last executing test programs:

3m26.137394143s ago: executing program 0 (id=1312):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0xd5)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000240)={0x50, 0x0, r1, {0x7, 0x1f, 0x4, 0x1001280, 0x5, 0x0, 0x5, 0x8}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1212a1, 0xf5)
close_range(r0, 0xffffffffffffffff, 0x0)

3m25.909450195s ago: executing program 0 (id=1319):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040))
prctl$PR_SET_NAME(0xf, &(0x7f00000000c0)='\"\x00c\xe28~\x06\vWj\xefn\xfd/\xf8S`\'\x19\xf3H\x9f\xdc\xf1\xa8L\xb9iMB9\x06,\x9ec\xe5\xeb\xac')
socket$packet(0x11, 0x3, 0x300)

3m25.563465469s ago: executing program 0 (id=1321):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3m25.366162883s ago: executing program 0 (id=1323):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
read$FUSE(r1, &(0x7f0000000980)={0x2020, 0x0, 0x0, 0x0, <r2=>0x0}, 0xff2c)
setregid(r2, r2)
syz_clone(0x200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
setpgid(0x0, r0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)

3m24.780835686s ago: executing program 0 (id=1329):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x4000, 0x0)
sendmmsg$unix(r3, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000010c0)=[@cred={{0x1c, 0x1, 0x2, {r1}}}], 0x20, 0x1}}, {{&(0x7f0000000a80)=@abs={0x1, 0x0, 0x4e24}, 0x6e, 0x0, 0x0, &(0x7f0000001940), 0x0, 0x90}}], 0x2, 0x40)
ioctl$sock_FIOGETOWN(r2, 0x8903, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
epoll_pwait(r5, &(0x7f0000000080), 0x0, 0xbebd, &(0x7f00000001c0), 0x8)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)

3m22.600558435s ago: executing program 0 (id=1355):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xf, 0x5, 0x0, 0x6, 0x0, 0x1, 0x0, 0xffff7ffc, 0xfffffffd, 0x6, 0x0, 0xffffffff, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2000000, 0xc, 0xfffffffc}})

3m22.130065327s ago: executing program 32 (id=1355):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xf, 0x5, 0x0, 0x6, 0x0, 0x1, 0x0, 0xffff7ffc, 0xfffffffd, 0x6, 0x0, 0xffffffff, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2000000, 0xc, 0xfffffffc}})

3m20.04725234s ago: executing program 3 (id=1374):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = getpid()
prctl$PR_MCE_KILL(0x21, 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0xffffffffffffffff, &(0x7f0000000000)=0x5e)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
close(0xffffffffffffffff)
getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000540)={'icmp\x00'}, 0x0)
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r5, &(0x7f0000000000)={0x24, @short={0x2, 0x1, 0xffff}}, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, 0x0, &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

3m19.036639284s ago: executing program 3 (id=1377):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22, 0x0, 0x1}, 0x48)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x5, 0x4, 0x6, 0x0, r1}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f00000001c0), &(0x7f0000000300)=@udp6=r0}, 0x20)

3m18.83224033s ago: executing program 3 (id=1379):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000280)="32780f64398323756224d03ac5cb3838e854cf6fe7e38c09daa0e7", 0x1b, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4)
read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020}, 0x2020)
write$P9_RMKNOD(r0, &(0x7f0000000040)={0x14, 0x13, 0x2, {0x80, 0x0, 0x3}}, 0x14)

3m18.639131931s ago: executing program 3 (id=1381):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
read$FUSE(r1, &(0x7f0000000980)={0x2020}, 0xff2c)
syz_clone(0x200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
setpgid(0x0, r0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)

3m18.326716444s ago: executing program 3 (id=1384):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8)
sendmmsg$inet6(r0, &(0x7f0000000480)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000300)='T', 0x1}], 0x1}}], 0x2, 0x20008000)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f00000001c0), 0x4)

3m17.680081148s ago: executing program 3 (id=1391):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$inet6(r0, &(0x7f0000002c00)={&(0x7f0000000040)={0xa, 0x4e1d, 0x5, @remote, 0x9}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000002280)='I', 0x1}], 0x1}, 0x200000c0)

3m17.420667225s ago: executing program 33 (id=1391):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$inet6(r0, &(0x7f0000002c00)={&(0x7f0000000040)={0xa, 0x4e1d, 0x5, @remote, 0x9}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000002280)='I', 0x1}], 0x1}, 0x200000c0)

