last executing test programs:

9.456909837s ago: executing program 0 (id=81):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000001000000a00300000500000000000000", @ANYBLOB], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000640)={r0, &(0x7f0000000080), &(0x7f0000000180)=""/251}, 0x20)

9.386375011s ago: executing program 0 (id=82):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)={0x1e8, 0x19, 0x1, 0x0, 0x0, {0x1d, 0xd601, 0x9}, [@nested={0x50, 0x12, 0x0, 0x1, [@typed={0x49, 0x121, 0x0, 0x0, @binary="c9a7befe6f6d645a1a11b81b2c4b101c7510e19feecb90ee6bb49f6cc7a2c50fd57c06db1a75df432aa833928a0772ff8f5e9ed32d3b477d35b296674f1fe35663c0d236fd"}]}, @nested={0x184, 0x6, 0x0, 0x1, [@nested={0x180, 0x75, 0x0, 0x1, [@nested={0xc, 0x105, 0x0, 0x1, [@typed={0x4, 0x22}, @typed={0x4, 0x98}]}, @nested={0x4, 0x8}, @typed={0x8, 0xe6, 0x0, 0x0, @fd=r0}, @generic="897a22072687e1d29eb84b27bdf276e0", @nested={0x154, 0x425, 0x0, 0x1, [@nested={0x14d, 0xc7, 0x0, 0x1, [@generic="0e8a1ba9d0d1c3c46f11f097dd31b5ac0d84d4d2b2f914e4192e9f5e09954309143035825e421199ef3742a5289e741571d2ac7ef6550f8c0454460c177a12d8c5", @typed={0x41, 0xe4, 0x0, 0x0, @binary="6423d7fbd06565c156e976ea2705ead6f599a9ab0d0f0b42f23c719ad59cbf301b5dfa5c580b1cc4643e60b078837a9e0bbd915ec517e815e3d158c99e"}, @nested={0xc4, 0xc6, 0x0, 0x1, [@nested={0xbd, 0x122, 0x0, 0x1, [@typed={0x8, 0x14, 0x0, 0x0, @u32=0x401}, @generic="e96c0df381a14a3c0b3ccaef33d226349e43f34829aab5a8b5ce756312", @nested={0x4, 0x17}, @nested={0x4d, 0xc9, 0x0, 0x1, [@generic="573cfd609bc771ba55fa6b9efa4af09c195eb368174c8a4b5b79b3850be70fab47c04bcba4d04cd5980d0ae8da944ccab8", @typed={0x5, 0x58, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0x85, 0x0, 0x0, @fd}, @typed={0x5, 0xde, 0x0, 0x0, @str='\x00'}]}, @nested={0x4, 0xcd}, @typed={0x8, 0xd3, 0x0, 0x0, @str='gtp\x00'}, @typed={0x32, 0x131, 0x0, 0x0, @binary="293c4369bb7ebb6bbb43402813d21d2b8c714092da0256e8710d127ab2352ee65c99c488fecc244310e65e0ae8a7"}]}]}]}]}]}]}]}, 0x1e8}, 0x1, 0x0, 0x0, 0x5}, 0x0)

9.311103195s ago: executing program 0 (id=83):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x7, 0x100}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f046bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000080)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffe000/0x1000)=nil)

5.227690475s ago: executing program 0 (id=84):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)

4.794916399s ago: executing program 0 (id=85):
openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/mdstat\x00', 0x0, 0x0)
epoll_create1(0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
epoll_create1(0x80000)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x2, 0x0, 0x4000000000000, 0x40000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

3.118475964s ago: executing program 1 (id=87):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r0, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000440)={0x2, 0x0, {&(0x7f00000004c0)=""/114, 0x72, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000040)={0x2, 0x0, {&(0x7f0000000600)=""/263, 0x107, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000780)=""/201, 0xfffffe3c, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/119, 0xfca2, 0x0, 0x0, 0x3}}, 0x48)

2.29734134s ago: executing program 1 (id=88):
r0 = syz_open_procfs$namespace(0x0, 0x0)
ioctl$BTRFS_IOC_ADD_DEV(r0, 0x5000940a, 0x0)

