last executing test programs:

2m16.191651532s ago: executing program 1 (id=6143):
r0 = socket$inet6(0xa, 0x4, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000440)=""/257, &(0x7f0000000240)=0x101)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x400, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0f00000004000000080000000400000000000000", @ANYRES32, @ANYBLOB="000040000000000000006dad8c46668dffc8a1385ed9087c5f9851e806a89f037b3261e5a34fd1162e84a7f5b25c583554ec5e0020e619cd28a4f2f7210bdab803abd8b210f7997ce4bf5cbf97b27d62172531a04df54ec0d351a15c507b15f01905d28ce102d6ab7cf1d00adb18c7aac28758aa84891cc1be5e9ac0d3af5a24fe34ee644ffbd519852a9aa940902969969654185b58e37d031e487eda304bf1fad86b855c2efbb11d35dd61c56820fc31b21fe8eaa06fb5517ffc0edbad40b6841b56745d77b1b99b4062381a81b0389c07428fe78308103a6d96741e4d3ed310e5a19d25852619e0969e747c52ffa1a5afb3277789951ed1f0ab90053ff6f76fd43e8808c6e93fab0bb041ced85ef4efe758b9e3c5c5e4545b8890a2f7eb42745c7afad5", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r2, <r4=>0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000100)=r3}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000280)={r4, &(0x7f0000000040), 0x0}, 0x20)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000000100))
lsetxattr$security_selinux(&(0x7f0000000180)='.\x00', &(0x7f00000001c0), &(0x7f0000000200)='system_u:object_r:crond_var_run_t:s0\x00', 0x25, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x141080)
ioctl$VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x58595556, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}})
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000080)={0xf0f02a, 0x17})
ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000880)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
r8 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x48802)
ioctl$SCSI_IOCTL_SEND_COMMAND(r8, 0x1, &(0x7f00000002c0)=ANY=[@ANYRES8=0x0, @ANYRESDEC=r3, @ANYRES16=r6, @ANYRES8, @ANYRES8=r3])
r9 = dup(0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r9, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000001c0)="b9800000c00f3235000400000f30440f20c03508000000440f22c036646665f36526f20f22a5430f01c566ba4000edc4a39979250b00000008b9800000c00f3235010000000f30f245ab48b800000000000000800f23c00f21f83500000b000f23f8c481e57dcd", 0x67}], 0x1, 0x10, 0x0, 0x0)
ioctl$VT_RESIZE(r9, 0x5609, &(0x7f0000000380)={0x5, 0x6, 0x9})
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="100000004000090000fedbdf25000000"], 0x10}], 0x1}, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
getdents(r1, &(0x7f0000000000)=""/26, 0x1a)
r10 = socket$kcm(0xa, 0x3, 0x3a)
ioctl$sock_kcm_SIOCKCMUNATTACH(r10, 0x89e1, &(0x7f0000000480))
ioctl$RTC_ALM_READ(r9, 0x80247008, &(0x7f0000000340))
mount(&(0x7f00000000c0)=@sr0, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000140)='hfsplus\x00', 0x204001, 0x0)

2m16.031656807s ago: executing program 1 (id=6144):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x18, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010025bd700000000000070000000c00018005000200010000"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x8)

2m16.014713607s ago: executing program 1 (id=6145):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xc0041, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=@can_newroute={0x14c, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_MOD_XOR={0x15, 0x3, {{{}, 0x0, 0x0, 0x0, 0x0, "8ca5be073cff296e"}, 0x2}}, @CGW_CS_CRC8={0x11e, 0x6, {0x1, 0x4, 0x0, 0xfd, 0x1, "71ec6d721744cd5200080000f8cfcad4c4ec6511ec028c5028564abce83afe14c93e15e556c2baed7f897fe841c155a2b2a4b9f3052995cdf66a9c7922ff0300005b6c67281f1519cd7c32c2bf7563b9452575505da99ea128d37616896be8764a2c78edbad5bde7a5e405bdc893770338925f824bd24689c0d11a5568fc3aaa9ad0d7766d8ea8d3bf1006e3df494e2f373148ecb4adafdd39874e9808b118301f1e76054a64c6d243523f5de7b347f3b740e105d0ed18fae7289635301ebd8949268090b3bcd4cbed5f1cfe93cff41a9630802f96defe9e8ea850529827c5e301953a8abaafa1f121e590f74e28233f4129d4587eee87ec5d42c3ef0619022c", 0x0, "5c8d586b2a88d81866930fca15c8a95d29e5b2ea"}}]}, 0x14c}}, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)=0x93b4, 0x12)
mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000180)={0x4000, r2}, 0x0)
landlock_restrict_self(r3, 0x2)
landlock_restrict_self(r3, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000340)={0x3, 0x0, [{0xeeed9000, 0xb, &(0x7f00000002c0)=""/11}, {0xeeee8000, 0x1000, &(0x7f0000000800)=""/4096}, {0x5000, 0x1b, &(0x7f0000000300)=""/27}]})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000640)={'#! ', './file0'}, 0xb)
setsockopt$RDS_FREE_MR(r4, 0x114, 0x3, &(0x7f0000000100)={{0x88000000, 0x1000}, 0x44}, 0x10)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000140)=0x8001)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff})
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40002, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r6, 0x80045104, &(0x7f0000000040))
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000200)=0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x4c, 0x4c, 0x2, [@const={0x0, 0x0, 0x0, 0x9, 0x3}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}]}}, 0x0, 0x66}, 0x20)
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYRES16=r0, @ANYRESHEX=r5, @ANYRES32=0x0], 0xfdef)

2m15.386845056s ago: executing program 1 (id=6150):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000480), 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x28c81, 0x0)
ioctl$SNAPSHOT_ATOMIC_RESTORE(r3, 0x3304)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x28, r4, 0x5, 0x70bd2a, 0x3, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x7fff}]}]}, 0x28}}, 0x40840)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f00000004c0)={0x2c0, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x9, 0x34}}}}, [@NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="64484effa62ecea693ed8e169265726a1c396901cfbd5d36e4766b37be22ca33"}]}, @NL80211_ATTR_REKEY_DATA={0xa0, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="96b65ea50034ef3cecbbf27c540cfeb6"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="32234044c5a3c48f92652f5245e15aeeba2b52ca3b346137ab05171adadabd94"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x561}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x7f}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "58e1e973bbd07135"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="eb42db565a6803fbef732d7bcbf1fb33db99d2a1a508c085"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "dda46d46ee954dfd"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "79fb8609f0ec481d"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="4f06decce0696f590b0743591824a5e0"}]}, @NL80211_ATTR_REKEY_DATA={0x5c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="5f76288b788a1ed946233e8fab71b0ff6fe13712b8cb4bef800e17d9d32bda59"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "201fb697edf26177"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x648}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="75da53af04e51e69d52a6e09dff5f17d"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "c1c75946f1d3165e"}]}, @NL80211_ATTR_REKEY_DATA={0xc, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5}]}, @NL80211_ATTR_REKEY_DATA={0x58, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "65d1ae51ce8890a9"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="0f22a601d22c14859514122ebcac0dec"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "52af92a6d0beabcf"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="15b95d822c3d857faa9d88dbf365d2ae"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="80564fe1cd3991c1f1ae19d1e0da2ed5"}]}, @NL80211_ATTR_REKEY_DATA={0x78, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "43c2f9dbee0e1347"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="49c5eb94b10523395bfa659e264243b4"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "d5d1a3f87c1ca571"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="86e01e565bedbd2460d2bc23fa2c3977"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="5ab53553b71628df6cf3898de640f520"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "3a2249515dadd372"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="71f496cafd13a3545f2200fbc6b6b523"}]}, @NL80211_ATTR_REKEY_DATA={0x10, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "4481feeea219382b"}]}, @NL80211_ATTR_REKEY_DATA={0x88, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="3ce50ff153c48ba45abc8a215c567ac4"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="48016ba9680069a0c54abda2622b02b792f5f7f0ce10c21f100a2b5437a968ff"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x2}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="1d0ab9059a8a072d3617f0f1fd6103ca53fcd253aa62b93fac444745769d49a3"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "3586241a2259cc6c"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="f49767d6c557995a1ddc874cffa9e39b"}]}]}, 0x2c0}, 0x1, 0x0, 0x0, 0x40000}, 0x40400c1)
syz_emit_ethernet(0x2a, &(0x7f0000000340)={@random="1ca12d394eaa", @empty, @void, {@ipv4={0x892f, @igmp={{0x5, 0x4, 0x1, 0x3, 0x1c, 0x66, 0x0, 0xa, 0x2, 0x0, @multicast2, @loopback}, {0x14, 0x5, 0x0, @multicast2}}}}}, 0x0)
recvmmsg(r1, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001e40)=""/174, 0xae}], 0x1, &(0x7f0000001fc0)=""/65, 0x41}, 0x1}], 0x1, 0x40002122, 0x0)
sendmsg$tipc(r1, &(0x7f0000000100)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x1, 0x2}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000000c0)="e8", 0x1}], 0x1}, 0x4800)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309)

2m15.131177235s ago: executing program 1 (id=6153):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x1, 0x5}, {}, {0x7, 0x3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x8, 0x4, 0x0, 0xa, 0xffffffff}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x404c000}, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r8 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r9, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000140)='\r', 0x1}], 0x1}, 0x4)

2m13.870961357s ago: executing program 1 (id=6160):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881)
r1 = dup(r0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000380), &(0x7f0000000140)=0x8)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x20001)
r6 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
fchdir(r7)
ioctl$SNDCTL_SEQ_THRESHOLD(r7, 0x4004510d, &(0x7f0000000040)=0x6)
ioctl$BLKFRASET(r5, 0x1264, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="6c00000010001fff010000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYRES32], 0x6c}}, 0x40)
sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000940)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b40)=ANY=[@ANYBLOB="500000001000370400000000ffdbdf2500000000", @ANYRES32=r9, @ANYBLOB="01f5050000000000300012800b00010067656e6576650000200002800500040001000000140007"], 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x40004)
sendto$packet(r2, 0x0, 0x0, 0x40800, &(0x7f0000000080)={0x11, 0x8100, r9, 0x1, 0x5, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x14)
fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f0000000000)=0x2)

1m58.885151263s ago: executing program 32 (id=6160):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881)
r1 = dup(r0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000380), &(0x7f0000000140)=0x8)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x20001)
r6 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
fchdir(r7)
ioctl$SNDCTL_SEQ_THRESHOLD(r7, 0x4004510d, &(0x7f0000000040)=0x6)
ioctl$BLKFRASET(r5, 0x1264, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="6c00000010001fff010000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYRES32], 0x6c}}, 0x40)
sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000940)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b40)=ANY=[@ANYBLOB="500000001000370400000000ffdbdf2500000000", @ANYRES32=r9, @ANYBLOB="01f5050000000000300012800b00010067656e6576650000200002800500040001000000140007"], 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x40004)
sendto$packet(r2, 0x0, 0x0, 0x40800, &(0x7f0000000080)={0x11, 0x8100, r9, 0x1, 0x5, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x14)
fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f0000000000)=0x2)

7.360990861s ago: executing program 0 (id=7437):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x2)
syz_emit_ethernet(0x4a, &(0x7f0000000780)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x14, 0x6, 0x1, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @local, {[], {{0x4e24, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x1100}}}}}}}, 0x0)

7.360469023s ago: executing program 0 (id=7439):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$KDFONTOP_SET(r0, 0x4b4b, &(0x7f0000000000)={0x4, 0x0, 0x3, 0x1d, 0x100, 0x0})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000040)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl1\x00', <r1=>0x0, 0x4, 0xc3, 0x0, 0x7, 0x1c, @ipv4={'\x00', '\xff\xff', @multicast2}, @mcast1, 0x8000, 0x7, 0x10000, 0x2dcc5b5}})
r2 = syz_open_procfs(0x0, &(0x7f0000002180)='coredump_filter\x00')
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r2)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000240)=0x14)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000280)={0x240, r3, 0x132, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_DEBUG_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}]}, @ETHTOOL_A_DEBUG_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x5122b46a}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x1}]}, @ETHTOOL_A_DEBUG_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x16c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x114, 0x3, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4fce5689}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '\x9c/}\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x400}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\xff\xff'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfd4}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7952}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\xff\xff'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, ',\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '[\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x20, 0x2, 'co}\x00S\x9a5\xc8 \xcaredum\xfc\vfi|\xb4Sx\x90ter\xdc'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x14, 0x2, 'coredump_filter\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_BITS={0x4c, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfff}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x101}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x12}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}]}, @ETHTOOL_A_DEBUG_MSGMASK={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x40}]}, @ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x240}, 0x1, 0x0, 0x0, 0x850}, 0x4001)
read$FUSE(r2, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x600, 0x74bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, 0x4900, 0x728ae}, [@IFLA_IFALIAS={0x14, 0x14, 'wg1\x00'}, @IFLA_NET_NS_FD={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10800}, 0x4080)
socket$inet_udplite(0x2, 0x2, 0x88)

7.310333113s ago: executing program 0 (id=7442):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000100)={0xc, r1})
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r0, 0x3b70, &(0x7f00000000c0)={0x19})
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000800)=@newtfilter={0x90, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x60, 0x2, [@TCA_BASIC_EMATCHES={0x5c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x4}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6b0f}}, @TCA_EMATCH_TREE_LIST={0x3c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x9, 0x1, 0xa}, {0x2, 0x4, 0x40, 0x4, 0xe, 0x0, 0x1}}}, @TCF_EM_META={0xc, 0x3, 0x0, 0x0, {{0xf, 0x4, 0x8}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x80, 0x7, 0x5}, {{0x4}, {0x0, 0x0, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}]}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)

7.309643658s ago: executing program 0 (id=7444):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$netlink(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)=ANY=[], 0x10}], 0x1, 0x0, 0x0, 0x4000880}, 0x4008000)
accept$nfc_llcp(r3, 0x0, 0x0)
r4 = openat$fb1(0xffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x3f, 0x0, 0x1, 0x3e, 0x0, 0x0, {}, {0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3})
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000000f8c0000000c0a01080000000000000000010000000900020073797a3200000000600003805c000080080003400000000250000b80200001800a00010071756f7461000000100002800c0001400000000000000000140001800c000100636f756e74657200000000000000058011e70000666c6f775f6f66666c6f6164000000000900010073797a30"], 0x110}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=@framed={{}, [@map_val={0x18, 0x0, 0x2, 0x0, r5}, @ldst={0x3, 0x0, 0x3}]}, &(0x7f0000000180)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r6 = landlock_create_ruleset(&(0x7f0000000040)={0x4a02, 0x3}, 0xb, 0x0)
landlock_restrict_self(r6, 0x0)
setreuid(0xee01, 0xffffffffffffffff)
faccessat2(0xffffffffffffffff, 0x0, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0), 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000380)='veno', 0x4)
r7 = semget$private(0x0, 0x3, 0x0)
semctl$GETALL(r7, 0x0, 0xd, &(0x7f0000000000)=""/124)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', <r8=>0x0, 0x29, 0x0, 0x0, 0x4, 0x8, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast1, 0x7, 0x10, 0x80, 0x5}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000400)={'ip_vti0\x00', &(0x7f00000003c0)={'syztnl2\x00', r8, 0x7800, 0x1, 0x200, 0x7, {{0x5, 0x4, 0x3, 0x36, 0x14, 0x65, 0x0, 0x6, 0x29, 0x0, @loopback, @multicast2}}}})
shutdown(r0, 0x1)

7.230502936s ago: executing program 0 (id=7445):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1808000000000000000000000300000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000002f000000b70900000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000180)=r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x143842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
close(r4)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000140)="ba", 0x1, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r6, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14)

5.680452916s ago: executing program 0 (id=7452):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x55)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f00000001c0)='X\x00', 0x2}], 0x1)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
open_by_handle_at(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="15000000fe00"], 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000001180)=0x2000000)
r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_IOC_PROTOVER(r3, 0x80049363, &(0x7f00000000c0))
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000700000061114c000000000085000000cf18000095"], &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x41100}, 0x94)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
gettid()
timer_create(0x2, 0x0, &(0x7f0000bbdffc))
mmap(&(0x7f000097b000/0x2000)=nil, 0x2000, 0xb, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15)
ioctl$SNDCTL_DSP_GETOPTR(r2, 0x800c5012, &(0x7f0000000200))
sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="4400000008060102000000000000000003000004020001000700000005000100070000000900020073797a31000000000900020073797a32000000000500010007000000"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x4040040)

4.279633877s ago: executing program 3 (id=7494):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000280)={<r4=>0x0, @in={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2e}}}, [0x1, 0x100000000, 0x5, 0x6, 0x3, 0x4, 0x5, 0x101, 0x3, 0x5, 0x8, 0x1, 0x6, 0xfffffffffffffffe, 0x9]}, &(0x7f0000000000)=0x100)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000140)={r4, 0x2}, 0x8)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70ad2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x1}, @TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r6 = socket$kcm(0x11, 0x3, 0x0)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), r2)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x44, r7, 0x120, 0x70bd2a, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xd8}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x44}, 0x1, 0x0, 0x0, 0x40830}, 0x8000)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x6fc84b579dfed949, 0x0)
close(r8)
r9 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r9, 0x1)
accept4$x25(r9, 0x0, 0x0, 0x80800)
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r10, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x4)

3.380400091s ago: executing program 2 (id=7499):
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', &(0x7f0000000080), 0x2000042, &(0x7f0000000000)=ANY=[@ANYBLOB="74d651000000000000746953238c1108dd570d6c5b162cf3d56f2c00"])
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
recvmsg$can_bcm(r0, &(0x7f00000008c0)={&(0x7f0000000140), 0x80, &(0x7f00000007c0)=[{&(0x7f00000001c0)=""/108, 0x6c}, {&(0x7f00000000c0)=""/17, 0x11}, {&(0x7f0000000240)=""/152, 0x98}, {&(0x7f0000000300)=""/115, 0x73}, {&(0x7f0000000440)=""/182, 0xb6}, {&(0x7f0000000380)=""/77, 0x4d}, {&(0x7f0000000500)=""/203, 0xcb}, {&(0x7f0000000600)=""/160, 0xa0}, {&(0x7f00000006c0)=""/123, 0x7b}, {&(0x7f0000000740)=""/65, 0x41}], 0xa, &(0x7f0000000880)=""/33, 0x21}, 0x0)

2.499477433s ago: executing program 2 (id=7509):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001b00)=@newqdisc={0x1d8, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1a8, 0x2, {{0x0, 0x0, 0x57b2}, [@TCA_NETEM_REORDER={0xc, 0x3, {0xdc, 0x3}}, @TCA_NETEM_LOSS={0xac, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x4, 0x2, 0x3e}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0x3, 0x2}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0xffffdb68, 0xf, 0x4}}, @NETEM_LOSS_GI={0x18, 0x1, {0x1000007, 0x1, 0x8, 0x1, 0x1ff}}, @NETEM_LOSS_GE={0x14, 0x2, {0x5, 0x8000000, 0x5}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x0, 0x5, 0x7, 0x1}}, @NETEM_LOSS_GE={0x14, 0x2, {0x6, 0xf, 0xa9c8}}, @NETEM_LOSS_GE={0x14, 0x2, {0x4, 0x0, 0x59, 0x2}}]}, @TCA_NETEM_LOSS={0xa8, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0xb, 0x1, {0x5, 0x3, 0x1, 0xedff, 0x4}}, @NETEM_LOSS_GI={0x18, 0x1, {0x9, 0x9, 0x7, 0xfffff000, 0x3a2}}, @NETEM_LOSS_GE={0x14, 0x2, {0x9, 0x4, 0x3, 0x9}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x4, 0x7, 0x2, 0x40}}, @NETEM_LOSS_GI={0x18, 0x1, {0xffffff54, 0x3, 0x1, 0x3c9, 0xc}}, @NETEM_LOSS_GI={0x18, 0x1, {0x1, 0x9da, 0x1, 0x141, 0xffff}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x40ae, 0x3, 0x3, 0x6}}]}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x7, 0x100, 0x40, 0x9, 0x2, 0x94}}]}}}]}, 0x1d8}}, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x15, 0x20, 0x301, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x1c}, 0x1, 0x0, 0x0, 0x240448d4}, 0x200088c0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000000))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'macvtap0\x00', <r5=>0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r7, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r8, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000400)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e000000000000000000180002800400010010000380"], 0x44}, 0x1, 0x0, 0x0, 0x200c4011}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'syztnl2\x00', &(0x7f0000000180)={'syztnl0\x00', <r10=>r5, 0x29, 0x4, 0x4e, 0x2, 0x40, @local, @empty, 0x29, 0x7800, 0x6, 0x10}})
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x28, r9, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}]}, 0x28}, 0x1, 0x0, 0x0, 0xd1}, 0x11)
r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r11, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400000008d7460001"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000300)={{r12}, &(0x7f0000000280), &(0x7f00000002c0)='%ps    \x00'}, 0x20)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="300000001c00010026bd70000400000007000000", @ANYRES32=r5, @ANYBLOB="8000b200ff01000180c2000002000006ff05000200000000"], 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x40800)