2m32.647353173s ago: executing program 4 (id=1644):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e20}, 0x5c)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$unix(r2, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0xc800)
pipe(&(0x7f0000000040))
io_setup(0x3ff, &(0x7f0000000500))

2m28.349229518s ago: executing program 4 (id=1661):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000a00)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x100000}]}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x5c}}, 0x8000)

2m27.484405311s ago: executing program 4 (id=1663):
r0 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x3, 0x800)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x880, 0x0)
prlimit64(0x0, 0x1, &(0x7f0000000300)={0x7fff, 0x6}, &(0x7f0000000340))
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
set_mempolicy(0x2, &(0x7f0000000080)=0x4716, 0x3)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x5, "17321748"}]}}, 0x0}, 0x0)
syz_usb_control_io(r2, &(0x7f0000000480)={0x2c, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3445}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r2, &(0x7f0000000380)={0x18, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41d}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f00000000c0)={'pcl724\x00', [0x4f27, 0x105, 0x2, 0x421, 0x1, 0xcc7, 0x7fffffff, 0x5c952399, 0x5, 0x3fe, 0x2, 0x300, 0x1, 0x1, 0x9, 0x0, 0x400, 0x8, 0xfffffffa, 0x1ff, 0x80000089, 0xa, 0x400000, 0x20001e54, 0xffffeadb, 0x3, 0x3d, 0x8, 0x4, 0x8000000, 0x485b]})
r4 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x6}}, {{0xa, 0xfffe, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}}}, 0x108)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2f, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x80000000, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x9b, @mcast2}}}, 0x108)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

2m26.453877038s ago: executing program 4 (id=1672):
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000200)=ANY=[], 0x841, 0x0)
setxattr$security_ima(0x0, 0x0, 0x0, 0x700, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8042, 0x0)
fallocate(r0, 0x0, 0x5, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x12, r0, 0x0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000002480)=@chain)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000640)='asymmetric\x00', &(0x7f00000003c0)=@secondary)

2m24.165261538s ago: executing program 4 (id=1683):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00'})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'veth1_to_bond\x00'})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000080}, 0x20048004)

2m24.124643538s ago: executing program 4 (id=1684):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x60142, 0x1)
r1 = socket$unix(0x1, 0x5, 0x0)
fanotify_init(0x8, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x84, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x800, &(0x7f0000006680)=0x3e)
gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000001000)={'syztnl2\x00', <r5=>0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @rand_addr=0x3}}}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000780)={'syztnl2\x00', &(0x7f00000008c0)={'syztnl2\x00', r5, 0x10, 0x22b384db60457e3a, 0x9, 0x6, {{0x5, 0x4, 0x1, 0x36, 0x14, 0x65, 0x0, 0xea, 0x2f, 0x0, @broadcast, @rand_addr=0x64010100}}}})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
listxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000280)=""/164, 0xa4)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x200)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="3e0f350f20c035010000000f22c066b859000f00d867dcef660f21220f22180f06660f00562e0f01345f0f07", 0x2c}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1000c1, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x11}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}, {0x85, 0x0, 0x0, 0x17}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xe, 0x0, &(0x7f0000000300)="0101000071a78326c799dbe888a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r11 = socket(0x1d, 0x2, 0x6)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYRESDEC=r10, @ANYRESHEX=r11, @ANYBLOB=',wfdno=', @ANYRESHEX=r10])
fcntl$setsig(r2, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r3}], 0x2c, 0xffffffffffbffff8)
dup2(r2, r3)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)

2m8.886535574s ago: executing program 34 (id=1684):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x60142, 0x1)
r1 = socket$unix(0x1, 0x5, 0x0)
fanotify_init(0x8, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x84, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x800, &(0x7f0000006680)=0x3e)
gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000001000)={'syztnl2\x00', <r5=>0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @rand_addr=0x3}}}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000780)={'syztnl2\x00', &(0x7f00000008c0)={'syztnl2\x00', r5, 0x10, 0x22b384db60457e3a, 0x9, 0x6, {{0x5, 0x4, 0x1, 0x36, 0x14, 0x65, 0x0, 0xea, 0x2f, 0x0, @broadcast, @rand_addr=0x64010100}}}})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
listxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000280)=""/164, 0xa4)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x200)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="3e0f350f20c035010000000f22c066b859000f00d867dcef660f21220f22180f06660f00562e0f01345f0f07", 0x2c}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1000c1, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x11}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}, {0x85, 0x0, 0x0, 0x17}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xe, 0x0, &(0x7f0000000300)="0101000071a78326c799dbe888a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r11 = socket(0x1d, 0x2, 0x6)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYRESDEC=r10, @ANYRESHEX=r11, @ANYBLOB=',wfdno=', @ANYRESHEX=r10])
fcntl$setsig(r2, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r3}], 0x2c, 0xffffffffffbffff8)
dup2(r2, r3)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)