2.175720607s ago: executing program 0 (id=89):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0xbfa35000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
r3 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x36}, 0x4, [0x7, 0x8, 0x5, 0xd, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x9, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x0, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x3, 0x2, 0x4, 0x7, 0x81, 0x8a, 0xfffffff8, 0x558e0d34, 0x4, 0xfffeffff, 0x91, 0x5, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0x4a7, 0x81, 0x6, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x5, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0xf, 0xfffffff3, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400800, 0x0, 0x2, 0x1c, 0x8, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x403, 0xffff58b9, 0x4c2336d3, 0x80004, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00002, 0x80005, 0xb, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0xaa5, 0x2, 0x9, 0x2, 0x8000, 0x5, 0xfffffff9, 0x994, 0x1000, 0x4, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x1, 0x4, 0x8d3, 0x6, 0x108, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x0, 0x5, 0x9, 0x80000001, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0x4, 0xd3, 0x7, 0x3435, 0x5, 0x9, 0xfd, 0x401, 0x101, 0x7ff, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x806, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdaf, 0x1, 0x8, 0x14000, 0x1, 0x1b18]}, 0x45c)
io_uring_enter(r3, 0x27e2, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, 0x0, 0x0, 0x0)
r7 = syz_genetlink_get_family_id$gtp(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r7, @ANYBLOB='\a\x00', @ANYRES32, @ANYBLOB="08000400000000000c0003000000000000000100080005000000000008000100", @ANYRES32=0x0, @ANYBLOB="0800020000000000060006"], 0x50}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
r8 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r8, &(0x7f0000000140), 0x4924b68, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1d, 0x81db, 0x1, 0x9, 0x400, 0xffffffffffffffff, 0xff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, @void, @value, @void, @value}, 0x50)

2.056804324s ago: executing program 1 (id=90):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, 0x0, 0x0)
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000002380)='net/ip_mr_cache\x00')
pread64(r2, &(0x7f0000000100)=""/253, 0xfd, 0xadc)

1.536806023s ago: executing program 1 (id=91):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000001000000a00300000500000000000000", @ANYBLOB], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000640)={r0, &(0x7f0000000080), &(0x7f0000000180)=""/251}, 0x20)

1.222452571s ago: executing program 1 (id=92):
syz_emit_ethernet(0x4a, &(0x7f0000000500)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x2c, 0x0, @private1, @local, {[], {{0x3a00, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
getpid()
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f00000007c0)={0x52})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000280)=ANY=[], 0x0, 0x56, 0x0, 0xfffffffd, 0x0, 0x0, @void, @value}, 0x28)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0)
io_setup(0x3, &(0x7f0000000140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r6, &(0x7f0000000800)={'syz1\x00', {0x0, 0x401, 0x2}, 0x2c, [0x0, 0x100, 0x0, 0xfffffffd, 0x6, 0x2, 0xfffffffc, 0x3, 0x0, 0x7fffffff, 0xfffffffe, 0xc0, 0x0, 0x0, 0x8, 0x0, 0x4000, 0x10, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x84fd, 0x0, 0x7, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5f1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x4, 0x0, 0x7ff, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xe, 0x0, 0x2, 0x20, 0x0, 0xeae2, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x3ff, 0x40000000, 0x7fffe, 0x0, 0xfffffffd, 0x0, 0xfffffffc, 0x2, 0x3, 0x7, 0x0, 0x3, 0x80000000, 0xffff], [0x4, 0x20e4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80, 0x100, 0x0, 0x0, 0x0, 0x2, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfff, 0x71f, 0x0, 0x1, 0xffffffff, 0x20, 0x8], [0x40000000, 0x4, 0x74e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40, 0x0, 0x0, 0xbd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffc, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0xcaa, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3]}, 0x45c)
ioctl$UI_DEV_CREATE(r6, 0x5501)
sendmsg$netlink(r4, &(0x7f0000000480), 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000880)=@mangle={'mangle\x00', 0x1f, 0x6, 0x540, 0x1c8, 0x1c8, 0x410, 0x130, 0x328, 0x500, 0x500, 0x500, 0x500, 0x500, 0x6, &(0x7f0000000300), {[{{@ip={@empty, @dev={0xac, 0x14, 0x14, 0x3e}, 0xffffff00, 0x0, 'ip_vti0\x00', 'vlan0\x00', {}, {}, 0x21, 0x0, 0x44}, 0x0, 0xd0, 0x130, 0x0, {}, [@common=@ah={{0x30}, {[0x8, 0x9]}}, @common=@addrtype={{0x30}, {0xf28, 0x10, 0x1, 0x1}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x4, 0x2, 0x0, 0x2], 0x3}, {0x2, [0x6, 0x2, 0x4, 0x0, 0x2]}}}}, {{@ip={@loopback, @empty, 0xffffffff, 0xff000000, 'netdevsim0\x00', 'geneve0\x00', {}, {}, 0x73, 0x1, 0x2c}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x130, 0x160, 0x0, {}, [@common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@dev={0xfe, 0x80, '\x00', 0x40}, [0x0, 0x0, 0xffffffff], @ipv4=@empty, [0xffff00, 0xff000000, 0xff000000], @ipv6=@empty, [0xff000000, 0xffffff00, 0xff], @ipv4=@local, [0x0, 0xffffff00, 0xff, 0xffffffff], 0x0, 0x5, 0x16, 0x4e21, 0x4e20, 0x4e20, 0x4e20, 0x205a, 0x88}, 0x1, 0x880}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x40000000, 0xccb, @remote, 0x4e21}}}, {{@ip={@private=0xa010102, @multicast1, 0x5aabe60e4f786391, 0xffffff00, 'caif0\x00', 'vxcan1\x00', {0xff}, {0xff}, 0x5c, 0x1, 0x10}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xe}}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0x3d, 0x3}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x5a0)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000600)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "0f78fbc54b6c106c", "75fd7583f127c5c356354c80ea765edaa15f377fb214e20fda1b0241bed67dc4", "b1726789", "fb442565fb00"}, 0x38)
sendto$inet6(r3, &(0x7f00000001c0), 0xffffffffffffff13, 0x0, 0x0, 0x3000137)