2.123411526s ago: executing program 3 (id=7498):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_open_dev$cec(&(0x7f0000002340), 0x0, 0x101441)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d083911000000000000a1180015000600142603600e120900210000000401a80016000400144006000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200), 0x10000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1, {0x2}}, './file0\x00'})
ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000100)=0x22)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_FD_FRAMES(r4, 0x65, 0x8, &(0x7f0000004400), &(0x7f0000002140)=0x4)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x4f)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
r6 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x213a, 0x13580, 0x0, 0x387}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000140)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r6, 0x0, 0x0})
io_uring_enter(r6, 0x14, 0xb9c, 0x2b, 0x0, 0x18)
syz_io_uring_setup(0x6370, &(0x7f0000000300)={0x0, 0xd809, 0x100, 0x1, 0x13c}, &(0x7f0000000380), &(0x7f0000000440))
r9 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r9, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be521634", 0xc}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0958730", 0x4c}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9", 0x68}], 0x3, 0x0, 0x0, 0x8000}], 0x1, 0x40800)
recvmsg$qrtr(r9, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f00000000c0)=""/52, 0x34}, {&(0x7f0000000540)=""/235, 0xeb}], 0x2, 0x0, 0x0, 0x10000}, 0x38, 0x40010000)
r10 = syz_open_dev$cec(&(0x7f00000002c0), 0x0, 0x800)
ioctl$CEC_S_MODE(r10, 0x40046109, &(0x7f0000001440)=0x82)
bind$bt_hci(r0, &(0x7f0000000180)={0x1f, 0xffff, 0x3}, 0x6)
bind$bt_hci(r0, &(0x7f00000001c0)={0x1f, 0x2, 0x4}, 0x6)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000040)='wg2\x00', 0x4)
write(r0, &(0x7f0000000000)="38000000010001", 0x7)

2.03052434s ago: executing program 3 (id=7513):
bind$alg(0xffffffffffffffff, 0x0, 0x0)
unshare(0x6a040000)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='romfs\x00', 0x201008, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
unshare(0x4000000)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'lo\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001400030500008000ffdbdf25020000fd", @ANYRES32=r3, @ANYBLOB="080002007f"], 0x20}, 0x1, 0x0, 0x0, 0x8090}, 0x48006)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e22, @broadcast}})

2.02854974s ago: executing program 2 (id=7514):
syz_emit_ethernet(0xdd, &(0x7f0000000480)={@local, @link_local, @void, {@llc={0x4, {@llc={0x2, 0xfc, "8fe9", "d6e0fd9edb849877b5db6e64cb5a1a29dc7fa5d7897cdd7eacc925bf9e37dd2ee4460402fbaba79774335cd29bd5378d484b067d491d533fb21dfba097473e6f9abdd442a9e1d474ca5631a56e24ae1ea0ba19746def54196e86b18155c6dbba8004279c7d46a5e1610022caf196b73ec72ad92a7d7891ee1df6be0131feda8dea2ff8e2bf834257688b054fe8262ddeafff560f192a382af8842b5a1f0e6a35bac9315db3f63c7133cd1800c8c35f3a5b68de38846833449202fb0c7a91541f8838d846242c182b68f4c7"}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x2, 0x1, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xb, 0x5}, {0xe, 0xfff2}, {0xa, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_INTERVAL={0x8, 0x3, 0x7}, @TCA_CODEL_ECN={0x8, 0x4, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44044}, 0x4048884)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x12d8)
write$binfmt_misc(r3, &(0x7f0000000000), 0xfffffecc)
splice(r2, 0x0, r4, 0x0, 0x4ffe6, 0x0)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4000}, 0x48)

1.958241972s ago: executing program 3 (id=7515):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x14, 0x2e, 0x21, 0x0, 0x0, {0x19}}, 0x14}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)=@vmx={0x0, 0x0, 0x2080, {0x0, 0x0, {}, 0x0, 0x2}})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="660f388084000072baf80c66b860b4498c66efbafc0c66b80e00000066ef64f30fc7b000100f850100f30fc7b1030066b9800000c00f326635000400000f30d2bc0a000f23c80f21f86635040040000f23f8b8f4008ee0", 0x57}], 0x1, 0x48, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0xd, &(0x7f0000000140)=[@cstype3={0x5, 0x7}], 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x28, 0x0, 0x0, 0xfff7f038}, {0x6}]}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7})
faccessat2(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x6, 0x1000)

1.75008354s ago: executing program 3 (id=7517):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000001114010025bd7080fbdbd6a2b78ce37e835cde54"], 0x18}, 0x1, 0x0, 0x0, 0x4040084}, 0x40)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x18, r2, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000040}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, 0x1409, 0x100, 0x70bd2a, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x44001)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010025bd700000000000070000000c00018005000200010000"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x8)

1.749906467s ago: executing program 3 (id=7518):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1808000000000000000000000300000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000002f000000b70900000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x143842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
close(r3)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r6, &(0x7f0000000140)="ba", 0x1, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r5, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14)

1.698158737s ago: executing program 4 (id=7519):
sendmsg$MPTCP_PM_CMD_SET_FLAGS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x0, 0x900, 0x4, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x90)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
bpf$PROG_LOAD(0x5, &(0x7f0000001e00)={0x3, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="7912b8000000000061138c0000000000bf2000000000000015000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x700, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0x7ffffff}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c)

1.130639635s ago: executing program 2 (id=7520):
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x301, 0x0)
writev(r0, &(0x7f00000005c0)=[{&(0x7f0000000280)="99dd7ab112feae7132448bb8daedc9cde123c30fd80a", 0x16}], 0x1)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000600)=0x3)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x7d)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00'})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000002100000008000300", @ANYRES64, @ANYBLOB="10007d8005"], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)

320.669054ms ago: executing program 4 (id=7521):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000380)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x58, 0x2c, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, {[@hopopts={0x3a}], @pkt_toobig={0x2, 0x0, 0x0, 0x4, {0x8, 0x6, "cd85b5", 0x7, 0x84, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, [], "aad25a7f302d4579b298392ccf95e1e48f10658b1a1c7edc1ffd13d9ccbf356d"}}}}}}}, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000080)={'syz1\x00', {0x0, 0x1}, 0x2, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x100000, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x80000000, 0xff, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x9, 0x200000, 0x0, 0x7fc, 0xf, 0x0, 0x2000079, 0x800400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x4, 0x0, 0xffffffff, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771, 0x7], [0xc35, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x2, 0xfffffffc, 0x1, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x7, 0xfffffffc, 0x8, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x70, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x2, 0x0, 0xfffffffc, 0x4, 0x0, 0x7fff, 0x0, 0x0, 0x7fff], [0x10000002, 0xfffffffc, 0x6, 0x6, 0x0, 0x1, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x80000800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x100000, 0x8001, 0x80, 0x0, 0xffffffff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r1, 0x6, 0x19, 0x0, &(0x7f0000001200))
ioctl$UI_DEV_DESTROY(r0, 0x5502)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff, {0x2}}, './file0\x00'})
r3 = socket$pptp(0x18, 0x1, 0x2)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000500)={r3})

320.227974ms ago: executing program 2 (id=7522):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {0xff}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0xffffffffffffff9b)
getpid()
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0, 0xf4}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
getsockname$packet(r3, &(0x7f00000001c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000300)='/dev/bsg/0:0:0:0\x00', 0x0, 0x0)
ioctl$BSG_IO(r5, 0x2285, &(0x7f0000001540)={0x51, 0x0, 0x0, 0x1, &(0x7f00000003c0)='\f', 0x8, 0x0, 0xffffff13, 0x1000, 0x60, &(0x7f0000000400), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x30, 0x0, 0xfffffbff})
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000804003001c0012800b00010067726574617000000c00028008000700bc145f3c08000a00", @ANYRES32=r4], 0x44}}, 0x804)
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r7)
getsockname$packet(r7, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000040)="e06921e8682d85ff9782762f86dd", 0x0, 0xc7d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x5, &(0x7f00000007c0)=@framed={{0x18, 0x2}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa}]}, &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x58a}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r9, @ANYRES32=r10, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r9, &(0x7f0000000440), &(0x7f0000000040)=@udp=r8}, 0x20)
bind$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b142b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c04594282423424d00", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94)
r11 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r11, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r8, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000800)=""/4096, 0x1000}], 0x1}, 0xb}], 0x12, 0x40000021, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5)
sendto$packet(r6, &(0x7f0000000040)="2717a90af1a30d71286f47000000", 0xe, 0x40000, &(0x7f0000000180)={0x11, 0x16, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14)

320.043934ms ago: executing program 4 (id=7523):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r3=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x60, r2, 0x1, 0x70bd2d, 0x25dfdc01, {}, [{{0x8, 0x1, r3}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x10001}}, {0x8, 0x6, r1}}}]}}]}, 0x60}, 0x1, 0x400000000000000}, 0x4044804)

250.832287ms ago: executing program 4 (id=7524):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001c000000bca3000000000000240300003ffeffff620a00fef8ffffff71a400fe000000001f03000000000000e5000600000000002604fdffff02000015010000033800001d13fcff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000100), 0xffffffffffffff97, 0x10, &(0x7f00000000c0)={0x0, 0x3}, 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x1a}, 0x48)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x202000, 0x0)
write$cgroup_devices(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0700a3fcf070d1ff"], 0xffdd)

250.669538ms ago: executing program 4 (id=7525):
r0 = socket$kcm(0x23, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
recvmmsg(r0, &(0x7f0000004140)=[{{0x0, 0xfffffffffffffe2f, 0x0}, 0x40000004}], 0x1, 0x63000000, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000240)=0x9, 0x4)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff00000065"], 0x78)

272.539µs ago: executing program 4 (id=7526):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25d7dbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x10, 0x8, 0x8, 0x8, 0x81}, 0x103, 0x0, 0x7, 0x7, 0x7, 0xa, 0x12, 0x7, 0x7, 0x3, {0x3, 0x2, 0x3, 0x35db, 0x2, 0x6}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40188c0}, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r6, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x3d1, 0x3, 0x5, 0x6, 0x6}, 0x38}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0xc804}, 0x2)
close(r4)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000600), 0x56)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$kcm(r3, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r8, 0x42}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)="27030200000314000e00003c000300000000ff8400000000000880000000000000060000000085dc9d9839dc1336", 0x2e}], 0x1}, 0x4005)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r5, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000640)={0x120, 0x0, 0x300, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xffff}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x60, 0xbe, "93bed8817c27da4f53487d1545894e6002255d8a815c88977ea68557a2cc287a8b34867d476dfbd145d1a5057f77668bb49645ce821298bb569582f7bed7bf1fbf81c50913544393af5a86fa9073aad990e8b50cc10292d6a4a292c5"}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x34e}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x3}, @NL80211_ATTR_STA_EXT_CAPABILITY={0x60, 0xac, "2b8d895e8e3f04c81cef62c2d1104c3dd575499dfec3f7078514dfc21ed35438dcc5bc2f91451b38d6ec0cf6ab524047bdf8ff8fba2a501d797e1c00ce0cff71d7de0c722ed1f8c5ff453abf6a87e3a91b1f431c6389d068a04d445a"}, @NL80211_ATTR_STA_WME={0x24, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xb}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x6}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x5}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x1}]}]}, 0x120}, 0x1, 0x0, 0x0, 0x4818}, 0x44810)

0s ago: executing program 2 (id=7527):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90)
syz_emit_ethernet(0x32, &(0x7f0000000000)={@link_local, @empty, @val={@val={0x88a8, 0x0, 0x1, 0x2}, {0x8100, 0x5}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0xf, 0x1c, 0x0, 0x0, 0x80, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
ioctl$SIOCSIFHWADDR(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r1, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000001200)=[{}], 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

0s ago: executing program 3 (id=7528):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYRES64], 0x7c}, 0x1, 0x0, 0x0, 0x40884}, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040), 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000640)=@framed={{}, [@map_fd={0x18, 0x0, 0x2, 0x0, r1}, @ldst={0x1, 0x2, 0x3, 0x0, 0x0, 0x18b}]}, &(0x7f0000000d40)='syzkaller\x00'}, 0x94)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a09040000000000000000020000032400048020000180080001006c6f670014000280080006400000003b070002402efa00000900010073797a30000000000900020073797a32"], 0x78}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
r2 = socket(0x28, 0x5, 0x0)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000000)={'veth1_macvtap\x00', 0x44})
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYRES64], 0x7c}, 0x1, 0x0, 0x0, 0x40884}, 0x0) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040), 0x50) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000640)=@framed={{}, [@map_fd={0x18, 0x0, 0x2, 0x0, r1}, @ldst={0x1, 0x2, 0x3, 0x0, 0x0, 0x18b}]}, &(0x7f0000000d40)='syzkaller\x00'}, 0x94) (async)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a09040000000000000000020000032400048020000180080001006c6f670014000280080006400000003b070002402efa00000900010073797a30000000000900020073797a32"], 0x78}, 0x1, 0x0, 0x0, 0x40010}, 0x0) (async)
socket(0x28, 0x5, 0x0) (async)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000000)={'veth1_macvtap\x00', 0x44}) (async)

kernel console output (not intermixed with test programs):

0000000000000001
[  622.421905][T27353] R13: 00007f6797416038 R14: 00007f6797415fa0 R15: 00007ffd37bfb648
[  622.421923][T27353]  </TASK>
[  622.476256][T27361] [U] V�3��Fپ"S��/��4:�XTZ�W�T��LW��=
[  622.510741][T27354] [U] J"�E:��"