10.435825001s ago: executing program 7 (id=2264):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
mlock2(&(0x7f0000549000/0x1000)=nil, 0x1000, 0x0)
munlockall()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
socketpair(0x1, 0x100000005, 0x0, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14)
syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x6, 0x7f, 0x2, 0x1, 0x7f, 0x4000006, 0x4d, 0xfffffff2, 0x5f, 0xa, 0xfffffffa, 0xffff2d33, 0x1dd2, 0x6, 0x7, 0x0, 0x80000000, 0x4, 0x6, 0x3, 0x3c5a, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x2, 0x3, 0x107fff, 0x4c74, 0xfbf5, 0x0, 0xb, 0xa, 0x0, 0x71, 0x7, 0x2000007, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0x6, 0x3, 0x4, 0x4, 0x8, 0x0, 0x7f, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0x8, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0xfffff000, 0xfffffffe, 0x8, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x7, 0x4, 0x0, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x801, 0x8, 0x8006, 0x0, 0x9, 0x2, 0xa, 0x4, 0x9, 0x8, 0x9, 0x80, 0x5, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x83, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0x5, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x387d, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x80002, 0x11, 0x8, 0xfffffff8, 0x6d01, 0x5, 0x37, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x20005, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0xfffffffa, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x40, 0x2000008, 0x2], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x1, 0x0, 0x5, 0xce5, 0x1fa, 0x6, 0x5, 0x5, 0x3fffffff, 0x100, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x5, 0xffffffff, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffb, 0x4, 0x8, 0xc8, 0x3, 0x3, 0x80ffff, 0x200003, 0x5, 0x80000000, 0x9602, 0xa, 0x2, 0x5, 0x10, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0xa, 0x9, 0x1, 0x6c1b, 0x3, 0x8, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f0000000100)=[{}, {0xffffffffffffffff, 0x1521}], 0x2, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r3, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000040)={0x0, 0x7a124, 0x60, {0x0, 0x100}})
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480))

9.78903096s ago: executing program 2 (id=2269):
r0 = syz_io_uring_setup(0xac8, &(0x7f0000000240)={0x0, 0xf53, 0x1, 0x0, 0xce}, &(0x7f0000000040), &(0x7f00000000c0))
syz_io_uring_setup(0x2219, &(0x7f00000001c0)={0x0, 0x77ff, 0x400, 0x3, 0x385, 0x0, r0}, &(0x7f00000002c0), &(0x7f0000000340))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x802, 0xff, 0x12, 0x402, 0x3})
sched_setscheduler(0x0, 0x1, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = accept(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x13, &(0x7f0000000140)=[0x800, 0x8002], 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000001eec65258d841568e316a0861dc5565f00"/44], 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
setuid(0xee01)
socket$inet_udp(0x2, 0x2, 0x0)

8.890843744s ago: executing program 2 (id=2274):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0xffff0000, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff0000}, 0x50)

