last executing test programs:

3m55.209352614s ago: executing program 1 (id=144):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1e3)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @mcast2, 0x7}, 0x1c)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000000080), 0x44d41, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0xfd, 0x7fff0003}]})
close_range(r1, r2, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000100), 0x4)
r3 = fcntl$dupfd(r0, 0x406, r0)
accept$ax25(r0, &(0x7f0000000100)={{0x3, @default}, [@null, @null, @rose, @null, @remote, @netrom, @default, @default]}, 0x0)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$SIOCX25GSUBSCRIP(r3, 0x89e0, &(0x7f0000000180)={'team_slave_0\x00', 0x2, 0x2})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800000, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x1842, 0x136)
umount2(&(0x7f00000001c0)='./file0\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x109c8930a5b7b88e)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
mount$overlay(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000440), 0x330429, &(0x7f0000000380)={[{@redirect_dir_off}, {@lowerdir={'lowerdir', 0x3d, './file0/file0'}}, {@default_permissions}], [{@smackfstransmute={'smackfstransmute', 0x3d, '(&['}}]})
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
setsockopt$sock_int(r5, 0x1, 0x31, &(0x7f0000000300), 0x4)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0xe22, 0x0, @empty, 0x80002}, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc018937e, &(0x7f0000000140)={{0x1, 0x1, 0xfffffffffffffe9b, r4}, './file0\x00'})
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x8000, 0x1b6)
r8 = fanotify_init(0x200, 0x2)
fanotify_mark(r8, 0x441, 0x8000022, r7, 0x0)
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0)
fcntl$notify(r9, 0x402, 0x1a)

3m55.109337776s ago: executing program 1 (id=147):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @rand_addr=0x64010100}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
sendmmsg$unix(r1, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="c6", 0x1}], 0x1, 0x0, 0x0, 0x20048054}}], 0x1, 0x8800)
sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r2, 0x5411, &(0x7f0000000000)=@bcast)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_recovery\x00', 0x1, 0x0)
sendfile(r4, r3, &(0x7f0000002080)=0x3a, 0x2)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r5, 0xc0f85403, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x1}, 0x8)
close(r1)

3m54.830604866s ago: executing program 1 (id=156):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000000c0)='source', &(0x7f00000001c0)='source', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0x9, &(0x7f0000000140)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6385}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r5 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0xe82)
ioctl$FE_SET_PROPERTY(r5, 0x40106f52, &(0x7f00000000c0)={0x29, &(0x7f0000000240)=[{0x9, '\x00', @data=0x800, 0x5}]})
r6 = socket$inet_udp(0x2, 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r7, &(0x7f0000000440), &(0x7f0000000040)=@udp=r6}, 0x20)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r8=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r11=>0x0})
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r9}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[{@version_9p2000}, {@loose}, {@version_u}, {@access_client}, {@access_any}, {@mmap}, {@access_uid={'access', 0x3d, r11}}], [{@subj_type={'subj_type', 0x3d, '\x00'}}, {@audit}, {@uid_eq={'uid', 0x3d, r11}}]}})
r12 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r12, 0x0, 0x4, &(0x7f0000000140)="441f08d600270bee724ef54e91eeffbe1e68d5040d73161feeb0f24cb1", 0x1d)
write$P9_RVERSION(r10, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff060002000800395032303030"], 0x15)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r3, @ANYBLOB="0800a0009e09000008009f000400000008002600800900000800a10005"], 0x3c}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', <r13=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r13})

3m53.770919863s ago: executing program 1 (id=167):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000000000), 0x2181c0, 0x0)
close(r1)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cpuinfo\x00', 0x0, 0x0)
accept4$llc(r2, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000180)=0x10, 0x0)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x0, 0x2, 0x4}}, 0x26)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000005c0), 0xffffffffffffffff)
r4 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x8000000000000000, 0x2)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000000c40)=ANY=[], 0x8)
getsockopt$inet6_opts(r5, 0x29, 0x36, 0xffffffffffffffff, &(0x7f00000000c0))
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000000)={0xf0f03e, 0x1})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000f80)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000cbd70100400000005000000080009000200000008000c00a80a000008000b000000000006000100070000000c000f0005000000000000003e"], 0x40}, 0x1, 0x0, 0x0, 0x40811}, 0x20)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r7, &(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x32)
sendmmsg(r7, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0)

3m53.770170561s ago: executing program 1 (id=168):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x44043, 0xfffffffe, 0x3, 0x3}, 0x3c)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x8})
syz_open_dev$dvb_frontend(&(0x7f00000001c0), 0x2, 0x4000)
keyctl$instantiate(0xc, 0x0, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r2, @ANYRESOCT=r2], 0x2a, 0x0)
setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000000)=0x2, 0x4)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)

3m53.691703236s ago: executing program 1 (id=169):
close(0xffffffffffffffff)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@newtfilter={0x43c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x40c, 0x2, [@TCA_FLOW_POLICE={0x408, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0xffffffff, 0xda, 0x3, 0x0, 0x2a, 0x100, 0x73d, 0x3509, 0x3, 0x10000, 0x7, 0x1000, 0x9, 0x3, 0x3, 0x882e, 0x8, 0x8, 0x2, 0x9, 0xfffffffb, 0x2, 0x6, 0x80000000, 0x400, 0x9, 0xffff, 0x7a, 0x5, 0x7, 0x7fff, 0xffffff40, 0x9, 0x6, 0x8, 0x2, 0x57, 0x0, 0x4, 0x7fff, 0x9, 0xfffffffb, 0x2, 0xcf9f, 0x0, 0x1, 0x8, 0x1, 0x5, 0xfffffff9, 0xd5, 0x80000001, 0x6, 0x4, 0x9, 0x8, 0xfffffffd, 0x15, 0x7, 0xc, 0x8, 0x4, 0x3, 0xfffffe00, 0x7, 0x3, 0x800, 0x1, 0x4, 0x2, 0x1, 0x1, 0x801e, 0x7, 0x4, 0x0, 0x8, 0x5, 0x8001, 0x5, 0x1, 0x1000, 0x9, 0x3, 0x7ff, 0xd0, 0x8, 0x0, 0x3, 0x1, 0x9, 0xe, 0x7fff, 0xfffffff8, 0x7, 0x0, 0xb1, 0x3, 0xffffff44, 0x1, 0x8, 0xf, 0x6, 0x556, 0x1, 0x2c, 0x5, 0x80000001, 0x1, 0x0, 0xffffff00, 0x3, 0x2, 0x7, 0x9, 0x1c00, 0x5, 0xa2, 0x3, 0x8, 0x0, 0x5, 0x8001, 0xbfffffff, 0x7, 0x80, 0x7, 0x0, 0x743, 0x5, 0x3, 0x7, 0x200, 0x5, 0x0, 0x8, 0x3, 0x100, 0x2, 0x8, 0x1, 0x1, 0x8, 0xe, 0x5, 0x6, 0x4, 0x7ff, 0x5, 0xfffffffe, 0x7, 0xf80, 0x7, 0x5a, 0x2302, 0xffff, 0x3ff, 0x2, 0x5, 0x1, 0x6, 0x3, 0x401, 0x10001, 0x512d, 0x1, 0xe, 0x2, 0xa3c0, 0x4, 0x8000, 0x10001, 0x15a, 0x6, 0x120000, 0x9, 0x7fffffff, 0x7, 0x9, 0x80000004, 0x5, 0x7e9, 0x48, 0x9, 0x3, 0x0, 0x5, 0x6, 0xf, 0xff, 0xd, 0x6, 0x9, 0x0, 0x200, 0x9, 0xff, 0x4, 0x7, 0x7, 0x8, 0x4, 0x56, 0x4a82, 0xffff0000, 0x7ff, 0x3e1, 0x6, 0x80000000, 0x4c0, 0x5, 0xa, 0x6, 0x2, 0x6, 0x8, 0x48, 0x1a, 0x2000000, 0x1ff, 0x844, 0x6, 0x3ff, 0x2, 0x100, 0x6, 0xffffffff, 0x200, 0xc26, 0x4, 0x5, 0x1, 0x7fff, 0xf, 0x401, 0x401, 0x4, 0x7, 0x3565, 0x2, 0x4, 0xebf, 0x9, 0x1000, 0x3, 0x71f, 0x2, 0x7, 0x6e8, 0x8, 0x0, 0x80000000, 0x6, 0x9, 0x2]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x2004c890}, 0x2000c800)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000340)={0x8, {{0x2, 0x8000, @multicast2}}, {{0x2, 0x0, @multicast2}}}, 0x108)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
getsockopt$inet_buf(r1, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1)
r2 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000008240), 0x1, 0x0)
write$binfmt_register(r2, &(0x7f0000008280)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x38, 0x3a, 'system_u:object_r:dlm_control_device_t:s0', 0x3a, 'system_u:object_r:dlm_control_device_t:s0', 0x3a, './file0'}, 0x79)
sendto$inet6(r0, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c200a0000000d0085a168d0bf46d32345653600648d0a00050002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000000000800010015000800050025000000000008000400000000000c002e"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x40004)
close(0xffffffffffffffff) (async)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@newtfilter={0x43c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x40c, 0x2, [@TCA_FLOW_POLICE={0x408, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0xffffffff, 0xda, 0x3, 0x0, 0x2a, 0x100, 0x73d, 0x3509, 0x3, 0x10000, 0x7, 0x1000, 0x9, 0x3, 0x3, 0x882e, 0x8, 0x8, 0x2, 0x9, 0xfffffffb, 0x2, 0x6, 0x80000000, 0x400, 0x9, 0xffff, 0x7a, 0x5, 0x7, 0x7fff, 0xffffff40, 0x9, 0x6, 0x8, 0x2, 0x57, 0x0, 0x4, 0x7fff, 0x9, 0xfffffffb, 0x2, 0xcf9f, 0x0, 0x1, 0x8, 0x1, 0x5, 0xfffffff9, 0xd5, 0x80000001, 0x6, 0x4, 0x9, 0x8, 0xfffffffd, 0x15, 0x7, 0xc, 0x8, 0x4, 0x3, 0xfffffe00, 0x7, 0x3, 0x800, 0x1, 0x4, 0x2, 0x1, 0x1, 0x801e, 0x7, 0x4, 0x0, 0x8, 0x5, 0x8001, 0x5, 0x1, 0x1000, 0x9, 0x3, 0x7ff, 0xd0, 0x8, 0x0, 0x3, 0x1, 0x9, 0xe, 0x7fff, 0xfffffff8, 0x7, 0x0, 0xb1, 0x3, 0xffffff44, 0x1, 0x8, 0xf, 0x6, 0x556, 0x1, 0x2c, 0x5, 0x80000001, 0x1, 0x0, 0xffffff00, 0x3, 0x2, 0x7, 0x9, 0x1c00, 0x5, 0xa2, 0x3, 0x8, 0x0, 0x5, 0x8001, 0xbfffffff, 0x7, 0x80, 0x7, 0x0, 0x743, 0x5, 0x3, 0x7, 0x200, 0x5, 0x0, 0x8, 0x3, 0x100, 0x2, 0x8, 0x1, 0x1, 0x8, 0xe, 0x5, 0x6, 0x4, 0x7ff, 0x5, 0xfffffffe, 0x7, 0xf80, 0x7, 0x5a, 0x2302, 0xffff, 0x3ff, 0x2, 0x5, 0x1, 0x6, 0x3, 0x401, 0x10001, 0x512d, 0x1, 0xe, 0x2, 0xa3c0, 0x4, 0x8000, 0x10001, 0x15a, 0x6, 0x120000, 0x9, 0x7fffffff, 0x7, 0x9, 0x80000004, 0x5, 0x7e9, 0x48, 0x9, 0x3, 0x0, 0x5, 0x6, 0xf, 0xff, 0xd, 0x6, 0x9, 0x0, 0x200, 0x9, 0xff, 0x4, 0x7, 0x7, 0x8, 0x4, 0x56, 0x4a82, 0xffff0000, 0x7ff, 0x3e1, 0x6, 0x80000000, 0x4c0, 0x5, 0xa, 0x6, 0x2, 0x6, 0x8, 0x48, 0x1a, 0x2000000, 0x1ff, 0x844, 0x6, 0x3ff, 0x2, 0x100, 0x6, 0xffffffff, 0x200, 0xc26, 0x4, 0x5, 0x1, 0x7fff, 0xf, 0x401, 0x401, 0x4, 0x7, 0x3565, 0x2, 0x4, 0xebf, 0x9, 0x1000, 0x3, 0x71f, 0x2, 0x7, 0x6e8, 0x8, 0x0, 0x80000000, 0x6, 0x9, 0x2]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x1}, 0x800) (async)
socket(0x10, 0x3, 0x0) (async)
socket$inet_udp(0x2, 0x2, 0x0) (async)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x2004c890}, 0x2000c800) (async)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000340)={0x8, {{0x2, 0x8000, @multicast2}}, {{0x2, 0x0, @multicast2}}}, 0x108) (async)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) (async)
getsockopt$inet_buf(r1, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1) (async)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000008240), 0x1, 0x0) (async)
write$binfmt_register(r2, &(0x7f0000008280)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x38, 0x3a, 'system_u:object_r:dlm_control_device_t:s0', 0x3a, 'system_u:object_r:dlm_control_device_t:s0', 0x3a, './file0'}, 0x79) (async)
sendto$inet6(r0, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c200a0000000d0085a168d0bf46d32345653600648d0a00050002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000000000800010015000800050025000000000008000400000000000c002e"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) (async)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x40004) (async)

3m38.369794789s ago: executing program 32 (id=169):
close(0xffffffffffffffff)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@newtfilter={0x43c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x40c, 0x2, [@TCA_FLOW_POLICE={0x408, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0xffffffff, 0xda, 0x3, 0x0, 0x2a, 0x100, 0x73d, 0x3509, 0x3, 0x10000, 0x7, 0x1000, 0x9, 0x3, 0x3, 0x882e, 0x8, 0x8, 0x2, 0x9, 0xfffffffb, 0x2, 0x6, 0x80000000, 0x400, 0x9, 0xffff, 0x7a, 0x5, 0x7, 0x7fff, 0xffffff40, 0x9, 0x6, 0x8, 0x2, 0x57, 0x0, 0x4, 0x7fff, 0x9, 0xfffffffb, 0x2, 0xcf9f, 0x0, 0x1, 0x8, 0x1, 0x5, 0xfffffff9, 0xd5, 0x80000001, 0x6, 0x4, 0x9, 0x8, 0xfffffffd, 0x15, 0x7, 0xc, 0x8, 0x4, 0x3, 0xfffffe00, 0x7, 0x3, 0x800, 0x1, 0x4, 0x2, 0x1, 0x1, 0x801e, 0x7, 0x4, 0x0, 0x8, 0x5, 0x8001, 0x5, 0x1, 0x1000, 0x9, 0x3, 0x7ff, 0xd0, 0x8, 0x0, 0x3, 0x1, 0x9, 0xe, 0x7fff, 0xfffffff8, 0x7, 0x0, 0xb1, 0x3, 0xffffff44, 0x1, 0x8, 0xf, 0x6, 0x556, 0x1, 0x2c, 0x5, 0x80000001, 0x1, 0x0, 0xffffff00, 0x3, 0x2, 0x7, 0x9, 0x1c00, 0x5, 0xa2, 0x3, 0x8, 0x0, 0x5, 0x8001, 0xbfffffff, 0x7, 0x80, 0x7, 0x0, 0x743, 0x5, 0x3, 0x7, 0x200, 0x5, 0x0, 0x8, 0x3, 0x100, 0x2, 0x8, 0x1, 0x1, 0x8, 0xe, 0x5, 0x6, 0x4, 0x7ff, 0x5, 0xfffffffe, 0x7, 0xf80, 0x7, 0x5a, 0x2302, 0xffff, 0x3ff, 0x2, 0x5, 0x1, 0x6, 0x3, 0x401, 0x10001, 0x512d, 0x1, 0xe, 0x2, 0xa3c0, 0x4, 0x8000, 0x10001, 0x15a, 0x6, 0x120000, 0x9, 0x7fffffff, 0x7, 0x9, 0x80000004, 0x5, 0x7e9, 0x48, 0x9, 0x3, 0x0, 0x5, 0x6, 0xf, 0xff, 0xd, 0x6, 0x9, 0x0, 0x200, 0x9, 0xff, 0x4, 0x7, 0x7, 0x8, 0x4, 0x56, 0x4a82, 0xffff0000, 0x7ff, 0x3e1, 0x6, 0x80000000, 0x4c0, 0x5, 0xa, 0x6, 0x2, 0x6, 0x8, 0x48, 0x1a, 0x2000000, 0x1ff, 0x844, 0x6, 0x3ff, 0x2, 0x100, 0x6, 0xffffffff, 0x200, 0xc26, 0x4, 0x5, 0x1, 0x7fff, 0xf, 0x401, 0x401, 0x4, 0x7, 0x3565, 0x2, 0x4, 0xebf, 0x9, 0x1000, 0x3, 0x71f, 0x2, 0x7, 0x6e8, 0x8, 0x0, 0x80000000, 0x6, 0x9, 0x2]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x2004c890}, 0x2000c800)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000340)={0x8, {{0x2, 0x8000, @multicast2}}, {{0x2, 0x0, @multicast2}}}, 0x108)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
getsockopt$inet_buf(r1, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1)
r2 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000008240), 0x1, 0x0)
write$binfmt_register(r2, &(0x7f0000008280)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x38, 0x3a, 'system_u:object_r:dlm_control_device_t:s0', 0x3a, 'system_u:object_r:dlm_control_device_t:s0', 0x3a, './file0'}, 0x79)
sendto$inet6(r0, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c200a0000000d0085a168d0bf46d32345653600648d0a00050002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000000000800010015000800050025000000000008000400000000000c002e"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x40004)
close(0xffffffffffffffff) (async)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@newtfilter={0x43c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x40c, 0x2, [@TCA_FLOW_POLICE={0x408, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0xffffffff, 0xda, 0x3, 0x0, 0x2a, 0x100, 0x73d, 0x3509, 0x3, 0x10000, 0x7, 0x1000, 0x9, 0x3, 0x3, 0x882e, 0x8, 0x8, 0x2, 0x9, 0xfffffffb, 0x2, 0x6, 0x80000000, 0x400, 0x9, 0xffff, 0x7a, 0x5, 0x7, 0x7fff, 0xffffff40, 0x9, 0x6, 0x8, 0x2, 0x57, 0x0, 0x4, 0x7fff, 0x9, 0xfffffffb, 0x2, 0xcf9f, 0x0, 0x1, 0x8, 0x1, 0x5, 0xfffffff9, 0xd5, 0x80000001, 0x6, 0x4, 0x9, 0x8, 0xfffffffd, 0x15, 0x7, 0xc, 0x8, 0x4, 0x3, 0xfffffe00, 0x7, 0x3, 0x800, 0x1, 0x4, 0x2, 0x1, 0x1, 0x801e, 0x7, 0x4, 0x0, 0x8, 0x5, 0x8001, 0x5, 0x1, 0x1000, 0x9, 0x3, 0x7ff, 0xd0, 0x8, 0x0, 0x3, 0x1, 0x9, 0xe, 0x7fff, 0xfffffff8, 0x7, 0x0, 0xb1, 0x3, 0xffffff44, 0x1, 0x8, 0xf, 0x6, 0x556, 0x1, 0x2c, 0x5, 0x80000001, 0x1, 0x0, 0xffffff00, 0x3, 0x2, 0x7, 0x9, 0x1c00, 0x5, 0xa2, 0x3, 0x8, 0x0, 0x5, 0x8001, 0xbfffffff, 0x7, 0x80, 0x7, 0x0, 0x743, 0x5, 0x3, 0x7, 0x200, 0x5, 0x0, 0x8, 0x3, 0x100, 0x2, 0x8, 0x1, 0x1, 0x8, 0xe, 0x5, 0x6, 0x4, 0x7ff, 0x5, 0xfffffffe, 0x7, 0xf80, 0x7, 0x5a, 0x2302, 0xffff, 0x3ff, 0x2, 0x5, 0x1, 0x6, 0x3, 0x401, 0x10001, 0x512d, 0x1, 0xe, 0x2, 0xa3c0, 0x4, 0x8000, 0x10001, 0x15a, 0x6, 0x120000, 0x9, 0x7fffffff, 0x7, 0x9, 0x80000004, 0x5, 0x7e9, 0x48, 0x9, 0x3, 0x0, 0x5, 0x6, 0xf, 0xff, 0xd, 0x6, 0x9, 0x0, 0x200, 0x9, 0xff, 0x4, 0x7, 0x7, 0x8, 0x4, 0x56, 0x4a82, 0xffff0000, 0x7ff, 0x3e1, 0x6, 0x80000000, 0x4c0, 0x5, 0xa, 0x6, 0x2, 0x6, 0x8, 0x48, 0x1a, 0x2000000, 0x1ff, 0x844, 0x6, 0x3ff, 0x2, 0x100, 0x6, 0xffffffff, 0x200, 0xc26, 0x4, 0x5, 0x1, 0x7fff, 0xf, 0x401, 0x401, 0x4, 0x7, 0x3565, 0x2, 0x4, 0xebf, 0x9, 0x1000, 0x3, 0x71f, 0x2, 0x7, 0x6e8, 0x8, 0x0, 0x80000000, 0x6, 0x9, 0x2]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x1}, 0x800) (async)
socket(0x10, 0x3, 0x0) (async)
socket$inet_udp(0x2, 0x2, 0x0) (async)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x2004c890}, 0x2000c800) (async)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000340)={0x8, {{0x2, 0x8000, @multicast2}}, {{0x2, 0x0, @multicast2}}}, 0x108) (async)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) (async)
getsockopt$inet_buf(r1, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1) (async)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000008240), 0x1, 0x0) (async)
write$binfmt_register(r2, &(0x7f0000008280)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x38, 0x3a, 'system_u:object_r:dlm_control_device_t:s0', 0x3a, 'system_u:object_r:dlm_control_device_t:s0', 0x3a, './file0'}, 0x79) (async)
sendto$inet6(r0, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c200a0000000d0085a168d0bf46d32345653600648d0a00050002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000000000800010015000800050025000000000008000400000000000c002e"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) (async)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x40004) (async)