[  622.523665][T27363] netlink: 'syz.2.6833': attribute type 1 has an invalid length.
[  622.527348][T26994] usb 5-1: reset high-speed USB device number 26 using dummy_hcd
[  622.540872][T27366] openvswitch: netlink: IP tunnel TTL not specified.
[  622.556083][T27363] 8021q: adding VLAN 0 to HW filter on device bond2
[  622.559874][T27363] bond1: (slave bond2): making interface the new active one
[  622.564473][T27363] bond1: (slave bond2): Enslaving as an active interface with an up link
[  622.577465][T27363] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6833'.
[  622.581610][T27363] bond1: entered promiscuous mode
[  622.583712][T27363] bond2: entered promiscuous mode
[  622.586420][T27363] bond1: entered allmulticast mode
[  622.588729][T27363] bond2: entered allmulticast mode
[  622.591797][T27363] 8021q: adding VLAN 0 to HW filter on device bond1
[  622.597264][T27363] netlink: 'syz.2.6833': attribute type 2 has an invalid length.
[  622.602003][T27370] syzkaller0: entered promiscuous mode
[  622.603782][T27370] syzkaller0: entered allmulticast mode
[  622.665260][T26994] usb 5-1: device descriptor read/64, error -32
[  622.703773][   T40] audit: type=1326 audit(1771113619.180:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27377 comm="syz.3.6838" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f976259bf79 code=0x0
[  622.753675][   T40] audit: type=1326 audit(1771113619.230:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27377 comm="syz.3.6838" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f976259bf79 code=0x0
[  622.771338][T27384] [U] 
[  622.779241][   T40] audit: type=1400 audit(1771113619.260:642): avc:  denied  { getopt } for  pid=27383 comm="syz.2.6839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  622.905371][T26994] usb 5-1: reset high-speed USB device number 26 using dummy_hcd
[  622.925474][T26994] usb 5-1: device descriptor read/8, error -32
[  623.165763][T26994] usb 5-1: reset high-speed USB device number 26 using dummy_hcd
[  623.170964][T27410] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6844'.
[  623.173710][T27410] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6844'.
[  623.198300][T26994] usb 5-1: device descriptor read/8, error -32
[  623.305462][T26994] raw-gadget.0 gadget.0: failed to queue suspend event
[  623.309468][T20282] usb 5-1: USB disconnect, device number 26
[  623.325278][T26994] raw-gadget.0 gadget.0: failed to queue disconnect event
[  623.755956][T27443] syzkaller0: entered promiscuous mode
[  623.758305][T27443] syzkaller0: entered allmulticast mode
[  623.860822][T27446] syzkaller0: entered promiscuous mode
[  623.862594][T27446] syzkaller0: entered allmulticast mode
[  624.049013][T27454] syzkaller0: entered promiscuous mode
[  624.050992][T27454] syzkaller0: entered allmulticast mode
[  624.161697][T27457] FAULT_INJECTION: forcing a failure.
[  624.161697][T27457] name failslab, interval 1, probability 0, space 0, times 0
[  624.167098][T27457] CPU: 1 UID: 0 PID: 27457 Comm: syz.0.6859 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  624.167126][T27457] Tainted: [L]=SOFTLOCKUP
[  624.167133][T27457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  624.167143][T27457] Call Trace:
[  624.167150][T27457]  <TASK>
[  624.167156][T27457]  dump_stack_lvl+0x100/0x190
[  624.167188][T27457]  should_fail_ex.cold+0x5/0xa
[  624.167211][T27457]  should_failslab+0xc2/0x120
[  624.167238][T27457]  __kvmalloc_node_noprof+0xfa/0xa00
[  624.167260][T27457]  ? page_pool_create_percpu+0x2e0/0xcd0
[  624.167291][T27457]  page_pool_create_percpu+0x2e0/0xcd0
[  624.167321][T27457]  bpf_test_run_xdp_live+0x192/0x760
[  624.167340][T27457]  ? __mutex_unlock_slowpath+0x15c/0x790
[  624.167364][T27457]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  624.167385][T27457]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  624.167408][T27457]  ? __pfx___schedule+0x10/0x10
[  624.167425][T27457]  ? find_held_lock+0x2b/0x80
[  624.167453][T27457]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  624.167491][T27457]  ? 0xffffffffa0206480
[  624.167507][T27457]  ? 0xffffffffa0206480
[  624.167521][T27457]  ? bpf_dispatcher_change_prog+0x2dc/0xa60
[  624.167556][T27457]  bpf_prog_test_run_xdp+0xd7d/0x1670
[  624.167588][T27457]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  624.167616][T27457]  ? fput+0x79/0x100
[  624.167632][T27457]  ? __bpf_prog_get+0x97/0x2a0
[  624.167652][T27457]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  624.167673][T27457]  __sys_bpf+0x1725/0x4b90
[  624.167692][T27457]  ? __pfx___sys_bpf+0x10/0x10
[  624.167705][T27457]  ? proc_fail_nth_write+0x9f/0x220
[  624.167723][T27457]  ? find_held_lock+0x2b/0x80
[  624.167746][T27457]  ? find_held_lock+0x2b/0x80
[  624.167764][T27457]  ? ksys_write+0x190/0x250
[  624.167790][T27457]  ? __mutex_unlock_slowpath+0x15c/0x790
[  624.167810][T27457]  ? __fget_files+0x215/0x3d0
[  624.167846][T27457]  ? fput+0x79/0x100
[  624.167862][T27457]  ? ksys_write+0x1ac/0x250
[  624.167884][T27457]  ? __pfx_ksys_write+0x10/0x10
[  624.167912][T27457]  __x64_sys_bpf+0x7b/0xc0
[  624.167928][T27457]  ? lockdep_hardirqs_on+0x78/0x100
[  624.167950][T27457]  do_syscall_64+0x106/0xf80
[  624.167970][T27457]  ? clear_bhb_loop+0x40/0x90
[  624.167991][T27457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.168009][T27457] RIP: 0033:0x7f97ec39bf79
[  624.168024][T27457] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  624.168041][T27457] RSP: 002b:00007f97ed22d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  624.168059][T27457] RAX: ffffffffffffffda RBX: 00007f97ec615fa0 RCX: 00007f97ec39bf79
[  624.168071][T27457] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  624.168081][T27457] RBP: 00007f97ed22d090 R08: 0000000000000000 R09: 0000000000000000
[  624.168097][T27457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  624.168107][T27457] R13: 00007f97ec616038 R14: 00007f97ec615fa0 R15: 00007fff820dd8c8
[  624.168131][T27457]  </TASK>
[  624.168139][T27457] page_pool_create_percpu() gave up with errno -12
[  624.188415][   T40] audit: type=1400 audit(1771113620.670:643): avc:  denied  { write } for  pid=27458 comm="syz.2.6860" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  624.188456][T27459] random: crng reseeded on system resumption
[  624.354673][T27468] syzkaller0: entered promiscuous mode
[  624.356646][T27468] syzkaller0: entered allmulticast mode
[  624.394348][T27465] syzkaller0: entered promiscuous mode
[  624.396885][T27465] syzkaller0: entered allmulticast mode
[  624.703001][T27481] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  624.710582][T27481] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  624.714628][T27481] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  624.718592][T27481] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  624.783820][T27486] FAULT_INJECTION: forcing a failure.
[  624.783820][T27486] name failslab, interval 1, probability 0, space 0, times 0
[  624.788363][T27486] CPU: 0 UID: 0 PID: 27486 Comm: syz.3.6871 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  624.788383][T27486] Tainted: [L]=SOFTLOCKUP
[  624.788387][T27486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  624.788394][T27486] Call Trace:
[  624.788399][T27486]  <TASK>
[  624.788404][T27486]  dump_stack_lvl+0x100/0x190
[  624.788427][T27486]  should_fail_ex.cold+0x5/0xa
[  624.788443][T27486]  ? taprio_init+0x2ee/0x920
[  624.788459][T27486]  should_failslab+0xc2/0x120
[  624.788477][T27486]  __kmalloc_noprof+0xe0/0x850
[  624.788495][T27486]  taprio_init+0x2ee/0x920
[  624.788511][T27486]  ? do_syscall_64+0x106/0xf80
[  624.788525][T27486]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.788539][T27486]  ? lockdep_init_map_type+0x5c/0x250
[  624.788558][T27486]  ? __pfx_taprio_init+0x10/0x10
[  624.788576][T27486]  ? qdisc_alloc+0x81b/0xb30
[  624.788590][T27486]  ? __pfx_taprio_init+0x10/0x10
[  624.788607][T27486]  qdisc_create+0x47b/0x1090
[  624.788626][T27486]  tc_modify_qdisc+0xdcf/0x2120
[  624.788644][T27486]  ? __mutex_lock+0x26a/0x1b90
[  624.788660][T27486]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  624.788678][T27486]  ? __lock_acquire+0x4a5/0x2630
[  624.788705][T27486]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  624.788723][T27486]  rtnetlink_rcv_msg+0x3c9/0xe90
[  624.788739][T27486]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  624.788757][T27486]  ? ref_tracker_free+0x37e/0x6c0
[  624.788773][T27486]  netlink_rcv_skb+0x159/0x420
[  624.788788][T27486]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  624.788803][T27486]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  624.788823][T27486]  ? netlink_deliver_tap+0x1ae/0xcc0
[  624.788840][T27486]  netlink_unicast+0x5aa/0x870
[  624.788857][T27486]  ? __pfx_netlink_unicast+0x10/0x10
[  624.788877][T27486]  netlink_sendmsg+0x8b0/0xda0
[  624.788894][T27486]  ? __pfx_netlink_sendmsg+0x10/0x10
[  624.788909][T27486]  ? __might_fault+0x20/0x140
[  624.788927][T27486]  ____sys_sendmsg+0xa54/0xc30
[  624.788944][T27486]  ? __pfx_____sys_sendmsg+0x10/0x10
[  624.788967][T27486]  ___sys_sendmsg+0x190/0x1e0
[  624.788985][T27486]  ? __pfx____sys_sendmsg+0x10/0x10
[  624.789019][T27486]  __sys_sendmsg+0x170/0x220
[  624.789032][T27486]  ? __pfx___sys_sendmsg+0x10/0x10
[  624.789054][T27486]  do_syscall_64+0x106/0xf80
[  624.789067][T27486]  ? clear_bhb_loop+0x40/0x90
[  624.789081][T27486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.789093][T27486] RIP: 0033:0x7f976259bf79
[  624.789104][T27486] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  624.789115][T27486] RSP: 002b:00007f9763415028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  624.789127][T27486] RAX: ffffffffffffffda RBX: 00007f9762815fa0 RCX: 00007f976259bf79
[  624.789134][T27486] RDX: 0000000000000000 RSI: 00002000000012c0 RDI: 0000000000000006
[  624.789141][T27486] RBP: 00007f9763415090 R08: 0000000000000000 R09: 0000000000000000
[  624.789147][T27486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  624.789153][T27486] R13: 00007f9762816038 R14: 00007f9762815fa0 R15: 00007fff31f9c5f8
[  624.789168][T27486]  </TASK>
[  624.990553][T27494] syzkaller0: entered promiscuous mode
[  624.992579][T27494] syzkaller0: entered allmulticast mode
[  625.166752][T27501] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6877'.
[  625.204788][T27504] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6878'.
[  625.257718][T27507] syzkaller0: entered allmulticast mode
[  625.273096][T27509] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  625.273097][   T40] audit: type=1400 audit(1771113621.750:644): avc:  denied  { getattr } for  pid=27508 comm="syz.2.6880" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  625.404761][T27512] syzkaller1: entered promiscuous mode
[  625.406820][T27512] syzkaller1: entered allmulticast mode
[  625.616065][T27523] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6884'.
[  625.631386][T27523] xt_hashlimit: invalid rate
[  625.681742][T27525] syzkaller0: entered promiscuous mode
[  625.683650][T27525] syzkaller0: entered allmulticast mode
[  626.109952][T27536] random: crng reseeded on system resumption
[  626.109984][   T40] audit: type=1400 audit(1771113878.588:645): avc:  denied  { ioctl } for  pid=27535 comm="syz.0.6890" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  626.127466][T27536] futex_wake_op: syz.0.6890 tries to shift op by -1; fix this program
[  626.131380][T27536] syzkaller0: entered promiscuous mode
[  626.133378][T27536] syzkaller0: entered allmulticast mode
[  626.201785][T27539] FAULT_INJECTION: forcing a failure.
[  626.201785][T27539] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  626.208891][T27539] CPU: 3 UID: 0 PID: 27539 Comm: syz.2.6891 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  626.208921][T27539] Tainted: [L]=SOFTLOCKUP
[  626.208928][T27539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  626.208938][T27539] Call Trace:
[  626.208945][T27539]  <TASK>
[  626.208952][T27539]  dump_stack_lvl+0x100/0x190
[  626.208987][T27539]  should_fail_ex.cold+0x5/0xa
[  626.209011][T27539]  _copy_from_iter+0x1f4/0x1690
[  626.209034][T27539]  ? kmalloc_reserve+0xf9/0x350
[  626.209060][T27539]  ? __pfx__copy_from_iter+0x10/0x10
[  626.209079][T27539]  ? __alloc_skb+0x4e9/0x710
[  626.209098][T27539]  ? skb_page_frag_refill+0x2fc/0x5b0
[  626.209126][T27539]  ? sk_page_frag_refill+0x6c/0x340
[  626.209154][T27539]  kcm_sendmsg+0xe1c/0x2fe0
[  626.209190][T27539]  ? __pfx_kcm_sendmsg+0x10/0x10
[  626.209220][T27539]  __sys_sendto+0x4aa/0x520
[  626.209240][T27539]  ? __pfx___sys_sendto+0x10/0x10
[  626.209275][T27539]  ? count_memcg_events_mm.constprop.0+0xfa/0x2a0
[  626.209301][T27539]  ? count_memcg_events_mm.constprop.0+0xfa/0x2a0
[  626.209345][T27539]  __x64_sys_sendto+0xe0/0x1c0
[  626.209362][T27539]  ? do_syscall_64+0x95/0xf80
[  626.209383][T27539]  ? lockdep_hardirqs_on+0x78/0x100
[  626.209404][T27539]  do_syscall_64+0x106/0xf80
[  626.209424][T27539]  ? clear_bhb_loop+0x40/0x90
[  626.209446][T27539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.209464][T27539] RIP: 0033:0x7f679715c84e
[  626.209480][T27539] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  626.209496][T27539] RSP: 002b:00007f6798108e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  626.209514][T27539] RAX: ffffffffffffffda RBX: 00007f679810a6c0 RCX: 00007f679715c84e
[  626.209526][T27539] RDX: 0000000000000020 RSI: 00007f6798109000 RDI: 0000000000000006
[  626.209536][T27539] RBP: 0000000000000000 R08: 00007f6798108f04 R09: 000000000000000c
[  626.209547][T27539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  626.209557][T27539] R13: 00007f6798108f58 R14: 00007f6798109000 R15: 0000000000000000
[  626.209583][T27539]  </TASK>
[  626.543193][T27550] ip6_vti0: entered promiscuous mode
[  626.848901][   T40] audit: type=1400 audit(1771113879.328:646): avc:  denied  { accept } for  pid=27565 comm="syz.0.6900" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  626.881632][T27566] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  626.963169][T27566] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.060549][T27566] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.155073][T27566] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.262968][  T439] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  627.273114][  T439] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  627.280742][  T439] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  627.289597][  T439] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  627.325708][T27585] syzkaller0: entered promiscuous mode
[  627.327429][T27585] syzkaller0: entered allmulticast mode
[  627.366418][T27587] syzkaller0: entered promiscuous mode
[  627.369710][T27587] syzkaller0: entered allmulticast mode
[  628.021093][ T5334] udevd[5334]: worker [24021] /devices/virtual/block/nbd1 is taking a long time
[  628.385198][ T1341] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  628.557392][ T1341] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  628.561417][ T1341] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  628.562398][T27607] overlayfs: failed to clone upperpath
[  628.565208][ T1341] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  628.565235][ T1341] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  628.565274][ T1341] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  628.578588][ T1341] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  628.583044][ T1341] usb 8-1: config 0 descriptor??
[  628.653495][T27613] bridge2: entered promiscuous mode
[  628.931499][T27635] FAULT_INJECTION: forcing a failure.
[  628.931499][T27635] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  628.936671][T27635] CPU: 0 UID: 0 PID: 27635 Comm: syz.2.6924 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  628.936691][T27635] Tainted: [L]=SOFTLOCKUP
[  628.936695][T27635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  628.936702][T27635] Call Trace:
[  628.936706][T27635]  <TASK>
[  628.936711][T27635]  dump_stack_lvl+0x100/0x190
[  628.936733][T27635]  should_fail_ex.cold+0x5/0xa
[  628.936748][T27635]  _copy_to_user+0x32/0xd0
[  628.936762][T27635]  simple_read_from_buffer+0xcb/0x170
[  628.936780][T27635]  proc_fail_nth_read+0x1af/0x230
[  628.936800][T27635]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  628.936820][T27635]  ? rw_verify_area+0xce/0x6d0
[  628.936834][T27635]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  628.936853][T27635]  vfs_read+0x1e4/0xb30
[  628.936870][T27635]  ? __pfx_vfs_read+0x10/0x10
[  628.936886][T27635]  ? __fget_files+0x215/0x3d0
[  628.936906][T27635]  ? __fget_files+0x21f/0x3d0
[  628.936927][T27635]  ksys_read+0x12a/0x250
[  628.936942][T27635]  ? __pfx_ksys_read+0x10/0x10
[  628.936961][T27635]  do_syscall_64+0x106/0xf80
[  628.936975][T27635]  ? clear_bhb_loop+0x40/0x90
[  628.936989][T27635]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.937001][T27635] RIP: 0033:0x7f679715c84e
[  628.937011][T27635] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  628.937022][T27635] RSP: 002b:00007f679812afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  628.937033][T27635] RAX: ffffffffffffffda RBX: 00007f679812b6c0 RCX: 00007f679715c84e
[  628.937040][T27635] RDX: 000000000000000f RSI: 00007f679812b0a0 RDI: 0000000000000005
[  628.937047][T27635] RBP: 00007f679812b090 R08: 0000000000000000 R09: 0000000000000000
[  628.937053][T27635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  628.937060][T27635] R13: 00007f6797416038 R14: 00007f6797415fa0 R15: 00007ffd37bfb648
[  628.937074][T27635]  </TASK>
[  629.018025][ T1341] usbhid 8-1:0.0: can't add hid device: -71
[  629.020461][ T1341] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  629.026446][ T1341] usb 8-1: USB disconnect, device number 16
[  629.035638][   T40] audit: type=1400 audit(1771113881.508:647): avc:  denied  { ioctl } for  pid=27638 comm="syz.2.6925" path="socket:[98000]" dev="sockfs" ino=98000 ioctlcmd=0x8981 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  629.043565][   T40] audit: type=1400 audit(1771113881.518:648): avc:  denied  { ioctl } for  pid=27638 comm="syz.2.6925" path="socket:[97086]" dev="sockfs" ino=97086 ioctlcmd=0x4942 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  629.097332][T27647] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6929'.
[  629.103244][T27645] syzkaller0: entered promiscuous mode
[  629.105070][T27645] syzkaller0: entered allmulticast mode
[  629.341085][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  629.343796][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  629.373251][T27668] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6935'.
[  629.661356][T27681] xt_hashlimit: size too large, truncated to 1048576
[  629.751897][T27685] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode
[  629.754379][T27685] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode
[  629.813009][T27689] mac80211_hwsim hwsim30 syzkaller0: left promiscuous mode
[  629.815668][T27689] mac80211_hwsim hwsim30 syzkaller0: left allmulticast mode
[  629.849503][T27691] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode
[  629.852033][T27691] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode
[  629.918245][   T40] audit: type=1400 audit(1771113882.398:649): avc:  denied  { append } for  pid=27694 comm="syz.3.6944" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  629.965409][T27697] FAULT_INJECTION: forcing a failure.
[  629.965409][T27697] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  629.970776][T27697] CPU: 3 UID: 0 PID: 27697 Comm: syz.3.6945 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  629.970816][T27697] Tainted: [L]=SOFTLOCKUP
[  629.970822][T27697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  629.970832][T27697] Call Trace:
[  629.970840][T27697]  <TASK>
[  629.970847][T27697]  dump_stack_lvl+0x100/0x190
[  629.970879][T27697]  should_fail_ex.cold+0x5/0xa
[  629.970902][T27697]  _copy_from_user+0x2e/0xd0
[  629.970921][T27697]  copy_msghdr_from_user+0x9f/0x4f0
[  629.970947][T27697]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  629.971002][T27697]  ? rcu_is_watching+0x12/0xc0
[  629.971019][T27697]  ? ___sys_sendmsg+0x19d/0x1e0
[  629.971042][T27697]  ? kfree+0x2ec/0x6b0
[  629.971058][T27697]  ? find_held_lock+0x2b/0x80
[  629.971077][T27697]  ? count_memcg_events_mm.constprop.0+0xfa/0x2a0
[  629.971104][T27697]  ___sys_sendmsg+0x106/0x1e0
[  629.971130][T27697]  ? __pfx____sys_sendmsg+0x10/0x10
[  629.971152][T27697]  ? do_user_addr_fault+0x7de/0x12f0
[  629.971183][T27697]  ? irqentry_exit+0x180/0x670
[  629.971214][T27697]  ? __pfx___might_resched+0x10/0x10
[  629.971237][T27697]  __sys_sendmmsg+0x205/0x430
[  629.971267][T27697]  ? __pfx___sys_sendmmsg+0x10/0x10
[  629.971295][T27697]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  629.971326][T27697]  ? fput+0x79/0x100
[  629.971342][T27697]  ? ksys_write+0x1ac/0x250
[  629.971363][T27697]  ? __pfx_ksys_write+0x10/0x10
[  629.971389][T27697]  __x64_sys_sendmmsg+0x9c/0x100
[  629.971407][T27697]  ? lockdep_hardirqs_on+0x78/0x100
[  629.971426][T27697]  do_syscall_64+0x106/0xf80
[  629.971445][T27697]  ? clear_bhb_loop+0x40/0x90
[  629.971465][T27697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  629.971484][T27697] RIP: 0033:0x7f976259bf79
