x7f00000000c0)="d4e5af3c4d8dadfd2d44bae7f73e9fe68cdc124734091b13e244e3ff1481037eaaabe87f823c", 0x26, 0x20048894, 0x0, 0x0) (async)
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x0, 0x2, 0x1, 0x0, @adapter={0x80000001, 0xd, 0xfff, 0x3, 0x8}}]}) (async)
ioctl$KVM_CAP_X2APIC_API(r3, 0x4068aea3, &(0x7f0000000240)={0x81, 0x0, 0x1}) (async)
socket(0x11, 0x6, 0xd) (async)
ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f00000002c0)={0x0, 0xffffffff}) (async)
ioctl$KDSKBMODE(r1, 0x4b45, &(0x7f0000000080)=0x3) (async)
socket$inet_mptcp(0x2, 0x1, 0x106) (async)
ioctl$sock_SIOCETHTOOL(r5, 0x89f1, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f0000000000)=@ethtool_cmd={0x0, 0x0, 0x0, 0x200, 0x2, 0x0, 0x0, 0x0, 0xdb, 0x4, 0x0, 0xfffff7fc, 0x4, 0x0, 0x0, 0x47, [0xfffffffc, 0x80]}}) (async)

3m13.70544199s ago: executing program 0 (id=178):
r0 = socket$netlink(0x10, 0x3, 0x0)
modify_ldt$read(0x0, 0x0, 0x0)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003000500000000620b4030d6c59dcb6e12ca7f973b945a81a00436603a5aa1da782ae962505c26e25083e5afa901887f14d966e5dbe4fc818f0201965f0eca86c482c5968fd1c062fa13d1ab6982d2b309b15010977ea2a74498aaf30c8e1f1ed811ec71c0c3000000", 0x9b}, {&(0x7f0000000200)="bcd36572eb32598a3a55f47ff8c6f92a3795499040b639c145201a2110048d657234cf74212b5b5827c704000000000000003afff5f418e907a9ad97e89b53ce0705000ed5882e8afc3e791b95c07079b542d39a72a85fed640f5af7427cb3cd41b468ee61aedc77d093a04d8f7226a3e346c5e7774a867ba107c0ba1254244b650746577ed1bdcaffdcba150f7a3563905844830a09dd0210fc113d9d0f869a8d19573a9ed647fdf113", 0xaa}], 0x2)

3m13.700834052s ago: executing program 32 (id=178):
r0 = socket$netlink(0x10, 0x3, 0x0)
modify_ldt$read(0x0, 0x0, 0x0)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003000500000000620b4030d6c59dcb6e12ca7f973b945a81a00436603a5aa1da782ae962505c26e25083e5afa901887f14d966e5dbe4fc818f0201965f0eca86c482c5968fd1c062fa13d1ab6982d2b309b15010977ea2a74498aaf30c8e1f1ed811ec71c0c3000000", 0x9b}, {&(0x7f0000000200)="bcd36572eb32598a3a55f47ff8c6f92a3795499040b639c145201a2110048d657234cf74212b5b5827c704000000000000003afff5f418e907a9ad97e89b53ce0705000ed5882e8afc3e791b95c07079b542d39a72a85fed640f5af7427cb3cd41b468ee61aedc77d093a04d8f7226a3e346c5e7774a867ba107c0ba1254244b650746577ed1bdcaffdcba150f7a3563905844830a09dd0210fc113d9d0f869a8d19573a9ed647fdf113", 0xaa}], 0x2)

2m43.954769016s ago: executing program 2 (id=559):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x1, 0x1f, 0x3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdf, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x1, 0x3ff, 0x6})
clock_gettime(0x0, &(0x7f00000001c0))
ppoll(&(0x7f0000000040)=[{r2, 0x1000}, {r3, 0x400}], 0x2, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x6, 0x401f, 0x3})
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240), 0x20000, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x20000, 0x6c)
renameat(r4, &(0x7f0000000280)='./file0\x00', r5, &(0x7f0000000340)='./file0\x00')
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001e000100000000000000000007000000", @ANYRES32, @ANYBLOB="000004000a0002"], 0x28}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2m43.073258973s ago: executing program 2 (id=566):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
socket$packet(0x11, 0x2, 0x300)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/packet\x00')
lseek(r1, 0x20000000000002, 0x1)
mount$cgroup2(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x400, &(0x7f00000003c0)={[{@pids_localevents}, {@memory_hugetlb_accounting}, {}, {@pids_localevents}, {@favordynmods}, {}], [{@euid_eq}, {@hash}, {@audit}, {@uid_lt}]})
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c00018006000600843b0000971b0280540219"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async)
socket$packet(0x11, 0x2, 0x300) (async)
syz_open_procfs(0x0, &(0x7f0000000040)='net/packet\x00') (async)
lseek(r1, 0x20000000000002, 0x1) (async)
mount$cgroup2(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x400, &(0x7f00000003c0)={[{@pids_localevents}, {@memory_hugetlb_accounting}, {}, {@pids_localevents}, {@favordynmods}, {}], [{@euid_eq}, {@hash}, {@audit}, {@uid_lt}]}) (async)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c00018006000600843b0000971b0280540219"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) (async)

2m43.072775226s ago: executing program 2 (id=567):
syz_emit_ethernet(0x66, &(0x7f0000001380)=ANY=[@ANYBLOB="0180c2000003aaaaaaaaaaaa86dd607862840030000120010000100000000000000000000000fe8000000000000000000000000000002f04000000000000071800000000040000d604"], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) (async)
r0 = socket$inet_tcp(0x2, 0x1, 0x0) (async)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) (async)
ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x4004556b, 0x50)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6) (async)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, 0x0, 0x0) (async)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300000200000000fbdbdf25fc000000000000000000000000000001fe80004000000000000000000000e6fa00000004000000000a006080"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) (async)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) (async)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e00"], 0xb8}}, 0x20004000) (async)
sendmsg$nl_xfrm(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001300e9990500000000000000fc000000000000000000000000000000fc00000000000000000000000000000000000000000000000a0030"], 0xb8}}, 0x4000) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0}) (async, rerun: 64)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) (async, rerun: 64)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r7 = socket$nl_route(0x10, 0x3, 0x0) (async)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r9 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = syz_kvm_setup_syzos_vm$x86(r10, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$x86(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000500)=[@wrmsr={0x65, 0x20, {0x4b564d01, 0x9}}], 0x20})
ioctl$KVM_RUN(r12, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x12, 0x0, 0x1fe}]})
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r13, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) (async)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="d00000001000030400"/20, @ANYRES32=r13, @ANYBLOB="5606090000000000b00012800b0001006970367674690000a0000280140004000000000000000000000000000000000114000400fe88000000000000000000000000000114000400fc01000000000000000000000000000114000500fc00000000000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="0800030000000000080002000c00000008000100", @ANYRES32=r4, @ANYBLOB="0800000000000000080001008099c1a1c76720ebcd31622c899d420c992605453705e0", @ANYRES32=r13, @ANYBLOB="080006000500000014000400fc010000000000000000000000000001"], 0xd0}, 0x1, 0x0, 0x0, 0x690}, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)

2m43.012938568s ago: executing program 2 (id=569):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x30}}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000d00)=@mangle={'mangle\x00', 0x64, 0x6, 0x4e8, 0x3e4, 0x524, 0x114, 0x114, 0x3e4, 0x670, 0x670, 0x670, 0x670, 0x670, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xc8}, @common=@unspec=@CONNSECMARK={0x24, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}, {{@ipv6={@mcast2, @empty, [0x0, 0x0, 0xff0000ff], [0x0, 0x0, 0x0, 0xff], 'veth0_to_team\x00', 'syzkaller0\x00', {}, {0xff}}, 0x0, 0xa4, 0xe8}, @SNPT={0x44, 'SNPT\x00', 0x0, {@ipv6=@empty, @ipv6=@private1, 0x0, 0x38}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @inet=@DSCP={0x24}}, {{@uncond, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@empty, 0x4e22}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x544)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000d40)=ANY=[@ANYBLOB="1800"/14], 0x0}, 0x94)
io_uring_register$IORING_REGISTER_IOWQ_AFF(0xffffffffffffffff, 0x25, &(0x7f0000000d40)="01", 0x1)
r0 = io_uring_setup(0x4, &(0x7f0000000040)={0x0, 0x7157, 0xc000, 0x0, 0x20002f7})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f00000001c0), 0x8, &(0x7f0000000200)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r1 = open$dir(&(0x7f00000042c0)='./file1\x00', 0x4240, 0x0)
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000001280)=ANY=[])
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x13, 0x0, 0x0, &(0x7f0000000680)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000000)={0xb, 0x29, 0x2, {0x401}}, 0xb)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
syz_clone3(&(0x7f0000001240)={0x2c0000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

2m42.936266275s ago: executing program 2 (id=570):
r0 = openat$ndctl0(0xffffffffffffff9c, &(0x7f00000006c0), 0x141440, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000140))

2m42.656171635s ago: executing program 2 (id=572):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000500)=[@wrmsr={0x65, 0x20, {0x4b564d01, 0x9}}], 0x20})
fcntl$lock(r0, 0x25, &(0x7f0000000000)={0x2, 0x4, 0x4, 0x4bf})
syz_open_dev$radio(&(0x7f0000000180), 0x1, 0x2)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
munmap(&(0x7f0000c75000/0x4000)=nil, 0x4000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
read(r4, &(0x7f00000002c0)=""/153, 0x99)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x14032, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_MOVE(r4, 0xc028aa05, &(0x7f0000000140)={&(0x7f00000e9000/0x2000)=nil, &(0x7f0000c76000/0x1000)=nil, 0x2000, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x12, 0x0, 0x1fe}]})

2m42.624998773s ago: executing program 33 (id=572):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000500)=[@wrmsr={0x65, 0x20, {0x4b564d01, 0x9}}], 0x20})
fcntl$lock(r0, 0x25, &(0x7f0000000000)={0x2, 0x4, 0x4, 0x4bf})
syz_open_dev$radio(&(0x7f0000000180), 0x1, 0x2)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
munmap(&(0x7f0000c75000/0x4000)=nil, 0x4000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
read(r4, &(0x7f00000002c0)=""/153, 0x99)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x14032, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_MOVE(r4, 0xc028aa05, &(0x7f0000000140)={&(0x7f00000e9000/0x2000)=nil, &(0x7f0000c76000/0x1000)=nil, 0x2000, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x12, 0x0, 0x1fe}]})

1m23.263835045s ago: executing program 1 (id=1837):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001640)=@bpf_tracing={0x1a, 0x39, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, {}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @map_val={0x18, 0x8, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffb}, @generic={0xe, 0x0, 0x9, 0x5, 0x800}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffffe}]}, &(0x7f00000004c0)='syzkaller\x00', 0x800, 0x1000, &(0x7f0000000500)=""/4096, 0x40f00, 0x0, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000001500)={0x7, 0x5}, 0x8, 0x10, 0x0, 0x0, 0xfd90, 0xffffffffffffffff, 0x9, &(0x7f0000001540)=[0x1], &(0x7f0000001580)=[{0x2, 0x5, 0x4, 0x9}, {0x1, 0x4, 0xa, 0x8}, {0x4, 0x5, 0xf, 0x1}, {0x1, 0x1, 0x5, 0x8}, {0x4, 0x4, 0x8, 0x5}, {0x1, 0x1, 0xc, 0x7}, {0x3, 0x4, 0x6, 0xa}, {0x0, 0x4, 0x1, 0x3b2f66eee831ab91}, {0x3, 0x4, 0x0, 0x3}], 0x10, 0x69}, 0x94)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x6, &(0x7f0000000080)={0x1, 0x1})
fcntl$lock(r1, 0x6, &(0x7f00000001c0)={0x2, 0x1, 0x7, 0x6})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x6, &(0x7f0000000080)={0x1, 0x1})
write(r0, &(0x7f0000001700)="6b6ebbdc7e59a11ca5fd34a27ddcdbe610bd87a58125104ffb9e51de68eacd013442f577a0703b3bbc663728fa0f3aa929a944ba756fe63e8b8fa6b62ac866f081881283b17ed7d9bb44ceffeb774cdf0be468ce655f9e5cf478223b127d16b80066bae23e6a3f7ca525579f5fc29c2bd205f2761e29f114a3ccf193d55dc4bd37d078a13bc2d6a82b0023b57ef16c0ed5", 0x91)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x403, 0x0)
ioctl$SNDCTL_SYNTH_MEMAVL(r3, 0xc004510e, &(0x7f0000000180)=0x80)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chown(&(0x7f00000003c0)='./file0\x00', 0x0, 0xee01)
syz_emit_ethernet(0xae, &(0x7f0000000000)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000308", 0x78, 0x3a, 0x0, @private1, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "5b52ab", 0x0, 0x2b, 0x0, @private0, @private0, [@srh={0x873a84884f5b3ade, 0x7, 0x4, 0x2, 0x1, 0x0, 0x0, [@private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}, @dstopts={0x88, 0x2, '\x00', [@hao={0xc9, 0x10, @remote}]}]}}}}}}}, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112})
ioctl$TUNSETVNETBE(r4, 0x400454de, &(0x7f0000000140)=0x1)
poll(&(0x7f0000000040)=[{r4}], 0x1, 0xff)

1m22.854248756s ago: executing program 1 (id=1842):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xffffffffffffffff)
r2 = dup(r1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xe, 0x4, 0x4, 0x5, 0x0, 0x1, 0xfffffffc}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r3}, &(0x7f0000000300), &(0x7f0000000280)=r4}, 0x20)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r4, r6, 0x25, 0x2, @void}, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x3, 0x2000, 0x1000, &(0x7f000029c000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
pwritev(r4, &(0x7f0000001b80)=[{&(0x7f00000004c0)="11ce79fbda783b7bd866230958118be1fd0ea09a2582c1a8f9b2627e3dc5e64c36044942827d07387d24974e1fae096d96a59d13f4a07e03eb1c18ac49fbfb5801bfffcc2c763e5bb76a8e412cf87b195f7d4c33049c92034fceff7684912d84c2eda85bcddf1f1d58519ae13d354410b705d85d7c27457e6d7243e4dc2b20778e3b70b6d6efb278a0da26898d689334177b", 0x92}, {&(0x7f0000000580)="4cb3fa8e6157998d2afef2b39f44d495f52937245f6299ed9335e57bf41cd1b988caafe9b11a1f9a0a1d2262a79974c77d22770c1a4db4e4bb543bdfb502a559c545e352e34750be3d469395649316a963b97cea7606ef7730b335cc5cfbe57a527e7e331acd50b8d6c13a275a259927a82967a6911d9fad5901d586cc40dc18eee3fa5d3cb002d4d151f3ffaf8dd382c992263d125eed6d5167735210bcb2c4dcd416005aa45c26c6362a40e48446b5f23be7895ab291a32927d45f2c2c55e319dbe0e2a84e4f85ae7bfcda0bcf5f72", 0xd0}, {&(0x7f0000000680)="5236cc2b3fbabcc8d992635104a09132dbf731f56dbdfd52e7613c8724dc4870d73d5713d427bed4b7d3ac14ad", 0x2d}, {&(0x7f00000006c0)="7390ccb38db970744dd9289f64c5ae89e209c4c998f55c148c9e72a5b4fd349c2bcc9e12ea95e4668a6e15fab94ef5cb978eedbd968bb46b2fe848bcfb0c11fc7a677769046ba2461370762feb0fe173d9dee485cfe1b5abb7add72f494f5c29109cdf4716c5b1342a23280811c7a0db92008badf7d3d36cfc5db25ba174d96f7b3c5978c25810cfa93a234a73514b7a260b1eaafe43865fdb1e8119f65d1bd931dd", 0xa2}, {&(0x7f0000000880)="926a046f6b1f9859f6a47cd642177c9427ccf44774fed96f80d01b68f0971a83c4bb38a3d82707cd1e94b34606b1a661108f780b7aa6f4e13493c9e0b4b509f12506f2cc23d5e6cf0bd80e57734551a4762b93f784743027a2e0338cf0eaa10ecf7fc094b6a0d98aeb42b10d01d1f9ac09d3cff1990d2d3cf6c8fe58e280485bc67a1f0134fa3f84d31b8ceec5aedc472ea69b6c62cb9121ffcc623dda72cae9b70242a69f9f1fabad84b2d7a0f104d1989fb9c170ec467b9f096fd5307871b0cdd4", 0xc2}, {&(0x7f0000000980)="816d24728680887236ccdb4bab2c2946f5e190db768a8cad1f25b714f5351395d17ad9c4ece689c9f13d341794ef85abe07c10b9359d5e6d5cdde845d71cc36e352a7cb0da065038ccb1eb76c736606b5199ebd874d897a493d0535662f34e6d0e268198e776ad868f447484994205e3b53ff6b019f2f0f7088578b3048f28994e28be745ad0db3fa2225b5999590289d599c2a322d969fbcf6c17dba16b787bcb2a23638a6a8e3f828dca36a4dfedc10b83f265cc245a5b5156a72705addbc0f880180b241b34240dbf03188e53b26586fedf1606f7841fbb1b9945808dfda8eaf06e696fa4a095ee47f1a88cba1553b34c05a64ff842a3547fbe410ced93ea10500c2a28ec7999fa10670de16007bca1366b590fb24d27842062bfb2359a3e41af2f86a60d187a6bb6b16c80251e5c51cd86eac1664d0032f6a9d65da760fbdacc8cf12d0e7c43f32bbe9df08ec99a9e7f7ad9d9eaa23080e2769cabf15a887462608cb307d922528aa326c25e5001c8b09a5b0763b206fe529c8554427d292e2991412b3ffd0fa107c9ff12dfaea9b24486d94e8cad15f964b4c55d09c521222e906720f91c80786494e3cfe8e077543baaf37ef35b255a0551866f47b715c8d9a28719122a0c01b36637a0112781b5dab4abd404d0ea2effe50a0a5b76874b550ab7245d6aca705f91c5d8781272d911924f9dfb948a36fd1771692070b62c3e3747575cfa149c01889111fe86a1174c46d52881cef9e255d6e12ce39501fb250987e6fd77fc03cc4f085b1e9866d062aefbe9e3e88b44546db4ae26c4be7bfd7a0b9d98073f05048e49901f184c42566b9661023ef4b5a3f993053b8a4b08c2f10159625cd8fd5b2e21c8d438506a053dd61640b5f8480a9f985cd6f4227ca1748641912ca44432693175d9ed5ea63ee2c6df8aad5aec8a4ca01bd54ee4d32ff460df9fc57ac6e4db7cfcbe7516bb0d070540b79daf50cbbaf6d71e55ee9dd6d3926a2b79ea6ace8aeac8742b6c54be89bc7a0a0933927a666ac7c8aa75aa734e0e7bb043720c89587f640de54b210ef82d918e593a36873a323050f3de9cfd741db92c3a16180033bb5056e17c3a1fa4036bb2b84c6a44288e3eedbf7e212f576af05da5dcb8e56e6535df491b00db3b107f6a1d33179d11d09658c782563ecc1d9f8979d7d335fdf96ec47a780b81a3ca04e03c5bbec4459b362309289c4f819482da9b39051cb0dbf40df82b81731c01b3a789e1f8601be057631379ff998be4e42fba20aefa761fbd7a3245ef038c35ed8f925e9aed09c7d9d5d5c82a32300fd55ccda085ab273d2fe570ec634e08ce4b81d0455d3d81866e5747e9781c9aba0d19daef39f4f17d5527201e9f3731dbf51d31783c0754de2d459e5995e600b4fb7819ab3a5b7a784a76715dba304d9d9b29c53dd7c14fb589292f077ab1761926ad0fd19eca6b0a1b11c7481947f0f2101452941b6a86a303076caa55dca7bd1696bebaffd17bc99f666e7458d6da2b6fc047d3db9ef079c1ab6694710b93606eea358d93a962ea48a8caa093e98d6a193314afd4eaa6671adf7aa7b643c9fb27fef4d95c46555699bcc42174e324aa1651d47d8fdcfeddbe890ef4518bfa03fe2ba38dae486977ffefc9e3dcad9474c8cdbafe751bae24468239ae436a0e29cef4ce976329379ae6f121181e96c89112135082437e3f2d79b93079af554f6230a75acda18c5f495aa7a7b1efb5f3b0fac21223fad98d4d53494a9cbf13be736c22c176aba638c9b81ba4449778ace03fa9d2063687fc964e985a458cae902c3d60a38b21b23e4c73fe3feb1581b7b7d0c45c609d59c142287100641eedd95a1e89ffbc63a5544f172e74c069df9921c820c95034653c42914adc19e8a7e456dbb233545d331d5486a6f687a36a3924efc7246b15cedc933b3b87679d08064797544a2caf08a6f7befc5cb4c65a4734addf4a5f1d85d49443583be651cb4e1408bb2e8c62fd4233bc07a50fcf8c9b796d1b5ebb2bbf18ffcfc6712021a9cb34fd41a48e3472151de8c0fa4430e73413090a508c5ba8c46dbdf019be679f2b4b6cad4d569ff45a333a71e4b2eccb560209ba89522ebc6db6ad6d20a74a7a9ad7dfb5e2c11d70f84ac8868f399f4b49ac03fe815b64b46d119e8ee3ce76c788813c0c4958b25ec52b7bbf85be94947cdcae0da501c9a238aca3bbe7b707af3cc4d1aab496548ed7166a498f9f9c50c8cf7750023bc3b7848295b68709a769939599e2cc04acafdd87b803a7964935457f7fa1ef0a16ace9a67db6ae71391a835fd1fe98c33681d8f7a40384a0ae8efb175ce9e9669636aba9fe2aa6b1916e185ecb6c994931994e74fbb2cd94bc2cf7bdd5508f092b537603df229c161b62ed0963a3a9f2648eaa60a89a66050aaf13e56712f07978dbda2ffc6268b187f9e25b11fee3add3b1ff5e2a82128ea28b4a419d402adc329ed118bc4965353de7ce542ead47379b97336ca57751fd55dfee62a59ab458ddcb953fcd0135d3a4ae7417a0d296e4849b4e5402c0a702653f599a958d8f8dd7f18b3ee4ac383413e3f6ad8408da468d28ec93534b6cd66cfa5f3786e3cdae70e1dc2a60b5e54fb35bc435f139c6ade2fb813d9d39fa1f825349d23e6ce8028ba8452c2013493345da6282e0232d11bd54f85da5bca1c3f3f0d153242e5e361df7c30169a568a28d88e919a15ba54d0ceb85c3d772eb0f912a8fe17e94bdceae6edce0bed7ccb53ca182d37008a4ec3d49a7fdaad6aa40805486ddd1880fbfc04021e59c2f01040d11f6aa3ab23e9f811fd2982b59172f0ccf2e903b5c5d0133a84643b76569635af0a052fdcbcd8dd974d28d20615935c2d9613c708d6873f7b3970333179773a62013eca34928e9cbf2e97d00c84665bad8c17e21f15ef28d49080c441c7e0fa2908bc647e3e32f813124c6b0c95e250069e600670d5b0803fade9a0174f2b75107d23eec69a5eb1f692ca4b1f0ef859bfc07c73473942a624f0d1fcb810871e70bd585df87c49b6051d4c1eba5d1dec7c2b6108f8524f6b4f5019c188d73a8722fb4a2fed8c5b3c4f40e2e4af94404f355576169a3976905906d1a795f7c927825bf29c34b98697d8cf595e4656e15eb812102756013ba9926f024b35847e45a03b458db6a4c45409838c6e820cfb092092852942318d5d52dc8d0c2d20ba99d252df9fdd4a58e9a821c41f684f9259051ae76a28cd5f9e05078b1afbd787497b0e2c5e0197fcd01a1143f9e9a1ca222ba067bff93c2a1c4a522e6e06879ce5f9d34d37c059f32a38ca7328f56aa219becd2280672bf15ce5249e01016fe9c0ccfbe15aeaf45f6a03767841152714796406977d8a1c182b7b4a8f9a6e7c393331013a899cb5719c5b1a310e072836db040a56b126f159b8cec8fb96d23dae4c2be6f3a196acbb21ea18855e78564e0a3d1663a86cc873594a11f6fe33049f75fb78b499a2f51796586cd0b54747effe6c2f7fe96ac4e2412c2b815a82e99b4f04d040125a272d00f928495e1541b3ad42b57d8873aa0693d049aa16b50c35d387c22c9ae397024c15bf0a043ade19cd32d06ac8dbaa354fc7762db19c23a36c612251f7e46791242884d22875afdf8c81e8db34eefd83f0d2287b06fa09e29b31965402d3d3344c0973d4e3ff897869d8d2e6f2fda06d3daead05e98f8ba04113b3ecff3d4ff9989a0df6a42694bc1756d0c2ea217223daa373a9a9ba9c51868a92d0cc1018a8c74a032a8c2ec4d7e6bf58e359af8bde463cebee82d5f8225fe3b07ed4ef59e96ccb0b34082cc48db4da8bfd7487573cfadfc3b89c9da3cb5e7751053a42bb7a69ec045d05fd2b5e4f3677fc0bc2f5ab3c872a5998c5ce5650abb48d7855a47af75e783a4ba7a0c6176a65e93864a9826c6102f9c2255fd8d6a89ce55b14ded645d4c32e59bb055b6b38fdd8c6d45a375b52e766affc03f5ac19357caf7262420e1f20c474188d825b7e8159a809201133932ac007bcf3e57fc7d77691d9a3419d846e96fd13f503132dc6cf964451309718968ff204aa134acca862b44d468a155f62bc7e3921e4a56c0b1e05bc8cde0e901528f27badee3715733ec4821e423debe77d934b74be8d26e242ca084a24f31978612103cbbac1ba0c80b3b392a61710a014e3fd7801d12d0640e600e0b6ce91691c356816855ab0bbe6d868d6c130614814cdc3b21d2f651ece9f465ae6e5a47baecb72365e9f4070f188b13491f656c83850c10c996a6af275a469bf6d49b05a0f1c8955ece1fe6e177fe52fcb6c84e6517218735a05fd1c45521388282057cbb1615e4a7b56e3ed977bcbebe08fb823acade7dbf251db991ed77454b37e39a07b575da3cc873bbe93a3df26210a6bdc88e55960a13835456fea3bd03721d72e855c0949c89ad55a61a33d56ad4656229abac01e67562b27614e5e7296518b8d145891ec8e55d7cdf3027d5db0f683624daea25b3a701ff0b81dc2161f146666fe779d2e1ff0237af516ad4c863e66fe5c50aa8c258394910f7e5420c054b41699946f9dc9159509f57e260a7940dc881d42da243dec3b83a6084a9ca174b41ae1cf5a254897b235dadea7ff2220e8cef7cd904a1d1de833da91149f8acee2355b0e48e35c7d2ad9d7650e531c3854f4623be1070ac77dfbd29ed7122aab303d82ff15d3c1d156f246881d8df21434b4d1be9cbc89b1cedff95a71672877ba11cc626c4e3c9e165901748bff4c01e663ec22f813bb36fd14f7085d5192921d55aeae35324749c52a9074b912260be50578305154b4f198ae11360d64b1f03dbcc286bec5ca709b97d6e3b0a080b5824ff12ce624480cd72175fc328e8144215379fa9287daf247868291b103a393730d54026ca0414db6e3014977dde3aec4e6e050facdd6e23c07454cc4ee362fc77084d2c654332520b31fb20b04090965f58a98f0b85b436f6a5828268cda9d5c21ae3d3418b26f89f4ffe318dce23b9949f00b894b1bc71a68e79e33caa69b6ef71948765ac489836bbfd845b521ad917129ca526661cb8354d44b75a8528be3550b56b1230326e025919cd2f463968fe37043f4fb4bda32b068aa9f036d7f4fe2728d6ef5a8a7909c0d7b23e9390c6bf5807588e4f5b9a50494dc3828ce17787ec7c7219f3844560a8cb3fce1428dd79676d67accab98ef2029dd21ede46a23da5aaa62a1279609ba6f4b48641eba55fda75ed0a2ab73cb7ad545226398ed20aa48d36b33b01047a770ce71e8258ac1f8595d4c253b169828964e90151439c15f91b07f6213f219ad55a3cf5b4fc1acebd926bf44aa1af323c58d0fcc0a9c7bb3942ce42b286b3417781a3e35a141044a994b6b5408d5ea8f1b9d3faf0b4929e59aaa97becea06819d73bbef41f6aa2089b88e64f70598378e9e5d2bf05fe35aeb3f3fe90529d4f295d1ed8271d0696d514557bf9cab56ccb04398bf5255c6587a1109e0209240e1d517d3a19c24fa49ae0cb70cb72d37167f10bde40118df0ce31617c93ac73b587a36bfe52c40e550b7dddaae3709f36ac82aa41ef057732a9550383048e6a68d88a9b444a65ae8be04cb6f89f4f4def1b2efb3a9476052e42209f629be99888b27322a6b4f5b642df587e05a28d753ad81c29d097f41a804a38aab1f126c3c4b96e93a3421541e683d6508639d2af89e08106545010c211ae18bf4b0741813c692ff81b91102bfff5ae26b4bf2d6ff1c6b9392dd1c9244e585d05fbac91cfb8ebd8937b135dc0201a4695686ea10", 0x1000}, {&(0x7f0000001980)="69c19f513d6eb36db51ed2974910ca32af4e9ebc87be3c047b4bc49d3b1f7975173abb2c479384502586e2e6954ba5cbe2d167e30ce9655933a5ba9d9238ce5ab8537e0a53146cde367163554f63f314036c0fffdb2ff2a9893d7ee5f3fc889d3291440deb75350523f00ae1a50b4c83965aeb585856ab2fd49fecedec12ac183299ea1b9a5810e7dbbbc9136dfd9ec9652d473a0e20aaeb7a97468459ead1d9ebb5b64dc7e250a967a0d3de6d38fc79c191b2325dba0f710b3775d9a05f3ee96807197bc392c313e3901addfec59f93bd97a630a66c", 0xd6}, {&(0x7f0000001a80)="961e67b1cfc01ae425bb48e30d638c9096a74cf651762852b21435c8b2c97b5993b36c339e85f2a68b89f4d1f2fc1dab5f78c50baa80d5135f759b6c0c2b45d9a96873467b4d2203ab0e488342f87fd2befd4b517c97fa18fa95cf3c8b3d1906dac76f443d3d5f9edcc11b76ab431002af92a5a314d64116a89574b5739d256c9b6869ed87f292722f5d6ee2361b32e87242a7b9e592598bb402147759c77b5ce28db63772bb901c55ad401fb1d1bd38b5c07e2dcde7c4ebd3350f16e4071c9ee872f74b847daf864a2f5f191b03", 0xce}], 0x8, 0x4, 0xb)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x9, 0x2)
r7 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040))
ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x77, 0xe, 0x2, 0x2})
sendmsg$inet6(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000080)="944cf7", 0x3}], 0x1}, 0x20000010)
socket$packet(0x11, 0x2, 0x300)
syz_emit_ethernet(0x5a, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6008120000242b0100000000000000000000ffffac1414bbfe65c7787f7339adaa000000000000aa3a0202010000000000007e000000000000000000000000000000000000000c907801000001"], 0x0)