8.775499199s ago: executing program 2 (id=2277):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r0, &(0x7f00000bd000), 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001dc0)=ANY=[@ANYBLOB="20000000610001000000000000006e0800000000000000040001800000000000"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0xe0080, 0xb0)
write$cgroup_int(r3, &(0x7f0000000040)=0x1c9, 0x12)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats_percpu\x00')
lseek(r4, 0x36, 0x1)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x804000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_NESTED_STATE(r7, 0x4048aecb, &(0x7f0000001440)={{0x0, 0x0, 0x80, {0xdddd0000, 0x1}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf9758b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bfe98e94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b91fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029e7a9e8b86a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf7b155ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f8edd941bff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b7fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22670812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa31819caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae399aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c04799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db63dec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880bffffffffffffff7fb5cb6967fb0ea8e14efce120947092c3b601002f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6af1d8183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c75f4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b769e44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd580800000000000000d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156fb4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d475bd5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95f3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641f9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33201f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49d2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a34313315836bb7291764b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33dff5ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e02000000be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c0851800c6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e400000f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
mremap(&(0x7f00001a6000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000208000/0x2000)=nil)
mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f0000126000/0x1000)=nil, 0x1000, 0x4)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="340000003c0007010000000000000000017c00000400fc800c00018006060604000a0000080002"], 0x34}, 0x1, 0x0, 0x0, 0x4c094}, 0x4040)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000005d80)=[{{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000140)=[{&(0x7f00000002c0)="af08d45dc3da8907328e5da49fdca79d364f99801c2340f2ba78b9c510891e577dfcea5667492c1fdab36dc346027a5758bde5d673be09b20491df4ea025c667b4139f04ce3f014afeaf252d8bd794e1d99421dd5c32ef70bddbcb52da5d1f17ef1b47461ba50a9558be219de4098f8eee18ea12fb622dba8b90d2ef961151f14693e5548890652611fe421b", 0x8c}], 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000000100000001000000", @ANYRES32, @ANYRES32=r3, @ANYRES32, @ANYRES32, @ANYRES32=r2, @ANYRES32=r3, @ANYRES32=r1, @ANYRES32=r5, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r8, @ANYRES32=r0, @ANYRES8=r3, @ANYRES32=r0, @ANYBLOB="20000000000000000100ffd6171ae9be", @ANYRES32=r6, @ANYRES32=r0, @ANYRES32=r5, @ANYRES32=r1, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32=r8, @ANYRES32=r2, @ANYRES32=r6, @ANYRES32, @ANYRES32=r0, @ANYRES32=r3, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r3, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r8, @ANYRES64=r6, @ANYRES32=r3, @ANYRES32=r0, @ANYRES32=r5, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x140, 0x4800}}, {{0x0, 0x0, &(0x7f00000057c0)=[{&(0x7f0000005500)="31e761c66ff3ce87a61358cbc92d7b92666df34fde8e94751ed4651c9bc470e0a0f2560ef83083af83cca3f833307493348f720bf60dfae2222182b80e0e265b646f8349e20129e875ba386d914478e84268ff9599c281960e68afdb2a6a2deeec574719431c8d385e2577b55bd4f9f2bdc3394b7543efbddca0d261e12e388c3db0119b70a979f6589e5f1194a25dfc1790b205e8cd54d58decad763a141defc2dd987ad770", 0xa6}, {&(0x7f00000055c0)="692d1b159d0f16b780c66f5064fe485446c64f2916133932576c0dac2625e12a298b4c87a332309fa10e", 0x2a}, {&(0x7f0000005600)="c777890b85dbe66bc3b95fa64d66966d0ff51284476587342251af80f00d47a3b821da3c318d1dfa4d0447cfdef4ad182767d3143c2d2fca344942dea810f285cc8eb0e1086a4e059ab03b7d2a9ef1706a71f23f62f231c51fef082338fc5583f9cf", 0x62}, {&(0x7f0000005680)="6ac1ebd903a5125b86ef3df0d53e5d1a26004c930af4ed251f4c6d87ff234db7cf799c4ee8e545dedd305d10ea0a1441d862288a59e9e74ebfd85c909fc679f3d38dd14d34165458ff056d4d", 0x4c}, {&(0x7f0000005700)="0d582c3b7d5c561a853ee707fb4d4032d7329fae66fb2e1eb868a3da9721af87818bf51fa48c30c99267212779af135c6734d7ad1202b3a2b38af9754ef6ee65cb970ccda71bfa21a8479409e8746ae48a1d229e67b6ae6d8dce6593be22d02f13e2e386035fe832744a8b78233feba42153411b9007e72532b2869956593de2b1729595", 0x84}], 0x5, 0x0, 0x0, 0x40080}}, {{&(0x7f00000003c0)=@file={0x1, './file0/file0\x00'}, 0x6e, &(0x7f0000005900), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES64=r2, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32, @ANYRES64=r2, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000140000000000000001000000f759a701", @ANYRES8=r1, @ANYBLOB='\x00\x00\x00\x00'], 0xb8, 0x80}}, {{&(0x7f0000005b40)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000005cc0)=[{&(0x7f0000005bc0)="32182915c9445847bf156b975eaad3ca173215d25af08f5d04edc87b32c520e57ea7614c2bf8ae8e9b81e7e91e5d547283454ff9b090ed394bdda61b66d571c40d26e688e3c54d95d008237aeb3c361bb0d528046b8a89701bb5945a49c012e736298566bb3fba5c901c", 0x6a}, {&(0x7f0000005c40)="21647b4b42860ac862b128bfeed94bc04f7dc8d961797006df2c1145a9070bd555445093f813d5edf4e884df09423817e601f6c20af48ee110143d26436c3e9c8b85d8d91db24e985487cff9c089c906", 0x50}], 0x2, &(0x7f0000005d00)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000100000000000000001000000010000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00ln;'], 0x50, 0x1}}], 0x4, 0x20004000)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
chdir(0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x48800, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r11, 0x4068aea3, &(0x7f00000001c0)={0xc0, 0x0, 0x6000})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(0x0, r9)