33.049336489s ago: executing program 3 (id=3117):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x142, 0x0)
ioctl$TCXONC(r0, 0x540a, 0x2) (async)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000))
r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x2076)
ioctl$TCXONC(r1, 0x540a, 0x3) (async)
r2 = fsmount(0xffffffffffffffff, 0x1, 0xb)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000040)={0x20000000})

33.000444321s ago: executing program 3 (id=3119):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x140)
openat$cdrom(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000180)={0x53, 0x0, 0x6, 0xa, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000000)="1201b9000000", 0x0, 0x0, 0x1, 0x0, 0x0})

32.939983605s ago: executing program 3 (id=3122):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) (async, rerun: 64)
getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (rerun: 64)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000001000390400"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000964739031300001c0012800b000100697036747e6c00000c", @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0) (async)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0)

32.868224373s ago: executing program 3 (id=3123):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x161200, 0x0)
ioctl$TIOCGICOUNT(r0, 0x545d, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r1 = syz_open_procfs(0x0, &(0x7f0000000300)='net/dev_mcast\x00')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x4000, {0x2, 0x2}}]}}, 0x0, 0x32}, 0x28)
pread64(r1, &(0x7f0000000880)=""/4096, 0x1000, 0xa96)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x34, r3, 0x303, 0x4, 0x25dfdbfd, {0x3d}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x880}, 0x4000080)
ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000000)={0xa7})
r4 = syz_open_dev$loop(&(0x7f0000000100), 0x8000000000000003, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x4000)
setresuid(r6, r6, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00', &(0x7f0000000680), 0x4000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000008300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
getxattr(&(0x7f0000000c80)='./file0\x00', &(0x7f0000000cc0)=@known='system.posix_acl_default\x00', 0x0, 0x0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x3, 0x2000000000003]}})

32.867102182s ago: executing program 3 (id=3124):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pipe(&(0x7f0000019480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000300)=0x1, 0x4)
connect$inet(r2, &(0x7f00000006c0)={0x2, 0x0, @empty}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000900)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r2, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000600)='J', 0x1}, {&(0x7f0000000400)='Q', 0x1}, {&(0x7f0000000340)="01", 0x1}, {&(0x7f0000000980)="291226e3050000005a0463a2c1b6561c7febf3db377457ddb93a99c4d7200669771b9901ef4a0c13d4008f298ac42571fd3f1e1f6a6d36fe5cc385f9b083cb7241d4892aca78b8e96c6e2a95ca7813fd5808e62baa2b441c2a01e2a894cb4d2874d8d74fad046f55dcf1ca9884b398d215b4549cce100cfc15cf8cc5c8dc89f9b8a238a1d928c15280c4b8595e2f4785f686b11675ff123f5ed2ae028f3d45d49f3f1bc5e15447d380fbdb750255fa4a7c666cc78019fe09c4c6a32daf57c402bb652fd1672ff3e7328e09ee6ca3f177dbfdcb83c7ab9ebf20aa4151db235c065f7948a556555d91bddbcffa687788a8f204884d0814e59e7e5cd9c205df357b06bc53673d22f1dc2fb9c405a43a6925410db2d1444ccfdfbf476f81da140674d7e72880d1368f785a0ba28d9dcbe538e1d3b8de742401c6da228c99289e3134ea61b5a1752966c8857ccdc3dca12f3f945b9df24a9164de352884debbfcca54cf72131c5304e555638656af0256d672", 0x170}, {&(0x7f0000000140)="c9", 0x1}, {&(0x7f0000000440)="f554258baeffd82bb70c00000000000082a8ba009a6a6301860fab70db19175c81abc3bc85c0552c22a0ad3096557608ff3aaccbf776c91e7de3dfb66ea665c68ffaf4778fbbb55b825cc468d6c8485f1ea5bfece5159a98022c7adc17ba5ef2471917389261f51645b2d5d1ac82990d62402cbf1d97fa3e226471a16e314b9566f189e7a5f5db53fec88413ecbe454d925bf935978c236c12e381e3bb60b3421ab95b69d9", 0xa5}], 0x6}}], 0x1, 0x4004411)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x1, 0x3, 0x201, 0x0, 0x0, {0x3, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x7)
syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f00000000c0)="460f017038660ffab104000000659e0f6ec8b805000000b90b0000000f01d90f001b07c744240006000000c7442402c5842196c7442406000000000f011c2436430f3564420f01cfb805000000b9000001000fc77208460f01df", 0x5a}], 0x1, 0x45, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'hsr0\x00', <r8=>0x0})
r9 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r9, 0x0, 0x0, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r8, 0x1, 0xd8, 0x6, @remote}, 0x14)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

32.440358479s ago: executing program 3 (id=3130):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x2e288501978821b, 0x80)
r3 = dup3(r2, r1, 0x0)
recvmmsg$unix(r3, &(0x7f0000001280)=[{{0x0, 0xfffffffffffffda1, &(0x7f0000000200)=[{&(0x7f00000012c0)=""/4125, 0x100f}], 0x23}}], 0x1, 0x58cb02c3, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000340)="eed48fb8b0d61d5f9830aa2c22255979e144860b6e03788647f62dfc0168a9b14d1287fbde4cae482fb8f18b6751a37d4cf8c5ea810e46df99b3f00010ad7119402066e929c34af17b038f0062c040520103ebee5816cb46", 0x58}, {&(0x7f0000000100)="f085d9851d4f0995ed158e2876af743dba84663202082f495aa529febea6b5a16050eb2d9d5ad40aef9816afe4653b6b68d805ea1a506fb15c4b2ed97c25421daa6b2bfa067cdf4070b309d6f623e43a221bbbb153c790be30bb187509693fddb1342df3995f504a4ab4187b0fe217eb7219e91844e233357b7f157fb994f8e03fc9861021d109d2", 0x88}, {&(0x7f0000000240)="9e1d2e225603303977335eb0e43c829388c240e6e5a2b49a7c378a1a7cb989df8926319db82561efef915390ac22ed19069c188bd37aa2900795889f5e948dff2cbd2a52c3fb585bfe24b47cc8c09c6baa4f37d69da8427fa0a232124389c19cb07629371dc30c535807c73196a0a6137921460882ec8418c5133513369dffbf097e8b1229012917d6c08bf1190ea6c160e9478727a978c962df726809fbbc391e4443ed86ea19c9f264f99fdefaf854855a8cce31d510fa6bef9cb42e96fff579fa8318e6dd9b6c17aee53783c4074838d59eea75482d40fcf5", 0xda}], 0x3, 0x0, 0x0, 0x101d0}}], 0x400000000000042, 0x9200000000000000)

32.412372628s ago: executing program 33 (id=3130):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x2e288501978821b, 0x80)
r3 = dup3(r2, r1, 0x0)
recvmmsg$unix(r3, &(0x7f0000001280)=[{{0x0, 0xfffffffffffffda1, &(0x7f0000000200)=[{&(0x7f00000012c0)=""/4125, 0x100f}], 0x23}}], 0x1, 0x58cb02c3, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000340)="eed48fb8b0d61d5f9830aa2c22255979e144860b6e03788647f62dfc0168a9b14d1287fbde4cae482fb8f18b6751a37d4cf8c5ea810e46df99b3f00010ad7119402066e929c34af17b038f0062c040520103ebee5816cb46", 0x58}, {&(0x7f0000000100)="f085d9851d4f0995ed158e2876af743dba84663202082f495aa529febea6b5a16050eb2d9d5ad40aef9816afe4653b6b68d805ea1a506fb15c4b2ed97c25421daa6b2bfa067cdf4070b309d6f623e43a221bbbb153c790be30bb187509693fddb1342df3995f504a4ab4187b0fe217eb7219e91844e233357b7f157fb994f8e03fc9861021d109d2", 0x88}, {&(0x7f0000000240)="9e1d2e225603303977335eb0e43c829388c240e6e5a2b49a7c378a1a7cb989df8926319db82561efef915390ac22ed19069c188bd37aa2900795889f5e948dff2cbd2a52c3fb585bfe24b47cc8c09c6baa4f37d69da8427fa0a232124389c19cb07629371dc30c535807c73196a0a6137921460882ec8418c5133513369dffbf097e8b1229012917d6c08bf1190ea6c160e9478727a978c962df726809fbbc391e4443ed86ea19c9f264f99fdefaf854855a8cce31d510fa6bef9cb42e96fff579fa8318e6dd9b6c17aee53783c4074838d59eea75482d40fcf5", 0xda}], 0x3, 0x0, 0x0, 0x101d0}}], 0x400000000000042, 0x9200000000000000)

1.110330816s ago: executing program 5 (id=3758):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r1, &(0x7f00000017c0)=[{{&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180), 0x1}], 0x1}}, {{&(0x7f00000002c0)={0x2, 0x0, @private=0xa010102}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000100)="a7", 0x1}], 0x1e}}], 0x2, 0x0) (async)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000003c0)={r3, 0x0, 0x20}, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x74, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private2}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x74}}, 0x0) (async, rerun: 64)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000800), r5)
sendmsg$IEEE802154_ADD_IFACE(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000220000000a0001007770616e3000000005002000000004000500200000000000050020000000000009001f"], 0x44}, 0x1, 0x0, 0x0, 0x4044880}, 0x40040) (async)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000080)={0x101, 0x800d, 0x7, 0x0, r3}, &(0x7f0000000140)=0x10)

1.020312874s ago: executing program 5 (id=3761):
r0 = openat$pmem0(0xffffffffffffff9c, &(0x7f00000009c0), 0x44a082, 0x0)
prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000ffe000/0x2000)=nil)
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000000)=0x8416079)
writev(r0, &(0x7f0000000580)=[{&(0x7f0000000240)="df5dd52754ebdb30a705b6efabf5571253d8ee9a41ece727371d565708beb2cd9e7e1b78c936d4db31f2ca749846fbfb1eab3cd172255befd145ab293b7f58e0a1c9633d56bd43d92640577d2e939601f70d2cab8fcd7a3739f91c8bb701494d02dbfd5ff51fd2159b79bf643bd574675ccee572773aefac1c1a570cfdd36e549e625d016c38d368fd897d2cec3d5ed36c826a99bf7bddce18c17fb80594deab3ac4b0af4842", 0xa6}, {&(0x7f0000000040)="81b6f021bd1bb422b04becb27f78cec82f7af0f59f", 0x15}, {&(0x7f0000000300)="ba8659034ef11dee4ade6db43b1537731f1d98aa0c2edc068ef9bf87c8c3a182c383e14d4a05b9d2855a0bb4e088e7d363e084efe5fd458cd03d12302a74da09d9a2f582823c0ef8717e35a690cd154aa96f963b74adffd849a9d46570f349ea0e36a72d30be057669af3ebf6b94ae9e16df9c11145327d6e4a8c43884f78ed128b0c0e1dacc25c6d61a90c0d337df805aaef3e2b8c8ea12e7c5510d60f3377c5eb9af4b091b11fbbd118efc91c8e14fb259913e457f5358723404527627044f27cb476e7acbbded25fab83edaf37914876ab9c6cae48883fffddd943230dcc36fa8f8df6670df73f531503c990ab54a4e7fc2d220bc0d5bfd2e", 0xfa}, {&(0x7f0000000400)="b3ec7618776b1915ff87c23cee848b605874957f3e2622df3a012a62b11adf4c3c78a653bbb294f6a3b51a24d44c2260df75d023193f610aff56c13d30cd1d6cd5e75b68109674e3c486323b85c7a21a00c59fe5475c027694ced71444f6041637815c95ef0c80e685127a2bc43be4cd31a97d2f0102b900eb17807a479d5c12f9445c316343028a910eae95ba1ee7f2", 0x90}, {&(0x7f00000004c0)="ddcaecaf5983a4e844e0e5c42d79163d568202debde970f0c8d77147657347106bf9fa9c3231532e51141a4caf5e675f6a2a23c81220b04622e6cd4b4d7246b08bf93d6cca699d03984f353796ba944377c5c07709a40ac8db7c2b712a3428e9ef1a37c5599daad98f81e85185e60c9047ad74e1a43557871a626aac92f710ba5c8beea509c21ca21948ec58f9b5f6d6f280ab5ef647378aa88e9e", 0x9b}], 0x5)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="1400000015000103001c0000000000000b0000007799dddae1000c1a3981d36282cf6d15d7772e528b3921f897a754c316edb18cb6ad2c7a661856fa7f253f4aabf4948219b681f9321a4daaa0792e9919afc28ba073eb4c04a86fb36d00104e4dbebabd9cdb86fb7de4facca83db6522800d01ddfeba8eb485ccc14933ed24d6feb687b16667986769243c3c0acecbe768bbcc1ba999d3ce23bae5d554712262a5a38a7bcde90d485e15efc7d3f063c371b3af794eee61f5143dc436e604bda1839f030731d280f086e763aeff16aa7793ff4b7f28e2d8a8b67eb1e7e791a66"], 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001300)={0x7})

1.015527556s ago: executing program 5 (id=3763):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, r1, 0x100, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x0, 0x60}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x401}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x3c}, 0x1, 0x0, 0x0, 0x77b93e3f58c00464}, 0x4000041)

940.218595ms ago: executing program 5 (id=3764):
syz_emit_ethernet(0x6c, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa2c08004502005e00650000002f9078a41414bbffffffff248086dd0000000310000800000600090006000086dd080088be00000000100360000100000000000001080022eb00000000200080000200000000000000000000000800655800000000"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1f, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000400000000000000850000007f0000000500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10}, 0x90)

939.310447ms ago: executing program 5 (id=3767):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0x405, 0xfffffffc, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x45502, 0x4}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6, 0x1, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x18, r2}, './file0\x00'})

849.592287ms ago: executing program 0 (id=3768):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r1 = socket$kcm(0x2d, 0x2, 0x0)
sendmsg$IPSET_CMD_LIST(r1, &(0x7f00000000c0)={&(0x7f0000000280)={0x2d, 0x0, 0x1f, 0x100000}, 0xc, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000840}, 0x41) (async)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2f, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x103, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)

790.202752ms ago: executing program 5 (id=3771):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x200, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16}, 0x94)
unshare(0x2c020400)
r1 = msgget$private(0x0, 0x240)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newtaction={0x64, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x50, 0x1, [@m_tunnel_key={0x4c, 0x1, 0x0, 0x0, {{0xf}, {0x1c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x5}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @multicast1}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x64}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000046000701fcffffff0200000001"], 0x1c}, 0x1, 0x0, 0x0, 0x488c4}, 0xc000)
msgsnd(0x0, &(0x7f00000001c0)=ANY=[], 0x2000, 0x0)
msgrcv(r1, &(0x7f0000000000), 0x8, 0xffffff7f00000000, 0x3000)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x28, 0x64, 0x0, 0xa, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x6071, 0x0, 0xe7}}}}}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000040)={<r5=>0x0, 0x54, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x7f, @empty, 0x8}, @in6={0xa, 0x4e20, 0x807, @local, 0x1}, @in6={0xa, 0x4e23, 0x9, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x7}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, &(0x7f00000003c0)={<r6=>r5, 0x18fe, 0x20, 0x8, 0x28764d92}, &(0x7f0000000400)=0x18)
setsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000000440)={r6, 0xfffffff8}, 0x8)
ioctl$AUTOFS_IOC_READY(r3, 0x9360, 0x5)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000300)={r5, @in6={{0xa, 0x4e23, 0x28, @remote, 0x4}}, 0x101, 0x4}, 0x90)

773.12136ms ago: executing program 0 (id=3773):
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0], 0x2, 0x0, 0x0, <r0=>0xffffffffffffffff})
io_uring_register$IORING_REGISTER_PROBE(r0, 0x8, &(0x7f0000000500)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x40)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8930, &(0x7f0000000000)="f3ed71")
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = getpid()
prctl$PR_SCHED_CORE(0x3e, 0x4, r4, 0x0, &(0x7f0000000040))
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0xfffffffffffffff8, 0x3, 0x0, 0x2004c5, 0x8000000, 0x0, 0x0, 0x1000007, 0x2, 0x5, 0x104b, 0x2, 0x8001], 0x0, 0x282240})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
r6 = dup(r5)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
ioctl$KVM_SET_SREGS(r0, 0x4138ae84, &(0x7f0000000240)={{0x70000, 0xeeee0000, 0x4, 0xb, 0x2, 0xf, 0x4, 0x7f, 0x3, 0x10, 0x9, 0x1}, {0x8080000, 0xeeee8000, 0xf, 0xfd, 0x67, 0x8, 0x12, 0x7, 0xa, 0xe, 0xb, 0xf5}, {0x200000, 0xeeee8000, 0xa, 0x2, 0x3, 0xe, 0xb7, 0x1, 0x0, 0x3, 0x9, 0x2}, {0x70000, 0xeeee8000, 0x9, 0x0, 0x2, 0xdc, 0x7, 0x29, 0x39, 0x6, 0x4, 0xb}, {0x1ddde0000, 0xb000, 0xa, 0xc1, 0x7, 0x8, 0xf4, 0x1, 0x81, 0x40, 0x5, 0xc}, {0x100000, 0x4000, 0xd, 0xff, 0x4, 0x4, 0x2, 0x40, 0x7f, 0xf2, 0x8, 0x4}, {0x41000, 0x26000, 0x9, 0xa, 0x8, 0x9, 0xda, 0xa, 0x5, 0x7f, 0x5, 0x1}, {0xffff1000, 0x8000000, 0x14, 0x3, 0xff, 0x0, 0x7, 0x5, 0x2, 0x9, 0x8, 0xfb}, {0x9000, 0x4}, {0x54000, 0xfc00}, 0x4, 0x0, 0x5000, 0x400, 0x8, 0x4801, 0x2000, [0xffffffff, 0x3, 0x7499, 0xa1]})
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x1f, &(0x7f0000000400)={0x0, @in6={{0xa, 0x4e20, 0x659, @empty, 0x2}}, 0x0, 0x7}, &(0x7f0000000200)=0x90)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

619.985586ms ago: executing program 2 (id=3776):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000000680)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000005c0)={&(0x7f00000000c0)={0x4f0, 0x1, 0x3, 0x301, 0x0, 0x0, {0x7, 0x0, 0x6}, [@NFQA_PAYLOAD={0x9f, 0xa, "5a0083865ff73f98087336c353af2e32f2f7901b7a3cf2572c0bf671fd9031927e865a5f34799ecdd362e98dfce2cce543765cb9ffb800f6aea0b050faba34f5c5c85a56b0a71f13c0d0ea8dd2424a7ea97b54524c3cce16c33fe59f921b8ce56f85fdcb6b2cdc265a0a81d9db3f77e030eeea744fb8ca37b8f705900e9e5f89f1d65f5a66194de9e1707c94a738af854a026d0c24f2e66180374e"}, @NFQA_EXP={0x380, 0xf, 0x0, 0x1, [@CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x8}, @CTA_EXPECT_NAT={0x190, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0xb8, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010102}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x18}}, {0x14, 0x4, @local}}}]}, @CTA_EXPECT_NAT_TUPLE={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_NAT_TUPLE={0xa0, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x22}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @private=0xa010101}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x22}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT={0x58, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_NAT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT={0x170, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x5c, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @private=0xa010101}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_EXPECT_NAT_TUPLE={0x78, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @local}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @rand_addr=0x64010100}}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x58, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010100}, {0x8, 0x2, @local}}}]}]}, @CTA_EXPECT_MASTER={0xc, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_ZONE={0x6}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x7a5b899e}]}, @NFQA_VLAN={0xc, 0x13, 0x0, 0x1, [@NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0xe}]}, @NFQA_EXP={0x78, 0xf, 0x0, 0x1, [@CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x4}, @CTA_EXPECT_NAT={0x5c, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x48, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x15}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x5}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x1ff}]}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0x8001}}, @NFQA_VLAN={0x2c, 0x13, 0x0, 0x1, [@NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x88a8}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x8}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x2}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x88a8}]}]}, 0x4f0}, 0x1, 0x0, 0x0, 0x4000}, 0xc000)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0)

619.747728ms ago: executing program 0 (id=3777):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xcf, &(0x7f0000000000)=0x42c8, 0x4)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0xc3072, r0, 0x0)

