last executing test programs:

12m11.228070448s ago: executing program 1 (id=62):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x7, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}, 'macvlan1\x00'}}, 0x1e)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
exit(0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x96)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'veth0_to_hsr\x00', &(0x7f00000000c0)=@ethtool_gstrings={0x1b, 0x4}})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCMGET(r2, 0x5415, &(0x7f0000000080))
r3 = dup(r2)
write$uinput_user_dev(r3, &(0x7f00000004c0)={'syz0\x00', {0x27, 0x3, 0x1, 0x9}, 0x7, [0x4, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0xc1f, 0x1, 0x7f5d, 0x3, 0x6, 0x5, 0x10000, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x9, 0xd9, 0x2, 0x6, 0x3, 0x3, 0x9, 0xbff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x0, 0xb, 0xcc, 0x5, 0x80, 0x401, 0x5, 0x6, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x4, 0x80000000, 0x1, 0x9, 0x7, 0x0, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x5, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x4, 0x9, 0x9, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0x8, 0xbc1, 0x80000, 0x0, 0x5e81b39d, 0xffffc256, 0x5, 0x80000001, 0x0, 0x0, 0x100, 0x4, 0x7, 0x9, 0x4, 0x1, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x7, 0x2, 0x8000, 0x807fff, 0x1, 0x9425, 0x8, 0x6f, 0x80b, 0x1, 0x2000006, 0x525ba681, 0x4f74, 0x9, 0x1, 0x1, 0x4, 0x100, 0x6, 0x10000, 0xf51, 0x8b, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x4, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x1, 0x1, 0x4, 0x8, 0xfffffffa, 0x7, 0x9, 0x6, 0x4, 0xfffffff7, 0xa3, 0x3, 0x0, 0x0, 0x3, 0x4c, 0x3, 0x5, 0x2, 0x0, 0x4173, 0x13, 0x0, 0x2, 0xfff, 0x6, 0x100, 0x7c83, 0xd, 0x1, 0x4, 0xf, 0x6, 0x47, 0x7, 0x0, 0x11, 0x3, 0xffd, 0x7, 0x7, 0x8000, 0x7ff, 0x4, 0x2, 0x10001, 0x1, 0x0, 0x6, 0x1], [0x81, 0x3, 0x10, 0x4e26, 0x3, 0x40, 0xfffffff3, 0x497, 0x4, 0x1, 0x3, 0x5, 0x56, 0xc28, 0x9, 0x5, 0x5, 0xa, 0x79a, 0x40, 0x9, 0x6, 0xc41f, 0x80000001, 0x6, 0xffffffff, 0x0, 0xd5, 0x6a, 0x9, 0x0, 0x0, 0x1000, 0x10, 0xd, 0x6, 0x8000, 0x53, 0x78d, 0x4, 0x1, 0xffffb027, 0xfffffff8, 0x9, 0x7, 0x6, 0x101, 0x7, 0x7, 0x4, 0x0, 0x8, 0x402, 0x8, 0x0, 0x8, 0x7, 0x9a33247, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c)
connect$pppoe(r3, &(0x7f0000000040)={0x18, 0x0, {0x2, @multicast, 'erspan0\x00'}}, 0x1e)
writev(r0, &(0x7f00000002c0), 0x0)

12m10.285267336s ago: executing program 1 (id=70):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x44, 0x0, &(0x7f0000000fc0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x0, &(0x7f0000002040)={@flat=@weak_binder={0x77622a85, 0x101, 0x3}, @ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/115, 0x73, 0x2, 0x1a}, @ptr={0x70742a85, 0x1, &(0x7f0000001040)=""/4096, 0x1000, 0x1, 0x2b}}, 0x0}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x4c, 0x0, &(0x7f0000000600)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0xfb8, &(0x7f0000000300)={@fd={0x66642a85, 0x0, r3, 0x0, 0x300000000000000}, @fd, @flat=@weak_handle={0x77682a85, 0x1, 0x1}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})

12m9.963236236s ago: executing program 1 (id=72):
gettid()
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0)
read$FUSE(r2, &(0x7f0000002240)={0x2020}, 0x2020)
writev(r2, &(0x7f0000002140)=[{&(0x7f0000000040)='T01\n', 0x4}, {&(0x7f0000000080)="37c80900001200000000c3", 0xb}], 0x2)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r4, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r6, 0x118, 0x1, &(0x7f0000000340)=0x441, 0x4)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r7, 0x6, 0x24, &(0x7f0000000080)=0x1, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0x300, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xd, 0x3679dbca174dadf5}, {0xfff4, 0xfff1}, {0x8, 0x10}}, [@TCA_RATE={0x6, 0x5, {0x6, 0x3a}}, @TCA_CHAIN={0x8, 0xb, 0x4}, @TCA_RATE={0x6, 0x5, {0xa, 0x80}}, @TCA_RATE={0x6, 0x5, {0x9, 0xff}}, @TCA_RATE={0x6, 0x5, {0x8, 0x3}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x80c0)
recvmmsg(r7, &(0x7f0000003cc0)=[{{&(0x7f0000000600)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, 0x0}, 0x8}], 0x1, 0x80, 0x0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x20, r5, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x48040}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, r8, 0x200, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void, @val={0xc, 0x99, {0xfff, 0x5d}}}}, ["", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4044}, 0x40000)

12m9.851285995s ago: executing program 1 (id=74):
socket$alg(0x26, 0x5, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x121403, 0x0)
prctl$PR_SET_MM_MAP(0x49, 0xe, &(0x7f0000000080)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x0, 0x0, &(0x7f0000000540)='GPL\x00', 0x80000000, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYRESDEC=r1], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000580), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x18040, &(0x7f0000000500)=ANY=[@ANYRESDEC=r2])
chdir(&(0x7f0000000000)='./file0\x00')
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x7, 0x100}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x180, 0x111, 0x4b4, 0x8, 0xd4feffff, 0x290, 0x20a, 0x278, 0x290, 0x278, 0x3, 0x0, {[{{@ipv6={@loopback, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00'}, 0x0, 0x118, 0x180, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@ipv6={@mcast1, @empty, [], [], 'xfrm0\x00', 'pim6reg1\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xfffffffd}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000000), 0xfea7)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r5, 0x401054d5, &(0x7f00000001c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0xfd, 0x100}]})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r4, 0x0)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x4e0, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x0, {}, [@common=@unspec=@bpf0={{0x230}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x540)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x181942, 0x0)
r7 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_qrtr_TIOCOUTQ(r7, 0x5411, &(0x7f0000000240))
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x82)
r9 = fanotify_init(0x81, 0x40000)
fanotify_mark(r9, 0x105, 0x800101b, r8, 0x0)

12m9.382487883s ago: executing program 1 (id=78):
timer_create(0x1, &(0x7f0000000180)={0x0, 0x21, 0x800000000004}, 0x0)
r0 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_getoverrun(r1)
setreuid(0xee01, 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x22401, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

12m8.123751195s ago: executing program 1 (id=86):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x400000, 0x0, 0x111, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000340)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4, @loopback}, @in={0x2, 0x4000, @broadcast}}}, 0x118)

12m8.056687197s ago: executing program 32 (id=86):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x400000, 0x0, 0x111, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000340)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4, @loopback}, @in={0x2, 0x4000, @broadcast}}}, 0x118)

11m27.250142115s ago: executing program 3 (id=257):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x1000000, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x4, 0x1}, {0x4, 0x6, 0x1}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)

11m27.247073031s ago: executing program 3 (id=260):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="380000000314010027bd7010fedbdf250b0002006c797a32000000000800410072786500140033006c6f", @ANYRESOCT=r0], 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0)

11m27.181194026s ago: executing program 3 (id=264):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x6)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
connect$netlink(r2, &(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfb}, 0xc)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000c80)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10)
setsockopt$sock_int(r3, 0x1, 0xb, &(0x7f0000000000)=0x7, 0x4)
sendto$inet(r3, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x4004084, 0x0, 0x0)
accept4$rose(r1, &(0x7f0000000340)=@full={0xb, @remote, @default, 0x0, [@null, @bcast, @remote, @default]}, &(0x7f0000000380)=0x40, 0x80000)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x1)
ioctl$TCFLSH(r4, 0x800455ca, 0x2)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'lo\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002cbd7000fedbdf251d00000008000300", @ANYRES32=0x0, @ANYBLOB="080001005a00000008000300", @ANYRES32=r7, @ANYBLOB="5df148e59295f263c84ac293082eb0b1da76cf735bbdd2abafa32c4150e5add6"], 0x2c}, 0x1, 0x0, 0x0, 0x24040081}, 0x4c000)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001400b59527bd7000ffdbdf250a4000ff", @ANYRES32=r5, @ANYBLOB="64f0d120464814000200000000000000000000000000000000010800"], 0x34}, 0x1, 0x0, 0x0, 0x2004c041}, 0x400c0c0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/clear_refs\x00', 0x1, 0x0)

11m24.7632368s ago: executing program 3 (id=278):
socket$alg(0x26, 0x5, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x121403, 0x0)
prctl$PR_SET_MM_MAP(0x49, 0xe, &(0x7f0000000080)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x0, 0x0, &(0x7f0000000540)='GPL\x00', 0x80000000, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYRESDEC=r1], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000580), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x18040, &(0x7f0000000500)=ANY=[@ANYRESDEC=r2])
chdir(&(0x7f0000000000)='./file0\x00')
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x7, 0x100}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x180, 0x111, 0x4b4, 0x8, 0xd4feffff, 0x290, 0x20a, 0x278, 0x290, 0x278, 0x3, 0x0, {[{{@ipv6={@loopback, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00'}, 0x0, 0x118, 0x180, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@ipv6={@mcast1, @empty, [], [], 'xfrm0\x00', 'pim6reg1\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xfffffffd}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000000), 0xfea7)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r5, 0x401054d5, &(0x7f00000001c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0xfd, 0x100}]})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r4, 0x0)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x4e0, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x0, {}, [@common=@unspec=@bpf0={{0x230}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x540)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x181942, 0x0)
r7 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_qrtr_TIOCOUTQ(r7, 0x5411, &(0x7f0000000240))
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)

11m24.500746811s ago: executing program 3 (id=279):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00000004060300000000000000000001fc0008050001000700"], 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x20000814)

11m22.381493356s ago: executing program 3 (id=291):
socket$kcm(0x2, 0x200000000000001, 0x106)
syz_open_dev$sg(&(0x7f00000010c0), 0x1, 0x40)
socket$igmp6(0xa, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$key(0xf, 0x3, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/locks\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000f00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000200), 0x20a00, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x0, &(0x7f00000000c0), &(0x7f00000001c0)=[0x9], &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x1})

11m22.067924716s ago: executing program 33 (id=291):
socket$kcm(0x2, 0x200000000000001, 0x106)
syz_open_dev$sg(&(0x7f00000010c0), 0x1, 0x40)
socket$igmp6(0xa, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$key(0xf, 0x3, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/locks\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000f00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000200), 0x20a00, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x0, &(0x7f00000000c0), &(0x7f00000001c0)=[0x9], &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x1})

10m25.936326151s ago: executing program 4 (id=569):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000880)={{0x14, 0x10, 0x7c, 0x0, 0x6000, {0x5}}, [@NFT_MSG_DELOBJ={0x1c, 0x14, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x14}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x44}}, 0x40)

10m25.088236466s ago: executing program 4 (id=571):
syz_usb_connect$uac2(0x2, 0x9a, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010102000000200c201810400001020301090288000301018008080b0001010c20060904000000010120"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0})

10m22.643014058s ago: executing program 4 (id=578):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x68}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001400))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_setup(0x4, &(0x7f0000000080)=<r3=>0x0)
io_destroy(r3)

10m21.475096202s ago: executing program 4 (id=582):
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca946e64009400ff0325010ebc000000000000008004", 0x39}], 0x1)
syz_usb_connect(0x2, 0x43, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a3233910daa658744d2d010203010902310001080010000904df0003080662ff09050c02200006060309941f1000020102070424"], 0x0)

10m19.56610778s ago: executing program 4 (id=589):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0xa)
fchdir(r1)
socket$netlink(0x10, 0x3, 0x0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1031c2, 0xb4)
ftruncate(r2, 0x2007ffb)
close(r2)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r3, 0x402, 0x8000003d)
fcntl$setsig(r3, 0xa, 0x21)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0)

10m18.213921579s ago: executing program 4 (id=595):
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
syz_usb_connect(0x0, 0x24, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000e4c5ad101d0620c0159c0102030109021200010000000009"], 0x0)

10m3.05848402s ago: executing program 34 (id=595):
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
syz_usb_connect(0x0, 0x24, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000e4c5ad101d0620c0159c0102030109021200010000000009"], 0x0)

9m35.277661956s ago: executing program 2 (id=688):
read$msr(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000ac0)={0x30, r1, 0xe7816804f9787cab, 0x70b52a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x6, 0xbe, "8a7b"}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x404c805}, 0x44002084)

9m34.912229756s ago: executing program 2 (id=690):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a31000000000800054000000002"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2, 0xa8d4}}, './file0\x00'})
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9", 0x5, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffa)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x1c, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

9m34.078151803s ago: executing program 2 (id=694):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x143400, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r2, 0x4038ae7a, &(0x7f0000000000)={0x0, 0x40000105, 0x0, 0x0})
close_range(r0, 0xffffffffffffffff, 0x0)

9m33.536414979s ago: executing program 2 (id=697):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)

9m33.022291797s ago: executing program 2 (id=698):
r0 = syz_open_dev$vbi(&(0x7f00000028c0), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, 0x0)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x640, 0x1, 0x1, 0xd59f83, 0x7, 0x6, 0x19ef, 0x3, 0x3, 0xe614, 0x2800, 0x2, 0xba3, 0x9, 0x0, {0x8, 0xfffffffd}, 0xd0, 0x9}})

9m32.870070041s ago: executing program 2 (id=699):
syz_open_dev$dvb_dvr(&(0x7f0000000000), 0x0, 0x8257f)
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x121100, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$SOUND_MIXER_READ_DEVMASK(r0, 0xc0044dff, &(0x7f0000004000))
bpf$MAP_CREATE(0x0, &(0x7f0000001bc0)=ANY=[], 0x48)
r3 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}])
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x1e4011, 0x0)

9m17.181573999s ago: executing program 35 (id=699):
syz_open_dev$dvb_dvr(&(0x7f0000000000), 0x0, 0x8257f)
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x121100, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$SOUND_MIXER_READ_DEVMASK(r0, 0xc0044dff, &(0x7f0000004000))
bpf$MAP_CREATE(0x0, &(0x7f0000001bc0)=ANY=[], 0x48)
r3 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}])
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x1e4011, 0x0)

58.958878751s ago: executing program 5 (id=6650):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000240)=@filter={'filter\x00', 0x2, 0x4, 0x3f8, 0xffffffff, 0x0, 0x0, 0x1a0, 0xfeffffff, 0xffffffff, 0x328, 0x328, 0x328, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [], 'macsec0\x00', 'bond_slave_0\x00'}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}, {{@ipv6={@rand_addr=' \x01\x00', @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@eui64={{0x28}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @local, @loopback, @remote}}]}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000000000007110100000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000580)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x7, '\x00', 0x0, 0x0}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r3, 0x4)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
write$tun(r4, &(0x7f0000000780)=ANY=[], 0x58)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0x5, 0x4}, {0x0, 0x5}, {0x2, 0x4}]}]}, {0x0, [0x30, 0x30, 0x5f, 0x2e]}}, &(0x7f00000002c0)=""/145, 0x42, 0x91, 0x0, 0x7}, 0x28)
r6 = socket(0x2b, 0x80801, 0x1)
signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0xfffffffffffffff7]}, 0x8, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x7e6b, 0x0, 0x100000}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x800, 0x0, 0x0, 0x0, 0x6a9}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x2, @empty}, 0x1c)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x170bd26, 0x25dfdbff, {0x7, r8}, [@MDBA_SET_ENTRY={0x20, 0x1, {r8, 0x1, 0x2, 0x4, {@ip4=@multicast2, 0x800}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20008011}, 0x4040)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000002180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000b80)={{0xeb9f, 0x1, 0x0, 0xfc5f, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0xfc5f}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0x16, &(0x7f0000001280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
mlockall(0x1) (fail_nth: 15)
munlockall()
close(r4)
pipe2(&(0x7f00000001c0), 0x5800)

58.320655897s ago: executing program 5 (id=6660):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26", 0x6c}, {0x0}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91566b7f1725f39f", 0x1c}], 0x4, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224eba0fe5f05c53081ff", 0x24}], 0x1}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4c", 0x5}], 0x1}}], 0x3, 0x20000044)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be521634", 0xc}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

58.210872797s ago: executing program 5 (id=6663):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000006c0)={0x1c, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4000840)
gettimeofday(&(0x7f0000000000), 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000780)='devpts\x00', 0x0, 0x0)
mount$binder(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x28, &(0x7f0000000040)=ANY=[@ANYRES32])

58.1191998s ago: executing program 5 (id=6664):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e98e92fe2fd18e63d4d5699814d9843367774e155678592d0eec07073e851f50827bde418748aa0741684fe603e34dcc960678c7b3e71e48befa166d4a5247325fa881fc7857a8caadde6a2ac9cdcc4ead01267dbb4c639d6d8a80f9637e0c2a3f962347813", 0xd8}, {0x0}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d32", 0xe}], 0x3, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224eba0fe5f05c53081ff", 0x24}, {&(0x7f0000000ec0)="6e20cbe6a4a132117801a95e6fd3ec57", 0x10}], 0x2}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17aa4", 0xc}], 0x1}}], 0x3, 0x20000044)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46", 0xb5}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

58.015698576s ago: executing program 5 (id=6665):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e98e92fe2fd18e63d4d5699814d9843367774e155678592d0eec07073e851f50827bde418748aa0741684fe603e34dcc960678c7b3e71e48befa166d4a5247325fa881fc7857a8caadde6a2ac9cdcc4ead01267dbb4c639d6d8a80f9637e0c2a3f962347813", 0xd8}, {0x0}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d32", 0xe}], 0x4, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224eba0fe5f05c53081ff", 0x24}, {&(0x7f0000000ec0)="6e20cbe6a4a132117801a95e6fd3ec57", 0x10}], 0x2}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17aa4", 0xc}], 0x1}}], 0x3, 0x20000044)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

57.939852108s ago: executing program 5 (id=6666):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000580), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x18040, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000ac0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x8, &(0x7f0000000300)}}, 0x20)

44.800796563s ago: executing program 0 (id=6834):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000002c0)={0x800000000, 0xeeef0000, 0x0, 0xffffffffffffffff, 0x6})
openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = io_uring_setup(0x7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="02c91012000e000500150e0a000401040101"], 0x17)

44.620453474s ago: executing program 0 (id=6837):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000003c0)={0x3ff, 0x200010, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd840})
close_range(r0, 0xffffffffffffffff, 0xb000200)

44.552129385s ago: executing program 0 (id=6839):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000001100)=ANY=[@ANYBLOB="1c0000f500fcffffffffffffff000004000045"], 0xfdef)

44.289419833s ago: executing program 0 (id=6843):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
statx(r0, &(0x7f0000000080)='./file1\x00', 0x0, 0x103, &(0x7f0000000400))
getpgid(0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000240), 0x2000a54, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x6, 0x1, 0x1, 0x0, 0xf8})
ioctl$vim2m_VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000080)={0x0, 0x1, 0x1, 0x4880})
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, 0x0)

44.180405089s ago: executing program 0 (id=6846):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26", 0x6c}, {0x0}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91", 0x15}], 0x4, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224eba0fe5f05c53081ff", 0x24}], 0x1}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4c", 0x5}], 0x1}}], 0x3, 0x20000044)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)=',8Z', 0x3)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

44.0004149s ago: executing program 0 (id=6849):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_PASTESEL(r0, 0x4bfb, &(0x7f00000010c0))
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x400)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_int(r2, 0x0, 0x21, 0x0, &(0x7f0000000100))
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000001200), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000040)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r3, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[<r5=>0x0, 0x0, <r6=>0x0], &(0x7f0000000040), 0x3, r4})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000580)={0x601, 0x1, &(0x7f0000000180)=[r4], &(0x7f00000000c0)=[0x3], &(0x7f0000000640)=[r6, r5, r5], &(0x7f0000000340), 0x0, 0x3})
r7 = syz_open_dev$media(&(0x7f0000000100), 0x0, 0x600)
preadv(r7, &(0x7f0000001400)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1, 0x3, 0x5)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000000)={0x4b6b5e1b, <r8=>0x0, 0x10001})
ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000040)={r8, 0x90000000000000})

43.960509381s ago: executing program 36 (id=6849):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_PASTESEL(r0, 0x4bfb, &(0x7f00000010c0))
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x400)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_int(r2, 0x0, 0x21, 0x0, &(0x7f0000000100))
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000001200), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000040)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r3, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[<r5=>0x0, 0x0, <r6=>0x0], &(0x7f0000000040), 0x3, r4})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000580)={0x601, 0x1, &(0x7f0000000180)=[r4], &(0x7f00000000c0)=[0x3], &(0x7f0000000640)=[r6, r5, r5], &(0x7f0000000340), 0x0, 0x3})
r7 = syz_open_dev$media(&(0x7f0000000100), 0x0, 0x600)
preadv(r7, &(0x7f0000001400)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1, 0x3, 0x5)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000000)={0x4b6b5e1b, <r8=>0x0, 0x10001})
ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000040)={r8, 0x90000000000000})

42.927851427s ago: executing program 37 (id=6666):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000580), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x18040, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000ac0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x8, &(0x7f0000000300)}}, 0x20)

2.629379095s ago: executing program 8 (id=7705):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e98e92fe2fd18e63d4d5699814d9843367774e155678592d0eec07073e851f50827bde418748aa0741684fe603e34dcc960678c7b3e71e48befa166d4a5247325fa881fc7857a8caadde6a2ac9cdcc4ead01267dbb4c639d6d8a80f9637e0c2a3f962347813", 0xd8}, {0x0}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91566b7f1725f39f", 0x1c}], 0x4, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224eba0fe5f05c53081ff", 0x24}], 0x1}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4c", 0x5}], 0x1}}], 0x3, 0x20000044)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x682201, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xffbf}], 0x1)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

959.681722ms ago: executing program 6 (id=7712):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e98e92fe2fd18e63d4d5699814d9843367774e155678592d0eec07073e851f50827bde418748aa0741684fe603e34dcc960678c7b3e71e48befa166d4a5247325fa881fc7857a8caadde6a2ac9cdcc4ead01267dbb4c639d6d8a80f9637e0c2a3f962347813", 0xd8}, {0x0}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d32", 0xe}], 0x3, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224eba0fe5f05c53081ff", 0x24}, {&(0x7f0000000ec0)="6e20cbe6a4a132117801a95e6fd3ec57", 0x10}], 0x2}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17aa4", 0xc}], 0x1}}], 0x3, 0x20000044)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[], 0x6f4}}, 0x0)

959.473488ms ago: executing program 7 (id=7713):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x94, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
sendmsg$NFT_MSG_GETRULE(r2, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)={0x118, 0x7, 0xa, 0x401, 0x0, 0x0, {0x3}, [@NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}, @NFTA_RULE_USERDATA={0xa0, 0x7, 0x1, 0x0, "916008638f0d42ef01aa6cf3b86c810e43e151afc77f8fff2a10e0c221fd23d153b1a2f1d744df0966b610183b9734284095489a6c3a21afccbc587ba16c6969f3dd4af80b05008a79b6e3c7a890eee69364f932c816691225889bbdfec636bb1212587b88aeccb0b68b64155bd5b49bf47674763ba5a2f105948185976d2ce978d93f15cfd16f48f5f279f13c5112e310c639ed2cbfead202dd506e"}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT={0x2c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x6c}, @NFTA_RULE_COMPAT_FLAGS={0x8}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0xff}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x1d}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x1a}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x40090}, 0x4040000)

900.521532ms ago: executing program 8 (id=7714):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000580), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x18040, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file1'}, 0x48)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
add_key$keyring(&(0x7f0000000000), 0x0, 0x100000000000000, 0x0, 0xfffffffffffffffe)

899.833868ms ago: executing program 7 (id=7716):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x26a66000)
r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x8002)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000000)=@usbdevfs_driver={0x0, 0x80805513, 0x0})
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

899.724766ms ago: executing program 6 (id=7717):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000140)={0x200000000000001, 0x800}, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x7101, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

877.936107ms ago: executing program 9 (id=7718):
r0 = socket$inet(0x10, 0x3, 0x0) (async)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0xc6, 0x8, 0x208}})
ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x107, 0x100, 0x100, 0x1, 0x4000}}) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000b80)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) (async)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$inet(r5, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f0000000240), 0x1}}, {{0x0, 0x0, &(0x7f00000004c0)=[{0x0, 0xf00}, {&(0x7f00000002c0)="00000000008542f4cdb9eaa26519373f589fc2eb12c86e15e5d786493663546e514e6ad1b23e97c489", 0x5}], 0x2}}], 0x400000000000039, 0x8004)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="44000000100001040200"/20, @ANYRES32=0x0, @ANYBLOB="28250200000800001c0012800c0001006d6163766c616e000c000280080007001000000008000500", @ANYRES32=r3], 0x44}}, 0x800)