7.76343116s ago: executing program 5 (id=2282):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x2, {0x9, @vbi={0x101, 0x7ff, 0x8, 0x4f565559, [0x0, 0x73], [0xe, 0x1], 0x1}}, 0xfffffffd})
bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001280), 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0)
ioctl$RTC_ALM_SET(r3, 0x40247007, &(0x7f00000002c0)={0x14, 0x10, 0x2, 0xb, 0x4, 0x2, 0x3, 0x84, 0x1})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x3, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000002c0)=';', 0x1}], 0x1}}], 0x1, 0x10)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0)
socket(0x1e, 0x4, 0x6c1a)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000027c0)={'ip6gre0\x00', 0x0})
r5 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r5, 0xc058565d, &(0x7f0000002dc0)=@multiplanar_userptr={0x0, 0x1, 0x4, 0x0, 0x7, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, "488dc807"}, 0x1004, 0x2, {0x0}, 0x10000003})
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c)

7.699696063s ago: executing program 1 (id=2283):
socket$packet(0x11, 0x2, 0x300)
sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e21, 0x7, @mcast2, 0x5}}, 0x24)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x1f)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x11, 0x200000000000001, 0x300)
r1 = socket(0x10, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
shutdown(0xffffffffffffffff, 0x2)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5"], 0x1c}}, 0x20000010)

7.624751681s ago: executing program 1 (id=2284):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x661, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x67)
accept$alg(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000a00)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x100000}]}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x5c}}, 0x8000)

7.544149851s ago: executing program 2 (id=2285):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x1, 0x4, 0x2, @vifc_lcl_addr=@loopback, @remote}, 0x10) (fail_nth: 1)

7.446770986s ago: executing program 2 (id=2286):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
pipe2$9p(&(0x7f0000001900), 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r1, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000010c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010300000020000000ee15660000080006000200000018000180140002007665746830"], 0x34}}, 0x44800)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x2900, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r3, 0x0, 0x15)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
socket(0x15, 0x5, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0x1, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
socket$igmp(0x2, 0x3, 0x2)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x400000, 0x4)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

7.08815567s ago: executing program 7 (id=2289):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x105701)
socket$packet(0x11, 0x3, 0x300)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$packet(0x11, 0x1, 0x300)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_emit_ethernet(0xc2, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2000000810001000800450000b00000000000119078000000000000000000004e20009c907801000000000000007b4b143b74000c00e63b9ba2ea4f115a67245b00000000000000000000000000584cbf2649a50f2dbc0000a8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d9cfd56d3c86e550100000000"], 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x10080)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x3, 0x0, 0x2})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x40505330, &(0x7f0000000400)={0x800100, 0xffffffff, 0x22, 0xe1d9, 0x1101, 0xff})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x30, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x4000}, @CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_ISN={0x8}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x804}, 0x40000)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910710007e570966f4366ec9d4"], 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004010}, 0x0)
recvmmsg$unix(r4, 0x0, 0x0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8090}, 0x0)
setsockopt(r6, 0x84, 0x81, &(0x7f0000000280), 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_driver={0x0, 0x80805513, 0x0})