0s ago: executing program 1 (id=93):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
write(r1, &(0x7f0000000240)="94", 0x1)
tee(r0, r4, 0x8f5, 0x0)
write(r2, 0x0, 0x0)

kernel console output (not intermixed with test programs):

syzkaller login: [   35.990498][   T31] kauditd_printk_skb: 6 callbacks suppressed
[   35.991076][   T31] audit: type=1400 audit(35.910:58): avc:  denied  { read write } for  pid=3091 comm="sftp-server" name="null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   36.016043][   T31] audit: type=1400 audit(35.940:59): avc:  denied  { open } for  pid=3091 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
Warning: Permanently added '[localhost]:14162' (ED25519) to the list of known hosts.
[   45.851253][   T31] audit: type=1400 audit(45.780:60): avc:  denied  { name_bind } for  pid=3094 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   47.521313][   T31] audit: type=1400 audit(47.450:61): avc:  denied  { execute } for  pid=3095 comm="sh" name="syz-executor" dev="vda" ino=805 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[   47.523880][   T31] audit: type=1400 audit(47.450:62): avc:  denied  { execute_no_trans } for  pid=3095 comm="sh" path="/syz-executor" dev="vda" ino=805 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[   49.298154][   T31] audit: type=1400 audit(49.220:63): avc:  denied  { mounton } for  pid=3095 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=806 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   49.302919][   T31] audit: type=1400 audit(49.230:64): avc:  denied  { mount } for  pid=3095 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   49.311133][ T3095] cgroup: Unknown subsys name 'net'
[   49.316001][   T31] audit: type=1400 audit(49.240:65): avc:  denied  { unmount } for  pid=3095 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   49.532146][ T3095] cgroup: Unknown subsys name 'cpuset'
[   49.536363][ T3095] cgroup: Unknown subsys name 'hugetlb'
[   49.537013][ T3095] cgroup: Unknown subsys name 'rlimit'
[   49.782614][   T31] audit: type=1400 audit(49.710:66): avc:  denied  { setattr } for  pid=3095 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   49.785628][   T31] audit: type=1400 audit(49.710:67): avc:  denied  { mounton } for  pid=3095 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   49.787414][   T31] audit: type=1400 audit(49.710:68): avc:  denied  { mount } for  pid=3095 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   49.982792][ T3097] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   49.987604][   T31] audit: type=1400 audit(49.910:69): avc:  denied  { relabelto } for  pid=3097 comm="mkswap" name="swap-file" dev="vda" ino=809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[   55.130981][ T3095] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   56.320788][   T31] kauditd_printk_skb: 3 callbacks suppressed
[   56.321213][   T31] audit: type=1400 audit(56.240:73): avc:  denied  { execmem } for  pid=3098 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   56.369443][   T31] audit: type=1400 audit(56.290:74): avc:  denied  { read } for  pid=3100 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   56.370632][   T31] audit: type=1400 audit(56.290:75): avc:  denied  { open } for  pid=3100 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   56.374687][   T31] audit: type=1400 audit(56.300:76): avc:  denied  { mounton } for  pid=3100 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   56.393546][   T31] audit: type=1400 audit(56.320:77): avc:  denied  { module_request } for  pid=3100 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   56.434985][   T31] audit: type=1400 audit(56.360:78): avc:  denied  { sys_module } for  pid=3101 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   56.858354][   T31] audit: type=1400 audit(56.780:79): avc:  denied  { ioctl } for  pid=3100 comm="syz-executor" path="/dev/net/tun" dev="devtmpfs" ino=675 ioctlcmd=0x54ca scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   57.527787][ T3100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.534492][ T3100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.575704][ T3101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.579510][ T3101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.128504][ T3101] hsr_slave_0: entered promiscuous mode
[   58.130990][ T3101] hsr_slave_1: entered promiscuous mode
[   58.156658][ T3100] hsr_slave_0: entered promiscuous mode
[   58.157638][ T3100] hsr_slave_1: entered promiscuous mode
[   58.158140][ T3100] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.158527][ T3100] Cannot create hsr debugfs directory