1m22.453741496s ago: executing program 1 (id=1849):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
process_madvise(0xffffffffffffffff, &(0x7f0000002800)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x14, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000300000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001bc0)={r1, 0x0, 0x138, 0x4c, &(0x7f0000001cc0)="633268f83ca3000000a2029e3815bb2fa117d8326687688b2c969fd7267d546214af00d1ca2524d00f9e4d9555f3ab381b5d44fd6bda8c509e66101d296f10c805252e7c5d48d9814f46db8f07441878734b13270fe47fba418b7358984b9a61c2bbf964a520459fd0d90590b46cf1677d580a26933b6e35aee75996b73a15a25aa8ae2f1f9bc9699a505c0dc4050ab2255fc35f508ccc52f10ac12febf28652fe36f725714868675ca2a7042ab4b26904b2f000589694f69ab0b22a5aec72c5036ce1c8974690045e4ab412a70336b4c65b2dfc8121af4143c2e10a0e5632bcd44e0b000029da424d86f298656822dae2c002e289fbfa6fe0dfb2fd57713a7684dc166c628dc45027ac174c5db54f22e409eb4e94263dbc9919f90f1af3290918b9824c3e0268b300bf69cc2eb3fc58f655439bdbe2b905", &(0x7f0000001c40)=""/76, 0x4000, 0x0, 0x47, 0x50, &(0x7f0000001ac0)="9c01bd6f9a6028c80d7364240fd78867d9d62eca43c565f2c5ac65dd4a0fadceb6c65dcb07f2421e69087e0f17b4eb709e4805f2722709c46bef17c4cb9aed9fb1c342179ea349", &(0x7f0000001a40)="408fd0050dc7945b483103067eca9bd26ffbe35abf0f88a103f6893dc2b1d1cdc2195d4ae89abc04ff5fe5d2466892c81015df835a7d47be4f852161bc4015e7564b08584290fe1762f943a653008ac5", 0x1, 0x0, 0x13}, 0x22)

1m22.381873041s ago: executing program 1 (id=1850):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000005fc0)={@remote, @private0={0xfc, 0x0, '\x00', 0xfd}, @ipv4={'\x00', '\xff\xff', @remote}, 0x7, 0x8000, 0x41, 0x500, 0x5, 0x10e0012})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="11050000400000005107000000eeff00008006000300000000001400020076657468301b0510000000000000000008000100"/62], 0x44}, 0x1, 0x0, 0x0, 0x40850}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)={0x54, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x7}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000805}, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000080)='blkio.throttle.write_bps_device\x00', 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000200)=ANY=[], 0x31)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
mount$bind(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x98d0d9, 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000003c0)='./file0\x00', 0xa)
sendmmsg$unix(r3, &(0x7f0000001c40)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000002b40)=@file={0x1, './cgroup.cpu/cgroup.procs/file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0)

1m22.381619905s ago: executing program 1 (id=1851):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x8, 0xffffa88a}]}}}]}, 0x3c}}, 0x4008080)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x30, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e20}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008001}, 0x840) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async, rerun: 64)
r4 = fanotify_init(0x2, 0x80000) (rerun: 64)
read$FUSE(r4, 0x0, 0x0)
r5 = socket(0x9, 0x1, 0xae) (async)
r6 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r6, 0xc0305602, &(0x7f0000000040)) (async)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r7, 0x40045402, &(0x7f0000000040)=0x1)
read(r7, &(0x7f00000002c0)=""/95, 0x5f) (async)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f00000083c0)={{0x1}}) (async)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r7, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf}) (async)
r8 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r8, 0x11, 0x67, &(0x7f0000000000)=0x6, 0x4) (async)
setsockopt$inet6_opts(r8, 0x29, 0x36, &(0x7f0000000080)=@dstopts={0x6c}, 0x8) (async)
connect$inet6(r8, &(0x7f00000002c0)={0xa, 0x4e25, 0x1, @empty, 0x5}, 0x1c)
sendmmsg$inet6(r8, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r7, 0x54a2) (async, rerun: 32)
r9 = socket$unix(0x1, 0x1, 0x0) (rerun: 32)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@deltclass={0x2c, 0x29, 0x100, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0x6, 0xffff}, {0x8, 0x6}, {0x8, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x9}}]}, 0x2c}}, 0x0)
mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) (async)
socket$inet(0x2, 0x4000000000000001, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6000ed0000183aff00000000000000000000ffff7f000001ff0200000000000000000000000000018700907800000000ff01000000000000000000d334000001e68f5362d44f446dd19d5d98eb7a7b444347bbfc18767097ce00cfe5f57103429e0271dc1c9cf7b4a06aa4938e39c0191d7671"], 0x0)

1m22.08494025s ago: executing program 1 (id=1854):
r0 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, 0x0, &(0x7f00000021c0)=0x1e) (async)
r1 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006080)=@delchain={0x24, 0x66, 0x221, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {}, {0xb, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004800)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000002880)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "7409bf", 0x8, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @local, {[@hopopts={0x89}]}}}}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x503, 0x70bd2c, 0xffffffff, {0x0, 0xcf, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @gre={{0x8}, {0x4}}}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x3e8b}]}, 0x38}}, 0x0)

1m22.02302248s ago: executing program 34 (id=1854):
r0 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, 0x0, &(0x7f00000021c0)=0x1e) (async)
r1 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006080)=@delchain={0x24, 0x66, 0x221, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {}, {0xb, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004800)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000002880)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "7409bf", 0x8, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @local, {[@hopopts={0x89}]}}}}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x503, 0x70bd2c, 0xffffffff, {0x0, 0xcf, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @gre={{0x8}, {0x4}}}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x3e8b}]}, 0x38}}, 0x0)

1.498691671s ago: executing program 5 (id=2827):
openat$nullb(0xffffffffffffff9c, 0x0, 0x14d802, 0x0)
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x80400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'adq12b\x00', [0x100, 0xf, 0xd1, 0x2, 0x0, 0x100, 0x3, 0x20000000, 0x8, 0x1, 0x0, 0xb51, 0x2, 0x401, 0x10001, 0x1, 0x1000000, 0xb, 0x8000fe8, 0x7, 0x80000000, 0x2, 0x7, 0x9, 0x48, 0x5, 0x6, 0x6a77, 0x2, 0x8, 0x200000a]})

1.38234882s ago: executing program 3 (id=2830):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x70, r1, 0x1, 0x30000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x40, 0x33, @mgmt_frame=@reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_b, @broadcast, @initial, {0x2, 0x8}}, 0x10, 0x1f, @random, @val, @val={0x2d, 0x1a, {0x2c, 0x2, 0x2, 0x0, {0x7, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, 0x8, 0x8, 0x6}}}}]}, 0x70}}, 0x0)

1.334137606s ago: executing program 5 (id=2831):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000190001002cbd700000c8c3532d"], 0x24}}, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x77359400}, {0x77359400}}, 0x0)
r1 = syz_io_uring_setup(0xf03, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x3, 0x3}, &(0x7f0000000440)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0, &(0x7f0000000180))
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0b00000000010000000100000900000001"], 0x48)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
statx(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x2000, 0x1, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
fstat(r1, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$fuse(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x20000, &(0x7f0000000780)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1000}}, {@blksize={'blksize', 0x3d, 0x1800}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@max_read={'max_read', 0x3d, 0x10000}}, {@max_read={'max_read', 0x3d, 0x7}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1400}}], [{@fsmagic={'fsmagic', 0x3d, 0x8}}, {@func={'func', 0x3d, 'MODULE_CHECK'}}, {@measure}, {@smackfsdef={'smackfsdef', 0x3d, '\x00'}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@measure}, {@appraise_type}, {@fsname={'fsname', 0x3d, '^+!\''}}, {@uid_gt={'uid>', 0xee01}}]}})
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00')
read$FUSE(r7, &(0x7f0000004100)={0x2020}, 0x2020)
r8 = socket$inet(0xa, 0x801, 0x84)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffffff00000000000000000d0001007564233a73"], 0x54}}, 0x0)
connect$inet(r8, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r8, 0x8)
accept4(r8, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)={<r11=>0x0, 0x3, 0x1, [0x1]}, &(0x7f0000000040)=0xa)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r8, 0x84, 0x1f, &(0x7f0000000280)={r11, @in6={{0xa, 0x4e23, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}, 0xc20}}, 0x9f, 0xd}, 0x90)
syz_io_uring_modify_offsets$generic(r2, r3, 0x2c, 0x10000)
io_uring_enter(r1, 0x1, 0x564b, 0x1, 0x0, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x43067, 0x6025}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_TTL={0x5, 0x4, 0xfc}, @IFLA_IPTUN_TOS={0x5, 0x5, 0x4}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @multicast1}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4004000}, 0x8000002)

1.229581346s ago: executing program 3 (id=2832):
r0 = socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffcffffff, 0x20031, 0xffffffffffffffff, 0xbe9f5000) (async)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x2e8})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) (async)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) (async)
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, 0x0) (async)
r2 = socket$netlink(0x10, 0x3, 0x0) (async)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) (async)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x1, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000240), 0x20000, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) (async)
r5 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
close(r5) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018"], &(0x7f0000000240)=""/252, 0x37, 0xfc, 0x1}, 0x28) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bind$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) (async)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e1f0a00c9000201"], 0x22) (async)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3a)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2) (async)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) (async)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=@newqdisc={0x2b0, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x9, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_STAB={0x144, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xff, 0x86, 0xfff, 0x8001, 0x1, 0x8001, 0x7, 0x1}}, {0x6, 0x2, [0x6]}}, {{0x1c, 0x1, {0x3, 0x2, 0x200, 0x2, 0x0, 0xfffffff8, 0x6, 0x3}}, {0xa, 0x2, [0x4, 0x0, 0x994b]}}, {{0x1c, 0x1, {0x7f, 0x6, 0x80, 0x0, 0x2, 0x0, 0x9fdc, 0x8}}, {0x14, 0x2, [0x4, 0x6, 0x9, 0xb, 0x7f, 0x8, 0x1, 0x82]}}, {{0x1c, 0x1, {0x8, 0x8, 0xb3, 0xf, 0x2, 0x55, 0x8, 0x1}}, {0x6, 0x2, [0xb]}}, {{0x1c, 0x1, {0x1, 0x40, 0x3, 0xfff, 0x1, 0x2, 0x4, 0x4}}, {0xc, 0x2, [0x0, 0x1, 0x6, 0x8000]}}, {{0x1c, 0x1, {0x0, 0x80, 0x8, 0xffff0000, 0x0, 0x3ff, 0x4, 0x3}}, {0xa, 0x2, [0x40, 0x5, 0xffff]}}, {{0x1c, 0x1, {0x8, 0x0, 0x0, 0x5, 0x2, 0x9, 0xfffffffc, 0x4}}, {0xc, 0x2, [0x3, 0x9cf8, 0x7, 0x7]}}, {{0x1c, 0x1, {0xa, 0x87, 0x1000, 0x10, 0x1, 0x3, 0x4, 0x3}}, {0xa, 0x2, [0xcaf, 0x2, 0xe7cf]}}]}, @TCA_RATE={0x6, 0x5, {0x7f, 0x54}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}, @qdisc_kind_options=@q_mq={0x7}, @TCA_STAB={0x120, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x40, 0x6, 0x4, 0xf, 0x0, 0x2, 0x5, 0x4}}, {0xc, 0x2, [0x8, 0x4, 0x80, 0x80]}}, {{0x1c, 0x1, {0x9, 0x4, 0x5885, 0x9, 0x2, 0x9, 0x80000000, 0x6}}, {0x10, 0x2, [0xffff, 0x1ff, 0x8, 0x0, 0x4, 0x7]}}, {{0x1c, 0x1, {0xe, 0x2, 0x0, 0x10000, 0x1, 0x0, 0x8, 0x3}}, {0xa, 0x2, [0x7eb, 0x6, 0x5]}}, {{0x1c, 0x1, {0x9d, 0x6, 0x806, 0x9, 0x0, 0x17, 0x8, 0x1}}, {0x6, 0x2, [0x6]}}, {{0x1c, 0x1, {0x1, 0x7, 0x4, 0x3, 0x1, 0x1800000, 0x4}}, {0x4}}, {{0x1c, 0x1, {0xf8, 0x5, 0x90e, 0x0, 0x0, 0x80000000, 0x200, 0x4}}, {0xc, 0x2, [0x7, 0x8, 0xf8, 0x0]}}, {{0x1c, 0x1, {0xc, 0x2, 0x2, 0x8, 0x1, 0x1, 0xffff, 0xa}}, {0x18, 0x2, [0x9, 0x8, 0x2, 0x8dc2, 0x47f, 0xab4d, 0x7ff, 0x6, 0x7, 0x401]}}]}, @qdisc_kind_options=@q_qfg={0x8}]}, 0x2b0}}, 0x4000800) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
read$msr(r5, &(0x7f00000003c0)=""/119, 0x77)

1.162330572s ago: executing program 3 (id=2835):
socket$nl_generic(0x10, 0x3, 0x10)
close(0xffffffffffffffff)
ioctl$TIOCGDEV(0xffffffffffffffff, 0x80045432, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x2400c094)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x3406c096)
mknod(0x0, 0xc000, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x74, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x43, 0x33, @mgmt_frame=@reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_b, @broadcast, @initial, {0x2, 0x8}}, 0x10, 0x1f, @random, @val={0x1, 0x3, [{0x6, 0x1}, {0x16, 0x1}, {0x60}]}, @val={0x2d, 0x1a, {0x2c, 0x2, 0x2, 0x0, {0x7, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, 0x8, 0x8, 0x6}}}}]}, 0x74}}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x14)

1.053380134s ago: executing program 5 (id=2836):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0)
r2 = fanotify_init(0x200, 0x0)
fanotify_mark(r2, 0x39, 0x1a, r1, 0x0) (async)
r3 = socket(0x10, 0x2, 0xffff)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000240)={<r4=>0x0, 0x2}, &(0x7f0000000280)=0x8)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000000)={<r5=>r4, 0x2}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f00000001c0)={r5, 0x1, 0x4, 0xd, 0x5, 0xfffffff8}, &(0x7f0000000200)=0x14)
fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) (async)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x8}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0)

953.180189ms ago: executing program 3 (id=2838):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$XFS_IOC_FD_TO_HANDLE(r0, 0xc038586a, &(0x7f0000000140)={<r2=>r1, &(0x7f0000000040)='#\x00', 0x151800, &(0x7f0000000080)={@_ha_fsid={[0x9f3d, 0x10]}, {0xc, 0x1, 0x2, 0x8000000000000000}}, 0xffff, &(0x7f0000000180)={@_ha_fsid}, &(0x7f0000000100)=0xffffffff}) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r2, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000002c0)="0f23b3b9ce000000b807000000ba000000000f301b8154fea900600000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000000ba00000000b9c50d0000b800c80000b8010000000f01d90f300fc79d53bff082400040006dd3010f2202", 0x24}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x1, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
r9 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r10 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r11, &(0x7f0000c00000/0x400000)=nil)
r12 = syz_kvm_add_vcpu$x86(r9, &(0x7f0000000040)={0x0, 0x0})
ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f00000002c0)={0x1, 0x0, [{0x40000083}]})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) (async, rerun: 64)
ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000200)=@other={0x7, &(0x7f00000000c0)=0x40}) (async, rerun: 64)
ioctl$KVM_SET_IRQCHIP(r7, 0x8208ae63, &(0x7f00000005c0)={0x2, 0x0, @ioapic={0x0, 0x1, 0x2, 0xfffffffe, 0x0, [{0x2, 0x4, 0x3}, {0x9, 0x8, 0x9, '\x00', 0xf}, {0xff, 0x7f, 0xd3, '\x00', 0xe9}, {0xfd, 0x1, 0xf5, '\x00', 0x13}, {0x7, 0x9, 0xf5, '\x00', 0xb4}, {0xf, 0x4, 0x54, '\x00', 0xff}, {0x75, 0xfd, 0xb0, '\x00', 0x7f}, {0x3, 0x5, 0xc, '\x00', 0x6}, {0x7f, 0x5, 0x4a, '\x00', 0x8}, {0xd7, 0xd, 0x8, '\x00', 0x5}, {0x0, 0x28, 0x4, '\x00', 0x5}, {0xfb, 0x1, 0xff, '\x00', 0x1}, {0xd, 0x4, 0x26}, {0xcf, 0xf, 0x8, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x1, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x9}, {0x4, 0xe, 0x2, '\x00', 0xe9}, {0x7, 0x2, 0x1, '\x00', 0xc6}, {0x2, 0x80, 0xe, '\x00', 0x7f}, {0x1, 0xe, 0x87, '\x00', 0x7d}, {0x10, 0x9, 0x92, '\x00', 0x10}, {0x1, 0x3, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0xa}]}})
ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000001680)=@get={0x1, &(0x7f00000016c0)=""/4112, 0xd})

952.902017ms ago: executing program 5 (id=2839):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="0f01c80f01ca440f01df450f01c4f2426e460f01cf66b84e008ee0661a5814440f20c0350b000000440f22c0c4e28da9666c", 0x32}], 0x1, 0x6a, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1, <r3=>0xffffffffffffffff}, 0x4)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x100, 0x100, 0xa, [@typedef={0x7, 0x0, 0x0, 0x8, 0x2}, @struct={0x2, 0x4, 0x0, 0x4, 0x0, 0x0, [{0xa, 0x4, 0x7}, {0xf, 0x3, 0x34}, {0xa, 0x3, 0x3}, {0xd, 0x2, 0x9}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x1, 0x6}}, @decl_tag={0x1, 0x0, 0x0, 0x11, 0x5, 0x4}, @struct={0x8, 0xa, 0x0, 0x4, 0x1, 0x0, [{0x1, 0x2, 0x8000}, {0x6, 0x4, 0xf37}, {0x3, 0x0, 0xfff}, {0x6, 0x1, 0x2}, {0x5, 0x3, 0x1}, {0xd, 0x0, 0x3}, {0xe, 0x2, 0x7}, {0x9, 0x0, 0x800}, {0x5, 0x5, 0x7ff}, {0x6, 0x3ff}]}, @func={0xc, 0x0, 0x0, 0xc, 0x1}]}, {0x0, [0x51, 0x2e, 0x5f, 0x61, 0x5f, 0x61, 0x61, 0x30]}}, &(0x7f0000000300)=""/129, 0x122, 0x81, 0x0, 0xfff, 0x10000}, 0x28)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0xfff, 0x0, r3, 0x1, '\x00', 0x0, r4, 0x2, 0x2, 0x1}, 0x50)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