6.270242807s ago: executing program 5 (id=2290):
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x541b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
io_setup(0x5, 0xffffffffffffffff)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x0, 0xfa, @scatter={0x0, 0x0, &(0x7f0000000a80)}, 0x0, 0x0, 0x0, 0x0, 0x800001, 0x0})
r2 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r2, 0x8, 0x0, 0xff9e, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffedb, 0x0, 0x0, 0x10, 0x4}, 0x94)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)
setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, &(0x7f0000000340), 0x4)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00')
r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000040))
getdents64(r4, &(0x7f0000001f00)=""/4093, 0xffd)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f00000000c0)={<r5=>0x0, 0x3}, &(0x7f0000000140)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000400)={r5, @in6={{0xa, 0x4e23, 0x6, @mcast1, 0x4}}, 0x8, 0x1, 0x9, 0x7fffffff, 0x55bbe778f154e794, 0x7f, 0xc}, 0x9c)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000000000000000000000500150002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)

5.437673504s ago: executing program 1 (id=2292):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x6000, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_PORT={0x6}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}]}, 0x5c}}, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
preadv(r1, 0x0, 0x0, 0x0, 0x6)
syz_emit_vhci(&(0x7f0000000880)=ANY=[], 0x200)
r2 = socket(0x10, 0x803, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e25, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x101040)
r4 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES16=r2], 0x0, 0x10001, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup3(r5, r4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
io_submit(0x0, 0x2, &(0x7f00000000c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x400000b4e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000002000)=""/102400, 0x19000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x2000000)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r9, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write(r2, &(0x7f0000000240)="aefc00001a0025f00385bc04fef7681d0a0b49ff708800008002280008020200ac0a1410bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae)

5.188687389s ago: executing program 1 (id=2293):
r0 = socket$kcm(0x10, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r2, &(0x7f00000000c0)=0xc, 0x12)
sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b904021d080b01000000e8fe55a11800150006001400000000120800040043000000a80016000a00014006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x20000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="060000000400000008000000080000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000041eca69cddce9b158c63b747383a211afa"], 0x48)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f0000002440)=[{&(0x7f00000002c0)="62af263ea3c1befb3bd81deb2fc1cacaa4d2f3c7d8ed578a43f7c4bb44173641f1fd8524ba1d6678d41a89626989170aadb2c8de3262863630637e1f80b2b4b51ee58b9299e10879e5e7cf131a96d45102b25ddcd1a9c1396236f8a9e1be48f3df174a31122fc89187100d16d31e65e68a314119e411a442d36d25fa1a910a16926bbe70937af1a2daffcd5c3a62c21741d80998ec5bdc21609f993fe686eab92a3d9509e824ba65d8ca5a278c2daaa30bae078462870b37ea7868c8f4793a95dfe47a9c60ea83231e51dda3ae07e726e228a4b101565798f3c4d0633da550910f", 0xe1}], 0x1, 0x9)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000500)={'veth1_to_bond\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa000008000500", @ANYRES32=r6], 0x68}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x24, 0x11, 0x839, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r6, {0x1, 0x6}, {0xd}, {0x11, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
accept4(r4, 0x0, 0x0, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0xee31b000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x400000000000041, 0x0)

5.096080949s ago: executing program 7 (id=2294):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x42, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0xffff, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x10009, 0x52}]}}}}}}}, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x1, 0x0, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x3}]}}}}}}}, 0x0) (fail_nth: 1)

5.025757879s ago: executing program 5 (id=2295):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x4000, 0x0)
sendmmsg$unix(r3, &(0x7f0000001a40)=[{{&(0x7f0000000a80)=@abs={0x1, 0x0, 0x4e24}, 0x6e, 0x0, 0x0, &(0x7f0000001940), 0x0, 0x90}}], 0x1, 0x40)
ioctl$sock_FIOGETOWN(r2, 0x8903, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1a00000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
epoll_pwait(r5, &(0x7f0000000080)=[{}], 0x1, 0xbebd, &(0x7f00000001c0), 0x8)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0xa0179e08})

4.925176891s ago: executing program 7 (id=2296):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r1 = creat(&(0x7f00000005c0)='./file0\x00', 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r6)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x6}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r9, {}, {0x2, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x6}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x10}]}}]}, 0x40}}, 0x4008000)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
close(r1)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000180)=0x1000050, 0x4)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xc)
r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000006c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r10, 0x0, 0x0)
syz_usb_control_io$hid(r10, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
r11 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGCOLLECTIONINDEX(r11, 0x40184810, &(0x7f00000002c0)={0x3, 0x100, 0x0, 0x4, 0x0, 0x9ff})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680))
r12 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x2}, 0x10, 0x0)
landlock_restrict_self(r12, 0x0)