[   58.541717][   T31] audit: type=1400 audit(58.470:80): avc:  denied  { create } for  pid=3100 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   58.546529][   T31] audit: type=1400 audit(58.470:81): avc:  denied  { write } for  pid=3100 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   58.551610][   T31] audit: type=1400 audit(58.480:82): avc:  denied  { read } for  pid=3100 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   58.566518][ T3100] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.580547][ T3100] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.595808][ T3100] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.601448][ T3100] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.634295][ T3101] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   58.642146][ T3101] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   58.652496][ T3101] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   58.663834][ T3101] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   59.028304][ T3100] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.108706][ T3101] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.404008][ T3100] veth0_vlan: entered promiscuous mode
[   60.416890][ T3100] veth1_vlan: entered promiscuous mode
[   60.452211][ T3100] veth0_macvtap: entered promiscuous mode
[   60.458223][ T3100] veth1_macvtap: entered promiscuous mode
[   60.495648][ T3100] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.496076][ T3100] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.496181][ T3100] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.496282][ T3100] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.656115][ T3100] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   60.732008][ T3101] veth0_vlan: entered promiscuous mode
[   60.743751][ T3101] veth1_vlan: entered promiscuous mode
[   60.779430][ T3101] veth0_macvtap: entered promiscuous mode
[   60.788036][ T3101] veth1_macvtap: entered promiscuous mode
[   60.830503][ T3101] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.831326][ T3101] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.833601][ T3101] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.835412][ T3101] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.382185][ T3048] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   61.546414][ T3048] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[   61.556041][ T3048] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[   61.556267][ T3048] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   61.556478][ T3048] usb 1-1: Product: syz
[   61.556625][ T3048] usb 1-1: Manufacturer: syz
[   61.556687][ T3048] usb 1-1: SerialNumber: syz
[   61.786665][ T3048] usb 1-1: USB disconnect, device number 2
[   62.261167][ T3048] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   62.431942][ T3048] usb 1-1: Using ep0 maxpacket: 32
[   62.441811][ T3048] usb 1-1: unable to get BOS descriptor or descriptor too short
[   62.448837][ T3048] usb 1-1: config 128 has an invalid interface number: 127 but max is 3
[   62.449211][ T3048] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[   62.449344][ T3048] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4
[   62.449455][ T3048] usb 1-1: config 128 has no interface number 0
[   62.449656][ T3048] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7
[   62.449791][ T3048] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[   62.450440][ T3048] usb 1-1: config 128 interface 127 has no altsetting 0
[   62.464317][ T3048] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[   62.464706][ T3048] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   62.464796][ T3048] usb 1-1: Product: syz
[   62.464859][ T3048] usb 1-1: Manufacturer: syz
[   62.464920][ T3048] usb 1-1: SerialNumber: syz
[   62.768801][ T3048] usb 1-1: USB disconnect, device number 3
[   63.056182][   T31] kauditd_printk_skb: 22 callbacks suppressed
[   63.056456][   T31] audit: type=1400 audit(62.980:105): avc:  denied  { create } for  pid=3792 comm="syz.1.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   63.121202][   T31] audit: type=1400 audit(63.050:106): avc:  denied  { watch watch_reads } for  pid=3792 comm="syz.1.4" path="/1" dev="tmpfs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   65.813105][   T31] audit: type=1400 audit(65.740:107): avc:  denied  { unmount } for  pid=3100 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   66.350401][   T31] audit: type=1400 audit(66.270:108): avc:  denied  { ioctl } for  pid=3837 comm="syz.0.9" path="socket:[3184]" dev="sockfs" ino=3184 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   75.522400][   T31] audit: type=1400 audit(75.450:109): avc:  denied  { create } for  pid=3865 comm="syz.1.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   75.525660][   T31] audit: type=1400 audit(75.450:110): avc:  denied  { write } for  pid=3865 comm="syz.1.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   75.542902][ T3866] netlink: 56 bytes leftover after parsing attributes in process `syz.1.15'.