[  629.971499][T27697] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  629.971514][T27697] RSP: 002b:00007f9763415028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  629.971532][T27697] RAX: ffffffffffffffda RBX: 00007f9762815fa0 RCX: 00007f976259bf79
[  629.971543][T27697] RDX: 07fffffffffffd33 RSI: 0000200000004d00 RDI: 0000000000000003
[  629.971553][T27697] RBP: 00007f9763415090 R08: 0000000000000000 R09: 0000000000000000
[  629.971563][T27697] R10: 0000000020000890 R11: 0000000000000246 R12: 0000000000000001
[  629.971572][T27697] R13: 00007f9762816038 R14: 00007f9762815fa0 R15: 00007fff31f9c5f8
[  629.971594][T27697]  </TASK>
[  630.165546][ T5932] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  630.170543][ T5932] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  630.174526][ T5932] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  630.180097][ T5932] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  630.182839][ T5932] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  630.299766][T27701] chnl_net:caif_netlink_parms(): no params data found
[  630.344407][T27701] bridge0: port 1(bridge_slave_0) entered blocking state
[  630.346678][T27701] bridge0: port 1(bridge_slave_0) entered disabled state
[  630.348715][T27701] bridge_slave_0: entered allmulticast mode
[  630.351283][T27701] bridge_slave_0: entered promiscuous mode
[  630.354286][T27701] bridge0: port 2(bridge_slave_1) entered blocking state
[  630.356489][T27701] bridge0: port 2(bridge_slave_1) entered disabled state
[  630.358696][T27701] bridge_slave_1: entered allmulticast mode
[  630.361167][T27701] bridge_slave_1: entered promiscuous mode
[  630.376520][T27701] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  630.380742][T27701] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  630.423328][T27701] team0: Port device team_slave_0 added
[  630.427185][T27701] team0: Port device team_slave_1 added
[  630.442113][T27701] batman_adv: batadv0: Adding interface: batadv_slave_0
[  630.444479][T27701] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  630.452661][T27701] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  630.457246][T27701] batman_adv: batadv0: Adding interface: batadv_slave_1
[  630.459491][T27701] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  630.475179][T27701] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  630.498646][T27701] hsr_slave_0: entered promiscuous mode
[  630.500911][T27701] hsr_slave_1: entered promiscuous mode
[  630.503029][T27701] debugfs: 'hsr0' already exists in 'hsr'
[  630.504866][T27701] Cannot create hsr debugfs directory
[  631.021010][ T1142] bridge_slave_1: left allmulticast mode
[  631.022926][ T1142] bridge_slave_1: left promiscuous mode
[  631.025457][ T1142] bridge0: port 2(bridge_slave_1) entered disabled state
[  631.030555][ T1142] bridge_slave_0: left allmulticast mode
[  631.032828][ T1142] bridge_slave_0: left promiscuous mode
[  631.035445][ T1142] bridge0: port 1(bridge_slave_0) entered disabled state
[  631.152875][ T1142] batman_adv: batadv0: Removing interface: gretap1
[  631.390343][ T1142] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  631.395933][ T1142] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  631.400568][ T1142] bond0 (unregistering): Released all slaves
[  631.408703][ T1142] bond1 (unregistering): (slave bond2): Releasing backup interface
[  631.412243][ T1142] bond2 (unregistering): left promiscuous mode
[  631.414910][ T1142] bond2 (unregistering): left allmulticast mode
[  631.419633][ T1142] bond1 (unregistering): Released all slaves
[  631.428564][ T1142] bond2 (unregistering): Released all slaves
[  631.446000][T27746] mac80211_hwsim hwsim30 syzkaller0: left promiscuous mode
[  631.446261][   T40] audit: type=1400 audit(1771113883.928:650): avc:  denied  { execute } for  pid=27737 comm="syz.3.6958" path="/selinux/status" dev="selinuxfs" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=file permissive=1
[  631.448451][T27746] mac80211_hwsim hwsim30 syzkaller0: left allmulticast mode
[  631.543826][ T1142] tipc: Left network mode
[  631.874233][ T1142] hsr_slave_0: left promiscuous mode
[  631.878907][ T1142] hsr_slave_1: left promiscuous mode
[  631.881747][ T1142] batman_adv: batadv0: Removing interface: batadv_slave_0
[  631.885611][ T1142] batman_adv: batadv0: Removing interface: batadv_slave_1
[  631.935915][   T29] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  631.977977][ T1142] team0 (unregistering): Port device team_slave_1 removed
[  631.984895][ T1142] team0 (unregistering): Port device team_slave_0 removed
[  632.060181][T27772] Cannot find add_set index 0 as target
[  632.097801][   T29] usb 5-1: unable to get BOS descriptor or descriptor too short
[  632.102088][   T29] usb 5-1: not running at top speed; connect to a high speed hub
[  632.116844][   T29] usb 5-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  632.123362][T27701] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  632.124702][   T29] usb 5-1: config 1 interface 0 has no altsetting 0
[  632.130749][T27701] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  632.135744][T27701] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  632.138169][   T29] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  632.141891][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.145492][T27701] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  632.155245][   T29] usb 5-1: Product: syz
[  632.157040][   T29] usb 5-1: Manufacturer: syz
[  632.158987][   T29] usb 5-1: SerialNumber: syz
[  632.215372][   T63] Bluetooth: hci5: command tx timeout
[  632.270346][T27701] 8021q: adding VLAN 0 to HW filter on device bond0
[  632.281566][T27701] 8021q: adding VLAN 0 to HW filter on device team0
[  632.290493][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  632.293624][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  632.311351][T21652] bridge0: port 2(bridge_slave_1) entered blocking state
[  632.314337][T21652] bridge0: port 2(bridge_slave_1) entered forwarding state
[  632.398347][T27808] netlink: 124 bytes leftover after parsing attributes in process `syz.3.6968'.
[  632.401363][   T40] audit: type=1400 audit(1771113884.878:651): avc:  denied  { bind } for  pid=27807 comm="syz.3.6968" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  632.411181][   T40] audit: type=1400 audit(1771113884.888:652): avc:  denied  { write } for  pid=27807 comm="syz.3.6968" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  632.415455][   T29] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  632.418348][   T40] audit: type=1400 audit(1771113884.888:653): avc:  denied  { setopt } for  pid=27807 comm="syz.3.6968" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  632.439114][   T29] usb 5-1: USB disconnect, device number 28
[  632.479386][ T1142] IPVS: stop unused estimator thread 0...
[  632.486349][T27701] 8021q: adding VLAN 0 to HW filter on device batadv0
[  632.515412][T27701] veth0_vlan: entered promiscuous mode
[  632.521465][T27701] veth1_vlan: entered promiscuous mode
[  632.541730][T27701] veth0_macvtap: entered promiscuous mode
[  632.549873][T27701] veth1_macvtap: entered promiscuous mode
[  632.561194][T27701] batman_adv: batadv0: Interface activated: batadv_slave_0
[  632.569214][T27701] batman_adv: batadv0: Interface activated: batadv_slave_1
[  632.576957][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  632.580804][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  632.587913][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  632.592348][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  632.637480][  T439] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  632.640780][  T439] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  632.663201][   T95] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  632.666988][   T95] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  632.714043][T27826] mkiss: ax0: crc mode is auto.
[  632.893118][T27832] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode
[  632.896620][T27832] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode
[  633.006335][T27840] FAULT_INJECTION: forcing a failure.
[  633.006335][T27840] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  633.011405][T27840] CPU: 3 UID: 0 PID: 27840 Comm: syz.3.6976 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  633.011424][T27840] Tainted: [L]=SOFTLOCKUP
[  633.011428][T27840] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  633.011434][T27840] Call Trace:
[  633.011439][T27840]  <TASK>
[  633.011444][T27840]  dump_stack_lvl+0x100/0x190
[  633.011467][T27840]  should_fail_ex.cold+0x5/0xa
[  633.011482][T27840]  _copy_from_user+0x2e/0xd0
[  633.011495][T27840]  kstrtouint_from_user+0xd6/0x1d0
[  633.011511][T27840]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  633.011526][T27840]  ? __lock_acquire+0x4a5/0x2630
[  633.011546][T27840]  ? lock_acquire+0x1cf/0x380
[  633.011567][T27840]  proc_fail_nth_write+0x83/0x220
[  633.011580][T27840]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  633.011596][T27840]  vfs_write+0x2aa/0x1070
[  633.011612][T27840]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  633.011625][T27840]  ? __pfx_vfs_write+0x10/0x10
[  633.011640][T27840]  ? __fget_files+0x215/0x3d0
[  633.011660][T27840]  ? __fget_files+0x21f/0x3d0
[  633.011681][T27840]  ksys_write+0x12a/0x250
[  633.011697][T27840]  ? __pfx_ksys_write+0x10/0x10
[  633.011716][T27840]  do_syscall_64+0x106/0xf80
[  633.011730][T27840]  ? clear_bhb_loop+0x40/0x90
[  633.011744][T27840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.011756][T27840] RIP: 0033:0x7f976255c84e
[  633.011766][T27840] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  633.011778][T27840] RSP: 002b:00007f97633f3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  633.011789][T27840] RAX: ffffffffffffffda RBX: 00007f97633f46c0 RCX: 00007f976255c84e
[  633.011797][T27840] RDX: 0000000000000001 RSI: 00007f97633f40a0 RDI: 0000000000000006
[  633.011804][T27840] RBP: 00007f97633f4090 R08: 0000000000000000 R09: 0000000000000000
[  633.011810][T27840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  633.011816][T27840] R13: 00007f9762816128 R14: 00007f9762816090 R15: 00007fff31f9c5f8
[  633.011831][T27840]  </TASK>
[  633.278430][T27855] syzkaller0: entered promiscuous mode
[  633.280299][T27855] syzkaller0: entered allmulticast mode
[  633.291161][T27855] netlink: 'syz.0.6983': attribute type 3 has an invalid length.
[  633.293878][T27855] netlink: 'syz.0.6983': attribute type 1 has an invalid length.
[  633.301555][T27855] netlink: 216 bytes leftover after parsing attributes in process `syz.0.6983'.
[  633.359867][T27857] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=27857 comm=syz.0.6983
[  633.365673][T27857] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6983'.
[  634.177501][T27869] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  634.182289][T27868] tipc: Disabling bearer <eth:syzkaller0>
[  634.295370][   T63] Bluetooth: hci5: command 0x041b tx timeout
[  634.419718][T27881] FAULT_INJECTION: forcing a failure.
[  634.419718][T27881] name failslab, interval 1, probability 0, space 0, times 0
[  634.423679][T27881] CPU: 2 UID: 0 PID: 27881 Comm: syz.0.6992 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  634.423699][T27881] Tainted: [L]=SOFTLOCKUP
[  634.423703][T27881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  634.423710][T27881] Call Trace:
[  634.423715][T27881]  <TASK>
[  634.423721][T27881]  dump_stack_lvl+0x100/0x190
[  634.423743][T27881]  should_fail_ex.cold+0x5/0xa
[  634.423758][T27881]  should_failslab+0xc2/0x120
[  634.423776][T27881]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  634.423790][T27881]  ? skb_clone+0x190/0x400
[  634.423806][T27881]  skb_clone+0x190/0x400
[  634.423820][T27881]  netlink_deliver_tap+0xaed/0xcc0
[  634.423837][T27881]  netlink_unicast+0x70c/0x870
[  634.423855][T27881]  ? __pfx_netlink_unicast+0x10/0x10
[  634.423869][T27881]  ? __alloc_skb+0x5b7/0x710
[  634.423886][T27881]  netlink_ack+0x655/0xb80
[  634.423905][T27881]  netlink_rcv_skb+0x333/0x420
[  634.423920][T27881]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  634.423932][T27881]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  634.423958][T27881]  ? ns_capable+0xd2/0xf0
[  634.423973][T27881]  nfnetlink_rcv+0x1b3/0x440
[  634.423991][T27881]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  634.424009][T27881]  ? netlink_deliver_tap+0x1ae/0xcc0
[  634.424026][T27881]  netlink_unicast+0x5aa/0x870
[  634.424043][T27881]  ? __pfx_netlink_unicast+0x10/0x10
[  634.424063][T27881]  netlink_sendmsg+0x8b0/0xda0
[  634.424080][T27881]  ? __pfx_netlink_sendmsg+0x10/0x10
[  634.424094][T27881]  ? __might_fault+0x20/0x140
[  634.424112][T27881]  ____sys_sendmsg+0xa54/0xc30
[  634.424131][T27881]  ? __pfx_____sys_sendmsg+0x10/0x10
[  634.424153][T27881]  ___sys_sendmsg+0x190/0x1e0
[  634.424172][T27881]  ? __pfx____sys_sendmsg+0x10/0x10
[  634.424206][T27881]  __sys_sendmsg+0x170/0x220
[  634.424220][T27881]  ? __pfx___sys_sendmsg+0x10/0x10
[  634.424242][T27881]  do_syscall_64+0x106/0xf80
[  634.424257][T27881]  ? clear_bhb_loop+0x40/0x90
[  634.424271][T27881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.424284][T27881] RIP: 0033:0x7f97ec39bf79
[  634.424294][T27881] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  634.424305][T27881] RSP: 002b:00007f97ed22d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  634.424317][T27881] RAX: ffffffffffffffda RBX: 00007f97ec615fa0 RCX: 00007f97ec39bf79
[  634.424325][T27881] RDX: 0000000000044000 RSI: 0000200000000240 RDI: 0000000000000004
[  634.424332][T27881] RBP: 00007f97ed22d090 R08: 0000000000000000 R09: 0000000000000000
[  634.424338][T27881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  634.424345][T27881] R13: 00007f97ec616038 R14: 00007f97ec615fa0 R15: 00007fff820dd8c8
[  634.424359][T27881]  </TASK>
[  634.525252][   T40] audit: type=1400 audit(1771113886.998:654): avc:  denied  { setopt } for  pid=27885 comm="syz.0.6993" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  634.536331][T27886] syzkaller1: entered promiscuous mode
[  634.538193][T27886] syzkaller1: entered allmulticast mode
[  634.541432][T27888] netlink: 256 bytes leftover after parsing attributes in process `syz.0.6993'.
[  634.549568][T27888] unsupported nlmsg_type 40
[  634.668366][T27890] FAULT_INJECTION: forcing a failure.
[  634.668366][T27890] name failslab, interval 1, probability 0, space 0, times 0
[  634.673339][T27890] CPU: 2 UID: 0 PID: 27890 Comm: syz.0.6994 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  634.673366][T27890] Tainted: [L]=SOFTLOCKUP
[  634.673372][T27890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  634.673381][T27890] Call Trace:
[  634.673389][T27890]  <TASK>
[  634.673396][T27890]  dump_stack_lvl+0x100/0x190
[  634.673427][T27890]  should_fail_ex.cold+0x5/0xa
[  634.673445][T27890]  ? rcu_is_watching+0x12/0xc0
[  634.673465][T27890]  ? ip6_tun_build_state+0x17a/0x720
[  634.673490][T27890]  should_failslab+0xc2/0x120
[  634.673515][T27890]  __kmalloc_noprof+0xe0/0x850
[  634.673535][T27890]  ? __nla_parse+0x40/0x60
[  634.673560][T27890]  ip6_tun_build_state+0x17a/0x720
[  634.673589][T27890]  ? __pfx_ip6_tun_build_state+0x10/0x10
[  634.673613][T27890]  ? __lock_acquire+0x4a5/0x2630
[  634.673639][T27890]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  634.673660][T27890]  ? pcpu_chunk_relocate+0x134/0x1a0
[  634.673681][T27890]  ? find_held_lock+0x2b/0x80
[  634.673707][T27890]  ? find_held_lock+0x2b/0x80
[  634.673726][T27890]  ? lwtunnel_build_state+0x19a/0x680
[  634.673749][T27890]  ? lwtunnel_build_state+0x19a/0x680
[  634.673775][T27890]  ? lwtunnel_build_state+0x1dc/0x680
[  634.673796][T27890]  lwtunnel_build_state+0x1dc/0x680
[  634.673822][T27890]  fib_nh_common_init+0x124/0x280
[  634.673849][T27890]  ? __pfx_fib_nh_common_init+0x10/0x10
[  634.673880][T27890]  fib_nh_init+0xbd/0x460
[  634.673908][T27890]  rtm_new_nexthop+0x4339/0x8840
[  634.673928][T27890]  ? kfree_skbmem+0x19a/0x210
[  634.673951][T27890]  ? stack_trace_save+0x8e/0xc0
[  634.673972][T27890]  ? __pfx_stack_trace_save+0x10/0x10
[  634.673997][T27890]  ? __pfx_rtm_new_nexthop+0x10/0x10
[  634.674016][T27890]  ? kfree_skbmem+0x19a/0x210
[  634.674037][T27890]  ? kasan_save_stack+0x3f/0x50
[  634.674057][T27890]  ? kasan_save_stack+0x30/0x50
[  634.674075][T27890]  ? kasan_save_track+0x14/0x30
[  634.674094][T27890]  ? kasan_save_free_info+0x3b/0x70
[  634.674110][T27890]  ? __kasan_slab_free+0x5f/0x80
[  634.674130][T27890]  ? kmem_cache_free+0x124/0x6a0
[  634.674146][T27890]  ? kfree_skbmem+0x19a/0x210
[  634.674166][T27890]  ? consume_skb+0xd1/0x110
[  634.674184][T27890]  ? nlmon_xmit+0xa5/0xe0
[  634.674203][T27890]  ? dev_hard_start_xmit+0x121/0x7d0
[  634.674231][T27890]  ? __dev_queue_xmit+0x6dd/0x4750
[  634.674254][T27890]  ? netlink_deliver_tap+0xa4d/0xcc0
[  634.674272][T27890]  ? netlink_unicast+0x650/0x870
[  634.674291][T27890]  ? netlink_sendmsg+0x8b0/0xda0
[  634.674310][T27890]  ? ____sys_sendmsg+0xa54/0xc30
[  634.674330][T27890]  ? ___sys_sendmsg+0x190/0x1e0
[  634.674351][T27890]  ? __sys_sendmsg+0x170/0x220
[  634.674367][T27890]  ? do_syscall_64+0x106/0xf80
[  634.674385][T27890]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.674424][T27890]  ? find_held_lock+0x2b/0x80
[  634.674443][T27890]  ? avc_has_perm_noaudit+0x11e/0x3b0
[  634.674475][T27890]  ? __lock_acquire+0x4a5/0x2630
[  634.674511][T27890]  ? find_held_lock+0x2b/0x80
[  634.674529][T27890]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  634.674547][T27890]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  634.674569][T27890]  ? __pfx_rtm_new_nexthop+0x10/0x10
[  634.674588][T27890]  ? rtnetlink_rcv_msg+0x95e/0xe90
[  634.674606][T27890]  rtnetlink_rcv_msg+0x95e/0xe90
[  634.674626][T27890]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  634.674653][T27890]  ? ref_tracker_free+0x37e/0x6c0
[  634.674675][T27890]  netlink_rcv_skb+0x159/0x420
[  634.674696][T27890]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  634.674717][T27890]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  634.674747][T27890]  ? netlink_deliver_tap+0x1ae/0xcc0
[  634.674772][T27890]  netlink_unicast+0x5aa/0x870
[  634.674796][T27890]  ? __pfx_netlink_unicast+0x10/0x10
[  634.674826][T27890]  netlink_sendmsg+0x8b0/0xda0
[  634.674851][T27890]  ? __pfx_netlink_sendmsg+0x10/0x10
[  634.674870][T27890]  ? __might_fault+0x20/0x140
[  634.674898][T27890]  ____sys_sendmsg+0xa54/0xc30
[  634.674944][T27890]  ? __pfx_____sys_sendmsg+0x10/0x10
[  634.674979][T27890]  ___sys_sendmsg+0x190/0x1e0
[  634.675004][T27890]  ? __pfx____sys_sendmsg+0x10/0x10
[  634.675056][T27890]  __sys_sendmsg+0x170/0x220
[  634.675076][T27890]  ? __pfx___sys_sendmsg+0x10/0x10
[  634.675124][T27890]  do_syscall_64+0x106/0xf80
[  634.675145][T27890]  ? clear_bhb_loop+0x40/0x90
[  634.675165][T27890]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.675182][T27890] RIP: 0033:0x7f97ec39bf79
[  634.675211][T27890] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  634.675228][T27890] RSP: 002b:00007f97ed22d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  634.675246][T27890] RAX: ffffffffffffffda RBX: 00007f97ec615fa0 RCX: 00007f97ec39bf79
[  634.675257][T27890] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  634.675267][T27890] RBP: 00007f97ed22d090 R08: 0000000000000000 R09: 0000000000000000
[  634.675277][T27890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  634.675287][T27890] R13: 00007f97ec616038 R14: 00007f97ec615fa0 R15: 00007fff820dd8c8
[  634.675311][T27890]  </TASK>
[  635.191624][   T40] audit: type=1400 audit(1771113887.668:655): avc:  denied  { getopt } for  pid=27909 comm="syz.3.7001" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  635.274198][T27924] FAULT_INJECTION: forcing a failure.
[  635.274198][T27924] name failslab, interval 1, probability 0, space 0, times 0
[  635.279435][T27924] CPU: 0 UID: 0 PID: 27924 Comm: syz.3.7004 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  635.279463][T27924] Tainted: [L]=SOFTLOCKUP
[  635.279468][T27924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  635.279478][T27924] Call Trace:
[  635.279484][T27924]  <TASK>
[  635.279490][T27924]  dump_stack_lvl+0x100/0x190
[  635.279521][T27924]  should_fail_ex.cold+0x5/0xa
[  635.279541][T27924]  should_failslab+0xc2/0x120
[  635.279565][T27924]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  635.279586][T27924]  ? __alloc_skb+0x140/0x710
[  635.279606][T27924]  __alloc_skb+0x140/0x710
[  635.279621][T27924]  ? __alloc_skb+0x5b7/0x710
[  635.279637][T27924]  ? __pfx___alloc_skb+0x10/0x10
[  635.279653][T27924]  ? __asan_memset+0x23/0x50
[  635.279672][T27924]  ? __alloc_skb+0x4e9/0x710
[  635.279688][T27924]  ? __alloc_skb+0x5b7/0x710
[  635.279709][T27924]  create_monitor_ctrl_event+0x3b/0x450
[  635.279729][T27924]  mgmt_cmd_status+0x29e/0x530
[  635.279747][T27924]  mesh_send_cancel+0x1cd/0x310
[  635.279764][T27924]  ? __pfx_mgmt_init_hdev+0x10/0x10
[  635.279782][T27924]  hci_sock_sendmsg+0x154e/0x2620
[  635.279805][T27924]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  635.279829][T27924]  sock_write_iter+0x566/0x610
[  635.279853][T27924]  ? __pfx_sock_write_iter+0x10/0x10