859.912101ms ago: executing program 4 (id=2840):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x6, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x10, 0x4}, [@ldst={0x3, 0x0, 0x3, 0xa, 0x0, 0xff70}], {0x95, 0x0, 0xb}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff4d, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f00000039c0)=[{&(0x7f0000000600)="447df50ce4033a7b5ad00b83244c00b711803e7cca2504a2600da98efff9e7d67f87b1", 0x23}, {&(0x7f00000006c0)='\b', 0x1}, {&(0x7f0000000780)="4274aa814c8f6ea8d8db43178dd2f41ef596a3ca465412910e05cba0f5d97e67886d55be18cac95a1aa093479596c3613670aaf2a3b1edc465bedfdb5156035719c0baa8bb8bf2a825ec04f424dda801fea000f41edc43511e9c8bf89656071e91ae4c356d6a9ca608af6b83cc9f3d9ae37c2bfab2", 0x75}], 0x3, &(0x7f00000008c0)=ANY=[@ANYBLOB="ac1414bb0000000000000000140000000000000000000000020000000600000000000000d8000000000000000000000007000000072b52000000000a0101020a010100ac14141b640101020a010102ac1414bbac14143ee000000200000000071731ac14143cac1e0101e0000002ac1414aaffffffff442cdf11ac1e010100000005ffffffff00000002ac1414bb00000006ffffffff000000000000000000000003441435230a01010200000001ffffffff00000007444477937f"], 0x1a0}, 0x41)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="04"], 0xd)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/msg\x00', 0x0, 0x0)
preadv(r6, &(0x7f0000000100)=[{&(0x7f0000000000)=""/37, 0x25}], 0x1, 0xef33, 0x7)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r6, 0xc02054a5, &(0x7f0000000080)={0xace2, r0, 'id0\x00'})

854.503971ms ago: executing program 6 (id=2841):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x70, r1, 0x1, 0x1000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x40, 0x33, @mgmt_frame=@reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_b, @broadcast, @initial, {0x2, 0x8}}, 0x10, 0x1f, @random, @val, @val={0x2d, 0x1a, {0x2c, 0x2, 0x2, 0x0, {0x7, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, 0x8, 0x8, 0x6}}}}]}, 0x70}}, 0x0)

659.863069ms ago: executing program 6 (id=2842):
openat$nullb(0xffffffffffffff9c, 0x0, 0x14d802, 0x0)
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x80400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'adq12b\x00', [0x100, 0xf, 0xd1, 0x2, 0x0, 0x100, 0x3, 0x20000000, 0x8, 0x1, 0x0, 0xb51, 0x2, 0x401, 0x10001, 0x1, 0x1000000, 0xb, 0x8000fe8, 0x7, 0x80000000, 0x2, 0x7, 0x9, 0x48, 0x5, 0x6, 0x6a77, 0x2, 0x8, 0x200000a]}) (fail_nth: 2)

659.484233ms ago: executing program 5 (id=2843):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000440)={<r1=>0x0})
ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f00000022c0)={r1, 0x100000000})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'wlan1\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r5 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
ioctl$CEC_S_MODE(r5, 0x40046109, &(0x7f0000000140)=0x11)
ioctl$CEC_S_MODE(r5, 0x40046109, &(0x7f0000000180)=0xd0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000040)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r7, 0x7a8, &(0x7f00000000c0)={{@hyper, 0xffffffff}, @hyper, 0xc, 0x0, 0x1, 0x4, 0x5a, 0x4, 0x800})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010028bd7000fddbdf2507000000080001006000000008000300", @ANYRES32=r6, @ANYBLOB="0c009900ff0700007000005577fda49ea636c5ac3d001400040073797a6b616c6c6572300000000000000800050006000000a8188e3282b7bb0b4b207fff5e4f28262def981957be22a931a6acface03dcd713b06b6353de7fb628d7351ee49878c6a050eacea1c3ec01fcb8a285714140ff05b4165822eed697399894692aeaec6e16cf2aab6a2a87369812ecda40c1e8662f3d4dd0c4bec2117702aa44b0a3fdddfd3dcb9746a8113b00000000000001005263d0e10edfcec1b43d86"], 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0xa}, @l2cap_cid_le_signaling={{0x6}, @l2cap_cmd_rej_unk={{0x1, 0xe3, 0x2}, {0x1}}}}, 0xf)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$FIGETBSZ(r9, 0x5421, &(0x7f0000000040))
socket$inet_sctp(0x2, 0x1, 0x84)
add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000080)="0000000000000002ff690000000000010000001300000006000200861fa72e5b01504104bfeacdd5a9007d167c71e3b8a93aa64d957a684161c833020a6da8881fb79e110483bfadf224a22c76ecc7a56843a85f7df51293f0eb84ef8f0f07342db3b0e5a5647b7bed1fbf069ca713670adf7d9fb6d2600fd9c1981fe9f095cfe9d2fe1e1e34f6096bf02543747b2c792890f07c0da0fa25e6101062e6c9176a70e41698814a213711764f88495994cfd8a57c1e13f6b5298e7ab3a2bfb58dde34d58536633c27882e51ced17d67999b00094461", 0xd4, 0xffffffffffffffff)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0)
connect$inet(r10, &(0x7f00000003c0)={0x2, 0x4e23, @loopback}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
sendmsg$NFT_MSG_GETRULE(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x44044}, 0x4004)

558.284898ms ago: executing program 4 (id=2844):
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f00000000c0)={{0xa, 0x4e23, 0xf, @local}, {0xa, 0x6e23, 0x0, @remote, 0x7fff}, 0x1, {[0x0, 0x0, 0x578, 0xfffffff9, 0x0, 0x1, 0x7fff, 0x40]}}, 0x5c)
semtimedop(0x0, &(0x7f0000000040)=[{0x2, 0x5, 0x800}, {0x4, 0x6}, {0x0, 0x0, 0x800}], 0x1f4, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000505050505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00}t\x00'/28], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={r3, 0x0, 0x0}, 0x20)

442.120429ms ago: executing program 6 (id=2845):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x350})
write$FUSE_STATX(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f0000001980)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000100)={0x68, 0x0, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1b7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9e}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}]}, 0x68}}, 0x20)
write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000000)={0xb, 0x29, 0x2, {0x401}}, 0xb)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

371.642829ms ago: executing program 4 (id=2846):
socket$nl_generic(0x10, 0x3, 0x10)
close(0xffffffffffffffff)
ioctl$TIOCGDEV(0xffffffffffffffff, 0x80045432, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x2400c094)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x3406c096)
mknod(0x0, 0xc000, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x74, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x43, 0x33, @mgmt_frame=@reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_b, @broadcast, @initial, {0x2, 0x8}}, 0x10, 0x1f, @random, @val={0x1, 0x3, [{0x6, 0x1}, {0x16, 0x1}, {0x60}]}, @val={0x2d, 0x1a, {0x2c, 0x2, 0x2, 0x0, {0x7, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, 0x8, 0x8, 0x6}}}}]}, 0x74}}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x14)

371.404694ms ago: executing program 3 (id=2847):
r0 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x80d01, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f0000000240)={{0x80, 0x2}, 'port1\x00', 0x93, 0x20cda, 0x8, 0x8000007, 0x3, 0x4, 0xca, 0x0, 0x4})
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x500, 0x100)
fcntl$notify(r2, 0x402, 0x34)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1a, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000180)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x1c, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2, r4, 0x0, 0x0, 0x0, 0x10, 0x4a6}, 0x94)
r5 = accept4$x25(r4, &(0x7f00000001c0)={0x9, @remote}, &(0x7f0000000300)=0x12, 0x80000)
ioctl$sock_ifreq(r5, 0x8936, &(0x7f0000000340)={'ip6_vti0\x00', @ifru_hwaddr=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
fcntl$notify(r2, 0x402, 0x18)
ioctl$BLKRRPART(r0, 0x125f, 0x0)

371.134584ms ago: executing program 6 (id=2848):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
close_range(0xffffffffffffffff, r0, 0x2)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f000027c000/0x1000)=nil, 0x1000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10b})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000e00)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x60, 0x18, &(0x7f0000001300)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x25}, @fda={0x66646185, 0x6, 0x0, 0x33}, @flat=@weak_binder={0x77622a85, 0x1100}}, &(0x7f0000000200)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0})
r5 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x90)
prctl$PR_SET_KEEPCAPS(0x59616d61, 0x1ffffffffffffff)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$bt_BT_POWER(r7, 0x112, 0x9, 0x0, &(0x7f0000000600))
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1200000004000000040000000c"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000001800000018110000", @ANYRESDEC=r6, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000640)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864060af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb6d6b4bd6399527a20823812419372dfe1848c842e8a854db512b5cbd832c0046b711c61972579756b39cdf393fcd0d1b29b0bf97876b32e8a4c754a2e64918fcce18ec08ba3ce84b6d56ba34de691b4e702e1619c3c9", 0xa6}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="10"], 0x10}], 0x1, 0x0, 0x0, 0x4000}, 0x44040)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1a, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r8 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc)=<r9=>0x0)
timer_settime(r9, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffffffffffb, 0x6, 0x4, @scatter={0x0, 0x0, 0x0}, &(0x7f00000000c0)="a109a81b133d", 0x0, 0x0, 0x10012, 0x0, 0x0})
socket$inet6_tcp(0xa, 0x1, 0x0)

201.388387ms ago: executing program 4 (id=2849):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000040)={'\x00', 0x9bfe, 0x69, 0x6, 0x0, 0x9412, 0xf000, 0xa000, '\x00', 0x2})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001240)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000000)={0x34, r0, 0x1, 0x70bd2c, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x18, 0x11d, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x47}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}]}]}, 0x34}}, 0x8040)

191.595108ms ago: executing program 6 (id=2850):
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x14d802, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x80400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000180)={'adq12b\x00', [0x100, 0xf, 0xd1, 0x2, 0x0, 0x100, 0x3, 0x20000000, 0x8, 0x1, 0x0, 0xb51, 0x2, 0x401, 0x10001, 0x1, 0x1000000, 0xb, 0x8000fe8, 0x7, 0x80000000, 0x2, 0x7, 0x9, 0x48, 0x5, 0x6, 0x6a77, 0x2, 0x8, 0x200000a]})
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x200000)

111.85614ms ago: executing program 3 (id=2851):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x70, r1, 0x1, 0x2000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x40, 0x33, @mgmt_frame=@reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_b, @broadcast, @initial, {0x2, 0x8}}, 0x10, 0x1f, @random, @val, @val={0x2d, 0x1a, {0x2c, 0x2, 0x2, 0x0, {0x7, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, 0x8, 0x8, 0x6}}}}]}, 0x70}}, 0x0)

111.593327ms ago: executing program 4 (id=2852):
r0 = socket$kcm(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x1, 0xff, 0x0, 0x1}, 0x48)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
read$FUSE(r1, &(0x7f0000000040)={0x2020}, 0x2020)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0xfd}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000040))

987.99µs ago: executing program 6 (id=2853):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) (async)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0xb0260000) (async)
mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r0, 0xc6e9f000) (async)
mmap(&(0x7f0000d8c000/0x1000)=nil, 0x1000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0xffffe000)
fallocate(r1, 0x10, 0x3, 0x1) (async, rerun: 32)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000000, 0x6e073, r1, 0x100000000) (rerun: 32)

725.641µs ago: executing program 4 (id=2854):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xffffffffffffffff)
r2 = dup(r1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xe, 0x4, 0x4, 0x5, 0x0, 0x1, 0xfffffffc}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r3}, &(0x7f0000000300), &(0x7f0000000280)=r4}, 0x20)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r4, r6, 0x25, 0x2, @void}, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
pwritev(r4, 0x0, 0x0, 0x4, 0xb)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x9, 0x2)
r7 = syz_open_procfs$pagemap(0x0, 0x0)
ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x77, 0xe, 0x2, 0x2})
sendmsg$inet6(r2, 0x0, 0x20000010)
socket$packet(0x11, 0x2, 0x300)
syz_emit_ethernet(0x5a, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6008120000242b010000"], 0x0)

0s ago: executing program 5 (id=2855):
r0 = socket(0x2000000015, 0x80005, 0x0)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x2, @loopback}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00')
getdents64(r1, &(0x7f0000000340)=""/82, 0x52)
getdents(r1, 0x0, 0x0)
getsockname$packet(r0, 0x0, &(0x7f0000000140))
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x13e)
write$cgroup_int(r2, &(0x7f0000000040)=0xfe8e, 0x12)

kernel console output (not intermixed with test programs):