[   75.665127][   T31] audit: type=1400 audit(75.590:111): avc:  denied  { map_read map_write } for  pid=3869 comm="syz.1.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   77.648578][   T31] audit: type=1400 audit(77.570:112): avc:  denied  { create } for  pid=3879 comm="syz.0.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   77.653442][ T3880] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   77.654291][   T31] audit: type=1400 audit(77.580:113): avc:  denied  { create } for  pid=3879 comm="syz.0.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   77.657955][   T31] audit: type=1400 audit(77.580:114): avc:  denied  { setopt } for  pid=3879 comm="syz.0.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   77.664193][   T31] audit: type=1400 audit(77.590:115): avc:  denied  { ioctl } for  pid=3879 comm="syz.0.21" path="socket:[3216]" dev="sockfs" ino=3216 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   77.777884][   T31] audit: type=1400 audit(77.700:116): avc:  denied  { bind } for  pid=3879 comm="syz.0.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   77.780755][ T3880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.21'.
[   77.885625][   T31] audit: type=1400 audit(77.810:117): avc:  denied  { name_bind } for  pid=3885 comm="syz.0.22" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[   78.430510][   T31] audit: type=1400 audit(78.350:118): avc:  denied  { read } for  pid=3890 comm="syz.1.24" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   78.436029][ T3891] binder: 3890:3891 ioctl c0306201 0 returned -14
[   78.439108][ T3891] binder: 3890:3891 ioctl c0306201 0 returned -14
[   81.025599][    T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   81.230918][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   81.231478][    T9] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   81.231670][    T9] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   81.243413][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   81.243607][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.243738][    T9] usb 1-1: Product: syz
[   81.243785][    T9] usb 1-1: Manufacturer: syz
[   81.243822][    T9] usb 1-1: SerialNumber: syz
[   81.486594][    T9] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[   81.820691][ T1783] usb 1-1: USB disconnect, device number 4
[   81.847037][ T1783] usblp0: removed
[   82.792595][ T3922] binder: 3921:3922 ioctl c0306201 0 returned -14
[   82.854692][ T3922] binder: 3921:3922 ioctl c0306201 0 returned -14
[   83.690704][   T31] kauditd_printk_skb: 12 callbacks suppressed
[   83.691078][   T31] audit: type=1400 audit(83.610:131): avc:  denied  { getopt } for  pid=3926 comm="syz.0.31" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   84.074391][   T31] audit: type=1400 audit(84.000:132): avc:  denied  { setopt } for  pid=3931 comm="syz.1.33" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   84.123217][ T3934] binder: 3933:3934 ioctl c0306201 0 returned -14
[   84.124248][ T3934] binder: 3933:3934 ioctl c0306201 0 returned -14
[   84.407886][   T31] audit: type=1400 audit(84.330:133): avc:  denied  { setopt } for  pid=3935 comm="syz.1.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   84.480723][   T31] audit: type=1400 audit(84.400:134): avc:  denied  { ioctl } for  pid=3946 comm="syz.1.38" path="uts:[4026532660]" dev="nsfs" ino=4026532660 ioctlcmd=0x940a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   87.542358][ T3048] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   87.700617][ T3048] usb 2-1: Using ep0 maxpacket: 32
[   87.734523][ T3048] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[   87.736009][ T3048] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.739334][ T3048] usb 2-1: Product: syz
[   87.741339][ T3048] usb 2-1: Manufacturer: syz
[   87.742715][ T3048] usb 2-1: SerialNumber: syz
[   87.748585][ T3048] usb 2-1: config 0 descriptor??
[   89.994923][ T3975] syz.0.46 (3975): drop_caches: 2
[   90.011524][ T3975] syz.0.46 (3975): drop_caches: 2
[   90.030696][   T31] audit: type=1400 audit(89.950:135): avc:  denied  { write } for  pid=3974 comm="syz.0.46" name="protocols" dev="proc" ino=4026532666 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   90.610682][   T31] audit: type=1400 audit(90.510:136): avc:  denied  { ioctl } for  pid=3974 comm="syz.0.46" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=3329 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   90.992823][   T31] audit: type=1400 audit(90.920:137): avc:  denied  { create } for  pid=3979 comm="syz.0.47" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   98.019700][    T9] usb 2-1: USB disconnect, device number 2
[   98.683049][    T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   98.934371][    T9] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   98.934850][    T9] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   98.935276][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[   98.935433][    T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[   98.935563][    T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[   98.946582][    T9] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   98.948984][    T9] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   98.949245][    T9] usb 2-1: Product: syz
[   98.949457][    T9] usb 2-1: Manufacturer: syz
[   98.983643][    T9] cdc_wdm 2-1:1.0: skipping garbage
[   98.984149][    T9] cdc_wdm 2-1:1.0: skipping garbage
[   99.004523][    T9] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[   99.577927][ T3048] usb 2-1: USB disconnect, device number 3