877.531119ms ago: executing program 8 (id=7719):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e98e92fe2fd18e63d4d5699814d9843367774e155678592d0eec07073e851f50827bde418748aa0741684fe603e34dcc960678c7b3e71e48befa166d4a5247325fa881fc7857a8caadde6a2ac9cdcc4ead01267dbb4c639d6d8a80f9637e0c2a3f962347813", 0xd8}, {0x0}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91566b7f1725f39f", 0x1c}], 0x4, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224eba0fe5f05c53081ff", 0x24}, {&(0x7f0000000ec0)="6e20cbe6a4a132117801a95e6fd3ec57", 0x10}], 0x2}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17a", 0xb}], 0x1}}], 0x3, 0x20000044)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
r0 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
close(r0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
fadvise64(r1, 0x18, 0xfff4, 0x4)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000480)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000425bd7000fcdbdf040200010008003f0036000000080061"], 0x24}, 0x1, 0x0, 0x0, 0x4008001}, 0x20000000)
sendmsg$NL80211_CMD_SET_COALESCE(r4, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r5, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r6}, @void}}}, 0x28}}, 0x0)
r7 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0)
ioctl$EVIOCGKEY(r7, 0x80404518, &(0x7f00000002c0)=""/183)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r8 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r10, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES64=r2, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

800.890985ms ago: executing program 6 (id=7720):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x40000)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x34524742, 0x500, 0x2d0, 0x0, @discrete={0xb, 0x7}})
openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x270c40, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x804)
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0xfffff34, 0x0, [{0xf88e470f, 0xed}]})
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x10000000000002, 0x9, 0xffbffffffffffffd, 0x77, 0x2, 0x2, 0x4002004c4, 0x1003, 0x8000000000000000, 0xc595, 0x0, 0x1, 0x9, 0x2000000000000000, 0x5, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

800.724102ms ago: executing program 9 (id=7721):
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffa)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r3=>r2, {0x3}}, './file0\x00'})
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x1c, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

800.533611ms ago: executing program 8 (id=7722):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@typedef={0x2}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x28}, 0x20)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@alu={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0xb, r0, 0x8, 0x0, 0x0, 0x14, 0x0, 0x14}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x77, 0xbe, &(0x7f0000000080)="69958b5b6ad5318359eb71fae5edfd728ce50f81c8c72e22cbf2a05470751eee72016e086065022a5afa4d42dcce00a51246ad6346593910247f85bf0b17a14d471d1a98cf15e44404a7673023a02bddd95ded1b60b587b5adfe0a513ac24933e5ad99c2ba9a0efb7ceb6194055df1fa9b8bebc934ab03", &(0x7f0000000280)=""/190, 0x0, 0x0, 0xfe, 0xa1, &(0x7f0000000340)="10fb0ca393017c53c1d9e0cde0df8da10c31c13a2edbde1a384e7606531dcf86609d1a9fa6397310c7d7e036f03583d076557fc4efdb6f2eecde252b54e03263fc1932e54059a1bc499bd251bc69234d355745866687b9ad469511a31e041258d3ab78b9f5bb0e5c9bf4820f22b4015f64ae733b69cdfc3f0a4417903cd476dc16687acd94c982591f0a5044e6a81c7cd9aa7cd298ccc60b07b01d8adb2798e471ba156cf2148aad58fad84dcbe2f47f871936e61aee9c5a46e3c57c6753cc1258018c0cf318afda8c25041ba5f89abc04dd839f6e50a7f3c21f690c33cf6432ffd04a8aff8963c575e854f5b0249f90abe1cd9fbf0b09549a9d17559568", &(0x7f0000000440)="088eef61e0b2a333e70da41db41fe2780f2ba0013454949946d7229b0f286291648a82e2b9a7c3e01041988d61e82c28347e92b10b6dd248203c68ad76e2ae078fb110af73bf30fc457fbcb37b4c64c3aae9dcf28ebaca8e0f08782f7718bc12830f3c2b6050955e54cc5a460a5b63aa9ebe15ff92448040ce9ca9ca9a81dba73e70bbc70888781a66bf7bb68c4711b16a01d8e56c7fdf2c92b9e8a29b1c2603bc", 0x1, 0x0, 0x1}, 0x50)

800.390293ms ago: executing program 7 (id=7723):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9", 0x5, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffa)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x900, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x1c, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

748.020135ms ago: executing program 6 (id=7724):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9", 0x5, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffa)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x1c, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x40000)

747.430999ms ago: executing program 9 (id=7725):
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @local}, {0x2, 0xffff, @private}, 0xd0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x0, 0x9})
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="94646311b4e6b81212ec5f50be807e509dce589865ccaffefe334528b5c557572b"], 0x1c}}, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="05032200d3fc220000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000001880)={@empty, <r1=>0x0}, &(0x7f00000018c0)=0x14)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)=@newtfilter={0x2c, 0x2c, 0x81f, 0xb0bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0xfff3, 0xb}, {0x0, 0xfff3}, {0xd, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0xfffffe00}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20041004}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001980)={0xffffffffffffffff, 0x58, &(0x7f0000001900)={0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000019c0)={'veth0_to_bond\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000001a00)={'batadv_slave_0\x00', <r7=>0x0})
r8 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', <r9=>0x0})
setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000080)={r9, 0x1, 0x6, @local}, 0x10)
setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000000)={r9, 0x1, 0x6, @random="2716157f3354"}, 0x10)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000001a40)=<r10=>0x0, &(0x7f0000001a80)=0x4)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000002380)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000002340)={&(0x7f00000023c0)={0x874, 0x0, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [{{0x8}, {0x84, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6848}}, {0x8}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x791377eb}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{}, {}, {0x0, 0x4, 0x1}}}]}}, {{0x8}, {0x130, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r1}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffff5b}}}]}}, {{0x8}, {0x224, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xe}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xc1f}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x0, 0x5, 0x81, 0x2}]}}}, {0x44, 0x1, @name={{0x37}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x270, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xfc}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x100001}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r3}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffff4}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r5}}}, {0x5c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x2c, 0x4, [{0x9, 0x4, 0x4, 0x7}, {0xf30b, 0x7, 0x85, 0x9}, {0x2, 0x6, 0x3, 0x8000}, {0x1ff, 0x88, 0x3, 0x8}, {0x3, 0x8, 0x9, 0x6}]}}}]}}, {{0x8, 0x1, r6}, {0x16c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x8000}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}]}, 0x874}, 0x1, 0x0, 0x0, 0x4000}, 0x20001801)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002f3144e8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cdff00000001020014bb000001000000002300001300030005000020000002"], 0x80}}, 0x0)
r11 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r11, &(0x7f00000000c0), 0x2c8, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0)
r12 = syz_io_uring_setup(0x5739, &(0x7f0000000280)={0x0, 0x1, 0x10100, 0x1, 0x32e}, 0x0, 0x0, &(0x7f0000000000)=<r13=>0x0)
write$binfmt_format(0xffffffffffffffff, &(0x7f0000000100)='0\x00', 0x2)
r14 = socket$kcm(0x10, 0x2, 0x0)
r15 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r15, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001380)=ANY=[@ANYRES32, @ANYRES32=r4, @ANYRES16=r2, @ANYRES8, @ANYRES32=r2, @ANYRESOCT=r12, @ANYRES8=0x0, @ANYRES16=r5, @ANYRES64=r13], 0x154}}, 0x0)
sendmsg$kcm(r14, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008188040f46ecdb4cb9cca7480e1211000000e3bd012a128748b429021627e305dd2b7a146efb4400", 0x2e}], 0x1}, 0x4048004)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
read(r12, &(0x7f0000000300)=""/4096, 0x1000)

745.641601ms ago: executing program 8 (id=7726):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e98e92fe2fd18e63d4d5699814d9843367774e155678592d0eec07073e851f50827bde418748aa0741684fe603e34dcc960678c7b3e71e48befa166d4a5247325fa881fc7857a8caadde6a2ac9cdcc4ead01267dbb4c639d6d8a80f9637e0c2a3f962347813", 0xd8}, {0x0}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d32", 0xe}], 0x3, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224eba0fe5f05c53081ff", 0x24}, {&(0x7f0000000ec0)="6e20cbe6a4a132117801a95e6fd3ec57", 0x10}], 0x2}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17aa4", 0xc}], 0x1}}], 0x3, 0x20000044)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[], 0x6f4}}, 0x0)

680.592618ms ago: executing program 9 (id=7727):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x58, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
sendmsg$NFT_MSG_GETRULE(r2, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)={0x118, 0x7, 0xa, 0x401, 0x0, 0x0, {0x3}, [@NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}, @NFTA_RULE_USERDATA={0xa0, 0x7, 0x1, 0x0, "916008638f0d42ef01aa6cf3b86c810e43e151afc77f8fff2a10e0c221fd23d153b1a2f1d744df0966b610183b9734284095489a6c3a21afccbc587ba16c6969f3dd4af80b05008a79b6e3c7a890eee69364f932c816691225889bbdfec636bb1212587b88aeccb0b68b64155bd5b49bf47674763ba5a2f105948185976d2ce978d93f15cfd16f48f5f279f13c5112e310c639ed2cbfead202dd506e"}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT={0x2c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x6c}, @NFTA_RULE_COMPAT_FLAGS={0x8}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0xff}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x1d}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x1a}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x40090}, 0x4040000)

680.30897ms ago: executing program 8 (id=7728):
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000080)="bc", 0x1}], 0x1)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
dup2(r1, r0)
close(0x3)

619.732469ms ago: executing program 9 (id=7729):
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x240080c1)
open(&(0x7f0000000d40)='./file0\x00', 0x840c3, 0x110)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000)
unlink(&(0x7f0000000040)='./file0\x00')
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f00000002c0)=0x140, 0x4)
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, 0x0, &(0x7f00000005c0))
openat$cdrom(0xffffffffffffff9c, &(0x7f00000000c0), 0x4440, 0x0) (async)
r2 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000000c0), 0x4440, 0x0)
ioctl$CDROM_NEXT_WRITABLE(r2, 0x5394, &(0x7f0000000000)) (async)
ioctl$CDROM_NEXT_WRITABLE(r2, 0x5394, &(0x7f0000000000))

619.424081ms ago: executing program 7 (id=7730):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000580), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x18040, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000ac0), 0x2, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0xfffffe00)

570.491521ms ago: executing program 7 (id=7731):
r0 = accept4$x25(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x12, 0x80800)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000002e000100000000000000000005000000060011"], 0x1c}], 0x1, 0x0, 0x0, 0x84}, 0x300)
sendmmsg$sock(r0, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000340)="abc662", 0x3}], 0x1}}], 0x1, 0x20000044)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
r4 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_pidfd_open(r4, 0x0)
setns(r5, 0x24020000)
capset(&(0x7f00000001c0)={0x19980330}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x5})
fsopen(&(0x7f0000000240)='sysfs\x00', 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000004c0), 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, <r8=>0x0}, &(0x7f0000000100)=0x14)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r9)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(0x3)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40ffff14fd080003400000de13480000000c0a010100000000000000000a000006090002000000000900010073797a31000000001c000380180000800c00018006000100d10300000800034000000001140000001100f4ffffffffffffff00000100000a8fb3b955b6a6bdd5a93378ead9f096cd18513694cc0476"], 0xb4}, 0x1, 0x0, 0x0, 0x4000854}, 0x40)
sendmsg$nl_route_sched(r7, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x130, 0x24, 0x100, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0x5, 0x8}, {0xf, 0x6}, {0xa, 0xb}}, [@TCA_STAB={0x10c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xf, 0x0, 0x665, 0x1, 0x2, 0x2, 0x7fff, 0x4}}, {0xc, 0x2, [0x2, 0x1, 0x3, 0x0]}}, {{0x1c, 0x1, {0x5e, 0x0, 0x13, 0x9, 0x2, 0x0, 0x1ff, 0x7}}, {0x12, 0x2, [0x9, 0x4, 0x8, 0x6, 0x2, 0x3, 0x1200]}}, {{0x1c, 0x1, {0x7, 0x1a, 0xb, 0xdaf3, 0x2, 0x1, 0x4, 0x6}}, {0x10, 0x2, [0x3, 0x7, 0x5, 0x2, 0x5, 0x8]}}, {{0x1c, 0x1, {0xfa, 0x8, 0x100, 0x923a, 0x1, 0x800, 0xd487, 0x2}}, {0x8, 0x2, [0x2, 0xb]}}, {{0x1c, 0x1, {0x9, 0x40, 0x3, 0x1, 0x1, 0x2, 0x8, 0x5}}, {0xe, 0x2, [0x4, 0x9, 0xb6, 0x80, 0x1ff]}}, {{0x1c, 0x1, {0x7f, 0x9, 0x9, 0x6, 0x1, 0x8, 0x8, 0xa}}, {0x18, 0x2, [0xff, 0x3ff, 0x7, 0xfff8, 0x2, 0x3, 0x9, 0xb035, 0x5, 0xf]}}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x61f74d23f9077ad0}, 0x2000e852)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c00)=@newtaction={0xe68, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x7, 0x1, 0x10000000, 0x4, 0xaee}, 0x7, 0x7}, [{0x8, 0xfffff000, 0x2, 0x9, 0x1ff, 0xafe}, {0xe, 0xfffffffe, 0x1, 0x9, 0x4, 0x7}, {0x2, 0xfe73, 0x6, 0x8, 0x2, 0x10000}, {0x4320, 0x3bf6, 0x4, 0x8, 0xffffff9d, 0x4}, {0x6, 0x44, 0x3, 0x986, 0xffff6d72, 0xbf5}, {0x7ff, 0x8009ef, 0x1, 0x3, 0x9, 0x81}, {0x7f, 0x5752, 0x0, 0x9, 0x7}, {0x9, 0xf7b, 0xa000, 0x8, 0x5, 0xa17}, {0x7, 0x200, 0x1000, 0x80, 0x4, 0x1}, {0x7, 0x80000000, 0x40, 0x3, 0xfffffff2, 0x8}, {0x6, 0xfff, 0xe4ae, 0x0, 0x8, 0x7}, {0x6, 0xd, 0x230, 0x400, 0x6971, 0xfff}, {0x5, 0x8, 0x6, 0x2, 0x4, 0x3}, {0x83, 0x3, 0x4, 0x7, 0x9, 0xaa7}, {0x5, 0x5, 0x4, 0x80, 0x0, 0x100}, {0x4, 0x8, 0x9, 0x1, 0x2, 0x9}, {0x2690, 0x7ff, 0x11, 0xd, 0x2, 0x722dadd0}, {0x4b, 0x5, 0x9, 0x9, 0x279, 0x3}, {0x7, 0x7b5a, 0x4, 0x0, 0xfffffffb, 0x80000000}, {0x2, 0x0, 0x6fbc79d2, 0x9, 0x401, 0x5}, {0x0, 0x527e, 0xc7, 0x4, 0x80, 0x7}, {0x4, 0xd, 0x5, 0xbd52, 0x80, 0xef35}, {0x9, 0xb, 0x4, 0x8001, 0xfffffff8, 0x1}, {0x3, 0x8, 0xd, 0x1d00, 0x5, 0x400}, {0x8000, 0x74dfe8ce, 0x956b, 0x4, 0x2, 0xfffffff4}, {0xf2, 0x1ee, 0x5, 0xfffffd14, 0x9, 0x40}, {0x0, 0xd, 0x9, 0x8, 0xffffffff, 0x1}, {0xfffff125, 0x1000, 0x1ff, 0xfffffffe, 0x3, 0x1}, {0x0, 0xfffffff9, 0x6, 0x3, 0x4, 0x20000002}, {0xec, 0x8, 0x8f1, 0xfffffffb, 0xa, 0x10000}, {0x6, 0x726, 0x6, 0x8, 0xfff, 0x9}, {0x0, 0x9, 0x3, 0x5, 0x3, 0x2}, {0x400, 0xffff, 0x5, 0xfffffffe, 0x7f, 0x6}, {0x400, 0xf, 0xcf, 0xc, 0x4022, 0x44}, {0x4, 0x4, 0x8, 0xfff, 0x6, 0x1}, {0xffff, 0x3, 0xb5, 0x433, 0x6, 0x6}, {0x10000, 0x0, 0x7, 0x9, 0x20, 0x4}, {0x4, 0x9, 0x594, 0xf90, 0xc, 0x3}, {0x5, 0x657a0ecc, 0x1, 0xa4, 0x0, 0x7}, {0x5, 0xe1, 0x2, 0x4, 0x8001, 0x2}, {0x2, 0xe4, 0xe, 0x2, 0x0, 0x9}, {0x3, 0xff, 0x6, 0x7, 0xd7d6, 0x9}, {0x42, 0x2, 0x6, 0x7, 0xae45, 0x5}, {0x6, 0x9c, 0x5, 0x80, 0x7fffffff, 0x5}, {0x7, 0x3, 0x3, 0x7, 0x0, 0x4}, {0x7ff, 0x2, 0x8, 0x8, 0x9, 0x5}, {0x1, 0x1, 0xfffffffe, 0x800, 0x0, 0x1}, {0x8, 0x5, 0x3fd, 0x4, 0xffffffff, 0x7}, {0x4, 0x0, 0x6, 0x5, 0x9, 0x9}, {0x3, 0x80000001, 0xb, 0x1, 0x80000000}, {0x0, 0xfffffff7, 0x84e5, 0x7f, 0x3a, 0x3fd}, {0x8000, 0x7, 0x2, 0xd8, 0xa}, {0x9, 0x1004, 0x8, 0x6, 0x1, 0x2}, {0x0, 0x9, 0x9, 0xd, 0x7fffffff, 0xfffffc00}, {0x1, 0xfffffffc, 0x6, 0x2, 0xc0, 0xfffff44c}, {0x4, 0x3, 0xfffffff5, 0x9, 0xbe, 0x4}, {0x6, 0x3, 0x0, 0x7fff, 0x5, 0x7ff}, {0x400, 0x200007, 0x80000000, 0x5, 0xfffffff7, 0xffffffff}, {0x7, 0x100000, 0x200, 0x9, 0xbc, 0x11}, {0x1ff, 0xfffffffc, 0x1, 0x4, 0x1, 0x2}, {0x10000, 0x3, 0x0, 0x111, 0x7, 0x2}, {0x1d, 0x3, 0xda62, 0x4, 0x2, 0x8}, {0xb8000000, 0xfffffff8, 0x7, 0x9, 0x0, 0x49}, {0x8, 0x401, 0x9, 0x332a, 0x1, 0x2}, {0xfa0, 0x6, 0x7f, 0x7, 0x8, 0x80}, {0x10001, 0x4, 0x400, 0x9, 0x6, 0xdbce}, {0x1, 0x57f, 0x800, 0xe49, 0x0, 0xa81c}, {0x5, 0x8, 0xa, 0xa, 0x6, 0x8}, {0x7f, 0xf, 0x1, 0x5, 0x401}, {0x7f, 0x4, 0x6, 0x2, 0x3}, {0x625, 0x80000001, 0xfc4, 0xfffffffd, 0x7}, {0x6, 0xfffffffc, 0x95db, 0x3d0b, 0x3, 0x80000001}, {0x7fff, 0x2, 0xffffff7f, 0x381, 0x8, 0x1}, {0x9, 0x4, 0x1, 0x80000000, 0xae, 0x9}, {0x9, 0xffffff80, 0xffff, 0xfff, 0x3, 0x3ff}, {0x47, 0x2, 0xb2f9, 0xbf, 0x1ff, 0x9}, {0xe, 0x310, 0x2, 0xad0, 0x7fffffff, 0x859}, {0x7, 0x6, 0x2, 0x1, 0x6, 0x3}, {0x7bf65384, 0x8, 0xe87, 0x0, 0x3, 0xfffffffd}, {0x3, 0x2, 0x1fd, 0x7, 0x2, 0x6}, {0x3, 0x0, 0x3, 0x80000001, 0xc3, 0xa9d}, {0x8, 0x200, 0x8, 0x8, 0xc}, {0x4, 0x4, 0x13ca, 0x74, 0x2, 0x1}, {0x2, 0x2, 0x1, 0x7fff, 0x14, 0x3}, {0x6, 0x4, 0x899, 0xfff, 0x0, 0x2}, {0x5, 0x80000, 0x0, 0x1, 0x3, 0x3}, {0x400, 0x5, 0x3ff, 0x3, 0xd, 0x5}, {0x2, 0x20000000, 0x3, 0x6, 0x81, 0x5}, {0x6, 0x7ff, 0x1, 0x40, 0x9, 0x7}, {0x8, 0x0, 0xd, 0x6, 0x5}, {0x3, 0x9, 0x1, 0x3b1c, 0x2, 0x6}, {0x4, 0x49354bbb, 0x2, 0x3, 0x7, 0x9}, {0x5, 0x2, 0x10, 0x9, 0x2, 0x400}, {0x40000fff, 0x54, 0x8, 0xc, 0x0, 0x6}, {0x401, 0x6, 0xff, 0x6, 0x3, 0x3}, {0x80000000, 0x7d, 0x2, 0xb, 0x84, 0x3}, {0xc45c, 0xa, 0x0, 0x2, 0x4, 0x2}, {0x7, 0x6, 0x86, 0x9, 0x3, 0x8001}, {0x3a, 0x7eb, 0x4, 0x9, 0x9, 0x405}, {0x7011, 0xfff, 0x9, 0x1, 0x9, 0x2}, {0x1, 0xff, 0x8, 0x2968, 0x2, 0xfffffffc}, {0x0, 0x9, 0xc402, 0x1, 0x100, 0xc72}, {0xfffffff9, 0x5, 0x81, 0x26, 0x9, 0x1}, {0x7ff, 0x81, 0xfffffff8, 0x9, 0x5, 0x3ff}, {0x3, 0x6, 0xd, 0x0, 0x6e5f, 0x80}, {0x4, 0x3ff, 0xb, 0x0, 0x0, 0x6}, {0x0, 0x4, 0x7f, 0x4, 0x10, 0x4}, {0x7, 0x4, 0x81, 0x6, 0x2f, 0x7}, {0x3, 0xff, 0x2, 0x7f, 0x4, 0x5}, {0x8000, 0x8, 0xd, 0x1, 0x5, 0x4}, {0xcab, 0xd, 0x4, 0xf, 0x8, 0x7}, {0x2, 0x2, 0x3, 0x5, 0x7, 0x34}, {0x0, 0x6, 0x10000, 0x8, 0xbb, 0x7fffffff}, {0x2, 0x9, 0x9, 0x9, 0x80, 0x7}, {0x39e3, 0x9, 0x0, 0x0, 0x31, 0x3}, {0xfffffffc, 0x4, 0x0, 0xbe50, 0x40, 0x7}, {0xe, 0x5, 0x7, 0xffffffff, 0xd, 0x1}, {0x5, 0x1000, 0x9, 0x8000, 0x24e, 0x1}, {0x7, 0x7, 0x7, 0x80000000, 0x1, 0x4}, {0x7, 0x9, 0x4, 0x8dad, 0x6, 0x7}, {0x1, 0x101, 0x3, 0x7, 0x4, 0x7}, {0x3ff, 0x3, 0x5, 0x2, 0x0, 0x2}, {0x2, 0x5, 0x7, 0x5, 0x2, 0x8}, {0x3c, 0x3409, 0x3, 0x5, 0x997c, 0x2df0}, {0x2, 0x9, 0x10001, 0x8711, 0x800}, {0x81, 0x0, 0x1, 0x1db, 0x0, 0xb}, {0x2, 0x5, 0x2, 0x5, 0x0, 0x7}, {0x8, 0xdfd3, 0x8, 0x2, 0xfffffffe, 0x2}], [{0x4}, {0x1, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x5}, {0x3, 0x1}, {0x0, 0x1}, {0x6}, {0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x2}, {0x5}, {0x2, 0x1}, {0x2}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x2}, {0x2, 0x1}, {}, {0x2, 0x1}, {0x4}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x5}, {0x3}, {0x1, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0xe691a73254f1a9a5, 0x1}, {0x1}, {}, {0x3, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x5}, {}, {0x2}, {0x4, 0x1}, {0x0, 0x3}, {0x2}, {0x2}, {0x1}, {0x5}, {0x2}, {0x2, 0x1}, {0x1, 0x1}, {0x1}, {0x3, 0x1}, {0x1, 0x1}, {}, {0x5}, {0x0, 0x1}, {0x5}, {}, {0x5}, {0x4}, {0x5}, {}, {0x5}, {}, {0x2}, {0x3}, {0x0, 0x1}, {0x5, 0x2}, {0x2, 0x1}, {0x3}, {0x5}, {0x4, 0x1}, {0x1}, {0x0, 0x1}, {0x3}, {0x4, 0x1}, {}, {}, {0x2, 0x1}, {0x0, 0x1}, {0x1, 0x708aee799a2a8f33}, {0x4}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x3}, {0x2}, {0x1, 0x1}, {0x4, 0x1}, {0x1}, {0x0, 0x1}, {0x3}, {0x5, 0x1}, {0x2}, {}, {0x3}, {0x2, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x3}, {0x3, 0x1}, {0x2, 0x1}, {0x3}, {}, {0x1}, {0x3}, {0x2}, {0x4}, {0x4, 0x1}, {0x2}, {0x1}], 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xe68}, 0x1, 0x0, 0x0, 0x4}, 0x20000005)
r12 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r12, &(0x7f00000002c0), 0x40000000000009f, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)