.614699][T13099] usb usb8: usbfs: process 13099 (syz.4.2097) did not claim interface 0 before use
[  194.886943][   T62] Bluetooth: hci0: command 0x040f tx timeout
[  194.889628][ T5736] Bluetooth: hci1: command 0x0405 tx timeout
[  195.182844][T13137] netlink: 'syz.5.2109': attribute type 322 has an invalid length.
[  195.194535][T13137] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  195.266939][T13141] input: syz1 as /devices/virtual/input/input25
[  195.302675][T13146] hpfs: Bad magic ... probably not HPFS
[  195.382976][T13154] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2113'.
[  195.670675][   T40] audit: type=1400 audit(1778397003.064:973): avc:  denied  { ioctl } for  pid=13173 comm="syz.5.2119" path="socket:[58789]" dev="sockfs" ino=58789 ioctlcmd=0x943b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  195.990438][T13214] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  195.996721][   T40] audit: type=1326 audit(1778397003.384:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13213 comm="syz.6.2132" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faca779cdd9 code=0x0
[  196.075899][   T40] audit: type=1400 audit(1778397003.464:975): avc:  denied  { ioctl } for  pid=13219 comm="syz.4.2136" path="socket:[58906]" dev="sockfs" ino=58906 ioctlcmd=0x89ed scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  196.235218][T13259] team0: left allmulticast mode
[  196.237434][T13259] team_slave_0: left allmulticast mode
[  196.239392][T13259] team_slave_1: left allmulticast mode
[  196.243849][T13259] team0: left promiscuous mode
[  196.245546][T13259] team_slave_0: left promiscuous mode
[  196.247956][   T62] Bluetooth: hci3: command 0x0401 tx timeout
[  196.253820][T13259] team_slave_1: left promiscuous mode
[  196.258193][T13259] bridge0: port 3(team0) entered disabled state
[  196.280839][T13259] bridge_slave_0: left allmulticast mode
[  196.283413][T13259] bridge_slave_0: left promiscuous mode
[  196.286037][T13259] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.298134][T13259] �1W�: left allmulticast mode
[  196.300315][T13259] �1W�: left promiscuous mode
[  196.302325][T13259] bridge0: port 2(�1W�) entered disabled state
[  196.312389][T13259] bond0: (slave bond_slave_0): Releasing backup interface
[  196.319481][T13259] bond0: (slave bond_slave_1): Releasing backup interface
[  196.326078][T13259] team0: Port device team_slave_0 removed
[  196.336028][T13259] team0: Port device team_slave_1 removed
[  196.338982][T13259] batman_adv: batadv0: Removing interface: batadv_slave_0
[  196.342412][T13259] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  196.966886][   T62] Bluetooth: hci0: command 0x040f tx timeout
[  196.969473][ T5736] Bluetooth: hci1: command 0x0405 tx timeout
[  197.028324][T13294] tmpfs: Cannot enable quota on remount
[  197.087709][T13298] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  197.261354][T13300] __nla_validate_parse: 6 callbacks suppressed
[  197.261365][T13300] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2151'.
[  197.368178][T13310] /dev/sg0: Can't lookup blockdev
[  197.421539][T13309] SELinux:  truncated policydb string identifier
[  197.423964][T13309] SELinux: failed to load policy
[  197.643121][T13321] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  197.651186][T13321] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2159'.
[  197.654132][T13321] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2159'.
[  197.692799][T13323] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2160'.
[  197.703293][   T40] audit: type=1400 audit(1778397005.094:976): avc:  denied  { setopt } for  pid=13325 comm="syz.3.2161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  197.716706][T13328] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2163'.
[  198.099587][T13357] kvm_pr_unimpl_wrmsr: 38 callbacks suppressed
[  198.099603][T13357] kvm: kvm [13356]: vcpu2, guest rIP: 0x9135 Unhandled WRMSR(0x11e) = 0x0
[  198.121687][   T40] audit: type=1400 audit(1778397005.514:977): avc:  denied  { write } for  pid=13361 comm="syz.5.2174" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  198.145959][   T62] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  198.203345][T13368] sctp: [Deprecated]: syz.3.2172 (pid 13368) Use of int in max_burst socket option deprecated.
[  198.203345][T13368] Use struct sctp_assoc_value instead
[  198.313916][T13374] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=25448 sclass=netlink_route_socket pid=13374 comm=syz.4.2177
[  198.326897][   T62] Bluetooth: hci3: command 0x0401 tx timeout
[  198.553566][T13391] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2181'.
[  198.592072][   T40] audit: type=1400 audit(1778397005.984:978): avc:  denied  { write } for  pid=13395 comm="syz.3.2183" name="/" dev="9p" ino=83361827 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  198.601591][T13393] tmpfs: Unknown parameter 'or_inod���厕2��iQ�-�Z�y��ɹ�@ָ9� �`���p�^��Q{T?�B�'
[  198.950739][T13421] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  199.046967][   T62] Bluetooth: hci0: command 0x040f tx timeout
[  199.159525][T13416] syz.4.2188 (13416): drop_caches: 3
[  199.159619][T13415] syz.4.2188 (13415): drop_caches: 3
[  199.226082][T13433] Bluetooth: hci4: Frame reassembly failed (-84)
[  199.234840][T10372] Bluetooth: hci4: Frame reassembly failed (-84)
[  199.237002][ T1248] Bluetooth: hci4: Frame reassembly failed (-84)
[  199.244034][T13436] netlink: 'syz.6.2194': attribute type 3 has an invalid length.
[  199.247404][T13436] netlink: 'syz.6.2194': attribute type 1 has an invalid length.
[  199.249936][T13436] netlink: 216 bytes leftover after parsing attributes in process `syz.6.2194'.
[  199.407103][   T40] audit: type=1400 audit(1778397006.804:979): avc:  denied  { map } for  pid=13448 comm="syz.6.2199" path="socket:[62558]" dev="sockfs" ino=62558 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  199.472046][T13456] netlink: 830 bytes leftover after parsing attributes in process `syz.6.2202'.
[  199.603723][T13469] netlink: 91 bytes leftover after parsing attributes in process `syz.5.2206'.
[  199.607759][T13470] tipc: Started in network mode
[  199.609520][T13470] tipc: Node identity ac14140f, cluster identity 4711
[  199.617055][T13470] tipc: New replicast peer: 255.255.255.255
[  199.619678][T13470] tipc: Enabled bearer <udp:syz2>, priority 10
[  199.765954][T13485] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  199.768959][T13485] overlayfs: failed to set xattr on upper
[  199.770824][T13485] overlayfs: ...falling back to redirect_dir=nofollow.
[  199.773095][T13485] overlayfs: ...falling back to index=off.
[  199.774955][T13485] overlayfs: ...falling back to uuid=null.
[  199.779351][T13485] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  199.782210][T13485] overlayfs: missing 'lowerdir'
[  199.856742][   T40] audit: type=1400 audit(1778397007.244:980): avc:  denied  { validate_trans } for  pid=13482 comm="syz.3.2210" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  200.666629][T13506] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2214'.
[  200.708838][T13506] 8021q: adding VLAN 0 to HW filter on device bond6
[  200.718344][T13508] syzkaller1: entered promiscuous mode
[  200.721175][T13508] syzkaller1: entered allmulticast mode
[  200.739359][   T24] tipc: Node number set to 2886997007
[  200.848033][T13526] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[  200.981181][   T40] audit: type=1400 audit(1778397008.374:981): avc:  denied  { listen } for  pid=13534 comm="syz.5.2221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  201.022000][T13539] xt_hashlimit: max too large, truncated to 1048576
[  201.034015][T13539] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  201.068252][   T40] audit: type=1800 audit(1778397008.454:982): pid=13541 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.5.2222" name="cpuacct.usage_percpu" dev="overlay" ino=2043 res=0 errno=0
[  201.127021][ T5736] Bluetooth: hci0: command 0x040f tx timeout
[  201.173604][T13550] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  201.253851][   T40] audit: type=1326 audit(1778397008.644:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13547 comm="syz.5.2225" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9b15d9cdd9 code=0x0
[  201.286975][ T5736] Bluetooth: hci4: command 0x1003 tx timeout
[  201.291457][   T62] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  201.606006][T13569] CIFS: VFS: UNC: path must begin with // or \\
[  201.609635][T13569] Malformed UNC in devname
[  201.609635][T13569] 
[  201.611829][T13569] CIFS: VFS: Malformed UNC in devname
[  201.706485][T13571] tipc: Started in network mode
[  201.708201][T13571] tipc: Node identity 84e, cluster identity 4711
[  201.710189][T13571] tipc: Node number set to 2126
[  201.721037][   T40] audit: type=1326 audit(1778397009.114:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13568 comm="syz.4.2233" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff2d319cdd9 code=0x0
[  201.844943][   T40] audit: type=1400 audit(1778397009.234:985): avc:  denied  { read } for  pid=13574 comm="syz.4.2235" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  202.054832][T13586] random: crng reseeded on system resumption
[  202.109369][T13591] tmpfs: Unknown parameter 'n�r��6��d'
[  202.730447][   T40] kauditd_printk_skb: 46 callbacks suppressed
[  202.730460][   T40] audit: type=1400 audit(1778397010.124:1032): avc:  denied  { allowed } for  pid=13610 comm="syz.4.2247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  202.740927][   T40] audit: type=1400 audit(1778397010.124:1033): avc:  denied  { create } for  pid=13610 comm="syz.4.2247" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  202.747633][   T40] audit: type=1400 audit(1778397010.134:1034): avc:  denied  { prog_load } for  pid=13610 comm="syz.4.2247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  202.753557][   T40] audit: type=1400 audit(1778397010.134:1035): avc:  denied  { bpf } for  pid=13610 comm="syz.4.2247" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  202.760245][   T40] audit: type=1400 audit(1778397010.134:1036): avc:  denied  { perfmon } for  pid=13610 comm="syz.4.2247" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  202.793105][   T40] audit: type=1400 audit(1778397010.184:1037): avc:  denied  { read } for  pid=13610 comm="syz.4.2247" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  202.800732][   T40] audit: type=1400 audit(1778397010.184:1038): avc:  denied  { read open } for  pid=13610 comm="syz.4.2247" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  202.808585][   T40] audit: type=1400 audit(1778397010.184:1039): avc:  denied  { ioctl } for  pid=13610 comm="syz.4.2247" path="/dev/sg0" dev="devtmpfs" ino=721 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  202.816430][   T40] audit: type=1400 audit(1778397010.184:1040): avc:  denied  { mounton } for  pid=13610 comm="syz.4.2247" path="/539/file0" dev="tmpfs" ino=2892 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  202.823600][   T40] audit: type=1400 audit(1778397010.194:1041): avc:  denied  { unlink } for  pid=13610 comm="syz.4.2247" name="#4d" dev="tmpfs" ino=2897 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  202.840078][T13612] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma?
[  203.207061][   T62] Bluetooth: hci0: command 0x040f tx timeout
[  203.534349][T13627] __nla_validate_parse: 2 callbacks suppressed
[  203.534364][T13627] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2251'.
[  203.543595][T13627] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2251'.
[  203.549698][T13627] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2251'.
[  203.555608][T13627] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2251'.
[  203.561035][T13627] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2251'.
[  203.566457][T13627] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2251'.
[  203.570056][T13628] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2251'.
[  203.572362][T13627] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2251'.
[  204.273402][T13646] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2257'.
[  204.611649][T13668] /dev/sg0: Can't lookup blockdev
[  204.613685][T13669] /dev/sg0: Can't lookup blockdev
[  205.020496][T13692] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2270'.
[  205.050412][T13695] netlink: 'syz.3.2272': attribute type 11 has an invalid length.
[  205.154049][T13697] xt_socket: unknown flags 0xc
[  205.171530][T13703] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  205.602587][   T24] kernel write not supported for file /audio1 (pid: 24 comm: kworker/2:0)
[  205.683181][T13725] netlink: 'syz.5.2281': attribute type 1 has an invalid length.
[  206.185729][T13750] netlink: 'syz.3.2288': attribute type 13 has an invalid length.
[  206.261060][T13752] debugfs: '1��^!' already exists in 'ieee80211'
[  206.284008][T13752] sysfs: cannot create duplicate filename '/class/ieee80211/1��^!'
[  206.287062][T13752] CPU: 0 UID: 0 PID: 13752 Comm: syz.4.2289 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  206.287080][T13752] Tainted: [L]=SOFTLOCKUP
[  206.287085][T13752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  206.287091][T13752] Call Trace:
[  206.287096][T13752]  <TASK>
[  206.287100][T13752]  dump_stack_lvl+0x100/0x190
[  206.287126][T13752]  sysfs_warn_dup.cold+0x1c/0x28
[  206.287144][T13752]  sysfs_do_create_link_sd+0x113/0x140
[  206.287161][T13752]  sysfs_create_link+0x61/0xc0
[  206.287175][T13752]  device_add+0x675/0x1950
[  206.287195][T13752]  ? __pfx_device_add+0x10/0x10
[  206.287207][T13752]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  206.287222][T13752]  ? ieee80211_set_bitrate_flags+0x41b/0x6b0
[  206.287251][T13752]  wiphy_register+0x1edd/0x2d90
[  206.287265][T13752]  ? __rtnl_unlock+0xb9/0xf0
[  206.287282][T13752]  ? __pfx_wiphy_register+0x10/0x10
[  206.287297][T13752]  ? __asan_memset+0x23/0x50
[  206.287313][T13752]  ? minstrel_ht_alloc+0x5e6/0x7f0
[  206.287335][T13752]  ieee80211_register_hw+0x3055/0x4570
[  206.287359][T13752]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  206.287375][T13752]  ? __pfx___debug_object_init+0x10/0x10
[  206.287392][T13752]  ? find_held_lock+0x2b/0x80
[  206.287404][T13752]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  206.287417][T13752]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  206.287430][T13752]  ? __hrtimer_setup+0x208/0x330
[  206.287447][T13752]  mac80211_hwsim_new_radio+0x2a01/0x5aa0
[  206.287473][T13752]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  206.287491][T13752]  ? __asan_memcpy+0x3c/0x60
[  206.287508][T13752]  hwsim_new_radio_nl+0xc5f/0x1370
[  206.287524][T13752]  ? rcu_is_watching+0x12/0xc0
[  206.287542][T13752]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  206.287562][T13752]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0
[  206.287579][T13752]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0
[  206.287621][T13752]  genl_family_rcv_msg_doit+0x214/0x300
[  206.287638][T13752]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  206.287661][T13752]  ? bpf_lsm_capable+0x9/0x10
[  206.287673][T13752]  ? security_capable+0x80/0x260
[  206.287687][T13752]  ? ns_capable+0xd2/0xf0
[  206.287704][T13752]  genl_rcv_msg+0x560/0x800
[  206.287721][T13752]  ? __pfx_genl_rcv_msg+0x10/0x10
[  206.287738][T13752]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  206.287838][T13752]  netlink_rcv_skb+0x159/0x420
[  206.287856][T13752]  ? __pfx_genl_rcv_msg+0x10/0x10
[  206.287873][T13752]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  206.287895][T13752]  ? netlink_deliver_tap+0x1ae/0xcc0
[  206.287911][T13752]  genl_rcv+0x28/0x40
[  206.287925][T13752]  netlink_unicast+0x585/0x850
[  206.287942][T13752]  ? __pfx_netlink_unicast+0x10/0x10
[  206.287961][T13752]  netlink_sendmsg+0x8b0/0xda0
[  206.287978][T13752]  ? __pfx_netlink_sendmsg+0x10/0x10
[  206.287991][T13752]  ? pti_set_user_pgtbl+0x30/0x50
[  206.288013][T13752]  ____sys_sendmsg+0x9e1/0xb70
[  206.288026][T13752]  ? __pfx_netlink_sendmsg+0x10/0x10
[  206.288041][T13752]  ? __pfx_____sys_sendmsg+0x10/0x10
[  206.288057][T13752]  ? __pfx_futex_wake_mark+0x10/0x10
[  206.288089][T13752]  ___sys_sendmsg+0x190/0x1e0
[  206.288107][T13752]  ? __pfx____sys_sendmsg+0x10/0x10
[  206.288140][T13752]  __sys_sendmsg+0x170/0x220
[  206.288152][T13752]  ? __pfx___sys_sendmsg+0x10/0x10
[  206.288163][T13752]  ? __x64_sys_futex+0x34f/0x4d0
[  206.288185][T13752]  ? rcu_is_watching+0x12/0xc0
[  206.288205][T13752]  do_syscall_64+0x10b/0xf80
[  206.288218][T13752]  ? clear_bhb_loop+0x40/0x90
[  206.288232][T13752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.288243][T13752] RIP: 0033:0x7ff2d319cdd9
[  206.288253][T13752] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  206.288264][T13752] RSP: 002b:00007ff2d406f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  206.288275][T13752] RAX: ffffffffffffffda RBX: 00007ff2d3415fa0 RCX: 00007ff2d319cdd9
[  206.288282][T13752] RDX: 0000000004000010 RSI: 0000200000000100 RDI: 0000000000000009
[  206.288288][T13752] RBP: 00007ff2d3232d69 R08: 0000000000000000 R09: 0000000000000000
[  206.288295][T13752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  206.288300][T13752] R13: 00007ff2d3416038 R14: 00007ff2d3415fa0 R15: 00007fff45c41228
[  206.288315][T13752]  </TASK>
[  206.604639][T13766] SET target dimension over the limit!
[  206.951604][T13786] fuse: Bad value for 'user_id'
[  206.953348][T13786] fuse: Bad value for 'user_id'
[  207.120483][T13790] Illegal XDP return value 4294967274 on prog  (id 194) dev N/A, expect packet loss!
[  207.758759][   T40] kauditd_printk_skb: 884 callbacks suppressed
[  207.758778][   T40] audit: type=1400 audit(1778397015.154:1926): avc:  denied  { read write } for  pid=5734 comm="syz-executor" name="loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  207.777024][   T40] audit: type=1400 audit(1778397015.154:1927): avc:  denied  { read write open } for  pid=5734 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  207.785382][   T40] audit: type=1400 audit(1778397015.154:1928): avc:  denied  { ioctl } for  pid=5734 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  207.816255][   T40] audit: type=1400 audit(1778397015.204:1929): avc:  denied  { read } for  pid=13806 comm="syz.3.2305" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  207.823678][   T40] audit: type=1400 audit(1778397015.204:1930): avc:  denied  { read open } for  pid=13806 comm="syz.3.2305" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  207.875228][   T40] audit: type=1400 audit(1778397015.264:1931): avc:  denied  { write } for  pid=13806 comm="syz.3.2305" name="001" dev="devtmpfs" ino=748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  207.883126][   T40] audit: type=1400 audit(1778397015.274:1932): avc:  denied  { write } for  pid=13806 comm="syz.3.2305" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  207.893992][   T40] audit: type=1400 audit(1778397015.284:1933): avc:  denied  { read write } for  pid=7877 comm="syz-executor" name="loop5" dev="devtmpfs" ino=663 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  207.901860][   T40] audit: type=1400 audit(1778397015.284:1934): avc:  denied  { read write open } for  pid=7877 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=663 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  207.910046][   T40] audit: type=1400 audit(1778397015.284:1935): avc:  denied  { ioctl } for  pid=7877 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=663 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  207.973476][T13807] vcan1: entered allmulticast mode
[  208.379476][T13828] overlayfs: failed to resolve './file1': -2
[  208.501406][T13832] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  208.507534][T13832] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  208.634746][T13838] __nla_validate_parse: 6 callbacks suppressed
[  208.634758][T13838] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2311'.
[  208.729967][T10388] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  208.941487][T13836] syz.3.2313 (13836): drop_caches: 3
[  211.529742][T13867] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  211.532820][T13870] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  211.534778][T13870] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  211.538559][T13870] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  211.697016][T13840] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  211.809868][T13877] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2324'.
[  211.822134][T13879] syz.5.2323: attempt to access beyond end of device
[  211.822134][T13879] sr0: rw=6144, sector=128, nr_sectors = 8 limit=128
[  211.825542][T13877] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  211.826496][T13879] gfs2: error -5 reading superblock
[  211.879142][T13879] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  211.888416][   T62] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  211.891347][   T62] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  212.094822][T13895] netlink: 80 bytes leftover after parsing attributes in process `syz.5.2328'.
[  212.260796][T13905] bond1 (unregistering): Released all slaves
[  212.585597][T13932] syzkaller0: entered promiscuous mode
[  212.590619][T13932] syzkaller0: entered allmulticast mode
[  212.624739][T13932] tipc: Started in network mode
[  212.628721][T13932] tipc: Node identity aaf66a6c6643, cluster identity 4711
[  212.634059][T13932] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  212.673919][T13931] tipc: Resetting bearer <eth:syzkaller0>
[  212.705797][T13931] tipc: Disabling bearer <eth:syzkaller0>
[  212.767583][   T40] kauditd_printk_skb: 819 callbacks suppressed
[  212.767594][   T40] audit: type=1400 audit(1778397020.154:2755): avc:  denied  { ioctl } for  pid=13941 comm="syz.3.2343" path="socket:[62442]" dev="sockfs" ino=62442 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  212.778908][   T40] audit: type=1400 audit(1778397020.164:2756): avc:  denied  { create } for  pid=13941 comm="syz.3.2343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  212.785583][   T40] audit: type=1400 audit(1778397020.164:2757): avc:  denied  { write } for  pid=13941 comm="syz.3.2343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  212.793032][   T40] audit: type=1400 audit(1778397020.174:2758): avc:  denied  { read } for  pid=13941 comm="syz.3.2343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  212.810083][   T62] Bluetooth: hci3: command 0x0401 tx timeout
[  212.812186][   T40] audit: type=1400 audit(1778397020.174:2759): avc:  denied  { read } for  pid=13941 comm="syz.3.2343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  212.819642][   T40] audit: type=1400 audit(1778397020.194:2760): avc:  denied  { write } for  pid=13941 comm="syz.3.2343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  212.828904][   T40] audit: type=1400 audit(1778397020.194:2761): avc:  denied  { write } for  pid=13941 comm="syz.3.2343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  212.836698][   T40] audit: type=1400 audit(1778397020.194:2762): avc:  denied  { write } for  pid=13941 comm="syz.3.2343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  212.844982][   T40] audit: type=1400 audit(1778397020.194:2763): avc:  denied  { prog_load } for  pid=13941 comm="syz.3.2343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  212.852820][   T40] audit: type=1400 audit(1778397020.194:2764): avc:  denied  { write } for  pid=13941 comm="syz.3.2343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  212.933547][T13949] trusted_key: encrypted_key: insufficient parameters specified
[  213.080651][   T62] Bluetooth: hci1: ACL packet for unknown connection handle 5
[  213.347025][ T6480] usb 11-1: new low-speed USB device number 2 using dummy_hcd
[  213.507274][ T6480] usb 11-1: Invalid ep0 maxpacket: 32
[  213.606887][   T62] Bluetooth: hci0: command 0x040f tx timeout
[  213.647069][ T6480] usb 11-1: new low-speed USB device number 3 using dummy_hcd
[  213.796892][ T6480] usb 11-1: Invalid ep0 maxpacket: 32
[  213.798794][ T6480] usb usb11-port1: attempt power cycle
[  213.813219][T13970] syz_tun: entered allmulticast mode
[  213.875853][T13972] program syz.4.2351 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  213.887822][T13969] syz_tun: left allmulticast mode
[  214.157249][ T6480] usb 11-1: new low-speed USB device number 4 using dummy_hcd
[  214.179239][ T6480] usb 11-1: Invalid ep0 maxpacket: 32
[  214.317115][ T6480] usb 11-1: new low-speed USB device number 5 using dummy_hcd
[  214.338397][ T6480] usb 11-1: Invalid ep0 maxpacket: 32
[  214.340277][ T6480] usb usb11-port1: unable to enumerate USB device
[  214.437765][T13987] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2356'.
[  214.468558][T13989] sock: sock_timestamping_bind_phc: sock not bind to device
[  215.181192][T14022] snd_dummy snd_dummy.0: control 4:0:128:syz1:8200 is already present
[  215.210634][T14022] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2367'.
[  215.945354][T14040] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0
[  216.122405][T14047] trusted_key: encrypted_key: key trusted:syz not found
[  216.207588][T14052] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2376'.
[  216.231503][T14052] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2376'.
[  216.341647][T14054] netlink: 'syz.4.2376': attribute type 64 has an invalid length.
[  216.341965][T14043] kAFS: Can only specify source 'none' with -o dyn
[  216.460522][T14062] syz_tun: entered allmulticast mode
[  216.533335][T14060] syz_tun: left allmulticast mode
[  216.666182][T14067] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  216.668737][T14067] IPv6: NLM_F_CREATE should be set when creating new route
[  217.566567][T14093] overlay: ./file0 is not a directory
[  217.601920][T14093] afs: Unknown parameter 'dynkdir'
[  217.761671][T14100] random: crng reseeded on system resumption
[  217.792568][   T40] kauditd_printk_skb: 848 callbacks suppressed
[  217.792578][   T40] audit: type=1400 audit(1778397025.184:3613): avc:  denied  { read write } for  pid=7877 comm="syz-executor" name="loop5" dev="devtmpfs" ino=663 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  217.822515][   T40] audit: type=1400 audit(1778397025.204:3614): avc:  denied  { read write open } for  pid=7877 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=663 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  217.849722][   T40] audit: type=1400 audit(1778397025.204:3615): avc:  denied  { ioctl } for  pid=7877 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=663 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  217.862594][   T40] audit: type=1400 audit(1778397025.204:3616): avc:  denied  { create } for  pid=14099 comm="syz.4.2393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  217.877100][   T40] audit: type=1400 audit(1778397025.214:3617): avc:  denied  { create } for  pid=14099 comm="syz.4.2393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  217.889848][   T40] audit: type=1400 audit(1778397025.214:3618): avc:  denied  { write } for  pid=14099 comm="syz.4.2393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  217.896675][   T40] audit: type=1400 audit(1778397025.214:3619): avc:  denied  { read } for  pid=14099 comm="syz.4.2393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  217.903542][   T40] audit: type=1400 audit(1778397025.214:3620): avc:  denied  { read } for  pid=14099 comm="syz.4.2393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  217.905651][T14103] openvswitch: netlink: Duplicate key (type 6).