[  101.375748][   T31] audit: type=1400 audit(101.300:138): avc:  denied  { sqpoll } for  pid=4027 comm="syz.1.57" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  102.478799][   T31] audit: type=1400 audit(102.400:139): avc:  denied  { create } for  pid=4033 comm="syz.1.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  102.491680][   T31] audit: type=1400 audit(102.420:140): avc:  denied  { setopt } for  pid=4033 comm="syz.1.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  103.880382][    C1] hrtimer: interrupt took 9907328 ns
[  106.723113][   T31] audit: type=1400 audit(106.650:141): avc:  denied  { bind } for  pid=4033 comm="syz.1.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  106.724254][   T31] audit: type=1400 audit(106.650:142): avc:  denied  { name_bind } for  pid=4033 comm="syz.1.59" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  106.725337][   T31] audit: type=1400 audit(106.650:143): avc:  denied  { node_bind } for  pid=4033 comm="syz.1.59" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  109.688619][   T31] audit: type=1400 audit(109.610:144): avc:  denied  { unmount } for  pid=3100 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  112.395010][   T31] audit: type=1400 audit(112.320:145): avc:  denied  { name_bind } for  pid=4049 comm="syz.0.64" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  112.396427][   T31] audit: type=1400 audit(112.320:146): avc:  denied  { node_bind } for  pid=4049 comm="syz.0.64" saddr=172.20.20.170 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  117.528910][   T31] audit: type=1400 audit(117.450:147): avc:  denied  { ioctl } for  pid=4071 comm="syz.1.70" path="socket:[2425]" dev="sockfs" ino=2425 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  117.547374][ T4072] netlink: 'syz.1.70': attribute type 10 has an invalid length.
[  125.792342][ T4118] fuse: root generation should be zero
[  126.070869][ T1783] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  126.250351][ T1783] usb 1-1: config 0 has an invalid interface number: 20 but max is 0
[  126.250795][ T1783] usb 1-1: config 0 has no interface number 0
[  126.251184][ T1783] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  126.263110][ T1783] usb 1-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[  126.263473][ T1783] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.263729][ T1783] usb 1-1: Product: syz
[  126.263807][ T1783] usb 1-1: Manufacturer: syz
[  126.263876][ T1783] usb 1-1: SerialNumber: syz
[  126.273020][ T1783] usb 1-1: config 0 descriptor??
[  126.276113][ T4118] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  126.284772][ T1783] usb-storage 1-1:0.20: USB Mass Storage device detected
[  126.291305][ T1783] usb-storage 1-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[  126.485192][ T1783] scsi host0: usb-storage 1-1:0.20
[  126.507942][ T1783] usb 1-1: USB disconnect, device number 5
[  143.733901][   T31] audit: type=1400 audit(143.660:148): avc:  denied  { create } for  pid=4161 comm="syz.0.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  146.696264][ T4172] syz_tun: entered allmulticast mode
[  146.850084][ T4170] syz_tun: left allmulticast mode
[  148.029159][ T4177] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  148.157946][ T4176] input: syz1 as /devices/virtual/input/input3
[  148.165936][ T4176] Zero length message leads to an empty skb
[  148.847855][ T4171] 8<--- cut here ---
[  148.860669][ T4171] Unable to handle kernel NULL pointer dereference at virtual address 0000000e when read
[  148.861642][ T4171] [0000000e] *pgd=8559f003, *pmd=df8fc003
[  148.863416][ T4171] Internal error: Oops: 205 [#1] SMP ARM
[  148.864298][ T4171] Modules linked in:
[  148.865158][ T4171] CPU: 1 UID: 0 PID: 4171 Comm: syz.0.89 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT 
[  148.865879][ T4171] Hardware name: ARM-Versatile Express
[  148.866197][ T4171] PC is at io_buffer_select+0x50/0x18c
[  148.866812][ T4171] LR is at xa_load+0x68/0xa4
[  148.866971][ T4171] pc : [<80889a10>]    lr : [<81a4be54>]    psr: 20000013
[  148.867154][ T4171] sp : dfb21e18  ip : dfb21dd8  fp : dfb21e34
[  148.867319][ T4171] r10: 837e1180  r9 : 00000000  r8 : 80000001
[  148.867496][ T4171] r7 : dfb21e50  r6 : 00000000  r5 : 84e1d900  r4 : 85582f00
[  148.867803][ T4171] r3 : 00000001  r2 : 00000000  r1 : 8550db40  r0 : 00000000
[  148.868303][ T4171] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[  148.868932][ T4171] Control: 30c5387d  Table: 8550df40  DAC: 00000000
[  148.869340][ T4171] Register r0 information: NULL pointer
[  148.870325][ T4171] Register r1 information: slab kmalloc-64 start 8550db40 pointer offset 0 size 64
[  148.871267][ T4171] Register r2 information: NULL pointer
[  148.871517][ T4171] Register r3 information: non-paged memory
[  148.871745][ T4171] Register r4 information: slab io_kiocb start 85582f00 pointer offset 0 size 192
[  148.872200][ T4171] Register r5 information: slab kmalloc-2k start 84e1d800 pointer offset 256 size 2048
[  148.872686][ T4171] Register r6 information: NULL pointer
[  148.873124][ T4171] Register r7 information: 2-page vmalloc region starting at 0xdfb20000 allocated at kernel_clone+0xac/0x3e4