567.302692ms ago: executing program 6 (id=7732):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x40000)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x34524742, 0x500, 0x2d0, 0x0, @discrete={0xb, 0x7}})
openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x270c40, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x804)
r1 = openat$kvm(0xffffff9c, &(0x7f0000000540), 0x8000, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0xfffff34, 0x0, [{0xf88e470f, 0xed}]})
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x10000000000002, 0x9, 0xffbffffffffffffd, 0x77, 0x2, 0x2, 0x4002004c4, 0x1003, 0x8000000000000000, 0xc595, 0x0, 0x1, 0x9, 0x2000000000000000, 0x5, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

469.939787ms ago: executing program 7 (id=7733):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x4b564d06, 0x0, 0x7}]})
ioctl$OCFS2_IOC_UNRESVSP(r1, 0x40305829, &(0x7f0000000100)={0x1, 0x0, 0x2dc9, 0x8001})
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa8542, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
writev(r4, &(0x7f0000000840)=[{&(0x7f0000000300)="f5fe37d8848c4c746d08090ee761754e8b75a9ced69de1e7e1f820e9c28a3a48b9494ef9bdbc7640d5373ec4b8b53e44d7eea2f2ff7fb9568fc8d89164c9ffc0654d22dfaa935f3265ac6cd007fb06a2770644e1af7d7de2e41f7c7f1fe2c50aea507488ca3d7f767cc42f18a56d156bdef1c8f11d9d00d50e62534bd3c836c0c4593bc82bce3e7c9a9659f8bb438004e428a347368efff88a798c", 0x9b}, {&(0x7f00000003c0)="eba71b5dd84e9db529fbeab893b4b1435d6eb47d5e81016fa05a7b97b17a2a30166aba0dbacd753e03df7b20d48cc47347201e9cd00a67fa2336ee43769a69c0ad9e384d323c3fd265c3daeade6b39fb534e1031f2f340fb03c8e7c0c999c396773761f2cb6138bc2c13ab5988d0150acdbb5f5834fca842a98043b15db96a7d88a2f161abe9dbef669c91925d273e62c3d2836ea388aad17cd413cca1cb4cb87ce55d06a3d79f13bd7c669f729b047a20e71794bb813c44a7687119f1a9d83f8e7528645efd0a7d7113c810", 0xcc}, {&(0x7f0000000540)="25f77c3ac2d6b92c4e8adb9588fd80da77efcd6f7ddb47b35d07e5d358104df646832a4e2a50f5b19db6c236f6c136e37117ed1ea2a186248709fbc66f407711a18bab48ba868c8e1a095b31fbde6ca5629d15359f7fbf9bcc8ed598c68b78b6d4c7abf7fe2a22650332e1db01923daaeee52758b4856402009b4082c548e4dd775236ce79e69327ab2682ab789d1cb1e3", 0x91}, {&(0x7f0000000600)="ae21484dd3ada6446eb27f66692f305de3cb8b653d0cb8ba4ff481d71127d7d30723df9a7b1705279303d5abc0f600609b1a11e49b111ac8b5a7f3621e732a2f35b7bcedefa5cc9d4d97045917555b7a1f36b6114eb52990a84a4fe7c41515e54e6d400e88b915717a27d90a4e8d19ebd132349beb65520ce8fa2a5bcc6db0c588bb9376a38e6013d44db53519bbc6bb116fdbc76db496aeace97517f606e9787009fb8911cf1b6ea3c7c931e9138ef462845103a26aed1a", 0xb8}, {&(0x7f0000000e80)="5ad7ac76fbbd4351ca0d918620601384d9bace7c07fe919d5d9ba29d37eb125f40ed948c0433c756f0a480cd7834fa4d802af3c950fbfcbbf202f826ba0ffa89b1c81f6e93a7c8844951a6103b3e2d4e600e528b25172f23b8ed2e293df5e9ddaf7cd4e93e17b140ca691d88d98edbb9f41f324574a3128bdabeb205489d2d6d95595f2e4d92d75ae34a5feb04a620e0eeb56d835b2129f8b7f1b88d8c67e75b9bd14fb64e45816f723d61608218795f5ab57f756e194a1583b709fcc6ce34915692f07f7b96bb0e240187f6e46a0f388d1f9ff01f69116564f277a12cb59f996eb2ff19cd5ee90fee84ea1a362148eeef38dd1d7d33f2463f30794134604ca009bf5e3bf352608fcf75b632fe82137f855153e638d1766f9f54e9260e1de0edfcc8873df9e24645fb658176f6483908a5c417e2b6552879f4a666b7c33a6addbe9717116cf2812043fbfdbf95fa860c2b3c7367291933569f52add80c1aabd2b1fd23882ba5d7cbf047c2c6efc96d9fb17628cbe869391744fd4bf9896ccc85a7d9468af9fa07158b75fe34cb91820be4e88f2da73426fe0509cd0a64a2c2d2c4c55e25327d6a76cc6597fcfc3ee64dc4ca02ac9a19d1e7ad7ff61bb0779a5071818d537c92f9e5919abd3090caa4e0524d92511a95a7a0a9361c50ac8c5d71560049ce25d726ff550abf15efc4b9f9b0c30e79390315fa5da4ae7ac380702fb2044dc26cea7401cef946eabc5c3957ee97d8490d2686fb7a35c7c31bf8ac6f4cf202186ff465ed122eb5fcfa5bd31607b88f434e68be0db3affb3022dfbd51feacad8f53c050b18ac3c2d55a8b039bc7d2260b74f14485c3aee918018359e0e3d7b36f246d6afd6430d9cd38209e848c7f792a86bd42346792e5fab20128ae8d45022cfeafbf2abbc5cac32e84b94db09ba39786f6b5f918839bb843c61a33d3045722d46fb86f4fac1a094991f023e01651843d62a02263fa8ed4f2e51b96c998b440c34c5a9c51cb08cfaa8c308e6fa3c601f68f1dd3a343a005cebe383a39b17be0e3f2ef8beb082221f6cd6d4b27c384a5ef4ecfddf00e984b7cd61f55cbff7a5cbfbb728837bf0530933ce0cbe5327abcdcb600f7b9d7f60db9f1ee90eadf1654e0c934abfc022bac2d2a30398eebe32182815acae08ad0e1b19af541c806d15ca13778ac929ec932516bcead89dcca2bc3460690e20305f736a72b0d5a260e195dd48013fb79e1e79a1503de3136beec419bdc0a524d57e7ea190d9a4d14bc720dcc033d99e908db43eb0ace73a527b8822729b3d0227c8efd986178e5c8ac0f890817f9f5154330b2c9d2456f476b803c08c657c2fc842623f463a220049f7c29142d906a26c17d9e6085cd0cf2639caafd639f9a9cc4923b7712d867b62dc0fbfea5a848a2786b9650c91d22c8df23140af0f595b91386c3b99f321085e9b72359c59b43870a948a6324e31fcdac157690a21f072edab5a72d8c514c7286f74ed59c9192760886d75dd140dd7d3031ea876adee11952d7398a9c873ad8b909f8a880b0d49fa0bfa56b94a605d77f0b5fb731d55040188cb2c29b81b2d79e36163847d58928eec1546ffe19a433701b3fe4cffb48c23cfce046844fd1334f2ee0a688ef38074a5243be301553dc570adbcbdab7ec95192bbb003d087b21347b78d3d9b37793f7d7190134294b0cd32101cd8edaa8de2d45b30caab51d23b78feda7052a889bcabd47c279f0219a2f253a6c4994235021737fc70f13120f1e624c69271e64655ff216f5c5c3730a4eb4b7b1f8bd2ce35bbc32b0839d2179ebb393cd7940a1afc25c17b3dc7f4861092719c37c2995d15cfd7aa6f9ee7bd40e7061d02df3eb10fd8542d8bcfcf413737c866ca940d5337bd74410970af2595d1423d91355e7033a49a4a6d5c34bbf7da858c88670be6dea1d96c4c05fa67f333ec6d23f69945571acc9928d80b42c937bed163000ad7f35a7b24200e8f9bb8850e57490ccfd746f69271180133ab555d2af3b71687a08e8fcec39fff91b2538f94253786c55b6c76b968aaec6e5454cf8c17f63bbb77c8b2d7e450e8f4f592631f682e1895489c6c85ab7ebdbecdc0ff82acab15777df83b4d6545cc604de0c3cf23da9e27e2b2c645f899682b83ac8a18a751df841e1f35c8b786eaa8b201ad7bcceabedd36f140e8604f6f3e58cfa28bc59253b3d25d6e5517b56fd83e7de333b4654e74f574ffa5e007306e0df70b86dc470c790afa239fd55b024b322d46f7b2c14f1e24e9f12280d2dbad3d17c721e14cea80efa8afd0244d8e6493476a0021d63c9f8c9017580baa8e02c5294aacf69f247976f0b19da56e4daf23a23e2518aa8c376b5060d058483de6529ec72d84f5272e5504ca8f3c398bbebf4be4d7a30eb45071bc88e6781df04d09b3098b07329c8ad6e437a2e310b609e837c62310854ede4a53edf9d7d5fb3c3bf756516c67d2a4c9086a60edf06bc0f3c0bf09fb2baea5fc132c673076ab0a35ce9e808ccf596789756e8659c9211a3edb541746328958c39b90d5ec0a1b9b65e411ca54aa953cb01b4c81a30ba13179c1ce7cfc183add707e21da8ca6b7797b20d189f85db773771cacec16d138616ff42bc2295e3d52cefa2b82fc218242f02d68b2073e941d53e0ad1c3acab4f33bf850f3f98547058d057a1b1dfc32147525b8f647e46f99a55c67c1b7aa923b43bc2f57bfc5ddd5795f54df19653d9ee66b7aa4efaca7ef6f28d4a1d9c8e7537c33d0f4ceba539752099f14fc987e37a699d171600a0a9b2f2385f5328e0858403daf76aefddbe1e1e1b0c0cbcb2bf8c31ff69796209016d194df1229e65586e4b105adaa6927b9ebbfaadb78ff24172640eba2c101a35f347be1eff730085d5db552b3b80394a4d3f03ed7213637757f0e677c0d81fe012176737536c4ff013dc90379e87d3fddc92c90f7f050ca7f0279546b28019fa8d5abcb97204917056a4ef0056496859a363d52a5757f0cbc1dea0cc313f8e24b6204c2d309e6ca34449d9935acc60bdb1ea4c90d5b99f90dc2de7416864d392952fb6a81d07dc4709258697d6b9669650ea4f257d8f80890325f330baebc4ed8cf9cff2a3a2bb07fbc2d632d663ecadcd9504b5584b576247b4355c241b94b334001d9c3528afd018f0099f3479ca9873b467b91afb090dd818aea9615c36752d2a37f563f197a4f9b01450f321257fb774275275a57ccb815bbde8aa2c1878cbeb64ed70504add3530b289ea17562250bbd625a0df78d0200573069f6549e6b891ba321e7d7401fad353177f15c6038550f604b4b22013af8842a6fe1cb11f8d6238d8ee86c21be3fb1835f96c6b78bcbf2030c0ddb434cc3f8cf8cd4be0e0f1fa4c3ac6e96994b8772015305ad51a5d702eaaedd257230286667fdd031f2cbe66b266c190cdb72df815b703ec12aa9a784d5e73887f74fa173e251db2309d071bb811929015968845e115c59ec0f1dd2fb2feb4bbc6ea09d24ef7a5bfa4c1ebd766c861049b8a22cdc374f4798bed848ba2cf7cf849f623747f6e1e7b7265ed3a318333c31fbd489b0e29a6bf398e0b2278298cb6ca850bb05a634abea01b7245bf45ef041bb38ebf6b09d44f668e9865dcb3b7f734c446d247c8898bc10914881b294e8065fcd4fafddef67c236805d49dc7eed13c0133fa3dcc798817341dd34218a31a0a8f5ebfe31d4d909750db880ff067e1c73480f1b6444614a15ec07ade20a3c1628a10226ac87906962d20f5e7be4e2a60c0849eeee1ee503ae732c4a781173dc26b0092be0506b100fcbe8875326ccd37bedec23fc7381ce7a0055732c06304f9d518e917956f850cd401dc451069825cd7752912135554c377122a5ce39c215e0b34e365a8c3067c56ac37683c82019477b80a0e2cd9c70b201c3b34bfd6583f531ca90c56278412c34f3d5fae12b44c22e33ccbc8146bacc687da151bcb47bdc647e1e330c6366b6db177fa189146666268c31b8f2468039a8fb60211db66c84cb550727c42542434be7c423524578e3e1482a45e3a2df150923cc900b8867636b1474a31ee9f08cfa84525b7be1fe58cea1ca88e496609633b3f758040b2befd65327aa15c9c37f21a96a07e001b91838f8428092dc2ed4fbeda27063bc22b5b94d7b66ef6b553c03828c95c33385072f34339bc21b8d18e5ff76064b82fe91ab9f7f73934a395a35f2587f39d1839c614a4e2e4e14f65fdce4d170cfad316154e953f436d2a6e20e740d44ab5f44461929a6243ace2323bbc5e9e29cd50b9c16fcec11119eb72a6996999a74856cc3a6a5bcf2908582219de084ff13f284bd568c4519166d55c8af53ad9c9d69232c69996d988f06bf85745173f5c1c2cd189302c380f08b055872531857e0a255cecc035bf90f7b5b9126fef0075f84315d7d923ab4b1d73bbfc730a6556b7820b81e70baa95ef8ebb7b14678a15bbd9d3734b56267cddaff5a2c917f32c78747705d0adfb042c1da64b7b35c0efff6517657e8d621e85502bf2235ca116d778c35e55d2a430f70ee971947a416c763ec7af32d760874db908ac166ee7c8458064690c6f3b3d4dd501551e3e462ab400a24ae87f6d5beb787d85f3b50b66365b939bb43c772d93a811a0e58fc1ec88786045f350a069f4addef1c331900af7040e9784af95f92e008b78fdcc2afdac412be42481f03fae152d24f62419b9749cffc0fe7bd8a7e5294d6eb4521e76ea359d66a9fe3f9c8e6cc1a48ead54c25db1a38a933e5911d714d172c25af05cd74a787996cd8be71509780850ce9e12294566f813", 0xd51}], 0x5)
capset(&(0x7f0000000000)={0x20071026, r3}, &(0x7f0000000080)={0xa4, 0x9, 0x1, 0x4, 0x8, 0x7})
ppoll(&(0x7f00000003c0), 0x0, &(0x7f0000000400), 0x0, 0x0)

360.706619ms ago: executing program 6 (id=7734):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x6, 0xffff, 0x0, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f2e, 0xd, 0x4e2, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x54, r1, 0x1, 0xffffbffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x28, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c1937}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xfffd}]}, 0x54}}, 0x2400c0d0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000580), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x18040, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0xfea7)
r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNATTACHFILTER(r4, 0x401054d5, 0x0)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x9, 0x10, r4, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x181942, 0x0)
arch_prctl$ARCH_GET_CPUID(0x1011)
openat$dir(0xffffffffffffff9c, 0x0, 0x140, 0x82)

0s ago: executing program 9 (id=7735):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYRES8=<r0=>0x0], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20000040)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)={0x18, 0x7a, 0x601, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\a\x00\x00'}]}, 0x18}], 0x1}, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000805}, 0xc001)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00f693", @ANYRESHEX=r2, @ANYBLOB="2c726f6f74550200652030302a30303030303030303030303030303130303030302c400025720000643d", @ANYRESDEC=0x0, @ANYRES8=r0, @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006380)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000100)={0x50, 0x0, r3, {0x7, 0x1f, 0x1000001, 0x5069f481, 0xfffe, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x24c01, 0x0)
io_setup(0x202, &(0x7f0000000200))
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write(r4, &(0x7f0000000340)="07000000010000", 0x7)

kernel console output (not intermixed with test programs):

tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  818.539655][   T40] audit: type=1400 audit(1775597967.382:115572): avc:  denied  { write } for  pid=22581 comm="syz.5.6548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  818.546659][   T40] audit: type=1400 audit(1775597967.382:115573): avc:  denied  { read } for  pid=22581 comm="syz.5.6548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  818.554411][   T40] audit: type=1400 audit(1775597967.382:115574): avc:  denied  { create } for  pid=22581 comm="syz.5.6548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  818.595475][T22579] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.702696][T22579] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.747297][  T823] usb 12-1: new full-speed USB device number 30 using dummy_hcd
[  818.823597][T22579] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.918217][  T823] usb 12-1: config 0 has no interfaces?
[  818.954811][  T823] usb 12-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  818.959381][   T87] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  818.962929][   T87] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  818.972211][  T823] usb 12-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  818.975307][  T823] usb 12-1: Product: syz
[  818.978597][  T823] usb 12-1: Manufacturer: syz
[  818.980668][  T823] usb 12-1: SerialNumber: syz
[  818.981450][T22598] 9pnet_virtio: no channels available for device syz
[  818.988399][   T87] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  818.993707][T22596] netlink: 84 bytes leftover after parsing attributes in process `syz.0.6552'.
[  818.995349][  T823] usb 12-1: config 0 descriptor??
[  818.998417][T22596] nbd: must specify at least one socket
[  819.011687][  T637] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  819.185184][T22606] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6555'.
[  819.196882][T22606] netlink: 92 bytes leftover after parsing attributes in process `syz.0.6555'.
[  819.444845][   T34] usb 12-1: USB disconnect, device number 30
[  819.558108][T22614] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6559'.
[  819.620256][T22614] veth3: entered allmulticast mode
[  819.627698][T22614] bond3: (slave veth3): Enslaving as an active interface with an up link
[  819.830506][T22624] 9pnet_virtio: no channels available for device syz
[  819.901645][T22628] netlink: 'syz.0.6564': attribute type 7 has an invalid length.
[  820.248858][T22645] __nla_validate_parse: 1 callbacks suppressed
[  820.248874][T22645] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6573'.
[  820.321087][T22645] veth3: entered allmulticast mode
[  820.332042][T22645] bond2: (slave veth3): Enslaving as an active interface with an up link
[  820.495790][T22660] netlink: 'syz.7.6577': attribute type 72 has an invalid length.
[  820.872037][T22687] 9pnet_virtio: no channels available for device syz
[  821.957847][T22728] forcing mempool usage for bio_alloc_bioset+0x392/0x850
[  821.997722][T22731] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.6608'.
[  822.468533][T22745] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6613'.
[  822.478813][T22745] chnl_net:caif_netlink_parms(): no params data found
[  822.623183][T22749] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000
[  822.724493][T22762] netlink: 'syz.6.6622': attribute type 1 has an invalid length.
[  822.760048][T22762] 8021q: adding VLAN 0 to HW filter on device bond3
[  822.768613][T22760] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22760 comm=syz.6.6622
[  822.788944][T22765] can0: slcan on ttyS3.
[  822.829732][T22767] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.6618'.
[  822.850835][T22765] can0 (unregistered): slcan off ttyS3.
[  823.215632][T22783] kvm: user requested TSC rate below hardware speed
[  823.306908][T22793] SELinux:  Context system_u:object_r:dhcpd_initrc_exec_t:s0 is not valid (left unmapped).
[  823.410134][T22798] netlink: 1752 bytes leftover after parsing attributes in process `syz.7.6633'.
[  823.487316][   T40] kauditd_printk_skb: 1681 callbacks suppressed
[  823.487337][   T40] audit: type=1400 audit(1775597972.382:117256): avc:  denied  { create } for  pid=22801 comm="syz.0.6636" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  823.506163][   T40] audit: type=1400 audit(1775597972.382:117257): avc:  denied  { write } for  pid=22801 comm="syz.0.6636" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  823.514290][   T40] audit: type=1400 audit(1775597972.382:117258): avc:  denied  { read } for  pid=22801 comm="syz.0.6636" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  823.521949][   T40] audit: type=1400 audit(1775597972.382:117259): avc:  denied  { read } for  pid=22801 comm="syz.0.6636" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  823.530105][   T40] audit: type=1400 audit(1775597972.382:117260): avc:  denied  { ioctl } for  pid=22801 comm="syz.0.6636" path="socket:[129055]" dev="sockfs" ino=129055 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  823.539949][   T40] audit: type=1400 audit(1775597972.382:117261): avc:  denied  { write } for  pid=22801 comm="syz.0.6636" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  823.548345][   T40] audit: type=1400 audit(1775597972.392:117262): avc:  denied  { read write } for  pid=18524 comm="syz-executor" name="loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  823.557551][   T40] audit: type=1400 audit(1775597972.392:117263): avc:  denied  { read write open } for  pid=18524 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  823.568735][T22805] netlink: 'syz.0.6637': attribute type 2 has an invalid length.
[  823.571236][   T40] audit: type=1400 audit(1775597972.392:117264): avc:  denied  { ioctl } for  pid=18524 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  823.580845][   T40] audit: type=1400 audit(1775597972.422:117265): avc:  denied  { read write } for  pid=20156 comm="syz-executor" name="loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  823.590780][T22806] netlink: 64 bytes leftover after parsing attributes in process `syz.7.6635'.
[  823.940465][T22823] FAULT_INJECTION: forcing a failure.
[  823.940465][T22823] name failslab, interval 1, probability 0, space 0, times 0
[  823.944765][T22823] CPU: 0 UID: 0 PID: 22823 Comm: syz.7.6643 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  823.944784][T22823] Tainted: [L]=SOFTLOCKUP
[  823.944789][T22823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  823.944796][T22823] Call Trace:
[  823.944859][T22823]  <TASK>
[  823.944864][T22823]  dump_stack_lvl+0x100/0x190
[  823.945004][T22823]  should_fail_ex.cold+0x5/0xa
[  823.945150][T22823]  should_failslab+0xc2/0x120
[  823.945269][T22823]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  823.945287][T22823]  ? __kvm_mmu_topup_memory_cache+0x18f/0x5f0
[  823.945321][T22823]  __kvm_mmu_topup_memory_cache+0x18f/0x5f0
[  823.945350][T22823]  mmu_topup_memory_caches+0x25/0x170
[  823.945370][T22823]  kvm_mmu_load+0xd6/0x23e0
[  823.945389][T22823]  ? kvm_apic_has_interrupt+0xfe/0x1f0
[  823.945409][T22823]  ? __pfx_kvm_apic_has_interrupt+0x10/0x10
[  823.945427][T22823]  ? __pfx_kvm_mmu_load+0x10/0x10
[  823.945439][T22823]  ? kvm_cpu_has_injectable_intr+0x9c/0x1a0
[  823.945459][T22823]  ? kvm_check_and_inject_events+0x961/0x10c0
[  823.945472][T22823]  ? record_steal_time+0x410/0xbe0
[  823.945491][T22823]  vcpu_run+0x39f4/0x5ca0
[  823.945510][T22823]  ? __pfx_vcpu_run+0x10/0x10
[  823.945528][T22823]  ? rcu_is_watching+0x12/0xc0
[  823.945581][T22823]  ? kvm_arch_vcpu_ioctl_run+0x565/0x1830
[  823.945595][T22823]  kvm_arch_vcpu_ioctl_run+0x565/0x1830
[  823.945613][T22823]  kvm_vcpu_ioctl+0x730/0x1730
[  823.945632][T22823]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  823.945649][T22823]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  823.945668][T22823]  ? do_vfs_ioctl+0x226/0x13e0
[  823.945687][T22823]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  823.945741][T22823]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  823.945765][T22823]  ? __fget_files+0x215/0x3d0
[  823.945777][T22823]  ? hook_file_ioctl_common+0x146/0x410
[  823.945794][T22823]  ? selinux_file_ioctl+0x139/0x290
[  823.945811][T22823]  ? selinux_file_ioctl+0xb4/0x290
[  823.945828][T22823]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  823.945846][T22823]  __x64_sys_ioctl+0x18e/0x210
[  823.945865][T22823]  do_syscall_64+0x106/0xf80
[  823.946077][T22823]  ? clear_bhb_loop+0x40/0x90
[  823.946093][T22823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  823.946105][T22823] RIP: 0033:0x7fde0739c819
[  823.946117][T22823] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  823.946129][T22823] RSP: 002b:00007fde081ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  823.946201][T22823] RAX: ffffffffffffffda RBX: 00007fde07616090 RCX: 00007fde0739c819
[  823.946208][T22823] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  823.946215][T22823] RBP: 00007fde081ca090 R08: 0000000000000000 R09: 0000000000000000
[  823.946221][T22823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  823.946227][T22823] R13: 00007fde07616128 R14: 00007fde07616090 R15: 00007ffea5b727e8
[  823.946242][T22823]  </TASK>
[  824.191462][T22832] ip6t_REJECT: ECHOREPLY is not supported
[  824.320696][T22838] FAULT_INJECTION: forcing a failure.
[  824.320696][T22838] name failslab, interval 1, probability 0, space 0, times 0
[  824.320805][T22838] CPU: 1 UID: 0 PID: 22838 Comm: syz.5.6650 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  824.320821][T22838] Tainted: [L]=SOFTLOCKUP
[  824.320825][T22838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  824.320831][T22838] Call Trace:
[  824.320836][T22838]  <TASK>
[  824.320841][T22838]  dump_stack_lvl+0x100/0x190
[  824.320865][T22838]  should_fail_ex.cold+0x5/0xa
[  824.320882][T22838]  should_failslab+0xc2/0x120
[  824.320895][T22838]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  824.320913][T22838]  ? ptlock_alloc+0x1f/0x70
[  824.320931][T22838]  ptlock_alloc+0x1f/0x70
[  824.320945][T22838]  pte_alloc_one+0x82/0x3d0
[  824.320962][T22838]  do_fault+0x88e/0x18e0
[  824.320977][T22838]  __handle_mm_fault+0x1815/0x2b60
[  824.320995][T22838]  ? __pfx___handle_mm_fault+0x10/0x10
[  824.321010][T22838]  ? folio_mark_accessed+0xf3/0x1040
[  824.321022][T22838]  ? __pfx_folio_mark_accessed+0x10/0x10
[  824.321033][T22838]  ? find_held_lock+0x2b/0x80
[  824.321056][T22838]  handle_mm_fault+0x36d/0xa20
[  824.321074][T22838]  __get_user_pages+0xf9c/0x34d0
[  824.321092][T22838]  ? __pfx___get_user_pages+0x10/0x10
[  824.321108][T22838]  populate_vma_page_range+0x267/0x3f0
[  824.321122][T22838]  ? __pfx_populate_vma_page_range+0x10/0x10
[  824.321135][T22838]  ? __pfx_find_vma_intersection+0x10/0x10
[  824.321148][T22838]  ? __pfx_apply_mlockall_flags.isra.0+0x10/0x10
[  824.321168][T22838]  __mm_populate+0x107/0x3a0
[  824.321181][T22838]  ? __pfx___mm_populate+0x10/0x10
[  824.321196][T22838]  ? up_write+0x290/0x4f0
[  824.321210][T22838]  __do_sys_mlockall+0x4f4/0x5d0
[  824.321228][T22838]  do_syscall_64+0x106/0xf80
[  824.321239][T22838]  ? clear_bhb_loop+0x40/0x90
[  824.321253][T22838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.321264][T22838] RIP: 0033:0x7fa21459c819
[  824.321275][T22838] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  824.321285][T22838] RSP: 002b:00007fa2153e8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  824.321296][T22838] RAX: ffffffffffffffda RBX: 00007fa214816090 RCX: 00007fa21459c819
[  824.321303][T22838] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  824.321309][T22838] RBP: 00007fa2153e8090 R08: 0000000000000000 R09: 0000000000000000
[  824.321315][T22838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  824.321321][T22838] R13: 00007fa214816128 R14: 00007fa214816090 R15: 00007ffec8f63998
[  824.321335][T22838]  </TASK>
[  824.689073][T22858] netlink: 1752 bytes leftover after parsing attributes in process `syz.7.6659'.
[  825.246885][T22875] netfs: Couldn't get user pages (rc=-14)
[  826.827243][ T5955] Bluetooth: hci1: command 0x0c1a tx timeout
[  826.827359][T22855] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  826.910960][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  826.913246][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  827.560078][T22855] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  827.571847][T22855] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  827.576007][T22855] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  827.579234][T22855] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  827.583432][T22855] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  827.590494][T22855] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  827.592600][T22855] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  827.595410][T22855] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  827.598348][T22855] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  827.600391][T22855] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  827.605184][T22855] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  827.708369][T22879] 9pnet_virtio: no channels available for device syz
[  827.849237][T22877] tipc: Started in network mode
[  827.851039][T22877] tipc: Node identity 4004, cluster identity 4711
[  827.853287][T22877] tipc: Node number set to 16388
[  828.377910][T22917] overlayfs: upper fs does not support file handles, falling back to index=off.
[  828.499172][   T40] kauditd_printk_skb: 677 callbacks suppressed
[  828.499192][   T40] audit: type=1400 audit(1775597977.392:117943): avc:  denied  { mount } for  pid=22925 comm="syz.0.6687" name="/" dev="autofs" ino=128299 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  828.518182][   T40] audit: type=1400 audit(1775597977.392:117944): avc:  denied  { read write } for  pid=20379 comm="syz-executor" name="loop7" dev="devtmpfs" ino=665 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  828.525864][   T40] audit: type=1400 audit(1775597977.392:117945): avc:  denied  { read write open } for  pid=20379 comm="syz-executor" path="/dev/loop7" dev="devtmpfs" ino=665 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  828.538210][   T40] audit: type=1400 audit(1775597977.392:117946): avc:  denied  { ioctl } for  pid=20379 comm="syz-executor" path="/dev/loop7" dev="devtmpfs" ino=665 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  828.550321][   T40] audit: type=1400 audit(1775597977.442:117947): avc:  denied  { create } for  pid=22928 comm="syz.7.6688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  828.554805][T22930] 9pnet_virtio: no channels available for device syz
[  828.556875][   T40] audit: type=1400 audit(1775597977.442:117948): avc:  denied  { write } for  pid=22928 comm="syz.7.6688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  828.566664][   T40] audit: type=1400 audit(1775597977.442:117949): avc:  denied  { mounton } for  pid=22928 comm="syz.7.6688" path="/229/file0" dev="tmpfs" ino=1307 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  828.574698][   T40] audit: type=1400 audit(1775597977.452:117950): avc:  denied  { create } for  pid=22929 comm="syz.6.6689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  828.581158][   T40] audit: type=1400 audit(1775597977.452:117951): avc:  denied  { bind } for  pid=22929 comm="syz.6.6689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  828.588389][   T40] audit: type=1400 audit(1775597977.452:117952): avc:  denied  { setopt } for  pid=22929 comm="syz.6.6689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  828.592513][T22930] netlink: 32 bytes leftover after parsing attributes in process `syz.7.6688'.
[  828.853266][T22952] 9p: Bad value for 'dfltuid'
[  828.854851][T22952] 9p: Bad value for 'dfltuid'
[  828.865963][T22944] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6693'.
[  828.883070][T22944] tipc: Can't bind to reserved service type 2
[  828.907389][ T5955] Bluetooth: hci1: command 0x0c1a tx timeout
[  829.008642][T22960] fuse: Bad value for 'fd'
[  829.475553][ T5955] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  829.555507][T22981] SELinux: security policydb version 18 (MLS) not backwards compatible
[  829.559693][T22981] SELinux: failed to load policy
[  829.627367][ T5955] Bluetooth: hci0: command 0x0c1a tx timeout
[  829.627466][ T5959] Bluetooth: hci3: command 0x0c1a tx timeout
[  829.629964][ T5955] Bluetooth: hci2: command 0x0c1a tx timeout
[  829.639466][T22987] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6709'.
[  829.646728][T22987] ip6gretap0: entered promiscuous mode
[  829.649475][T22987] macsec1: entered promiscuous mode
[  829.651301][T22987] macsec1: entered allmulticast mode
[  829.652974][T22987] ip6gretap0: entered allmulticast mode
[  829.656568][T22987] ip6gretap0: left allmulticast mode
[  829.659933][T22987] ip6gretap0: left promiscuous mode
[  829.826041][T22993] 9pnet_virtio: no channels available for device syz
[  829.848451][T22993] netlink: 32 bytes leftover after parsing attributes in process `syz.6.6711'.
[  829.951251][T22995] trusted_key: encrypted_key: key trusted:syz not found
[  830.586984][T23010] netlink: 'syz.7.6718': attribute type 8 has an invalid length.
[  830.816951][T23021] netlink: 20 bytes leftover after parsing attributes in process `syz.7.6721'.
[  830.918488][T23025] netlink: 20 bytes leftover after parsing attributes in process `syz.7.6721'.
[  830.922038][T23025] nbd: device at index 64 is going down
[  830.987241][ T5955] Bluetooth: hci1: command 0x0c1a tx timeout
[  831.048799][ T8336] udevd[8336]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  831.066406][ T8336] udevd[8336]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  831.717419][ T5955] Bluetooth: hci3: command 0x0c1a tx timeout
[  831.720160][ T5955] Bluetooth: hci0: command 0x0c1a tx timeout
[  831.722671][ T5955] Bluetooth: hci2: command 0x0c1a tx timeout
[  832.099077][T23042] trusted_key: encrypted_key: key trusted:syz not found
[  832.151195][T23020] kexec: Could not allocate control_code_buffer
[  832.407108][T23055] 9pnet_virtio: no channels available for device syz
[  832.418702][T23055] FAULT_INJECTION: forcing a failure.
[  832.418702][T23055] name failslab, interval 1, probability 0, space 0, times 0
[  832.423004][T23055] CPU: 0 UID: 0 PID: 23055 Comm: syz.7.6733 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  832.423023][T23055] Tainted: [L]=SOFTLOCKUP
[  832.423027][T23055] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  832.423034][T23055] Call Trace:
[  832.423039][T23055]  <TASK>
[  832.423044][T23055]  dump_stack_lvl+0x100/0x190
[  832.423068][T23055]  should_fail_ex.cold+0x5/0xa
[  832.423084][T23055]  should_failslab+0xc2/0x120
[  832.423097][T23055]  __kvmalloc_node_noprof+0xfa/0xa00
[  832.423115][T23055]  ? simple_xattr_alloc+0x4a/0xa0
[  832.423131][T23055]  ? shmem_initxattrs+0x3b9/0x570
[  832.423146][T23055]  simple_xattr_alloc+0x4a/0xa0
[  832.423162][T23055]  shmem_initxattrs+0x225/0x570
[  832.423177][T23055]  security_inode_init_security+0x242/0x370
[  832.423193][T23055]  ? __pfx_shmem_initxattrs+0x10/0x10
[  832.423206][T23055]  ? __pfx_security_inode_init_security+0x10/0x10
[  832.423220][T23055]  ? do_raw_spin_unlock+0x145/0x1e0
[  832.423237][T23055]  shmem_mknod+0x2bf/0x470
[  832.423253][T23055]  ? __pfx_shmem_mknod+0x10/0x10
[  832.423266][T23055]  ? bpf_lsm_inode_create+0x9/0x10
[  832.423285][T23055]  ? __pfx_shmem_create+0x10/0x10
[  832.423300][T23055]  lookup_open.isra.0+0xc47/0x11b0
[  832.423321][T23055]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  832.423340][T23055]  ? __pfx___might_resched+0x10/0x10
[  832.423354][T23055]  ? mnt_get_write_access+0x52/0x2f0
[  832.423373][T23055]  ? __pfx_down_write+0x10/0x10
[  832.423392][T23055]  ? mnt_get_write_access+0x1e9/0x2f0
[  832.423411][T23055]  path_openat+0x2291/0x31a0
[  832.423426][T23055]  ? count_memcg_events_mm.constprop.0+0x31/0x2a0
[  832.423447][T23055]  ? __pfx_path_openat+0x10/0x10
[  832.423459][T23055]  ? __pfx___up_read+0x10/0x10
[  832.423471][T23055]  ? do_user_addr_fault+0x7de/0x12f0
[  832.423485][T23055]  ? do_user_addr_fault+0x7de/0x12f0
[  832.423500][T23055]  do_file_open+0x20e/0x430
[  832.423514][T23055]  ? __pfx_do_file_open+0x10/0x10
[  832.423526][T23055]  ? irqentry_exit+0x180/0x670
[  832.423545][T23055]  ? alloc_fd+0x476/0x790
[  832.423559][T23055]  ? do_getname+0x191/0x390
[  832.423576][T23055]  do_sys_openat2+0x10d/0x1e0
[  832.423591][T23055]  ? __pfx_do_sys_openat2+0x10/0x10
[  832.423604][T23055]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  832.423618][T23055]  ? __fget_files+0x21f/0x3d0
[  832.423634][T23055]  __x64_sys_openat+0x12d/0x210
[  832.423709][T23055]  ? __pfx___x64_sys_openat+0x10/0x10
[  832.423729][T23055]  ? ksys_write+0x1ac/0x250
[  832.423745][T23055]  do_syscall_64+0x106/0xf80
[  832.423756][T23055]  ? clear_bhb_loop+0x40/0x90
[  832.423770][T23055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  832.423782][T23055] RIP: 0033:0x7fde0739c819
[  832.423793][T23055] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  832.423804][T23055] RSP: 002b:00007fde081eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  832.423815][T23055] RAX: ffffffffffffffda RBX: 00007fde07615fa0 RCX: 00007fde0739c819
[  832.423822][T23055] RDX: 0000000000181942 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  832.423829][T23055] RBP: 00007fde081eb090 R08: 0000000000000000 R09: 0000000000000000
[  832.423836][T23055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  832.423843][T23055] R13: 00007fde07616038 R14: 00007fde07615fa0 R15: 00007ffea5b727e8
[  832.423857][T23055]  </TASK>
[  832.640518][T23062] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000
[  832.854891][T23075] 9pnet_virtio: no channels available for device syz
[  833.349103][T23099] netlink: 64 bytes leftover after parsing attributes in process `syz.0.6750'.
[  833.507811][   T40] kauditd_printk_skb: 905 callbacks suppressed
[  833.507826][   T40] audit: type=1400 audit(1775597982.392:118856): avc:  denied  { create } for  pid=23107 comm="syz.7.6755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  833.511449][T23109] netlink: 'syz.7.6755': attribute type 1 has an invalid length.
[  833.517345][   T40] audit: type=1400 audit(1775597982.402:118857): avc:  denied  { write } for  pid=23107 comm="syz.7.6755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  833.528355][   T40] audit: type=1400 audit(1775597982.422:118858): avc:  denied  { create } for  pid=23107 comm="syz.7.6755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  833.529517][T23108] 9pnet_virtio: no channels available for device syz
[  833.535230][   T40] audit: type=1400 audit(1775597982.422:118859): avc:  denied  { mounton } for  pid=23106 comm="syz.6.6754" path="/309/file0" dev="tmpfs" ino=1708 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  833.546347][   T40] audit: type=1400 audit(1775597982.422:118860): avc:  denied  { write } for  pid=23107 comm="syz.7.6755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  833.553227][   T40] audit: type=1400 audit(1775597982.432:118861): avc:  denied  { write } for  pid=23107 comm="syz.7.6755" lport=38425 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  833.561237][   T40] audit: type=1400 audit(1775597982.432:118862): avc:  denied  { module_request } for  pid=23106 comm="syz.6.6754" kmod="rtnl-link-bridge_slave" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  833.569789][   T40] audit: type=1400 audit(1775597982.432:118863): avc:  denied  { read write } for  pid=23107 comm="syz.7.6755" name="vmci" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  833.578168][   T40] audit: type=1400 audit(1775597982.432:118864): avc:  denied  { read write open } for  pid=23107 comm="syz.7.6755" path="/dev/vmci" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  833.586301][   T40] audit: type=1400 audit(1775597982.442:118865): avc:  denied  { ioctl } for  pid=23107 comm="syz.7.6755" path="/dev/vmci" dev="devtmpfs" ino=708 ioctlcmd=0x7a7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  833.604205][T23113] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6754'.
[  833.797294][T12825] Bluetooth: hci2: command 0x0c1a tx timeout
[  833.797753][ T5955] Bluetooth: hci0: command 0x0c1a tx timeout
[  833.797771][T22986] Bluetooth: hci3: command 0x0c1a tx timeout
[  833.911732][T23122] xt_hashlimit: size too large, truncated to 1048576
[  834.146800][T23130] Mount JFS Failure: -5
[  834.150543][T23130] jfs_mount failed w/return code = -5
[  834.168293][T23136] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_rx_wq": -EINTR
[  834.353006][T23150] ip6t_REJECT: ECHOREPLY is not supported
[  834.550547][T23159] CUSE: unknown device info ""
[  834.552508][T23159] CUSE: zero length info key specified
[  835.129191][T23187] 9pnet_virtio: no channels available for device syz
[  835.191830][T23191] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6783'.
[  835.438277][  T823] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  835.611635][  T823] usb 5-1: config index 0 descriptor too short (expected 39, got 27)
[  835.615829][  T823] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 125, changing to 7
[  835.620153][  T823] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 42438, setting to 1024
[  835.624493][  T823] usb 5-1: config 0 interface 0 has no altsetting 0
[  835.643685][  T823] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  835.648479][  T823] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  835.651843][  T823] usb 5-1: Product: syz
[  835.653584][  T823] usb 5-1: Manufacturer: syz
[  835.655202][  T823] usb 5-1: SerialNumber: syz
[  835.663141][  T823] usb 5-1: config 0 descriptor??
[  835.674310][  T823] hub 5-1:0.0: bad descriptor, ignoring hub
[  835.676795][  T823] hub 5-1:0.0: probe with driver hub failed with error -5
[  835.683161][  T823] usb 5-1: selecting invalid altsetting 0
[  835.705523][T23197] 9pnet_virtio: no channels available for device syz
[  835.744695][T23197] netlink: 32 bytes leftover after parsing attributes in process `syz.7.6787'.
[  836.059219][T23205] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6790'.
[  836.319037][T23217] 9pnet_virtio: no channels available for device syz
[  836.330109][T23190] usb 5-1: reset high-speed USB device number 32 using dummy_hcd
[  836.336389][T23217] netlink: 32 bytes leftover after parsing attributes in process `syz.6.6796'.
[  836.598368][T23228] mac80211_hwsim hwsim32 ªªªªª;: renamed from wlan0
[  836.726419][T23190] usb 5-1: failed to restore interface 0 altsetting 251 (error=-71)
[  836.729576][T23230] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6802'.
[  836.736214][  T823] usb 5-1: USB disconnect, device number 32
[  836.963256][T23239] xt_bpf: check failed: parse error
[  836.964611][T23240] xt_bpf: check failed: parse error
[  837.462910][T23257] tmpfs: User quota inode hardlimit too large.
[  837.493955][T23259] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  837.729900][T23270] forcing mempool usage for bio_alloc_bioset+0x392/0x850