[  217.910437][   T40] audit: type=1400 audit(1778397025.214:3621): avc:  denied  { write } for  pid=14099 comm="syz.4.2393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  217.910461][   T40] audit: type=1400 audit(1778397025.264:3622): avc:  denied  { firmware_load } for  pid=14099 comm="syz.4.2393" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  218.037140][T14109] bridge8: entered promiscuous mode
[  218.039214][T14109] bridge8: entered allmulticast mode
[  218.118189][T14105] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  218.546913][T14043] kAFS: unable to lookup cell '(,c��L'
[  219.137946][T14128] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  219.143357][T14131] netlink: 'syz.4.2403': attribute type 29 has an invalid length.
[  219.152036][T14131] netlink: 'syz.4.2403': attribute type 29 has an invalid length.
[  219.161994][T14131] netlink: 508 bytes leftover after parsing attributes in process `syz.4.2403'.
[  219.165866][T14131] unsupported nla_type 58
[  219.170028][T14130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  219.971784][T14148] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  220.185554][T14154] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2412'.
[  220.390724][T14158] SELinux:  policydb string  does not match my string SE Linux
[  220.392946][T14162] netlink: 104 bytes leftover after parsing attributes in process `syz.6.2416'.
[  220.396547][T14158] SELinux: failed to load policy
[  220.673422][T14169] vlan2: entered promiscuous mode
[  220.679267][T14169] hsr0: entered promiscuous mode
[  220.681298][T14169] vlan2: entered allmulticast mode
[  220.690956][T14169] hsr0: entered allmulticast mode
[  220.692843][T14169] hsr_slave_0: entered allmulticast mode
[  220.694752][T14169] hsr_slave_1: entered allmulticast mode
[  221.008955][T14177] 9p: Unknown Cache mode or invalid value f
[  221.293159][T14189] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3208170989 (6416341978 ns) > initial count (5016477444 ns). Using initial count to start timer.
[  221.960354][ T5736] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  221.976271][ T5736] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  221.994419][ T5736] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  221.999999][ T5736] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  222.003226][ T5736] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  222.109571][T14220] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2430'.
[  222.135011][T14220] netdevsim netdevsim6 netdevsim0: entered allmulticast mode
[  222.379615][T14229] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  222.390501][T14230] IPv6: NLM_F_CREATE should be specified when creating new route
[  222.395122][T14229] IPv6: NLM_F_CREATE should be specified when creating new route
[  222.817989][   T40] kauditd_printk_skb: 1406 callbacks suppressed
[  222.818006][   T40] audit: type=1400 audit(1778397030.214:5029): avc:  denied  { create } for  pid=14238 comm="syz.5.2436" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  222.856594][   T40] audit: type=1400 audit(1778397030.214:5030): avc:  denied  { ioctl } for  pid=14238 comm="syz.5.2436" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=64247 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  222.890470][   T40] audit: type=1400 audit(1778397030.214:5031): avc:  denied  { read write } for  pid=5734 comm="syz-executor" name="loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  222.913436][   T40] audit: type=1400 audit(1778397030.214:5032): avc:  denied  { module_request } for  pid=14214 comm="syz-executor" kmod="netdev-rose4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  222.927185][   T40] audit: type=1400 audit(1778397030.214:5033): avc:  denied  { ioctl } for  pid=14238 comm="syz.5.2436" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=64247 ioctlcmd=0xaa00 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  222.953773][   T40] audit: type=1400 audit(1778397030.214:5034): avc:  denied  { read write open } for  pid=5734 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  222.976875][   T40] audit: type=1400 audit(1778397030.214:5035): avc:  denied  { ioctl } for  pid=5734 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  222.991286][   T40] audit: type=1400 audit(1778397030.234:5036): avc:  denied  { watch watch_reads } for  pid=14238 comm="syz.5.2436" path="/447/file0" dev="tmpfs" ino=2423 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  223.006886][   T40] audit: type=1400 audit(1778397030.324:5037): avc:  denied  { sys_module } for  pid=14214 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  223.027274][   T40] audit: type=1400 audit(1778397030.334:5038): avc:  denied  { module_request } for  pid=14214 comm="syz-executor" kmod="rose4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  223.517670][T14268] macvtap1: entered promiscuous mode
[  223.520003][T14268] bridge0: entered promiscuous mode
[  223.738248][T14290] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  224.041668][T14214] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.044763][T14214] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.048260][T14214] bridge_slave_0: entered allmulticast mode
[  224.052176][T14214] bridge_slave_0: entered promiscuous mode
[  224.059387][T14214] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.062446][T14214] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.065596][T14214] bridge_slave_1: entered allmulticast mode
[  224.070161][T14214] bridge_slave_1: entered promiscuous mode
[  224.097274][ T1303] block nbd0: Possible stuck request ffff88802a3f7000: control (read@0,1024B). Runtime 120 seconds
[  224.101295][ T5736] Bluetooth: hci4: command tx timeout
[  224.102902][T14214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  224.111080][ T1303] block nbd0: Possible stuck request ffff88802a3f71c0: control (read@1024,1024B). Runtime 120 seconds
[  224.117803][ T1303] block nbd0: Possible stuck request ffff88802a3f7380: control (read@2048,1024B). Runtime 120 seconds
[  224.121389][ T1303] block nbd0: Possible stuck request ffff88802a3f7540: control (read@3072,1024B). Runtime 120 seconds
[  224.125272][T14214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  224.221496][T14214] team0: Port device team_slave_0 added
[  224.231169][T14214] team0: Port device team_slave_1 added
[  224.235094][T14307] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2450'.
[  224.275786][T14214] batman_adv: batadv0: Adding interface: batadv_slave_0
[  224.281316][T14214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  224.303434][T14214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  224.329373][T14214] batman_adv: batadv0: Adding interface: batadv_slave_1
[  224.336295][T14214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  224.359595][T14214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  224.444106][T14214] hsr_slave_0: entered promiscuous mode
[  224.448654][T14214] hsr_slave_1: entered promiscuous mode
[  224.456561][T14214] debugfs: 'hsr0' already exists in 'hsr'
[  224.461917][T14214] Cannot create hsr debugfs directory
[  224.961604][T14214] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.056006][T14336] mac80211_hwsim hwsim27 syzkaller0: entered promiscuous mode
[  225.079376][T14336] mac80211_hwsim hwsim27 syzkaller0: entered allmulticast mode
[  225.201429][T14214] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.418188][T14214] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.687968][T14214] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.980378][T14214] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  226.020753][T14214] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  226.028584][T14214] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  226.089972][T14360] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2461'.
[  226.092859][T14360] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2461'.
[  226.114242][T14214] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  226.131255][T14214] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  226.177183][ T5736] Bluetooth: hci4: command tx timeout
[  226.183354][T14360] kvm: emulating exchange as write
[  226.187925][T14360] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  226.200999][T14214] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  226.214468][T14214] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  226.243504][T14214] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  226.483424][T14214] 8021q: adding VLAN 0 to HW filter on device bond0
[  226.517907][T14214] 8021q: adding VLAN 0 to HW filter on device team0
[  226.527214][T10396] bridge0: port 1(bridge_slave_0) entered blocking state
[  226.529690][T10396] bridge0: port 1(bridge_slave_0) entered forwarding state
[  226.543147][T10388] bridge0: port 2(bridge_slave_1) entered blocking state
[  226.545473][T10388] bridge0: port 2(bridge_slave_1) entered forwarding state
[  227.490169][T14406] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2471'.
[  227.564990][T14214] 8021q: adding VLAN 0 to HW filter on device batadv0
[  227.875503][   T40] kauditd_printk_skb: 515 callbacks suppressed
[  227.875514][   T40] audit: type=1400 audit(1778397035.264:5554): avc:  denied  { read write } for  pid=5734 comm="syz-executor" name="loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  227.895944][   T40] audit: type=1400 audit(1778397035.274:5555): avc:  denied  { prog_load } for  pid=14422 comm="syz.6.2475" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  227.913483][   T40] audit: type=1400 audit(1778397035.274:5556): avc:  denied  { bpf } for  pid=14422 comm="syz.6.2475" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  227.930534][   T40] audit: type=1400 audit(1778397035.274:5557): avc:  denied  { prog_load } for  pid=14422 comm="syz.6.2475" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  227.946934][   T40] audit: type=1400 audit(1778397035.274:5558): avc:  denied  { read append } for  pid=14422 comm="syz.6.2475" name="usbmon3" dev="devtmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  227.966954][   T40] audit: type=1400 audit(1778397035.274:5559): avc:  denied  { perfmon } for  pid=14422 comm="syz.6.2475" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  227.982103][   T40] audit: type=1400 audit(1778397035.274:5560): avc:  denied  { perfmon } for  pid=14422 comm="syz.6.2475" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  227.994055][   T40] audit: type=1400 audit(1778397035.274:5561): avc:  denied  { perfmon } for  pid=14422 comm="syz.6.2475" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  228.003206][   T40] audit: type=1400 audit(1778397035.274:5562): avc:  denied  { perfmon } for  pid=14422 comm="syz.6.2475" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  228.016313][   T40] audit: type=1400 audit(1778397035.274:5563): avc:  denied  { bpf } for  pid=14422 comm="syz.6.2475" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  228.091158][T14214] veth0_vlan: entered promiscuous mode
[  228.115127][T14214] veth1_vlan: entered promiscuous mode
[  228.181042][T14214] veth0_macvtap: entered promiscuous mode
[  228.201248][T14214] veth1_macvtap: entered promiscuous mode
[  228.225402][T14436] 9p: Bad value for 'rfdno'
[  228.227287][T14214] batman_adv: batadv0: Interface activated: batadv_slave_0
[  228.228447][T14436] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2477'.
[  228.236535][T14214] batman_adv: batadv0: Interface activated: batadv_slave_1
[  228.236860][T14436] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2477'.
[  228.247206][ T5736] Bluetooth: hci4: command tx timeout
[  228.252786][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  228.257409][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  228.268992][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  228.277758][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  228.461352][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.464028][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  228.515972][T14439] overlayfs: statfs failed on './file0'
[  228.539790][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.543486][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  228.814251][T14302] oom_kill_process: 4 callbacks suppressed
[  228.814266][T14302] syz.5.2448 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  228.823122][T14302] CPU: 2 UID: 0 PID: 14302 Comm: syz.5.2448 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  228.823140][T14302] Tainted: [L]=SOFTLOCKUP
[  228.823144][T14302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  228.823150][T14302] Call Trace:
[  228.823154][T14302]  <TASK>
[  228.823158][T14302]  dump_stack_lvl+0x100/0x190
[  228.823185][T14302]  dump_header+0xfb/0x606
[  228.823211][T14302]  oom_kill_process.cold+0xd/0x330
[  228.823224][T14302]  out_of_memory+0x340/0x14f0
[  228.823244][T14302]  ? __pfx_out_of_memory+0x10/0x10
[  228.823264][T14302]  mem_cgroup_out_of_memory+0xc6/0x130
[  228.823279][T14302]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  228.823294][T14302]  ? find_held_lock+0x2b/0x80
[  228.823307][T14302]  ? do_raw_spin_unlock+0x145/0x1e0
[  228.823323][T14302]  ? _raw_spin_unlock+0x28/0x50
[  228.823346][T14302]  try_charge_memcg+0x6e5/0xdf0
[  228.823361][T14302]  ? __pfx_try_charge_memcg+0x10/0x10
[  228.823372][T14302]  ? find_held_lock+0x2b/0x80
[  228.823382][T14302]  ? rcu_read_unlock+0x17/0x60
[  228.823393][T14302]  ? rcu_read_unlock+0x17/0x60
[  228.823406][T14302]  ? find_held_lock+0x2b/0x80
[  228.823416][T14302]  ? rcu_read_unlock+0x17/0x60
[  228.823431][T14302]  charge_memcg+0x19f/0x210
[  228.823443][T14302]  __mem_cgroup_charge+0x2b/0x1c0
[  228.823457][T14302]  shmem_alloc_and_add_folio+0x451/0xd40
[  228.823478][T14302]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  228.823495][T14302]  ? shmem_allowable_huge_orders+0x2bd/0x400
[  228.823515][T14302]  shmem_get_folio_gfp+0x6ab/0x1900
[  228.823535][T14302]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  228.823556][T14302]  shmem_write_begin+0x1a4/0x420
[  228.823574][T14302]  ? __pfx_shmem_write_begin+0x10/0x10
[  228.823592][T14302]  ? balance_dirty_pages_ratelimited_flags+0x91/0x1170
[  228.823604][T14302]  ? lockdep_hardirqs_on+0x78/0x100
[  228.823620][T14302]  generic_perform_write+0x292/0xa40
[  228.823639][T14302]  ? __pfx_generic_perform_write+0x10/0x10
[  228.823656][T14302]  ? file_update_time_flags+0x373/0x500
[  228.823674][T14302]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  228.823686][T14302]  shmem_file_write_iter+0x10e/0x140
[  228.823698][T14302]  __kernel_write_iter+0x2ac/0x920
[  228.823711][T14302]  ? __pfx___kernel_write_iter+0x10/0x10
[  228.823723][T14302]  ? __up_read+0x2c1/0x6e0
[  228.823740][T14302]  ? dump_user_range+0x65e/0xad0
[  228.823772][T14302]  ? copy_mc_enhanced_fast_string+0x6/0xf
[  228.823785][T14302]  dump_user_range+0x3f9/0xad0
[  228.823798][T14302]  ? __pfx_dump_user_range+0x10/0x10
[  228.823814][T14302]  ? __pfx_writenote+0x10/0x10
[  228.823828][T14302]  elf_core_dump+0x2d5f/0x3d10
[  228.823847][T14302]  ? __pfx_elf_core_dump+0x10/0x10
[  228.823858][T14302]  ? kasan_save_stack+0x3f/0x50
[  228.823867][T14302]  ? kasan_save_stack+0x30/0x50
[  228.823876][T14302]  ? __kasan_kmalloc+0xaa/0xb0
[  228.823892][T14302]  ? __kvmalloc_node_noprof+0x360/0xa00
[  228.823908][T14302]  ? vfs_coredump+0x22db/0x5770
[  228.823918][T14302]  ? asm_exc_page_fault+0x26/0x30
[  228.823929][T14302]  ? 0xffffffffff600000
[  228.823961][T14302]  ? vfs_coredump+0x29a0/0x5770
[  228.823970][T14302]  vfs_coredump+0x29a0/0x5770
[  228.823990][T14302]  ? __pfx_vfs_coredump+0x10/0x10
[  228.824001][T14302]  ? __lock_acquire+0x4a5/0x2630
[  228.824021][T14302]  ? lock_acquire+0x1b1/0x370
[  228.824040][T14302]  ? is_bpf_text_address+0x8a/0x1a0
[  228.824055][T14302]  ? bpf_ksym_find+0x128/0x1c0
[  228.824074][T14302]  ? __kernel_text_address+0xd/0x30
[  228.824089][T14302]  ? unwind_get_return_address+0x59/0xa0
[  228.824105][T14302]  ? arch_stack_walk+0xa6/0xf0
[  228.824125][T14302]  ? __sigqueue_free+0xbe/0x2a0
[  228.824137][T14302]  ? stack_trace_save+0x8e/0xc0
[  228.824148][T14302]  ? __pfx_stack_trace_save+0x10/0x10
[  228.824159][T14302]  ? stack_depot_save_flags+0x27/0x9d0
[  228.824177][T14302]  ? __lock_acquire+0x4a5/0x2630
[  228.824214][T14302]  ? proc_coredump_connector+0x2d3/0x4f0
[  228.824229][T14302]  ? __pfx_proc_coredump_connector+0x10/0x10
[  228.824246][T14302]  ? rcu_is_watching+0x12/0xc0
[  228.824265][T14302]  get_signal+0x1f2a/0x21e0
[  228.824286][T14302]  ? __pfx_get_signal+0x10/0x10
[  228.824306][T14302]  arch_do_signal_or_restart+0x91/0x7e0
[  228.824324][T14302]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  228.824347][T14302]  ? rcu_is_watching+0x12/0xc0
[  228.824365][T14302]  irqentry_exit+0x410/0x7e0
[  228.824381][T14302]  asm_exc_page_fault+0x26/0x30
[  228.824391][T14302] RIP: 0033:0x7f9b15c52877
[  228.824401][T14302] Code: e8 8e fa ff ff 89 f2 48 8d 3d 0d 40 1b 00 48 8d 35 c4 fa 1d 00 31 c0 e8 e7 f8 ff ff 0f 1f 80 00 00 00 00 53 89 fb 48 83 ec 10 <64> 8b 04 25 a4 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  228.824412][T14302] RSP: 002b:00007f9b16c041a0 EFLAGS: 00010206
[  228.824421][T14302] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f9b15d9cdd9
[  228.824427][T14302] RDX: 00007f9b16c041c0 RSI: 00007f9b16c042f0 RDI: 000000000000000b
[  228.824434][T14302] RBP: 00007f9b15e32d69 R08: 0000000000000000 R09: 0000000000000000
[  228.824440][T14302] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  228.824446][T14302] R13: 00007f9b16016038 R14: 00007f9b16015fa0 R15: 00007fff64515cc8
[  228.824460][T14302]  </TASK>
[  228.824521][T14302] memory: usage 307200kB, limit 307200kB, failcnt 17727
[  229.002684][T14302] memory+swap: usage 367476kB, limit 9007199254740988kB, failcnt 0
[  229.005934][T14302] kmem: usage 11696kB, limit 9007199254740988kB, failcnt 0
[  229.009303][T14302] Memory cgroup stats for /syz5:
[  229.009416][T14302] cache 302505984
[  229.013153][T14302] rss 90112
[  229.014412][T14302] rss_huge 0
[  229.015828][T14302] shmem 302493696
[  229.017503][T14302] mapped_file 0
[  229.019038][T14302] dirty 0
[  229.020345][T14302] writeback 0
[  229.021759][T14302] workingset_refault_anon 10
[  229.023833][T14302] workingset_refault_file 3133
[  229.025870][T14302] swap 61722624
[  229.027836][T14302] swapcached 73535488
[  229.029573][T14302] pgpgin 254175
[  229.031199][T14302] pgpgout 180810
[  229.032794][T14302] pgfault 150261
[  229.034461][T14302] pgmajfault 175
[  229.035797][T14302] inactive_anon 273416192
[  229.037379][T14302] active_anon 29167616
[  229.039804][T14302] inactive_file 12288
[  229.041093][T14302] active_file 0
[  229.042223][T14302] unevictable 0
[  229.043366][T14302] hierarchical_memory_limit 314572800
[  229.045190][T14302] hierarchical_memsw_limit 9223372036854771712
[  229.047369][T14302] total_cache 302505984
[  229.049680][T14302] total_rss 90112
[  229.050849][T14302] total_rss_huge 0
[  229.052060][T14302] total_shmem 302493696
[  229.054662][T14302] total_mapped_file 0
[  229.056020][T14302] total_dirty 0
[  229.057375][T14302] total_writeback 0
[  229.058560][T14302] total_workingset_refault_anon 10
[  229.063549][T14302] total_workingset_refault_file 3133
[  229.065391][T14302] total_swap 61722624
[  229.068133][T14302] total_swapcached 73535488
[  229.069962][T14302] total_pgpgin 254175
[  229.071599][T14302] total_pgpgout 180810
[  229.075168][T14302] total_pgfault 150261
[  229.076928][T14302] total_pgmajfault 175
[  229.078327][T14302] total_inactive_anon 273416192
[  229.079902][T14302] total_active_anon 29167616
[  229.083647][T14302] total_inactive_file 12288
[  229.085122][T14302] total_active_file 0
[  229.088415][T14302] total_unevictable 0
[  229.090033][T14302] anon_cost 0
[  229.094969][T14302] file_cost 0
[  229.096421][T14302] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.2448,pid=14304,uid=60929
[  229.103141][T14302] Memory cgroup out of memory: Killed process 14304 (syz.5.2448) total-vm:98656kB, anon-rss:132kB, file-rss:28808kB, shmem-rss:0kB, UID:60929 pgtables:204kB oom_score_adj:1000
[  229.110237][T14295] syz.5.2448 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  229.114335][T14295] CPU: 1 UID: 0 PID: 14295 Comm: syz.5.2448 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  229.114362][T14295] Tainted: [L]=SOFTLOCKUP
[  229.114368][T14295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  229.114379][T14295] Call Trace:
[  229.114386][T14295]  <TASK>
[  229.114393][T14295]  dump_stack_lvl+0x100/0x190
[  229.114420][T14295]  dump_header+0xfb/0x606
[  229.114441][T14295]  oom_kill_process.cold+0xd/0x330
[  229.114463][T14295]  out_of_memory+0x340/0x14f0
[  229.114496][T14295]  ? __pfx_out_of_memory+0x10/0x10
[  229.114530][T14295]  mem_cgroup_out_of_memory+0xc6/0x130
[  229.114556][T14295]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  229.114580][T14295]  ? find_held_lock+0x2b/0x80
[  229.114601][T14295]  ? do_raw_spin_unlock+0x145/0x1e0
[  229.114628][T14295]  ? _raw_spin_unlock+0x28/0x50
[  229.114653][T14295]  try_charge_memcg+0x6e5/0xdf0
[  229.114678][T14295]  ? __pfx_try_charge_memcg+0x10/0x10
[  229.114696][T14295]  ? find_held_lock+0x2b/0x80
[  229.114712][T14295]  ? rcu_read_unlock+0x17/0x60
[  229.114733][T14295]  ? rcu_read_unlock+0x17/0x60
[  229.114769][T14295]  ? find_held_lock+0x2b/0x80
[  229.114788][T14295]  ? rcu_read_unlock+0x17/0x60
[  229.114814][T14295]  charge_memcg+0x19f/0x210
[  229.114835][T14295]  __mem_cgroup_charge+0x2b/0x1c0
[  229.114860][T14295]  shmem_alloc_and_add_folio+0x451/0xd40
[  229.114894][T14295]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  229.114925][T14295]  ? shmem_allowable_huge_orders+0x2bd/0x400
[  229.114958][T14295]  shmem_get_folio_gfp+0x6ab/0x1900
[  229.114991][T14295]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  229.115026][T14295]  shmem_write_begin+0x1a4/0x420
[  229.115063][T14295]  ? __pfx_shmem_write_begin+0x10/0x10
[  229.115093][T14295]  ? balance_dirty_pages_ratelimited_flags+0x91/0x1170
[  229.115115][T14295]  ? lockdep_hardirqs_on+0x78/0x100
[  229.115141][T14295]  generic_perform_write+0x292/0xa40
[  229.115175][T14295]  ? __pfx_generic_perform_write+0x10/0x10
[  229.115205][T14295]  ? file_update_time_flags+0x373/0x500
[  229.115235][T14295]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  229.115255][T14295]  shmem_file_write_iter+0x10e/0x140
[  229.115277][T14295]  __kernel_write_iter+0x2ac/0x920
[  229.115299][T14295]  ? __pfx___kernel_write_iter+0x10/0x10
[  229.115318][T14295]  ? __up_read+0x2c1/0x6e0
[  229.115347][T14295]  ? dump_user_range+0x65e/0xad0
[  229.115371][T14295]  dump_user_range+0x3f9/0xad0
[  229.115393][T14295]  ? __pfx_dump_user_range+0x10/0x10
[  229.115424][T14295]  ? __pfx_writenote+0x10/0x10
[  229.115453][T14295]  elf_core_dump+0x2d5f/0x3d10
[  229.115487][T14295]  ? __pfx_elf_core_dump+0x10/0x10
[  229.115506][T14295]  ? kasan_save_stack+0x3f/0x50
[  229.115521][T14295]  ? kasan_save_stack+0x30/0x50
[  229.115537][T14295]  ? __kasan_kmalloc+0xaa/0xb0
[  229.115563][T14295]  ? __kvmalloc_node_noprof+0x360/0xa00
[  229.115590][T14295]  ? vfs_coredump+0x22db/0x5770
[  229.115607][T14295]  ? asm_exc_page_fault+0x26/0x30
[  229.115627][T14295]  ? 0xffffffffff600000
[  229.115682][T14295]  ? vfs_coredump+0x29a0/0x5770
[  229.115699][T14295]  vfs_coredump+0x29a0/0x5770
[  229.115727][T14295]  ? __pfx_vfs_coredump+0x10/0x10
[  229.115769][T14295]  ? __lock_acquire+0x4a5/0x2630
[  229.115804][T14295]  ? lock_acquire+0x1b1/0x370
[  229.115838][T14295]  ? is_bpf_text_address+0x8a/0x1a0
[  229.115862][T14295]  ? bpf_ksym_find+0x128/0x1c0
[  229.115894][T14295]  ? __kernel_text_address+0xd/0x30
[  229.115918][T14295]  ? unwind_get_return_address+0x59/0xa0
[  229.115946][T14295]  ? arch_stack_walk+0xa6/0xf0
[  229.115980][T14295]  ? __sigqueue_free+0xbe/0x2a0
[  229.116001][T14295]  ? stack_trace_save+0x8e/0xc0
[  229.116019][T14295]  ? __pfx_stack_trace_save+0x10/0x10
[  229.116039][T14295]  ? stack_depot_save_flags+0x27/0x9d0
[  229.116065][T14295]  ? __lock_acquire+0x4a5/0x2630
[  229.116130][T14295]  ? proc_coredump_connector+0x2d3/0x4f0
[  229.116156][T14295]  ? __pfx_proc_coredump_connector+0x10/0x10
[  229.116185][T14295]  ? rcu_is_watching+0x12/0xc0
[  229.116217][T14295]  get_signal+0x1f2a/0x21e0
[  229.116253][T14295]  ? __pfx_get_signal+0x10/0x10
[  229.116287][T14295]  arch_do_signal_or_restart+0x91/0x7e0
[  229.116317][T14295]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  229.116355][T14295]  ? rcu_is_watching+0x12/0xc0
[  229.116386][T14295]  irqentry_exit+0x410/0x7e0
[  229.116414][T14295]  asm_exc_page_fault+0x26/0x30
[  229.116431][T14295] RIP: 0033:0x7f9b15c52877
[  229.116447][T14295] Code: e8 8e fa ff ff 89 f2 48 8d 3d 0d 40 1b 00 48 8d 35 c4 fa 1d 00 31 c0 e8 e7 f8 ff ff 0f 1f 80 00 00 00 00 53 89 fb 48 83 ec 10 <64> 8b 04 25 a4 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  229.116465][T14295] RSP: 002b:00007f9b16c041a0 EFLAGS: 00010206
[  229.116480][T14295] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f9b15d9cdd9
[  229.116491][T14295] RDX: 00007f9b16c041c0 RSI: 00007f9b16c042f0 RDI: 000000000000000b
[  229.116502][T14295] RBP: 00007f9b15e32d69 R08: 0000000000000000 R09: 0000000000000000
[  229.116512][T14295] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  229.116522][T14295] R13: 00007f9b16016038 R14: 00007f9b16015fa0 R15: 00007fff64515cc8
[  229.116546][T14295]  </TASK>
[  229.116648][T14295] memory: usage 307200kB, limit 307200kB, failcnt 17807
[  229.235015][T14465] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  229.236505][T14295] memory+swap: usage 367344kB, limit 9007199254740988kB, failcnt 0
[  229.252566][T14465] netem: change failed
[  229.254509][T14295] kmem: usage 11672kB, limit 9007199254740988kB, failcnt 0
[  229.334615][T14295] Memory cgroup stats for /syz5:
[  229.334705][T14295] cache 285892608
[  229.337579][T14295] rss 90112
[  229.338610][T14295] rss_huge 0
[  229.339720][T14295] shmem 285884416
[  229.340918][T14295] mapped_file 0
[  229.342051][T14295] dirty 0
[  229.343011][T14295] writeback 0
[  229.344102][T14295] workingset_refault_anon 10
[  229.345528][T14295] workingset_refault_file 3133
[  229.347103][T14295] swap 55574528
[  229.348245][T14295] swapcached 73535488
[  229.349616][T14295] pgpgin 254176
[  229.350986][T14295] pgpgout 184861
[  229.352173][T14295] pgfault 150261
[  229.353327][T14295] pgmajfault 175
[  229.354547][T14295] inactive_anon 86937600
[  229.356261][T14295] active_anon 199061504
[  229.358071][T14295] inactive_file 0
[  229.363223][T14295] active_file 8192
[  229.366980][T14295] unevictable 0
[  229.368463][T14295] hierarchical_memory_limit 314572800
[  229.370635][T14295] hierarchical_memsw_limit 9223372036854771712
[  229.373158][T14295] total_cache 285892608
[  229.374858][T14295] total_rss 90112
[  229.376407][T14295] total_rss_huge 0
[  229.380024][T14295] total_shmem 285884416
[  229.381391][T14295] total_mapped_file 0
[  229.382631][T14295] total_dirty 0
[  229.383762][T14295] total_writeback 0
[  229.384987][T14295] total_workingset_refault_anon 10
[  229.386636][T14295] total_workingset_refault_file 3133
[  229.388387][T14295] total_swap 55574528