[  635.279883][T27924]  ? bpf_lsm_file_permission+0x9/0x10
[  635.279904][T27924]  ? security_file_permission+0x76/0x210
[  635.279930][T27924]  ? rw_verify_area+0xce/0x6d0
[  635.279953][T27924]  vfs_write+0x6ac/0x1070
[  635.279977][T27924]  ? __pfx_sock_write_iter+0x10/0x10
[  635.280007][T27924]  ? __pfx_vfs_write+0x10/0x10
[  635.280025][T27924]  ? find_held_lock+0x2b/0x80
[  635.280058][T27924]  ksys_write+0x1f8/0x250
[  635.280078][T27924]  ? __pfx_ksys_write+0x10/0x10
[  635.280105][T27924]  do_syscall_64+0x106/0xf80
[  635.280123][T27924]  ? clear_bhb_loop+0x40/0x90
[  635.280143][T27924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  635.280159][T27924] RIP: 0033:0x7f976259bf79
[  635.280172][T27924] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  635.280187][T27924] RSP: 002b:00007f9763415028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  635.280204][T27924] RAX: ffffffffffffffda RBX: 00007f9762815fa0 RCX: 00007f976259bf79
[  635.280214][T27924] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000004
[  635.280224][T27924] RBP: 00007f9763415090 R08: 0000000000000000 R09: 0000000000000000
[  635.280234][T27924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  635.280244][T27924] R13: 00007f9762816038 R14: 00007f9762815fa0 R15: 00007fff31f9c5f8
[  635.280268][T27924]  </TASK>
[  636.375973][ T6059] block nbd1: Possible stuck request ffff888028c18000: control (read@0,1024B). Runtime 120 seconds
[  636.380963][ T6059] block nbd1: Possible stuck request ffff888028c18200: control (read@1024,1024B). Runtime 120 seconds
[  636.385392][ T6059] block nbd1: Possible stuck request ffff888028c18400: control (read@2048,1024B). Runtime 120 seconds
[  636.385399][ T5932] Bluetooth: hci5: command 0x041b tx timeout
[  636.389606][ T6059] block nbd1: Possible stuck request ffff888028c18600: control (read@3072,1024B). Runtime 120 seconds
[  638.001070][T27902] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  638.063138][T27947] FAULT_INJECTION: forcing a failure.
[  638.063138][T27947] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  638.068026][T27947] CPU: 1 UID: 0 PID: 27947 Comm: syz.0.7011 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  638.068045][T27947] Tainted: [L]=SOFTLOCKUP
[  638.068050][T27947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  638.068056][T27947] Call Trace:
[  638.068060][T27947]  <TASK>
[  638.068065][T27947]  dump_stack_lvl+0x100/0x190
[  638.068087][T27947]  should_fail_ex.cold+0x5/0xa
[  638.068102][T27947]  _copy_to_user+0x32/0xd0
[  638.068115][T27947]  simple_read_from_buffer+0xcb/0x170
[  638.068134][T27947]  proc_fail_nth_read+0x1af/0x230
[  638.068154][T27947]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  638.068175][T27947]  ? rw_verify_area+0xce/0x6d0
[  638.068189][T27947]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  638.068209][T27947]  vfs_read+0x1e4/0xb30
[  638.068226][T27947]  ? __pfx_vfs_read+0x10/0x10
[  638.068257][T27947]  ? __fget_files+0x215/0x3d0
[  638.068278][T27947]  ? __fget_files+0x21f/0x3d0
[  638.068299][T27947]  ksys_read+0x12a/0x250
[  638.068314][T27947]  ? __pfx_ksys_read+0x10/0x10
[  638.068333][T27947]  do_syscall_64+0x106/0xf80
[  638.068347][T27947]  ? clear_bhb_loop+0x40/0x90
[  638.068361][T27947]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.068373][T27947] RIP: 0033:0x7f97ec35c84e
[  638.068382][T27947] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  638.068393][T27947] RSP: 002b:00007f97ed22cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  638.068404][T27947] RAX: ffffffffffffffda RBX: 00007f97ed22d6c0 RCX: 00007f97ec35c84e
[  638.068411][T27947] RDX: 000000000000000f RSI: 00007f97ed22d0a0 RDI: 0000000000000005
[  638.068418][T27947] RBP: 00007f97ed22d090 R08: 0000000000000000 R09: 0000000000000000
[  638.068424][T27947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  638.068431][T27947] R13: 00007f97ec616038 R14: 00007f97ec615fa0 R15: 00007fff820dd8c8
[  638.068445][T27947]  </TASK>
[  638.254603][T27972] FAULT_INJECTION: forcing a failure.
[  638.254603][T27972] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  638.260758][T27972] CPU: 2 UID: 0 PID: 27972 Comm: syz.0.7017 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  638.260785][T27972] Tainted: [L]=SOFTLOCKUP
[  638.260792][T27972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  638.260802][T27972] Call Trace:
[  638.260807][T27972]  <TASK>
[  638.260814][T27972]  dump_stack_lvl+0x100/0x190
[  638.260847][T27972]  should_fail_ex.cold+0x5/0xa
[  638.260869][T27972]  _copy_from_user+0x2e/0xd0
[  638.260888][T27972]  copy_msghdr_from_user+0x9f/0x4f0
[  638.260916][T27972]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  638.260946][T27972]  ? __pfx__kstrtoull+0x10/0x10
[  638.260973][T27972]  ___sys_sendmsg+0x106/0x1e0
[  638.260999][T27972]  ? __pfx____sys_sendmsg+0x10/0x10
[  638.261036][T27972]  ? find_held_lock+0x2b/0x80
[  638.261072][T27972]  __sys_sendmmsg+0x205/0x430
[  638.261095][T27972]  ? __pfx___sys_sendmmsg+0x10/0x10
[  638.261127][T27972]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  638.261160][T27972]  ? fput+0x79/0x100
[  638.261176][T27972]  ? ksys_write+0x1ac/0x250
[  638.261198][T27972]  ? __pfx_ksys_write+0x10/0x10
[  638.261225][T27972]  __x64_sys_sendmmsg+0x9c/0x100
[  638.261244][T27972]  ? lockdep_hardirqs_on+0x78/0x100
[  638.261265][T27972]  do_syscall_64+0x106/0xf80
[  638.261285][T27972]  ? clear_bhb_loop+0x40/0x90
[  638.261305][T27972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.261323][T27972] RIP: 0033:0x7f97ec39bf79
[  638.261337][T27972] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  638.261353][T27972] RSP: 002b:00007f97ed22d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  638.261370][T27972] RAX: ffffffffffffffda RBX: 00007f97ec615fa0 RCX: 00007f97ec39bf79
[  638.261381][T27972] RDX: 040000000000016c RSI: 00002000000017c0 RDI: 0000000000000006
[  638.261391][T27972] RBP: 00007f97ed22d090 R08: 0000000000000000 R09: 0000000000000000
[  638.261402][T27972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  638.261412][T27972] R13: 00007f97ec616038 R14: 00007f97ec615fa0 R15: 00007fff820dd8c8
[  638.261435][T27972]  </TASK>
[  638.425648][ T1458] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  638.465351][ T5932] Bluetooth: hci5: command 0x041b tx timeout
[  638.565252][ T1458] usb 8-1: device descriptor read/64, error -71
[  638.681769][T28003] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  638.688917][T28000] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7027'.
[  638.706832][T28008] xt_hashlimit: size too large, truncated to 1048576
[  638.711984][T28005] FAULT_INJECTION: forcing a failure.
[  638.711984][T28005] name failslab, interval 1, probability 0, space 0, times 0
[  638.716865][T28005] CPU: 1 UID: 0 PID: 28005 Comm: syz.0.7029 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  638.716895][T28005] Tainted: [L]=SOFTLOCKUP
[  638.716916][T28005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  638.716927][T28005] Call Trace:
[  638.716935][T28005]  <TASK>
[  638.716942][T28005]  dump_stack_lvl+0x100/0x190
[  638.716973][T28005]  should_fail_ex.cold+0x5/0xa
[  638.716991][T28005]  should_failslab+0xc2/0x120
[  638.717017][T28005]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  638.717041][T28005]  ? skb_clone+0x190/0x400
[  638.717066][T28005]  skb_clone+0x190/0x400
[  638.717084][T28005]  netlink_deliver_tap+0xaed/0xcc0
[  638.717110][T28005]  netlink_unicast+0x70c/0x870
[  638.717134][T28005]  ? __pfx_netlink_unicast+0x10/0x10
[  638.717154][T28005]  ? __alloc_skb+0x5b7/0x710
[  638.717172][T28005]  ? genl_rcv_msg+0x4be/0x800
[  638.717205][T28005]  netlink_ack+0x655/0xb80
[  638.717233][T28005]  netlink_rcv_skb+0x333/0x420
[  638.717256][T28005]  ? __pfx_genl_rcv_msg+0x10/0x10
[  638.717281][T28005]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  638.717311][T28005]  ? netlink_deliver_tap+0x1ae/0xcc0
[  638.717336][T28005]  genl_rcv+0x28/0x40
[  638.717358][T28005]  netlink_unicast+0x5aa/0x870
[  638.717384][T28005]  ? __pfx_netlink_unicast+0x10/0x10
[  638.717416][T28005]  netlink_sendmsg+0x8b0/0xda0
[  638.717442][T28005]  ? __pfx_netlink_sendmsg+0x10/0x10
[  638.717462][T28005]  ? __might_fault+0x20/0x140
[  638.717492][T28005]  ____sys_sendmsg+0xa54/0xc30
[  638.717519][T28005]  ? __pfx_____sys_sendmsg+0x10/0x10
[  638.717556][T28005]  ___sys_sendmsg+0x190/0x1e0
[  638.717583][T28005]  ? __pfx____sys_sendmsg+0x10/0x10
[  638.717639][T28005]  __sys_sendmsg+0x170/0x220
[  638.717659][T28005]  ? __pfx___sys_sendmsg+0x10/0x10
[  638.717693][T28005]  do_syscall_64+0x106/0xf80
[  638.717714][T28005]  ? clear_bhb_loop+0x40/0x90
[  638.717736][T28005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.717754][T28005] RIP: 0033:0x7f97ec39bf79
[  638.717771][T28005] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  638.717788][T28005] RSP: 002b:00007f97ed22d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  638.717807][T28005] RAX: ffffffffffffffda RBX: 00007f97ec615fa0 RCX: 00007f97ec39bf79
[  638.717818][T28005] RDX: 0000000000044044 RSI: 00002000000012c0 RDI: 0000000000000003
[  638.717829][T28005] RBP: 00007f97ed22d090 R08: 0000000000000000 R09: 0000000000000000
[  638.717839][T28005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  638.717849][T28005] R13: 00007f97ec616038 R14: 00007f97ec615fa0 R15: 00007fff820dd8c8
[  638.717882][T28005]  </TASK>
[  638.825261][ T1458] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  638.835931][T28012] bond0: entered promiscuous mode
[  638.837645][T28012] bond_slave_0: entered promiscuous mode
[  638.839639][T28012] bond_slave_1: entered promiscuous mode
[  638.843246][T28012] batadv_slave_0: entered promiscuous mode
[  638.846745][T28012] batadv_slave_0: left promiscuous mode
[  638.849462][T28012] bond0: left promiscuous mode
[  638.851462][T28012] bond_slave_0: left promiscuous mode
[  638.853790][T28012] bond_slave_1: left promiscuous mode
[  638.864941][T28014] 9p: Bad value for 'rfdno'
[  638.883828][T28016] syzkaller0: entered promiscuous mode
[  638.885739][T28016] syzkaller0: entered allmulticast mode
[  638.969112][ T1458] usb 8-1: device descriptor read/64, error -71
[  639.085509][ T1458] usb usb8-port1: attempt power cycle
[  639.458946][ T1458] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  639.475873][ T1458] usb 8-1: device descriptor read/8, error -71
[  639.715692][ T1458] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  639.736173][ T1458] usb 8-1: device descriptor read/8, error -71
[  639.846009][ T1458] usb usb8-port1: unable to enumerate USB device
[  640.292060][T28039] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7041'.
[  640.304628][T28041] xt_hashlimit: size too large, truncated to 1048576
[  640.414622][T28051] macsec1: entered promiscuous mode
[  640.456897][T28053] syzkaller0: entered promiscuous mode
[  640.459135][T28053] syzkaller0: entered allmulticast mode
[  640.464967][   T40] audit: type=1400 audit(1771113892.938:656): avc:  denied  { create } for  pid=28052 comm="syz.0.7047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  640.546229][ T5932] Bluetooth: hci5: command 0x041b tx timeout
[  640.552817][T28061] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7049'.
[  640.602482][T28065] futex_wake_op: syz.0.7050 tries to shift op by -1; fix this program
[  641.362242][T28105] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7067'.
[  641.366655][   T40] audit: type=1400 audit(1771113893.838:657): avc:  denied  { nlmsg_read } for  pid=28104 comm="syz.0.7067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  641.410580][T28105] ./bus: Can't lookup blockdev
[  641.545573][T28111] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7069'.
[  641.551036][T28111] mac80211_hwsim hwsim30 syzkaller0: left promiscuous mode
[  641.554145][T28111] mac80211_hwsim hwsim30 syzkaller0: left allmulticast mode
[  641.584814][T28114] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7071'.
[  641.594424][T28114] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  641.602576][T28114] ubi31: attaching mtd0
[  641.606293][T28114] ubi31: scanning is finished
[  641.608148][T28114] ubi31: empty MTD device detected
[  641.812264][T28114] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  641.815834][T28114] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  641.819002][T28114] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  641.820202][T28119] syzkaller0: entered promiscuous mode
[  641.821910][T28114] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  641.823653][T28119] syzkaller0: entered allmulticast mode
[  641.829966][T28114] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  641.833467][T28114] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  641.836193][T28114] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3778481785
[  641.839500][T28114] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  641.844276][T28120] ubi31: background thread "ubi_bgt31d" started, PID 28120
[  641.886496][   T40] audit: type=1400 audit(1771113894.368:658): avc:  denied  { create } for  pid=28121 comm="syz.3.7073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  641.893059][   T40] audit: type=1400 audit(1771113894.368:659): avc:  denied  { bind } for  pid=28121 comm="syz.3.7073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  641.901369][   T40] audit: type=1400 audit(1771113894.378:660): avc:  denied  { setopt } for  pid=28121 comm="syz.3.7073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  641.908965][   T40] audit: type=1400 audit(1771113894.378:661): avc:  denied  { accept } for  pid=28121 comm="syz.3.7073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  641.916399][   T40] audit: type=1400 audit(1771113894.378:662): avc:  denied  { write } for  pid=28121 comm="syz.3.7073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  641.922524][   T40] audit: type=1400 audit(1771113894.378:663): avc:  denied  { read } for  pid=28121 comm="syz.3.7073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  642.025008][T28129] syzkaller0: entered promiscuous mode
[  642.027623][T28129] syzkaller0: entered allmulticast mode
[  642.102757][   T40] audit: type=1400 audit(1771113894.578:664): avc:  denied  { execute } for  pid=28137 comm="syz.2.7080" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  642.119812][T28138] netlink: 48 bytes leftover after parsing attributes in process `syz.2.7080'.
[  642.133330][T28140] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode
[  642.136806][T28140] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode
[  642.194132][T28144] FAULT_INJECTION: forcing a failure.
[  642.194132][T28144] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  642.202005][T28144] CPU: 3 UID: 0 PID: 28144 Comm: syz.2.7083 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  642.202035][T28144] Tainted: [L]=SOFTLOCKUP
[  642.202041][T28144] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  642.202053][T28144] Call Trace:
[  642.202059][T28144]  <TASK>
[  642.202068][T28144]  dump_stack_lvl+0x100/0x190
[  642.202108][T28144]  should_fail_ex.cold+0x5/0xa
[  642.202133][T28144]  _copy_from_user+0x2e/0xd0
[  642.202153][T28144]  copy_msghdr_from_user+0x9f/0x4f0
[  642.202181][T28144]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  642.202216][T28144]  ___sys_sendmsg+0x106/0x1e0
[  642.202242][T28144]  ? __pfx____sys_sendmsg+0x10/0x10
[  642.202296][T28144]  __sys_sendmsg+0x170/0x220
[  642.202319][T28144]  ? __pfx___sys_sendmsg+0x10/0x10
[  642.202355][T28144]  do_syscall_64+0x106/0xf80
[  642.202377][T28144]  ? clear_bhb_loop+0x40/0x90
[  642.202401][T28144]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.202418][T28144] RIP: 0033:0x7f5706d9bf79
[  642.202435][T28144] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  642.202453][T28144] RSP: 002b:00007f5707d36028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  642.202470][T28144] RAX: ffffffffffffffda RBX: 00007f5707015fa0 RCX: 00007f5706d9bf79
[  642.202482][T28144] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 000000000000000a
[  642.202493][T28144] RBP: 00007f5707d36090 R08: 0000000000000000 R09: 0000000000000000
[  642.202503][T28144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  642.202513][T28144] R13: 00007f5707016038 R14: 00007f5707015fa0 R15: 00007ffdac093268
[  642.202539][T28144]  </TASK>
[  642.206516][T28149] netlink: 'syz.4.7085': attribute type 13 has an invalid length.
[  642.311127][T28149] syz_tun: refused to change device tx_queue_len
[  642.322966][   T40] audit: type=1400 audit(1771113894.798:665): avc:  denied  { getopt } for  pid=28148 comm="syz.4.7085" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  642.353650][T28166] futex_wake_op: syz.0.7088 tries to shift op by -1; fix this program
[  642.421307][T28168] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  642.424223][T28168] IPv6: NLM_F_CREATE should be set when creating new route
[  642.427399][T28168] IPv6: NLM_F_CREATE should be set when creating new route
[  642.430436][T28168] IPv6: NLM_F_CREATE should be set when creating new route
[  642.433363][T28168] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  642.436426][T28168] ptrace attach of "/syz-executor exec"[28169] was attempted by "/syz-executor exec"[28168]
[  642.510788][T28174] syzkaller0: entered promiscuous mode
[  642.512698][T28174] syzkaller0: entered allmulticast mode
[  642.555291][T28179] ieee802154 phy0 wpan0: encryption failed: -126
[  642.616702][ T5932] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  644.140380][T28215] loop7: detected capacity change from 0 to 7
[  644.162582][T28217] netlink: 'syz.4.7105': attribute type 1 has an invalid length.
[  644.171946][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  644.175030][    C2] buffer_io_error: 42 callbacks suppressed
[  644.175040][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  644.188728][T28217] bond3: entered promiscuous mode
[  644.190418][T28217] bond3: entered allmulticast mode
[  644.192638][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  644.196518][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  644.199230][T28217] 8021q: adding VLAN 0 to HW filter on device bond3
[  644.204216][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  644.207580][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  644.210332][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  644.213657][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  644.216652][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  644.218692][T28217] erspan1: entered allmulticast mode
[  644.219603][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  644.222972][T28217] bond3: (slave erspan1): making interface the new active one
[  644.225789][T28219] program syz.2.7104 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  644.226271][T28217] erspan1: entered promiscuous mode
[  644.231064][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  644.231496][T28217] bond3: (slave erspan1): Enslaving as an active interface with an up link
[  644.234352][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  644.240056][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  644.243949][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  644.250199][T28215] ldm_validate_partition_table(): Disk read failed.
[  644.253701][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  644.257005][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  644.266140][T28221] FAULT_INJECTION: forcing a failure.
[  644.266140][T28221] name failslab, interval 1, probability 0, space 0, times 0
[  644.270103][T28221] CPU: 3 UID: 0 PID: 28221 Comm: syz.0.7106 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  644.270125][T28221] Tainted: [L]=SOFTLOCKUP
[  644.270130][T28221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  644.270139][T28221] Call Trace:
[  644.270146][T28221]  <TASK>
[  644.270151][T28221]  dump_stack_lvl+0x100/0x190
[  644.270180][T28221]  should_fail_ex.cold+0x5/0xa
[  644.270201][T28221]  should_failslab+0xc2/0x120
[  644.270219][T28221]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  644.270235][T28221]  ? __alloc_skb+0x140/0x710
[  644.270249][T28221]  __alloc_skb+0x140/0x710
[  644.270259][T28221]  ? __alloc_skb+0x5b7/0x710
[  644.270270][T28221]  ? __pfx___alloc_skb+0x10/0x10
[  644.270281][T28221]  ? rtnetlink_rcv_msg+0x95e/0xe90
[  644.270298][T28221]  netlink_ack+0x117/0xb80
[  644.270317][T28221]  netlink_rcv_skb+0x333/0x420
[  644.270332][T28221]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  644.270347][T28221]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  644.270366][T28221]  ? netlink_deliver_tap+0x1ae/0xcc0
[  644.270383][T28221]  netlink_unicast+0x5aa/0x870
[  644.270400][T28221]  ? __pfx_netlink_unicast+0x10/0x10
[  644.270420][T28221]  netlink_sendmsg+0x8b0/0xda0
[  644.270437][T28221]  ? __pfx_netlink_sendmsg+0x10/0x10
[  644.270451][T28221]  ? __might_fault+0x20/0x140
[  644.270468][T28221]  ____sys_sendmsg+0xa54/0xc30
[  644.270486][T28221]  ? __pfx_____sys_sendmsg+0x10/0x10
[  644.270509][T28221]  ___sys_sendmsg+0x190/0x1e0
[  644.270527][T28221]  ? __pfx____sys_sendmsg+0x10/0x10
[  644.270560][T28221]  __sys_sendmsg+0x170/0x220
[  644.270573][T28221]  ? __pfx___sys_sendmsg+0x10/0x10
[  644.270595][T28221]  do_syscall_64+0x106/0xf80