[  837.933826][T23281] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6824'.
[  837.941252][T23281] macsec1: entered promiscuous mode
[  837.943114][T23281] ip6gretap0: entered promiscuous mode
[  837.944995][T23281] macsec1: entered allmulticast mode
[  837.946741][T23281] ip6gretap0: entered allmulticast mode
[  837.950340][T23281] ip6gretap0: left allmulticast mode
[  837.952106][T23281] ip6gretap0: left promiscuous mode
[  838.150503][T23297] ip6t_REJECT: ECHOREPLY is not supported
[  838.300058][ T5955] Bluetooth: hci3: unexpected event for opcode 0x2012
[  838.358296][ T5955] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  838.519129][   T40] kauditd_printk_skb: 960 callbacks suppressed
[  838.519142][   T40] audit: type=1400 audit(1775597987.412:119826): avc:  denied  { ioctl } for  pid=23318 comm="syz.0.6837" path="/dev/dri/card1" dev="devtmpfs" ino=636 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  838.531648][   T40] audit: type=1400 audit(1775597987.412:119827): avc:  denied  { ioctl } for  pid=23318 comm="syz.0.6837" path="/dev/dri/card1" dev="devtmpfs" ino=636 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  838.545026][   T40] audit: type=1400 audit(1775597987.412:119828): avc:  denied  { ioctl } for  pid=23318 comm="syz.0.6837" path="/dev/dri/card1" dev="devtmpfs" ino=636 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  838.557333][   T40] audit: type=1400 audit(1775597987.412:119829): avc:  denied  { ioctl } for  pid=23318 comm="syz.0.6837" path="/dev/dri/card1" dev="devtmpfs" ino=636 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  838.565852][   T40] audit: type=1400 audit(1775597987.412:119830): avc:  denied  { ioctl } for  pid=23318 comm="syz.0.6837" path="/dev/dri/card1" dev="devtmpfs" ino=636 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  838.568812][ T5955] Bluetooth: hci3: Malformed MSFT vendor event: 0x02
[  838.579916][   T40] audit: type=1400 audit(1775597987.412:119831): avc:  denied  { ioctl } for  pid=23318 comm="syz.0.6837" path="/dev/dri/card1" dev="devtmpfs" ino=636 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  838.591710][   T40] audit: type=1400 audit(1775597987.452:119832): avc:  denied  { create } for  pid=23321 comm="syz.6.6838" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  838.600306][   T40] audit: type=1400 audit(1775597987.472:119833): avc:  denied  { read write } for  pid=18524 comm="syz-executor" name="loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  838.609957][   T40] audit: type=1400 audit(1775597987.472:119834): avc:  denied  { read write open } for  pid=18524 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  838.620128][   T40] audit: type=1400 audit(1775597987.472:119835): avc:  denied  { ioctl } for  pid=18524 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  838.877605][T23339] 9pnet_virtio: no channels available for device syz
[  839.009593][T23341] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  839.099505][T23341] netlink: 'syz.6.6847': attribute type 9 has an invalid length.
[  839.102205][T23341] netlink: 'syz.6.6847': attribute type 11 has an invalid length.
[  839.104973][T23341] netlink: 'syz.6.6847': attribute type 12 has an invalid length.
[  839.108302][T23341] netlink: 210020 bytes leftover after parsing attributes in process `syz.6.6847'.
[  839.111399][T23341] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6847'.
[  839.278719][T23348] ip6t_REJECT: ECHOREPLY is not supported
[  839.298202][T12825] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  839.304330][T12825] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  839.310685][T12825] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  839.314706][T12825] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  839.317863][T12825] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  839.406142][T23349] lo speed is unknown, defaulting to 1000
[  839.538777][ T1202] bridge_slave_1: left allmulticast mode
[  839.541085][ T1202] bridge_slave_1: left promiscuous mode
[  839.543159][ T1202] bridge0: port 2(bridge_slave_1) entered disabled state
[  839.579562][ T1202] bridge_slave_0: left allmulticast mode
[  839.584693][ T1202] bridge_slave_0: left promiscuous mode
[  839.595530][ T1202] bridge0: port 1(bridge_slave_0) entered disabled state
[  839.971683][ T1202] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  839.976006][ T1202] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  839.981923][ T1202] bond0 (unregistering): Released all slaves
[  839.988015][ T1202] bond1 (unregistering): (slave macvlan0): Releasing backup interface
[  839.993300][ T1202] bond1 (unregistering): Released all slaves
[  840.001765][ T1202] bond2 (unregistering): Released all slaves
[  840.010969][ T1202] bond3 (unregistering): (slave veth3): Releasing backup interface
[  840.015365][ T1202] bond3 (unregistering): Released all slaves
[  840.138386][ T1202] tipc: Left network mode
[  840.292048][T23365] 9pnet_virtio: no channels available for device syz
[  840.341879][T23349] chnl_net:caif_netlink_parms(): no params data found
[  840.461116][T12825] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  840.465959][T12825] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  840.470979][T12825] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  840.475404][T12825] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  840.485269][T12825] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  840.676359][T23349] bridge0: port 1(bridge_slave_0) entered blocking state
[  840.680007][T23349] bridge0: port 1(bridge_slave_0) entered disabled state
[  840.682571][T23349] bridge_slave_0: entered allmulticast mode
[  840.685952][T23349] bridge_slave_0: entered promiscuous mode
[  840.691992][T23349] bridge0: port 2(bridge_slave_1) entered blocking state
[  840.694287][T23349] bridge0: port 2(bridge_slave_1) entered disabled state
[  840.696788][T23349] bridge_slave_1: entered allmulticast mode
[  840.699994][T23349] bridge_slave_1: entered promiscuous mode
[  840.705668][T23367] lo speed is unknown, defaulting to 1000
[  840.745454][ T1202] hsr_slave_0: left promiscuous mode
[  840.750617][ T1202] hsr_slave_1: left promiscuous mode
[  840.752999][ T1202] batman_adv: batadv0: Removing interface: batadv_slave_0
[  840.755831][ T1202] batman_adv: batadv0: Removing interface: batadv_slave_1
[  840.922970][ T1202] team0 (unregistering): Port device team_slave_1 removed
[  840.930728][ T1202] team0 (unregistering): Port device team_slave_0 removed
[  841.038732][T23349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  841.065597][T23349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  841.130483][T23349] team0: Port device team_slave_0 added
[  841.143155][T23349] team0: Port device team_slave_1 added
[  841.195860][T23349] batman_adv: batadv0: Adding interface: batadv_slave_0
[  841.201553][T23349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  841.214042][T23349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  841.247287][T23349] batman_adv: batadv0: Adding interface: batadv_slave_1
[  841.250856][T23349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  841.260142][T23349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  841.310824][T23349] hsr_slave_0: entered promiscuous mode
[  841.314400][T23349] hsr_slave_1: entered promiscuous mode
[  841.328179][T23349] debugfs: 'hsr0' already exists in 'hsr'
[  841.330221][T23349] Cannot create hsr debugfs directory
[  841.387154][T12825] Bluetooth: hci1: command tx timeout
[  841.436725][T23367] chnl_net:caif_netlink_parms(): no params data found
[  841.614347][T23367] bridge0: port 1(bridge_slave_0) entered blocking state
[  841.616694][T23367] bridge0: port 1(bridge_slave_0) entered disabled state
[  841.637296][T23367] bridge_slave_0: entered allmulticast mode
[  841.640485][T23367] bridge_slave_0: entered promiscuous mode
[  841.692338][ T1202] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  841.706761][T23367] bridge0: port 2(bridge_slave_1) entered blocking state
[  841.711981][T23367] bridge0: port 2(bridge_slave_1) entered disabled state
[  841.714462][T23367] bridge_slave_1: entered allmulticast mode
[  841.718734][T23367] bridge_slave_1: entered promiscuous mode
[  841.761921][T23367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  841.772961][T23367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  841.803776][ T1202] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  841.842752][T23367] team0: Port device team_slave_0 added
[  841.857015][T23367] team0: Port device team_slave_1 added
[  841.899289][T23367] batman_adv: batadv0: Adding interface: batadv_slave_0
[  841.901865][T23367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  841.913460][T23367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  841.919995][T23349] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  841.949755][ T1202] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  841.986723][T23367] batman_adv: batadv0: Adding interface: batadv_slave_1
[  841.990475][T23367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  841.998626][T23367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  842.002026][T23349] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  842.010875][T23349] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  842.021332][T23349] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  842.050295][ T1202] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.112706][T23444] 9pnet_virtio: no channels available for device syz
[  842.147930][T23367] hsr_slave_0: entered promiscuous mode
[  842.150265][T23367] hsr_slave_1: entered promiscuous mode
[  842.153336][T23367] debugfs: 'hsr0' already exists in 'hsr'
[  842.155748][T23367] Cannot create hsr debugfs directory
[  842.388203][ T1202] bridge_slave_1: left allmulticast mode
[  842.390086][ T1202] bridge_slave_1: left promiscuous mode
[  842.392002][ T1202] bridge0: port 2(bridge_slave_1) entered disabled state
[  842.399680][ T1202] bridge_slave_0: left allmulticast mode
[  842.401766][ T1202] bridge_slave_0: left promiscuous mode
[  842.403909][ T1202] bridge0: port 1(bridge_slave_0) entered disabled state
[  842.475943][ T1202] bond2 (unregistering): (slave ip6gretap1): Releasing active interface
[  842.517311][T12825] Bluetooth: hci2: command tx timeout
[  842.707529][ T1202] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  842.712456][ T1202] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  842.718030][ T1202] bond0 (unregistering): Released all slaves
[  842.723152][ T1202] bond1 (unregistering): Released all slaves
[  842.730452][ T1202] bond2 (unregistering): Released all slaves
[  842.893454][T23367] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  842.924892][T23367] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  842.939423][T23367] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  842.950688][T23367] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  842.996658][T23349] 8021q: adding VLAN 0 to HW filter on device bond0
[  843.105942][T23349] 8021q: adding VLAN 0 to HW filter on device team0
[  843.134507][   T87] bridge0: port 1(bridge_slave_0) entered blocking state
[  843.137932][   T87] bridge0: port 1(bridge_slave_0) entered forwarding state
[  843.178768][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  843.182224][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  843.266198][ T1202] hsr_slave_0: left promiscuous mode
[  843.288247][ T1202] hsr_slave_1: left promiscuous mode
[  843.290606][ T1202] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  843.293231][ T1202] batman_adv: batadv0: Removing interface: batadv_slave_0
[  843.308025][ T1202] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  843.312368][ T1202] batman_adv: batadv0: Removing interface: batadv_slave_1
[  843.339847][ T1202] veth1_macvtap: left promiscuous mode
[  843.341803][ T1202] veth0_macvtap: left promiscuous mode
[  843.343800][ T1202] veth1_vlan: left promiscuous mode
[  843.345491][ T1202] veth0_vlan: left promiscuous mode
[  843.349614][T23479] 9pnet_virtio: no channels available for device syz
[  843.477910][T12825] Bluetooth: hci1: command tx timeout
[  843.527561][   T40] kauditd_printk_skb: 2134 callbacks suppressed
[  843.527580][   T40] audit: type=1400 audit(1775597992.412:121970): avc:  denied  { search } for  pid=23480 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1906 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  843.542833][   T40] audit: type=1400 audit(1775597992.422:121971): avc:  denied  { search } for  pid=23480 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1907 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  843.559125][T23480] audit: audit_backlog=65 > audit_backlog_limit=64
[  843.560027][   T40] audit: type=1400 audit(1775597992.422:121972): avc:  denied  { search } for  pid=23480 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  843.561253][T23480] audit: audit_lost=290 audit_rate_limit=0 audit_backlog_limit=64
[  843.561266][T23480] audit: backlog limit exceeded
[  843.561770][T23480] audit: audit_backlog=65 > audit_backlog_limit=64
[  843.570334][   T40] audit: type=1400 audit(1775597992.422:121973): avc:  denied  { search } for  pid=23480 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1902 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  843.570368][   T40] audit: type=1400 audit(1775597992.422:121974): avc:  denied  { search } for  pid=23480 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1906 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  843.570392][   T40] audit: type=1400 audit(1775597992.422:121975): avc:  denied  { read open } for  pid=23480 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1907 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  843.605259][ T1202] team0 (unregistering): Port device team_slave_1 removed
[  843.627848][ T1202] team0 (unregistering): Port device team_slave_0 removed
[  843.732791][   T87] smc: removing ib device lyz2
[  843.740387][T20257] lo speed is unknown, defaulting to 1000
[  843.742456][T20257] lyz2: Port: 1 Link DOWN
[  843.786473][T23367] 8021q: adding VLAN 0 to HW filter on device bond0
[  843.889962][T23367] 8021q: adding VLAN 0 to HW filter on device team0
[  843.902270][  T250] bridge0: port 1(bridge_slave_0) entered blocking state
[  843.904855][  T250] bridge0: port 1(bridge_slave_0) entered forwarding state
[  843.949084][  T637] bridge0: port 2(bridge_slave_1) entered blocking state
[  843.952148][  T637] bridge0: port 2(bridge_slave_1) entered forwarding state
[  844.199183][T23507] 9pnet_virtio: no channels available for device syz
[  844.246113][T23510] 9pnet_virtio: no channels available for device syz
[  844.450111][T23516] netlink: 44 bytes leftover after parsing attributes in process `syz.6.6893'.
[  844.541663][T23349] 8021q: adding VLAN 0 to HW filter on device batadv0
[  844.587810][T12825] Bluetooth: hci2: command tx timeout
[  844.638126][T23524] IPv6: NLM_F_REPLACE set, but no existing node found!
[  844.743136][T23367] 8021q: adding VLAN 0 to HW filter on device batadv0
[  845.168655][T23549] fuse: Bad value for 'fd'
[  845.401486][T23349] veth0_vlan: entered promiscuous mode
[  845.424169][T23349] veth1_vlan: entered promiscuous mode
[  845.502246][T23349] veth0_macvtap: entered promiscuous mode
[  845.511177][T23349] veth1_macvtap: entered promiscuous mode
[  845.547362][T12825] Bluetooth: hci1: command tx timeout
[  845.548714][T23349] batman_adv: batadv0: Interface activated: batadv_slave_0
[  845.579781][T23349] batman_adv: batadv0: Interface activated: batadv_slave_1
[  845.600884][   T79] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  845.604108][   T79] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  845.623401][   T79] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  845.626441][   T79] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  845.760081][   T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  845.763165][   T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  845.763843][T23367] veth0_vlan: entered promiscuous mode
[  845.817806][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  845.821470][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  845.825792][T23367] veth1_vlan: entered promiscuous mode
[  845.901760][T23367] veth0_macvtap: entered promiscuous mode
[  845.916767][T23367] veth1_macvtap: entered promiscuous mode
[  845.979697][T23367] batman_adv: batadv0: Interface activated: batadv_slave_0
[  845.998500][T23367] batman_adv: batadv0: Interface activated: batadv_slave_1
[  846.015894][   T13] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  846.024707][   T13] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  846.031154][   T13] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  846.034079][   T13] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  846.173416][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  846.178024][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  846.231352][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  846.236577][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  846.667406][T12825] Bluetooth: hci2: command tx timeout
[  846.691317][T23603] 9p: Unknown access argument 18446744073709551615: -34
[  846.808401][T23626] 9pnet_virtio: no channels available for device syz
[  847.187285][ T6021] usb 13-1: new high-speed USB device number 2 using dummy_hcd
[  847.328176][ T6021] usb 13-1: device descriptor read/64, error -71
[  847.484533][T23658] ip6t_REJECT: ECHOREPLY is not supported
[  847.551097][T23664] netlink: 32 bytes leftover after parsing attributes in process `syz.7.6932'.
[  847.577315][ T6021] usb 13-1: new high-speed USB device number 3 using dummy_hcd
[  847.627231][T12825] Bluetooth: hci1: command tx timeout
[  847.717563][ T6021] usb 13-1: device descriptor read/64, error -71
[  847.827450][ T6021] usb usb13-port1: attempt power cycle
[  847.883448][T23686] 9pnet_virtio: no channels available for device syz
[  847.966100][T23690] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6943'.
[  848.004556][T23692] netlink: 'syz.9.6944': attribute type 1 has an invalid length.
[  848.111632][T23702] 9pnet_virtio: no channels available for device syz
[  848.187167][ T6021] usb 13-1: new high-speed USB device number 4 using dummy_hcd
[  848.217933][ T6021] usb 13-1: device descriptor read/8, error -71
[  848.274940][T23707] FAULT_INJECTION: forcing a failure.
[  848.274940][T23707] name failslab, interval 1, probability 0, space 0, times 0
[  848.279442][T23707] CPU: 0 UID: 0 PID: 23707 Comm: syz.9.6948 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  848.279466][T23707] Tainted: [L]=SOFTLOCKUP
[  848.279470][T23707] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  848.279477][T23707] Call Trace:
[  848.279481][T23707]  <TASK>
[  848.279486][T23707]  dump_stack_lvl+0x100/0x190
[  848.279511][T23707]  should_fail_ex.cold+0x5/0xa
[  848.279527][T23707]  should_failslab+0xc2/0x120
[  848.279540][T23707]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  848.279557][T23707]  ? do_getname+0x35/0x390
[  848.279574][T23707]  do_getname+0x35/0x390
[  848.279591][T23707]  user_path_at+0x26/0x60
[  848.279602][T23707]  __x64_sys_mount+0x1fb/0x310
[  848.279618][T23707]  ? __pfx___x64_sys_mount+0x10/0x10
[  848.279636][T23707]  do_syscall_64+0x106/0xf80
[  848.279647][T23707]  ? clear_bhb_loop+0x40/0x90
[  848.279663][T23707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  848.279680][T23707] RIP: 0033:0x7f3751d9c819
[  848.279693][T23707] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  848.279710][T23707] RSP: 002b:00007f3752bf4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  848.279728][T23707] RAX: ffffffffffffffda RBX: 00007f3752015fa0 RCX: 00007f3751d9c819
[  848.279741][T23707] RDX: 0000200000004500 RSI: 00002000000000c0 RDI: 0000000000000000
[  848.279751][T23707] RBP: 00007f3752bf4090 R08: 0000200000000100 R09: 0000000000000000
[  848.279763][T23707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  848.279772][T23707] R13: 00007f3752016038 R14: 00007f3752015fa0 R15: 00007fff4f592c08
[  848.279790][T23707]  </TASK>
[  848.477398][ T6021] usb 13-1: new high-speed USB device number 5 using dummy_hcd
[  848.497898][ T6021] usb 13-1: device descriptor read/8, error -71
[  848.608299][ T6021] usb usb13-port1: unable to enumerate USB device
[  848.646692][T23722] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048)
[  848.721580][   T40] kauditd_printk_skb: 1573 callbacks suppressed
[  848.721602][   T40] audit: type=1400 audit(1775597997.612:123547): avc:  denied  { sys_module } for  pid=23723 comm="syz.6.6954" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  848.748265][T12825] Bluetooth: hci2: command tx timeout
[  848.846242][   T40] audit: type=1400 audit(1775597997.732:123548): avc:  denied  { name_bind } for  pid=23735 comm="syz.6.6964" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  848.855568][   T40] audit: type=1400 audit(1775597997.732:123549): avc:  denied  { node_bind } for  pid=23735 comm="syz.6.6964" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  848.901821][   T40] audit: type=1400 audit(1775597997.792:123550): avc:  denied  { create } for  pid=23735 comm="syz.6.6964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  848.914144][   T40] audit: type=1400 audit(1775597997.802:123551): avc:  denied  { setopt } for  pid=23735 comm="syz.6.6964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  848.921260][   T40] audit: type=1400 audit(1775597997.802:123552): avc:  denied  { getopt } for  pid=23735 comm="syz.6.6964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  849.084720][T23752] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6962'.
[  849.089005][T23752] netlink: 60 bytes leftover after parsing attributes in process `syz.9.6962'.
[  849.140954][   T40] audit: type=1400 audit(1775597998.032:123553): avc:  denied  { create } for  pid=23758 comm="syz.7.6966" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  849.148171][   T40] audit: type=1400 audit(1775597998.032:123554): avc:  denied  { getopt } for  pid=23758 comm="syz.7.6966" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  849.155317][   T40] audit: type=1400 audit(1775597998.042:123555): avc:  denied  { append } for  pid=23760 comm="syz.9.6967" name="cec9" dev="devtmpfs" ino=1027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  849.191914][T23764] 9pnet_virtio: no channels available for device syz
[  849.221041][   T40] audit: type=1400 audit(1775597998.112:123556): avc:  denied  { create } for  pid=23766 comm="syz.7.6969" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  849.429591][T23785] 9pnet_virtio: no channels available for device syz
[  849.466696][T23788] 9pnet_virtio: no channels available for device syz
[  849.710141][T23810] 9pnet_virtio: no channels available for device syz
[  849.721632][T23814] netlink: 72 bytes leftover after parsing attributes in process `syz.9.6990'.
[  849.772438][T23818] bridge: RTM_NEWNEIGH with invalid state 0x4
[  849.860803][T23826] netlink: 52 bytes leftover after parsing attributes in process `syz.6.6996'.
[  849.895429][T23832] 9pnet_virtio: no channels available for device syz
[  849.943579][T23838] netlink: 1752 bytes leftover after parsing attributes in process `syz.6.7002'.
[  850.059879][ T6021] IPVS: starting estimator thread 0...
[  850.083618][T23855] 9p: Could not find request transport: v
[  850.147199][T23856] IPVS: using max 43 ests per chain, 103200 per kthread
[  850.180150][T23868] 9pnet_virtio: no channels available for device syz
[  850.220872][T23870] netlink: 1752 bytes leftover after parsing attributes in process `syz.6.7013'.
[  850.391468][T23889] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000
[  850.552784][T23898] kAFS: unable to lookup cell 'ÖT>Äë@hu¶'òô¥Ësyz0'
[  850.673885][T23902] netlink: 1752 bytes leftover after parsing attributes in process `syz.6.7024'.
[  851.097681][T23737] usb 12-1: new high-speed USB device number 31 using dummy_hcd
[  851.268442][T23737] usb 12-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  851.271237][T23737] usb 12-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  851.279754][T23737] usb 12-1: config 1 has 1 interface, different from the descriptor's value: 66
[  851.296397][T23737] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  851.297153][T23923] netlink: 56 bytes leftover after parsing attributes in process `syz.8.7034'.
[  851.305716][T23737] usb 12-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  851.311680][T23737] usb 12-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  851.320397][T23737] usb 12-1: Product: syz
[  851.322229][T23737] usb 12-1: Manufacturer: syz
[  851.341539][T23737] cdc_wdm 12-1:1.0: skipping garbage
[  851.343387][T23737] cdc_wdm 12-1:1.0: skipping garbage
[  851.350813][T23737] cdc_wdm 12-1:1.0: cdc-wdm0: USB WDM device
[  851.352857][T23737] cdc_wdm 12-1:1.0: Unknown control protocol
[  851.413546][T23938] netlink: 'syz.9.7040': attribute type 6 has an invalid length.
[  851.416599][T23939] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7041'.
[  851.423876][T23939] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7041'.
[  851.432871][T23939] geneve2: entered promiscuous mode
[  851.435096][T23939] geneve2: entered allmulticast mode
[  851.441739][T23505] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  851.445337][T23505] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  851.449657][T23505] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  851.453140][T23505] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  851.491964][T23947] netlink: 'syz.9.7045': attribute type 29 has an invalid length.
[  851.549416][T23912] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7027'.
[  851.553356][T23912] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7027'.
[  851.556723][T23912] netlink: 'syz.7.7027': attribute type 12 has an invalid length.
[  851.669774][T23737] usb 12-1: USB disconnect, device number 31
[  851.942406][T23947] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  851.947219][T12825] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  851.947724][ T5955] Bluetooth: hci0: command 0x0c1a tx timeout
[  852.025155][T23971] 9pnet_virtio: no channels available for device syz
[  852.043029][T23966] FAULT_INJECTION: forcing a failure.
[  852.043029][T23966] name failslab, interval 1, probability 0, space 0, times 0
[  852.049536][T23966] CPU: 0 UID: 0 PID: 23966 Comm: syz.8.7048 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  852.049565][T23966] Tainted: [L]=SOFTLOCKUP
[  852.049570][T23966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  852.049580][T23966] Call Trace:
[  852.049586][T23966]  <TASK>
[  852.049593][T23966]  dump_stack_lvl+0x100/0x190
[  852.049628][T23966]  should_fail_ex.cold+0x5/0xa
[  852.049651][T23966]  should_failslab+0xc2/0x120
[  852.049669][T23966]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  852.049692][T23966]  ? __kvm_mmu_topup_memory_cache+0x18f/0x5f0
[  852.049722][T23966]  __kvm_mmu_topup_memory_cache+0x18f/0x5f0