[  229.389830][T14295] total_swapcached 73535488
[  229.391834][T14295] total_pgpgin 254176
[  229.393566][T14295] total_pgpgout 184861
[  229.395316][T14295] total_pgfault 150261
[  229.397380][T14295] total_pgmajfault 175
[  229.399136][T14295] total_inactive_anon 86937600
[  229.401195][T14295] total_active_anon 199061504
[  229.402904][T14295] total_inactive_file 0
[  229.404315][T14295] total_active_file 8192
[  229.406117][T14295] total_unevictable 0
[  229.410277][T14295] anon_cost 0
[  229.411832][T14295] file_cost 0
[  229.413300][T14295] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.2448,pid=14302,uid=60929
[  229.419862][T14295] Memory cgroup out of memory: Killed process 14302 (syz.5.2448) total-vm:98656kB, anon-rss:132kB, file-rss:28808kB, shmem-rss:0kB, UID:60929 pgtables:204kB oom_score_adj:1000
[  229.652814][   T62] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  229.662191][   T62] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  229.666400][   T62] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  229.674225][   T62] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  229.678394][   T62] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  229.858092][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  230.102714][T10392] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  230.106107][T10392] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.322830][T10392] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  230.336946][ T5736] Bluetooth: hci4: command tx timeout
[  230.351383][T10392] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.657291][T10392] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  230.661150][T10392] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.844648][T10392] bond0: (slave eth0): Releasing backup interface
[  230.873011][T10392] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  230.883458][T10392] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.254804][T14521] xt_hashlimit: size too large, truncated to 1048576
[  231.766993][ T5736] Bluetooth: hci1: command tx timeout
[  232.071810][T10392] team0: Port device bridge3 removed
[  232.079454][T14516] nfs4: Unknown parameter 'tcpd�y!�M�ۈ��2Э{�F�5������_`Π�w�'
[  232.086518][T14516] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2497'.
[  232.133920][T10392] bond4 (unregistering): (slave bridge4): Releasing backup interface
[  232.138395][T10392] bridge4 (unregistering): left promiscuous mode
[  232.347034][T10396] smc: removing ib device syz1
[  232.354267][T10392] bond0 (unregistering): Released all slaves
[  232.362214][T10392] bond1 (unregistering): Released all slaves
[  232.370836][T10392] bond2 (unregistering): Released all slaves
[  232.379125][T10392] bond3 (unregistering): Released all slaves
[  232.386161][T10392] bond4 (unregistering): Released all slaves
[  232.393767][T10392] bond5 (unregistering): Released all slaves
[  232.403354][T10392] bond6 (unregistering): Released all slaves
[  232.422611][T14529] dummy0: entered promiscuous mode
[  232.426653][T14529] dummy0: left promiscuous mode
[  232.645670][T10396] smbdirect: ib_dev[syz1] removed
[  232.781948][T14476] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.785061][T14476] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.790936][T14476] bridge_slave_0: entered allmulticast mode
[  232.816116][T14476] bridge_slave_0: entered promiscuous mode
[  232.822873][T14476] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.825911][T14476] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.829013][T14476] bridge_slave_1: entered allmulticast mode
[  232.852817][T14476] bridge_slave_1: entered promiscuous mode
[  232.877582][   T40] kauditd_printk_skb: 584 callbacks suppressed
[  232.877593][   T40] audit: type=1400 audit(1778397040.274:6148): avc:  denied  { read open } for  pid=14555 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  232.899743][   T40] audit: type=1400 audit(1778397040.274:6149): avc:  denied  { unmount } for  pid=12265 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  232.910853][   T40] audit: type=1400 audit(1778397040.284:6150): avc:  denied  { getattr } for  pid=14555 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  232.916186][T14555] audit: audit_backlog=65 > audit_backlog_limit=64
[  232.921479][T14561] audit: audit_backlog=65 > audit_backlog_limit=64
[  232.923125][T14555] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  232.925728][   T40] audit: type=1400 audit(1778397040.284:6151): avc:  denied  { search } for  pid=14555 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  232.928172][T14555] audit: backlog limit exceeded
[  232.929461][T14555] audit: audit_backlog=65 > audit_backlog_limit=64
[  232.939212][T14561] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64
[  232.992753][T14476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  233.013351][T14476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  233.074428][T14476] team0: Port device team_slave_0 added
[  233.093156][T14476] team0: Port device team_slave_1 added
[  233.187823][T14476] batman_adv: batadv0: Adding interface: batadv_slave_0
[  233.191019][T14476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  233.207662][T14476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  233.230425][T14571] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2509'.
[  233.230896][T14476] batman_adv: batadv0: Adding interface: batadv_slave_1
[  233.235661][T14476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  233.259917][T14476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  233.313118][T14571] kvm: user requested TSC rate below hardware speed
[  233.349338][T14573] /dev/sr0: Can't open blockdev
[  233.401266][T14476] hsr_slave_0: entered promiscuous mode
[  233.404782][T14476] hsr_slave_1: entered promiscuous mode
[  233.414097][T14476] debugfs: 'hsr0' already exists in 'hsr'
[  233.416643][T14476] Cannot create hsr debugfs directory
[  233.519012][ T5440] 8021q: adding VLAN 0 to HW filter on device eth10
[  233.633814][T14583] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -11243, delta: 1
[  233.639361][T14583] ref_ctr increment failed for inode: 0x32e offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff888038b124c0
[  233.643507][T14583] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -11243, delta: -1
[  233.646439][T14583] ref_ctr decrement failed for inode: 0x32e offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff888038b124c0
[  233.656916][T14583] uprobe: syz.6.2517:14583 failed to unregister, leaking uprobe
[  233.752536][T14588] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2519'.
[  233.758613][T14588] netlink: 'syz.6.2519': attribute type 1 has an invalid length.
[  233.846906][ T5736] Bluetooth: hci1: command tx timeout
[  233.890938][T14588] bond1: entered promiscuous mode
[  233.892911][T14588] 8021q: adding VLAN 0 to HW filter on device bond1
[  233.911591][T14596] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  233.916928][T14596] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  233.926285][T14596] bond1: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode
[  233.950905][T14588] netlink: 'syz.6.2519': attribute type 3 has an invalid length.
[  233.964272][T14588] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2519'.
[  233.993460][T14599] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  234.379823][T14616] futex_wake_op: syz.5.2524 tries to shift op by -1; fix this program
[  234.449254][T10392] tipc: Disabling bearer <udp:syz2>
[  234.470866][T10392] tipc: Left network mode
[  234.615496][T14624] netlink: 'syz.6.2528': attribute type 1 has an invalid length.
[  234.663174][T14624] 8021q: adding VLAN 0 to HW filter on device bond2
[  234.681549][T14629] bond2: (slave geneve2): making interface the new active one
[  234.685234][T14629] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  234.715166][T14624] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14624 comm=syz.6.2528
[  234.741368][T14476] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  234.749697][T14476] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  234.758559][T14476] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  234.762583][T14476] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  234.766536][T14476] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  234.774793][T14476] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  234.789527][T14476] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  234.812377][T14476] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  235.022330][T10392] hsr_slave_0: left promiscuous mode
[  235.026565][T10392] hsr_slave_1: left promiscuous mode
[  235.042346][T10392] veth1_macvtap: left allmulticast mode
[  235.046077][T10392] veth1_macvtap: left promiscuous mode
[  235.050619][T10392] veth0_macvtap: left promiscuous mode
[  235.054647][T10392] veth1_vlan: left promiscuous mode
[  235.057867][T10392] veth0_vlan: left promiscuous mode
[  235.107710][  T854] usb 11-1: new high-speed USB device number 6 using dummy_hcd
[  235.256916][  T854] usb 11-1: Using ep0 maxpacket: 8
[  235.270795][  T854] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  235.276333][  T854] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  235.281235][  T854] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  235.296852][  T854] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  235.300984][  T854] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  235.303816][  T854] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.478547][T14476] 8021q: adding VLAN 0 to HW filter on device bond0
[  235.507876][T14476] 8021q: adding VLAN 0 to HW filter on device team0
[  235.533389][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.535730][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  235.539902][  T854] usb 11-1: GET_CAPABILITIES returned 0
[  235.541645][  T854] usbtmc 11-1:16.0: can't read capabilities
[  235.555317][T10665] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.558466][T10665] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.719924][T14669] binder: BINDER_SET_CONTEXT_MGR already set
[  235.757587][T14669] binder: 14667:14669 ioctl 4018620d 200000000100 returned -16
[  235.856264][T10392] IPVS: stop unused estimator thread 0...
[  235.927264][ T5736] Bluetooth: hci1: command tx timeout
[  236.038611][   T34] usb 11-1: USB disconnect, device number 6
[  236.167883][T14682] efs: cannot read volume header
[  237.594746][T14706] set match dimension is over the limit!
[  237.630453][T14707] set match dimension is over the limit!
[  238.016940][ T5736] Bluetooth: hci1: command tx timeout
[  238.027277][   T40] kauditd_printk_skb: 2241 callbacks suppressed
[  238.027292][   T40] audit: type=1400 audit(1778397045.414:8366): avc:  denied  { read write } for  pid=7877 comm="syz-executor" name="loop5" dev="devtmpfs" ino=663 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  238.053387][   T40] audit: type=1400 audit(1778397045.424:8367): avc:  denied  { read write open } for  pid=7877 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=663 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  238.066644][   T40] audit: type=1400 audit(1778397045.424:8368): avc:  denied  { ioctl } for  pid=7877 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=663 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  238.104564][   T40] audit: type=1400 audit(1778397045.494:8369): avc:  denied  { create } for  pid=14713 comm="syz.5.2548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  238.116170][   T40] audit: type=1400 audit(1778397045.504:8370): avc:  denied  { prog_load } for  pid=14713 comm="syz.5.2548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  238.124226][   T40] audit: type=1400 audit(1778397045.504:8371): avc:  denied  { bpf } for  pid=14713 comm="syz.5.2548" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  238.132026][   T40] audit: type=1400 audit(1778397045.514:8372): avc:  denied  { perfmon } for  pid=14713 comm="syz.5.2548" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  238.133112][T14714] netlink: 'syz.5.2548': attribute type 1 has an invalid length.
[  238.140182][   T40] audit: type=1400 audit(1778397045.514:8373): avc:  denied  { prog_load } for  pid=14713 comm="syz.5.2548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  238.147307][   T40] audit: type=1400 audit(1778397045.514:8374): avc:  denied  { perfmon } for  pid=14713 comm="syz.5.2548" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  238.153981][   T40] audit: type=1400 audit(1778397045.514:8375): avc:  denied  { perfmon } for  pid=14713 comm="syz.5.2548" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  238.317135][T14714] bond9: entered promiscuous mode
[  238.319496][T14714] bond9: entered allmulticast mode
[  238.322155][T14714] 8021q: adding VLAN 0 to HW filter on device bond9
[  238.338594][T14715] erspan1: entered allmulticast mode
[  238.345355][T14715] bond9: (slave erspan1): making interface the new active one
[  238.353463][T14715] erspan1: entered promiscuous mode
[  238.359499][T14715] bond9: (slave erspan1): Enslaving as an active interface with an up link
[  238.372009][T14476] 8021q: adding VLAN 0 to HW filter on device batadv0
[  238.469461][T14476] veth0_vlan: entered promiscuous mode
[  238.496454][T14476] veth1_vlan: entered promiscuous mode
[  238.585896][T14476] veth0_macvtap: entered promiscuous mode
[  238.603432][T14476] veth1_macvtap: entered promiscuous mode
[  238.646162][T14476] batman_adv: batadv0: Interface activated: batadv_slave_0
[  238.672406][T14476] batman_adv: batadv0: Interface activated: batadv_slave_1
[  238.704838][T10665] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  238.710092][T10665] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  238.717101][T10665] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  238.732139][T10665] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  238.751958][T14727] netlink: 'syz.5.2553': attribute type 5 has an invalid length.
[  238.900283][T10392] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  238.905848][T10392] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  238.960983][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  238.966624][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  239.046349][T14740] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2559'.
[  239.113126][T14742] sctp: [Deprecated]: syz.6.2558 (pid 14742) Use of int in max_burst socket option.
[  239.113126][T14742] Use struct sctp_assoc_value instead
[  239.218729][T14750] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2561'.
[  239.263809][T14755] binder: 14754:14755 ioctl c0306201 200000000080 returned -14
[  239.350269][T14761] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14761 comm=syz.3.2564
[  239.593908][T14774] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2566'.
[  239.664830][T14774] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  239.697368][T14774] binder: 14773:14774 ioctl c0306201 200000000640 returned -22
[  239.980389][T14789] XFS (nullb0): Invalid superblock magic number
[  239.988311][T14798] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2571'.
[  239.991761][T14798] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2571'.
[  240.009568][T14798] syzkaller1: entered promiscuous mode
[  240.012109][T14798] syzkaller1: entered allmulticast mode
[  240.091892][T10392] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  240.144188][T14802] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  240.635589][T14821] Invalid argument reading file caps for ./file0
[  240.682255][T14823] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2579'.
[  240.901235][T14829] netlink: 'syz.3.2581': attribute type 21 has an invalid length.
[  241.195410][T14851] xt_hashlimit: Unknown mode mask 84, kernel too old?
[  241.464717][T14862] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.474890][T14862] bridge_slave_0 (unregistering): left allmulticast mode
[  241.477423][T14862] bridge_slave_0 (unregistering): left promiscuous mode
[  241.479810][T14862] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.601765][T14868] netlink: get zone limit has 4 unknown bytes
[  241.623054][T14868] netlink: 256 bytes leftover after parsing attributes in process `syz.6.2592'.
[  241.756644][T14874] netlink: 56 bytes leftover after parsing attributes in process `syz.6.2596'.
[  242.111785][T14893] netlink: 'syz.5.2600': attribute type 1 has an invalid length.
[  242.133937][T14894] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2601'.
[  242.150315][T14893] bond10: (slave vxcan3): The slave device specified does not support setting the MAC address
[  242.153676][T14893] bond10: (slave vxcan3): Setting fail_over_mac to active for active-backup mode
[  242.161126][T14893] bond10: (slave vxcan3): making interface the new active one
[  242.164346][T14893] bond10: (slave vxcan3): Enslaving as an active interface with an up link
[  242.174541][T14893] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2600'.
[  242.420266][T14908] syzkaller0: entered promiscuous mode
[  242.422082][T14908] syzkaller0: entered allmulticast mode
[  242.817274][T14925] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14925 comm=syz.4.2608
[  242.896361][T14924] bridge_slave_1: left allmulticast mode
[  242.914468][T14924] bridge_slave_1: left promiscuous mode
[  242.922694][T14924] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.930788][T14924] bridge_slave_0: left allmulticast mode
[  242.933076][T14924] bridge_slave_0: left promiscuous mode
[  242.935472][T14924] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.087555][   T40] kauditd_printk_skb: 1372 callbacks suppressed
[  243.087571][   T40] audit: type=1400 audit(1778397050.484:9748): avc:  denied  { read write } for  pid=14926 comm="syz.5.2609" name="vbi1" dev="devtmpfs" ino=978 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  243.112468][   T40] audit: type=1400 audit(1778397050.484:9749): avc:  denied  { read write open } for  pid=14926 comm="syz.5.2609" path="/dev/vbi1" dev="devtmpfs" ino=978 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  243.139785][   T40] audit: type=1400 audit(1778397050.494:9750): avc:  denied  { ioctl } for  pid=14926 comm="syz.5.2609" path="/dev/vbi1" dev="devtmpfs" ino=978 ioctlcmd=0x5649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  243.150704][   T40] audit: type=1400 audit(1778397050.534:9751): avc:  denied  { unmount } for  pid=14214 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  243.156743][   T40] audit: type=1400 audit(1778397050.544:9752): avc:  denied  { read write } for  pid=14938 comm="syz.6.2612" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  243.164024][   T40] audit: type=1400 audit(1778397050.544:9753): avc:  denied  { read write open } for  pid=14938 comm="syz.6.2612" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  243.173507][   T40] audit: type=1400 audit(1778397050.544:9754): avc:  denied  { search } for  pid=14937 comm="rm" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  243.189787][   T40] audit: type=1400 audit(1778397050.554:9755): avc:  denied  { read } for  pid=14938 comm="syz.6.2612" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  243.198102][   T40] audit: type=1400 audit(1778397050.554:9756): avc:  denied  { read open } for  pid=14938 comm="syz.6.2612" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  243.207709][   T40] audit: type=1400 audit(1778397050.554:9757): avc:  denied  { search } for  pid=14937 comm="rm" name="dhcpcd" dev="tmpfs" ino=1837 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  243.248615][T14942] /dev/nullb0: Can't open blockdev
[  243.266068][T14947] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=14947 comm=syz.4.2614
[  243.403711][T14954] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.876122][T14982] x_tables: arp_tables: NFQUEUE target: not valid for this family
[  244.048875][T14990] netlink: 'syz.3.2625': attribute type 1 has an invalid length.
[  244.058960][T14990] netlink: 'syz.3.2625': attribute type 4 has an invalid length.
[  244.067363][T14990] __nla_validate_parse: 5 callbacks suppressed
[  244.067381][T14990] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2625'.
[  244.196271][T14993] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2626'.
[  244.372703][T15001] nftables ruleset with unbound set
[  244.696969][  T854] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  244.862273][  T854] usb 10-1: config 0 has no interfaces?
[  244.919027][  T854] usb 10-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  244.925247][  T854] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.931359][  T854] usb 10-1: Product: syz
[  244.933095][  T854] usb 10-1: Manufacturer: syz
[  244.937531][  T854] usb 10-1: SerialNumber: syz
[  244.945872][  T854] usb 10-1: config 0 descriptor??
[  245.031909][T15014] netlink: 'syz.3.2632': attribute type 1 has an invalid length.
[  245.260596][T15008] loop5: detected capacity change from 0 to 2640
[  245.264351][T15008] buffer_io_error: 10 callbacks suppressed
[  245.264361][T15008] Buffer I/O error on dev loop5, logical block 0, async page read
[  245.273051][T15008] Buffer I/O error on dev loop5, logical block 0, async page read
[  245.276958][T15008] Buffer I/O error on dev loop5, logical block 0, async page read
[  245.285382][T15008] Buffer I/O error on dev loop5, logical block 0, async page read
[  245.285470][T15002] veth0_vlan: left promiscuous mode
[  245.293370][T15008] Buffer I/O error on dev loop5, logical block 0, async page read
[  245.303559][T15008] Buffer I/O error on dev loop5, logical block 0, async page read
[  245.304148][T15002] veth0_vlan: entered promiscuous mode
[  245.313595][T15008] Buffer I/O error on dev loop5, logical block 0, async page read
[  245.316118][T15008] Buffer I/O error on dev loop5, logical block 0, async page read
[  245.323675][T15008] ldm_validate_partition_table(): Disk read failed.
[  245.372505][T15002] vivid-000: disconnect
[  245.427740][    T9] usb 11-1: new high-speed USB device number 7 using dummy_hcd
[  245.457648][T15008] Buffer I/O error on dev loop5, logical block 0, async page read
[  245.462627][T15008] Buffer I/O error on dev loop5, logical block 0, async page read
[  245.497180][T15008] Dev loop5: unable to read RDB block 0
[  245.499918][T15008]  loop5: unable to read partition table
[  245.502283][T15008] loop_reread_partitions: partition scan of loop5 (3�����) failed (rc=-5)
[  245.518373][T14999] vivid-000: reconnect
[  245.537220][  T854] usb 10-1: USB disconnect, device number 13
[  245.586899][    T9] usb 11-1: Using ep0 maxpacket: 32
[  245.655246][    T9] usb 11-1: unable to get BOS descriptor or descriptor too short
[  245.665715][    T9] usb 11-1: unable to read config index 0 descriptor/start: -71
[  245.672619][    T9] usb 11-1: can't read configurations, error -71
[  246.418322][T15047] tipc: Cannot configure node identity twice
[  246.509330][T15063] openvswitch: netlink: Unexpected mask (mask=20440, allowed=10048)
[  246.638140][T15069] FAULT_INJECTION: forcing a failure.
[  246.638140][T15069] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  246.649293][T15069] CPU: 1 UID: 0 PID: 15069 Comm: syz.4.2651 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  246.649310][T15069] Tainted: [L]=SOFTLOCKUP
[  246.649326][T15069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  246.649332][T15069] Call Trace:
[  246.649336][T15069]  <TASK>
[  246.649341][T15069]  dump_stack_lvl+0x100/0x190
[  246.649366][T15069]  should_fail_ex.cold+0x5/0xa
[  246.649382][T15069]  _copy_from_iter+0x1f4/0x1690
[  246.649405][T15069]  ? __asan_memset+0x23/0x50
[  246.649421][T15069]  ? __pfx__copy_from_iter+0x10/0x10
[  246.649436][T15069]  ? __pfx___alloc_skb+0x10/0x10
[  246.649462][T15069]  netlink_sendmsg+0x808/0xda0
[  246.649479][T15069]  ? __pfx_netlink_sendmsg+0x10/0x10
[  246.649492][T15069]  ? pti_set_user_pgtbl+0x30/0x50
[  246.649513][T15069]  ____sys_sendmsg+0x9e1/0xb70
[  246.649526][T15069]  ? __pfx_netlink_sendmsg+0x10/0x10
[  246.649541][T15069]  ? __pfx_____sys_sendmsg+0x10/0x10
[  246.649560][T15069]  ___sys_sendmsg+0x190/0x1e0
[  246.649574][T15069]  ? __pfx____sys_sendmsg+0x10/0x10
[  246.649604][T15069]  __sys_sendmsg+0x170/0x220
[  246.649615][T15069]  ? __pfx___sys_sendmsg+0x10/0x10
[  246.649630][T15069]  ? rcu_is_watching+0x12/0xc0
[  246.649649][T15069]  do_syscall_64+0x10b/0xf80
[  246.649668][T15069]  ? clear_bhb_loop+0x40/0x90
[  246.649681][T15069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.649692][T15069] RIP: 0033:0x7fb8f499cdd9
[  246.649700][T15069] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  246.649710][T15069] RSP: 002b:00007fb8f592c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  246.649721][T15069] RAX: ffffffffffffffda RBX: 00007fb8f4c15fa0 RCX: 00007fb8f499cdd9
[  246.649727][T15069] RDX: 0000000000000000 RSI: 0000200000003700 RDI: 0000000000000003
[  246.649733][T15069] RBP: 00007fb8f592c090 R08: 0000000000000000 R09: 0000000000000000
[  246.649740][T15069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  246.649750][T15069] R13: 00007fb8f4c16038 R14: 00007fb8f4c15fa0 R15: 00007ffc64c75b68
[  246.649764][T15069]  </TASK>
[  246.655939][T15068] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  246.862073][T15080] netlink: 'syz.5.2656': attribute type 1 has an invalid length.
[  246.863864][T15081] FAULT_INJECTION: forcing a failure.
[  246.863864][T15081] name failslab, interval 1, probability 0, space 0, times 0
[  246.864578][T15080] netlink: 'syz.5.2656': attribute type 1 has an invalid length.
[  246.868630][T15081] CPU: 1 UID: 0 PID: 15081 Comm: syz.4.2655 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  246.868647][T15081] Tainted: [L]=SOFTLOCKUP
[  246.868650][T15081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  246.868656][T15081] Call Trace:
[  246.868660][T15081]  <TASK>
[  246.868664][T15081]  dump_stack_lvl+0x100/0x190
[  246.868693][T15081]  should_fail_ex.cold+0x5/0xa
[  246.868710][T15081]  should_failslab+0xc2/0x120
[  246.868722][T15081]  __kmalloc_node_track_caller_noprof+0xe3/0x850
[  246.868744][T15081]  ? sidtab_sid2str_get+0x17a/0x670
[  246.868762][T15081]  kmemdup_noprof+0x29/0x60
[  246.868773][T15081]  sidtab_sid2str_get+0x17a/0x670
[  246.868790][T15081]  security_sid_to_context_core+0x35a/0x6d0
[  246.868807][T15081]  avc_audit_post_callback+0x109/0x900
[  246.868823][T15081]  ? __pfx_audit_log_lsm_data+0x10/0x10
[  246.868838][T15081]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  246.868853][T15081]  ? skb_put+0x138/0x180
[  246.868866][T15081]  ? audit_log_n_string+0x256/0x550
[  246.868881][T15081]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  246.868897][T15081]  common_lsm_audit+0x23f/0x2b0
[  246.868912][T15081]  ? __pfx_common_lsm_audit+0x10/0x10
[  246.868925][T15081]  ? avc_denied+0x14a/0x190
[  246.868944][T15081]  slow_avc_audit+0x186/0x210
[  246.868961][T15081]  ? __pfx_slow_avc_audit+0x10/0x10
[  246.868979][T15081]  ? find_held_lock+0x2b/0x80
[  246.868989][T15081]  ? avc_has_perm_noaudit+0x2b3/0x3b0
[  246.869005][T15081]  avc_has_perm+0x1a6/0x1e0
[  246.869015][T15081]  ? __pfx_avc_has_perm+0x10/0x10
[  246.869025][T15081]  ? is_bpf_text_address+0x94/0x1a0
[  246.869043][T15081]  sock_has_perm+0x253/0x2f0
[  246.869055][T15081]  ? __pfx_sock_has_perm+0x10/0x10
[  246.869068][T15081]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  246.869083][T15081]  ? import_ubuf+0x1b6/0x220