[  148.873592][ T4171] Register r8 information: non-slab/vmalloc memory
[  148.873837][ T4171] Register r9 information: NULL pointer
[  148.874000][ T4171] Register r10 information: slab sock_inode_cache start 837e1180 pointer offset 0 size 576
[  148.874300][ T4171] Register r11 information: 2-page vmalloc region starting at 0xdfb20000 allocated at kernel_clone+0xac/0x3e4
[  148.874601][ T4171] Register r12 information: 2-page vmalloc region starting at 0xdfb20000 allocated at kernel_clone+0xac/0x3e4
[  148.874957][ T4171] Process syz.0.89 (pid: 4171, stack limit = 0xdfb20000)
[  148.875591][ T4171] Stack: (0xdfb21e18 to 0xdfb22000)
[  148.878939][ T4171] 1e00:                                                       85582f00 85482500
[  148.880871][ T4171] 1e20: 00000000 00000040 dfb21e84 dfb21e38 80892d3c 808899cc 8057abbc 8030cb0c
[  148.881278][ T4171] 1e40: 85582f00 00000001 01582f00 00000000 00000000 757171ad 80886a40 85582f00
[  148.881697][ T4171] 1e60: 81cf0bd4 00000000 80000001 81cf0b5c 0000000a 84528c00 dfb21ebc dfb21e88
[  148.882187][ T4171] 1e80: 80886df4 80892b18 00000000 00000000 00000000 84e1d800 85582f6c 85582f00
[  148.882438][ T4171] 1ea0: 85680000 00000000 00000000 84528c00 dfb21f14 dfb21ec0 808877a8 80886b7c
[  148.882685][ T4171] 1ec0: 8088e164 81a4bdf8 00000000 00000000 00000001 00000001 81cf0b5c 00000001
[  148.882930][ T4171] 1ee0: 84e1d800 757171ad 845b90c0 00000000 84e1d800 000027e2 845b90c0 00000000
[  148.883139][ T4171] 1f00: 84528c00 00000000 dfb21fa4 dfb21f18 80888250 808875a8 ecac8b10 84e1d840
[  148.883344][ T4171] 1f20: 00000000 00000000 81a4fbd0 81a4faa0 dfb21f54 dfb21f40 8026b438 8029ce1c
[  148.883554][ T4171] 1f40: dfb21fb0 40000000 dfb21f84 dfb21f58 802229dc 8026b3f4 00000000 8281d05c
[  148.883759][ T4171] 1f60: dfb21fb0 0014c490 ecac8b10 80222930 00000000 757171ad dfb21fac 00000000
[  148.883985][ T4171] 1f80: 00000000 002e630c 000001aa 8020029c 84528c00 000001aa 00000000 dfb21fa8
[  148.884241][ T4171] 1fa0: 80200060 80888124 00000000 00000000 00000006 000027e2 00000000 00000000
[  148.884499][ T4171] 1fc0: 00000000 00000000 002e630c 000001aa 002d0000 00000000 00006364 76b5e0bc
[  148.884745][ T4171] 1fe0: 76b5dec0 76b5deb0 0001939c 00131f30 60000010 00000006 00000000 00000000
[  148.885021][ T4171] Call trace: 
[  148.885324][ T4171] [<808899c0>] (io_buffer_select) from [<80892d3c>] (io_recvmsg+0x230/0x420)
[  148.885812][ T4171]  r7:00000040 r6:00000000 r5:85482500 r4:85582f00
[  148.886121][ T4171] [<80892b0c>] (io_recvmsg) from [<80886df4>] (io_issue_sqe+0x284/0x658)
[  148.886366][ T4171]  r10:84528c00 r9:0000000a r8:81cf0b5c r7:80000001 r6:00000000 r5:81cf0bd4
[  148.886582][ T4171]  r4:85582f00
[  148.886688][ T4171] [<80886b70>] (io_issue_sqe) from [<808877a8>] (io_submit_sqes+0x20c/0x938)
[  148.886915][ T4171]  r10:84528c00 r9:00000000 r8:00000000 r7:85680000 r6:85582f00 r5:85582f6c
[  148.887100][ T4171]  r4:84e1d800
[  148.887202][ T4171] [<8088759c>] (io_submit_sqes) from [<80888250>] (sys_io_uring_enter+0x138/0x780)
[  148.887469][ T4171]  r10:00000000 r9:84528c00 r8:00000000 r7:845b90c0 r6:000027e2 r5:84e1d800
[  148.887662][ T4171]  r4:00000000
[  148.887862][ T4171] [<80888118>] (sys_io_uring_enter) from [<80200060>] (ret_fast_syscall+0x0/0x1c)
[  148.888423][ T4171] Exception stack(0xdfb21fa8 to 0xdfb21ff0)
[  148.888812][ T4171] 1fa0:                   00000000 00000000 00000006 000027e2 00000000 00000000
[  148.889173][ T4171] 1fc0: 00000000 00000000 002e630c 000001aa 002d0000 00000000 00006364 76b5e0bc
[  148.889536][ T4171] 1fe0: 76b5dec0 76b5deb0 0001939c 00131f30
[  148.889820][ T4171]  r10:000001aa r9:84528c00 r8:8020029c r7:000001aa r6:002e630c r5:00000000
[  148.890926][ T4171]  r4:00000000
[  148.891575][ T4171] Code: e3130001 0a00002f e5910000 e1d120be (e1d030be) 
[  148.893826][ T4171] ---[ end trace 0000000000000000 ]---
[  148.907153][   T31] audit: type=1400 audit(148.830:149): avc:  denied  { read } for  pid=2908 comm="syslogd" name="log" dev="vda" ino=795 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  148.909115][   T31] audit: type=1400 audit(148.830:150): avc:  denied  { search } for  pid=2908 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  148.914231][   T31] audit: type=1400 audit(148.830:151): avc:  denied  { write } for  pid=2908 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  148.915329][   T31] audit: type=1400 audit(148.830:152): avc:  denied  { add_name } for  pid=2908 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  148.916920][   T31] audit: type=1400 audit(148.830:153): avc:  denied  { create } for  pid=2908 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  148.918845][   T31] audit: type=1400 audit(148.830:154): avc:  denied  { append open } for  pid=2908 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  148.923288][   T31] audit: type=1400 audit(148.830:155): avc:  denied  { getattr } for  pid=2908 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  148.934938][ T4171] Kernel panic - not syncing: Fatal exception
[  148.938332][ T4171] Rebooting in 86400 seconds..