619.127292ms ago: executing program 2 (id=3778):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xeb4732a8b1d93117, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x10, 0x7fff0000}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040))
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x0, 0x3}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_RESET(r2, 0x4141, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x4, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000380)=[@text16={0x10, 0x0}], 0x1, 0xc, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f"], 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

559.922078ms ago: executing program 2 (id=3779):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
read$FUSE(r0, &(0x7f0000004340)={0x2020}, 0x2020) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={0xffffffffffffffff, 0xe0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000700)=[0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x2, 0x1, &(0x7f0000000940)=[0x0, 0x0], &(0x7f0000000980)=[0x0], 0x0, 0x74, &(0x7f0000000b40)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000b80), &(0x7f0000000bc0), 0x8, 0x90, 0x8, 0x8, &(0x7f0000000c00)}}, 0x10) (async)
pipe2$watch_queue(&(0x7f0000002240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
r3 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff) (async)
pipe2$watch_queue(&(0x7f0000000240), 0x80) (async)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x9f)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000d80)=@bloom_filter={0x1e, 0x4, 0x9, 0x1ff, 0x2100, r0, 0x8, '\x00', r1, r2, 0x3, 0x5, 0x3, 0xc}, 0x50) (async)
r6 = fsopen(&(0x7f0000000100)='jfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000400)='gid', &(0x7f0000000740)='0\x00M\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbd\t\x00\x00\x00\x00\x00\x00\x00\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xffNh\x19\xee#\xcc\x0f\xee\xfea\xdc\x88\xcb%bW\xd35\xda=\xc6\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x90\xf4\xb7\xdf<O\x1c\xab\x17\x84\x8d\x94\x125\xf8\xc9@h\x01\xf5\xcb\x88\x01\xde\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xd00v6l\xd6,\x1e\xa0\xcc\xdb\xfdkm\b?\x839\x85\n\x02\"\xe0\xb5@>\xae\xf3\x02\x19_\xe1.f>>\xa5\xc7@\xfb\"\xab\xdb\x06\x12e\x14\x11~\xa8\xdfRL \xf0\xee>(\xb1\xa2\xe8\a\xb8-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\'\x13', 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$inet6(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000440)="502b121a4fcb6bf58b5004f7f302dfbaf907ad25cf67798d3205a854dc9ed0583e73dcb71023e705959ab73bcdc91ed5663e623c245bbf53c6847353badb03565aa5d09e7033eaf3c51089323ce22cc9fb49f7bb4f8a25f6a9957e94dcc878e4a8f52e4f5b1a40454d797fe8ed6f14293623dfa75394251602ab6d3c300c98", 0x7f}, {&(0x7f0000000580)="e98cd7cf28a18cdac5ccfe3208b1e13dc485ddb96373a955e417e93a3bb490381dbe8988d50dfda19cfbf34c6f0b9435b1b361410af985a2f50e7fe2e3c45d760a695ac08a2373c9260c7ce7f501f7976a536cf7943391be51f620d26553ffe7060bba465fa512bc393870ce8c6ffec3fd2cd4e079737f87cd117a67bed40f4854859d498d601b9fb253ddb92ea16e4075b15028b26ae8c97aab1f7c90bb4e7208ba955758304d36550e3ddc9db5a3363f9fb1e0e9af493d2f896df00bad4cb0d1c032a1568d8ed820967835", 0xcc}], 0x2, &(0x7f0000000e00)=ANY=[@ANYBLOB="380000000000000029000000390000006204000500000000fc010000000000000000000000000001fe880000000000000000000000000001680000000000000029000000390000003a0a020000000000fe8000000000000000000000000000aafe80000000000000000000000000001cfc000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000015d16d1281eae0684bd78604976b9e"], 0xa0}, 0x4) (async)
shutdown(r8, 0x0) (async)
close(0x3) (async)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000200)={<r9=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010101}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r8, 0x84, 0x7a, &(0x7f0000000340)={r9, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) (async)
getsockopt$inet_sctp6_SCTP_STATUS(r7, 0x84, 0xe, &(0x7f0000000280)={0x0, 0x6, 0x3, 0xe, 0xfff7, 0x2a1, 0xfff7, 0x641, {0x0, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x24}}}, 0xf, 0x2d5e, 0x5, 0x9, 0x7}}, &(0x7f0000000140)=0xb0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e00000085000000a000000095"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r10 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) (async)
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000009c0)=@newqdisc={0xc0, 0x10, 0x1, 0x10000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x2, 0xfff1}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x4}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x7}, @TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x8, 0xb, 0x8000, 0x2, 0x5, 0x9, 0x7}}, {0x12, 0x2, [0x1ff, 0x8, 0x3, 0x6, 0x51, 0x5, 0x2]}}, {{0x1c, 0x1, {0x8, 0x6, 0x0, 0x80000001, 0x1, 0x7, 0xb02, 0x8}}, {0x14, 0x2, [0xd, 0x2, 0x6, 0x6, 0x5, 0xfff, 0x6, 0xf000]}}, {{0x1c, 0x1, {0x2, 0x81, 0x0, 0x6, 0x2, 0x1, 0x4, 0x3}}, {0xa, 0x2, [0x400, 0x5, 0x6]}}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000091}, 0x4000c00) (async)
r12 = userfaultfd(0x801)
ioctl$UFFDIO_API(r12, 0xc018aa3f, &(0x7f0000000000)) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18) (async)
ioctl$UFFDIO_REGISTER(r12, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)

559.350625ms ago: executing program 2 (id=3781):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x18, 0x803, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x2)
sendto$inet6(r2, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020b06050e020909430009003f00064c0a0000000d0085a168d0bf46d32345653600648d0a000500eb16000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160004000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x7ff, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}, 0x1c)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'ip6tnl0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x4, 0x20, 0x3, 0xa7e, 0x38, @loopback, @empty, 0x80, 0x0, 0x1, 0x402}})
getsockopt$rose(r2, 0x104, 0x2, &(0x7f0000000040), &(0x7f0000000140)=0x4)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000100)={'syztnl2\x00', 0x0})

469.179157ms ago: executing program 4 (id=3782):
r0 = syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_pidfd_open(r0, 0x0)
ioctl$F2FS_IOC_GET_FEATURES(r1, 0xff09, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x5, 0x1, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x44000)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x60, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28}, @TCA_TBF_BURST={0x8, 0x6, 0x58}]}}]}, 0x60}}, 0x0)
ioctl(r3, 0x9, &(0x7f0000000340)="3c427efb0bee5c1d044ab5fe6aa6f496c9c59f5f53bbcf8f5024ea4f6b3471c74aae3848d46fa779cdbcbce65a7d9deaa4f805f50f08a3121213d2c4fab92b13128bf603f13936354ff6683f66ffdaad257e679acd19563eb530c317a9b0aae8e7b169e34ae806f050535b0d269e9268e5ed563efbb01e90febf2455074f86bcf6178b5ad898c7f60fcae2")
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@gettclass={0x24, 0x2a, 0x1, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x64, 0x2, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0xfffe}, [@IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x10}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x64}}, 0x0)

468.93354ms ago: executing program 2 (id=3783):
r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000002300)={0x7, {"a2e3ad214fc752f91b4809094bf70e0dd038e7ff7fc6e5539b326d078b089b3b083872090890e0878f0e1ac6e7049b3d68959b4c9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b08390d075d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b46943090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f0000000c558cdc0a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b155641f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000e0a37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7076600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e988037b2ed050000000000000046684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2e7faa78d1f48c13b64df07847754b8400daaa69bf5e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a299e91eab658d3525859e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a74cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df2928924486cfff799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e74322f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2a9702b4230f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5f400000000000000cb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f002ce8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5478de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df11fddbc48562ea3511a80700000000000000cf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fffffff7f00000000758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f00000000c0)={0x2, 0x0, 0x54000, 0x1000, &(0x7f0000ffc000/0x1000)=nil, 0x75, r2})
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
poll(&(0x7f0000000240)=[{r3, 0x80}], 0x1, 0x4)

410.296886ms ago: executing program 0 (id=3784):
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, 0x3, 0x8, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_ESTABLISHED={0x8, 0x4, 0x1, 0x0, 0x80}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008000}, 0x40000001) (async)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffd, 0x42840) (async)
r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1) (async)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x947)

410.005468ms ago: executing program 2 (id=3785):
pause()
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000240)=<r0=>0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000280)=<r1=>0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000002c0)={'\x00', 0x3, 0xb6c, 0x0, 0x39, 0xc7b, <r2=>0x0})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000340)={<r3=>0x0, <r4=>0x0}, &(0x7f0000000380)=0xc)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000003c0)={0x0, <r5=>0x0})
r6 = getpgrp(0xffffffffffffffff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000004c0)={0x200000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x31}, &(0x7f00000000c0)=""/250, 0xfa, &(0x7f00000001c0)=""/128, &(0x7f0000000440)=[r0, r1, r2, r3, r5, r6], 0x6, {r7}}, 0x58)
r8 = dup(r7)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000540)={<r9=>0x0, 0x7}, &(0x7f0000000580)=0x8)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r8, 0x84, 0x71, &(0x7f00000005c0)={<r10=>r9, 0x3}, &(0x7f0000000600)=0x8)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r8, 0x80047c05, &(0x7f0000000640)=<r11=>0xffffffffffffffff)
ioctl$int_in(r11, 0x5452, &(0x7f0000000680)=0x100)
writev(r8, &(0x7f0000000840)=[{&(0x7f00000006c0)}, {&(0x7f0000000700)="914d7cafcd567a0b927f362e5bdb2dc971978e451af0fad51a574d2db32272a395b62f6b0a5b0ab5fc16c8ce767021b26ba9c66b994a8f7be87a11", 0x3b}, {&(0x7f0000000740)="19c6313caa2602a7344f3a868df61e3e4584be34dc451da153bc547e8ee11ef98405ba65ec7fc32d3798a232501cfa6ca035e325a438983980731cd49eb9f200db136456edb9c9427fef1d9ef3d1803d112a0c5b6053806137fe59a438bb3b57d6f8309895e6796868a78bc26985b032ebaa07e3f61f1fee6323e010152d3710c5fdd929b688c56c6eed3fe7df3acbbcf89a0b6f6a661ff246ed1a65282cbc5006b963d4d274cf31f4e009c1f2d03f996764404a66629037915a086e5ec2b30edd25a27f3565e5e53bbaf6d0d44d353cb78c578c3509aef59ab3666a3cf3cdcd4d46206e69ffc6d79e0551653bcc28754ffeb37d93de852354", 0xf9}], 0x3)
ioctl(0xffffffffffffffff, 0x401, &(0x7f0000000880)="fe9576050679ecb9d037a5")
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_clone(0x20000800, &(0x7f00000008c0)="87d33ec33ea53c9fd1271a20f99926c3b92a088436e01b02e9e557898d", 0x1d, &(0x7f0000000900), &(0x7f0000000940), &(0x7f0000000980)="5c050080b3571df70e7b126dafc64ecf42270a58d928104054623a0a864720b48c81faf2ad9e29c86bcec9e03a417f2b0f9ca0242dfeb491e5effa8a2858193da93daad72815dd50d9067705c63d391cf80fb83aa3ca29758cd9a8f491cfcdee91b534ca80597369b9598609ebf292b0ff8ad66a9cddcde22037d0213803feb47c5ef44883e795c154d41e5d59ad42064cf8f23428b03729d6c1bad3bf002c5d56db77e647305d9ed7c0df75c19f7fe14270524d1e8e07a17be5b9af3dd253c6b10757890efbaf48bed447f9eaa51bbe0d70cc0ef74b284b1db455a7da37b690900a851950ba")
prlimit64(r13, 0x9, &(0x7f0000000a80)={0xe, 0x1}, &(0x7f0000000ac0))
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000b00), 0x480481, 0x0)
ioctl$KVM_CREATE_VM(r14, 0xae01, 0x2c)
r15 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000b40)='/sys/kernel/profiling', 0x402, 0x21)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r15, 0x84, 0x77, &(0x7f0000000b80)={r9, 0x9, 0x5, [0x5, 0x0, 0xff49, 0x6, 0x9]}, &(0x7f0000000bc0)=0x12)
r16 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r16, 0x84, 0x71, &(0x7f0000000c00)={r10, 0x3}, 0x8)
mount$overlay(0x0, &(0x7f0000000c40)='./file0\x00', &(0x7f0000000c80), 0x800020, &(0x7f0000000cc0)={[{@metacopy_on}, {@uuid_auto}, {@redirect_dir_on}, {@metacopy_on}, {@verity_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@uuid_auto}, {@index_on}, {@xino_auto}], [{@euid_lt={'euid<', r4}}, {@appraise}, {@measure}, {@fsname={'fsname', 0x3d, '/dev/kvm\x00'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@euid_lt={'euid<', r4}}]})
syz_genetlink_get_family_id$nfc(&(0x7f0000000dc0), r12)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f0000000e00)={0x8000})
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r8, 0x84, 0x75, &(0x7f0000000e40)={r9, 0x10000}, 0x8)
ioctl$BTRFS_IOC_SYNC(r11, 0x9408, 0x0)

409.809511ms ago: executing program 0 (id=3786):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) (async)
chdir(&(0x7f0000000100)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x25, &(0x7f0000000000)={0x1}) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x7, &(0x7f00000003c0)={0x1, 0x0, 0xb}) (async)
close_range(r0, 0xffffffffffffffff, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000018c0)={'team0\x00', <r4=>0x0})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x41, 0x38012}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp=r5}]}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x40}}, 0x0)

339.70512ms ago: executing program 4 (id=3787):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xeb4732a8b1d93117, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x5, &(0x7f0000000040)=[{0x2e, 0xbf, 0x7, 0x5}, {0x6, 0x4, 0x3, 0x3}, {0x80b, 0x2, 0x81, 0x1}, {0x2, 0x7f, 0x4, 0x10000}, {0x195, 0x1, 0x9, 0x3}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000002140)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_rsp={{0x18, 0x8, 0x8}, {0x0, 0x4, 0x6, 0x7}}}}, 0x15)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
sendmsg$NBD_CMD_CONNECT(r3, 0x0, 0x4000000)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x4, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000380)=[@text16={0x10, 0x0}], 0x1, 0xc, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f"], 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

289.970005ms ago: executing program 4 (id=3788):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xd8}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'bridge_slave_1\x00', &(0x7f00000000c0)=@ethtool_stats})
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e22, @loopback}, 0x10)
sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000440)=[@cswp={0x58, 0x114, 0x7, {{0x6, 0x2}, 0x0, 0x0, 0x2, 0x9, 0x9, 0x9, 0x1c, 0x4}}], 0x58}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'pim6reg0\x00', 0x0})

229.249597ms ago: executing program 0 (id=3789):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x109042, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x41, [0x8000, 0xc95a, 0xf, 0x8, 0x7fffffff, 0x2, 0x7, 0x7f, 0x20000006, 0x4d, 0x2000006, 0x5f, 0x80000000, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x10006, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c74, 0x80000004, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x0, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x7, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x101, 0x10, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0xfffffffb, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x7, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xffffeffe, 0x7, 0x9, 0x5, 0x3, 0x8, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0xd, 0xac8, 0x2000bf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a0ed, 0x2, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x9, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xfffffffe, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x5, 0x8, 0x30b1d693, 0x2, 0xf40, 0x7, 0x1, 0x6c1c, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448de, &(0x7f0000000180))
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x20, r2, 0x100, 0x70bd30, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x20}, 0x1, 0x3000000}, 0x800)

67.792006ms ago: executing program 4 (id=3790):
r0 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000040))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x106000, 0x1000, 0x1})
close(r2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0xd, 0xd, &(0x7f0000000740)=ANY=[@ANYBLOB="180200000000000000000000ffffffff851000000100000095000000000000001800000020646c2500000000002020207b1af8ff00000000bda100000000000007010000f8ffffffb702000008b19200b703000000000000850000003100000095"], &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)

67.611911ms ago: executing program 4 (id=3791):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="1400000010000100edff0000000000000000000a58000000060a09040000000000000000020000002c000480280001800d00010073796e70726f787900000000140002800500020009000000080003400000000a0900010073797a30000000000900020073797a32"], 0x80}}, 0x0)

0s ago: executing program 4 (id=3792):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x2, 0x1, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xb, 0x5}, {0xe, 0xfff2}, {0xa, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_INTERVAL={0x8, 0x3, 0x7}, @TCA_CODEL_ECN={0x8, 0x4, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44044}, 0x4048884)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x12d8)
r3 = socket(0xa, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x19, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x2, 0x230, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200004c0], 0x0, 0x0, 0x0}, 0x2a8)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=@getpolicy={0x58, 0x15, 0x1, 0x30bd28, 0x25dfdbfc, {{@in=@multicast1, @in=@remote, 0x4e23, 0x0, 0x4e21, 0x9, 0x2, 0x20, 0xa0, 0x6c}, 0x6e6bb5}, [@XFRMA_IF_ID={0x8, 0x1f, 0x2}]}, 0x58}, 0x1, 0x0, 0x0, 0x44}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

kernel console output (not intermixed with test programs):