[  644.270609][T28221]  ? clear_bhb_loop+0x40/0x90
[  644.270623][T28221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  644.270646][T28221] RIP: 0033:0x7f97ec39bf79
[  644.270659][T28221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  644.270670][T28221] RSP: 002b:00007f97ed22d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  644.270694][T28221] RAX: ffffffffffffffda RBX: 00007f97ec615fa0 RCX: 00007f97ec39bf79
[  644.270701][T28221] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  644.270707][T28221] RBP: 00007f97ed22d090 R08: 0000000000000000 R09: 0000000000000000
[  644.270714][T28221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  644.270721][T28221] R13: 00007f97ec616038 R14: 00007f97ec615fa0 R15: 00007fff820dd8c8
[  644.270735][T28221]  </TASK>
[  644.275656][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  644.381184][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  644.396255][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  644.399410][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  644.405432][T28215] Dev loop7: unable to read RDB block 0
[  644.408284][T28215]  loop7: unable to read partition table
[  644.410186][T28215] loop7: partition table beyond EOD, truncated
[  644.419053][T28215] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  644.496300][T28231] FAULT_INJECTION: forcing a failure.
[  644.496300][T28231] name failslab, interval 1, probability 0, space 0, times 0
[  644.500644][T28231] CPU: 2 UID: 0 PID: 28231 Comm: syz.0.7110 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  644.500663][T28231] Tainted: [L]=SOFTLOCKUP
[  644.500667][T28231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  644.500674][T28231] Call Trace:
[  644.500679][T28231]  <TASK>
[  644.500684][T28231]  dump_stack_lvl+0x100/0x190
[  644.500706][T28231]  should_fail_ex.cold+0x5/0xa
[  644.500721][T28231]  should_failslab+0xc2/0x120
[  644.500738][T28231]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  644.500754][T28231]  ? __alloc_skb+0x140/0x710
[  644.500772][T28231]  __alloc_skb+0x140/0x710
[  644.500788][T28231]  ? __alloc_skb+0x5b7/0x710
[  644.500805][T28231]  ? __pfx___alloc_skb+0x10/0x10
[  644.500821][T28231]  ? __asan_memset+0x23/0x50
[  644.500840][T28231]  ? __alloc_skb+0x4e9/0x710
[  644.500855][T28231]  ? __alloc_skb+0x5b7/0x710
[  644.500876][T28231]  create_monitor_ctrl_event+0x3b/0x450
[  644.500899][T28231]  mgmt_cmd_complete+0x2d6/0x560
[  644.500921][T28231]  read_index_list+0x3b1/0x5f0
[  644.500947][T28231]  hci_sock_sendmsg+0x21df/0x2620
[  644.500970][T28231]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  644.500987][T28231]  sock_write_iter+0x566/0x610
[  644.501004][T28231]  ? __pfx_sock_write_iter+0x10/0x10
[  644.501025][T28231]  ? bpf_lsm_file_permission+0x9/0x10
[  644.501041][T28231]  ? security_file_permission+0x76/0x210
[  644.501060][T28231]  ? rw_verify_area+0xce/0x6d0
[  644.501076][T28231]  vfs_write+0x6ac/0x1070
[  644.501093][T28231]  ? __pfx_sock_write_iter+0x10/0x10
[  644.501111][T28231]  ? __pfx_vfs_write+0x10/0x10
[  644.501126][T28231]  ? find_held_lock+0x2b/0x80
[  644.501155][T28231]  ksys_write+0x1f8/0x250
[  644.501171][T28231]  ? __pfx_ksys_write+0x10/0x10
[  644.501191][T28231]  do_syscall_64+0x106/0xf80
[  644.501206][T28231]  ? clear_bhb_loop+0x40/0x90
[  644.501221][T28231]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  644.501234][T28231] RIP: 0033:0x7f97ec39bf79
[  644.501244][T28231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  644.501255][T28231] RSP: 002b:00007f97ed22d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  644.501267][T28231] RAX: ffffffffffffffda RBX: 00007f97ec615fa0 RCX: 00007f97ec39bf79
[  644.501275][T28231] RDX: 0000000000000006 RSI: 0000200000000040 RDI: 0000000000000004
[  644.501282][T28231] RBP: 00007f97ed22d090 R08: 0000000000000000 R09: 0000000000000000
[  644.501289][T28231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  644.501296][T28231] R13: 00007f97ec616038 R14: 00007f97ec615fa0 R15: 00007fff820dd8c8
[  644.501311][T28231]  </TASK>
[  644.632496][T28239] syzkaller0: entered promiscuous mode
[  644.634692][T28239] syzkaller0: entered allmulticast mode
[  644.638486][T28239] TC_ACT_REPEAT abuse ?
[  644.689555][T28246] FAULT_INJECTION: forcing a failure.
[  644.689555][T28246] name failslab, interval 1, probability 0, space 0, times 0
[  644.695411][T28246] CPU: 3 UID: 0 PID: 28246 Comm: syz.3.7116 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  644.695431][T28246] Tainted: [L]=SOFTLOCKUP
[  644.695436][T28246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  644.695443][T28246] Call Trace:
[  644.695447][T28246]  <TASK>
[  644.695452][T28246]  dump_stack_lvl+0x100/0x190
[  644.695475][T28246]  should_fail_ex.cold+0x5/0xa
[  644.695490][T28246]  should_failslab+0xc2/0x120
[  644.695507][T28246]  __kmalloc_cache_noprof+0x7a/0x6f0
[  644.695519][T28246]  ? nfc_allocate_device+0x15b/0x5e0
[  644.695537][T28246]  nfc_allocate_device+0x15b/0x5e0
[  644.695550][T28246]  ? __init_swait_queue_head+0xca/0x150
[  644.695565][T28246]  nci_allocate_device+0x23b/0x410
[  644.695584][T28246]  virtual_ncidev_open+0x6f/0x220
[  644.695599][T28246]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  644.695613][T28246]  misc_open+0x26d/0x450
[  644.695625][T28246]  ? __pfx_misc_open+0x10/0x10
[  644.695637][T28246]  chrdev_open+0x234/0x6a0
[  644.695655][T28246]  ? __pfx_chrdev_open+0x10/0x10
[  644.695673][T28246]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[  644.695695][T28246]  do_dentry_open+0x6d8/0x1660
[  644.695711][T28246]  ? __pfx_chrdev_open+0x10/0x10
[  644.695731][T28246]  vfs_open+0x82/0x3f0
[  644.695744][T28246]  path_openat+0x208c/0x31a0
[  644.695766][T28246]  ? __pfx_path_openat+0x10/0x10
[  644.695789][T28246]  do_file_open+0x20e/0x430
[  644.695808][T28246]  ? __pfx_do_file_open+0x10/0x10
[  644.695840][T28246]  ? alloc_fd+0x476/0x790
[  644.695859][T28246]  ? do_getname+0x191/0x390
[  644.695873][T28246]  do_sys_openat2+0x10d/0x1e0
[  644.695885][T28246]  ? __pfx_do_sys_openat2+0x10/0x10
[  644.695896][T28246]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  644.695913][T28246]  ? __fget_files+0x21f/0x3d0
[  644.695933][T28246]  __x64_sys_openat+0x12d/0x210
[  644.695945][T28246]  ? __pfx___x64_sys_openat+0x10/0x10
[  644.695957][T28246]  ? ksys_write+0x1ac/0x250
[  644.695977][T28246]  do_syscall_64+0x106/0xf80
[  644.695991][T28246]  ? clear_bhb_loop+0x40/0x90
[  644.696005][T28246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  644.696017][T28246] RIP: 0033:0x7f976259bf79
[  644.696028][T28246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  644.696039][T28246] RSP: 002b:00007f9763415028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  644.696051][T28246] RAX: ffffffffffffffda RBX: 00007f9762815fa0 RCX: 00007f976259bf79
[  644.696058][T28246] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  644.696065][T28246] RBP: 00007f9763415090 R08: 0000000000000000 R09: 0000000000000000
[  644.696071][T28246] R10: 0000000000000041 R11: 0000000000000246 R12: 0000000000000001
[  644.696078][T28246] R13: 00007f9762816038 R14: 00007f9762815fa0 R15: 00007fff31f9c5f8
[  644.696093][T28246]  </TASK>
[  644.826564][   T24] hid_parser_main: 5 callbacks suppressed
[  644.826587][   T24] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  644.843577][   T24] hid-generic 0000:0000:0000.0005: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  645.144772][T28263] xt_hashlimit: size too large, truncated to 1048576
[  645.199744][T28268] gre0: entered promiscuous mode
[  645.201840][T28268] gre0: entered allmulticast mode
[  645.478297][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  645.478314][   T40] audit: type=1400 audit(1771113897.958:668): avc:  denied  { create } for  pid=28278 comm="syz.0.7124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  645.499312][   T40] audit: type=1400 audit(1771113897.968:669): avc:  denied  { ioctl } for  pid=28278 comm="syz.0.7124" path="socket:[101691]" dev="sockfs" ino=101691 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  645.588590][T28293] syzkaller0: entered promiscuous mode
[  645.590609][T28293] syzkaller0: entered allmulticast mode
[  645.610367][T28299] mac80211_hwsim hwsim30 syzkaller0: left promiscuous mode
[  645.612899][T28299] mac80211_hwsim hwsim30 syzkaller0: left allmulticast mode
[  645.616421][T28299] FAULT_INJECTION: forcing a failure.
[  645.616421][T28299] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  645.620766][T28299] CPU: 0 UID: 0 PID: 28299 Comm: syz.3.7130 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  645.620784][T28299] Tainted: [L]=SOFTLOCKUP
[  645.620788][T28299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  645.620795][T28299] Call Trace:
[  645.620800][T28299]  <TASK>
[  645.620804][T28299]  dump_stack_lvl+0x100/0x190
[  645.620825][T28299]  should_fail_ex.cold+0x5/0xa
[  645.620840][T28299]  _copy_from_user+0x2e/0xd0
[  645.620853][T28299]  move_addr_to_kernel+0x65/0x170
[  645.620872][T28299]  copy_msghdr_from_user+0x417/0x4f0
[  645.620890][T28299]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  645.620910][T28299]  ? __pfx__kstrtoull+0x10/0x10
[  645.620928][T28299]  ___sys_sendmsg+0x106/0x1e0
[  645.620946][T28299]  ? __pfx____sys_sendmsg+0x10/0x10
[  645.620982][T28299]  ? find_held_lock+0x2b/0x80
[  645.621006][T28299]  __sys_sendmmsg+0x205/0x430
[  645.621021][T28299]  ? __pfx___sys_sendmmsg+0x10/0x10
[  645.621039][T28299]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  645.621061][T28299]  ? fput+0x79/0x100
[  645.621072][T28299]  ? ksys_write+0x1ac/0x250
[  645.621087][T28299]  ? __pfx_ksys_write+0x10/0x10
[  645.621104][T28299]  __x64_sys_sendmmsg+0x9c/0x100
[  645.621117][T28299]  ? lockdep_hardirqs_on+0x78/0x100
[  645.621131][T28299]  do_syscall_64+0x106/0xf80
[  645.621150][T28299]  ? clear_bhb_loop+0x40/0x90
[  645.621163][T28299]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.621175][T28299] RIP: 0033:0x7f976259bf79
[  645.621186][T28299] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  645.621196][T28299] RSP: 002b:00007f9763415028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  645.621208][T28299] RAX: ffffffffffffffda RBX: 00007f9762815fa0 RCX: 00007f976259bf79
[  645.621215][T28299] RDX: 040000000000016c RSI: 00002000000017c0 RDI: 0000000000000006
[  645.621222][T28299] RBP: 00007f9763415090 R08: 0000000000000000 R09: 0000000000000000
[  645.621229][T28299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  645.621235][T28299] R13: 00007f9762816038 R14: 00007f9762815fa0 R15: 00007fff31f9c5f8
[  645.621250][T28299]  </TASK>
[  645.702500][T28297] overlayfs: failed to clone lowerpath
[  645.716036][T28297] 9pnet_fd: p9_fd_create_unix (28297): problem connecting socket: ./file0: -111
[  645.750422][T28311] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7134'.
[  645.751199][T28309] syzkaller0: entered promiscuous mode
[  645.754962][T28309] syzkaller0: entered allmulticast mode
[  645.926382][T28315] syzkaller0: entered allmulticast mode
[  645.948028][T28317] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  645.953615][T28317] overlayfs: overlapping lowerdir path
[  645.958084][   T40] audit: type=1400 audit(1771113898.438:670): avc:  denied  { lock } for  pid=28316 comm="syz.2.7136" path="socket:[101133]" dev="sockfs" ino=101133 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  646.110075][T28325] xt_hashlimit: size too large, truncated to 1048576
[  646.519611][   T40] audit: type=1400 audit(1771113898.988:671): avc:  denied  { kexec_image_load } for  pid=28337 comm="syz.3.7143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  646.733855][T28374] xt_hashlimit: size too large, truncated to 1048576
[  646.790210][T28380] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7155'.
[  646.838841][ T1341] IPVS: starting estimator thread 0...
[  646.925983][T28392] IPVS: using max 29 ests per chain, 69600 per kthread
[  647.254745][T28406] syzkaller0: entered promiscuous mode
[  647.258892][T28406] syzkaller0: entered allmulticast mode
[  647.301969][T28406] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.7160' sets config #1
[  647.722181][T28408] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7161'.
[  648.630147][T28415] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7163'.
[  648.663274][T28417] futex_wake_op: syz.0.7164 tries to shift op by -1; fix this program
[  648.855349][   T63] Bluetooth: hci5: command 0x041b tx timeout
[  648.894340][   T40] audit: type=1400 audit(1771113901.368:672): avc:  denied  { create } for  pid=28420 comm="syz.0.7166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  648.975717][T28424] misc userio: Begin command sent, but we're already running
[  649.838293][T28388] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  649.885300][T28426] syz.3.7168 (28426): /proc/28425/oom_adj is deprecated, please use /proc/28425/oom_score_adj instead.
[  649.901841][   T46] 0: reclassify loop, rule prio 0, protocol 800
[  650.008500][   T40] audit: type=1400 audit(1771113902.488:673): avc:  denied  { write } for  pid=28439 comm="syz.2.7171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  650.092058][T28455] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  650.097529][T28457] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  650.131245][T28462] ieee802154 phy0 wpan0: encryption failed: -126
[  650.147404][T28464] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  650.149452][T28464] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  650.152150][T28464] vhci_hcd vhci_hcd.0: Device attached
[  650.158863][T28465] vhci_hcd: cannot find the pending unlink 8
[  650.272758][T28476] netlink: 'syz.0.7182': attribute type 1 has an invalid length.
[  650.335311][   T24] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  650.356269][T28487] syzkaller0: entered promiscuous mode
[  650.358060][T28487] syzkaller0: entered allmulticast mode
[  650.361399][T28487] TC_ACT_REPEAT abuse ?
[  650.363687][   T40] audit: type=1400 audit(1771113902.838:674): avc:  denied  { mounton } for  pid=28486 comm="syz.2.7186" path="/36/file0" dev="tmpfs" ino=208 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  650.395263][   T24] usb 43-1: new full-speed USB device number 2 using vhci_hcd
[  650.415221][   T29] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  650.490020][   T40] audit: type=1400 audit(1771113902.968:675): avc:  denied  { mounton } for  pid=28486 comm="syz.2.7186" path="/36/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[  650.555737][   T29] usb 8-1: device descriptor read/64, error -71
[  650.815776][   T29] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  650.975304][   T29] usb 8-1: device descriptor read/64, error -71
[  651.086192][   T29] usb usb8-port1: attempt power cycle
[  651.089263][T28527] syzkaller0: entered promiscuous mode
[  651.091800][T28527] syzkaller0: entered allmulticast mode
[  651.440549][T28536] syzkaller0: entered promiscuous mode
[  651.443004][T28536] syzkaller0: entered allmulticast mode
[  651.445837][   T29] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  651.465747][   T29] usb 8-1: device descriptor read/8, error -71
[  651.718338][   T29] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  651.738537][   T29] usb 8-1: device descriptor read/8, error -71
[  651.855387][   T29] usb usb8-port1: unable to enumerate USB device
[  651.937108][T28540] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=28540 comm=syz.4.7198
[  653.145364][ T2193] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  653.163302][T28465] vhci_hcd: connection reset by peer
[  653.165940][   T13] vhci_hcd vhci_hcd.3: stop threads
[  653.169272][   T13] vhci_hcd vhci_hcd.3: release socket
[  653.175680][   T13] vhci_hcd vhci_hcd.3: disconnect device
[  653.272624][T28578] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode
[  653.278315][T28578] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode
[  653.320470][T28580] mac80211_hwsim hwsim30 syzkaller0: left promiscuous mode
[  653.323348][T28580] mac80211_hwsim hwsim30 syzkaller0: left allmulticast mode
[  653.328189][ T2193] usb 5-1: config index 0 descriptor too short (expected 39, got 27)
[  653.331780][ T2193] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  653.336107][ T2193] usb 5-1: config 0 interface 0 has no altsetting 0
[  653.341086][ T2193] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  653.344785][ T2193] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  653.350086][ T2193] usb 5-1: Product: syz
[  653.351879][ T2193] usb 5-1: Manufacturer: syz
[  653.353889][ T2193] usb 5-1: SerialNumber: syz
[  653.357661][ T2193] usb 5-1: config 0 descriptor??
[  653.366226][ T2193] hub 5-1:0.0: bad descriptor, ignoring hub
[  653.367860][T28582] loop5: detected capacity change from 0 to 7
[  653.368521][ T2193] hub 5-1:0.0: probe with driver hub failed with error -5
[  653.371709][T28582] buffer_io_error: 10 callbacks suppressed
[  653.371724][T28582] Buffer I/O error on dev loop5, logical block 0, async page read
[  653.377395][ T2193] usb 5-1: selecting invalid altsetting 0
[  653.379599][T28582] Buffer I/O error on dev loop5, logical block 0, async page read
[  653.384404][T28582] Buffer I/O error on dev loop5, logical block 0, async page read
[  653.388748][T28582] Buffer I/O error on dev loop5, logical block 0, async page read
[  653.391956][T28582] Buffer I/O error on dev loop5, logical block 0, async page read
[  653.395334][T28582] Buffer I/O error on dev loop5, logical block 0, async page read
[  653.399983][T28582] Buffer I/O error on dev loop5, logical block 0, async page read
[  653.403130][T28582] ldm_validate_partition_table(): Disk read failed.
[  653.405963][T28582] Buffer I/O error on dev loop5, logical block 0, async page read
[  653.409153][T28582] Buffer I/O error on dev loop5, logical block 0, async page read
[  653.415232][T28582] Buffer I/O error on dev loop5, logical block 0, async page read
[  653.418453][T28582] Dev loop5: unable to read RDB block 0
[  653.420710][T28582]  loop5: unable to read partition table
[  653.423218][T28582] loop5: partition table beyond EOD, truncated
[  653.426277][T28582] loop_reread_partitions: partition scan of loop5 (���������S�j̖�P=ý?�}X���	���%��`��ր����5) failed (rc=-5)
[  653.573185][   T63] Bluetooth: hci1: unexpected event for opcode 0x0407
[  653.751507][T28603] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode
[  653.754684][T28603] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode
[  653.776814][   T40] audit: type=1400 audit(1771113906.258:676): avc:  denied  { append } for  pid=28595 comm="syz.2.7215" name="card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  653.842616][T28613] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7221'.
[  653.851352][T28614] syzkaller0: entered promiscuous mode
[  653.853704][T28614] syzkaller0: entered allmulticast mode
[  654.007642][T28591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.011157][T28591] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  654.014441][T28591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.017865][T28591] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  654.020792][T28624] mac80211_hwsim hwsim30 syzkaller0: left promiscuous mode
[  654.023275][T28624] mac80211_hwsim hwsim30 syzkaller0: left allmulticast mode
[  654.027410][T28624] FAULT_INJECTION: forcing a failure.
[  654.027410][T28624] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  654.032122][T28624] CPU: 2 UID: 0 PID: 28624 Comm: syz.3.7224 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  654.032141][T28624] Tainted: [L]=SOFTLOCKUP
[  654.032145][T28624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  654.032152][T28624] Call Trace:
[  654.032157][T28624]  <TASK>
[  654.032162][T28624]  dump_stack_lvl+0x100/0x190
[  654.032184][T28624]  should_fail_ex.cold+0x5/0xa
[  654.032200][T28624]  _copy_from_user+0x2e/0xd0
[  654.032213][T28624]  ____sys_sendmsg+0x1d1/0xc30
[  654.032232][T28624]  ? __pfx_____sys_sendmsg+0x10/0x10
[  654.032250][T28624]  ? __pfx__kstrtoull+0x10/0x10
[  654.032268][T28624]  ___sys_sendmsg+0x190/0x1e0
[  654.032286][T28624]  ? __pfx____sys_sendmsg+0x10/0x10
[  654.032310][T28624]  ? find_held_lock+0x2b/0x80
[  654.032332][T28624]  __sys_sendmmsg+0x205/0x430
[  654.032348][T28624]  ? __pfx___sys_sendmmsg+0x10/0x10
[  654.032365][T28624]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  654.032386][T28624]  ? fput+0x79/0x100
[  654.032398][T28624]  ? ksys_write+0x1ac/0x250
[  654.032413][T28624]  ? __pfx_ksys_write+0x10/0x10
[  654.032431][T28624]  __x64_sys_sendmmsg+0x9c/0x100
[  654.032444][T28624]  ? lockdep_hardirqs_on+0x78/0x100
[  654.032458][T28624]  do_syscall_64+0x106/0xf80
[  654.032471][T28624]  ? clear_bhb_loop+0x40/0x90
[  654.032485][T28624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.032497][T28624] RIP: 0033:0x7f976259bf79
[  654.032507][T28624] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  654.032518][T28624] RSP: 002b:00007f9763415028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  654.032529][T28624] RAX: ffffffffffffffda RBX: 00007f9762815fa0 RCX: 00007f976259bf79
[  654.032536][T28624] RDX: 040000000000016c RSI: 00002000000017c0 RDI: 0000000000000006
[  654.032543][T28624] RBP: 00007f9763415090 R08: 0000000000000000 R09: 0000000000000000