3.695894325s ago: executing program 5 (id=2297):
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x3f}, {0xfff1, 0xffff}, {0x0, 0xfff1}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x8}}, @qdisc_kind_options=@q_ingress={0xc}]}, 0x38}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x810, 0xffffffffffffffff, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x2d, 0x6, 0x0, {0x0, 0x3, 0x4, 0x0, 'tls\x00'}}, 0x2d)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r4}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r5}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x101000)
write$P9_RAUTH(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x67, 0x2, {0x10, 0x2}}, 0x14)

3.120904943s ago: executing program 6 (id=2299):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) (async)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bca, 0x10100, 0x0, 0x313}, 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))
syz_io_uring_submit(0x0, 0x0, 0x0) (async)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) (async)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) (async)
r4 = syz_open_procfs(0x0, 0x0)
fchdir(r4) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r7, 0xae9a) (async)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe]}) (async)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f00000002c0)={"8022e64e74e6f67b82f0d8a62127912e8e0facb291d8f00126635901181631134a20c7ef49c18bc0bbece53852b95bb8302f6c2286d6b0fb5b13bbdd128c382cebf211c3853f6fb48ab335f3ac853cf7c64d4f27ece7c262cdabfa5660cde1d28dc3eab72b8cfa5b08d6129c86ca79bd9dc43c37e75246dcf04b3816fd90365c877a2c10e8ef4c444ecb4784a0afbf5e962e390bb1ad3bbce049ae51325e79f5ab8bfa80b35fff1da6833ec7fa9ebfc93da9e4b190e5e3a752eca97dc669a937e6ab654169108a38d414fb90e1b894494f314298428ef482b0ff9084c95e735b6b09ca2de115d77f6a657fb7da142c896f9dce212aa58af72879da88687ce4620501a4ba17e906a02662f902745e8ddfb50874ce099ac0fc00ed05470d176364b1f30495b4a088bdde663172734fa8107e5fc0cd4fa60869c83a6669a4ea3040dbaa38f2571543d8521e37ab5aa5be850e3ade4b9eb09e6de146aa0c8fc98fea7bb50efa589af6978ec8d970f908dc4676ea3d15b3b6ebe8ae56a6292704900e611367b278b6716b4d04279792aeb649688ac6bcb7a5e58cbab0c07c8916a7cef3bb0d6303523bad9c0ad5f3024dfbdf364792b75f0ba19d56c5b3bf645fc40061edf7e042de07fc652ec4958373d9f3af542adc030334cc63caa85c8a2628bb1d257c746b2cc57798c23e30f2799f5f392f6af7a3d0cc47299928634afd54ce987c1951989ef81b39f5c7ba4cb2a74250f15261fedf3a25396b83199151ea4b406c2e1aa3135f2a77a8d75b75ef0b25efcdb3b031d8eaed29862173e93994f8d6e6e70df79978551804744eefa635c71d4b38da513f3ea8f48853322cfe5ef1b1ee632e0fcd3eae1993d883fc91f0f2437dce252b6ce5175e7d119afcb9c3c92baf3df6716ce61b54d0dd7dda2360a4c93e26f3eaa4a1637d108966074638697f5b374cf9ae6b32dce29da73fece352c94a1bdb45d6e0fe98533562ee5e55d2f2d3ce5c301ca9c5706a1d0605414f103878eb88169e6681297616b4e1c8c1a43a33f5d99b619962066e7c5698470772696f58dbed61d8507119769e30101f229e012a08b76c0d752cdb290d46f2504177164282fbd084a4817b5ed7448586bc3de1d30af5472e6b67d2ad120e1401ebdcc5358c8eff7e68f4a48aed32f55970a5a6a7c7dcba4887bc4bb1c7fde1610ed25f4f64f25a9f79fad21b5e558fcc97c120c0977a92f5471cc391edf228ff4bf7f9fc7b92737e32b3af48780cb96f5623b5f01dcd3cea45d72ccdb7a36682fd3094542726b24790534728f2c0b2757edc7599ccb170b2db42c9460c42082081ab86d9d5fc971b4d7987ee2c70ced65e08d74474763c6d6ec671c42f6acaa4ccbd2fe981121c04571c1794450b9650b0249f2a633e880ab386510ea86298112a2f01f0ac7f81ee00"}) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000000)=@arm64={0x9b, 0xa, 0x80, '\x00', 0x3})