  241.328719][   T41] audit: type=1326 audit(241.249:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14726 comm="syz.3.2609" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd6d5b9c799 code=0x0
[  241.439557][ T1327] psmouse serio3: Failed to reset mouse on : -5
[  241.589119][T14735] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2610'.
[  241.802638][T14746] netlink: 'syz.2.2614': attribute type 1 has an invalid length.
[  241.805295][T14746] netlink: 'syz.2.2614': attribute type 1 has an invalid length.
[  241.807828][T14746] netlink: 9172 bytes leftover after parsing attributes in process `syz.2.2614'.
[  241.847198][T14749] overlayfs: failed to resolve './file0': -2
[  241.907480][T14753] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2617'.
[  242.060445][T14759] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2619'.
[  242.064841][T14759] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2619'.
[  242.522713][   T41] audit: type=1400 audit(242.449:793): avc:  denied  { setopt } for  pid=14779 comm="syz.0.2624" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  242.735177][   T41] audit: type=1400 audit(242.659:794): avc:  denied  { write } for  pid=14789 comm="syz.0.2626" name="file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  242.735677][T14790] sd 0:0:0:0: PR command failed: 1026
[  242.745055][T14790] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  242.748022][T14790] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  242.862272][T14796] F2FS-fs (nbd2): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  242.866635][T14796] F2FS-fs (nbd2): Can't find valid F2FS filesystem in 1th superblock
[  242.871806][T14796] F2FS-fs (nbd2): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  242.875287][T14796] F2FS-fs (nbd2): Can't find valid F2FS filesystem in 2th superblock
[  242.928062][T14801] input: syz0 as /devices/virtual/input/input15
[  242.985690][T14801] tipc: Started in network mode
[  242.987459][T14801] tipc: Node identity fc010000000000000000000000000001, cluster identity 4711
[  242.993728][T14801] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  243.066233][T14805] /dev/sg0: Can't lookup blockdev
[  243.468225][   T41] audit: type=1400 audit(243.379:795): avc:  denied  { connect } for  pid=14833 comm="syz.0.2643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  243.503161][   T41] audit: type=1400 audit(243.429:796): avc:  denied  { map } for  pid=14842 comm="syz.0.2645" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  243.513258][   T41] audit: type=1400 audit(243.429:797): avc:  denied  { execute } for  pid=14842 comm="syz.0.2645" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  243.668257][T14870] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  244.415122][   T41] audit: type=1400 audit(244.339:798): avc:  denied  { ioctl } for  pid=14878 comm="syz.2.2654" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  244.724277][T14907] fuse: Unknown parameter ''
[  244.755327][   T41] audit: type=1400 audit(244.679:799): avc:  denied  { append } for  pid=14904 comm="syz.2.2659" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  244.797497][T14922] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14922 comm=syz.2.2664
[  245.014463][T14936] binder: 14927:14936 ioctl c00c6211 0 returned -14
[  245.215894][T14958] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  245.249489][ T1327] misc userio: Buffer overflowed, userio client isn't keeping up
[  245.263852][T14964] hfsplus: unable to find HFS+ superblock
[  245.295729][T14966] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  245.302171][T14966] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  245.306080][T14966] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  245.571072][T14985] loop2: detected capacity change from 0 to 7
[  245.574210][T14985] Dev loop2: unable to read RDB block 7
[  245.576737][T14985]  loop2: unable to read partition table
[  245.578835][T14985] loop2: partition table beyond EOD, truncated
[  245.581301][T14985] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  245.923833][T15000] xt_TCPMSS: Only works on TCP SYN packets
[  246.133870][T15010] __nla_validate_parse: 14 callbacks suppressed
[  246.133883][T15010] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2691'.
[  246.142200][T15010] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  246.145775][T15010] gretap1: entered promiscuous mode
[  246.147480][T15010] gretap1: entered allmulticast mode
[  246.172769][T15008] overlayfs: failed to resolve './file1': -2
[  246.257924][T15024] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2696'.
[  246.261377][T15024] openvswitch: netlink: Flow key attr not present in new flow.
[  246.312344][ T1327] input: PS/2 Generic Mouse as /devices/serio3/input/input14
[  246.350095][T15029] netlink: 45 bytes leftover after parsing attributes in process `syz.2.2697'.
[  246.360298][T15029] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.2697'.
[  246.516480][T15035] exFAT-fs (nullb0): invalid boot record signature
[  246.518691][T15035] exFAT-fs (nullb0): failed to read boot sector
[  246.520877][T15035] exFAT-fs (nullb0): failed to recognize exfat type
[  246.549483][ T1327] psmouse serio3: Failed to enable mouse on 
[  246.579055][T15039] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2701'.
[  246.699474][T15043] tipc: MTU too low for tipc bearer
[  246.701960][T15043] tipc: MTU too low for tipc bearer
[  246.706079][T15043] tipc: MTU too low for tipc bearer
[  246.708436][T15043] tipc: MTU too low for tipc bearer
[  246.711179][T15043] tipc: MTU too low for tipc bearer
[  246.713477][T15043] tipc: MTU too low for tipc bearer
[  246.715963][T15043] tipc: MTU too low for tipc bearer
[  246.718268][T15043] tipc: MTU too low for tipc bearer
[  246.720857][T15043] tipc: MTU too low for tipc bearer
[  246.723170][T15043] tipc: MTU too low for tipc bearer
[  246.725510][T15043] tipc: MTU too low for tipc bearer
[  246.727981][T15043] tipc: MTU too low for tipc bearer
[  246.730443][T15043] tipc: MTU too low for tipc bearer
[  246.732792][T15043] tipc: MTU too low for tipc bearer
[  246.735054][T15043] tipc: MTU too low for tipc bearer
[  246.737225][T15043] tipc: MTU too low for tipc bearer
[  246.759600][T15043] tipc: MTU too low for tipc bearer
[  246.762065][T15043] tipc: MTU too low for tipc bearer
[  246.923302][   T41] kauditd_printk_skb: 10 callbacks suppressed
[  246.923315][   T41] audit: type=1400 audit(246.852:810): avc:  denied  { unmount } for  pid=12497 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  247.069889][   T41] audit: type=1400 audit(247.002:811): avc:  denied  { map } for  pid=15071 comm="syz.2.2710" path="/proc/161/net/ip_tables_targets" dev="proc" ino=4026533285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  247.080744][   T41] audit: type=1400 audit(247.002:812): avc:  denied  { execute } for  pid=15071 comm="syz.2.2710" path="/proc/161/net/ip_tables_targets" dev="proc" ino=4026533285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  247.158714][T15082] loop2: detected capacity change from 0 to 7
[  247.162614][T15084] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=62752 sclass=netlink_route_socket pid=15084 comm=syz.4.2715
[  247.169055][T15082] Dev loop2: unable to read RDB block 7
[  247.172784][T15082]  loop2: unable to read partition table
[  247.175373][T15082] loop2: partition table beyond EOD, truncated
[  247.178068][T15082] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  247.225054][T15090] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2717'.
[  247.229969][T15090] No control pipe specified
[  247.337843][T15107] 9pnet_virtio: no channels available for device syz
[  247.347095][   T41] audit: type=1400 audit(247.272:813): avc:  denied  { setopt } for  pid=15108 comm="syz.4.2722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  247.378711][T15110] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2722'.
[  247.385962][T15113] fuse: Bad value for 'user_id'
[  247.387654][T15113] fuse: Bad value for 'user_id'
[  247.394760][T15110] 8021q: adding VLAN 0 to HW filter on device bond4
[  247.531800][T15123] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2728'.
[  247.539401][   T41] audit: type=1326 audit(247.462:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15122 comm="syz.4.2728" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30de99c799 code=0x7ffc0000
[  247.548986][   T41] audit: type=1326 audit(247.462:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15122 comm="syz.4.2728" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30de99c799 code=0x7ffc0000
[  247.558528][   T41] audit: type=1326 audit(247.462:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15122 comm="syz.4.2728" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30de99c799 code=0x7ffc0000
[  247.569800][   T41] audit: type=1326 audit(247.462:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15122 comm="syz.4.2728" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30de99c799 code=0x7ffc0000
[  247.579488][   T41] audit: type=1326 audit(247.462:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15122 comm="syz.4.2728" exe="/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f30de99c799 code=0x7ffc0000
[  247.588180][   T41] audit: type=1326 audit(247.462:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15122 comm="syz.4.2728" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30de99c799 code=0x7ffc0000
[  247.596343][T15116] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2725'.
[  247.610379][ T1226] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  247.610409][T15116] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2725'.
[  247.614277][ T1226] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  247.638471][ T1226] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  247.642773][ T1226] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  247.657166][T15131] Cannot find add_set index 65532 as target
[  247.668376][T15131] Cannot find add_set index 65532 as target
[  247.731332][T15137] IPVS: set_ctl: invalid protocol: 44 172.20.20.12:21
[  247.767160][T15143] comedi: valid board names for 8255 driver are:
[  247.772536][T15143]  8255
[  247.773656][T15143] comedi: valid board names for vmk80xx driver are:
[  247.775972][T15143]  vmk80xx
[  247.777351][T15143] comedi: valid board names for usbduxsigma driver are:
[  247.785539][T15143]  usbduxsigma
[  247.787466][T15143] comedi: valid board names for usbduxfast driver are:
[  247.792054][T15143]  usbduxfast
[  247.793515][T15143] comedi: valid board names for usbdux driver are:
[  247.796423][T15143]  usbdux
[  247.797807][T15143] comedi: valid board names for ni6501 driver are:
[  247.801160][T15143]  ni6501
[  247.802620][T15143] comedi: valid board names for dt9812 driver are:
[  247.805491][T15143]  dt9812
[  247.806855][T15143] comedi: valid board names for ni_labpc_cs driver are:
[  247.810315][T15143]  ni_labpc_cs
[  247.811888][T15143] comedi: valid board names for ni_daq_700 driver are:
[  247.814943][T15143]  ni_daq_700
[  247.816519][T15143] comedi: valid board names for labpc_pci driver are:
[  247.821299][T15143]  labpc_pci
[  247.822755][T15143] comedi: valid board names for adl_pci9118 driver are:
[  247.825817][T15143]  pci9118dg
[  247.830486][T15143]  pci9118hg
[  247.831695][T15143]  pci9118hr
[  247.833083][T15143] comedi: valid board names for 8255_pci driver are:
[  247.835769][T15143]  8255_pci
[  247.842762][T15143] comedi: valid board names for s526 driver are:
[  247.844824][T15143]  s526
[  247.845735][T15143] comedi: valid board names for multiq3 driver are:
[  247.856204][T15143]  multiq3
[  247.857582][T15143] comedi: valid board names for pcmuio driver are:
[  247.863862][T15143]  pcmuio48
[  247.865275][T15143]  pcmuio96
[  247.866657][T15143] comedi: valid board names for pcmmio driver are:
[  247.869908][T15143]  pcmmio
[  247.871358][T15143] comedi: valid board names for pcmda12 driver are:
[  247.874358][T15143]  pcmda12
[  247.875762][T15143] comedi: valid board names for pcmad driver are:
[  247.878316][T15143]  pcmad12
[  247.880749][T15143]  pcmad16
[  247.882529][T15143] comedi: valid board names for ni_labpc driver are:
[  247.885548][T15143]  lab-pc-1200
[  247.887089][T15143]  lab-pc-1200ai
[  247.888688][T15143]  lab-pc+
[  247.892325][T15143] comedi: valid board names for atmio16 driver are:
[  247.895122][T15143]  atmio16
[  247.896633][T15143]  atmio16d
[  247.898056][T15143] comedi: valid board names for ni_at_ao driver are:
[  247.901628][T15143]  at-ao-6
[  247.902946][T15143]  at-ao-10
[  247.904025][T15143] comedi: valid board names for ni_at_a2150 driver are:
[  247.906205][T15143]  ni_at_a2150
[  247.907448][T15143] comedi: valid board names for adq12b driver are:
[  247.912611][T15143]  adq12b
[  247.913947][T15143] comedi: valid board names for mpc624 driver are:
[  247.916764][T15143]  mpc624
[  247.918243][T15143] comedi: valid board names for c6xdigio driver are:
[  247.922047][T15143]  c6xdigio
[  247.923525][T15143] comedi: valid board names for aio_iiro_16 driver are:
[  247.926443][T15143]  aio_iiro_16
[  247.927974][T15143] comedi: valid board names for aio_aio12_8 driver are:
[  247.932330][T15143]  aio_aio12_8
[  247.933513][T15143]  aio_ai12_8
[  247.934654][T15143]  aio_ao12_4
[  247.935812][T15143] comedi: valid board names for fl512 driver are:
[  247.937956][T15143]  fl512
[  247.938981][T15143] comedi: valid board names for dmm32at driver are:
[  247.942176][T15143]  dmm32at
[  247.943408][T15143] comedi: valid board names for dt282x driver are:
[  247.945711][T15143]  dt2821
[  247.946943][T15143]  dt2821-f
[  247.948309][T15143]  dt2821-g
[  247.950595][T15143]  dt2823
[  247.951959][T15143]  dt2824-pgh
[  247.953428][T15143]  dt2824-pgl
[  247.955027][T15143]  dt2825
[  247.956387][T15143]  dt2827
[  247.957713][T15143]  dt2828
[  247.959073][T15143]  dt2829
[  247.960736][T15143]  dt21-ez
[  247.961784][T15143]  dt23-ez
[  247.962802][T15143]  dt24-ez
[  247.963853][T15143]  dt24-ez-pgl
[  247.964982][T15143] comedi: valid board names for dt2817 driver are:
[  247.967199][T15143]  dt2817
[  247.968199][T15143] comedi: valid board names for dt2815 driver are:
[  247.971746][T15143]  dt2815
[  247.973046][T15143] comedi: valid board names for dt2814 driver are:
[  247.975787][T15143]  dt2814
[  247.977032][T15143] comedi: valid board names for dt2811 driver are:
[  247.980327][T15143]  dt2811-pgh
[  247.981764][T15143]  dt2811-pgl
[  247.983136][T15143] comedi: valid board names for dt2801 driver are:
[  247.985817][T15143]  dt2801
[  247.986991][T15143] comedi: valid board names for das6402 driver are:
[  247.990069][ T5991] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  247.995270][T15143]  das6402-12
[  247.996745][T15143]  das6402-16
[  247.998123][T15143] comedi: valid board names for das1800 driver are:
[  248.000974][T15143]  das-1701st
[  248.002441][T15143]  das-1701st-da
[  248.004003][T15143]  das-1702st
[  248.005513][T15143]  das-1702st-da
[  248.007085][T15143]  das-1702hr
[  248.008583][T15143]  das-1702hr-da
[  248.010561][T15143]  das-1701ao
[  248.012077][T15143]  das-1702ao
[  248.013271][T15158] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15158 comm=syz.3.2737
[  248.013553][T15143]  das-1801st
[  248.019028][T15143]  das-1801st-da
[  248.020693][T15143]  das-1802st
[  248.022223][T15143]  das-1802st-da
[  248.023820][T15143]  das-1802hr
[  248.025260][T15143]  das-1802hr-da
[  248.026832][T15143]  das-1801hc
[  248.028277][T15143]  das-1802hc
[  248.029814][T15143]  das-1801ao
[  248.031285][T15143]  das-1802ao
[  248.032764][T15143] comedi: valid board names for das800 driver are:
[  248.035558][T15143]  das-800
[  248.036858][T15143]  cio-das800
[  248.038202][T15143]  das-801
[  248.040065][T15143]  cio-das801
[  248.041565][T15143]  das-802
[  248.042925][T15143]  cio-das802
[  248.044380][T15143]  cio-das802/16
[  248.046002][T15143] comedi: valid board names for isa-das08 driver are:
[  248.048883][T15143]  isa-das08
[  248.050412][T15143]  das08-pgm
[  248.051874][T15143]  das08-pgh
[  248.053283][T15143]  das08-pgl
[  248.054728][T15143]  das08-aoh
[  248.056170][T15143]  das08-aol
[  248.057603][T15143]  das08-aom
[  248.059060][T15143]  das08/jr-ao
[  248.061081][T15143]  das08jr-16-ao
[  248.062713][T15143]  pc104-das08
[  248.065356][T15143]  das08jr/16
[  248.066859][T15143] comedi: valid board names for das16m1 driver are:
[  248.070243][T15143]  das16m1
[  248.071715][T15143] comedi: valid board names for dac02 driver are:
[  248.074488][T15143]  dac02
[  248.075760][T15143] comedi: valid board names for rti802 driver are:
[  248.078475][T15143]  rti802
[  248.080112][T15143] comedi: valid board names for rti800 driver are:
[  248.082965][T15143]  rti800
[  248.084306][T15143]  rti815
[  248.085625][T15143] comedi: valid board names for pcm3724 driver are:
[  248.088364][T15143]  pcm3724
[  248.089673][T15143] comedi: valid board names for pcl818 driver are:
[  248.092499][T15143]  pcl818l
[  248.093882][T15143]  pcl818h
[  248.095250][T15143]  pcl818hd
[  248.096515][T15143]  pcl818hg
[  248.097799][T15143]  pcl818
[  248.099137][T15143]  pcl718
[  248.100975][T15143]  pcm3718
[  248.102362][T15143] comedi: valid board names for pcl816 driver are:
[  248.105133][T15143]  pcl816
[  248.107610][T15143]  pcl814b
[  248.109547][T15143] comedi: valid board names for pcl812 driver are:
[  248.112580][T15143]  pcl812
[  248.113976][T15143]  pcl812pg
[  248.115389][T15143]  acl8112pg
[  248.116850][T15143]  acl8112dg
[  248.118162][T15143]  acl8112hg
[  248.120272][T15143]  a821pgl
[  248.121842][T15143]  a821pglnda
[  248.123389][T15143]  a821pgh
[  248.124787][T15143]  a822pgl
[  248.125955][T15143]  a822pgh
[  248.127009][T15143]  a823pgl
[  248.128170][T15143]  a823pgh
[  248.129241][T15143]  pcl813
[  248.130622][T15143]  pcl813b
[  248.131733][T15143]  acl8113
[  248.132721][T15143]  iso813
[  248.133657][T15143]  acl8216
[  248.134591][T15143]  a826pg
[  248.135651][T15143] comedi: valid board names for pcl730 driver are:
[  248.137758][T15143]  pcl730
[  248.138806][T15143]  iso730
[  248.139903][ T5991] usb 5-1: Using ep0 maxpacket: 8
[  248.141804][T15143]  acl7130
[  248.143227][T15143]  pcm3730
[  248.144420][T15143]  pcl725
[  248.145623][T15143]  p8r8dio
[  248.146781][T15143]  acl7225b
[  248.147919][ T5991] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  248.151879][ T5991] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  248.154986][ T5991] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  248.158474][ T5991] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 42272, setting to 1024
[  248.163585][T15143]  p16r16dio
[  248.164755][T15143]  pcl733
[  248.165758][T15143]  pcl734
[  248.166780][T15143]  opmm-1616-xt
[  248.167941][T15143]  pearl-mm-p
[  248.169032][T15143]  ir104-pbf
[  248.170830][ T5991] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  248.174047][ T5991] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  248.178254][ T5991] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  248.181278][T15143] comedi: valid board names for pcl726 driver are:
[  248.183406][T15143]  pcl726
[  248.184374][T15143]  pcl727
[  248.185317][T15143]  pcl728
[  248.186312][T15143]  acl6126
[  248.187388][T15143]  acl6128
[  248.188482][T15143] comedi: valid board names for pcl724 driver are:
[  248.191055][ T5991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.191493][T15143]  pcl724
[  248.194773][T15143]  pcl722
[  248.196002][T15143]  pcl731
[  248.197007][T15143]  acl7122
[  248.198046][T15143]  acl7124
[  248.199263][T15143]  pet48dio
[  248.201203][T15143]  pcmio48
[  248.202351][T15143]  onyx-mm-dio
[  248.203534][T15143] comedi: valid board names for pcl711 driver are:
[  248.205660][T15143]  pcl711
[  248.206850][T15143]  pcl711b
[  248.207912][T15143]  acl8112hg
[  248.209051][T15143]  acl8112dg
[  248.210553][T15143] comedi: valid board names for amplc_pc263 driver are:
[  248.213115][T15143]  pc263
[  248.214108][T15143] comedi: valid board names for amplc_pc236 driver are:
[  248.216803][T15143]  pc36at
[  248.217944][T15143] comedi: valid board names for amplc_dio200 driver are:
[  248.220484][T15143]  pc212e
[  248.221858][T15143]  pc214e
[  248.222863][T15143]  pc215e
[  248.223972][T15143]  pc218e
[  248.225078][T15143]  pc272e
[  248.226099][T15143] comedi: valid board names for comedi_parport driver are:
[  248.229165][T15143]  comedi_parport
[  248.231270][T15143] comedi: valid board names for comedi_test driver are:
[  248.234121][T15143]  comedi_test
[  248.235183][T15171] loop2: detected capacity change from 0 to 7
[  248.235659][T15143] comedi: valid board names for comedi_bond driver are:
[  248.235671][T15143]  comedi_bond
[  248.238894][T14667] Dev loop2: unable to read RDB block 7
[  248.245305][T14667]  loop2: unable to read partition table
[  248.247267][T14667] loop2: partition table beyond EOD, truncated
[  248.260634][T15171] Dev loop2: unable to read RDB block 7
[  248.269408][T15171]  loop2: unable to read partition table
[  248.273618][T15171] loop2: partition table beyond EOD, truncated
[  248.275828][T15171] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  248.402992][ T5991] usb 5-1: usb_control_msg returned -32
[  248.405590][ T5991] usbtmc 5-1:16.0: can't read capabilities
[  248.413880][T15175] input input16: cannot allocate more than FF_MAX_EFFECTS effects
[  248.454968][T15184] netlink: 'syz.4.2744': attribute type 1 has an invalid length.
[  248.456435][T15185] netlink: 'syz.4.2744': attribute type 1 has an invalid length.
[  248.471759][T15184] 8021q: adding VLAN 0 to HW filter on device bond5
[  248.488140][T15185] bond5: (slave gretap1): making interface the new active one
[  248.493300][T15185] bond5: (slave gretap1): Enslaving as an active interface with an up link
[  248.522927][T15188] RDS: rds_bind could not find a transport for ::ffff:172.30.0.3, load rds_tcp or rds_rdma?
[  248.603434][   T34] usb 5-1: USB disconnect, device number 16
[  248.683513][T15206] netlink: 'syz.2.2751': attribute type 3 has an invalid length.
[  248.723432][T15206] usb usb8: usbfs: process 15206 (syz.2.2751) did not claim interface 0 before use
[  248.725522][T15210] netlink: 'syz.0.2752': attribute type 1 has an invalid length.
[  248.747775][T15210] 8021q: adding VLAN 0 to HW filter on device bond2
[  248.770713][T15210] bond2: (slave geneve3): making interface the new active one
[  248.774794][T15210] bond2: (slave geneve3): Enslaving as an active interface with an up link
[  248.801122][T15216] netlink: 'syz.2.2754': attribute type 1 has an invalid length.
[  248.804875][T15216] netlink: 'syz.2.2754': attribute type 1 has an invalid length.
[  248.931619][T15234] xt_hashlimit: size too large, truncated to 1048576
[  249.006869][T15254] dlm: Unknown command passed to DLM device : 33
[  249.006869][T15254] 
[  249.051163][T15258] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  249.077942][T15261] can0: slcan on ttyS3.
[  249.100222][T15266] program syz.3.2770 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  249.172881][T15261] can0 (unregistered): slcan off ttyS3.
[  249.185531][T15270] can0: slcan on ttyS3.
[  249.239614][ T6013] usb 5-1: new low-speed USB device number 17 using dummy_hcd
[  249.283056][T15290] 9pnet_virtio: no channels available for device syz
[  249.326751][T15297] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  249.337629][T15261] can0 (unregistered): slcan off ttyS3.
[  249.341278][T15297] CIFS mount error: No usable UNC path provided in device string!
[  249.341278][T15297] 
[  249.345849][T15297] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  249.391209][ T6013] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  249.395750][ T6013] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  249.400597][ T6013] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  249.401132][T15305] xt_hashlimit: size too large, truncated to 1048576