[  852.049754][T23966]  mmu_topup_memory_caches+0x25/0x170
[  852.049774][T23966]  kvm_mmu_load+0xd6/0x23e0
[  852.049793][T23966]  ? kvm_apic_has_interrupt+0xfe/0x1f0
[  852.049816][T23966]  ? __pfx_kvm_apic_has_interrupt+0x10/0x10
[  852.049841][T23966]  ? __pfx_kvm_mmu_load+0x10/0x10
[  852.049858][T23966]  ? kvm_cpu_has_injectable_intr+0x9c/0x1a0
[  852.049882][T23966]  ? kvm_check_and_inject_events+0x961/0x10c0
[  852.049901][T23966]  ? record_steal_time+0x410/0xbe0
[  852.049926][T23966]  vcpu_run+0x39f4/0x5ca0
[  852.049954][T23966]  ? __pfx_vcpu_run+0x10/0x10
[  852.049981][T23966]  ? rcu_is_watching+0x12/0xc0
[  852.050005][T23966]  ? kvm_arch_vcpu_ioctl_run+0x565/0x1830
[  852.050024][T23966]  kvm_arch_vcpu_ioctl_run+0x565/0x1830
[  852.050049][T23966]  kvm_vcpu_ioctl+0x730/0x1730
[  852.050075][T23966]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  852.050120][T23966]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  852.050147][T23966]  ? do_vfs_ioctl+0x226/0x13e0
[  852.050172][T23966]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  852.050196][T23966]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  852.050229][T23966]  ? __fget_files+0x215/0x3d0
[  852.050246][T23966]  ? hook_file_ioctl_common+0x146/0x410
[  852.050270][T23966]  ? selinux_file_ioctl+0x139/0x290
[  852.050292][T23966]  ? selinux_file_ioctl+0xb4/0x290
[  852.050316][T23966]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  852.050340][T23966]  __x64_sys_ioctl+0x18e/0x210
[  852.050366][T23966]  do_syscall_64+0x106/0xf80
[  852.050383][T23966]  ? clear_bhb_loop+0x40/0x90
[  852.050403][T23966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  852.050420][T23966] RIP: 0033:0x7f609f59c819
[  852.050436][T23966] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  852.050450][T23966] RSP: 002b:00007f60a03a4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  852.050468][T23966] RAX: ffffffffffffffda RBX: 00007f609f815fa0 RCX: 00007f609f59c819
[  852.050478][T23966] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  852.050488][T23966] RBP: 00007f60a03a4090 R08: 0000000000000000 R09: 0000000000000000
[  852.050502][T23966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  852.050512][T23966] R13: 00007f609f816038 R14: 00007f609f815fa0 R15: 00007ffc7bc10858
[  852.050535][T23966]  </TASK>
[  852.075076][T23975] 9pnet_virtio: no channels available for device syz
[  852.692574][T24019] ALSA: mixer_oss: invalid OSS volume ''
[  853.140338][T24062] 9pnet_virtio: no channels available for device syz
[  853.430515][T24082] tmpfs: Unknown parameter '18446744073709551615'
[  853.685662][T24082] syz.9.7096 (24082): drop_caches: 2
[  853.805729][T24112] befs: (loop8): No write support. Marking filesystem read-only
[  853.810345][T24112] befs: (loop8): unable to read superblock
[  854.092320][T24125] 9p: Could not find request transport: fdMrfdno=&B`ƒÉsü0x0000000000000005
[  854.325974][T24138] 9pnet_virtio: no channels available for device syz
[  854.550936][T24160] forcing mempool usage for bio_alloc_bioset+0x392/0x850
[  854.592996][T24164] FAULT_INJECTION: forcing a failure.
[  854.592996][T24164] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  854.602280][T24164] CPU: 3 UID: 0 PID: 24164 Comm: syz.9.7127 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  854.602301][T24164] Tainted: [L]=SOFTLOCKUP
[  854.602315][T24164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  854.602324][T24164] Call Trace:
[  854.602330][T24164]  <TASK>
[  854.602335][T24164]  dump_stack_lvl+0x100/0x190
[  854.602361][T24164]  should_fail_ex.cold+0x5/0xa
[  854.602378][T24164]  _copy_to_user+0x32/0xd0
[  854.602395][T24164]  msr_read+0x14e/0x250
[  854.602414][T24164]  ? __pfx_msr_read+0x10/0x10
[  854.602429][T24164]  ? bpf_lsm_file_permission+0x9/0x10
[  854.602447][T24164]  ? security_file_permission+0x76/0x210
[  854.602467][T24164]  ? rw_verify_area+0xce/0x6d0
[  854.602484][T24164]  ? __pfx_msr_read+0x10/0x10
[  854.602499][T24164]  vfs_read+0x1e4/0xb30
[  854.602512][T24164]  ? __pfx_vfs_read+0x10/0x10
[  854.602523][T24164]  ? find_held_lock+0x2b/0x80
[  854.602538][T24164]  ? __fget_files+0x215/0x3d0
[  854.602551][T24164]  ? __fget_files+0x215/0x3d0
[  854.602565][T24164]  ? __fget_files+0x21f/0x3d0
[  854.602581][T24164]  ksys_read+0x12a/0x250
[  854.602592][T24164]  ? __pfx_ksys_read+0x10/0x10
[  854.602606][T24164]  do_syscall_64+0x106/0xf80
[  854.602618][T24164]  ? clear_bhb_loop+0x40/0x90
[  854.602631][T24164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  854.602643][T24164] RIP: 0033:0x7f3751d9c819
[  854.602655][T24164] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  854.602666][T24164] RSP: 002b:00007f3752bf4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  854.602678][T24164] RAX: ffffffffffffffda RBX: 00007f3752015fa0 RCX: 00007f3751d9c819
[  854.602685][T24164] RDX: 0000000000019000 RSI: 0000200000002000 RDI: 0000000000000005
[  854.602692][T24164] RBP: 00007f3752bf4090 R08: 0000000000000000 R09: 0000000000000000
[  854.602699][T24164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  854.602706][T24164] R13: 00007f3752016038 R14: 00007f3752015fa0 R15: 00007fff4f592c08
[  854.602720][T24164]  </TASK>
[  854.663535][   T40] kauditd_printk_skb: 59 callbacks suppressed
[  854.663549][   T40] audit: type=1400 audit(1775598003.552:123616): avc:  denied  { create } for  pid=24166 comm="syz.7.7129" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  854.701900][   T40] audit: type=1400 audit(1775598003.592:123617): avc:  denied  { write } for  pid=24166 comm="syz.7.7129" name="file0" dev="tmpfs" ino=2012 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  854.709651][   T40] audit: type=1400 audit(1775598003.592:123618): avc:  denied  { open } for  pid=24166 comm="syz.7.7129" path="/358/file0" dev="tmpfs" ino=2012 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  854.727460][   T40] audit: type=1400 audit(1775598003.592:123619): avc:  denied  { ioctl } for  pid=24166 comm="syz.7.7129" path="/358/file0" dev="tmpfs" ino=2012 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  854.797768][   T40] audit: type=1400 audit(1775598003.682:123620): avc:  denied  { unlink } for  pid=20379 comm="syz-executor" name="file0" dev="tmpfs" ino=2012 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  854.839173][   T40] audit: type=1400 audit(1775598003.732:123621): avc:  denied  { setopt } for  pid=24177 comm="syz.7.7134" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  854.846467][   T40] audit: type=1400 audit(1775598003.732:123622): avc:  denied  { create } for  pid=24173 comm="syz.9.7133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  854.855089][   T40] audit: type=1400 audit(1775598003.732:123623): avc:  denied  { setopt } for  pid=24173 comm="syz.9.7133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  854.863691][   T40] audit: type=1400 audit(1775598003.732:123624): avc:  denied  { create } for  pid=24173 comm="syz.9.7133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  854.871458][   T40] audit: type=1400 audit(1775598003.732:123625): avc:  denied  { ioctl } for  pid=24173 comm="syz.9.7133" path="socket:[137340]" dev="sockfs" ino=137340 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  855.201437][T24210] 9pnet_virtio: no channels available for device syz
[  855.211004][T24210] __nla_validate_parse: 13 callbacks suppressed
[  855.211021][T24210] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7148'.
[  855.230989][T24212] netlink: 168 bytes leftover after parsing attributes in process `syz.9.7149'.
[  855.249095][T24212] netlink: 12 bytes leftover after parsing attributes in process `syz.9.7149'.
[  855.275862][T24212] netlink: 28 bytes leftover after parsing attributes in process `syz.9.7149'.
[  855.434937][T24222] netlink: 40 bytes leftover after parsing attributes in process `syz.7.7154'.
[  855.443071][T24222] 9p: Bad value for 'rfdno'
[  855.620676][T24233] netlink: 24 bytes leftover after parsing attributes in process `syz.9.7158'.
[  855.710562][T24233] fuse: Bad value for 'fd'
[  855.888573][T24251] 9pnet_virtio: no channels available for device syz
[  856.217616][T24273] sctp: [Deprecated]: syz.8.7174 (pid 24273) Use of struct sctp_assoc_value in delayed_ack socket option.
[  856.217616][T24273] Use struct sctp_sack_info instead
[  856.227530][T24273] sctp: [Deprecated]: syz.8.7174 (pid 24273) Use of struct sctp_assoc_value in delayed_ack socket option.
[  856.227530][T24273] Use struct sctp_sack_info instead
[  856.236599][T24273] sctp: [Deprecated]: syz.8.7174 (pid 24273) Use of struct sctp_assoc_value in delayed_ack socket option.
[  856.236599][T24273] Use struct sctp_sack_info instead
[  856.236675][T24273] sctp: [Deprecated]: syz.8.7174 (pid 24273) Use of struct sctp_assoc_value in delayed_ack socket option.
[  856.236675][T24273] Use struct sctp_sack_info instead
[  856.236710][T24273] sctp: [Deprecated]: syz.8.7174 (pid 24273) Use of struct sctp_assoc_value in delayed_ack socket option.
[  856.236710][T24273] Use struct sctp_sack_info instead
[  856.236744][T24273] sctp: [Deprecated]: syz.8.7174 (pid 24273) Use of struct sctp_assoc_value in delayed_ack socket option.
[  856.236744][T24273] Use struct sctp_sack_info instead
[  856.236778][T24273] sctp: [Deprecated]: syz.8.7174 (pid 24273) Use of struct sctp_assoc_value in delayed_ack socket option.
[  856.236778][T24273] Use struct sctp_sack_info instead
[  856.236813][T24273] sctp: [Deprecated]: syz.8.7174 (pid 24273) Use of struct sctp_assoc_value in delayed_ack socket option.
[  856.236813][T24273] Use struct sctp_sack_info instead
[  856.236847][T24273] sctp: [Deprecated]: syz.8.7174 (pid 24273) Use of struct sctp_assoc_value in delayed_ack socket option.
[  856.236847][T24273] Use struct sctp_sack_info instead
[  856.236878][T24273] sctp: [Deprecated]: syz.8.7174 (pid 24273) Use of struct sctp_assoc_value in delayed_ack socket option.
[  856.236878][T24273] Use struct sctp_sack_info instead
[  856.542356][T24299] netlink: 44 bytes leftover after parsing attributes in process `syz.6.7183'.
[  856.591688][T24302] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  856.619976][T24297] FAULT_INJECTION: forcing a failure.
[  856.619976][T24297] name failslab, interval 1, probability 0, space 0, times 0
[  856.638490][T24297] CPU: 2 UID: 0 PID: 24297 Comm: syz.7.7182 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  856.638521][T24297] Tainted: [L]=SOFTLOCKUP
[  856.638528][T24297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  856.638539][T24297] Call Trace:
[  856.638545][T24297]  <TASK>
[  856.638553][T24297]  dump_stack_lvl+0x100/0x190
[  856.638590][T24297]  should_fail_ex.cold+0x5/0xa
[  856.638614][T24297]  should_failslab+0xc2/0x120
[  856.638634][T24297]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  856.638661][T24297]  ? __kvm_mmu_topup_memory_cache+0x18f/0x5f0
[  856.638694][T24297]  __kvm_mmu_topup_memory_cache+0x18f/0x5f0
[  856.638729][T24297]  mmu_topup_memory_caches+0x25/0x170
[  856.638751][T24297]  kvm_mmu_load+0xd6/0x23e0
[  856.638770][T24297]  ? kvm_apic_has_interrupt+0xfe/0x1f0
[  856.638795][T24297]  ? __pfx_kvm_apic_has_interrupt+0x10/0x10
[  856.638823][T24297]  ? __pfx_kvm_mmu_load+0x10/0x10
[  856.638840][T24297]  ? kvm_cpu_has_injectable_intr+0x9c/0x1a0
[  856.638892][T24297]  ? kvm_check_and_inject_events+0x961/0x10c0
[  856.638912][T24297]  ? record_steal_time+0x410/0xbe0
[  856.638940][T24297]  vcpu_run+0x39f4/0x5ca0
[  856.638970][T24297]  ? __pfx_vcpu_run+0x10/0x10
[  856.638999][T24297]  ? rcu_is_watching+0x12/0xc0
[  856.639024][T24297]  ? kvm_arch_vcpu_ioctl_run+0x565/0x1830
[  856.639045][T24297]  kvm_arch_vcpu_ioctl_run+0x565/0x1830
[  856.639073][T24297]  kvm_vcpu_ioctl+0x730/0x1730
[  856.639101][T24297]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  856.639127][T24297]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  856.639154][T24297]  ? do_vfs_ioctl+0x226/0x13e0
[  856.639180][T24297]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  856.639206][T24297]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  856.639243][T24297]  ? __fget_files+0x215/0x3d0
[  856.639260][T24297]  ? hook_file_ioctl_common+0x146/0x410
[  856.639286][T24297]  ? selinux_file_ioctl+0x139/0x290
[  856.639310][T24297]  ? selinux_file_ioctl+0xb4/0x290
[  856.639337][T24297]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  856.639363][T24297]  __x64_sys_ioctl+0x18e/0x210
[  856.639392][T24297]  do_syscall_64+0x106/0xf80
[  856.639414][T24297]  ? clear_bhb_loop+0x40/0x90
[  856.639436][T24297]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  856.639453][T24297] RIP: 0033:0x7fde0739c819
[  856.639469][T24297] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  856.639485][T24297] RSP: 002b:00007fde081eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  856.639503][T24297] RAX: ffffffffffffffda RBX: 00007fde07615fa0 RCX: 00007fde0739c819
[  856.639515][T24297] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  856.639525][T24297] RBP: 00007fde081eb090 R08: 0000000000000000 R09: 0000000000000000
[  856.639535][T24297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  856.639545][T24297] R13: 00007fde07616038 R14: 00007fde07615fa0 R15: 00007ffea5b727e8
[  856.639569][T24297]  </TASK>
[  856.805867][T24321] Cannot find add_set index 0 as target
[  856.964996][T24329] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7194'.
[  856.968633][T24329] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7194'.
[  856.971759][T24329] netlink: 'syz.7.7194': attribute type 19 has an invalid length.
[  857.199010][T24354] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7204'.
[  857.279289][T24364] 9pnet_virtio: no channels available for device syz
[  857.424820][T24382] xt_hashlimit: max too large, truncated to 1048576
[  857.429399][T24382] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  857.472527][T24389] overlayfs: failed to clone upperpath
[  857.669677][T24411] 9pnet_virtio: no channels available for device syz
[  857.681567][T24416] sp0: Synchronizing with TNC
[  857.686440][T24416] 9pnet_virtio: no channels available for device syz
[  857.693689][T24412] [U] è
[  857.857997][T24432] binder: 24431:24432 ioctl c0306201 2000000003c0 returned -22
[  857.900787][T24439] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  858.189363][T24483] 9pnet_virtio: no channels available for device syz
[  858.283561][ T5955] Bluetooth: Unexpected continuation frame (len 18)
[  858.345968][T24505] kAFS: unparsable volume name
[  858.346384][T24502] netlink: 'syz.9.7248': attribute type 11 has an invalid length.
[  858.506615][T24523] batman_adv: batadv0: Adding interface: dummy0
[  858.511676][T24523] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  858.520359][T24523] batman_adv: batadv0: Interface activated: dummy0
[  858.559455][T24514] "syz.8.7250" (24514) uses obsolete ecb(arc4) skcipher
[  858.676920][T24542] IPv6: syztnl0: Disabled Multicast RS
[  858.849260][T24558] mac80211_hwsim hwsim34 ªªªªª;: renamed from wlan0 (while UP)
[  859.089856][T24585] 9pnet_virtio: no channels available for device syz
[  859.137928][T24588] 9pnet_virtio: no channels available for device syz
[  859.801205][T24648] bridge0: port 3(ipvlan2) entered blocking state
[  859.803417][T24648] bridge0: port 3(ipvlan2) entered disabled state
[  859.805647][T24648] ipvlan2: entered allmulticast mode
[  859.812990][T24648] bridge0: entered allmulticast mode
[  859.820412][T24648] ipvlan2: left allmulticast mode
[  859.822234][T24648] bridge0: left allmulticast mode
[  860.069335][T24695] netlink: 'syz.8.7305': attribute type 8 has an invalid length.
[  860.196027][T24703] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000
[  860.236051][   T40] kauditd_printk_skb: 46 callbacks suppressed
[  860.236069][   T40] audit: type=1400 audit(1775598009.122:123672): avc:  denied  { read } for  pid=24704 comm="syz.7.7311" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  860.246712][   T40] audit: type=1400 audit(1775598009.122:123673): avc:  denied  { open } for  pid=24704 comm="syz.7.7311" path="/412/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  860.272972][   T40] audit: type=1400 audit(1775598009.162:123674): avc:  denied  { ioctl } for  pid=24704 comm="syz.7.7311" path="/412/file0/file0" dev="fuse" ino=64 ioctlcmd=0x923 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  860.297161][   T34] usb 14-1: new high-speed USB device number 2 using dummy_hcd
[  860.301590][T24714] netlink: 'syz.8.7314': attribute type 33 has an invalid length.
[  860.305547][T24714] __nla_validate_parse: 6 callbacks suppressed
[  860.305560][T24714] netlink: 152 bytes leftover after parsing attributes in process `syz.8.7314'.
[  860.315693][   T40] audit: type=1400 audit(1775598009.202:123675): avc:  denied  { read } for  pid=24713 comm="syz.8.7314" path="socket:[136151]" dev="sockfs" ino=136151 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  860.354915][   T40] audit: type=1400 audit(1775598009.242:123676): avc:  denied  { bind } for  pid=24718 comm="syz.8.7316" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  860.363764][   T40] audit: type=1400 audit(1775598009.242:123677): avc:  denied  { write } for  pid=24718 comm="syz.8.7316" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  860.367366][T24720] affs: No valid root block on device nullb0
[  860.376834][   T40] audit: type=1400 audit(1775598009.252:123678): avc:  denied  { mounton } for  pid=24718 comm="syz.8.7316" path="/syzcgroup/unified/syz8" dev="cgroup2" ino=378 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  860.400968][T24720] bond1 (unregistering): Released all slaves
[  860.458878][   T34] usb 14-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  860.464387][   T34] usb 14-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  860.479679][   T34] usb 14-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  860.483748][   T34] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  860.484898][T24727] netlink: 72 bytes leftover after parsing attributes in process `syz.6.7318'.
[  860.497355][   T34] usb 14-1: config 0 descriptor??
[  860.508690][   T34] usbhid 14-1:0.0: couldn't find an input interrupt endpoint
[  860.599422][T24738] 9pnet_virtio: no channels available for device syz
[  860.640909][T24741] Cannot find del_set index 4 as target
[  860.717280][T24745] FAULT_INJECTION: forcing a failure.
[  860.717280][T24745] name failslab, interval 1, probability 0, space 0, times 0
[  860.721536][T24745] CPU: 1 UID: 0 PID: 24745 Comm: syz.8.7326 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  860.721564][T24745] Tainted: [L]=SOFTLOCKUP
[  860.721572][T24745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  860.721583][T24745] Call Trace:
[  860.721590][T24745]  <TASK>
[  860.721597][T24745]  dump_stack_lvl+0x100/0x190
[  860.721624][T24745]  should_fail_ex.cold+0x5/0xa
[  860.721640][T24745]  should_failslab+0xc2/0x120
[  860.721654][T24745]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  860.721673][T24745]  ? __kvm_mmu_topup_memory_cache+0x18f/0x5f0
[  860.721694][T24745]  __kvm_mmu_topup_memory_cache+0x18f/0x5f0
[  860.721717][T24745]  mmu_topup_memory_caches+0x25/0x170
[  860.721731][T24745]  kvm_mmu_load+0xd6/0x23e0
[  860.721743][T24745]  ? kvm_apic_has_interrupt+0xfe/0x1f0
[  860.721759][T24745]  ? __pfx_kvm_apic_has_interrupt+0x10/0x10
[  860.721777][T24745]  ? __pfx_kvm_mmu_load+0x10/0x10
[  860.721789][T24745]  ? kvm_cpu_has_injectable_intr+0x9c/0x1a0
[  860.721808][T24745]  ? kvm_check_and_inject_events+0x961/0x10c0
[  860.721821][T24745]  ? record_steal_time+0x410/0xbe0
[  860.721839][T24745]  vcpu_run+0x39f4/0x5ca0
[  860.721858][T24745]  ? __pfx_vcpu_run+0x10/0x10
[  860.721877][T24745]  ? rcu_is_watching+0x12/0xc0
[  860.721955][T24745]  ? kvm_arch_vcpu_ioctl_run+0x565/0x1830
[  860.721969][T24745]  kvm_arch_vcpu_ioctl_run+0x565/0x1830
[  860.721987][T24745]  kvm_vcpu_ioctl+0x730/0x1730
[  860.722006][T24745]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  860.722023][T24745]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  860.722041][T24745]  ? do_vfs_ioctl+0x226/0x13e0
[  860.722059][T24745]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  860.722078][T24745]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  860.722102][T24745]  ? __fget_files+0x215/0x3d0
[  860.722114][T24745]  ? hook_file_ioctl_common+0x146/0x410
[  860.722130][T24745]  ? selinux_file_ioctl+0x139/0x290
[  860.722146][T24745]  ? selinux_file_ioctl+0xb4/0x290
[  860.722164][T24745]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  860.722182][T24745]  __x64_sys_ioctl+0x18e/0x210
[  860.722201][T24745]  do_syscall_64+0x106/0xf80
[  860.722214][T24745]  ? clear_bhb_loop+0x40/0x90
[  860.722229][T24745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  860.722246][T24745] RIP: 0033:0x7f609f59c819
[  860.722257][T24745] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  860.722268][T24745] RSP: 002b:00007f60a03a4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  860.722281][T24745] RAX: ffffffffffffffda RBX: 00007f609f815fa0 RCX: 00007f609f59c819
[  860.722288][T24745] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  860.722294][T24745] RBP: 00007f60a03a4090 R08: 0000000000000000 R09: 0000000000000000
[  860.722301][T24745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  860.722308][T24745] R13: 00007f609f816038 R14: 00007f609f815fa0 R15: 00007ffc7bc10858
[  860.722322][T24745]  </TASK>
[  860.842643][   T40] audit: type=1400 audit(1775598009.732:123679): avc:  denied  { create } for  pid=24746 comm="syz.6.7327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  860.849920][   T40] audit: type=1400 audit(1775598009.732:123680): avc:  denied  { setopt } for  pid=24746 comm="syz.6.7327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  860.890591][   T40] audit: type=1400 audit(1775598009.782:123681): avc:  denied  { ioctl } for  pid=24746 comm="syz.6.7327" path="socket:[139368]" dev="sockfs" ino=139368 ioctlcmd=0x6e88 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  860.933842][T24752] netlink: 1760 bytes leftover after parsing attributes in process `syz.8.7328'.
[  861.022422][ T5955] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  861.029301][ T5955] Bluetooth: hci0: command 0x0c1a tx timeout
[  861.082126][   T49] usb 14-1: USB disconnect, device number 2
[  861.134669][T24765] netlink: 1680 bytes leftover after parsing attributes in process `syz.6.7333'.
[  861.135854][T24764] "syz.9.7332" (24764) uses obsolete ecb(arc4) skcipher
[  861.319462][T24781] 9pnet_virtio: no channels available for device syz
[  861.349960][T24778] netlink: 12 bytes leftover after parsing attributes in process `syz.8.7337'.
[  861.383121][T24778] 8021q: adding VLAN 0 to HW filter on device bond1
[  861.414321][T24778] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24778 comm=syz.8.7337
[  861.450195][T24778] bond1: (slave bridge2): Enslaving as an active interface with an up link
[  861.519255][T24776] block nbd8: shutting down sockets
[  861.769480][T24810] netlink: 104 bytes leftover after parsing attributes in process `syz.6.7349'.
[  862.126921][T24820] netlink: 1688 bytes leftover after parsing attributes in process `syz.7.7352'.
[  862.336015][T24830] netlink: 24 bytes leftover after parsing attributes in process `syz.7.7357'.
[  862.650211][T24859] xt_recent: hitcount (134217728) is larger than allowed maximum (65535)
[  862.684018][T24865] 9pnet_virtio: no channels available for device syz
[  862.724905][T24867] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  862.931251][T24891] netlink: 'syz.8.7381': attribute type 10 has an invalid length.
[  862.938932][T24891] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  862.942431][T24891] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  862.946549][T24891] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  862.983389][T24894] netlink: 28 bytes leftover after parsing attributes in process `syz.6.7382'.
[  862.993178][T24898] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=24898 comm=syz.8.7383
[  862.993473][T24896] MTD: Attempt to mount non-MTD device "/dev/loop9"
[  863.001786][T24896] cramfs: wrong magic
[  863.005642][T24896] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7384'.
[  863.316533][T24919] netlink: 'syz.6.7391': attribute type 72 has an invalid length.
[  863.589947][T24940] 9pnet_virtio: no channels available for device syz
[  863.638929][T24942] netlink: 'syz.6.7402': attribute type 10 has an invalid length.
[  863.645160][T24942] team0: Port device geneve0 added
[  863.711296][T24944] overlayfs: failed to clone upperpath
[  864.107379][T24960] 9pnet_virtio: no channels available for device syz
[  864.243497][T24964] netlink: 'syz.6.7419': attribute type 6 has an invalid length.
[  864.246526][T24964] netlink: 'syz.6.7419': attribute type 5 has an invalid length.
[  864.257344][T24964] netlink: 'syz.6.7419': attribute type 4 has an invalid length.
[  864.336140][T24968] Cannot find del_set index 4 as target
[  864.487562][T24975] netlink: 'syz.6.7416': attribute type 11 has an invalid length.
[  864.533555][T24977] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  864.536864][T24979] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  864.542465][T24977] overlayfs: maximum fs stacking depth exceeded
[  864.593188][T24977] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  864.607826][T24977] overlayfs: failed to look up (tracing) for ino (-66)
[  864.608091][T24982] 9pnet_virtio: no channels available for device syz
[  864.759153][ T5955] Bluetooth: hci0: command 0x0c1a tx timeout
[  864.761304][T12825] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  865.358494][T25014] vcan0: entered allmulticast mode
[  865.433367][T25019] __nla_validate_parse: 6 callbacks suppressed
[  865.433384][T25019] netlink: 28 bytes leftover after parsing attributes in process `syz.9.7435'.
[  865.805988][T25038] 9pnet_virtio: no channels available for device syz
[  865.813252][T25036] netlink: 1752 bytes leftover after parsing attributes in process `syz.8.7443'.
[  865.873132][T25043] netlink: 28 bytes leftover after parsing attributes in process `syz.8.7445'.
[  866.003207][T25048] netlink: 24 bytes leftover after parsing attributes in process `syz.8.7449'.
[  866.041114][T25048] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7449'.
[  866.124834][T25056] netlink: 'syz.6.7452': attribute type 1 has an invalid length.
[  866.151278][T25056] 8021q: adding VLAN 0 to HW filter on device bond4
[  866.159793][T25056] vlan3: entered allmulticast mode
[  866.161519][T25056] bond4: entered allmulticast mode
[  866.171260][T25056] bond4: (slave geneve3): making interface the new active one
[  866.173719][T25056] geneve3: entered allmulticast mode
[  866.176520][T25056] bond4: (slave geneve3): Enslaving as an active interface with an up link
[  866.269946][   T40] kauditd_printk_skb: 31 callbacks suppressed