VM DIAGNOSIS:
22:59:13  Registers:
info registers vcpu 0

CPU#0
R00=829bc740 R01=00000024 R02=ffffffff R03=81a50408
R04=82ab52c0 R05=757cc800 R06=00007270 R07=00000022
R08=84ce045c R09=84ce0088 R10=00000000 R11=df985c6c
R12=df985c70 R13=df985c60 R14=812cbfb4 R15=81a50418
PSR=60010013 -ZC- A S svc32
s00=00000000 s01=00000000 d00=0000000000000000
s02=00000000 s03=00000000 d01=0000000000000000
s04=00000000 s05=00000000 d02=0000000000000000
s06=00000000 s07=00000000 d03=0000000000000000
s08=00000000 s09=00000000 d04=0000000000000000
s10=00000000 s11=00000000 d05=0000000000000000
s12=00000000 s13=00000000 d06=0000000000000000
s14=00000000 s15=00000000 d07=0000000000000000
s16=00000000 s17=00000000 d08=0000000000000000
s18=00000000 s19=00000000 d09=0000000000000000
s20=00000000 s21=00000000 d10=0000000000000000
s22=00000000 s23=00000000 d11=0000000000000000
s24=00000000 s25=00000000 d12=0000000000000000
s26=00000000 s27=00000000 d13=0000000000000000
s28=00000000 s29=00000000 d14=0000000000000000
s30=00000000 s31=00000000 d15=0000000000000000
s32=00000000 s33=00000000 d16=0000000000000000
s34=00000000 s35=00000000 d17=0000000000000000
s36=00000000 s37=00000000 d18=0000000000000000
s38=00000000 s39=00000000 d19=0000000000000000
s40=00000000 s41=00000000 d20=0000000000000000
s42=00000000 s43=00000000 d21=0000000000000000
s44=00000000 s45=00000000 d22=0000000000000000
s46=00000000 s47=00000000 d23=0000000000000000
s48=00000000 s49=00000000 d24=0000000000000000
s50=00000000 s51=00000000 d25=0000000000000000
s52=00000000 s53=00000000 d26=0000000000000000
s54=00000000 s55=00000000 d27=0000000000000000
s56=00000000 s57=00000000 d28=0000000000000000
s58=00000000 s59=00000000 d29=0000000000000000
s60=00000000 s61=00000000 d30=0000000000000000
s62=00000000 s63=00000000 d31=0000000000000000
FPSCR: 00000000
info registers vcpu 1

CPU#1
R00=00000000 R01=00000000 R02=00000000 R03=82a70d4c
R04=84528c00 R05=82257c34 R06=829f2826 R07=82a71188
R08=00000002 R09=0000104b R10=00000000 R11=dfb21c44
R12=dfb21be8 R13=dfb21be8 R14=81a21ff0 R15=81a21ff8
PSR=60000093 -ZC- A S svc32
s00=00000000 s01=00000000 d00=0000000000000000
s02=00000000 s03=00000000 d01=0000000000000000
s04=00000000 s05=00000000 d02=0000000000000000
s06=00000000 s07=00000000 d03=0000000000000000
s08=00000000 s09=00000000 d04=0000000000000000
s10=00000000 s11=00000000 d05=0000000000000000
s12=00000000 s13=00000000 d06=0000000000000000
s14=00000000 s15=00000000 d07=0000000000000000
s16=00000000 s17=00000000 d08=0000000000000000
s18=00000000 s19=00000000 d09=0000000000000000
s20=00000000 s21=00000000 d10=0000000000000000
s22=00000000 s23=00000000 d11=0000000000000000
s24=00000000 s25=00000000 d12=0000000000000000
s26=00000000 s27=00000000 d13=0000000000000000
s28=00000000 s29=00000000 d14=0000000000000000
s30=00000000 s31=00000000 d15=0000000000000000
s32=00000000 s33=00000000 d16=0000000000000000
s34=00000000 s35=00000000 d17=0000000000000000
s36=00000000 s37=00000000 d18=0000000000000000
s38=00000000 s39=00000000 d19=0000000000000000
s40=00000000 s41=00000000 d20=0000000000000000
s42=00000000 s43=00000000 d21=0000000000000000
s44=00000000 s45=00000000 d22=0000000000000000
s46=00000000 s47=00000000 d23=0000000000000000
s48=00000000 s49=00000000 d24=0000000000000000
s50=00000000 s51=00000000 d25=0000000000000000
s52=00000000 s53=00000000 d26=0000000000000000
s54=00000000 s55=00000000 d27=0000000000000000
s56=00000000 s57=00000000 d28=0000000000000000
s58=00000000 s59=00000000 d29=0000000000000000
s60=00000000 s61=00000000 d30=0000000000000000
s62=00000000 s63=00000000 d31=0000000000000000
FPSCR: 00000000