[  249.406661][ T6013] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  249.414176][ T6013] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  249.419006][ T6013] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  249.426017][ T6013] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  249.430868][ T6013] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  249.435632][ T6013] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  249.442196][ T6013] usb 5-1: string descriptor 0 read error: -22
[  249.444387][ T6013] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  249.447755][ T6013] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.456702][ T6013] adutux 5-1:168.0: interrupt endpoints not found
[  249.664085][T15234] sctp: [Deprecated]: syz.0.2761 (pid 15234) Use of int in maxseg socket option.
[  249.664085][T15234] Use struct sctp_assoc_value instead
[  249.724582][ T7203] usb 5-1: USB disconnect, device number 17
[  250.426839][T15353] openvswitch: netlink: IP tunnel attribute has 1026 unknown bytes.
[  250.700412][   T34] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  250.713647][T15359] : entered promiscuous mode
[  250.851296][   T34] usb 5-1: config 0 interface 0 has no altsetting 0
[  250.854237][   T34] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  250.854257][   T34] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  250.854269][   T34] usb 5-1: Product: syz
[  250.854278][   T34] usb 5-1: Manufacturer: syz
[  250.854286][   T34] usb 5-1: SerialNumber: syz
[  250.861860][   T34] usb 5-1: config 0 descriptor??
[  250.864344][   T34] usb 5-1: selecting invalid altsetting 0
[  250.945108][T15370] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  251.071696][   T34] usb 5-1: USB disconnect, device number 18
[  251.152734][T15389] __nla_validate_parse: 13 callbacks suppressed
[  251.152746][T15389] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2808'.
[  251.158001][T15389] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2808'.
[  251.195025][T15395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  251.198339][T15395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  251.258862][T15398] bond1: option downdelay: invalid value (18446744073709551615)
[  251.261455][T15398] bond1: option downdelay: allowed values 0 - 2147483647
[  251.264655][T15398] bond1 (unregistering): Released all slaves
[  251.834635][T15428] raw_sendmsg: syz.3.2821 forgot to set AF_INET. Fix it!
[  251.913161][T15435] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2823'.
[  251.920385][T15438] netlink: 'syz.3.2825': attribute type 8 has an invalid length.
[  251.921465][T15436] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2823'.
[  251.923998][T15438] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2825'.
[  251.935923][T15440] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  251.971152][T15444] iommufd_mock iommufd_mock1: Adding to iommu group 10
[  252.004914][T15446] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2826'.
[  252.035305][T15452] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  252.095846][T15452] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  252.100431][T15452] CPU: 1 UID: 0 PID: 15452 Comm: syz.0.2829 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  252.100458][T15452] Tainted: [L]=SOFTLOCKUP
[  252.100464][T15452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  252.100474][T15452] Call Trace:
[  252.100491][T15452]  <TASK>
[  252.100498][T15452]  dump_stack_lvl+0x100/0x190
[  252.100538][T15452]  sysfs_warn_dup.cold+0x1c/0x28
[  252.100562][T15452]  sysfs_do_create_link_sd+0x113/0x140
[  252.100588][T15452]  sysfs_create_link+0x61/0xc0
[  252.100611][T15452]  device_add+0x675/0x1950
[  252.100646][T15452]  ? __pfx_device_add+0x10/0x10
[  252.100668][T15452]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  252.100691][T15452]  ? ieee80211_set_bitrate_flags+0x41b/0x6b0
[  252.100728][T15452]  wiphy_register+0x1e5b/0x2d30
[  252.100747][T15452]  ? __rtnl_unlock+0xb9/0xf0
[  252.100767][T15452]  ? netdev_run_todo+0x7a0/0x12c0
[  252.100789][T15452]  ? __pfx_wiphy_register+0x10/0x10
[  252.100809][T15452]  ? __asan_memset+0x23/0x50
[  252.100830][T15452]  ? minstrel_ht_alloc+0x5e6/0x7f0
[  252.100859][T15452]  ieee80211_register_hw+0x2cfd/0x4140
[  252.100897][T15452]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  252.100918][T15452]  ? __pfx___debug_object_init+0x10/0x10
[  252.100946][T15452]  ? find_held_lock+0x2b/0x80
[  252.100968][T15452]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  252.100992][T15452]  ? __hrtimer_setup+0x178/0x280
[  252.101011][T15452]  mac80211_hwsim_new_radio+0x2847/0x57d0
[  252.101046][T15452]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  252.101068][T15452]  ? __asan_memcpy+0x3c/0x60
[  252.101090][T15452]  hwsim_new_radio_nl+0xc1f/0x1340
[  252.101112][T15452]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  252.101139][T15452]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280
[  252.101161][T15452]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280
[  252.101186][T15452]  genl_family_rcv_msg_doit+0x214/0x300
[  252.101210][T15452]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  252.101239][T15452]  ? bpf_lsm_capable+0x9/0x10
[  252.101254][T15452]  ? security_capable+0x80/0x260
[  252.101279][T15452]  ? ns_capable+0xd2/0xf0
[  252.101300][T15452]  genl_rcv_msg+0x560/0x800
[  252.101324][T15452]  ? __pfx_genl_rcv_msg+0x10/0x10
[  252.101346][T15452]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  252.101374][T15452]  netlink_rcv_skb+0x159/0x420
[  252.101392][T15452]  ? __pfx_genl_rcv_msg+0x10/0x10
[  252.101414][T15452]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  252.101443][T15452]  ? netlink_deliver_tap+0x1ae/0xcc0
[  252.101465][T15452]  genl_rcv+0x28/0x40
[  252.101483][T15452]  netlink_unicast+0x5aa/0x870
[  252.101506][T15452]  ? __pfx_netlink_unicast+0x10/0x10
[  252.101534][T15452]  netlink_sendmsg+0x8b0/0xda0
[  252.101557][T15452]  ? __pfx_netlink_sendmsg+0x10/0x10
[  252.101574][T15452]  ? __might_fault+0xa0/0x140
[  252.101604][T15452]  ____sys_sendmsg+0xa54/0xc30
[  252.101626][T15452]  ? __pfx_____sys_sendmsg+0x10/0x10
[  252.101652][T15452]  ? __pfx_futex_wake_mark+0x10/0x10
[  252.101676][T15452]  ___sys_sendmsg+0x190/0x1e0
[  252.101700][T15452]  ? __pfx____sys_sendmsg+0x10/0x10
[  252.101751][T15452]  __sys_sendmsg+0x170/0x220
[  252.101768][T15452]  ? __pfx___sys_sendmsg+0x10/0x10
[  252.101783][T15452]  ? __x64_sys_futex+0x34f/0x4d0
[  252.101814][T15452]  do_syscall_64+0x106/0xf80
[  252.101830][T15452]  ? clear_bhb_loop+0x40/0x90
[  252.101851][T15452]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.101869][T15452] RIP: 0033:0x7f274ff9c799
[  252.101890][T15452] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  252.101907][T15452] RSP: 002b:00007f2750e61028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  252.101925][T15452] RAX: ffffffffffffffda RBX: 00007f2750215fa0 RCX: 00007f274ff9c799
[  252.101937][T15452] RDX: 0000000004000010 RSI: 0000200000000100 RDI: 0000000000000008
[  252.101948][T15452] RBP: 00007f2750032bd9 R08: 0000000000000000 R09: 0000000000000000
[  252.101958][T15452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  252.101966][T15452] R13: 00007f2750216038 R14: 00007f2750215fa0 R15: 00007ffe54d3e378
[  252.101991][T15452]  </TASK>
[  252.171031][T15457] xt_hashlimit: size too large, truncated to 1048576
[  252.304046][ T5990] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  252.312685][T15467] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  252.459413][ T6013] usb 5-1: new low-speed USB device number 19 using dummy_hcd
[  252.463701][ T5990] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  252.467376][ T5990] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.471239][ T5990] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.474489][ T5990] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  252.480686][ T5990] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  252.483719][ T5990] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  252.486378][ T5990] usb 7-1: Manufacturer: syz
[  252.490080][ T5990] usb 7-1: config 0 descriptor??
[  252.550263][T15469] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2834'.
[  252.612106][ T6013] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  252.615756][ T6013] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  252.619271][ T6013] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  252.624576][ T6013] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  252.628156][ T6013] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  252.628200][T15473] 9pnet_virtio: no channels available for device syz
[  252.631738][ T6013] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  252.632551][ T6013] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  252.641801][ T6013] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  252.645291][ T6013] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  252.652893][ T6013] usb 5-1: string descriptor 0 read error: -22
[  252.655056][ T6013] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  252.658023][ T6013] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.669148][ T6013] adutux 5-1:168.0: interrupt endpoints not found
[  252.716429][T15476] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2837'.
[  252.874045][T15457] sctp: [Deprecated]: syz.0.2831 (pid 15457) Use of int in maxseg socket option.
[  252.874045][T15457] Use struct sctp_assoc_value instead
[  252.884605][ T6013] usb 5-1: USB disconnect, device number 19
[  252.896441][ T5990] appleir 0003:05AC:8243.0004: unknown main item tag 0x0
[  252.906494][ T5990] appleir 0003:05AC:8243.0004: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  253.326012][T15488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  253.330242][T15488] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  253.413440][T15492] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2843'.
[  253.462853][T15499] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2845'.
[  253.641473][T15501] netlink: 'syz.0.2844': attribute type 1 has an invalid length.
[  253.644133][T15501] netlink: 'syz.0.2844': attribute type 1 has an invalid length.
[  253.651155][   T41] kauditd_printk_skb: 5874 callbacks suppressed
[  253.651165][   T41] audit: type=1326 audit(253.582:6694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15500 comm="syz.0.2844" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f274ff9c799 code=0x0
[  253.914913][T15513] ufs: You didn't specify the type of your ufs filesystem
[  253.914913][T15513] 
[  253.914913][T15513] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  253.914913][T15513] 
[  253.914913][T15513] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  253.926978][T15513] ufs: failed to set blocksize
[  254.393094][T15532] xt_hashlimit: size too large, truncated to 1048576
[  254.510059][   T41] audit: type=1400 audit(254.442:6695): avc:  denied  { ioctl } for  pid=15536 comm="syz.0.2853" path="socket:[53672]" dev="sockfs" ino=53672 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  254.522769][T15539] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2571 sclass=netlink_route_socket pid=15539 comm=syz.0.2853
[  254.528744][T15539] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2565 sclass=netlink_route_socket pid=15539 comm=syz.0.2853
[  254.533335][T15539] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2571 sclass=netlink_route_socket pid=15539 comm=syz.0.2853
[  254.537803][T15539] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=15539 comm=syz.0.2853
[  254.867798][T15567] loop2: detected capacity change from 0 to 7
[  254.872059][T14667] Dev loop2: unable to read RDB block 7
[  254.874802][T14667]  loop2: unable to read partition table
[  254.877467][T14667] loop2: partition table beyond EOD, truncated
[  254.888724][T15567] Dev loop2: unable to read RDB block 7
[  254.891577][T15567]  loop2: unable to read partition table
[  254.894129][T15567] loop2: partition table beyond EOD, truncated
[  254.896763][T15567] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  254.966714][ T5990] usb 7-1: USB disconnect, device number 17
[  255.213527][T15577] program syz.4.2866 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  255.217827][T15577] overlay: Unknown parameter 'measure'
[  255.266888][T15583] binder_alloc: 15581: binder_alloc_buf, no vma
[  255.798269][   T41] audit: type=1400 audit(255.722:6696): avc:  denied  { getopt } for  pid=15634 comm="syz.2.2881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  255.817962][T15639] ptrace attach of "/syz-executor exec"[7093] was attempted by ""[15639]
[  255.899067][T15650] openvswitch: netlink: Message has 6 unknown bytes.
[  256.004196][T15662] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  256.184098][T15677] ufs: You didn't specify the type of your ufs filesystem
[  256.184098][T15677] 
[  256.184098][T15677] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  256.184098][T15677] 
[  256.184098][T15677] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  256.196545][T15677] ufs: failed to set blocksize
[  256.386162][T15687] netlink: 'syz.0.2894': attribute type 2 has an invalid length.
[  256.388898][T15687] netlink: 'syz.0.2894': attribute type 1 has an invalid length.
[  256.447825][T15693] __nla_validate_parse: 16 callbacks suppressed
[  256.447836][T15693] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2896'.
[  256.452817][T15693] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2896'.
[  256.515116][   T41] audit: type=1400 audit(256.442:6697): avc:  denied  { ioctl } for  pid=15694 comm="syz.4.2897" path="/dev/usbmon0" dev="devtmpfs" ino=737 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  256.559871][T15697] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2898'.
[  256.599206][T15699] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  256.658442][T15700] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2899'.
[  256.661839][T15700] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2899'.
[  257.424056][T15722] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  257.819230][   T41] audit: type=1400 audit(257.742:6698): avc:  denied  { getopt } for  pid=15750 comm="syz.4.2914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  257.826684][T15751] IPv6: NLM_F_CREATE should be specified when creating new route
[  257.988424][T15758] netlink: 'syz.0.2916': attribute type 13 has an invalid length.
[  258.030088][T15760] tmpfs: Bad value for 'mpol'
[  258.073414][T15765] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2920'.
[  258.079121][T15767] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2920'.
[  258.179122][T15771] IPVS: length: 27 != 24
[  258.344826][T15784] ALSA: seq fatal error: cannot create timer (-19)
[  258.410020][T15788] netlink: 'syz.2.2928': attribute type 2 has an invalid length.
[  258.414720][T15789] netlink: 'syz.2.2928': attribute type 2 has an invalid length.
[  258.636945][   T41] audit: type=1400 audit(258.562:6699): avc:  denied  { validate_trans } for  pid=15796 comm="syz.2.2931" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  258.731658][T15807] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  258.815214][T15811] all: renamed from bridge_slave_0 (while UP)
[  258.866579][T15816] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  258.946457][   T41] audit: type=1400 audit(258.872:6700): avc:  denied  { getopt } for  pid=15825 comm="syz.0.2940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  259.477871][T15852] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2949'.
[  259.593922][T15855] netlink: 'syz.2.2950': attribute type 1 has an invalid length.
[  259.630712][T15857] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2951'.
[  259.939480][ T1327] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  260.072624][T15861] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=104 sclass=netlink_tcpdiag_socket pid=15861 comm=syz.0.2953
[  260.077369][T15861] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=50 sclass=netlink_tcpdiag_socket pid=15861 comm=syz.0.2953
[  260.090525][ T1327] usb 7-1: Using ep0 maxpacket: 16
[  260.093701][ T1327] usb 7-1: config 0 has no interfaces?
[  260.097380][ T1327] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  260.101458][ T1327] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.104922][ T1327] usb 7-1: Product: syz
[  260.106761][ T1327] usb 7-1: Manufacturer: syz
[  260.108594][ T1327] usb 7-1: SerialNumber: syz
[  260.114020][ T1327] r8152-cfgselector 7-1: Unknown version 0x0000
[  260.116219][ T1327] r8152-cfgselector 7-1: config 0 descriptor??
[  260.173245][T15880] loop2: detected capacity change from 0 to 7
[  260.177772][T15880] Dev loop2: unable to read RDB block 7
[  260.180125][T15880]  loop2: unable to read partition table
[  260.182899][T15880] loop2: partition table beyond EOD, truncated
[  260.185704][T15880] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  260.207109][T10903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.210929][T10903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.224415][   T41] audit: type=1400 audit(260.152:6701): avc:  denied  { setopt } for  pid=15881 comm="syz.4.2959" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  260.231954][T15881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  260.322422][ T5991] r8152-cfgselector 7-1: USB disconnect, device number 18
[  260.561977][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  260.564115][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  260.723163][T15884] netlink: 'syz.0.2960': attribute type 39 has an invalid length.
[  260.774553][T15891] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  260.907561][T15898] futex_wake_op: syz.4.2966 tries to shift op by 32; fix this program
[  261.039254][T15912] netlink: 348 bytes leftover after parsing attributes in process `syz.4.2967'.
[  261.185543][T15916] hsr_slave_1 (unregistering): left promiscuous mode
[  261.547413][T15927] program syz.2.2974 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  261.547945][T15928] program syz.2.2974 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  261.685353][T15934] mac80211_hwsim hwsim22 syzkaller0: entered promiscuous mode
[  261.688339][T15934] mac80211_hwsim hwsim22 syzkaller0: entered allmulticast mode
[  261.706779][T15934] x_tables: duplicate underflow at hook 3
[  261.839535][ T5991] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  261.972106][   T41] audit: type=1400 audit(261.902:6702): avc:  denied  { write } for  pid=15940 comm="syz.0.2978" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  261.991195][ T5991] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  261.994860][ T5991] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  261.998021][ T5991] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  262.003231][ T5991] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  262.006372][ T5991] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.012555][ T5991] usb 7-1: config 0 descriptor??
[  262.239798][T15955] __nla_validate_parse: 1 callbacks suppressed
[  262.239810][T15955] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2983'.
[  262.244831][T15955] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2983'.
[  262.247783][T15955] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2983'.
[  262.419973][T15932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  262.432371][T15932] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  262.443041][ T5991] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  262.453406][ T5991] usb 7-1: USB disconnect, device number 19
[  262.476230][T15974] fido_id[15974]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb7/report_descriptor': No such file or directory
[  262.488318][T15979] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2990'.
[  262.503851][T15978] loop2: detected capacity change from 0 to 7
[  262.507094][T15978] Dev loop2: unable to read RDB block 7
[  262.508960][T15978]  loop2: unable to read partition table
[  262.523096][T15978] loop2: partition table beyond EOD, truncated
[  262.537261][T15978] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  262.909232][T16013] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3001'.
[  262.989618][ T1327] usb 9-1: new low-speed USB device number 28 using dummy_hcd
[  263.162404][ T1327] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  263.165164][ T1327] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  263.169251][ T1327] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  263.174624][ T1327] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  263.178546][ T1327] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  263.184287][ T1327] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  263.187216][ T1327] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  263.191517][ T1327] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  263.195950][ T1327] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  263.200384][ T1327] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  263.205287][ T1327] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  263.208427][ T1327] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  263.212485][ T1327] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  263.217075][ T1327] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  263.225775][ T1327] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  263.232981][ T1327] usb 9-1: string descriptor 0 read error: -22
[  263.235613][ T1327] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  263.239134][ T1327] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.250974][ T1327] adutux 9-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  263.433141][T16030] fuse: Bad value for 'fd'
[  263.542061][T16037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3010'.
[  263.551701][T16039] loop2: detected capacity change from 0 to 7
[  263.554942][T14667] Dev loop2: unable to read RDB block 7
[  263.557147][T14667]  loop2: unable to read partition table
[  263.559222][T14667] loop2: partition table beyond EOD, truncated
[  263.563249][T16039] Dev loop2: unable to read RDB block 7
[  263.565143][T16039]  loop2: unable to read partition table
[  263.567342][T16039] loop2: partition table beyond EOD, truncated
[  263.579413][T16039] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  263.600131][T16043] netlink: 'syz.2.3012': attribute type 10 has an invalid length.
[  263.603105][T16043] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3012'.
[  263.756525][T16057] fuse: Bad value for 'fd'
[  263.759852][T16058] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3016'.
[  264.070493][T16073] hfs: unable to load iocharset "io#harset"
[  264.154663][T16077] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.157316][T16077] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.190033][T16077] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  264.197630][T16077] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  264.250939][T10893] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  264.253738][T10893] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  264.256439][T10893] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  264.263043][T10893] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  264.282591][T10893] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  264.286480][T10893] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  264.292631][T10893] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  264.299662][T10893] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  264.959859][T16097] ptrace attach of "/syz-executor exec"[16098] was attempted by "/syz-executor exec"[16097]
[  265.015913][   T12] Bluetooth: hci3: Frame reassembly failed (-84)
[  265.049179][T16104] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3030'.
[  265.317203][T16119] netlink: 'syz.3.3033': attribute type 6 has an invalid length.