[  246.869099][T15081]  ? pti_set_user_pgtbl+0x30/0x50
[  246.869114][T15081]  ? __might_fault+0xc5/0x140
[  246.869131][T15081]  security_socket_sendmsg+0xd3/0x230
[  246.869145][T15081]  ____sys_sendmsg+0x862/0xb70
[  246.869159][T15081]  ? __pfx_____sys_sendmsg+0x10/0x10
[  246.869179][T15081]  ___sys_sendmsg+0x190/0x1e0
[  246.869194][T15081]  ? __pfx____sys_sendmsg+0x10/0x10
[  246.869225][T15081]  __sys_sendmsg+0x170/0x220
[  246.869235][T15081]  ? __pfx___sys_sendmsg+0x10/0x10
[  246.869251][T15081]  ? rcu_is_watching+0x12/0xc0
[  246.869269][T15081]  do_syscall_64+0x10b/0xf80
[  246.869283][T15081]  ? clear_bhb_loop+0x40/0x90
[  246.869296][T15081]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.869306][T15081] RIP: 0033:0x7fb8f499cdd9
[  246.869316][T15081] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  246.869331][T15081] RSP: 002b:00007fb8f592c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  246.869346][T15081] RAX: ffffffffffffffda RBX: 00007fb8f4c15fa0 RCX: 00007fb8f499cdd9
[  246.869356][T15081] RDX: 0000000004040140 RSI: 0000200000000840 RDI: 0000000000000003
[  246.869364][T15081] RBP: 00007fb8f592c090 R08: 0000000000000000 R09: 0000000000000000
[  246.869374][T15081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  246.869384][T15081] R13: 00007fb8f4c16038 R14: 00007fb8f4c15fa0 R15: 00007ffc64c75b68
[  246.869407][T15081]  </TASK>
[  247.265983][T15095] FAULT_INJECTION: forcing a failure.
[  247.265983][T15095] name failslab, interval 1, probability 0, space 0, times 0
[  247.270238][T15095] CPU: 1 UID: 0 PID: 15095 Comm: syz.5.2661 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  247.270255][T15095] Tainted: [L]=SOFTLOCKUP
[  247.270258][T15095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  247.270265][T15095] Call Trace:
[  247.270268][T15095]  <TASK>
[  247.270272][T15095]  dump_stack_lvl+0x100/0x190
[  247.270289][T15095]  should_fail_ex.cold+0x5/0xa
[  247.270304][T15095]  should_failslab+0xc2/0x120
[  247.270316][T15095]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  247.270332][T15095]  ? skb_clone+0x190/0x400
[  247.270344][T15095]  skb_clone+0x190/0x400
[  247.270354][T15095]  netlink_deliver_tap+0xaed/0xcc0
[  247.270370][T15095]  netlink_unicast+0x62b/0x850
[  247.270386][T15095]  ? __pfx_netlink_unicast+0x10/0x10
[  247.270404][T15095]  netlink_sendmsg+0x8b0/0xda0
[  247.270419][T15095]  ? __pfx_netlink_sendmsg+0x10/0x10
[  247.270432][T15095]  ? pti_set_user_pgtbl+0x30/0x50
[  247.270452][T15095]  ____sys_sendmsg+0x9e1/0xb70
[  247.270465][T15095]  ? __pfx_netlink_sendmsg+0x10/0x10
[  247.270479][T15095]  ? __pfx_____sys_sendmsg+0x10/0x10
[  247.270498][T15095]  ___sys_sendmsg+0x190/0x1e0
[  247.270513][T15095]  ? __pfx____sys_sendmsg+0x10/0x10
[  247.270543][T15095]  __sys_sendmsg+0x170/0x220
[  247.270553][T15095]  ? __pfx___sys_sendmsg+0x10/0x10
[  247.270570][T15095]  ? rcu_is_watching+0x12/0xc0
[  247.270588][T15095]  do_syscall_64+0x10b/0xf80
[  247.270603][T15095]  ? clear_bhb_loop+0x40/0x90
[  247.270615][T15095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.270626][T15095] RIP: 0033:0x7f9b15d9cdd9
[  247.270636][T15095] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  247.270647][T15095] RSP: 002b:00007f9b16c23028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  247.270657][T15095] RAX: ffffffffffffffda RBX: 00007f9b16015fa0 RCX: 00007f9b15d9cdd9
[  247.270664][T15095] RDX: 0000000000000000 RSI: 0000200000003700 RDI: 0000000000000003
[  247.270671][T15095] RBP: 00007f9b16c23090 R08: 0000000000000000 R09: 0000000000000000
[  247.270677][T15095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  247.270684][T15095] R13: 00007f9b16016038 R14: 00007f9b16015fa0 R15: 00007fff64515cc8
[  247.270698][T15095]  </TASK>
[  247.615534][T15112] openvswitch: netlink: Missing key (keys=40, expected=100)
[  247.629467][T15112] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15112 comm=syz.6.2665
[  247.764299][T15119] raw_sendmsg: syz.5.2668 forgot to set AF_INET. Fix it!
[  247.846857][T15126] FAULT_INJECTION: forcing a failure.
[  247.846857][T15126] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  247.860851][T15126] CPU: 1 UID: 0 PID: 15126 Comm: syz.3.2671 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  247.860870][T15126] Tainted: [L]=SOFTLOCKUP
[  247.860874][T15126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  247.860880][T15126] Call Trace:
[  247.860885][T15126]  <TASK>
[  247.860889][T15126]  dump_stack_lvl+0x100/0x190
[  247.860906][T15126]  should_fail_ex.cold+0x5/0xa
[  247.860921][T15126]  _copy_from_iter+0x1f4/0x1690
[  247.860940][T15126]  ? __asan_memset+0x23/0x50
[  247.860956][T15126]  ? __pfx__copy_from_iter+0x10/0x10
[  247.860972][T15126]  ? __pfx___alloc_skb+0x10/0x10
[  247.860993][T15126]  netlink_sendmsg+0x808/0xda0
[  247.861011][T15126]  ? __pfx_netlink_sendmsg+0x10/0x10
[  247.861024][T15126]  ? pti_set_user_pgtbl+0x30/0x50
[  247.861044][T15126]  ____sys_sendmsg+0x9e1/0xb70
[  247.861057][T15126]  ? __pfx_netlink_sendmsg+0x10/0x10
[  247.861072][T15126]  ? __pfx_____sys_sendmsg+0x10/0x10
[  247.861091][T15126]  ___sys_sendmsg+0x190/0x1e0
[  247.861106][T15126]  ? __pfx____sys_sendmsg+0x10/0x10
[  247.861134][T15126]  __sys_sendmsg+0x170/0x220
[  247.861145][T15126]  ? __pfx___sys_sendmsg+0x10/0x10
[  247.861161][T15126]  ? rcu_is_watching+0x12/0xc0
[  247.861179][T15126]  do_syscall_64+0x10b/0xf80
[  247.861193][T15126]  ? clear_bhb_loop+0x40/0x90
[  247.861206][T15126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.861217][T15126] RIP: 0033:0x7fb72a19cdd9
[  247.861227][T15126] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  247.861237][T15126] RSP: 002b:00007fb72b051028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  247.861249][T15126] RAX: ffffffffffffffda RBX: 00007fb72a415fa0 RCX: 00007fb72a19cdd9
[  247.861256][T15126] RDX: 0000000000000000 RSI: 0000200000003700 RDI: 0000000000000003
[  247.861262][T15126] RBP: 00007fb72b051090 R08: 0000000000000000 R09: 0000000000000000
[  247.861268][T15126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  247.861275][T15126] R13: 00007fb72a416038 R14: 00007fb72a415fa0 R15: 00007ffdc70b9688
[  247.861289][T15126]  </TASK>
[  248.075633][T15136] netlink: 'syz.3.2674': attribute type 1 has an invalid length.
[  248.092047][T15136] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  248.109730][   T40] kauditd_printk_skb: 1389 callbacks suppressed
[  248.109741][   T40] audit: type=1400 audit(1778397055.504:11147): avc:  denied  { read write } for  pid=7877 comm="syz-executor" name="loop5" dev="devtmpfs" ino=663 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  248.126843][   T40] audit: type=1400 audit(1778397055.504:11148): avc:  denied  { read write open } for  pid=7877 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=663 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  248.147048][   T40] audit: type=1400 audit(1778397055.504:11149): avc:  denied  { ioctl } for  pid=7877 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=663 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  248.158968][   T40] audit: type=1400 audit(1778397055.514:11150): avc:  denied  { read write } for  pid=14214 comm="syz-executor" name="loop4" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  248.178112][   T40] audit: type=1400 audit(1778397055.514:11151): avc:  denied  { read write open } for  pid=14214 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  248.188002][   T40] audit: type=1400 audit(1778397055.514:11152): avc:  denied  { ioctl } for  pid=14214 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=662 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  248.195994][   T40] audit: type=1400 audit(1778397055.524:11153): avc:  denied  { read write } for  pid=12265 comm="syz-executor" name="loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  248.206752][   T40] audit: type=1400 audit(1778397055.524:11154): avc:  denied  { read write open } for  pid=12265 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  248.217312][   T40] audit: type=1400 audit(1778397055.524:11155): avc:  denied  { ioctl } for  pid=12265 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  248.226085][   T40] audit: type=1326 audit(1778397055.614:11156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15142 comm="syz.5.2676" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b15d9cdd9 code=0x7ffc0000
[  248.535899][T15167] netlink: 80 bytes leftover after parsing attributes in process `syz.6.2684'.
[  248.551709][T15160] netlink: 'syz.5.2682': attribute type 9 has an invalid length.
[  248.626181][T15173] comedi comedi3: adq12b: I/O base address or length out of range
[  248.643836][T15172] PKCS8: Unsupported PKCS#8 version
[  248.649625][T15173] netlink: 'syz.4.2686': attribute type 10 has an invalid length.
[  248.679508][T15183] netlink: 100 bytes leftover after parsing attributes in process `syz.5.2688'.
[  248.742485][T15173] input: syz1 as /devices/virtual/input/input27
[  248.813347][T15188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2691'.
[  248.820071][T15188] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15188 comm=syz.3.2691
[  248.925512][T15197] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2692'.
[  249.171341][T15207] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3979591798 (509387750144 ns) > initial count (364801339648 ns). Using initial count to start timer.
[  249.758946][T15240] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2704'.
[  250.043721][T15258] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  250.085436][T15262] netlink: 84 bytes leftover after parsing attributes in process `syz.6.2705'.
[  250.290617][T15269] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  250.303931][T15269] iommufd_mock iommufd_mock1: Adding to iommu group 10
[  250.401003][T15272] xt_hashlimit: size too large, truncated to 1048576
[  250.407676][T15273] comedi comedi3: adq12b: I/O base address or length out of range
[  250.452194][T15273] netlink: 'syz.6.2718': attribute type 10 has an invalid length.
[  250.499177][T15273] input: syz1 as /devices/virtual/input/input28
[  250.575871][T15279] binder: 15278:15279 ioctl c018620c 200000000240 returned -22
[  250.754017][T15285] netlink: 'syz.3.2720': attribute type 7 has an invalid length.
[  251.134476][T15313] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000062 undefined
[  251.134714][T15314] comedi comedi3: adq12b: I/O base address or length out of range
[  251.145562][T15317] 9pnet_virtio: no channels available for device syz
[  251.165220][T15317] 9pnet_virtio: no channels available for device syz
[  251.168481][T15318] 9pnet_virtio: no channels available for device syz
[  251.181676][T15316] bridge_slave_0: left allmulticast mode
[  251.185663][T15316] bridge_slave_0: left promiscuous mode
[  251.195953][T15316] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.205527][T15316] bridge_slave_1: left allmulticast mode
[  251.211621][T15316] bridge_slave_1: left promiscuous mode
[  251.218610][T15316] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.253365][T15316] bond0: (slave bond_slave_0): Releasing backup interface
[  251.262566][T15316] bond0: (slave bond_slave_1): Releasing backup interface
[  251.279699][T15316] team0: Port device team_slave_0 removed
[  251.295955][T15316] team0: Port device team_slave_1 removed
[  251.303268][T15316] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  251.308296][T15316] batman_adv: batadv0: Removing interface: batadv_slave_0
[  251.320917][T15316] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  251.327326][T15316] batman_adv: batadv0: Removing interface: batadv_slave_1
[  251.342554][T15316] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  251.357238][T15321] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2731'.
[  251.408021][T15329] xt_hashlimit: size too large, truncated to 1048576
[  252.271021][T15354] netlink: 'syz.6.2739': attribute type 11 has an invalid length.
[  252.274257][T15356] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2740'.
[  252.277362][T15354] netlink: 199788 bytes leftover after parsing attributes in process `syz.6.2739'.
[  252.288423][T15356] random: crng reseeded on system resumption
[  252.369196][ T1483] usb 9-1: new full-speed USB device number 31 using dummy_hcd
[  252.525614][T15364] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2744'.
[  252.543313][ T1483] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  252.547539][ T1483] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  252.556612][ T1483] usb 9-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ac.7e
[  252.560167][ T1483] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.562716][ T1483] usb 9-1: Product: syz
[  252.564080][ T1483] usb 9-1: Manufacturer: syz
[  252.565665][ T1483] usb 9-1: SerialNumber: syz
[  252.572524][ T1483] usb 9-1: config 0 descriptor??
[  252.582540][ T1483] hub 9-1:0.0: bad descriptor, ignoring hub
[  252.592265][ T5736] block nbd3: Receive control failed (result -107)
[  252.599930][ T1483] hub 9-1:0.0: probe with driver hub failed with error -5
[  252.612889][ T1483] input: syz syz as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/input/input29
[  252.636994][ T4294] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[  252.816901][ T4294] usb 10-1: Using ep0 maxpacket: 8
[  252.826444][ T4294] usb 10-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.834993][ T4294] usb 10-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.846371][ T4294] usb 10-1: config 0 interface 0 has no altsetting 0
[  252.852709][ T4294] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  252.855640][ T4294] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.865323][ T4294] usb 10-1: config 0 descriptor??
[  252.891522][T15372] syz_tun: entered allmulticast mode
[  252.948430][T15374] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  253.126632][   T40] kauditd_printk_skb: 1334 callbacks suppressed
[  253.126644][   T40] audit: type=1400 audit(1778397060.514:12491): avc:  denied  { read write } for  pid=12265 comm="syz-executor" name="loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  253.153526][   T40] audit: type=1400 audit(1778397060.524:12492): avc:  denied  { read write open } for  pid=12265 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  253.168065][   T40] audit: type=1400 audit(1778397060.524:12493): avc:  denied  { ioctl } for  pid=12265 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  253.216252][T15347] syz_tun: left allmulticast mode
[  253.253759][   T40] audit: type=1400 audit(1778397060.644:12494): avc:  denied  { module_request } for  pid=15380 comm="syz.6.2748" kmod="net-pf-16-proto-19" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  253.297958][   T40] audit: type=1400 audit(1778397060.684:12495): avc:  denied  { ioctl } for  pid=15359 comm="syz.5.2743" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  253.303700][ T4294] hid_parser_main: 108 callbacks suppressed
[  253.303721][ T4294] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  253.313279][   T40] audit: type=1400 audit(1778397060.694:12496): avc:  denied  { ioctl } for  pid=15359 comm="syz.5.2743" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  253.319351][ T4294] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  253.327976][ T4294] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  253.330970][ T4294] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  253.333912][ T4294] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  253.337891][ T4294] mcp2221 0003:04D8:00DD.0007: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[  253.342355][   T40] audit: type=1400 audit(1778397060.734:12497): avc:  denied  { read write } for  pid=12265 comm="syz-executor" name="loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  253.352500][   T40] audit: type=1400 audit(1778397060.734:12498): avc:  denied  { read write open } for  pid=12265 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  253.363094][   T40] audit: type=1400 audit(1778397060.734:12499): avc:  denied  { ioctl } for  pid=12265 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  253.477742][   T40] audit: type=1400 audit(1778397060.874:12500): avc:  denied  { read write } for  pid=12265 comm="syz-executor" name="loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  253.504301][ T4294] usb 10-1: USB disconnect, device number 14
[  253.844015][T15407] random: crng reseeded on system resumption
[  254.140850][T15426] sctp: [Deprecated]: syz.5.2761 (pid 15426) Use of struct sctp_assoc_value in delayed_ack socket option.
[  254.140850][T15426] Use struct sctp_sack_info instead
[  254.155945][T15426] fuse: Unknown parameter 'fe30x0000000000000007'
[  254.167839][ T1303] block nbd0: Possible stuck request ffff88802a3f7000: control (read@0,1024B). Runtime 150 seconds
[  254.172281][ T1303] block nbd0: Possible stuck request ffff88802a3f71c0: control (read@1024,1024B). Runtime 150 seconds
[  254.177058][ T1303] block nbd0: Possible stuck request ffff88802a3f7380: control (read@2048,1024B). Runtime 150 seconds
[  254.181442][ T1303] block nbd0: Possible stuck request ffff88802a3f7540: control (read@3072,1024B). Runtime 150 seconds
[  254.557208][T15440] xt_hashlimit: size too large, truncated to 1048576
[  254.593744][   T59] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  254.604421][   T59] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  254.618824][   T59] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  254.625496][   T59] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  254.635255][   T59] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  254.692823][   T59] hid-generic 0005:00B6:0009.0008: hidraw1: BLUETOOTH HID v1ade12.f3 Device [syz0] on syz1
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x148000)
[  255.589723][T15471] loop4: detected capacity change from 0 to 7
[  255.592404][T15471] buffer_io_error: 11 callbacks suppressed
[  255.592414][T15471] Buffer I/O error on dev loop4, logical block 0, async page read
[  255.597496][T15471] Buffer I/O error on dev loop4, logical block 0, async page read
[  255.600105][T15471] Buffer I/O error on dev loop4, logical block 0, async page read
[  255.602646][T15471] Buffer I/O error on dev loop4, logical block 0, async page read
[  255.605156][T15471] Buffer I/O error on dev loop4, logical block 0, async page read
[  255.610214][T15471] Buffer I/O error on dev loop4, logical block 0, async page read
[  255.615979][T15471] Buffer I/O error on dev loop4, logical block 0, async page read
[  255.619581][T15471] ldm_validate_partition_table(): Disk read failed.
[  255.621713][T15471] Buffer I/O error on dev loop4, logical block 0, async page read
[  255.624266][T15471] Buffer I/O error on dev loop4, logical block 0, async page read
[  255.626875][T15471] Buffer I/O error on dev loop4, logical block 0, async page read
[  255.629409][T15471] Dev loop4: unable to read RDB block 0
[  255.631299][T15471]  loop4: unable to read partition table
[  255.633214][T15471] loop4: partition table beyond EOD, truncated
[  255.635245][T15471] loop_reread_partitions: partition scan of loop4 (���������S�j��	���%��`��ր����5) failed (rc=-5)
[  255.639804][T15471] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2775'.
[  255.753426][T15477] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2777'.
[  255.894635][T15482] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2778'.
[  255.897967][T15482] netlink: 'syz.6.2778': attribute type 11 has an invalid length.
[  255.908946][T15482] cgroup: Name too long
[  255.912999][T15482] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2778'.
[  255.915823][T15482] netlink: 'syz.6.2778': attribute type 11 has an invalid length.
[  255.922124][T15482] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2778'.
[  255.924943][T15482] netlink: 'syz.6.2778': attribute type 11 has an invalid length.
[  256.175834][T15486] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2779'.
[  256.522029][ T5811] usb 9-1: USB disconnect, device number 31
[  256.800828][ T1131] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  256.807170][ T1131] ata1: failed to read log page 10h (errno=-5)
[  256.809232][ T1131] ata1.00: exception Emask 0x1 SAct 0x4000 SErr 0x0 action 0x0
[  256.821762][ T1131] ata1.00: irq_stat 0x41000008
[  256.823304][ T1131] ata1.00: failed command: READ FPDMA QUEUED
[  256.836826][ T1131] ata1.00: cmd 60/40:70:a6:9a:03/0a:00:00:00:00/40 tag 14 ncq dma 1343488 in
[  256.836826][ T1131]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  256.844402][ T1131] ata1.00: status: { DRDY }
[  256.845887][ T1131] ata1.00: error: { ABRT }
[  256.854705][ T1131] ata1.00: configured for UDMA/100
[  256.864148][ T1131] sd 0:0:0:0: [sda] tag#14 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=1s
[  256.876225][ T1131] sd 0:0:0:0: [sda] tag#14 Sense Key : Aborted Command [current] 
[  256.883241][ T1131] sd 0:0:0:0: [sda] tag#14 Add. Sense: No additional sense information
[  256.888742][ T1131] sd 0:0:0:0: [sda] tag#14 CDB: Read(10) 28 00 00 03 9a a6 00 0a 40 00
[  256.895311][ T1131] blk_print_req_error: 10 callbacks suppressed
[  256.895321][ T1131] I/O error, dev sda, sector 236198 op 0x0:(READ) flags 0x80700 phys_seg 97 prio class 2
[  256.904919][ T1131] ata1: EH complete
[  256.980502][T15511] kvm: vcpu 0: requested 18 ns lapic timer period limited to 200000 ns
[  257.066609][T15448] fido_id[15448]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  257.137847][T15519] ������: renamed from vlan0 (while UP)
[  257.360279][T15525] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2794'.
[  257.364087][T15525] netlink: 'syz.4.2794': attribute type 11 has an invalid length.
[  257.382199][T10376] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  257.386199][T10376] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  257.393980][T10376] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  257.400408][T15525] cgroup: Name too long
[  257.404358][T10376] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  257.406561][T15525] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2794'.
[  257.415105][T15525] netlink: 'syz.4.2794': attribute type 11 has an invalid length.
[  257.420401][T15525] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2794'.
[  257.426395][T15525] netlink: 'syz.4.2794': attribute type 11 has an invalid length.
[  257.873220][T15547] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2799'.
[  258.128270][   T40] kauditd_printk_skb: 683 callbacks suppressed
[  258.128288][   T40] audit: type=1400 audit(1778397065.524:13184): avc:  denied  { ioctl } for  pid=15564 comm="syz.4.2804" path="/dev/ppp" dev="devtmpfs" ino=730 ioctlcmd=0x7439 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  258.142133][   T40] audit: type=1400 audit(1778397065.524:13185): avc:  denied  { prog_load } for  pid=15564 comm="syz.4.2804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  258.150578][   T40] audit: type=1400 audit(1778397065.524:13186): avc:  denied  { bpf } for  pid=15564 comm="syz.4.2804" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  258.165279][T15569] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=49 sclass=netlink_xfrm_socket pid=15569 comm=syz.6.2805
[  258.170940][   T40] audit: type=1400 audit(1778397065.524:13187): avc:  denied  { perfmon } for  pid=15564 comm="syz.4.2804" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  258.184191][   T40] audit: type=1400 audit(1778397065.524:13188): avc:  denied  { prog_load } for  pid=15564 comm="syz.4.2804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  258.196746][   T40] audit: type=1400 audit(1778397065.524:13189): avc:  denied  { perfmon } for  pid=15564 comm="syz.4.2804" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  258.208421][   T40] audit: type=1400 audit(1778397065.524:13190): avc:  denied  { perfmon } for  pid=15564 comm="syz.4.2804" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  258.220037][   T40] audit: type=1400 audit(1778397065.524:13191): avc:  denied  { perfmon } for  pid=15564 comm="syz.4.2804" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  258.220129][T15567] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=15567 comm=syz.3.2803
[  258.231687][   T40] audit: type=1400 audit(1778397065.524:13192): avc:  denied  { perfmon } for  pid=15564 comm="syz.4.2804" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  258.244621][   T40] audit: type=1400 audit(1778397065.524:13193): avc:  denied  { bpf } for  pid=15564 comm="syz.4.2804" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  258.596188][T15582] fuseblk: fd is not a fuse device
[  259.368366][T15612] rpc_pipefs: Unknown parameter 'usrquota'
[  259.877753][T15634] openvswitch: netlink: Flow key attr not present in new flow.
[  259.896849][T15633] sctp: [Deprecated]: syz.5.2823 (pid 15633) Use of int in max_burst socket option deprecated.
[  259.896849][T15633] Use struct sctp_assoc_value instead
[  260.014376][T15640] usb usb8: usbfs: process 15640 (syz.3.2824) did not claim interface 0 before use
[  260.284134][T15650] comedi comedi3: adq12b: I/O base address or length out of range
[  260.291196][T15652] FAULT_INJECTION: forcing a failure.
[  260.291196][T15652] name failslab, interval 1, probability 0, space 0, times 0
[  260.316942][T15652] CPU: 3 UID: 0 PID: 15652 Comm: syz.6.2828 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  260.316970][T15652] Tainted: [L]=SOFTLOCKUP
[  260.316976][T15652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  260.316987][T15652] Call Trace:
[  260.316994][T15652]  <TASK>
[  260.317001][T15652]  dump_stack_lvl+0x100/0x190
[  260.317040][T15652]  should_fail_ex.cold+0x5/0xa
[  260.317065][T15652]  ? tomoyo_realpath_from_path+0xb6/0x690
[  260.317095][T15652]  should_failslab+0xc2/0x120
[  260.317115][T15652]  __kmalloc_noprof+0xe0/0x850
[  260.317139][T15652]  ? kfree+0x1dd/0x6c0
[  260.317161][T15652]  tomoyo_realpath_from_path+0xb6/0x690
[  260.317189][T15652]  tomoyo_path_number_perm+0x23c/0x580
[  260.317208][T15652]  ? tomoyo_path_number_perm+0x22e/0x580
[  260.317230][T15652]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  260.317273][T15652]  ? find_held_lock+0x2b/0x80
[  260.317290][T15652]  ? __fget_files+0x215/0x3d0
[  260.317311][T15652]  ? hook_file_ioctl_common+0x149/0x410
[  260.317336][T15652]  ? __fget_files+0x215/0x3d0
[  260.317360][T15652]  ? __fget_files+0x21f/0x3d0
[  260.317385][T15652]  security_file_ioctl+0xd3/0x230
[  260.317409][T15652]  __x64_sys_ioctl+0xb7/0x210
[  260.317431][T15652]  do_syscall_64+0x10b/0xf80
[  260.317465][T15652]  ? clear_bhb_loop+0x40/0x90
[  260.317487][T15652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.317504][T15652] RIP: 0033:0x7faca779cdd9
[  260.317518][T15652] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  260.317534][T15652] RSP: 002b:00007faca8619028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  260.317551][T15652] RAX: ffffffffffffffda RBX: 00007faca7a15fa0 RCX: 00007faca779cdd9
[  260.317563][T15652] RDX: 0000200000000180 RSI: 0000000040946400 RDI: 0000000000000003
[  260.317574][T15652] RBP: 00007faca8619090 R08: 0000000000000000 R09: 0000000000000000
[  260.317585][T15652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.317595][T15652] R13: 00007faca7a16038 R14: 00007faca7a15fa0 R15: 00007ffd90e1cb88
[  260.317620][T15652]  </TASK>
[  260.317627][T15652] ERROR: Out of memory at tomoyo_realpath_from_path.