[  654.032550][T28624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  654.032556][T28624] R13: 00007f9762816038 R14: 00007f9762815fa0 R15: 00007fff31f9c5f8
[  654.032570][T28624]  </TASK>
[  654.232152][T28630] syzkaller0: entered promiscuous mode
[  654.234305][T28630] syzkaller0: entered allmulticast mode
[  654.255408][T28566] usb 5-1: reset high-speed USB device number 29 using dummy_hcd
[  654.365232][ T9341] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  654.541299][ T9341] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  654.543963][ T9341] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  654.547255][ T9341] usb 8-1: config 0 interface 0 has no altsetting 0
[  654.551776][ T9341] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  654.554722][ T9341] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  654.557374][ T9341] usb 8-1: Product: syz
[  654.558690][ T9341] usb 8-1: Manufacturer: syz
[  654.560235][ T9341] usb 8-1: SerialNumber: syz
[  654.563616][ T9341] usb 8-1: config 0 descriptor??
[  654.567584][ T9341] hub 8-1:0.0: bad descriptor, ignoring hub
[  654.569530][ T9341] hub 8-1:0.0: probe with driver hub failed with error -5
[  654.573291][ T9341] usb 8-1: selecting invalid altsetting 0
[  654.911508][T28642] XFS (loop3): SB validate failed with error -5.
[  654.935976][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  654.985376][ T1341] usb 8-1: USB disconnect, device number 25
[  655.486668][   T24] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  655.584851][T28638] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  655.887434][T28674] xt_hashlimit: size too large, truncated to 1048576
[  655.895295][ T5932] Bluetooth: hci3: command 0x0c1a tx timeout
[  656.355567][T28698] nbd: must specify a device to reconfigure
[  656.360251][T28698] cgroup: Unknown subsys name 'obj_user'
[  656.529350][T28701] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  656.568197][T28701] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7241'.
[  656.571851][T28701] netlink: 31 bytes leftover after parsing attributes in process `syz.4.7241'.
[  656.574898][T28701] netlink: 'syz.4.7241': attribute type 3 has an invalid length.
[  656.581880][T28701] netlink: 'syz.4.7241': attribute type 2 has an invalid length.
[  656.584764][T28701] netlink: 31 bytes leftover after parsing attributes in process `syz.4.7241'.
[  656.625570][   T40] audit: type=1400 audit(1771113909.108:677): avc:  denied  { name_bind 0x1000000 } for  pid=28703 comm="syz.4.7242" path="socket:[102001]" dev="sockfs" ino=102001 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  657.576694][   T63] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  657.579599][   T63] Bluetooth: hci1: Injecting HCI hardware error event
[  657.583321][   T63] Bluetooth: hci1: hardware error 0x00
[  657.985213][ T5932] Bluetooth: hci3: command 0x0c1a tx timeout
[  659.475266][T28566] usb 5-1: device descriptor read/64, error -110
[  659.655713][   T63] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  659.725685][T28566] usb 5-1: reset high-speed USB device number 29 using dummy_hcd
[  659.855344][T28566] usb 5-1: device descriptor read/64, error -32
[  660.095555][T28566] usb 5-1: reset high-speed USB device number 29 using dummy_hcd
[  660.115633][T28566] usb 5-1: device descriptor read/8, error -32
[  660.340832][T28736] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  660.365252][T28566] usb 5-1: reset high-speed USB device number 29 using dummy_hcd
[  660.384646][   T40] audit: type=1400 audit(1771113912.858:678): avc:  denied  { connect } for  pid=28745 comm="syz.4.7254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  660.395613][T28566] usb 5-1: device descriptor read/8, error -32
[  660.416481][   T40] audit: type=1400 audit(1771113912.898:679): avc:  denied  { setattr } for  pid=28748 comm="syz.4.7256" name="NETLINK" dev="sockfs" ino=103075 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  660.507469][ T2193] usb 5-1: USB disconnect, device number 29
[  660.519265][T28754] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7258'.
[  660.523004][T28754] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7258'.
[  660.538506][T28566] raw-gadget.0 gadget.0: failed to queue disconnect event
[  660.564226][T28757] netlink: 100 bytes leftover after parsing attributes in process `syz.2.7259'.
[  660.624304][T28772] tmpfs: Bad value for 'mpol'
[  660.678733][T28779] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7265'.
[  660.752749][T28786] xt_NFQUEUE: number of total queues is 0
[  660.783279][T28786] can0: slcan on pty26.
[  660.861103][T28791] FAULT_INJECTION: forcing a failure.
[  660.861103][T28791] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  660.866588][T28791] CPU: 0 UID: 0 PID: 28791 Comm: syz.0.7269 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  660.866615][T28791] Tainted: [L]=SOFTLOCKUP
[  660.866621][T28791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  660.866631][T28791] Call Trace:
[  660.866636][T28791]  <TASK>
[  660.866643][T28791]  dump_stack_lvl+0x100/0x190
[  660.866672][T28791]  should_fail_ex.cold+0x5/0xa
[  660.866717][T28791]  _copy_from_user+0x2e/0xd0
[  660.866737][T28791]  kstrtouint_from_user+0xd6/0x1d0
[  660.866760][T28791]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  660.866781][T28791]  ? __lock_acquire+0x4a5/0x2630
[  660.866810][T28791]  ? lock_acquire+0x1cf/0x380
[  660.866837][T28791]  proc_fail_nth_write+0x83/0x220
[  660.866856][T28791]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  660.866877][T28791]  vfs_write+0x2aa/0x1070
[  660.866900][T28791]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  660.866926][T28791]  ? __pfx_vfs_write+0x10/0x10
[  660.866947][T28791]  ? __fget_files+0x215/0x3d0
[  660.866975][T28791]  ? __fget_files+0x21f/0x3d0
[  660.867004][T28791]  ksys_write+0x12a/0x250
[  660.867023][T28791]  ? __pfx_ksys_write+0x10/0x10
[  660.867062][T28791]  do_syscall_64+0x106/0xf80
[  660.867081][T28791]  ? clear_bhb_loop+0x40/0x90
[  660.867101][T28791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.867118][T28791] RIP: 0033:0x7f97ec35c84e
[  660.867132][T28791] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  660.867146][T28791] RSP: 002b:00007f97ed22cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  660.867162][T28791] RAX: ffffffffffffffda RBX: 00007f97ed22d6c0 RCX: 00007f97ec35c84e
[  660.867172][T28791] RDX: 0000000000000001 RSI: 00007f97ed22d0a0 RDI: 0000000000000005
[  660.867182][T28791] RBP: 00007f97ed22d090 R08: 0000000000000000 R09: 0000000000000000
[  660.867192][T28791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  660.867202][T28791] R13: 00007f97ec616038 R14: 00007f97ec615fa0 R15: 00007fff820dd8c8
[  660.867228][T28791]  </TASK>
[  661.100821][T28778] can0 (unregistered): slcan off pty26.
[  661.134978][T28813] syzkaller1: entered promiscuous mode
[  661.138615][T28813] syzkaller1: entered allmulticast mode
[  661.219014][T28809] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7273'.
[  661.273727][T28821] sch_fq: defrate 0 ignored.
[  661.297223][T28823] batadv_slave_1: entered promiscuous mode
[  661.299955][T28823] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7276'.
[  661.313616][T28822] batadv_slave_1: left promiscuous mode
[  661.331528][T28826] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  661.334866][T28826] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  661.339327][T28826] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  661.342600][T28826] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  661.353486][T28828] trusted_key: encrypted_key: keylen parameter is missing
[  661.386959][T28830] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode
[  661.389976][T28830] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode
[  661.399782][T28832] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7280'.
[  661.404712][T28832] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  661.453248][T28834] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=28834 comm=syz.4.7282
[  661.459089][   T40] audit: type=1400 audit(1771113913.938:680): avc:  denied  { execute } for  pid=28829 comm="syz.3.7279" path="/dev/audio1" dev="devtmpfs" ino=1323 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  661.612635][T28840] 9pnet_fd: p9_fd_create_tcp (28840): problem connecting socket to 127.0.0.1
[  661.620269][T28840] sch_tbf: peakrate 5120 is lower than or equals to rate 4294927007 !
[  661.653832][T28842] FAULT_INJECTION: forcing a failure.
[  661.653832][T28842] name failslab, interval 1, probability 0, space 0, times 0
[  661.658078][T28842] CPU: 2 UID: 0 PID: 28842 Comm: syz.0.7284 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  661.658104][T28842] Tainted: [L]=SOFTLOCKUP
[  661.658109][T28842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  661.658119][T28842] Call Trace:
[  661.658126][T28842]  <TASK>
[  661.658133][T28842]  dump_stack_lvl+0x100/0x190
[  661.658162][T28842]  should_fail_ex.cold+0x5/0xa
[  661.658183][T28842]  should_failslab+0xc2/0x120
[  661.658208][T28842]  __kmalloc_cache_noprof+0x7a/0x6f0
[  661.658225][T28842]  ? nci_hci_allocate+0x45/0x330
[  661.658245][T28842]  ? mutex_init_lockep+0x110/0x150
[  661.658278][T28842]  nci_hci_allocate+0x45/0x330
[  661.658299][T28842]  nci_allocate_device+0x26f/0x410
[  661.658328][T28842]  virtual_ncidev_open+0x6f/0x220
[  661.658352][T28842]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  661.658373][T28842]  misc_open+0x26d/0x450
[  661.658392][T28842]  ? __pfx_misc_open+0x10/0x10
[  661.658410][T28842]  chrdev_open+0x234/0x6a0
[  661.658438][T28842]  ? __pfx_chrdev_open+0x10/0x10
[  661.658466][T28842]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[  661.658500][T28842]  do_dentry_open+0x6d8/0x1660
[  661.658524][T28842]  ? __pfx_chrdev_open+0x10/0x10
[  661.658557][T28842]  vfs_open+0x82/0x3f0
[  661.658578][T28842]  path_openat+0x208c/0x31a0
[  661.658614][T28842]  ? __pfx_path_openat+0x10/0x10
[  661.658651][T28842]  do_file_open+0x20e/0x430
[  661.658710][T28842]  ? __pfx_do_file_open+0x10/0x10
[  661.658762][T28842]  ? alloc_fd+0x476/0x790
[  661.658793][T28842]  ? do_getname+0x191/0x390
[  661.658815][T28842]  do_sys_openat2+0x10d/0x1e0
[  661.658835][T28842]  ? __pfx_do_sys_openat2+0x10/0x10
[  661.658852][T28842]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  661.658879][T28842]  ? __fget_files+0x21f/0x3d0
[  661.658909][T28842]  __x64_sys_openat+0x12d/0x210
[  661.658929][T28842]  ? __pfx___x64_sys_openat+0x10/0x10
[  661.658947][T28842]  ? ksys_write+0x1ac/0x250
[  661.658979][T28842]  do_syscall_64+0x106/0xf80
[  661.659001][T28842]  ? clear_bhb_loop+0x40/0x90
[  661.659023][T28842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.659041][T28842] RIP: 0033:0x7f97ec39bf79
[  661.659057][T28842] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  661.659073][T28842] RSP: 002b:00007f97ed22d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  661.659091][T28842] RAX: ffffffffffffffda RBX: 00007f97ec615fa0 RCX: 00007f97ec39bf79
[  661.659102][T28842] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  661.659112][T28842] RBP: 00007f97ed22d090 R08: 0000000000000000 R09: 0000000000000000
[  661.659122][T28842] R10: 0000000000000041 R11: 0000000000000246 R12: 0000000000000002
[  661.659133][T28842] R13: 00007f97ec616038 R14: 00007f97ec615fa0 R15: 00007fff820dd8c8
[  661.659158][T28842]  </TASK>
[  661.864629][   T40] audit: type=1400 audit(1771113914.338:681): avc:  denied  { watch_mount } for  pid=28843 comm="syz.0.7285" path="/554" dev="tmpfs" ino=2846 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  662.473492][T28860] overlayfs: missing 'lowerdir'
[  662.555839][T28864] program syz.3.7293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  662.687978][T28867] could not allocate digest TFM handle cryptd(blake2b-160)
[  662.812826][T28880] EXT4-fs (nbd3): unable to read superblock
[  662.905083][T28891] netlink: 108 bytes leftover after parsing attributes in process `syz.3.7302'.
[  663.111302][T28899] xt_hashlimit: size too large, truncated to 1048576
[  663.238604][T28899] kvm: kvm [28898]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x6
[  664.041476][T28935] sg_write: data in/out 489/10 bytes for SCSI command 0xeb-- guessing data in;
[  664.041476][T28935]    program syz.0.7313 not setting count and/or reply_len properly
[  664.112211][T28943] netlink: 276 bytes leftover after parsing attributes in process `syz.4.7316'.
[  664.115722][T28941] syzkaller0: entered allmulticast mode
[  664.376293][T28963] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7323'.
[  665.320564][T29029] vlan0: entered allmulticast mode
[  665.322332][T29029] veth0_vlan: entered allmulticast mode
[  665.662248][   T40] audit: type=1400 audit(1771113918.138:682): avc:  denied  { write } for  pid=29039 comm="syz.4.7349" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  665.671383][   T40] audit: type=1400 audit(1771113918.148:683): avc:  denied  { read } for  pid=29039 comm="syz.4.7349" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  666.327024][T29051] __nla_validate_parse: 9 callbacks suppressed
[  666.327042][T29051] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7353'.
[  666.379283][T29053] netlink: 80 bytes leftover after parsing attributes in process `syz.3.7354'.
[  666.384727][T29053] netlink: 108 bytes leftover after parsing attributes in process `syz.3.7354'.
[  666.387872][T29053] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7354'.
[  666.424713][T29056] netlink: 64 bytes leftover after parsing attributes in process `syz.3.7356'.
[  666.457214][ T6059] block nbd1: Possible stuck request ffff888028c18000: control (read@0,1024B). Runtime 150 seconds
[  666.460779][ T6059] block nbd1: Possible stuck request ffff888028c18200: control (read@1024,1024B). Runtime 150 seconds
[  666.464751][ T6059] block nbd1: Possible stuck request ffff888028c18400: control (read@2048,1024B). Runtime 150 seconds
[  666.474433][ T6059] block nbd1: Possible stuck request ffff888028c18600: control (read@3072,1024B). Runtime 150 seconds
[  666.652954][T29065] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7360'.
[  666.961764][T29095] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7371'.
[  666.966167][T29095] Unknown options in mask b7f2
[  666.984034][T29095] mac80211_hwsim hwsim30 syzkaller0: left promiscuous mode
[  666.987265][T29095] mac80211_hwsim hwsim30 syzkaller0: left allmulticast mode
[  667.043331][   T40] audit: type=1400 audit(1771113919.518:684): avc:  denied  { accept } for  pid=29102 comm="syz.2.7376" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  667.044469][T29104] netlink: 868 bytes leftover after parsing attributes in process `syz.2.7376'.
[  667.097264][T29108] netlink: 56 bytes leftover after parsing attributes in process `syz.4.7378'.
[  667.182572][T29118] syzkaller0: entered promiscuous mode
[  667.184622][T29118] syzkaller0: entered allmulticast mode
[  667.190283][T29118] tipc: Started in network mode
[  667.192077][T29118] tipc: Node identity 1678ed6a46c5, cluster identity 4711
[  667.194574][T29118] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  667.200757][T29118] tipc: Resetting bearer <eth:syzkaller0>
[  667.203913][T29118] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  667.208944][T29117] tipc: Resetting bearer <eth:syzkaller0>
[  667.228802][T29117] tipc: Disabling bearer <eth:syzkaller0>
[  667.336611][T29125] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3930 sclass=netlink_route_socket pid=29125 comm=syz.4.7382
[  667.368487][T29129] openvswitch: netlink: Flow key attribute not present in set flow.
[  667.456222][T29139] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  667.600216][T29144] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7386'.
[  667.702379][T29150] ieee802154 phy0 wpan0: encryption failed: -126
[  667.800238][   T40] audit: type=1400 audit(1771113920.278:685): avc:  denied  { append } for  pid=29151 comm="syz.3.7389" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  667.809892][T29153] program syz.3.7389 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  668.547985][T29169] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1542 sclass=netlink_route_socket pid=29169 comm=syz.0.7394
[  668.714817][T29181] syzkaller0: entered promiscuous mode
[  668.716706][T29181] syzkaller0: entered allmulticast mode
[  668.722003][   T40] audit: type=1400 audit(1771113921.198:686): avc:  denied  { setopt } for  pid=29174 comm="syz.4.7395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  668.741707][   T40] audit: type=1400 audit(1771113921.218:687): avc:  denied  { bind } for  pid=29174 comm="syz.4.7395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  668.757789][   T40] audit: type=1400 audit(1771113921.238:688): avc:  denied  { read } for  pid=29174 comm="syz.4.7395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  669.036452][   T40] audit: type=1400 audit(1771113921.518:689): avc:  denied  { write } for  pid=29193 comm="syz.0.7400" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  669.212703][T29200] lo speed is unknown, defaulting to 1000
[  669.216327][T29200] lo speed is unknown, defaulting to 1000
[  669.219705][T29200] lo speed is unknown, defaulting to 1000
[  669.226157][T29200] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  669.234714][T29200] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  669.256582][T29200] lo speed is unknown, defaulting to 1000
[  669.260060][T29200] lo speed is unknown, defaulting to 1000
[  669.263274][T29200] lo speed is unknown, defaulting to 1000
[  669.272442][T29200] lo speed is unknown, defaulting to 1000
[  669.277541][T29200] lo speed is unknown, defaulting to 1000
[  669.280228][T29200] lo speed is unknown, defaulting to 1000
[  670.416728][T29142] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  671.954689][   T40] audit: type=1400 audit(1771113924.428:690): avc:  denied  { write } for  pid=29226 comm="syz.4.7408" path="socket:[105516]" dev="sockfs" ino=105516 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  672.100936][T29237] xt_hashlimit: size too large, truncated to 1048576
[  672.578806][T29248] netlink: 'syz.4.7415': attribute type 1 has an invalid length.
[  673.289927][T29248] 8021q: adding VLAN 0 to HW filter on device bond5
[  673.296403][T29249] bond5: (slave veth0_to_bond): making interface the new active one
[  673.301483][T29249] bond5: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  673.341612][   T40] audit: type=1400 audit(1771113925.818:691): avc:  denied  { map } for  pid=29255 comm="syz.3.7417" path="socket:[105007]" dev="sockfs" ino=105007 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  673.384688][T29259] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode
[  673.387156][T29259] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode
[  673.509725][T29266] tmpfs: Too few inodes for current use
[  673.520197][T29268] program syz.2.7420 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  673.562097][T29268] 8021q: VLANs not supported on sit0
[  673.644843][T29276] binder: 29275:29276 ioctl c0306201 0 returned -14
[  673.652233][T29276] binder: 29275:29276 ioctl c0306201 0 returned -14
[  673.656504][T29276] __nla_validate_parse: 1 callbacks suppressed
[  673.656522][T29276] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7424'.
[  673.661594][T29276] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7424'.
[  673.671145][   T46] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  673.674677][T29276] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7424'.
[  673.679078][   T46] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  673.682416][   T46] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  673.686810][   T46] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  673.690247][T29276] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7424'.
[  673.701815][T29276] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7424'.
[  674.039577][T29321] netlink: 'syz.3.7441': attribute type 5 has an invalid length.
[  674.059538][ T1458] libceph: connect (1)[c::]:6789 error -101
[  674.062391][ T1458] libceph: mon0 (1)[c::]:6789 connect error
[  674.068781][ T1458] libceph: connect (1)[c::]:6789 error -101
[  674.070742][ T1458] libceph: mon0 (1)[c::]:6789 connect error
[  674.078001][T29331] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7444'.
[  674.080852][T29331] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7444'.
[  674.083749][T29331] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7444'.
[  674.091699][   T40] audit: type=1400 audit(1771113926.578:692): avc:  denied  { ioctl } for  pid=29330 comm="syz.0.7444" path="socket:[105578]" dev="sockfs" ino=105578 ioctlcmd=0x89f3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  674.107923][ T6148] libceph: connect (1)[b::]:6789 error -101
[  674.110083][ T6148] libceph: mon0 (1)[b::]:6789 connect error
[  674.141855][T29338] syzkaller0: entered promiscuous mode
[  674.143672][T29338] syzkaller0: entered allmulticast mode
[  674.153903][T29340] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  674.340382][ T1458] libceph: connect (1)[c::]:6789 error -101
[  674.342425][ T1458] libceph: mon0 (1)[c::]:6789 connect error