[  265.321093][T16119] netlink: 'syz.3.3033': attribute type 6 has an invalid length.
[  265.346231][T16119] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  265.479105][T16126] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3035'.
[  265.612144][   T29] usb 9-1: USB disconnect, device number 28
[  265.659654][ T5991] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  265.668109][T16137] sctp: [Deprecated]: syz.3.3039 (pid 16137) Use of int in max_burst socket option deprecated.
[  265.668109][T16137] Use struct sctp_assoc_value instead
[  265.737237][T16139] program syz.4.3040 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  265.809522][ T5991] usb 5-1: Using ep0 maxpacket: 32
[  265.812779][ T5991] usb 5-1: config 0 has an invalid interface number: 119 but max is 0
[  265.815480][ T5991] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  265.818769][ T5991] usb 5-1: config 0 has no interface number 0
[  265.821541][ T5991] usb 5-1: config 0 interface 119 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  265.827273][ T5991] usb 5-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73
[  265.830518][ T5991] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.833170][ T5991] usb 5-1: Product: syz
[  265.834710][ T5991] usb 5-1: Manufacturer: syz
[  265.836277][ T5991] usb 5-1: SerialNumber: syz
[  265.839113][ T5991] usb 5-1: config 0 descriptor??
[  265.844900][ T5991] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.119/input/input17
[  266.043103][   T41] audit: type=1400 audit(265.972:6703): avc:  denied  { append } for  pid=16121 comm="syz.0.3034" name="event4" dev="devtmpfs" ino=3326 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  266.054487][ T1460] usb 5-1: USB disconnect, device number 20
[  266.069242][   T12] netdevsim netdevsim4 ªªªªªª: set [0, 0] type 1 family 0 port 8472 - 0
[  266.072299][   T12] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  266.076441][   T12] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  266.081716][   T12] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  266.154069][   T41] audit: type=1400 audit(266.082:6704): avc:  denied  { ioctl } for  pid=16167 comm="syz.3.3049" path="socket:[55253]" dev="sockfs" ino=55253 ioctlcmd=0x941e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  266.825506][T16191] tmpfs: Bad value for 'mpol'
[  266.937303][   T41] audit: type=1400 audit(266.862:6705): avc:  denied  { ioctl } for  pid=16199 comm="syz.4.3060" path="socket:[58428]" dev="sockfs" ino=58428 ioctlcmd=0x42c8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  266.959771][T16201] XFS (nullb0): Invalid superblock magic number
[  267.049645][ T5930] Bluetooth: hci3: command 0xfc11 tx timeout
[  267.049690][ T5288] Bluetooth: hci3: Entering manufacturer mode failed (-110)
[  267.121265][T16215] xt_l2tp: v2 doesn't support IP mode
[  267.204004][T16227] nfs4: Unknown parameter 'ÿÿÿÿÿÿÿÿ'
[  267.217020][T16234] loop2: detected capacity change from 0 to 7
[  267.222444][T16234] Dev loop2: unable to read RDB block 7
[  267.224339][T16234]  loop2: unable to read partition table
[  267.226661][T16234] loop2: partition table beyond EOD, truncated
[  267.236683][T16234] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  267.317490][T16249] __nla_validate_parse: 7 callbacks suppressed
[  267.317502][T16249] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3074'.
[  267.699027][T16301] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  268.349774][   T41] audit: type=1400 audit(268.282:6706): avc:  denied  { create } for  pid=16339 comm="syz.3.3102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  268.557701][   T41] audit: type=1400 audit(268.482:6707): avc:  denied  { create } for  pid=16365 comm="syz.3.3109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  268.573905][   T41] audit: type=1400 audit(268.482:6708): avc:  denied  { ioctl } for  pid=16365 comm="syz.3.3109" path="socket:[57265]" dev="sockfs" ino=57265 ioctlcmd=0x5882 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  268.645950][T16375] sctp: [Deprecated]: syz.3.3111 (pid 16375) Use of int in maxseg socket option.
[  268.645950][T16375] Use struct sctp_assoc_value instead
[  268.662184][T16376] overlayfs: failed to clone lowerpath
[  268.692887][T16380] netlink: 'syz.4.3112': attribute type 2 has an invalid length.
[  268.748543][T16384] EXT4-fs (nbd4): unable to read superblock
[  268.796502][T16387] loop2: detected capacity change from 0 to 7
[  268.801813][T14667] Dev loop2: unable to read RDB block 7
[  268.803661][T14667]  loop2: unable to read partition table
[  268.805594][T14667] loop2: partition table beyond EOD, truncated
[  268.813521][T16387] Dev loop2: unable to read RDB block 7
[  268.816588][T16387]  loop2: unable to read partition table
[  268.819271][T16387] loop2: partition table beyond EOD, truncated
[  268.822465][T16387] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  268.960888][T16401] tmpfs: Unknown parameter 'grpquo¬Òÿ'
[  268.970796][T16404] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3122'.
[  268.971963][T16405] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3122'.
[  269.206963][    C2] sr 2:0:0:0: [sr0] tag#28 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  269.210501][    C2] sr 2:0:0:0: [sr0] tag#28 CDB: Service action out(16), sa=0x18 9f 98 00 00 00 00 00 00 00 00 00 00
[  269.246503][T16412] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3126'.
[  269.283027][T16414] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3127'.
[  269.292715][T16414] macsec2: entered allmulticast mode
[  269.295072][T16414] bridge0: entered allmulticast mode
[  269.297957][T16414] bridge0: port 3(macsec2) entered blocking state
[  269.301370][T16414] bridge0: port 3(macsec2) entered disabled state
[  269.306982][T16414] bridge0: left allmulticast mode
[  269.562981][T16421] pimreg: tun_chr_ioctl cmd 1074025676
[  269.563139][ T5930] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  269.564886][T16421] pimreg: owner set to 0
[  269.571353][ T5930] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  269.574590][ T5930] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  269.579073][ T5930] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  269.579878][ T1327] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  269.585204][ T5930] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  269.649568][T16421] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3131'.
[  269.653499][T16421] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3131'.
[  269.723620][T16421] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  269.759412][ T1327] usb 5-1: Using ep0 maxpacket: 8
[  269.764322][ T1327] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  269.768024][ T1327] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  269.771717][ T1327] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  269.774930][ T1327] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  269.779024][ T1327] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  269.783050][ T1327] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.784979][T16423] chnl_net:caif_netlink_parms(): no params data found
[  269.855354][T16442] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3136'.
[  269.865877][T16423] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.869232][T16423] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.872640][T16423] bridge_slave_0: entered allmulticast mode
[  269.876834][T16423] bridge_slave_0: entered promiscuous mode
[  269.882110][T16423] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.885399][T16423] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.888959][T16423] bridge_slave_1: entered allmulticast mode
[  269.893332][T16423] bridge_slave_1: entered promiscuous mode
[  269.910872][T16423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  269.916356][T16423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  269.935394][T16423] team0: Port device team_slave_0 added
[  269.939098][T16423] team0: Port device team_slave_1 added
[  269.956913][T16423] batman_adv: batadv0: Adding interface: batadv_slave_0
[  269.959503][T16423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  269.968536][T16423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  269.975078][T16423] batman_adv: batadv0: Adding interface: batadv_slave_1
[  269.978149][T16423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  269.986976][T16423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  269.992892][ T1327] usb 5-1: GET_CAPABILITIES returned 0
[  269.994782][ T1327] usbtmc 5-1:16.0: can't read capabilities
[  270.024460][T16423] hsr_slave_0: entered promiscuous mode
[  270.026933][T16423] hsr_slave_1: entered promiscuous mode
[  270.029229][T16423] debugfs: 'hsr0' already exists in 'hsr'
[  270.031247][T16423] Cannot create hsr debugfs directory
[  270.086080][T16446] loop2: detected capacity change from 0 to 7
[  270.090508][T14667] Dev loop2: unable to read RDB block 7
[  270.093373][T14667]  loop2: unable to read partition table
[  270.095910][T14667] loop2: partition table beyond EOD, truncated
[  270.101536][T16446] Dev loop2: unable to read RDB block 7
[  270.103990][T16446]  loop2: unable to read partition table
[  270.106493][T16446] loop2: partition table beyond EOD, truncated
[  270.109714][T16446] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  270.140945][T16423] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  270.145414][T16423] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  270.151016][T16423] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  270.156753][T16423] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  270.173933][T16423] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.176426][T16423] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.178971][T16423] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.181428][T16423] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.196018][ T1327] usb 5-1: USB disconnect, device number 21
[  270.215920][T16423] 8021q: adding VLAN 0 to HW filter on device bond0
[  270.224492][T10903] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.228182][T10903] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.235260][T16423] 8021q: adding VLAN 0 to HW filter on device team0
[  270.241125][T10910] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.243784][T10910] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.251740][T10903] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.254091][T10903] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.402867][T16423] 8021q: adding VLAN 0 to HW filter on device batadv0
[  270.551088][T16423] veth0_vlan: entered promiscuous mode
[  270.555921][T16423] veth1_vlan: entered promiscuous mode
[  270.570762][T16423] veth0_macvtap: entered promiscuous mode
[  270.574660][T16423] veth1_macvtap: entered promiscuous mode
[  270.583311][T16423] batman_adv: batadv0: Interface activated: batadv_slave_0
[  270.592748][T16423] batman_adv: batadv0: Interface activated: batadv_slave_1
[  270.598501][T10903] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  270.601484][T10903] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  270.604932][T10903] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  270.607767][T10903] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  270.664691][ T1226] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  270.667346][ T1226] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  270.687474][T10903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  270.692212][T10903] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  270.697881][   T41] audit: type=1400 audit(270.622:6709): avc:  denied  { mount } for  pid=16423 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  270.870994][T16494] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16494 comm=syz.4.3147
[  270.949486][T16504] netlink: 'syz.0.3149': attribute type 10 has an invalid length.
[  270.952994][T16504] 8021q: adding VLAN 0 to HW filter on device batadv0
[  270.956185][T16504] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  270.966300][T16504] netlink: 'syz.0.3149': attribute type 10 has an invalid length.
[  270.968844][T16504] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3149'.
[  270.972423][T16504] batadv0: entered promiscuous mode
[  270.974024][T16504] batadv0: entered allmulticast mode
[  270.979963][T16504] bond0: (slave batadv0): Releasing backup interface
[  270.986078][T16504] bridge0: port 3(batadv0) entered blocking state
[  270.988285][T16504] bridge0: port 3(batadv0) entered disabled state
[  271.132112][T16514] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3154'.
[  271.170347][T10903] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  271.173964][T10903] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  271.189076][T16514] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16514 comm=syz.2.3154
[  271.307110][T16521] all: renamed from bridge_slave_0 (while UP)
[  271.609480][ T5288] Bluetooth: hci2: command tx timeout
[  271.750052][T16548] netlink: 'syz.5.3167': attribute type 10 has an invalid length.
[  271.753717][T16548] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.757567][T16548] bridge_slave_1: left allmulticast mode
[  271.768679][T16548] bridge_slave_1: left promiscuous mode
[  271.770817][T16548] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.771773][T16540] delete_channel: no stack
[  271.777470][T16548] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  271.813677][T16553] MINIX-fs: unable to read superblock
[  271.815910][   T41] audit: type=1400 audit(271.742:6710): avc:  denied  { mounton } for  pid=16552 comm="syz.5.3168" path="/syzcgroup/unified/syz5" dev="cgroup2" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  271.823965][T16553] No such timeout policy "syz1"
[  271.898623][   T41] audit: type=1400 audit(271.822:6711): avc:  denied  { setopt } for  pid=16558 comm="syz.0.3170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  271.907234][   T41] audit: type=1400 audit(271.832:6712): avc:  denied  { map } for  pid=16558 comm="syz.0.3170" path="socket:[61446]" dev="sockfs" ino=61446 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  271.924839][   T41] audit: type=1400 audit(271.832:6713): avc:  denied  { read accept } for  pid=16558 comm="syz.0.3170" path="socket:[61446]" dev="sockfs" ino=61446 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  272.208194][T16597] tmpfs: Bad value for 'mpol'
[  272.284542][T16604] overlayfs: failed to clone upperpath
[  272.314510][T16608] netlink: 'syz.2.3187': attribute type 89 has an invalid length.
[  272.328127][   T41] audit: type=1400 audit(272.252:6714): avc:  denied  { connect } for  pid=16605 comm="syz.0.3186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  272.496116][ T7203] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  272.536267][T16623] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  272.568416][T16625] __nla_validate_parse: 9 callbacks suppressed
[  272.568432][T16625] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3195'.
[  272.615061][T16627] affs: No valid root block on device nullb0
[  272.618449][T16627] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3196'.
[  272.621762][T16627] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3196'.
[  272.626235][T16629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3195'.
[  272.630121][T16629] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3195'.
[  272.670965][ T7203] usb 10-1: config 0 interface 0 altsetting 251 endpoint 0x2 has invalid wMaxPacketSize 0
[  272.674220][ T7203] usb 10-1: config 0 interface 0 has no altsetting 0
[  272.678608][ T7203] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  272.682114][ T7203] usb 10-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  272.685506][ T7203] usb 10-1: Product: syz
[  272.686998][ T7203] usb 10-1: Manufacturer: syz
[  272.688676][ T7203] usb 10-1: SerialNumber: syz
[  272.692506][ T7203] usb 10-1: config 0 descriptor??
[  272.699035][ T7203] usb 10-1: selecting invalid altsetting 0
[  272.897341][   T40] usb 10-1: USB disconnect, device number 2
[  273.060787][   T41] audit: type=1400 audit(272.992:6715): avc:  denied  { write } for  pid=16638 comm="syz.4.3200" path="socket:[60107]" dev="sockfs" ino=60107 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  273.070905][   T41] audit: type=1400 audit(272.992:6716): avc:  denied  { map } for  pid=16638 comm="syz.4.3200" path="/563/file0/cgroup.kill" dev="9p" ino=72614213 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  273.257887][T16656] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3203'.
[  273.461729][   T41] audit: type=1400 audit(273.392:6717): avc:  denied  { write } for  pid=16662 comm="syz.4.3207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  273.642788][T16670] IPVS: Unknown mcast interface: hsr0
[  273.679419][ T5288] Bluetooth: hci2: command tx timeout
[  273.705128][T16675] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3212'.
[  273.718822][T16677] netlink: 65039 bytes leftover after parsing attributes in process `syz.5.3213'.
[  273.738286][T16682] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3214'.
[  273.785709][T16686] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3215'.
[  273.844278][ T5288] Bluetooth: hci1: Malformed Event: 0x02
[  273.856259][T16693] tmpfs: Bad value for 'huge'
[  273.943833][T16699] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16699 comm=syz.4.3220
[  274.059441][   T40] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  274.065791][T16709] No control pipe specified
[  274.067616][T16709] No control pipe specified
[  274.069647][T16709] No control pipe specified
[  274.071718][T16709] No control pipe specified
[  274.074185][T16709] No control pipe specified
[  274.076043][T16709] No control pipe specified
[  274.077903][T16709] No control pipe specified
[  274.080041][T16709] No control pipe specified
[  274.081984][T16709] No control pipe specified
[  274.083884][T16709] No control pipe specified
[  274.086591][T16709] No control pipe specified
[  274.088840][T16709] No control pipe specified
[  274.091288][T16709] No control pipe specified
[  274.093453][T16709] No control pipe specified
[  274.095576][T16709] No control pipe specified
[  274.097757][T16709] No control pipe specified
[  274.099823][T16709] No control pipe specified
[  274.101662][T16709] No control pipe specified
[  274.103469][T16709] No control pipe specified
[  274.105078][T16709] No control pipe specified
[  274.106696][T16709] No control pipe specified
[  274.108876][T16709] No control pipe specified
[  274.110896][T16709] No control pipe specified
[  274.112530][T16709] No control pipe specified
[  274.114166][T16709] No control pipe specified
[  274.115781][T16709] No control pipe specified
[  274.117384][T16709] autofs: Unknown parameter ''
[  274.229402][   T40] usb 10-1: Using ep0 maxpacket: 8
[  274.232514][   T40] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[  274.235640][   T40] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  274.245089][   T40] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  274.249170][   T40] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  274.255417][   T40] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  274.260221][   T40] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  274.263762][   T40] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.306453][   T41] audit: type=1400 audit(274.232:6718): avc:  denied  { ioctl } for  pid=16723 comm="syz.2.3228" path="socket:[61343]" dev="sockfs" ino=61343 ioctlcmd=0xf502 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  274.476643][   T40] usb 10-1: GET_CAPABILITIES returned 0
[  274.478662][   T40] usbtmc 10-1:16.0: can't read capabilities
[  274.623800][T16691] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  274.626161][T16691] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  274.635777][T16691] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  274.644173][T16691] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  274.646401][T16691] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  274.651648][T16691] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  274.655515][T16691] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  274.657563][T16691] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  274.661422][T16691] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  274.699252][T16734] F2FS-fs (nbd4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  274.705000][T16734] F2FS-fs (nbd4): Can't find valid F2FS filesystem in 1th superblock
[  274.708380][T16734] F2FS-fs (nbd4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  274.713957][T16734] F2FS-fs (nbd4): Can't find valid F2FS filesystem in 2th superblock
[  274.721531][   T40] usb 10-1: USB disconnect, device number 3
[  274.773244][T16742] geneve2: left promiscuous mode
[  274.775864][T16742] mac80211_hwsim hwsim22 syzkaller0: left promiscuous mode
[  274.791453][   T41] audit: type=1400 audit(274.722:6719): avc:  denied  { write } for  pid=16746 comm="syz.4.3235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  274.794115][T16747] netlink: 'syz.4.3235': attribute type 1 has an invalid length.
[  274.807685][T16747] netlink: 'syz.4.3235': attribute type 322 has an invalid length.
[  275.021265][T16766] xt_hashlimit: size too large, truncated to 1048576
[  275.076017][T16768] sctp: [Deprecated]: syz.2.3242 (pid 16768) Use of int in maxseg socket option.
[  275.076017][T16768] Use struct sctp_assoc_value instead
[  275.347078][T16776] binder: 16775:16776 ioctl c0306201 2000000001c0 returned -14
[  275.599377][   T40] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  275.751296][   T40] usb 10-1: Using ep0 maxpacket: 32
[  275.756341][   T40] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  275.761164][   T40] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  275.766367][   T40] usb 10-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  275.771024][   T40] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.774544][   T40] usb 10-1: Product: syz
[  275.776547][   T40] usb 10-1: Manufacturer: syz
[  275.778553][   T40] usb 10-1: SerialNumber: syz
[  275.784098][   T40] usb 10-1: config 0 descriptor??
[  275.825509][T16783] block device autoloading is deprecated and will be removed.
[  275.828557][T16782] block device autoloading is deprecated and will be removed.
[  275.919727][ T5288] Bluetooth: hci1: command 0x0401 tx timeout
[  275.944513][T16793] netdevsim netdevsim2 netdevsim0: IPsec offload requires 128 bit authentication
[  275.991169][ T1327] usb 10-1: USB disconnect, device number 4
[  276.024394][T16800] syzkaller0: entered promiscuous mode
[  276.026192][T16800] syzkaller0: entered allmulticast mode
[  276.094804][T16808] overlayfs: failed to clone upperpath
[  276.182006][T16812] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16812 comm=syz.4.3258
[  276.186291][T16812] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=2560 sclass=netlink_tcpdiag_socket pid=16812 comm=syz.4.3258
[  276.221351][T16813] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13588 sclass=netlink_route_socket pid=16813 comm=syz.2.3257
[  276.267536][T16818] xt_hashlimit: size too large, truncated to 1048576
[  276.504728][T16838] tmpfs: Unknown parameter '/dev/video#'
[  276.561983][T16841] overlayfs: missing 'lowerdir'
[  276.572808][T16842] netlink: 'syz.5.3268': attribute type 29 has an invalid length.
[  276.575691][T16842] netlink: 'syz.5.3268': attribute type 29 has an invalid length.
[  276.578347][T16842] unsupported nla_type 58
[  276.659546][T16851] program syz.5.3273 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  276.719437][ T5288] Bluetooth: hci2: command 0x0419 tx timeout
[  276.722152][ T5288] Bluetooth: hci0: command 0x0c1a tx timeout
[  276.991881][   T41] kauditd_printk_skb: 4 callbacks suppressed