[  260.408367][T15652] comedi comedi3: adq12b: I/O base address or length out of range
[  260.529176][T15658] tipc: Enabling of bearer <ud#:s> rejected, media not registered
[  260.590034][T15667] overlayfs: failed lookup in lower (newroot/83, name='bus', err=-40): overlapping layers
[  260.608191][T15667] overlayfs: failed lookup in lower (newroot/83, name='file0', err=-40): overlapping layers
[  260.611637][T15667] overlayfs: failed lookup in lower (newroot/83, name='file0', err=-40): overlapping layers
[  260.615106][T15667] overlayfs: failed lookup in lower (newroot/83, name='bus', err=-40): overlapping layers
[  260.618757][T15667] overlayfs: failed lookup in lower (newroot/83, name='file0', err=-40): overlapping layers
[  260.622163][T15667] overlayfs: failed lookup in lower (newroot/83, name='file0', err=-40): overlapping layers
[  260.917721][ T5736] Bluetooth: hci4: Received unexpected HCI Event 0x00
[  261.062990][T15697] FAULT_INJECTION: forcing a failure.
[  261.062990][T15697] name failslab, interval 1, probability 0, space 0, times 0
[  261.089458][T15697] CPU: 1 UID: 0 PID: 15697 Comm: syz.6.2842 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  261.089476][T15697] Tainted: [L]=SOFTLOCKUP
[  261.089480][T15697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  261.089486][T15697] Call Trace:
[  261.089491][T15697]  <TASK>
[  261.089495][T15697]  dump_stack_lvl+0x100/0x190
[  261.089512][T15697]  should_fail_ex.cold+0x5/0xa
[  261.089527][T15697]  ? tomoyo_encode2+0xfb/0x3c0
[  261.089542][T15697]  should_failslab+0xc2/0x120
[  261.089555][T15697]  __kmalloc_noprof+0xe0/0x850
[  261.089570][T15697]  ? d_absolute_path+0x136/0x1b0
[  261.089584][T15697]  tomoyo_encode2+0xfb/0x3c0
[  261.089601][T15697]  tomoyo_encode+0x29/0x50
[  261.089615][T15697]  tomoyo_realpath_from_path+0x18c/0x690
[  261.089633][T15697]  tomoyo_path_number_perm+0x23c/0x580
[  261.089646][T15697]  ? tomoyo_path_number_perm+0x22e/0x580
[  261.089660][T15697]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  261.089686][T15697]  ? find_held_lock+0x2b/0x80
[  261.089696][T15697]  ? __fget_files+0x215/0x3d0
[  261.089709][T15697]  ? hook_file_ioctl_common+0x149/0x410
[  261.089725][T15697]  ? __fget_files+0x215/0x3d0
[  261.089741][T15697]  ? __fget_files+0x21f/0x3d0
[  261.089756][T15697]  security_file_ioctl+0xd3/0x230
[  261.089771][T15697]  __x64_sys_ioctl+0xb7/0x210
[  261.089789][T15697]  do_syscall_64+0x10b/0xf80
[  261.089816][T15697]  ? clear_bhb_loop+0x40/0x90
[  261.089830][T15697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.089841][T15697] RIP: 0033:0x7faca779cdd9
[  261.089852][T15697] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  261.089862][T15697] RSP: 002b:00007faca8619028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  261.089873][T15697] RAX: ffffffffffffffda RBX: 00007faca7a15fa0 RCX: 00007faca779cdd9
[  261.089880][T15697] RDX: 0000200000000180 RSI: 0000000040946400 RDI: 0000000000000003
[  261.089887][T15697] RBP: 00007faca8619090 R08: 0000000000000000 R09: 0000000000000000
[  261.089893][T15697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  261.089899][T15697] R13: 00007faca7a16038 R14: 00007faca7a15fa0 R15: 00007ffd90e1cb88
[  261.089913][T15697]  </TASK>
[  261.089955][T15697] ERROR: Out of memory at tomoyo_realpath_from_path.
[  261.167475][T15697] comedi comedi3: adq12b: I/O base address or length out of range
[  261.212329][T15702] __nla_validate_parse: 5 callbacks suppressed
[  261.212339][T15702] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2844'.
[  261.226058][T15700] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2843'.
[  261.464408][T15709] netlink: 'syz.6.2848': attribute type 29 has an invalid length.
[  261.468152][T15709] netlink: 'syz.6.2848': attribute type 29 has an invalid length.
[  261.586886][T15716] comedi comedi3: adq12b: I/O base address or length out of range
[  261.774670][T15728] 
[  261.775460][T15728] ======================================================
[  261.777528][T15728] WARNING: possible circular locking dependency detected
[  261.779647][T15728] syzkaller #0 Tainted: G             L     
[  261.781609][T15728] ------------------------------------------------------
[  261.783895][T15728] syz.5.2855/15728 is trying to acquire lock:
[  261.786200][T15728] ffffffff8e9b18c0 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_node_track_caller_noprof+0xb5/0x850
[  261.789357][T15728] 
[  261.789357][T15728] but task is already holding lock:
[  261.791662][T15728] ffffffff8e97f240 (slab_mutex){+.+.}-{4:4}, at: __kmem_cache_create_args+0x44/0x420
[  261.794580][T15728] 
[  261.794580][T15728] which lock already depends on the new lock.
[  261.794580][T15728] 
[  261.797813][T15728] 
[  261.797813][T15728] the existing dependency chain (in reverse order) is:
[  261.800756][T15728] 
[  261.800756][T15728] -> #8 (slab_mutex){+.+.}-{4:4}:
SYZFAIL: failed to recv rpc
[  261.803057][T15728]        __mutex_lock+0x1a4/0x1b10
[  261.804790][T15728]        kmem_cache_destroy+0x59/0x180
[  261.806516][T15728]        p9_client_destroy+0x20c/0x3a0
[  261.808255][T15728]        v9fs_session_close+0x49/0x2d0
[  261.809968][T15728]        v9fs_kill_super+0x4d/0xa0
[  261.811600][T15728]        deactivate_locked_super+0xc1/0x1b0
[  261.813479][T15728]        deactivate_super+0xe7/0x110
[  261.815181][T15728]        cleanup_mnt+0x21f/0x450
[  261.816792][T15728]        task_work_run+0x150/0x240
[  261.818410][T15728]        exit_to_user_mode_loop+0x107/0x4f0
[  261.820226][T15728]        do_syscall_64+0x706/0xf80
[  261.821802][T15728]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.823832][T15728] 
[  261.823832][T15728] -> #7 (cpu_hotplug_lock){++++}-{0:0}:
[  261.826246][T15728]        cpus_read_lock+0x42/0x170
[  261.827879][T15728]        static_key_slow_inc+0x12/0x30
[  261.829586][T15728]        fl_create+0x7fb/0xd10
[  261.831065][T15728]        ipv6_flowlabel_opt+0x519/0x2d40
[  261.832743][T15728]        do_ipv6_setsockopt+0x1b80/0x44b0
[  261.834471][T15728]        ipv6_setsockopt+0xcb/0x170
[  261.836027][T15728]        sctp_setsockopt+0x161/0xb370
[  261.837637][T15728]        do_sock_setsockopt+0xf3/0x1d0
[  261.839236][T15728]        __sys_setsockopt+0x195/0x220
[  261.840866][T15728]        __x64_sys_setsockopt+0xbd/0x160
[  261.842543][T15728]        do_syscall_64+0x10b/0xf80
[  261.844192][T15728]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.846148][T15728] 
[  261.846148][T15728] -> #6 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  261.848509][T15728]        lock_sock_nested+0x41/0xf0
[  261.850305][T15728]        inet_shutdown+0x67/0x410
[  261.852193][T15728]        nbd_mark_nsock_dead+0xae/0x5c0
[  261.853955][T15728]        recv_work+0x5fb/0x8c0
[  261.855460][T15728]        process_one_work+0xa0e/0x1980
[  261.857129][T15728]        worker_thread+0x5ef/0xe50
[  261.858709][T15728]        kthread+0x370/0x450
[  261.860162][T15728]        ret_from_fork+0x72b/0xd50
[  261.861748][T15728]        ret_from_fork_asm+0x1a/0x30
[  261.863613][T15728] 
[  261.863613][T15728] -> #5 (&nsock->tx_lock){+.+.}-{4:4}:
[  261.866173][T15728]        __mutex_lock+0x1a4/0x1b10
[  261.867879][T15728]        nbd_queue_rq+0x428/0x1080
[  261.869490][T15728]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  261.871386][T15728]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  261.873489][T15728]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  261.875511][T15728]        blk_mq_run_hw_queue+0x23c/0x670
[  261.877272][T15728]        blk_mq_dispatch_list+0x51d/0x1360
[  261.879058][T15728]        blk_mq_flush_plug_list+0x130/0x600
[  261.880881][T15728]        __blk_flush_plug+0x2c4/0x4b0
[  261.882536][T15728]        __submit_bio+0x584/0x6c0
[  261.884102][T15728]        submit_bio_noacct_nocheck+0x543/0xbf0
[  261.886007][T15728]        submit_bio_noacct+0xd18/0x2000
[  261.887730][T15728]        submit_bh_wbc+0x681/0x890
[  261.889298][T15728]        block_read_full_folio+0x264/0x8e0
[  261.891088][T15728]        filemap_read_folio+0xfc/0x3b0
[  261.892771][T15728]        do_read_cache_folio+0x2d7/0x6b0
[  261.894498][T15728]        read_part_sector+0xd1/0x370
[  261.896118][T15728]        adfspart_check_ICS+0x91/0x7d0
[  261.897821][T15728]        bdev_disk_changed+0x7a3/0x1250
[  261.899513][T15728]        blkdev_get_whole+0x187/0x290
[  261.901140][T15728]        bdev_open+0x2c7/0xe40
[  261.902609][T15728]        blkdev_open+0x34e/0x4f0
[  261.904193][T15728]        do_dentry_open+0x6d8/0x1660
[  261.905830][T15728]        vfs_open+0x82/0x3f0
[  261.907276][T15728]        path_openat+0x208c/0x31a0
[  261.908851][T15728]        do_file_open+0x20e/0x430
[  261.910377][T15728]        do_sys_openat2+0x10d/0x1e0
[  261.911980][T15728]        __x64_sys_openat+0x12d/0x210
[  261.913652][T15728]        do_syscall_64+0x10b/0xf80
[  261.915273][T15728]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.917309][T15728] 
[  261.917309][T15728] -> #4 (&cmd->lock){+.+.}-{4:4}:
[  261.919470][T15728]        __mutex_lock+0x1a4/0x1b10
[  261.921082][T15728]        nbd_queue_rq+0xba/0x1080
[  261.922623][T15728]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  261.924508][T15728]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  261.926660][T15728]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  261.928638][T15728]        blk_mq_run_hw_queue+0x23c/0x670
[  261.930346][T15728]        blk_mq_dispatch_list+0x51d/0x1360
[  261.932183][T15728]        blk_mq_flush_plug_list+0x130/0x600
[  261.934058][T15728]        __blk_flush_plug+0x2c4/0x4b0
[  261.935772][T15728]        __submit_bio+0x584/0x6c0
[  261.937398][T15728]        submit_bio_noacct_nocheck+0x543/0xbf0
[  261.939362][T15728]        submit_bio_noacct+0xd18/0x2000
[  261.941107][T15728]        submit_bh_wbc+0x681/0x890
[  261.942727][T15728]        block_read_full_folio+0x264/0x8e0
[  261.944594][T15728]        filemap_read_folio+0xfc/0x3b0
[  261.946334][T15728]        do_read_cache_folio+0x2d7/0x6b0
[  261.948144][T15728]        read_part_sector+0xd1/0x370
[  261.949816][T15728]        adfspart_check_ICS+0x91/0x7d0
[  261.951554][T15728]        bdev_disk_changed+0x7a3/0x1250
[  261.953312][T15728]        blkdev_get_whole+0x187/0x290
[  261.955011][T15728]        bdev_open+0x2c7/0xe40
[  261.956584][T15728]        blkdev_open+0x34e/0x4f0
[  261.958190][T15728]        do_dentry_open+0x6d8/0x1660
[  261.960056][T15728]        vfs_open+0x82/0x3f0
[  261.961930][T15728]        path_openat+0x208c/0x31a0
[  261.963523][T15728]        do_file_open+0x20e/0x430
[  261.965094][T15728]        do_sys_openat2+0x10d/0x1e0
[  261.966772][T15728]        __x64_sys_openat+0x12d/0x210
[  261.968473][T15728]        do_syscall_64+0x10b/0xf80
[  261.970094][T15728]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.972110][T15728] 
[  261.972110][T15728] -> #3 (set->srcu){.+.+}-{0:0}:
[  261.974335][T15728]        __synchronize_srcu+0xa2/0x300
[  261.976061][T15728]        blk_mq_quiesce_queue+0x149/0x1c0
[  261.977866][T15728]        elevator_switch+0x17b/0x7e0
[  261.979547][T15728]        elevator_change+0x352/0x530
[  261.981211][T15728]        elevator_set_default+0x29e/0x360
[  261.983020][T15728]        blk_register_queue+0x48e/0x630
[  261.984770][T15728]        __add_disk+0x73f/0xe40
[  261.986321][T15728]        add_disk_fwnode+0x118/0x5c0
[  261.988013][T15728]        nbd_dev_add+0x77a/0xb10
[  261.989609][T15728]        nbd_init+0x291/0x2b0
[  261.991108][T15728]        do_one_initcall+0x121/0x750
[  261.993094][T15728]        kernel_init_freeable+0x6ea/0x7b0
[  261.994983][T15728]        kernel_init+0x1f/0x1e0
[  261.996552][T15728]        ret_from_fork+0x72b/0xd50
[  261.998137][T15728]        ret_from_fork_asm+0x1a/0x30
[  261.999815][T15728] 
[  261.999815][T15728] -> #2 (&q->elevator_lock){+.+.}-{4:4}:
[  262.002249][T15728]        __mutex_lock+0x1a4/0x1b10
[  262.003900][T15728]        elevator_change+0x1bc/0x530
[  262.005585][T15728]        elevator_set_none+0x92/0xf0
[  262.007255][T15728]        blk_mq_update_nr_hw_queues+0x4c1/0x15f0
[  262.009261][T15728]        nbd_start_device+0x1a6/0xbd0
[  262.010949][T15728]        nbd_genl_connect+0xff2/0x1a40
[  262.012670][T15728]        genl_family_rcv_msg_doit+0x214/0x300
[  262.014585][T15728]        genl_rcv_msg+0x560/0x800
[  262.016195][T15728]        netlink_rcv_skb+0x159/0x420
[  262.017862][T15728]        genl_rcv+0x28/0x40
[  262.019314][T15728]        netlink_unicast+0x585/0x850
[  262.020784][T15728]        netlink_sendmsg+0x8b0/0xda0
[  262.022415][T15728]        ____sys_sendmsg+0x9e1/0xb70
[  262.024046][T15728]        ___sys_sendmsg+0x190/0x1e0
[  262.025666][T15728]        __sys_sendmsg+0x170/0x220
[  262.027221][T15728]        do_syscall_64+0x10b/0xf80
[  262.028768][T15728]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.030633][T15728] 
[  262.030633][T15728] -> #1 (&q->q_usage_counter(io)#51){++++}-{0:0}:
[  262.033330][T15728]        blk_alloc_queue+0x610/0x790
[  262.035005][T15728]        blk_mq_alloc_queue+0x174/0x290
[  262.036763][T15728]        __blk_mq_alloc_disk+0x29/0x120
[  262.038494][T15728]        nbd_dev_add+0x492/0xb10
[  262.040078][T15728]        nbd_init+0x291/0x2b0
[  262.041567][T15728]        do_one_initcall+0x121/0x750
[  262.043250][T15728]        kernel_init_freeable+0x6ea/0x7b0
[  262.045073][T15728]        kernel_init+0x1f/0x1e0
[  262.046645][T15728]        ret_from_fork+0x72b/0xd50
[  262.048266][T15728]        ret_from_fork_asm+0x1a/0x30
[  262.049927][T15728] 
[  262.049927][T15728] -> #0 (fs_reclaim){+.+.}-{0:0}:
[  262.052226][T15728]        __lock_acquire+0x14b8/0x2630
[  262.053965][T15728]        lock_acquire+0x1b1/0x370
[  262.055572][T15728]        fs_reclaim_acquire+0xc4/0x100
[  262.057352][T15728]        __kmalloc_node_track_caller_noprof+0xb5/0x850
[  262.059632][T15728]        kstrdup+0x51/0xe0
[  262.061038][T15728]        kstrdup_const+0x63/0x80
[  262.062597][T15728]        __kmem_cache_create_args+0x118/0x420
[  262.064541][T15728]        bioset_init+0x5ee/0x8a0
[  262.066125][T15728]        mddev_init+0x17c/0x820
[  262.067676][T15728]        md_alloc+0xc7/0x10a0
[  262.069230][T15728]        md_probe+0x73/0xf0
[  262.070685][T15728]        blk_probe_dev+0x149/0x1e0
[  262.072307][T15728]        blk_request_module+0x16/0xc0
[  262.074026][T15728]        blkdev_get_no_open+0x9b/0xf0
[  262.075730][T15728]        bdev_file_open_by_dev+0x70/0x210
[  262.077546][T15728]        swsusp_check+0x72/0x470
[  262.079055][T15728]        software_resume+0x6f/0x330
[  262.080655][T15728]        resume_store+0x248/0x460
[  262.082440][T15728]        kobj_attr_store+0x58/0x80
[  262.084172][T15728]        sysfs_kf_write+0xf2/0x150
[  262.085795][T15728]        kernfs_fop_write_iter+0x3e0/0x5f0
[  262.088046][T15728]        vfs_write+0x6ac/0x1070
[  262.090097][T15728]        ksys_write+0x12a/0x250
[  262.092113][T15728]        do_syscall_64+0x10b/0xf80
[  262.094261][T15728]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.096951][T15728] 
[  262.096951][T15728] other info that might help us debug this:
[  262.096951][T15728] 
[  262.101159][T15728] Chain exists of:
[  262.101159][T15728]   fs_reclaim --> cpu_hotplug_lock --> slab_mutex
[  262.101159][T15728] 
[  262.105352][T15728]  Possible unsafe locking scenario:
[  262.105352][T15728] 
[  262.107797][T15728]        CPU0                    CPU1
[  262.109510][T15728]        ----                    ----
[  262.111188][T15728]   lock(slab_mutex);
[  262.112471][T15728]                                lock(cpu_hotplug_lock);
[  262.114652][T15728]                                lock(slab_mutex);
[  262.116751][T15728]   lock(fs_reclaim);
[  262.118411][T15728] 
[  262.118411][T15728]  *** DEADLOCK ***
[  262.118411][T15728] 
[  262.121729][T15728] 9 locks held by syz.5.2855/15728:
[  262.123829][T15728]  #0: ffff8880311a8d30 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380
[  262.127430][T15728]  #1: ffff888027f5a410 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  262.130341][T15728]  #2: ffff88805c3f2c80 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  262.133464][T15728]  #3: ffff88801c390878 (kn->active#84){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  262.136615][T15728]  #4: ffffffff8e6a2140 (system_transition_mutex){+.+.}-{4:4}, at: software_resume+0x65/0x330
[  262.140018][T15728]  #5: ffffffff8f3108a0 (major_names_lock){+.+.}-{4:4}, at: blk_probe_dev+0x28/0x1e0
[  262.143011][T15728]  #6: ffffffff9015a8e0 (disks_mutex){+.+.}-{4:4}, at: md_alloc+0x3e/0x10a0
[  262.145814][T15728]  #7: ffffffff8f2f7600 (bio_slab_lock){+.+.}-{4:4}, at: bioset_init+0x2ad/0x8a0
[  262.149350][T15728]  #8: ffffffff8e97f240 (slab_mutex){+.+.}-{4:4}, at: __kmem_cache_create_args+0x44/0x420
[  262.152931][T15728] 
[  262.152931][T15728] stack backtrace:
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  262.154778][T15728] CPU: 3 UID: 0 PID: 15728 Comm: syz.5.2855 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  262.154795][T15728] Tainted: [L]=SOFTLOCKUP
[  262.154799][T15728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  262.154805][T15728] Call Trace:
[  262.154810][T15728]  <TASK>
[  262.154816][T15728]  dump_stack_lvl+0x100/0x190
[  262.154830][T15728]  print_circular_bug.cold+0x178/0x1c7
[  262.154848][T15728]  check_noncircular+0x146/0x160
[  262.154862][T15728]  __lock_acquire+0x14b8/0x2630
[  262.154877][T15728]  ? trace_contention_end+0x122/0x170
[  262.154893][T15728]  lock_acquire+0x1b1/0x370
[  262.154906][T15728]  ? __kmalloc_node_track_caller_noprof+0xb5/0x850
[  262.154925][T15728]  ? __pfx___mutex_lock+0x10/0x10
[  262.154940][T15728]  fs_reclaim_acquire+0xc4/0x100
[  262.154953][T15728]  ? __kmalloc_node_track_caller_noprof+0xb5/0x850
[  262.154970][T15728]  __kmalloc_node_track_caller_noprof+0xb5/0x850
[  262.154987][T15728]  ? kstrdup_const+0x63/0x80
[  262.154998][T15728]  kstrdup+0x51/0xe0
[  262.155008][T15728]  kstrdup_const+0x63/0x80
[  262.155017][T15728]  __kmem_cache_create_args+0x118/0x420
[  262.155034][T15728]  bioset_init+0x5ee/0x8a0
[  262.155047][T15728]  ? __pfx_bioset_init+0x10/0x10
[  262.155060][T15728]  ? kasan_save_track+0x14/0x30
[  262.155069][T15728]  ? __kasan_kmalloc+0xaa/0xb0
[  262.155085][T15728]  ? percpu_ref_init+0x244/0x3f0
[  262.155099][T15728]  mddev_init+0x17c/0x820
[  262.155110][T15728]  md_alloc+0xc7/0x10a0
[  262.155125][T15728]  md_probe+0x73/0xf0
[  262.155139][T15728]  ? __pfx_md_probe+0x10/0x10
[  262.155159][T15728]  blk_probe_dev+0x149/0x1e0
[  262.155176][T15728]  blk_request_module+0x16/0xc0
[  262.155197][T15728]  blkdev_get_no_open+0x9b/0xf0
[  262.155225][T15728]  bdev_file_open_by_dev+0x70/0x210
[  262.155252][T15728]  swsusp_check+0x72/0x470
[  262.155292][T15728]  software_resume+0x6f/0x330
[  262.155317][T15728]  resume_store+0x248/0x460
[  262.155342][T15728]  ? __pfx_resume_store+0x10/0x10
[  262.155370][T15728]  ? find_held_lock+0x2b/0x80
[  262.155386][T15728]  ? sysfs_file_kobj+0xe4/0x290
[  262.155405][T15728]  ? sysfs_file_kobj+0xe4/0x290
[  262.155423][T15728]  ? __pfx_resume_store+0x10/0x10
[  262.155447][T15728]  kobj_attr_store+0x58/0x80
[  262.155472][T15728]  ? __pfx_kobj_attr_store+0x10/0x10
[  262.155500][T15728]  sysfs_kf_write+0xf2/0x150
[  262.155521][T15728]  kernfs_fop_write_iter+0x3e0/0x5f0
[  262.155552][T15728]  ? __pfx_sysfs_kf_write+0x10/0x10
[  262.155571][T15728]  vfs_write+0x6ac/0x1070
[  262.155590][T15728]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  262.155621][T15728]  ? __pfx_vfs_write+0x10/0x10
[  262.155647][T15728]  ksys_write+0x12a/0x250
[  262.155665][T15728]  ? __pfx_ksys_write+0x10/0x10
[  262.155684][T15728]  ? rcu_is_watching+0x12/0xc0
[  262.155713][T15728]  do_syscall_64+0x10b/0xf80
[  262.155735][T15728]  ? clear_bhb_loop+0x40/0x90
[  262.155756][T15728]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.155776][T15728] RIP: 0033:0x7f9b15d9cdd9
[  262.155793][T15728] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  262.155809][T15728] RSP: 002b:00007f9b16c23028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  262.155826][T15728] RAX: ffffffffffffffda RBX: 00007f9b16015fa0 RCX: 00007f9b15d9cdd9
[  262.155839][T15728] RDX: 0000000000000012 RSI: 0000200000000040 RDI: 0000000000000005
[  262.155849][T15728] RBP: 00007f9b15e32d69 R08: 0000000000000000 R09: 0000000000000000
[  262.155861][T15728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  262.155873][T15728] R13: 00007f9b16016038 R14: 00007f9b16015fa0 R15: 00007fff64515cc8
[  262.155888][T15728]  </TASK>
[  262.313742][T15728] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  262.317514][T15728] PM: Image not found (code -6)
[  262.669763][T10375] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  262.674460][T10375] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.818423][T10375] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  262.821702][T10375] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.988664][T10375] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  262.991983][T10375] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.149387][T10375] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  263.153571][T10375] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.335844][   T40] kauditd_printk_skb: 914 callbacks suppressed
[  263.335854][   T40] audit: type=1400 audit(1778397070.724:14108): avc:  denied  { read } for  pid=5440 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  263.349717][   T40] audit: type=1400 audit(1778397070.744:14109): avc:  denied  { read } for  pid=5440 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  263.356811][   T40] audit: type=1400 audit(1778397070.744:14110): avc:  denied  { search } for  pid=5440 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  263.363997][   T40] audit: type=1400 audit(1778397070.744:14111): avc:  denied  { search } for  pid=5440 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  263.373177][   T40] audit: type=1400 audit(1778397070.744:14112): avc:  denied  { search } for  pid=5440 comm="dhcpcd" name="data" dev="tmpfs" ino=13 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  263.381083][   T40] audit: type=1400 audit(1778397070.744:14113): avc:  denied  { read } for  pid=5440 comm="dhcpcd" name="n51" dev="tmpfs" ino=11720 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  263.390121][   T40] audit: type=1400 audit(1778397070.744:14114): avc:  denied  { read open } for  pid=5440 comm="dhcpcd" path="/run/udev/data/n51" dev="tmpfs" ino=11720 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  263.399350][   T40] audit: type=1400 audit(1778397070.744:14115): avc:  denied  { getattr } for  pid=5440 comm="dhcpcd" path="/run/udev/data/n51" dev="tmpfs" ino=11720 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  263.406274][   T40] audit: type=1400 audit(1778397070.744:14116): avc:  denied  { read } for  pid=5440 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  263.413016][   T40] audit: type=1400 audit(1778397070.754:14117): avc:  denied  { read } for  pid=5440 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  263.687453][T10375] bridge_slave_1: left allmulticast mode
[  263.689478][T10375] bridge_slave_1: left promiscuous mode
[  263.691419][T10375] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.694553][T10375] bridge_slave_0: left allmulticast mode
[  263.696396][T10375] bridge_slave_0: left promiscuous mode
[  263.698607][T10375] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.874101][T10375] bond2 (unregistering): (slave geneve2): Releasing active interface
[  264.039186][T10375] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  264.068629][T10375] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  264.107975][T10375] bond0 (unregistering): Released all slaves
[  264.113063][T10375] bond1 (unregistering): Released all slaves
[  264.119688][T10375] bond2 (unregistering): Released all slaves
[  264.189324][T10375] tipc: Left network mode
[  264.432849][ T5440] 8021q: adding VLAN 0 to HW filter on device eth10
[  264.685383][T10375] hsr_slave_0: left promiscuous mode
[  264.688507][T10375] hsr_slave_1: left promiscuous mode
[  264.691059][T10375] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  264.694021][T10375] batman_adv: batadv0: Removing interface: batadv_slave_0
[  264.697530][T10375] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  264.700481][T10375] batman_adv: batadv0: Removing interface: batadv_slave_1
[  264.706915][T10375] veth1_macvtap: left promiscuous mode
[  264.709305][T10375] veth0_macvtap: left promiscuous mode
[  264.711607][T10375] veth1_vlan: left promiscuous mode
[  264.713740][T10375] veth0_vlan: left promiscuous mode
[  264.819724][T10375] team0 (unregistering): Port device team_slave_1 removed
[  264.828461][T10375] team0 (unregistering): Port device team_slave_0 removed
[  264.877020][ T5440] 8021q: adding VLAN 0 to HW filter on device eth12
[  265.271482][ T5440] 8021q: adding VLAN 0 to HW filter on device eth11
[  265.547621][ T5440] 8021q: adding VLAN 0 to HW filter on device eth13
[  265.559690][T10375] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  265.563120][T10375] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.690376][T10375] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  265.694706][T10375] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.820497][T10375] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  265.824077][T10375] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.919791][T10375] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  265.924064][T10375] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.464091][T10375] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  266.508850][T10375] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  266.548057][T10375] bond0 (unregistering): Released all slaves
[  266.893979][ T5440] 8021q: adding VLAN 0 to HW filter on device eth15
[  267.329323][ T5440] 8021q: adding VLAN 0 to HW filter on device eth14
[  267.335411][T10375] hsr_slave_0: left promiscuous mode
[  267.341154][T10375] hsr_slave_1: left promiscuous mode
[  267.343432][T10375] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  267.345782][T10375] batman_adv: batadv0: Removing interface: batadv_slave_0
[  267.348717][T10375] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  267.351880][T10375] batman_adv: batadv0: Removing interface: batadv_slave_1
[  267.358968][T10375] veth1_macvtap: left promiscuous mode
[  267.361227][T10375] veth0_macvtap: left promiscuous mode
[  267.363562][T10375] veth1_vlan: left promiscuous mode
[  267.365723][T10375] veth0_vlan: left promiscuous mode
[  267.476264][T10375] team0 (unregistering): Port device team_slave_1 removed
[  267.483328][T10375] team0 (unregistering): Port device team_slave_0 removed
[  267.918430][ T5440] 8021q: adding VLAN 0 to HW filter on device eth16
[  268.276910][ T5440] 8021q: adding VLAN 0 to HW filter on device eth17
[  268.375514][   T40] kauditd_printk_skb: 3431 callbacks suppressed
[  268.375527][   T40] audit: type=1400 audit(1778397075.764:17549): avc:  denied  { search } for  pid=15791 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  268.408790][   T40] audit: type=1400 audit(1778397075.804:17550): avc:  denied  { search } for  pid=15792 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  268.441686][   T40] audit: type=1400 audit(1778397075.834:17551): avc:  denied  { search } for  pid=15793 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  270.993603][ T5138] udevd[5138]: worker [5732] /devices/virtual/block/nbd0 is taking a long time