[  674.376660][ T6148] libceph: connect (1)[b::]:6789 error -101
[  674.385032][ T6148] libceph: mon0 (1)[b::]:6789 connect error
[  674.677799][   T63] Bluetooth: hci5: unknown advertising packet type: 0x20
[  674.723231][T29349] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  674.726275][T29350] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  674.726275][T29351] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  674.855635][ T1458] libceph: connect (1)[c::]:6789 error -101
[  674.858307][ T1458] libceph: mon0 (1)[c::]:6789 connect error
[  674.875360][T29320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  674.895495][ T6148] libceph: connect (1)[b::]:6789 error -101
[  674.897538][ T6148] libceph: mon0 (1)[b::]:6789 connect error
[  674.928462][   T40] audit: type=1400 audit(1771113927.408:693): avc:  denied  { write } for  pid=29352 comm="syz.2.7449" name="file0" dev="fuse" ino=16390 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  674.967535][T29355] block device autoloading is deprecated and will be removed.
[  675.386197][T29334] ceph: No mds server is up or the cluster is laggy
[  675.386319][T29321] ceph: No mds server is up or the cluster is laggy
[  675.631769][T29359] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.7451'.
[  675.837074][T29388] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  675.874416][T29397] netlink: 100 bytes leftover after parsing attributes in process `syz.2.7464'.
[  675.957623][T29404] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  676.034249][T29417] mac80211_hwsim hwsim30 syzkaller0: left promiscuous mode
[  676.037535][T29417] mac80211_hwsim hwsim30 syzkaller0: left allmulticast mode
[  676.195614][   T40] audit: type=1400 audit(1771113928.678:694): avc:  denied  { accept } for  pid=29431 comm="syz.3.7477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  676.688756][T29453] netlink: 'syz.4.7483': attribute type 1 has an invalid length.
[  676.693075][T29458] ntfs3(sr0): Primary boot signature is not NTFS.
[  676.696399][T29458] ntfs3(sr0): try to read out of volume at offset 0xf800
[  676.801313][T29471] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode
[  676.803858][T29471] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode
[  676.839156][T29475] netlink: 'syz.3.7490': attribute type 10 has an invalid length.
[  676.949635][   T40] audit: type=1400 audit(1771113929.428:695): avc:  denied  { map } for  pid=29480 comm="syz.3.7491" path="socket:[105306]" dev="sockfs" ino=105306 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  676.957464][   T40] audit: type=1400 audit(1771113929.428:696): avc:  denied  { accept } for  pid=29480 comm="syz.3.7491" path="socket:[105306]" dev="sockfs" ino=105306 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  677.110865][T29492] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=29492 comm=syz.3.7494
[  677.117100][   T40] audit: type=1400 audit(1771113929.598:697): avc:  denied  { listen } for  pid=29491 comm="syz.3.7494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  677.124990][   T40] audit: type=1400 audit(1771113929.598:698): avc:  denied  { accept } for  pid=29491 comm="syz.3.7494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  677.612281][T29495] lo speed is unknown, defaulting to 1000
[  677.657712][   T40] audit: type=1400 audit(1771113930.138:699): avc:  denied  { watch watch_reads } for  pid=29494 comm="syz.2.7495" path="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  677.675497][T29501] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  677.677991][T29501] IPv6: NLM_F_CREATE should be set when creating new route
[  677.680323][T29501] IPv6: NLM_F_CREATE should be set when creating new route
[  677.683338][T29501] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  677.693198][T29500] lo speed is unknown, defaulting to 1000
[  677.797977][T29506] syzkaller0: entered promiscuous mode
[  677.799833][T29506] syzkaller0: entered allmulticast mode
[  678.064189][ T5932] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  678.067551][ T5932] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  678.070795][ T5932] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  678.073923][ T5932] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  678.078430][ T5932] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  678.097428][T29510] lo speed is unknown, defaulting to 1000
[  678.167555][T29510] chnl_net:caif_netlink_parms(): no params data found
[  678.210216][T29510] bridge0: port 1(bridge_slave_0) entered blocking state
[  678.212728][T29510] bridge0: port 1(bridge_slave_0) entered disabled state
[  678.220608][T29510] bridge_slave_0: entered allmulticast mode
[  678.223506][T29510] bridge_slave_0: entered promiscuous mode
[  678.226916][T29510] bridge0: port 2(bridge_slave_1) entered blocking state
[  678.230045][T29510] bridge0: port 2(bridge_slave_1) entered disabled state
[  678.232466][T29510] bridge_slave_1: entered allmulticast mode
[  678.235304][T29510] bridge_slave_1: entered promiscuous mode
[  678.250951][T29510] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  678.255647][T29510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  678.272096][T29510] team0: Port device team_slave_0 added
[  678.275611][T29510] team0: Port device team_slave_1 added
[  678.303464][T29510] batman_adv: batadv0: Adding interface: batadv_slave_0
[  678.306165][T29510] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  678.315489][T29510] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  678.319991][T29510] batman_adv: batadv0: Adding interface: batadv_slave_1
[  678.322613][T29510] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  678.330663][T29510] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  678.405056][T29510] hsr_slave_0: entered promiscuous mode
[  678.408198][T29510] hsr_slave_1: entered promiscuous mode
[  678.411038][T29510] debugfs: 'hsr0' already exists in 'hsr'
[  678.413085][T29510] Cannot create hsr debugfs directory
[  678.502391][T29510] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  678.506465][T29510] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.574157][T29510] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  678.577608][T29510] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.657936][T29510] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  678.661360][T29510] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.737177][T29510] bond0: (slave netdevsim0): Releasing backup interface
[  678.741861][T29510] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  678.745368][T29510] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.854787][T29510] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  678.862112][T29510] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  678.867341][T29510] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  678.873398][T29510] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  678.917026][T29510] 8021q: adding VLAN 0 to HW filter on device bond0
[  678.926132][T29510] 8021q: adding VLAN 0 to HW filter on device team0
[  678.931540][   T95] bridge0: port 1(bridge_slave_0) entered blocking state
[  678.933918][   T95] bridge0: port 1(bridge_slave_0) entered forwarding state
[  678.941330][   T95] bridge0: port 2(bridge_slave_1) entered blocking state
[  678.943674][   T95] bridge0: port 2(bridge_slave_1) entered forwarding state
[  679.037351][T29562] netem: incorrect gi model size
[  679.039496][T29562] netem: change failed
[  679.048524][T29565] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  679.051633][T29565] IPv6: NLM_F_CREATE should be set when creating new route
[  679.054680][T29565] IPv6: NLM_F_CREATE should be set when creating new route
[  679.057800][T29565] IPv6: NLM_F_CREATE should be set when creating new route
[  679.062994][T29510] 8021q: adding VLAN 0 to HW filter on device batadv0
[  679.084910][T29510] veth0_vlan: entered promiscuous mode
[  679.091759][T29510] veth1_vlan: entered promiscuous mode
[  679.106953][T29510] veth0_macvtap: entered promiscuous mode
[  679.112353][T29510] veth1_macvtap: entered promiscuous mode
[  679.124286][T29510] batman_adv: batadv0: Interface activated: batadv_slave_0
[  679.131209][T29510] batman_adv: batadv0: Interface activated: batadv_slave_1
[  679.136653][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  679.140083][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  679.143569][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  679.148762][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  679.198311][  T104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  679.201638][  T104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  679.220946][T21652] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  679.224185][T21652] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  679.235183][   T40] audit: type=1400 audit(1771113931.708:700): avc:  denied  { mounton } for  pid=29510 comm="syz-executor" path="/syzkaller.QESd6N/syz-tmp" dev="sda1" ino=2048 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  679.252068][T29562] __nla_validate_parse: 5 callbacks suppressed
[  679.252080][T29562] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7509'.
[  679.266766][T29570] netlink: 'syz.3.7498': attribute type 33 has an invalid length.
[  679.269275][T29570] netlink: 152 bytes leftover after parsing attributes in process `syz.3.7498'.
[  679.328659][T29572] lo speed is unknown, defaulting to 1000
[  679.387337][T29576] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7514'.
[  679.598682][T29582] sctp: [Deprecated]: syz.4.7516 (pid 29582) Use of int in maxseg socket option.
[  679.598682][T29582] Use struct sctp_assoc_value instead
[  679.604975][T29584] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7517'.
[  679.662364][T29586] syzkaller0: entered promiscuous mode
[  679.664211][T29586] syzkaller0: entered allmulticast mode
[  680.139930][   T63] Bluetooth: hci4: command tx timeout
[  680.232209][T29593] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7520'.
[  681.025339][T29597] netlink: 'syz.2.7522': attribute type 1 has an invalid length.
[  681.038360][T29597] 8021q: adding VLAN 0 to HW filter on device bond1
[  681.056570][T29597] bond1: (slave gretap1): making interface the new active one
[  681.059738][T29597] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  681.071882][T29597] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=29597 comm=syz.2.7522
[  681.405965][    C1] ------------[ cut here ]------------
[  681.408765][    C1] sk->sk_forward_alloc
[  681.408779][    C1] WARNING: net/ipv4/af_inet.c:157 at inet_sock_destruct+0x653/0x800, CPU#1: syz.3.7528/29617
[  681.414904][    C1] Modules linked in:
[  681.417278][    C1] CPU: 1 UID: 0 PID: 29617 Comm: syz.3.7528 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  681.419582][   T40] audit: type=1400 audit(1771113933.898:701): avc:  denied  { ioctl } for  pid=29616 comm="syz.2.7529" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  681.421787][    C1] Tainted: [L]=SOFTLOCKUP
[  681.421802][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  681.421815][    C1] RIP: 0010:inet_sock_destruct+0x653/0x800
[  681.440187][    C1] Code: c9 4e ff e9 06 fd ff ff e8 2a af 01 f8 90 0f 0b 90 e9 35 fe ff ff e8 1c af 01 f8 90 0f 0b 90 e9 c5 fe ff ff e8 0e af 01 f8 90 <0f> 0b 90 e9 04 ff ff ff e8 00 af 01 f8 90 0f 0b 90 e9 65 fe ff ff
[  681.448279][    C1] RSP: 0018:ffffc900006a0d98 EFLAGS: 00010246
[  681.450882][    C1] RAX: 0000000000000000 RBX: ffff88803d7a5500 RCX: ffffffff8a06e8b7
[  681.454240][    C1] RDX: ffff88802b4a8000 RSI: ffffffff8a06e9b2 RDI: ffff88802b4a8000
[  681.457634][    C1] RBP: 0000000000000090 R08: 0000000000000005 R09: 0000000000000000
[  681.460857][    C1] R10: 0000000000000090 R11: 0000000000000000 R12: ffff88803d7a5500
[  681.464228][    C1] R13: ffff88803d7a5590 R14: ffffffff81ee5bad R15: 0000000000000001
[  681.467628][    C1] FS:  000055556b616500(0000) GS:ffff8880d6452000(0000) knlGS:0000000000000000
[  681.471362][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  681.473694][    C1] CR2: 0000200000000200 CR3: 00000000593e8000 CR4: 0000000000352ef0
[  681.474382][T29609] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=29609 comm=syz.4.7526
[  681.476328][    C1] Call Trace:
[  681.481976][    C1]  <IRQ>
[  681.483237][    C1]  ? __pfx_udp_destruct_sock+0x10/0x10
[  681.484985][    C1]  ? rcu_core+0x59d/0x10d0
[  681.486471][    C1]  __sk_destruct+0x85/0xbb0
[  681.488042][    C1]  ? rcu_core+0x59d/0x10d0
[  681.489463][    C1]  rcu_core+0x5a2/0x10d0
[  681.490854][    C1]  ? __pfx_rcu_core+0x10/0x10
[  681.492344][    C1]  ? run_timer_base+0x121/0x190
[  681.493942][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  681.495676][    C1]  handle_softirqs+0x1eb/0x9e0
[  681.497227][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  681.498907][    C1]  __irq_exit_rcu+0xef/0x150
[  681.500382][    C1]  irq_exit_rcu+0x9/0x30
[  681.501740][    C1]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  681.503556][    C1]  </IRQ>
[  681.504543][    C1]  <TASK>
[  681.505560][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  681.507549][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[  681.509566][    C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 76 a1 53 f6 48 89 df e8 5e f1 53 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 f5 27 44 f6 65 8b 05 3e be 7b 08 85 c0 74 16 5b
[  681.515655][    C1] RSP: 0018:ffffc900054ffb60 EFLAGS: 00000246
[  681.517825][    C1] RAX: 0000000000000002 RBX: ffff888053248a38 RCX: 0000000000000000
[  681.520325][    C1] RDX: 0000000000000000 RSI: ffffffff8de6d3c0 RDI: ffffffff8c1ae120
[  681.522877][    C1] RBP: 0000000000000206 R08: 0000000000000001 R09: 0000000000000000
[  681.525551][    C1] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888053248000
[  681.528100][    C1] R13: ffff888053248a38 R14: ffff88806a53bf80 R15: ffff888053248a37
[  681.530570][    C1]  try_to_wake_up+0xcf1/0x1a80
[  681.532106][    C1]  ? __pfx_try_to_wake_up+0x10/0x10
[  681.533822][    C1]  ? find_held_lock+0x2b/0x80
[  681.535419][    C1]  ? futex_wake+0x456/0x530
[  681.536953][    C1]  wake_up_q+0xa1/0x130
[  681.538401][    C1]  futex_wake+0x460/0x530
[  681.539816][    C1]  ? __pfx_futex_wake+0x10/0x10
[  681.541370][    C1]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  681.543067][    C1]  do_futex+0x32b/0x350
[  681.544410][    C1]  ? __pfx_do_futex+0x10/0x10
[  681.545984][    C1]  ? ktime_get+0x200/0x300
[  681.547377][    C1]  ? lockdep_hardirqs_on+0x78/0x100
[  681.548957][    C1]  ? read_tsc+0x9/0x20
[  681.550225][    C1]  __x64_sys_futex+0x34f/0x4d0
[  681.551784][    C1]  ? __pfx___x64_sys_futex+0x10/0x10
[  681.553466][    C1]  do_syscall_64+0x106/0xf80
[  681.554955][    C1]  ? clear_bhb_loop+0x40/0x90
[  681.556513][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  681.558411][    C1] RIP: 0033:0x7f36f139bf79
[  681.559874][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  681.565932][    C1] RSP: 002b:00007ffcf98fd878 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  681.568700][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f36f139bf79
[  681.571718][    C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f36f1615fa8
[  681.575234][    C1] RBP: 000000000000009f R08: 0000000000000001 R09: 0000000000000000
[  681.578554][    C1] R10: 00007f36f1615fa0 R11: 0000000000000246 R12: 0000000000000000
[  681.581311][    C1] R13: 00007f36f1615fac R14: 00007f36f1615fa8 R15: 00007f36f1615fa0
[  681.583833][    C1]  </TASK>
[  681.584832][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  681.587259][    C1] CPU: 1 UID: 0 PID: 29617 Comm: syz.3.7528 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  681.590636][    C1] Tainted: [L]=SOFTLOCKUP
[  681.591998][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  681.595164][    C1] Call Trace:
[  681.596248][    C1]  <IRQ>
[  681.597210][    C1]  dump_stack_lvl+0x100/0x190
[  681.598753][    C1]  vpanic+0x552/0x970
[  681.600509][    C1]  ? __pfx_vpanic+0x10/0x10
[  681.602163][    C1]  panic+0xd1/0xe0
[  681.603437][    C1]  ? __pfx_panic+0x10/0x10
[  681.605064][    C1]  ? check_panic_on_warn+0x1f/0x90
[  681.606999][    C1]  check_panic_on_warn.cold+0x19/0x34
[  681.608957][    C1]  ? inet_sock_destruct+0x653/0x800
[  681.610953][    C1]  __warn.cold+0x191/0x348
[  681.612522][    C1]  __report_bug+0x296/0x3d0
[  681.614072][    C1]  ? inet_sock_destruct+0x653/0x800
[  681.615827][    C1]  ? __pfx___report_bug+0x10/0x10
[  681.617436][    C1]  ? __x64_sys_futex+0x34f/0x4d0
[  681.619014][    C1]  ? do_syscall_64+0x106/0xf80
[  681.620532][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  681.622458][    C1]  ? inet_sock_destruct+0x653/0x800
[  681.624151][    C1]  report_bug+0xb2/0x220
[  681.625508][    C1]  ? inet_sock_destruct+0x653/0x800
[  681.627200][    C1]  handle_bug+0x166/0x2a0
[  681.628583][    C1]  exc_invalid_op+0x17/0x50
[  681.630034][    C1]  asm_exc_invalid_op+0x1a/0x20
[  681.631585][    C1] RIP: 0010:inet_sock_destruct+0x653/0x800
[  681.633469][    C1] Code: c9 4e ff e9 06 fd ff ff e8 2a af 01 f8 90 0f 0b 90 e9 35 fe ff ff e8 1c af 01 f8 90 0f 0b 90 e9 c5 fe ff ff e8 0e af 01 f8 90 <0f> 0b 90 e9 04 ff ff ff e8 00 af 01 f8 90 0f 0b 90 e9 65 fe ff ff
[  681.639471][    C1] RSP: 0018:ffffc900006a0d98 EFLAGS: 00010246
[  681.641390][    C1] RAX: 0000000000000000 RBX: ffff88803d7a5500 RCX: ffffffff8a06e8b7
[  681.643917][    C1] RDX: ffff88802b4a8000 RSI: ffffffff8a06e9b2 RDI: ffff88802b4a8000
[  681.646369][    C1] RBP: 0000000000000090 R08: 0000000000000005 R09: 0000000000000000
[  681.649047][    C1] R10: 0000000000000090 R11: 0000000000000000 R12: ffff88803d7a5500
[  681.651536][    C1] R13: ffff88803d7a5590 R14: ffffffff81ee5bad R15: 0000000000000001
[  681.654027][    C1]  ? rcu_core+0x59d/0x10d0
[  681.655469][    C1]  ? inet_sock_destruct+0x557/0x800
[  681.657129][    C1]  ? inet_sock_destruct+0x652/0x800
[  681.658804][    C1]  ? inet_sock_destruct+0x652/0x800
[  681.660792][    C1]  ? __pfx_udp_destruct_sock+0x10/0x10
[  681.662672][    C1]  ? rcu_core+0x59d/0x10d0
[  681.664506][    C1]  __sk_destruct+0x85/0xbb0
[  681.665996][    C1]  ? rcu_core+0x59d/0x10d0
[  681.667468][    C1]  rcu_core+0x5a2/0x10d0
[  681.668825][    C1]  ? __pfx_rcu_core+0x10/0x10
[  681.670622][    C1]  ? run_timer_base+0x121/0x190
[  681.672715][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  681.674372][    C1]  handle_softirqs+0x1eb/0x9e0
[  681.675921][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  681.677922][    C1]  __irq_exit_rcu+0xef/0x150
[  681.679841][    C1]  irq_exit_rcu+0x9/0x30
[  681.681590][    C1]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  681.683913][    C1]  </IRQ>
[  681.685136][    C1]  <TASK>
[  681.686384][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  681.688671][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[  681.690714][    C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 76 a1 53 f6 48 89 df e8 5e f1 53 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 f5 27 44 f6 65 8b 05 3e be 7b 08 85 c0 74 16 5b
[  681.696769][    C1] RSP: 0018:ffffc900054ffb60 EFLAGS: 00000246
[  681.699269][    C1] RAX: 0000000000000002 RBX: ffff888053248a38 RCX: 0000000000000000
[  681.702591][    C1] RDX: 0000000000000000 RSI: ffffffff8de6d3c0 RDI: ffffffff8c1ae120
[  681.705524][    C1] RBP: 0000000000000206 R08: 0000000000000001 R09: 0000000000000000
[  681.708800][    C1] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888053248000
[  681.712193][    C1] R13: ffff888053248a38 R14: ffff88806a53bf80 R15: ffff888053248a37
[  681.714889][    C1]  try_to_wake_up+0xcf1/0x1a80
[  681.716445][    C1]  ? __pfx_try_to_wake_up+0x10/0x10
[  681.718613][    C1]  ? find_held_lock+0x2b/0x80
[  681.720421][    C1]  ? futex_wake+0x456/0x530
[  681.721953][    C1]  wake_up_q+0xa1/0x130
[  681.723380][    C1]  futex_wake+0x460/0x530
[  681.724762][    C1]  ? __pfx_futex_wake+0x10/0x10
[  681.726312][    C1]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  681.728514][    C1]  do_futex+0x32b/0x350
[  681.730194][    C1]  ? __pfx_do_futex+0x10/0x10
[  681.731741][    C1]  ? ktime_get+0x200/0x300
[  681.733205][    C1]  ? lockdep_hardirqs_on+0x78/0x100
[  681.734866][    C1]  ? read_tsc+0x9/0x20
[  681.736173][    C1]  __x64_sys_futex+0x34f/0x4d0
[  681.737763][    C1]  ? __pfx___x64_sys_futex+0x10/0x10
[  681.740177][    C1]  do_syscall_64+0x106/0xf80
[  681.742149][    C1]  ? clear_bhb_loop+0x40/0x90
[  681.744234][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  681.746512][    C1] RIP: 0033:0x7f36f139bf79
[  681.748029][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  681.754081][    C1] RSP: 002b:00007ffcf98fd878 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  681.756721][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f36f139bf79
[  681.759362][    C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f36f1615fa8
[  681.761850][    C1] RBP: 000000000000009f R08: 0000000000000001 R09: 0000000000000000
[  681.764381][    C1] R10: 00007f36f1615fa0 R11: 0000000000000246 R12: 0000000000000000
[  681.766943][    C1] R13: 00007f36f1615fac R14: 00007f36f1615fa8 R15: 00007f36f1615fa0
[  681.770363][    C1]  </TASK>
[  681.772542][    C1] Kernel Offset: disabled
[  681.773994][    C1] Rebooting in 86400 seconds..