[  276.991900][   T41] audit: type=1400 audit(276.922:6724): avc:  denied  { lock } for  pid=16867 comm="syz.0.3279" path="socket:[60293]" dev="sockfs" ino=60293 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  277.003899][T16872] binder_alloc: 16867: binder_alloc_buf, no vma
[  277.017222][T16870] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=16870 comm=syz.4.3270
[  277.023358][T16870] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=16870 comm=syz.4.3270
[  277.032686][T16870] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2580 sclass=netlink_route_socket pid=16870 comm=syz.4.3270
[  277.038685][T16870] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=16870 comm=syz.4.3270
[  277.045240][T16870] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2571 sclass=netlink_route_socket pid=16870 comm=syz.4.3270
[  277.059123][T16870] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=16870 comm=syz.4.3270
[  277.065502][T16870] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=16870 comm=syz.4.3270
[  277.112114][T16878] netlink: zone id is out of range
[  277.114009][T16878] netlink: zone id is out of range
[  277.115984][T16878] netlink: set zone limit has 8 unknown bytes
[  277.271881][T16894] Cannot find add_set index 65532 as target
[  277.325259][T16902] orangefs_devreq_open: device cannot be opened in blocking mode
[  277.396020][T16907] kernel profiling enabled (shift: 63)
[  277.398049][T16907] profiling shift: 63 too large
[  277.404381][T16907] Mount JFS Failure: -5
[  277.405824][T16907] jfs_mount failed w/return code = -5
[  277.424115][T16909] kernel profiling enabled (shift: 63)
[  277.426518][T16909] profiling shift: 63 too large
[  277.497158][T16916] sctp: [Deprecated]: syz.5.3293 (pid 16916) Use of int in maxseg socket option.
[  277.497158][T16916] Use struct sctp_assoc_value instead
[  277.908476][T16947] __nla_validate_parse: 13 callbacks suppressed
[  277.908489][T16947] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3304'.
[  277.915053][   T41] audit: type=1400 audit(277.842:6725): avc:  denied  { accept } for  pid=16945 comm="syz.0.3304" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  277.999489][ T5288] Bluetooth: hci1: command 0x0401 tx timeout
[  278.085105][T16969] macvlan3: entered promiscuous mode
[  278.213443][T16979] netlink: 4220 bytes leftover after parsing attributes in process `syz.2.3316'.
[  278.216584][T16979] openvswitch: netlink: Flow key attr not present in new flow.
[  278.386713][T17001] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3325'.
[  278.397637][ T5288] Bluetooth: hci1: unexpected event for opcode 0x0c03
[  278.612681][   T41] audit: type=1400 audit(278.542:6726): avc:  denied  { getopt } for  pid=17018 comm="syz.4.3330" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  278.727276][T17028] FAT-fs (sr0): bogus number of reserved sectors
[  278.730183][T17028] FAT-fs (sr0): Can't find a valid FAT filesystem
[  278.750794][T17030] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  278.786960][T17034] netlink: 'syz.5.3337': attribute type 11 has an invalid length.
[  278.789887][T17034] netlink: 199776 bytes leftover after parsing attributes in process `syz.5.3337'.
[  278.799906][ T5288] Bluetooth: hci0: command 0x0c1a tx timeout
[  278.801942][ T5288] Bluetooth: hci2: command 0x0419 tx timeout
[  278.831797][T17036] netlink: 'syz.5.3338': attribute type 1 has an invalid length.
[  278.834381][T17036] netlink: 16150 bytes leftover after parsing attributes in process `syz.5.3338'.
[  278.905597][T17045] dns_resolver: Unsupported server list version (0)
[  278.989379][T17051] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3343'.
[  279.115451][T17058] xt_hashlimit: size too large, truncated to 1048576
[  279.150133][T17060] sd 0:0:0:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x24 ascq=0x0
[  279.184139][T17063] rdma_op ffff8880368009f0 conn xmit_rdma 0000000000000000
[  279.188811][   T41] audit: type=1800 audit(279.112:6727): pid=17063 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.3348" name="nullb0" dev="tmpfs" ino=1304 res=0 errno=0
[  279.232664][ T5930] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  279.238056][ T5930] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  279.242710][   T41] audit: type=1400 audit(279.172:6728): avc:  denied  { bind } for  pid=17066 comm="syz.5.3349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  279.251503][ T5930] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  279.260083][ T5930] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  279.263657][ T5930] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  279.421806][T17084] usb usb9: usbfs: process 17084 (syz.5.3354) did not claim interface 0 before use
[  279.421961][   T41] audit: type=1400 audit(279.352:6729): avc:  denied  { lock } for  pid=17082 comm="syz.5.3354" path="socket:[64879]" dev="sockfs" ino=64879 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  279.433951][ T1327] usb 5-1: new low-speed USB device number 22 using dummy_hcd
[  279.601424][ T1327] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  279.604737][ T1327] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  279.608308][ T1327] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  279.613330][ T1327] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  279.613892][T17065] chnl_net:caif_netlink_parms(): no params data found
[  279.616878][ T1327] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  279.622121][ T1327] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  279.626996][ T1327] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  279.631034][ T1327] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  279.634759][ T1327] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  279.641648][ T1327] usb 5-1: string descriptor 0 read error: -22
[  279.647953][ T1327] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  279.651162][ T1327] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.663852][ T1327] adutux 5-1:168.0: interrupt endpoints not found
[  279.665995][T17065] bridge0: port 1(bridge_slave_0) entered blocking state
[  279.668718][T17065] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.674125][T17065] bridge_slave_0: entered allmulticast mode
[  279.677130][T17065] bridge_slave_0: entered promiscuous mode
[  279.680879][T17065] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.683358][T17065] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.685812][T17065] bridge_slave_1: entered allmulticast mode
[  279.688736][T17065] bridge_slave_1: entered promiscuous mode
[  279.704514][T17065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  279.709365][T17065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  279.725080][T17065] team0: Port device team_slave_0 added
[  279.729033][T17065] team0: Port device team_slave_1 added
[  279.748830][T17065] batman_adv: batadv0: Adding interface: batadv_slave_0
[  279.753470][T17065] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  279.767055][T17065] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  279.772990][T17065] batman_adv: batadv0: Adding interface: batadv_slave_1
[  279.775450][T17065] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  279.786035][T17065] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  279.812151][T17065] hsr_slave_0: entered promiscuous mode
[  279.814610][T17065] hsr_slave_1: entered promiscuous mode
[  279.817160][T17065] debugfs: 'hsr0' already exists in 'hsr'
[  279.819091][T17065] Cannot create hsr debugfs directory
[  279.882273][T17114] x_tables: duplicate underflow at hook 3
[  279.893530][T17058] sctp: [Deprecated]: syz.0.3346 (pid 17058) Use of int in maxseg socket option.
[  279.893530][T17058] Use struct sctp_assoc_value instead
[  279.913720][T17065] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  279.917798][T17065] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  279.938954][ T5360] usb 5-1: USB disconnect, device number 22
[  280.055282][T17065] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  280.058842][T17065] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  280.129977][T17065] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  280.133355][T17065] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  280.190349][T17065] netdevsim netdevsim4 ªªªªªª (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  280.194154][T17065] netdevsim netdevsim4 ªªªªªª (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  280.309996][T17065] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  280.315668][T17065] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  280.329164][T17065] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  280.335879][T17065] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  280.387008][T17065] 8021q: adding VLAN 0 to HW filter on device bond0
[  280.397344][T17065] 8021q: adding VLAN 0 to HW filter on device team0
[  280.404868][T10893] bridge0: port 1(bridge_slave_0) entered blocking state
[  280.408071][T10893] bridge0: port 1(bridge_slave_0) entered forwarding state
[  280.416751][T10893] bridge0: port 2(bridge_slave_1) entered blocking state
[  280.419984][T10893] bridge0: port 2(bridge_slave_1) entered forwarding state
[  280.574362][T17065] 8021q: adding VLAN 0 to HW filter on device batadv0
[  280.666839][T17140] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3364'.
[  280.705302][T17143] team0: Port device veth0_to_hsr added
[  280.752689][T17065] veth0_vlan: entered promiscuous mode
[  280.758049][T17065] veth1_vlan: entered promiscuous mode
[  280.773447][T17065] veth0_macvtap: entered promiscuous mode
[  280.785683][T17065] veth1_macvtap: entered promiscuous mode
[  280.794480][T17065] batman_adv: batadv0: Interface activated: batadv_slave_0
[  280.805446][T17065] batman_adv: batadv0: Interface activated: batadv_slave_1
[  280.815157][T10893] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  280.818698][T10893] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  280.824375][T10893] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  280.827766][T10893] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  280.875818][T10893] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  280.878399][T10893] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  280.879515][ T5930] Bluetooth: hci2: command 0x0419 tx timeout
[  280.883193][ T5930] Bluetooth: hci0: command 0x0c1a tx timeout
[  280.901919][T10893] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  280.904839][T10893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  280.983527][T17159] 9pnet_virtio: no channels available for device syz
[  280.991143][T17159] xt_hashlimit: size too large, truncated to 1048576
[  281.248138][T17181] batadv_slave_1: entered promiscuous mode
[  281.279528][ T5930] Bluetooth: hci3: command tx timeout
[  281.299723][   T10] usb 9-1: new low-speed USB device number 29 using dummy_hcd
[  281.463101][   T10] usb 9-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  281.466947][   T10] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[  281.471272][   T10] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  281.475018][   T10] usb 9-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  281.480502][   T10] usb 9-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  281.484217][   T10] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[  281.487861][   T10] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  281.491613][   T10] usb 9-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  281.496890][   T10] usb 9-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  281.500654][   T10] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[  281.504264][   T10] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  281.507974][   T10] usb 9-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  281.514702][   T10] usb 9-1: string descriptor 0 read error: -22
[  281.517070][   T10] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  281.520241][   T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  281.529917][   T10] adutux 9-1:168.0: interrupt endpoints not found
[  281.716830][T17190] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3380'.
[  281.722874][T17190] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3380'.
[  281.734549][T17159] sctp: [Deprecated]: syz.4.3372 (pid 17159) Use of int in maxseg socket option.
[  281.734549][T17159] Use struct sctp_assoc_value instead
[  281.755904][ T1327] usb 9-1: USB disconnect, device number 29
[  281.863523][ T5930] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  281.933019][T17176] batadv_slave_1: left promiscuous mode
[  281.964928][T17198] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3382'.
[  282.408598][T17222] netlink: 'syz.0.3387': attribute type 10 has an invalid length.
[  282.412909][T17222] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  282.715800][T17247] xt_hashlimit: size too large, truncated to 1048576
[  282.773610][T17253] sctp: [Deprecated]: syz.2.3393 (pid 17253) Use of int in maxseg socket option.
[  282.773610][T17253] Use struct sctp_assoc_value instead
[  282.879144][T17265] loop2: detected capacity change from 0 to 7
[  282.884271][T17265] Dev loop2: unable to read RDB block 7
[  282.886311][T17265]  loop2: unable to read partition table
[  282.888440][T17265] loop2: partition table beyond EOD, truncated
[  282.890607][T17265] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  282.959997][ T5930] Bluetooth: hci2: command 0x0419 tx timeout
[  282.961062][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  282.994820][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  283.011614][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  283.105556][T17267] siw: device registration error -23
[  283.239395][T17276] SELinux:  Context system_u:object_r:auditd_initrc_exec_t:s0 is not valid (left unmapped).
[  283.239542][   T41] audit: type=1400 audit(283.162:6730): avc:  denied  { relabelfrom } for  pid=17275 comm="syz.4.3402" name="NETLINK" dev="sockfs" ino=65252 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  283.250896][   T41] audit: type=1400 audit(283.172:6731): avc:  denied  { relabelto } for  pid=17275 comm="syz.4.3402" name="NETLINK" dev="sockfs" ino=65252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_crypto_socket permissive=1 trawcon="system_u:object_r:auditd_initrc_exec_t:s0"
[  283.347623][   T41] audit: type=1400 audit(283.272:6732): avc:  denied  { unmount } for  pid=17065 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  283.359456][ T5930] Bluetooth: hci3: command tx timeout
[  283.472740][T17297] __nla_validate_parse: 1 callbacks suppressed
[  283.472754][T17297] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3409'.
[  283.650899][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  283.803670][T17318] netlink: 'syz.5.3414': attribute type 1 has an invalid length.
[  283.859787][ T5990] usb 9-1: new high-speed USB device number 30 using dummy_hcd
[  284.039520][ T5990] usb 9-1: Using ep0 maxpacket: 32
[  284.050936][ T5990] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[  284.061092][ T5990] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  284.066120][ T5990] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  284.073606][ T5990] usb 9-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[  284.077440][ T5990] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.081563][ T5990] usb 9-1: Product: syz
[  284.083441][ T5990] usb 9-1: Manufacturer: syz
[  284.085439][ T5990] usb 9-1: SerialNumber: syz
[  284.090315][ T5990] usb 9-1: config 0 descriptor??
[  284.103913][ T5990] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/input/input18
[  284.112701][T17334] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  284.179547][    C1] xpad 9-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1
[  284.335765][   T41] audit: type=1400 audit(284.262:6733): avc:  denied  { read } for  pid=17343 comm="syz.0.3424" path="socket:[65298]" dev="sockfs" ino=65298 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  284.523385][ T5930] Bluetooth: hci1: unexpected event for opcode 0x0c25
[  284.530780][T17368] ªªªªªª: renamed from wg2
[  284.542368][   T41] audit: type=1400 audit(284.472:6734): avc:  denied  { map } for  pid=17310 comm="syz.4.3412" path="/dev/usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  284.612951][T17370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3426'.
[  284.724619][ T1460] usb 9-1: USB disconnect, device number 30
[  284.724773][    C1] xpad 9-1:0.0: xpad_irq_out - usb_submit_urb failed with result -19
[  285.019252][T17387] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3434'.
[  285.248865][T17389] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3435'.
[  285.439554][ T5930] Bluetooth: hci3: command tx timeout
[  285.506779][T17404] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3436'.
[  285.540023][T17405] netlink: 16178 bytes leftover after parsing attributes in process `syz.5.3438'.
[  285.561995][T17411] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3440'.
[  285.566480][T17411] CIFS mount error: No usable UNC path provided in device string!
[  285.566480][T17411] 
[  285.566701][T17405] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  285.570195][T17411] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  285.577374][T17405] batadv_slave_0: entered promiscuous mode
[  285.653348][T17419] dummy0: entered allmulticast mode
[  285.658667][T17418] dummy0: left allmulticast mode
[  285.715569][T17424] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3445'.
[  285.762945][T17432] usb usb8: usbfs: process 17432 (syz.0.3448) did not claim interface 0 before use
[  285.791622][T17434] KVM: debugfs: duplicate directory 17434-5
[  286.231202][   T41] audit: type=1400 audit(286.162:6735): avc:  denied  { map } for  pid=17467 comm="syz.0.3459" path="pipe:[65440]" dev="pipefs" ino=65440 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  286.231944][T17468] 9p: Bad value for 'rfdno'
[  286.239890][   T41] audit: type=1400 audit(286.162:6736): avc:  denied  { execute } for  pid=17467 comm="syz.0.3459" path="pipe:[65440]" dev="pipefs" ino=65440 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  286.405781][T17484] overlayfs: failed to resolve './file1/file0': -2
[  286.980296][T17511] loop2: detected capacity change from 0 to 7
[  286.987048][T17511] Dev loop2: unable to read RDB block 7
[  286.990848][T17511]  loop2: unable to read partition table
[  286.993624][T17511] loop2: partition table beyond EOD, truncated
[  286.998098][T17511] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  287.122668][T17524] vlan0: entered promiscuous mode
[  287.148856][T17527] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžq
Ó†ØÈÌONEOUT'
[  287.152535][T17527] ALSA: mixer_oss: invalid index 1374389
[  287.171212][T17530] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.3482'.
[  287.174842][T17530] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3482'.
[  287.519709][   T41] audit: type=1400 audit(287.452:6737): avc:  denied  { write } for  pid=17544 comm="syz.0.3488" path="socket:[66882]" dev="sockfs" ino=66882 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  287.534733][ T5930] Bluetooth: hci3: command tx timeout
[  287.817563][T17575] sctp: [Deprecated]: syz.5.3498 (pid 17575) Use of struct sctp_assoc_value in delayed_ack socket option.
[  287.817563][T17575] Use struct sctp_sack_info instead
[  288.085983][T17622] xt_hashlimit: overflow, rate too high: 0
[  288.160504][T17630] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17630 comm=syz.2.3512
[  288.199590][T17634] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  288.201166][T17634] 
@0Ù: renamed from bond_slave_1 (while UP)
[  288.286129][T17641] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  288.350366][   T41] audit: type=1400 audit(288.282:6738): avc:  denied  { node_bind } for  pid=17652 comm="syz.2.3520" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  288.358840][T17657] ip6erspan0: entered promiscuous mode
[  288.430412][T17661] fuse: Bad value for 'fd'
[  288.465792][T17675] overlayfs: failed to clone upperpath
[  288.465796][T17674] overlayfs: failed to clone upperpath
[  288.511464][T17677] xt_hashlimit: size too large, truncated to 1048576
[  288.637867][T17682] __nla_validate_parse: 67 callbacks suppressed
[  288.637884][T17682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3528'.
[  288.947670][T17696] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3533'.
[  288.949906][T17691] batman_adv: batadv0: Adding interface: dummy0
[  288.954043][T17691] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  288.967185][T17691] batman_adv: batadv0: Interface activated: dummy0
[  288.972237][   T41] audit: type=1400 audit(288.902:6739): avc:  denied  { connect } for  pid=17689 comm="syz.2.3532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  289.059432][T17705] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[  289.192718][T17715] xt_hashlimit: size too large, truncated to 1048576
[  289.224041][T17726] openvswitch: netlink: Geneve option length err (len 256, max 255).
[  289.317859][T17736] netlink: 'syz.4.3546': attribute type 1 has an invalid length.
[  289.380146][T17743] netlink: 'syz.4.3548': attribute type 10 has an invalid length.
[  289.382751][T17743] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3548'.
[  289.385709][T17743] team0: entered promiscuous mode
[  289.387573][T17743] team_slave_0: entered promiscuous mode
[  289.391110][T17743] team_slave_1: entered promiscuous mode
[  289.393090][T17743] team0: entered allmulticast mode
[  289.394790][T17743] team_slave_0: entered allmulticast mode
[  289.396679][T17743] team_slave_1: entered allmulticast mode
[  289.400702][T17743] bridge0: port 3(team0) entered blocking state
[  289.403501][T17743] bridge0: port 3(team0) entered disabled state
[  289.408659][T17743] bridge0: port 3(team0) entered blocking state
[  289.411485][T17743] bridge0: port 3(team0) entered forwarding state
[  289.502774][ T5990] usb 10-1: new low-speed USB device number 5 using dummy_hcd
[  289.640795][T17756] overlayfs: failed to clone upperpath
[  289.662294][ T5990] usb 10-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  289.666302][ T5990] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  289.670189][ T5990] usb 10-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  289.675187][ T5990] usb 10-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  289.678475][ T5990] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  289.680319][T17759] netlink: 'syz.2.3554': attribute type 21 has an invalid length.
[  289.682064][ T5990] usb 10-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  289.690698][ T5990] usb 10-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  289.694978][ T5990] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  289.699921][ T5990] usb 10-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  289.707555][ T5990] usb 10-1: string descriptor 0 read error: -22
[  289.710533][ T5990] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  289.714266][ T5990] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.720497][ T5990] adutux 10-1:168.0: interrupt endpoints not found
[  289.882486][T17775] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=133 sclass=netlink_route_socket pid=17775 comm=syz.2.3560
[  289.936707][T17715] sctp: [Deprecated]: syz.5.3540 (pid 17715) Use of int in maxseg socket option.
[  289.936707][T17715] Use struct sctp_assoc_value instead
[  289.956542][ T1327] usb 10-1: USB disconnect, device number 5
[  289.976913][T17780] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0
[  290.115001][T17788] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=17788 comm=syz.2.3565
[  290.119212][T17788] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2563 sclass=netlink_route_socket pid=17788 comm=syz.2.3565
[  290.255765][T17804] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3568'.