[  866.269960][   T40] audit: type=1400 audit(1775598015.162:123713): avc:  denied  { connect } for  pid=25064 comm="syz.7.7457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  866.823089][ T5955] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  866.852469][   T40] audit: type=1400 audit(1775598015.742:123714): avc:  denied  { shutdown } for  pid=25083 comm="syz.9.7465" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  866.852602][T25084] netlink: 12 bytes leftover after parsing attributes in process `syz.9.7465'.
[  866.888740][T25088] CUSE: unknown device info ""
[  866.890384][T25088] CUSE: zero length info key specified
[  866.931779][   T40] audit: type=1400 audit(1775598015.822:123715): avc:  denied  { setattr } for  pid=25083 comm="syz.9.7465" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  867.029392][T25094] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[  867.033719][T25094] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7468'.
[  867.036950][   T40] audit: type=1326 audit(1775598015.922:123716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25095 comm="syz.7.7469" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fde0739c819 code=0x0
[  867.045095][T25094] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7468'.
[  867.147725][T12825] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  867.153302][T12825] Bluetooth: hci0: command 0x0c1a tx timeout
[  867.397769][T25121] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(8)
[  867.400564][T25121] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  867.406066][T25121] vhci_hcd vhci_hcd.0: Device attached
[  867.688243][   T49] usb 56-1: SetAddress Request (2) to port 0
[  867.690695][   T49] usb 56-1: new SuperSpeed USB device number 2 using vhci_hcd
[  867.997392][   T40] audit: type=1400 audit(1775598016.882:123717): avc:  denied  { write } for  pid=25162 comm="syz.7.7494" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  868.000834][T25163] random: crng reseeded on system resumption
[  868.015902][   T40] audit: type=1400 audit(1775598016.892:123718): avc:  denied  { open } for  pid=25162 comm="syz.7.7494" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  868.067877][   T40] audit: type=1400 audit(1775598016.952:123719): avc:  denied  { firmware_load } for  pid=25162 comm="syz.7.7494" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  868.135025][T25131] vhci_hcd: connection reset by peer
[  868.139050][T25163] syz.7.7494 (25163) used greatest stack depth: 16568 bytes left
[  868.139965][   T40] audit: type=1326 audit(1775598017.032:123720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25162 comm="syz.7.7494" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fde0739c819 code=0x0
[  868.152978][T25168] netlink: 'syz.6.7496': attribute type 3 has an invalid length.
[  868.159682][T23505] vhci_hcd vhci_hcd.9: stop threads
[  868.163033][T23505] vhci_hcd vhci_hcd.9: release socket
[  868.166016][T23505] vhci_hcd vhci_hcd.9: disconnect device
[  868.314477][T25176] 9pnet_virtio: no channels available for device syz
[  868.810526][T25193] netlink: 'syz.8.7508': attribute type 1 has an invalid length.
[  868.838728][T25193] netlink: 28 bytes leftover after parsing attributes in process `syz.8.7508'.
[  868.852867][T25193] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7508'.
[  868.856723][T25193] netdevsim netdevsim8: Firmware load for './file0/../file0/file0' refused, path contains '..' component
[  868.902596][   T40] audit: type=1400 audit(1775598017.792:123721): avc:  denied  { bind } for  pid=25196 comm="syz.8.7510" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  869.154078][    C2] vcan0: j1939_tp_rxtimer: 0xffff888036a5b000: rx timeout, send abort
[  869.168199][   T40] audit: type=1400 audit(1775598018.062:123722): avc:  denied  { read } for  pid=5325 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  869.469672][T25215] openvswitch: netlink: Key 12 has unexpected len 4 expected 2
[  869.642978][T25221] Cannot find del_set index 4 as target
[  869.654145][    C2] vcan0: j1939_tp_rxtimer: 0xffff888036a5bc00: rx timeout, send abort
[  869.659718][    C2] vcan0: j1939_tp_rxtimer: 0xffff888036a5b000: abort rx timeout. Force session deactivation
[  870.066174][T25259] dummy0: entered allmulticast mode
[  870.073916][T25258] dummy0: left allmulticast mode
[  870.157508][    C2] vcan0: j1939_tp_rxtimer: 0xffff888036a5bc00: abort rx timeout. Force session deactivation
[  870.293205][T22986] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  870.303942][T22986] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  870.305301][T25276] FAULT_INJECTION: forcing a failure.
[  870.305301][T25276] name failslab, interval 1, probability 0, space 0, times 0
[  870.311446][T25276] CPU: 0 UID: 0 PID: 25276 Comm: syz.9.7540 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  870.311467][T25276] Tainted: [L]=SOFTLOCKUP
[  870.311471][T25276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  870.311479][T25276] Call Trace:
[  870.311532][T25276]  <TASK>
[  870.311537][T25276]  dump_stack_lvl+0x100/0x190
[  870.311846][T25276]  should_fail_ex.cold+0x5/0xa
[  870.311927][T25276]  ? tomoyo_realpath_from_path+0xb6/0x690
[  870.312098][T25276]  should_failslab+0xc2/0x120
[  870.312207][T25276]  __kmalloc_noprof+0xe0/0x850
[  870.312230][T25276]  tomoyo_realpath_from_path+0xb6/0x690
[  870.312252][T25276]  tomoyo_path_number_perm+0x23c/0x580
[  870.312268][T25276]  ? tomoyo_path_number_perm+0x22e/0x580
[  870.312285][T25276]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  870.312316][T25276]  ? find_held_lock+0x2b/0x80
[  870.312362][T25276]  ? __fget_files+0x215/0x3d0
[  870.312375][T25276]  ? hook_file_ioctl_common+0x146/0x410
[  870.312394][T25276]  ? __fget_files+0x21f/0x3d0
[  870.312410][T25276]  security_file_ioctl+0xd3/0x230
[  870.312429][T25276]  __x64_sys_ioctl+0xb7/0x210
[  870.312449][T25276]  do_syscall_64+0x106/0xf80
[  870.312657][T25276]  ? clear_bhb_loop+0x40/0x90
[  870.312673][T25276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.312689][T25276] RIP: 0033:0x7f3751d9c819
[  870.312704][T25276] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  870.312718][T25276] RSP: 002b:00007f3752bf4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  870.312774][T25276] RAX: ffffffffffffffda RBX: 00007f3752015fa0 RCX: 00007f3751d9c819
[  870.312785][T25276] RDX: 0000200000000100 RSI: 000000004040aea0 RDI: 0000000000000005
[  870.312796][T25276] RBP: 00007f3752bf4090 R08: 0000000000000000 R09: 0000000000000000
[  870.312806][T25276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  870.312816][T25276] R13: 00007f3752016038 R14: 00007f3752015fa0 R15: 00007fff4f592c08
[  870.312839][T25276]  </TASK>
[  870.312848][T25276] ERROR: Out of memory at tomoyo_realpath_from_path.
[  870.317517][T22986] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  870.417476][T22986] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  870.441376][T22986] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  870.527198][ T5955] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  870.527429][T22986] Bluetooth: hci0: command 0x0c1a tx timeout
[  870.562369][T25282] kvm: kvm [25281]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x3ffeb7
[  870.579265][T25282] netlink: 'syz.9.7542': attribute type 8 has an invalid length.
[  870.603615][   T13] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  870.706116][   T13] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  870.795035][T25294] program syz.9.7545 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  870.800033][T25277] chnl_net:caif_netlink_parms(): no params data found
[  870.859540][   T13] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  870.954369][T25306] lo speed is unknown, defaulting to 1000
[  870.965815][T25277] bridge0: port 1(bridge_slave_0) entered blocking state
[  870.969152][T25277] bridge0: port 1(bridge_slave_0) entered disabled state
[  870.972321][T25277] bridge_slave_0: entered allmulticast mode
[  870.977023][T25277] bridge_slave_0: entered promiscuous mode
[  870.982037][T25277] bridge0: port 2(bridge_slave_1) entered blocking state
[  870.984891][T25277] bridge0: port 2(bridge_slave_1) entered disabled state
[  870.989018][T25277] bridge_slave_1: entered allmulticast mode
[  870.993241][T25277] bridge_slave_1: entered promiscuous mode
[  871.005305][T25311] x_tables: ip6_tables: CT target: only valid in raw table, not syz1
[  871.031016][   T13] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  871.044180][T25306] lo speed is unknown, defaulting to 1000
[  871.048589][T25277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  871.052500][T25306] lo speed is unknown, defaulting to 1000
[  871.053924][T25277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  871.116763][T25277] team0: Port device team_slave_0 added
[  871.124206][T25277] team0: Port device team_slave_1 added
[  871.166460][T25277] batman_adv: batadv0: Adding interface: batadv_slave_0
[  871.169857][T25277] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  871.181322][T25277] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  871.191371][T25277] batman_adv: batadv0: Adding interface: batadv_slave_1
[  871.194298][T25277] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  871.201703][T25306] infiniband lyz2: set active
[  871.206085][T25277] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  871.210205][T25306] infiniband lyz2: added lo
[  871.220615][ T6038] lo speed is unknown, defaulting to 1000
[  871.281238][T25306] RDS/IB: lyz2: added
[  871.283230][T25306] smc: adding ib device lyz2 with port count 1
[  871.285827][T25306] smc:    ib device lyz2 port 1 has no pnetid
[  871.292065][T20257] lo speed is unknown, defaulting to 1000
[  871.310310][T25277] hsr_slave_0: entered promiscuous mode
[  871.313386][T25277] hsr_slave_1: entered promiscuous mode
[  871.319262][T25306] lo speed is unknown, defaulting to 1000
[  871.345740][   T13] bridge_slave_1: left allmulticast mode
[  871.348958][   T13] bridge_slave_1: left promiscuous mode
[  871.353452][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  871.360823][   T13] bridge_slave_0: left allmulticast mode
[  871.362749][   T13] bridge_slave_0: left promiscuous mode
[  871.366061][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  871.534967][   T13] bond4 (unregistering): (slave geneve3): Releasing active interface
[  871.538385][   T13] geneve3 (unregistering): left allmulticast mode
[  871.557846][   T13] team0: Port device geneve0 removed
[  871.712426][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  871.719574][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  871.723971][   T13] bond0 (unregistering): Released all slaves
[  871.730933][   T13] bond1 (unregistering): Released all slaves
[  871.743373][   T13] bond2 (unregistering): (slave veth3): Releasing backup interface
[  871.748825][   T13] bond2 (unregistering): Released all slaves
[  871.760045][   T13] bond3 (unregistering): Released all slaves
[  871.775435][   T13] bond4 (unregistering): Released all slaves
[  871.819638][T25306] lo speed is unknown, defaulting to 1000
[  872.037103][T25334] __nla_validate_parse: 4 callbacks suppressed
[  872.037118][T25334] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7556'.
[  872.049494][   T13] tipc: Left network mode
[  872.108117][T25306] lo speed is unknown, defaulting to 1000
[  872.315602][T25306] lo speed is unknown, defaulting to 1000
[  872.508096][ T5955] Bluetooth: hci4: command tx timeout
[  872.627200][T25306] lo speed is unknown, defaulting to 1000
[  872.667799][T22986] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  872.677352][T22986] Bluetooth: hci0: command 0x0c1a tx timeout
[  872.743684][   T40] kauditd_printk_skb: 17 callbacks suppressed
[  872.743695][   T40] audit: type=1400 audit(1775598021.632:123740): avc:  denied  { append } for  pid=25368 comm="syz.8.7562" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  872.757357][   T49] usb 56-1: device descriptor read/8, error -110
[  872.818737][T25306] lo speed is unknown, defaulting to 1000
[  872.821083][T25376] 9pnet_virtio: no channels available for device syz
[  872.851419][   T40] audit: type=1400 audit(1775598021.742:123741): avc:  denied  { nlmsg_read } for  pid=25375 comm="syz.8.7563" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  872.982931][T25306] lo speed is unknown, defaulting to 1000
[  873.148250][   T49] usb usb56-port1: attempt power cycle
[  873.254088][   T13] hsr_slave_0: left promiscuous mode
[  873.257451][   T13] hsr_slave_1: left promiscuous mode
[  873.260019][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  873.263395][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  873.266381][   T13] batman_adv: batadv0: Interface deactivated: dummy0
[  873.276296][   T13] batman_adv: batadv0: Removing interface: dummy0
[  873.491694][   T40] audit: type=1400 audit(1775598022.382:123742): avc:  denied  { append } for  pid=25402 comm="syz.7.7573" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  873.509817][   T13] team0 (unregistering): Port device team_slave_1 removed
[  873.529221][   T13] team0 (unregistering): Port device team_slave_0 removed
[  873.705318][T25277] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  873.714846][T25277] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  873.723442][T25277] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  873.735652][T25277] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  873.744322][T25414] netlink: 'syz.7.7576': attribute type 10 has an invalid length.
[  873.795579][   T49] usb usb56-port1: unable to enumerate USB device
[  873.912409][T25277] 8021q: adding VLAN 0 to HW filter on device bond0
[  873.920460][T25410] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  873.923674][T25277] 8021q: adding VLAN 0 to HW filter on device team0
[  873.941502][   T79] bridge0: port 1(bridge_slave_0) entered blocking state
[  873.944159][   T79] bridge0: port 1(bridge_slave_0) entered forwarding state
[  873.958174][   T79] bridge0: port 2(bridge_slave_1) entered blocking state
[  873.961070][   T79] bridge0: port 2(bridge_slave_1) entered forwarding state
[  874.134605][T25277] 8021q: adding VLAN 0 to HW filter on device batadv0
[  874.211734][   T40] audit: type=1400 audit(1775598023.102:123743): avc:  denied  { write } for  pid=25423 comm="syz.7.7577" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  874.237234][   T40] audit: type=1400 audit(1775598023.112:123744): avc:  denied  { write } for  pid=25423 comm="syz.7.7577" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  874.554025][T25277] veth0_vlan: entered promiscuous mode
[  874.564260][T25277] veth1_vlan: entered promiscuous mode
[  874.589715][T22986] Bluetooth: hci4: command tx timeout
[  874.604240][T25277] veth0_macvtap: entered promiscuous mode
[  874.611051][T25277] veth1_macvtap: entered promiscuous mode
[  874.623376][T25277] batman_adv: batadv0: Interface activated: batadv_slave_0
[  874.632377][T25277] batman_adv: batadv0: Interface activated: batadv_slave_1
[  874.642987][T23505] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  874.646822][T23505] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  874.651366][T23505] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  874.654301][T23505] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  874.736219][  T250] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  874.740373][  T250] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  874.758058][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  874.761035][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  874.769909][   T40] audit: type=1400 audit(1775598023.662:123745): avc:  denied  { mounton } for  pid=25277 comm="syz-executor" path="/syzkaller.5c3gug/syz-tmp" dev="sda1" ino=2052 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  874.778354][   T40] audit: type=1400 audit(1775598023.662:123746): avc:  denied  { mounton } for  pid=25277 comm="syz-executor" path="/syzkaller.5c3gug/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=145456 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  874.790997][   T40] audit: type=1400 audit(1775598023.682:123747): avc:  denied  { mounton } for  pid=25277 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2840 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  874.799992][   T40] audit: type=1400 audit(1775598023.682:123748): avc:  denied  { mount } for  pid=25277 comm="syz-executor" name="/" dev="gadgetfs" ino=10358 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  874.809918][   T40] audit: type=1400 audit(1775598023.682:123749): avc:  denied  { mount } for  pid=25277 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  875.077171][T24404] usb 11-1: new high-speed USB device number 35 using dummy_hcd
[  875.094103][T25462] libceph: secret too big 289
[  875.099628][T25462] sd 0:0:0:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x24 ascq=0x0
[  875.146508][T25465] netlink: 36 bytes leftover after parsing attributes in process `syz.7.7587'.
[  875.180546][T25470] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7589'.
[  875.253846][T25477] netlink: 'syz.7.7592': attribute type 2 has an invalid length.
[  875.257405][T25477] netlink: 68 bytes leftover after parsing attributes in process `syz.7.7592'.
[  875.267910][T24404] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  875.272529][T24404] usb 11-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  875.288455][T24404] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66
[  875.292444][T24404] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  875.293217][T25480] tmpfs: Too few inodes for current use
[  875.302597][T24404] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  875.306414][T24404] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  875.310867][T24404] usb 11-1: Product: syz
[  875.312777][T24404] usb 11-1: Manufacturer: syz
[  875.322954][T24404] cdc_wdm 11-1:1.0: skipping garbage
[  875.325254][T24404] cdc_wdm 11-1:1.0: skipping garbage
[  875.332119][T24404] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device
[  875.335409][T24404] cdc_wdm 11-1:1.0: Unknown control protocol
[  875.643351][T24404] usb 11-1: USB disconnect, device number 35
[  875.732451][T25506] 9pnet_virtio: no channels available for device syz
[  876.064748][T25520] 9pnet_virtio: no channels available for device syz
[  876.144560][   T34] hid (null): report_id 39664 is invalid
[  876.146710][   T34] hid (null): unknown global tag 0xf0
[  876.149267][T25528] netlink: 'syz.8.7612': attribute type 4 has an invalid length.
[  876.160175][   T34] hid-generic 0002:0005:0003.0007: report_id 39664 is invalid
[  876.163006][   T34] hid-generic 0002:0005:0003.0007: item 0 2 1 8 parsing failed
[  876.165817][   T34] hid-generic 0002:0005:0003.0007: probe with driver hid-generic failed with error -22
[  876.301120][T25540] ip6t_REJECT: ECHOREPLY is not supported
[  876.374345][T25546] tmpfs: User quota inode hardlimit too large.
[  876.377218][T25546] netlink: 24 bytes leftover after parsing attributes in process `syz.7.7619'.
[  876.607433][T20257] usb 11-1: new low-speed USB device number 36 using dummy_hcd
[  876.677213][ T5955] Bluetooth: hci4: command tx timeout
[  876.770008][T25560] syzkaller0: entered promiscuous mode
[  876.772371][T25560] syzkaller0: entered allmulticast mode
[  876.789347][T20257] usb 11-1: unable to get BOS descriptor or descriptor too short
[  876.798265][T20257] usb 11-1: config 8 has an invalid interface number: 198 but max is 0
[  876.802082][T20257] usb 11-1: config 8 has no interface number 0
[  876.817155][T20257] usb 11-1: config 8 interface 198 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 8
[  876.825044][T20257] usb 11-1: string descriptor 0 read error: -22
[  876.828586][T20257] usb 11-1: New USB device found, idVendor=1430, idProduct=6cdc, bcdDevice=85.cc
[  876.832687][T20257] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.845985][T25542] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  877.051653][T20257] usb 11-1: USB disconnect, device number 36
[  877.067358][ T5955] Bluetooth: hci0: command 0x0c1a tx timeout
[  877.067451][T22986] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  877.107602][T10224] hid-generic 0000:0000:3FF20800.0008: unknown main item tag 0x6
[  877.110150][T10224] hid-generic 0000:0000:3FF20800.0008: unknown main item tag 0x0
[  877.112793][T10224] hid-generic 0000:0000:3FF20800.0008: unknown main item tag 0x0
[  877.115168][T10224] hid-generic 0000:0000:3FF20800.0008: unknown main item tag 0x0
[  877.127398][T10224] hid-generic 0000:0000:3FF20800.0008: unknown main item tag 0x0
[  877.129940][T10224] hid-generic 0000:0000:3FF20800.0008: unknown main item tag 0x0
[  877.132436][T10224] hid-generic 0000:0000:3FF20800.0008: unknown main item tag 0x0
[  877.135283][T10224] hid-generic 0000:0000:3FF20800.0008: unknown main item tag 0x0
[  877.139772][T25582] fuse: Unknown parameter 'bond0'
[  877.141252][T10224] hid-generic 0000:0000:3FF20800.0008: unknown main item tag 0x0
[  877.145277][T10224] hid-generic 0000:0000:3FF20800.0008: unknown main item tag 0x0
[  877.179159][T10224] hid-generic 0000:0000:3FF20800.0008: hidraw1: <UNKNOWN> HID v7443c1.72 Device [syz1] on syz0
[  877.208402][T25586] Cannot find add_set index 128 as target
[  877.210705][T25584] mkiss: ax0: crc mode is auto.
[  877.227948][T25587] fido_id[25587]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  877.320119][T25595] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7639'.
[  877.479550][ T1130] sr 2:0:0:0: [sr0] tag#27 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  877.482777][ T1130] sr 2:0:0:0: [sr0] tag#27 Sense Key : Illegal Request [current] 
[  877.485420][ T1130] sr 2:0:0:0: [sr0] tag#27 Add. Sense: Invalid command operation code
[  877.488298][ T1130] sr 2:0:0:0: [sr0] tag#27 CDB: Write(10) 2a 00 00 00 00 00 00 00 02 00
[  877.491203][ T1130] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2
[  877.494815][ T1130] Buffer I/O error on dev sr0, logical block 0, lost async page write
[  877.807402][T25622] FAULT_INJECTION: forcing a failure.
[  877.807402][T25622] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  877.812157][T25622] CPU: 2 UID: 0 PID: 25622 Comm: syz.6.7651 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  877.812177][T25622] Tainted: [L]=SOFTLOCKUP
[  877.812181][T25622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  877.812188][T25622] Call Trace:
[  877.812236][T25622]  <TASK>
[  877.812242][T25622]  dump_stack_lvl+0x100/0x190
[  877.812508][T25622]  should_fail_ex.cold+0x5/0xa
[  877.812582][T25622]  _copy_from_user+0x2e/0xd0
[  877.812695][T25622]  do_handle_open+0xeb/0xce0
[  877.812798][T25622]  ? __fget_files+0x21f/0x3d0
[  877.812812][T25622]  ? __pfx_do_handle_open+0x10/0x10
[  877.812829][T25622]  ? ksys_write+0x1ac/0x250
[  877.812845][T25622]  ? do_syscall_64+0x106/0xf80
[  877.813048][T25622]  do_syscall_64+0x106/0xf80
[  877.813062][T25622]  ? clear_bhb_loop+0x40/0x90
[  877.813086][T25622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.813101][T25622] RIP: 0033:0x7f23b199c819
[  877.813116][T25622] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  877.813131][T25622] RSP: 002b:00007f23b28cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[  877.813199][T25622] RAX: ffffffffffffffda RBX: 00007f23b1c15fa0 RCX: 00007f23b199c819
[  877.813210][T25622] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000008
[  877.813219][T25622] RBP: 00007f23b28cd090 R08: 0000000000000000 R09: 0000000000000000
[  877.813228][T25622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  877.813239][T25622] R13: 00007f23b1c16038 R14: 00007f23b1c15fa0 R15: 00007fffffb53488
[  877.813262][T25622]  </TASK>
[  877.872288][   T40] kauditd_printk_skb: 26 callbacks suppressed
[  877.872298][   T40] audit: type=1400 audit(1775598026.762:123776): avc:  denied  { create } for  pid=25619 comm="syz.9.7650" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  877.873316][T20257] usb 13-1: new high-speed USB device number 7 using dummy_hcd
[  877.875547][   T40] audit: type=1400 audit(1775598026.762:123777): avc:  denied  { setopt } for  pid=25619 comm="syz.9.7650" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  877.891061][   T40] audit: type=1400 audit(1775598026.762:123778): avc:  denied  { write } for  pid=25619 comm="syz.9.7650" path="socket:[146777]" dev="sockfs" ino=146777 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  878.038051][T20257] usb 13-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  878.041981][T20257] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  878.046328][T20257] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  878.048468][T25631] FAULT_INJECTION: forcing a failure.
[  878.048468][T25631] name failslab, interval 1, probability 0, space 0, times 0
[  878.049943][T20257] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  878.053882][T25631] CPU: 0 UID: 0 PID: 25631 Comm: syz.6.7655 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  878.053901][T25631] Tainted: [L]=SOFTLOCKUP
[  878.053905][T25631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  878.053913][T25631] Call Trace:
[  878.053918][T25631]  <TASK>
[  878.053923][T25631]  dump_stack_lvl+0x100/0x190
[  878.053950][T25631]  should_fail_ex.cold+0x5/0xa
[  878.053966][T25631]  ? tomoyo_encode2+0xfb/0x3c0
[  878.054035][T25631]  should_failslab+0xc2/0x120
[  878.054049][T25631]  __kmalloc_noprof+0xe0/0x850
[  878.054085][T25631]  tomoyo_encode2+0xfb/0x3c0
[  878.054108][T25631]  tomoyo_encode+0x29/0x50
[  878.054126][T25631]  tomoyo_realpath_from_path+0x18c/0x690
[  878.054153][T25631]  tomoyo_path_number_perm+0x23c/0x580
[  878.054169][T25631]  ? tomoyo_path_number_perm+0x22e/0x580
[  878.054186][T25631]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  878.054217][T25631]  ? find_held_lock+0x2b/0x80
[  878.054274][T25631]  ? __fget_files+0x215/0x3d0
[  878.054287][T25631]  ? hook_file_ioctl_common+0x146/0x410
[  878.054303][T25631]  ? __fget_files+0x21f/0x3d0
[  878.054318][T25631]  security_file_ioctl+0xd3/0x230
[  878.054337][T25631]  __x64_sys_ioctl+0xb7/0x210
[  878.054355][T25631]  do_syscall_64+0x106/0xf80
[  878.054367][T25631]  ? clear_bhb_loop+0x40/0x90
[  878.054382][T25631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.054394][T25631] RIP: 0033:0x7f23b199c819
[  878.054404][T25631] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  878.054415][T25631] RSP: 002b:00007f23b28cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  878.054427][T25631] RAX: ffffffffffffffda RBX: 00007f23b1c15fa0 RCX: 00007f23b199c819
[  878.054434][T25631] RDX: 0000200000000100 RSI: 000000004040aea0 RDI: 0000000000000005
[  878.054441][T25631] RBP: 00007f23b28cd090 R08: 0000000000000000 R09: 0000000000000000
[  878.054448][T25631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  878.054454][T25631] R13: 00007f23b1c16038 R14: 00007f23b1c15fa0 R15: 00007fffffb53488
[  878.054469][T25631]  </TASK>
[  878.054531][T25631] ERROR: Out of memory at tomoyo_realpath_from_path.
[  878.059703][T20257] usb 13-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  878.140257][T20257] usb 13-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  878.143177][T20257] usb 13-1: Manufacturer: syz