[  290.256690][T17797] netlink: 'syz.0.3566': attribute type 9 has an invalid length.
[  290.263291][T17797] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3566'.
[  290.287597][T17806] fuse: Bad value for 'fd'
[  290.311824][T17813] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3571'.
[  290.316265][T17813] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3571'.
[  290.416057][T17824] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3574'.
[  290.420119][T17824] macvtap0: entered allmulticast mode
[  290.421918][T17824] veth0_macvtap: entered allmulticast mode
[  290.510179][   T41] audit: type=1400 audit(290.442:6740): avc:  denied  { read } for  pid=17828 comm="syz.2.3576" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  290.625953][T17841] kAFS: unable to lookup cell '(,c¾ûL'
[  290.628899][T17841] kAFS: unable to lookup cell '\,'
[  290.684924][T17853] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3585'.
[  290.691156][T17853] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.700034][T17855] overlayfs: empty lowerdir
[  290.778565][T17861] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  290.781045][T17861] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  290.787022][T17861] vhci_hcd vhci_hcd.0: Device attached
[  290.844133][T17870] xt_hashlimit: size too large, truncated to 1048576
[  290.905595][T17874] sctp: [Deprecated]: syz.2.3587 (pid 17874) Use of int in maxseg socket option.
[  290.905595][T17874] Use struct sctp_assoc_value instead
[  291.029394][ T7203] usb 10-1: new full-speed USB device number 6 using dummy_hcd
[  291.039455][ T1327] usb 47-1: new low-speed USB device number 2 using vhci_hcd
[  291.181230][ T7203] usb 10-1: config 0 has no interfaces?
[  291.183687][ T7203] usb 10-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  291.188227][ T7203] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.195063][ T7203] usb 10-1: config 0 descriptor??
[  291.280151][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  291.400083][T17862] usbip_core: unknown command
[  291.402262][T17862] vhci_hcd: unknown pdu 0
[  291.402775][   T29] usb 10-1: USB disconnect, device number 6
[  291.403771][T17862] usbip_core: unknown command
[  291.405755][   T12] vhci_hcd vhci_hcd.5: stop threads
[  291.406589][   T12] vhci_hcd vhci_hcd.5: release socket
[  291.418648][   T12] vhci_hcd vhci_hcd.5: disconnect device
[  291.479402][ T1327] vhci_hcd vhci_hcd.5: vhci_device speed not set
[  291.688434][T17910] bond0: (slave macvlan4): Error -98 calling set_mac_address
[  291.862455][T17921] netlink: 'syz.2.3606': attribute type 21 has an invalid length.
[  291.918892][T17926] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3608'.
[  291.931816][T17926] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1196 sclass=netlink_route_socket pid=17926 comm=syz.2.3608
[  292.032975][T17937] Bluetooth: MGMT ver 1.23
[  292.063301][T17935] overlayfs: failed to clone upperpath
[  292.077693][   T41] audit: type=1400 audit(292.002:6741): avc:  denied  { mount } for  pid=17942 comm="syz.0.3614" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  292.158503][T17950] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  292.196662][   T41] audit: type=1326 audit(292.122:6742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17957 comm="syz.0.3621" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f274ff9c799 code=0x0
[  292.250285][T17969] overlayfs: failed to clone upperpath
[  292.339163][   T41] audit: type=1326 audit(292.262:6743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17979 comm="syz.5.3629" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f71e879c799 code=0x0
[  292.411592][ T5288] Bluetooth: hci3: Malformed LE Event: 0x0d
[  292.425566][T17993] fuse: Bad value for 'fd'
[  292.427642][T17992] fuse: Bad value for 'fd'
[  292.430839][   T41] audit: type=1400 audit(292.362:6744): avc:  denied  { mounton } for  pid=17994 comm="syz.5.3632" path="/97/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  292.454828][T18000] netlink: 'syz.2.3633': attribute type 1 has an invalid length.
[  292.458065][T18000] netlink: 'syz.2.3633': attribute type 2 has an invalid length.
[  292.461295][T18000] netlink: 'syz.2.3633': attribute type 1 has an invalid length.
[  292.464571][T18000] netlink: 'syz.2.3633': attribute type 3 has an invalid length.
[  292.491123][T18004] overlayfs: failed to clone upperpath
[  293.059525][T18022] sctp: [Deprecated]: syz.0.3638 (pid 18022) Use of int in maxseg socket option.
[  293.059525][T18022] Use struct sctp_assoc_value instead
[  293.130535][T18029] input: syz1 as /devices/virtual/input/input19
[  293.224529][T18036] Mount JFS Failure: -22
[  293.343346][T18049] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  293.343593][T18048] IPVS: stopping master sync thread 18049 ...
[  293.424537][T18064] syzkaller0: entered promiscuous mode
[  293.426396][T18064] syzkaller0: entered allmulticast mode
[  293.524049][T18067] unsupported nlmsg_type 40
[  293.564466][T18072] bond0: (slave nr0): Error: Device can not be enslaved while up
[  293.660513][T18079] team0: Device ipvlan1 failed to register rx_handler
[  293.796298][T18091] fuse: Bad value for 'fd'
[  293.861104][T18094] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0
[  293.879397][ T1327] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  293.881936][T18093] netfs: Couldn't get user pages (rc=-14)
[  293.883855][T18093] netfs: Zero-sized read [R=5]
[  294.039393][ T1327] usb 10-1: Using ep0 maxpacket: 8
[  294.044978][ T1327] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  294.049984][ T1327] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  294.055620][ T1327] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 45856, setting to 1024
[  294.061420][ T1327] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  294.065581][ T1327] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  294.072469][ T1327] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  294.075837][ T1327] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.079569][ T5930] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  294.082474][ T5930] Bluetooth: hci0: command 0x0c1a tx timeout
[  294.219372][ T8738] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  294.287038][ T1327] usb 10-1: GET_CAPABILITIES returned 0
[  294.289110][ T1327] usbtmc 10-1:16.0: can't read capabilities
[  294.379402][ T8738] usb 5-1: Using ep0 maxpacket: 32
[  294.383127][ T8738] usb 5-1: config 0 has an invalid interface number: 119 but max is 0
[  294.386472][ T8738] usb 5-1: config 0 has no interface number 0
[  294.388625][ T8738] usb 5-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  294.392267][ T8738] usb 5-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  294.396021][ T8738] usb 5-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid maxpacket 21506, setting to 1024
[  294.399771][ T8738] usb 5-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  294.403131][ T8738] usb 5-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  294.408925][ T8738] usb 5-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73
[  294.411932][ T8738] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.414553][ T8738] usb 5-1: Product: syz
[  294.415912][ T8738] usb 5-1: Manufacturer: syz
[  294.417425][ T8738] usb 5-1: SerialNumber: syz
[  294.424966][ T8738] usb 5-1: config 0 descriptor??
[  294.427394][T18099] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  294.432581][ T8738] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.119/input/input20
[  294.437079][ T5322] usb 5-1: BOGUS urb xfer, pipe 1 != type 3
[  294.637631][ T7203] usb 5-1: USB disconnect, device number 23
[  294.754569][ T5288] Bluetooth: hci0: unexpected event for opcode 0x2060
[  294.865091][T18127] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.973972][T18127] No control pipe specified
[  295.012718][ T3246] usb 10-1: USB disconnect, device number 7
[  295.439250][T18148] overlayfs: failed to clone upperpath
[  295.906413][T18173] __nla_validate_parse: 5 callbacks suppressed
[  295.906426][T18173] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3679'.
[  296.985550][T18234] netlink: 'syz.4.3700': attribute type 21 has an invalid length.
[  297.378952][   T41] audit: type=1400 audit(297.302:6745): avc:  denied  { getopt } for  pid=18254 comm="syz.2.3705" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  297.494595][T18258] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3706'.
[  297.590145][T18260] netlink: 'syz.5.3707': attribute type 1 has an invalid length.
[  297.698140][T18264] xt_hashlimit: size too large, truncated to 1048576
[  298.009645][ T7203] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  298.011876][   T29] usb 10-1: new low-speed USB device number 8 using dummy_hcd
[  298.169531][ T7203] usb 5-1: Using ep0 maxpacket: 8
[  298.172436][ T7203] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  298.175621][ T7203] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  298.178499][ T7203] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  298.182583][ T7203] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  298.186570][ T7203] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  298.190033][ T7203] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.190997][   T29] usb 10-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  298.196837][   T29] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  298.197436][ T7203] hub 5-1:1.0: bad descriptor, ignoring hub
[  298.201904][   T29] usb 10-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  298.209357][ T7203] hub 5-1:1.0: probe with driver hub failed with error -5
[  298.209539][   T29] usb 10-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  298.211946][ T7203] cdc_wdm 5-1:1.0: skipping garbage
[  298.215831][   T29] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  298.219875][ T7203] cdc_wdm 5-1:1.0: skipping garbage
[  298.222286][   T29] usb 10-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  298.228098][ T7203] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  298.229843][   T29] usb 10-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  298.230247][ T7203] cdc_wdm 5-1:1.0: Unknown control protocol
[  298.234350][   T29] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  298.241225][   T29] usb 10-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  298.249413][   T29] usb 10-1: string descriptor 0 read error: -22
[  298.252599][   T29] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  298.256163][   T29] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.264896][   T29] adutux 10-1:168.0: interrupt endpoints not found
[  298.364270][T18300] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3719'.
[  298.377704][T18300] bond1: entered promiscuous mode
[  298.379948][T18300] 8021q: adding VLAN 0 to HW filter on device bond1
[  298.382472][T18300] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3719'.
[  298.385552][T18300] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3719'.
[  298.388635][T18300] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3719'.
[  298.392536][T18300] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3719'.
[  298.395883][T18300] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3719'.
[  298.399194][T18300] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3719'.
[  298.474068][T18264] sctp: [Deprecated]: syz.5.3708 (pid 18264) Use of int in maxseg socket option.
[  298.474068][T18264] Use struct sctp_assoc_value instead
[  298.489649][ T7203] usb 10-1: USB disconnect, device number 8
[  298.580521][T18320] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3725'.
[  298.611647][T18325] IPv6: Can't replace route, no match found
[  298.778429][T18330] can: request_module (can-proto-0) failed.
[  299.101311][T18269] usb 5-1: reset high-speed USB device number 24 using dummy_hcd
[  299.135009][T18356] netlink: 'syz.4.3737': attribute type 28 has an invalid length.
[  299.138384][T18356] netlink: 'syz.4.3737': attribute type 3 has an invalid length.
[  299.146200][T18356] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1548 sclass=netlink_route_socket pid=18356 comm=syz.4.3737
[  299.165035][T18358] syzkaller0: entered promiscuous mode
[  299.167126][T18358] syzkaller0: entered allmulticast mode
[  299.249476][T18269] usb 5-1: device descriptor read/64, error -71
[  299.419603][T18370] netlink: 'syz.5.3742': attribute type 3 has an invalid length.
[  299.499921][T18269] usb 5-1: reset high-speed USB device number 24 using dummy_hcd
[  299.640993][T18269] usb 5-1: device descriptor read/64, error -71
[  299.811966][T18380] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18380 comm=syz.2.3745
[  299.880443][T18269] usb 5-1: reset high-speed USB device number 24 using dummy_hcd
[  299.910702][T18269] usb 5-1: device descriptor read/8, error -71
[  300.160259][T18269] usb 5-1: reset high-speed USB device number 24 using dummy_hcd
[  300.190162][T18269] usb 5-1: device descriptor read/8, error -71
[  300.311331][T18269] cdc_wdm 5-1:1.0: Error autopm - -16
[  300.311425][   T71] usb 5-1: USB disconnect, device number 24
[  300.457653][T18403] sctp: [Deprecated]: syz.5.3752 (pid 18403) Use of int in maxseg socket option.
[  300.457653][T18403] Use struct sctp_assoc_value instead
[  300.466202][T18403] macsec2: entered promiscuous mode
[  300.469366][   T71] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  300.597985][   T41] audit: type=1400 audit(300.522:6746): avc:  denied  { setattr } for  pid=18409 comm="syz.5.3754" path="socket:[71753]" dev="sockfs" ino=71753 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  300.599633][   T71] usb 5-1: device descriptor read/64, error -71
[  300.600078][T18410] No such timeout policy "syz1"
[  300.713828][T18419] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  300.724622][T10910] bond0: (slave bond_slave_0): interface is now down
[  300.727984][T10910] bond0: (slave 
c
@0Ù): interface is now down
[  300.739381][T10910] bond0: (slave bridge_slave_1): interface is now down
[  300.746870][T10910] bond0: now running without any active interface!
[  300.986369][T18443] bridge0: port 2(ipvlan2) entered blocking state
[  300.988712][T18443] bridge0: port 2(ipvlan2) entered disabled state
[  300.991168][T18443] ipvlan2: entered allmulticast mode
[  300.992929][T18443] bridge0: entered allmulticast mode
[  300.995867][T18443] ipvlan2: left allmulticast mode
[  300.997561][T18443] bridge0: left allmulticast mode
[  301.048177][T18451] netlink: 'syz.0.3768': attribute type 1 has an invalid length.
[  301.050761][   T41] audit: type=1400 audit(300.972:6747): avc:  denied  { write } for  pid=18449 comm="syz.0.3768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  301.057412][T18451] __nla_validate_parse: 8 callbacks suppressed
[  301.057421][T18451] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3768'.
[  301.103956][T18458] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3772'.
[  301.105057][T18459] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3771'.
[  301.315795][T18478] netlink: 'syz.2.3779': attribute type 13 has an invalid length.
[  301.451702][T18487] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3782'.
[  301.492859][T18487] sch_tbf: burst 88 is lower than device veth3 mtu (1514) !
[  301.543700][T18499] team0: Device gtp0 is of different type
[  301.938894][ T1226] ------------[ cut here ]------------
[  301.941126][T18518] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3792'.
[  301.941557][ T1226] wlan1: Dropped data frame as no usable bitrate found while scanning and associated. Target station: 08:02:11:00:00:00 on 5 GHz band
[  301.949107][ T1226] WARNING: net/mac80211/tx.c:753 at ieee80211_tx_h_rate_ctrl+0x12bb/0x1a20, CPU#3: kworker/u32:9/1226
[  301.952977][ T1226] Modules linked in:
[  301.954471][ T1226] CPU: 3 UID: 0 PID: 1226 Comm: kworker/u32:9 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  301.958125][ T1226] Tainted: [L]=SOFTLOCKUP
[  301.959777][ T1226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  301.962950][ T1226] Workqueue: events_unbound cfg80211_wiphy_work
[  301.965104][ T1226] RIP: 0010:ieee80211_tx_h_rate_ctrl+0x12cb/0x1a20
[  301.967168][ T1226] Code: 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 e9 05 00 00 48 8d 3d 15 ee dc 05 48 8b 75 68 89 d9 4c 89 e2 48 81 c6 48 0a 00 00 <67> 48 0f b9 3a bb 01 00 00 00 e9 2a f8 ff ff e8 c1 4c fb f6 e8 dc
[  301.973415][ T1226] RSP: 0018:ffffc900063375d8 EFLAGS: 00010282
[  301.975357][ T1226] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: 0000000000000005
[  301.977902][ T1226] RDX: ffff888027b38044 RSI: ffff888052fd5808 RDI: ffffffff90ea3ff0
[  301.980704][ T1226] RBP: ffffc90006337850 R08: 0000000000000005 R09: 0000000000000000
[  301.983313][ T1226] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888027b38044
[  301.985848][ T1226] R13: ffffc900063378c0 R14: 0000000000000000 R15: 0000000000000001
[  301.988540][ T1226] FS:  0000000000000000(0000) GS:ffff8880d6647000(0000) knlGS:0000000000000000
[  301.991593][ T1226] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  301.993978][ T1226] CR2: 000000110c2d5d1a CR3: 000000000e598000 CR4: 0000000000352ef0
[  301.996925][ T1226] DR0: 0000000040000005 DR1: 0000000100000000 DR2: 0000000000000898
[  301.999823][ T1226] DR3: 0000000000000006 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  302.002523][ T1226] Call Trace:
[  302.003669][ T1226]  <TASK>
[  302.004646][ T1226]  ? kmem_cache_alloc_node_noprof+0x2a9/0x6f0
[  302.006574][ T1226]  ? kmalloc_reserve+0x148/0x350
[  302.008195][ T1226]  ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10
[  302.010184][ T1226]  ? sta_info_hash_lookup+0x259/0x660
[  302.011930][ T1226]  invoke_tx_handlers_late+0xfb4/0x2750
[  302.013676][ T1226]  ? ieee80211_queue_skb+0x3ae/0x1fc0
[  302.015387][ T1226]  ? __fq_adjust_removal+0x260/0x390
[  302.017038][ T1226]  ? invoke_tx_handlers_early+0x65d/0x27d0
[  302.018905][ T1226]  ieee80211_tx+0x304/0x460
[  302.020430][ T1226]  ? __pfx_ieee80211_tx+0x10/0x10
[  302.022088][ T1226]  ? ieee80211_skb_resize+0x119/0x670
[  302.023838][ T1226]  ? ieee80211_set_qos_hdr+0x2c1/0x3f0
[  302.025610][ T1226]  ieee80211_xmit+0x30f/0x3e0
[  302.027176][ T1226]  __ieee80211_tx_skb_tid_band+0x2c2/0x720
[  302.029068][ T1226]  ieee80211_scan_state_send_probe+0x33d/0xac0
[  302.031077][ T1226]  ieee80211_scan_work+0x750/0x1ff0
[  302.032775][ T1226]  ? __queue_work+0x445/0x1150
[  302.034345][ T1226]  ? __pfx_ieee80211_scan_work+0x10/0x10
[  302.036180][ T1226]  ? rcu_is_watching+0x12/0xc0
[  302.037778][ T1226]  cfg80211_wiphy_work+0x446/0x5c0
[  302.039454][ T1226]  process_one_work+0x9d7/0x1920
[  302.040991][ T1226]  ? __pfx_process_one_work+0x10/0x10
[  302.042716][ T1226]  ? __pfx_cfg80211_wiphy_work+0x10/0x10
[  302.044527][ T1226]  worker_thread+0x5da/0xe40
[  302.046019][ T1226]  ? kthread+0x13a/0x450
[  302.047363][ T1226]  ? __pfx_worker_thread+0x10/0x10
[  302.049015][ T1226]  kthread+0x370/0x450
[  302.050422][ T1226]  ? __pfx_kthread+0x10/0x10
[  302.051941][ T1226]  ret_from_fork+0x754/0xd80
[  302.053528][ T1226]  ? __pfx_ret_from_fork+0x10/0x10
[  302.055205][ T1226]  ? __switch_to+0x7b4/0x1120
[  302.056728][ T1226]  ? __pfx_kthread+0x10/0x10
[  302.058193][ T1226]  ret_from_fork_asm+0x1a/0x30
[  302.059835][ T1226]  </TASK>
[  302.060826][ T1226] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  302.063227][ T1226] CPU: 3 UID: 0 PID: 1226 Comm: kworker/u32:9 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  302.066710][ T1226] Tainted: [L]=SOFTLOCKUP
[  302.068104][ T1226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  302.071334][ T1226] Workqueue: events_unbound cfg80211_wiphy_work
[  302.073376][ T1226] Call Trace:
[  302.074456][ T1226]  <TASK>
[  302.075439][ T1226]  dump_stack_lvl+0x100/0x190
[  302.076968][ T1226]  vpanic+0x552/0x970
[  302.078256][ T1226]  ? __pfx_vpanic+0x10/0x10
[  302.079705][ T1226]  panic+0xd1/0xe0
[  302.080897][ T1226]  ? __pfx_panic+0x10/0x10
[  302.082324][ T1226]  ? check_panic_on_warn+0x1f/0x90
[  302.084251][ T1226]  check_panic_on_warn.cold+0x19/0x34
[  302.086251][ T1226]  ? ieee80211_tx_h_rate_ctrl+0x12bb/0x1a20
[  302.088211][ T1226]  __warn.cold+0x191/0x348
[  302.089965][ T1226]  __report_bug+0x296/0x3d0
[  302.091546][ T1226]  ? ieee80211_tx_h_rate_ctrl+0x12bb/0x1a20
[  302.093640][ T1226]  ? __pfx___report_bug+0x10/0x10
[  302.095291][ T1226]  ? kasan_save_stack+0x3f/0x50
[  302.096883][ T1226]  ? kasan_save_stack+0x30/0x50
[  302.098505][ T1226]  ? ieee80211_scan_work+0x750/0x1ff0
[  302.100222][ T1226]  ? cfg80211_wiphy_work+0x446/0x5c0
[  302.101903][ T1226]  ? process_one_work+0x9d7/0x1920
[  302.103561][ T1226]  ? worker_thread+0x5da/0xe40
[  302.105087][ T1226]  ? kthread+0x370/0x450
[  302.106454][ T1226]  ? ret_from_fork+0x754/0xd80
[  302.108058][ T1226]  ? ret_from_fork_asm+0x1a/0x30
[  302.109648][ T1226]  report_bug_entry+0xe1/0x290
[  302.111179][ T1226]  ? ieee80211_tx_h_rate_ctrl+0x12cb/0x1a20
[  302.113066][ T1226]  handle_bug+0x1c9/0x2a0
[  302.114446][ T1226]  exc_invalid_op+0x17/0x50
[  302.115876][ T1226]  asm_exc_invalid_op+0x1a/0x20
[  302.117442][ T1226] RIP: 0010:ieee80211_tx_h_rate_ctrl+0x12cb/0x1a20
[  302.119519][ T1226] Code: 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 e9 05 00 00 48 8d 3d 15 ee dc 05 48 8b 75 68 89 d9 4c 89 e2 48 81 c6 48 0a 00 00 <67> 48 0f b9 3a bb 01 00 00 00 e9 2a f8 ff ff e8 c1 4c fb f6 e8 dc
[  302.125539][ T1226] RSP: 0018:ffffc900063375d8 EFLAGS: 00010282
[  302.127461][ T1226] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: 0000000000000005
[  302.129941][ T1226] RDX: ffff888027b38044 RSI: ffff888052fd5808 RDI: ffffffff90ea3ff0
[  302.132383][ T1226] RBP: ffffc90006337850 R08: 0000000000000005 R09: 0000000000000000
[  302.134818][ T1226] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888027b38044
[  302.137244][ T1226] R13: ffffc900063378c0 R14: 0000000000000000 R15: 0000000000000001
[  302.139725][ T1226]  ? ieee80211_tx_h_rate_ctrl+0x1297/0x1a20
[  302.141601][ T1226]  ? kmem_cache_alloc_node_noprof+0x2a9/0x6f0
[  302.143560][ T1226]  ? kmalloc_reserve+0x148/0x350
[  302.145138][ T1226]  ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10
[  302.147063][ T1226]  ? sta_info_hash_lookup+0x259/0x660
[  302.148761][ T1226]  invoke_tx_handlers_late+0xfb4/0x2750
[  302.150471][ T1226]  ? ieee80211_queue_skb+0x3ae/0x1fc0
[  302.152146][ T1226]  ? __fq_adjust_removal+0x260/0x390
[  302.153832][ T1226]  ? invoke_tx_handlers_early+0x65d/0x27d0
[  302.155718][ T1226]  ieee80211_tx+0x304/0x460
[  302.157395][ T1226]  ? __pfx_ieee80211_tx+0x10/0x10
[  302.159082][ T1226]  ? ieee80211_skb_resize+0x119/0x670
[  302.160803][ T1226]  ? ieee80211_set_qos_hdr+0x2c1/0x3f0
[  302.162555][ T1226]  ieee80211_xmit+0x30f/0x3e0
[  302.164126][ T1226]  __ieee80211_tx_skb_tid_band+0x2c2/0x720
[  302.166023][ T1226]  ieee80211_scan_state_send_probe+0x33d/0xac0
[  302.168131][ T1226]  ieee80211_scan_work+0x750/0x1ff0
[  302.169955][ T1226]  ? __queue_work+0x445/0x1150
[  302.171618][ T1226]  ? __pfx_ieee80211_scan_work+0x10/0x10
[  302.173567][ T1226]  ? rcu_is_watching+0x12/0xc0
[  302.175142][ T1226]  cfg80211_wiphy_work+0x446/0x5c0
[  302.176728][ T1226]  process_one_work+0x9d7/0x1920
[  302.178357][ T1226]  ? __pfx_process_one_work+0x10/0x10
[  302.180091][ T1226]  ? __pfx_cfg80211_wiphy_work+0x10/0x10
[  302.181864][ T1226]  worker_thread+0x5da/0xe40
[  302.183410][ T1226]  ? kthread+0x13a/0x450
[  302.184781][ T1226]  ? __pfx_worker_thread+0x10/0x10
[  302.186444][ T1226]  kthread+0x370/0x450
[  302.187815][ T1226]  ? __pfx_kthread+0x10/0x10
[  302.189310][ T1226]  ret_from_fork+0x754/0xd80
[  302.190772][ T1226]  ? __pfx_ret_from_fork+0x10/0x10
[  302.192414][ T1226]  ? __switch_to+0x7b4/0x1120
[  302.194154][ T1226]  ? __pfx_kthread+0x10/0x10
[  302.195661][ T1226]  ret_from_fork_asm+0x1a/0x30
[  302.197226][ T1226]  </TASK>
[  302.198890][ T1226] Kernel Offset: disabled
[  302.200289][ T1226] Rebooting in 86400 seconds..