[  878.148260][T20257] usb 13-1: config 0 descriptor??
[  878.394035][T25649] bridge0: port 2(bridge_slave_1) entered disabled state
[  878.397504][T25649] bridge0: port 1(bridge_slave_0) entered disabled state
[  878.444240][T25649] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  878.450791][T25649] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  878.498890][T24445] lo speed is unknown, defaulting to 1000
[  878.501014][T24445] lyz2: Port: 1 Link DOWN
[  878.507218][   T79] netdevsim netdevsim7 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  878.511374][   T79] netdevsim netdevsim7 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  878.514834][T24445] lo speed is unknown, defaulting to 1000
[  878.514892][   T79] netdevsim netdevsim7 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  878.520712][   T79] netdevsim netdevsim7 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  878.574172][T20257] appleir 0003:05AC:8243.0009: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.8-1/input0
[  878.674199][T25668] netlink: 1688 bytes leftover after parsing attributes in process `syz.9.7671'.
[  878.744961][T25675] netlink: 48 bytes leftover after parsing attributes in process `syz.9.7674'.
[  878.749600][T25675] netlink: 48 bytes leftover after parsing attributes in process `syz.9.7674'.
[  878.759098][T12825] Bluetooth: hci4: command tx timeout
[  878.777318][T24407] usb 11-1: new full-speed USB device number 37 using dummy_hcd
[  878.792792][T25677] 9pnet_virtio: no channels available for device syz
[  878.842127][T25606] SELinux: syz.8.7644 (25606) set checkreqprot to 1. This is no longer supported.
[  878.843494][T25679] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[  878.850222][T25679] overlayfs: missing 'lowerdir'
[  878.854100][   T40] audit: type=1400 audit(1775598027.732:123779): avc:  denied  { setcheckreqprot } for  pid=25605 comm="syz.8.7644" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  878.867556][T25681] sp0: Synchronizing with TNC
[  878.873420][T25680] [U] è
[  878.917387][T24407] usb 11-1: device descriptor read/64, error -71
[  879.055874][   T87] tipc: Subscription rejected, illegal request
[  879.065152][T20257] usb 13-1: USB disconnect, device number 7
[  879.187208][T24407] usb 11-1: new full-speed USB device number 38 using dummy_hcd
[  879.206064][T25699] netlink: 'syz.7.7682': attribute type 72 has an invalid length.
[  879.246172][T25702] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  879.292492][   T40] audit: type=1400 audit(1775598028.182:123780): avc:  denied  { unmount } for  pid=20379 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  879.317210][T24407] usb 11-1: device descriptor read/64, error -71
[  879.437243][T24407] usb usb11-port1: attempt power cycle
[  879.553420][T25716] netlink: 36 bytes leftover after parsing attributes in process `syz.7.7689'.
[  879.559048][   T40] audit: type=1400 audit(1775598028.452:123781): avc:  denied  { ioctl } for  pid=25715 comm="syz.7.7689" path="/dev/vhost-vsock" dev="devtmpfs" ino=1301 ioctlcmd=0xaf84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  879.627270][ T5955] Bluetooth: hci0: command 0x0c1a tx timeout
[  879.632724][T22986] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  879.774850][T25725] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7693'.
[  879.798201][T24407] usb 11-1: new full-speed USB device number 39 using dummy_hcd
[  879.818145][T24407] usb 11-1: device descriptor read/8, error -71
[  880.057426][T24407] usb 11-1: new full-speed USB device number 40 using dummy_hcd
[  880.077649][T24407] usb 11-1: device descriptor read/8, error -71
[  880.175208][T25737] netlink: 'syz.9.7697': attribute type 72 has an invalid length.
[  880.188241][T24407] usb usb11-port1: unable to enumerate USB device
[  880.398337][   T40] audit: type=1400 audit(1775598029.292:123782): avc:  denied  { append } for  pid=25745 comm="syz.9.7701" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  880.399984][T25746] program syz.9.7701 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  880.416197][T25746] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[  880.421816][T25746] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  880.520696][T25756] tipc: Started in network mode
[  880.522542][T25756] tipc: Node identity 4a77c58bc377, cluster identity 4711
[  880.525378][T25756] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  880.548570][T25756] syzkaller0: entered promiscuous mode
[  880.550438][T25756] syzkaller0: entered allmulticast mode
[  880.553105][T25756] tipc: Resetting bearer <eth:syzkaller0>
[  880.566007][T25754] tipc: Resetting bearer <eth:syzkaller0>
[  881.629130][T25762] binder: 25761:25762 unknown command 0
[  881.631601][T25762] binder: 25761:25762 ioctl c0306201 200000000080 returned -22
[  881.637012][T25762] binder: 25761:25762 ioctl 40026f33 200000000480 returned -22
[  881.641887][T25762] tipc: Trying to set illegal importance in message
[  881.696057][T25764] netlink: 1752 bytes leftover after parsing attributes in process `syz.6.7708'.
[  882.094228][T25754] tipc: Disabling bearer <eth:syzkaller0>
[  882.101406][T24436] tipc: Node number set to 2298529163
[  882.187308][ T5955] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  882.187874][T22986] Bluetooth: hci0: command 0x0c1a tx timeout
[  882.213574][T25776] 9pnet_virtio: no channels available for device syz
[  882.254898][T25784] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7719'.
[  882.261148][   T40] audit: type=1400 audit(1775598031.152:123783): avc:  denied  { read } for  pid=25783 comm="syz.8.7719" name="event0" dev="devtmpfs" ino=941 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  882.267386][T25784] netlink: 1752 bytes leftover after parsing attributes in process `syz.8.7719'.
[  882.269051][   T40] audit: type=1400 audit(1775598031.152:123784): avc:  denied  { open } for  pid=25783 comm="syz.8.7719" path="/dev/input/event0" dev="devtmpfs" ino=941 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  882.283590][   T40] audit: type=1400 audit(1775598031.152:123785): avc:  denied  { ioctl } for  pid=25783 comm="syz.8.7719" path="/dev/input/event0" dev="devtmpfs" ino=941 ioctlcmd=0x4518 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  882.367918][T25797] batadv_slave_1: entered promiscuous mode
[  882.382410][T25796] batadv_slave_1: left promiscuous mode
[  882.494441][T25811] 9pnet_virtio: no channels available for device syz
[  882.697163][T20256] usb 13-1: new high-speed USB device number 8 using dummy_hcd
[  882.885112][T20256] usb 13-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  882.889022][T20256] usb 13-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  882.893471][T20256] usb 13-1: config 1 has 1 interface, different from the descriptor's value: 66
[  882.897393][T20256] usb 13-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  882.903902][T20256] usb 13-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  882.905327][T25825] 9pnet_virtio: no channels available for device syz
[  882.909328][T20256] usb 13-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  882.915886][T20256] usb 13-1: Product: syz
[  882.917799][T20256] usb 13-1: Manufacturer: syz
[  882.937653][T20256] cdc_wdm 13-1:1.0: skipping garbage
[  882.939924][T20256] cdc_wdm 13-1:1.0: skipping garbage
[  882.945670][T20256] cdc_wdm 13-1:1.0: cdc-wdm0: USB WDM device
[  882.948458][T20256] cdc_wdm 13-1:1.0: Unknown control protocol
[  883.248918][T25824] nbd0: detected capacity change from 0 to 127
[  883.250754][T20256] usb 13-1: USB disconnect, device number 8
[  883.260339][ T7985] 
[  883.261220][ T7985] ======================================================
[  883.263679][ T7985] WARNING: possible circular locking dependency detected
[  883.265606][T25831] netlink: 44 bytes leftover after parsing attributes in process `syz.9.7736'.
[  883.265907][ T7985] syzkaller #0 Tainted: G             L     
[  883.271495][ T7985] ------------------------------------------------------
[  883.273795][ T7985] udevd/7985 is trying to acquire lock:
[  883.275585][ T7985] ffff88802c2a4470 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x428/0x1080
[  883.278587][ T7985] 
[  883.278587][ T7985] but task is already holding lock:
[  883.281082][ T7985] ffff888041dd8180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xba/0x1080
[  883.283998][ T7985] 
[  883.283998][ T7985] which lock already depends on the new lock.
[  883.283998][ T7985] 
[  883.287352][ T7985] 
[  883.287352][ T7985] the existing dependency chain (in reverse order) is:
[  883.290149][ T7985] 
[  883.290149][ T7985] -> #6 (&cmd->lock){+.+.}-{4:4}:
[  883.292472][ T7985]        __mutex_lock+0x1a2/0x1b90
[  883.294122][ T7985]        nbd_queue_rq+0xba/0x1080
[  883.295734][ T7985]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  883.297676][ T7985]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  883.300007][ T7985]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  883.302271][ T7985]        blk_mq_run_hw_queue+0x23c/0x670
[  883.304128][ T7985]        blk_mq_dispatch_list+0x51d/0x1360
[  883.305968][ T7985]        blk_mq_flush_plug_list+0x130/0x600
[  883.307902][ T7985]        __blk_flush_plug+0x2c4/0x4b0
[  883.309605][ T7985]        __submit_bio+0x584/0x6c0
[  883.311257][ T7985]        submit_bio_noacct_nocheck+0x562/0xc10
[  883.313351][ T7985]        submit_bio_noacct+0xd17/0x2010
[  883.315335][ T7985]        submit_bh_wbc+0x59c/0x770
[  883.317082][ T7985]        block_read_full_folio+0x264/0x8e0
[  883.318947][ T7985]        filemap_read_folio+0xfc/0x3b0
[  883.320679][ T7985]        do_read_cache_folio+0x2d7/0x6b0
[  883.322488][ T7985]        read_part_sector+0xd1/0x370
[  883.324182][ T7985]        adfspart_check_ICS+0x93/0x910
[  883.325913][ T7985]        bdev_disk_changed+0x7f8/0xc80
[  883.327918][ T7985]        blkdev_get_whole+0x187/0x290
[  883.329771][ T7985]        bdev_open+0x2c7/0xe40
[  883.331428][ T7985]        blkdev_open+0x34e/0x4f0
[  883.333186][ T7985]        do_dentry_open+0x6d8/0x1660
[  883.334896][ T7985]        vfs_open+0x82/0x3f0
[  883.336459][ T7985]        path_openat+0x208c/0x31a0
[  883.338319][ T7985]        do_file_open+0x20e/0x430
[  883.339944][ T7985]        do_sys_openat2+0x10d/0x1e0
[  883.341657][ T7985]        __x64_sys_openat+0x12d/0x210
[  883.343447][ T7985]        do_syscall_64+0x106/0xf80
[  883.345075][ T7985]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.347267][ T7985] 
[  883.347267][ T7985] -> #5 (set->srcu){.+.+}-{0:0}:
[  883.349854][ T7985]        __synchronize_srcu+0xa2/0x300
[  883.351709][ T7985]        blk_mq_quiesce_queue+0x149/0x1c0
[  883.353595][ T7985]        elevator_switch+0x17b/0x7e0
[  883.355278][ T7985]        elevator_change+0x352/0x530
[  883.356972][ T7985]        elevator_set_default+0x29e/0x360
[  883.358768][ T7985]        blk_register_queue+0x412/0x590
[  883.360523][ T7985]        __add_disk+0x73f/0xe40
[  883.362195][ T7985]        add_disk_fwnode+0x118/0x5c0
[  883.363981][ T7985]        nbd_dev_add+0x77a/0xb10
[  883.365659][ T7985]        nbd_init+0x291/0x2b0
[  883.367319][ T7985]        do_one_initcall+0x11d/0x760
[  883.369033][ T7985]        kernel_init_freeable+0x6e5/0x7a0
[  883.370868][ T7985]        kernel_init+0x1f/0x1e0
[  883.372542][ T7985]        ret_from_fork+0x754/0xd80
[  883.374185][ T7985]        ret_from_fork_asm+0x1a/0x30
[  883.375940][ T7985] 
[  883.375940][ T7985] -> #4 (&q->elevator_lock){+.+.}-{4:4}:
[  883.378608][ T7985]        __mutex_lock+0x1a2/0x1b90
[  883.380411][ T7985]        elevator_change+0x1bc/0x530
[  883.382212][ T7985]        elevator_set_none+0x92/0xf0
[  883.383928][ T7985]        blk_mq_update_nr_hw_queues+0x4c1/0x15f0
[  883.385939][ T7985]        nbd_start_device+0x1a6/0xbd0
[  883.387705][ T7985]        nbd_genl_connect+0xff2/0x1a40
[  883.389470][ T7985]        genl_family_rcv_msg_doit+0x214/0x300
[  883.391703][ T7985]        genl_rcv_msg+0x560/0x800
[  883.393459][ T7985]        netlink_rcv_skb+0x159/0x420
[  883.395268][ T7985]        genl_rcv+0x28/0x40
[  883.396768][ T7985]        netlink_unicast+0x5aa/0x870
[  883.398458][ T7985]        netlink_sendmsg+0x8b0/0xda0
[  883.400152][ T7985]        ____sys_sendmsg+0x9e1/0xb70
[  883.401959][ T7985]        ___sys_sendmsg+0x190/0x1e0
[  883.403605][ T7985]        __sys_sendmsg+0x170/0x220
[  883.405295][ T7985]        do_syscall_64+0x106/0xf80
[  883.407133][ T7985]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.409516][ T7985] 
[  883.409516][ T7985] -> #3 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[  883.412321][ T7985]        blk_alloc_queue+0x610/0x790
[  883.414091][ T7985]        blk_mq_alloc_queue+0x174/0x290
[  883.416048][ T7985]        __blk_mq_alloc_disk+0x29/0x120
[  883.418500][ T7985]        nbd_dev_add+0x492/0xb10
[  883.420198][ T7985]        nbd_init+0x291/0x2b0
[  883.421834][ T7985]        do_one_initcall+0x11d/0x760
[  883.423764][ T7985]        kernel_init_freeable+0x6e5/0x7a0
[  883.425575][ T7985]        kernel_init+0x1f/0x1e0
[  883.427204][ T7985]        ret_from_fork+0x754/0xd80
[  883.428847][ T7985]        ret_from_fork_asm+0x1a/0x30
[  883.430604][ T7985] 
[  883.430604][ T7985] -> #2 (fs_reclaim){+.+.}-{0:0}:
[  883.433243][ T7985]        fs_reclaim_acquire+0xc4/0x100
[  883.435193][ T7985]        kmem_cache_alloc_node_noprof+0x53/0x6f0
[  883.437255][ T7985]        __alloc_skb+0x140/0x710
[  883.438852][ T7985]        tcp_stream_alloc_skb+0x34/0x660
[  883.440691][ T7985]        tcp_sendmsg_locked+0x1396/0x45e0
[  883.442586][ T7985]        tcp_sendmsg+0x2e/0x50
[  883.444131][ T7985]        inet_sendmsg+0xb9/0x140
[  883.446203][ T7985]        sock_write_iter+0x4ea/0x5a0
[  883.448799][ T7985]        vfs_write+0x6ac/0x1070
[  883.450658][ T7985]        ksys_write+0x1f8/0x250
[  883.452433][ T7985]        do_syscall_64+0x106/0xf80
[  883.454070][ T7985]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.456092][ T7985] 
[  883.456092][ T7985] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}:
[  883.458525][ T7985]        lock_sock_nested+0x41/0xf0
[  883.460209][ T7985]        inet_shutdown+0x67/0x410
[  883.461824][ T7985]        nbd_mark_nsock_dead+0xae/0x5c0
[  883.463602][ T7985]        sock_shutdown+0x16b/0x200
[  883.465238][ T7985]        nbd_config_put+0x1eb/0x750
[  883.466996][ T7985]        nbd_release+0xb7/0x190
[  883.468606][ T7985]        blkdev_put_whole+0xb0/0xf0
[  883.470379][ T7985]        bdev_release+0x47f/0x6d0
[  883.472226][ T7985]        blkdev_release+0x15/0x20
[  883.473965][ T7985]        __fput+0x3ff/0xb40
[  883.475481][ T7985]        task_work_run+0x150/0x240
[  883.477160][ T7985]        exit_to_user_mode_loop+0x100/0x4a0
[  883.479062][ T7985]        do_syscall_64+0x67c/0xf80
[  883.480684][ T7985]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.482752][ T7985] 
[  883.482752][ T7985] -> #0 (&nsock->tx_lock){+.+.}-{4:4}:
[  883.485155][ T7985]        __lock_acquire+0x14b8/0x2630
[  883.486892][ T7985]        lock_acquire+0x1cf/0x380
[  883.488501][ T7985]        __mutex_lock+0x1a2/0x1b90
[  883.490174][ T7985]        nbd_queue_rq+0x428/0x1080
[  883.491918][ T7985]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  883.493955][ T7985]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  883.496253][ T7985]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  883.498484][ T7985]        blk_mq_run_hw_queue+0x23c/0x670
[  883.500299][ T7985]        blk_mq_dispatch_list+0x51d/0x1360
[  883.502324][ T7985]        blk_mq_flush_plug_list+0x130/0x600
[  883.504303][ T7985]        __blk_flush_plug+0x2c4/0x4b0
[  883.506021][ T7985]        __submit_bio+0x584/0x6c0
[  883.507694][ T7985]        submit_bio_noacct_nocheck+0x562/0xc10
[  883.509644][ T7985]        submit_bio_noacct+0xd17/0x2010
[  883.511363][ T7985]        submit_bh_wbc+0x59c/0x770
[  883.513032][ T7985]        block_read_full_folio+0x264/0x8e0
[  883.514963][ T7985]        filemap_read_folio+0xfc/0x3b0
[  883.516795][ T7985]        do_read_cache_folio+0x2d7/0x6b0
[  883.518697][ T7985]        read_part_sector+0xd1/0x370
[  883.520489][ T7985]        adfspart_check_ICS+0x93/0x910
[  883.522243][ T7985]        bdev_disk_changed+0x7f8/0xc80
[  883.523972][ T7985]        blkdev_get_whole+0x187/0x290
[  883.525672][ T7985]        bdev_open+0x2c7/0xe40
[  883.527253][ T7985]        blkdev_open+0x34e/0x4f0
[  883.528826][ T7985]        do_dentry_open+0x6d8/0x1660
[  883.530498][ T7985]        vfs_open+0x82/0x3f0
[  883.532022][ T7985]        path_openat+0x208c/0x31a0
[  883.533649][ T7985]        do_file_open+0x20e/0x430
[  883.535257][ T7985]        do_sys_openat2+0x10d/0x1e0
[  883.536903][ T7985]        __x64_sys_openat+0x12d/0x210
[  883.538603][ T7985]        do_syscall_64+0x106/0xf80
[  883.540241][ T7985]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.542368][ T7985] 
[  883.542368][ T7985] other info that might help us debug this:
[  883.542368][ T7985] 
[  883.545629][ T7985] Chain exists of:
[  883.545629][ T7985]   &nsock->tx_lock --> set->srcu --> &cmd->lock
[  883.545629][ T7985] 
[  883.549390][ T7985]  Possible unsafe locking scenario:
[  883.549390][ T7985] 
[  883.551846][ T7985]        CPU0                    CPU1
[  883.553674][ T7985]        ----                    ----
[  883.555551][ T7985]   lock(&cmd->lock);
[  883.556877][ T7985]                                lock(set->srcu);
[  883.558907][ T7985]                                lock(&cmd->lock);
[  883.560962][ T7985]   lock(&nsock->tx_lock);
[  883.562460][ T7985] 
[  883.562460][ T7985]  *** DEADLOCK ***
[  883.562460][ T7985] 
[  883.565088][ T7985] 3 locks held by udevd/7985:
[  883.567002][ T7985]  #0: ffff888028bb8358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  883.570628][ T7985]  #1: ffff88802827ef18 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x22e/0x670
[  883.573734][ T7985]  #2: ffff888041dd8180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xba/0x1080
[  883.576624][ T7985] 
[  883.576624][ T7985] stack backtrace:
[  883.578335][ T5959] block nbd0: Receive control failed (result -32)
[  883.578430][T12825] block nbd0: Receive control failed (result -32)
[  883.578559][ T7985] CPU: 2 UID: 0 PID: 7985 Comm: udevd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  883.578575][ T7985] Tainted: [L]=SOFTLOCKUP
[  883.578579][ T7985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  883.578586][ T7985] Call Trace:
[  883.578591][ T7985]  <TASK>
[  883.578596][ T7985]  dump_stack_lvl+0x100/0x190
[  883.578617][ T7985]  print_circular_bug.cold+0x178/0x1c7
[  883.578636][ T7985]  check_noncircular+0x146/0x160
[  883.578656][ T7985]  __lock_acquire+0x14b8/0x2630
[  883.578669][ T7985]  lock_acquire+0x1cf/0x380
[  883.578678][ T7985]  ? nbd_queue_rq+0x428/0x1080
[  883.578690][ T7985]  ? __pfx___might_resched+0x10/0x10
[  883.578705][ T7985]  __mutex_lock+0x1a2/0x1b90
[  883.578718][ T7985]  ? nbd_queue_rq+0x428/0x1080
[  883.578747][ T7985]  ? nbd_queue_rq+0x428/0x1080
[  883.578757][ T7985]  ? is_bpf_text_address+0x8a/0x1a0
[  883.578774][ T7985]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  883.578791][ T7985]  ? __pfx___mutex_lock+0x10/0x10
[  883.578802][ T7985]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  883.578817][ T7985]  ? is_bpf_text_address+0x94/0x1a0
[  883.578833][ T7985]  ? kernel_text_address+0x8d/0x100
[  883.578846][ T7985]  ? arch_stack_walk+0xa6/0xf0
[  883.578862][ T7985]  ? nbd_queue_rq+0x428/0x1080
[  883.578872][ T7985]  nbd_queue_rq+0x428/0x1080
[  883.578883][ T7985]  ? stack_trace_save+0x8e/0xc0
[  883.578899][ T7985]  ? __pfx_nbd_queue_rq+0x10/0x10
[  883.578910][ T7985]  ? add_lock_to_list+0x99/0x110
[  883.578926][ T7985]  ? lockdep_unlock+0x5a/0xc0
[  883.578940][ T7985]  ? __lock_acquire+0xd73/0x2630
[  883.578951][ T7985]  blk_mq_dispatch_rq_list+0x422/0x1e70
[  883.578971][ T7985]  ? sbitmap_get+0x1d7/0x360
[  883.578987][ T7985]  ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10
[  883.579003][ T7985]  ? __blk_mq_alloc_driver_tag+0x27a/0x7a0
[  883.579019][ T7985]  __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  883.579040][ T7985]  ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10
[  883.579058][ T7985]  blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  883.579072][ T7985]  blk_mq_run_hw_queue+0x23c/0x670
[  883.579086][ T7985]  ? blk_mq_run_hw_queue+0x22e/0x670
[  883.579099][ T7985]  blk_mq_dispatch_list+0x51d/0x1360
[  883.579115][ T7985]  ? __pfx_blk_mq_dispatch_list+0x10/0x10
[  883.579131][ T7985]  ? blk_add_trace_plug+0xf5/0x290
[  883.579144][ T7985]  blk_mq_flush_plug_list+0x130/0x600
[  883.579160][ T7985]  ? trace_block_plug+0x6e/0x240
[  883.579170][ T7985]  ? blk_add_rq_to_plug+0x30a/0x540
[  883.579185][ T7985]  ? __pfx_wbt_track+0x10/0x10
[  883.579197][ T7985]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[  883.579213][ T7985]  ? blk_mq_submit_bio+0x9aa/0x2bf0
[  883.579230][ T7985]  __blk_flush_plug+0x2c4/0x4b0
[  883.579245][ T7985]  ? __pfx___blk_flush_plug+0x10/0x10
[  883.579259][ T7985]  ? vfs_open+0x82/0x3f0
[  883.579272][ T7985]  ? path_openat+0x208c/0x31a0
[  883.579283][ T7985]  ? do_file_open+0x20e/0x430
[  883.579295][ T7985]  ? do_sys_openat2+0x10d/0x1e0
[  883.579308][ T7985]  ? __x64_sys_openat+0x12d/0x210
[  883.579322][ T7985]  ? do_syscall_64+0x106/0xf80
[  883.579333][ T7985]  __submit_bio+0x584/0x6c0
[  883.579346][ T7985]  ? __pfx___submit_bio+0x10/0x10
[  883.579362][ T7985]  ? submit_bio_noacct_nocheck+0x562/0xc10
[  883.579377][ T7985]  submit_bio_noacct_nocheck+0x562/0xc10
[  883.579393][ T7985]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[  883.579408][ T7985]  ? __pfx___might_resched+0x10/0x10
[  883.579420][ T7985]  ? bio_alloc_bioset+0x309/0x850
[  883.579432][ T7985]  submit_bio_noacct+0xd17/0x2010
[  883.579447][ T7985]  submit_bh_wbc+0x59c/0x770
[  883.579462][ T7985]  block_read_full_folio+0x264/0x8e0
[  883.579480][ T7985]  ? __pfx_blkdev_get_block+0x10/0x10
[  883.579495][ T7985]  ? __pfx_blkdev_read_folio+0x10/0x10
[  883.579509][ T7985]  filemap_read_folio+0xfc/0x3b0
[  883.579527][ T7985]  ? __pfx_filemap_read_folio+0x10/0x10
[  883.579544][ T7985]  do_read_cache_folio+0x2d7/0x6b0
[  883.579562][ T7985]  ? __pfx_blkdev_read_folio+0x10/0x10
[  883.579577][ T7985]  read_part_sector+0xd1/0x370
[  883.579591][ T7985]  adfspart_check_ICS+0x93/0x910
[  883.579604][ T7985]  ? snprintf+0xc7/0x100
[  883.579670][ T7985]  ? __pfx_snprintf+0x10/0x10
[  883.579685][ T7985]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  883.579697][ T7985]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  883.579712][ T7985]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  883.579726][ T7985]  bdev_disk_changed+0x7f8/0xc80
[  883.579741][ T7985]  ? __pfx_bdev_disk_changed+0x10/0x10
[  883.579756][ T7985]  blkdev_get_whole+0x187/0x290
[  883.579769][ T7985]  bdev_open+0x2c7/0xe40
[  883.579784][ T7985]  blkdev_open+0x34e/0x4f0
[  883.579800][ T7985]  do_dentry_open+0x6d8/0x1660
[  883.579810][ T7985]  ? __pfx_blkdev_open+0x10/0x10
[  883.579827][ T7985]  vfs_open+0x82/0x3f0
[  883.579841][ T7985]  path_openat+0x208c/0x31a0
[  883.579856][ T7985]  ? __pfx_path_openat+0x10/0x10
[  883.579870][ T7985]  do_file_open+0x20e/0x430
[  883.579883][ T7985]  ? __pfx_do_file_open+0x10/0x10
[  883.579900][ T7985]  ? alloc_fd+0x476/0x790
[  883.579914][ T7985]  ? do_getname+0x191/0x390
[  883.579929][ T7985]  do_sys_openat2+0x10d/0x1e0
[  883.579944][ T7985]  ? __pfx_do_sys_openat2+0x10/0x10
[  883.579958][ T7985]  ? __sys_recvmsg+0x18c/0x220
[  883.579977][ T7985]  ? __pfx___sys_recvmsg+0x10/0x10
[  883.579993][ T7985]  __x64_sys_openat+0x12d/0x210
[  883.580009][ T7985]  ? __pfx___x64_sys_openat+0x10/0x10
[  883.580026][ T7985]  do_syscall_64+0x106/0xf80
[  883.580039][ T7985]  ? clear_bhb_loop+0x40/0x90
[  883.580051][ T7985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.580063][ T7985] RIP: 0033:0x7f3ab4ca7407
[  883.580075][ T7985] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  883.580086][ T7985] RSP: 002b:00007ffef8b043a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  883.580098][ T7985] RAX: ffffffffffffffda RBX: 00007f3ab53c6880 RCX: 00007f3ab4ca7407
[  883.580106][ T7985] RDX: 00000000000a0800 RSI: 0000563edb5f6f70 RDI: ffffffffffffff9c
[  883.580113][ T7985] RBP: 0000563edb3b02c0 R08: 0000000000000000 R09: 0000000000000000
[  883.580120][ T7985] R10: 0000000000000000 R11: 0000000000000202 R12: 0000563edb5f1340
[  883.580127][ T7985] R13: 0000563edb5eb8d0 R14: 0000000000000000 R15: 0000563edb5f1340
[  883.580137][ T7985]  </TASK>
[  883.587146][ T5955] block nbd0: Receive control failed (result -32)
[  883.589573][ T7985] block nbd0: Send control failed (result -32)
[  883.808311][ T7985] block nbd0: Request send failed, requeueing
[  883.810433][ T5365] block nbd0: Dead connection, failed to find a fallback
[  883.812743][ T5365] block nbd0: shutting down sockets
[  883.814450][ T5365] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  883.817222][ T7985] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  883.817552][ T5365] Buffer I/O error on dev nbd0, logical block 0, async page read
[  883.820501][ T7985] Buffer I/O error on dev nbd0, logical block 1, async page read
[  883.825469][ T7985] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  883.829189][ T7985] Buffer I/O error on dev nbd0, logical block 2, async page read
[  883.831766][ T7985] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  883.834991][ T7985] Buffer I/O error on dev nbd0, logical block 3, async page read
[  883.838325][ T7985] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  883.841399][ T7985] Buffer I/O error on dev nbd0, logical block 0, async page read
[  883.843939][ T7985] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  883.847167][ T7985] Buffer I/O error on dev nbd0, logical block 1, async page read
[  883.849989][ T7985] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  883.853196][ T7985] Buffer I/O error on dev nbd0, logical block 2, async page read
[  883.856057][ T7985] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  883.860939][ T7985] Buffer I/O error on dev nbd0, logical block 3, async page read
[  883.863689][ T7985] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  883.866933][ T7985] Buffer I/O error on dev nbd0, logical block 0, async page read
[  883.869758][ T7985] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  883.872838][ T7985] Buffer I/O error on dev nbd0, logical block 1, async page read
[  883.875808][ T7985] ldm_validate_partition_table(): Disk read failed.
[  883.878356][ T7985] Dev nbd0: unable to read RDB block 0
[  883.880839][ T7985]  nbd0: unable to read partition table
[  883.888394][ T7985] ldm_validate_partition_table(): Disk read failed.
[  883.890847][ T7985] Dev nbd0: unable to read RDB block 0
[  883.892969][ T7985]  nbd0: unable to read partition table
[  885.147277][ T5955] Bluetooth: hci0: command 0x0c1a tx timeout
[  885.147326][T22986] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  888.349672][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  888.352312][ T1417] ieee802154 phy1 wpan1: encryption failed: -22