3.11598496s ago: executing program 1 (id=2300):
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x3f}, {0xfff1, 0xffff}, {0x0, 0xfff1}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x8}}, @qdisc_kind_options=@q_ingress={0xc}]}, 0x38}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x810, 0xffffffffffffffff, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x2d, 0x6, 0x0, {0x0, 0x3, 0x4, 0x0, 'tls\x00'}}, 0x2d)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r4}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r5}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x101000)
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$P9_RAUTH(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x67, 0x2, {0x10, 0x2}}, 0x14)

2.452243586s ago: executing program 6 (id=2301):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003)
ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x661, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000a00)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x100000}]}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x5c}}, 0x8000)

1.696942264s ago: executing program 2 (id=2302):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x661, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x67)
accept$alg(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000a00)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x100000}]}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x5c}}, 0x8000)

1.537691324s ago: executing program 6 (id=2303):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x3, 0x8, 0xfade, 0xfffffb6d, 0x70471, r0, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x2}, 0x50)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, r1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x3}, 0x50)
r3 = fsopen(&(0x7f0000000180)='nfs4\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000440)={r2, 0xd3f80a3ff915c489, &(0x7f0000000100)}, 0x8)

1.299273454s ago: executing program 6 (id=2304):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="440000001000010025bd", @ANYRES32=r1, @ANYBLOB="200404000300000024001280110001006272696467655f736c617665000000000c00058008002200", @ANYRES32], 0x44}, 0x1, 0x0, 0x0, 0x200404c1}, 0x4000000)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000080}, 0x20048004)

1.097639644s ago: executing program 5 (id=2305):
r0 = socket$caif_seqpacket(0x25, 0x5, 0x5)
recvmmsg(r0, &(0x7f0000005400)=[{{0x0, 0x0, &(0x7f0000003d80)=[{&(0x7f0000002b00)=""/174, 0xae}, {&(0x7f0000002bc0)=""/190, 0xbe}, {&(0x7f0000002c80)=""/4096, 0x1000}, {&(0x7f0000003c80)=""/236, 0xec}], 0x4, &(0x7f0000003dc0)=""/118, 0x76}, 0x3}], 0x1, 0x12121, 0x0)

1.037937786s ago: executing program 6 (id=2306):
r0 = socket$pptp(0x18, 0x1, 0x2)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_PORT_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000008c0)={0x64, r1, 0x1, 0x70bd2d, 0x0, {0x35}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x64}}, 0x0)
syz_emit_ethernet(0x3c, &(0x7f00000000c0)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}, @val={@val={0x88a8, 0x0, 0x1, 0x3}, {0x8100, 0x0, 0x0, 0x2}}, {@x25={0x805, {0x3, 0x83, 0xf3, "0f3bdf1092e9e73d20ebc9164db3cf343e7f967a89ce5ab664786314e993eb072d4590"}}}}, 0x0)
bind$pptp(r0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000f00)=ANY=[@ANYBLOB="300000001800dd8d0000000000000000020000200000000900000000060015000a0000000c00168008000100bc"], 0x30}}, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f00000001c0)='./cgroup\x00', &(0x7f0000000180)='ufs\x00', 0x1004050, 0x0)
r5 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4040004)
getsockname$packet(r6, &(0x7f0000000080)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="48000000100003e7ff0000000000040000000000", @ANYRES32=r7, @ANYBLOB="0000000040000200280012800a000100767863616e0000001800028014000100000000", @ANYRES32=r7], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000004700)={'team0\x00', <r8=>0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d1)
r9 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
pread64(r9, &(0x7f0000002280)=""/4096, 0x1000, 0xd33)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000780), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r11, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000007c0)={0x2c, r12, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000200)={'batadv0\x00', <r13=>0x0})
sendmsg$ETHTOOL_MSG_RINGS_GET(r10, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000240)={0x128, r12, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x4008051}, 0x8811)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)={0x64, r5, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r8}, {0x48, 0x2, 0x0, 0x1, [{0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000401}, 0x4040084)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f00000004c0)={0x110, 0x0, 0x0, 0x70bd28, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x51, 0x6, 0x4}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xff}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x3000000}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x4c}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xfff}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x8000000}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x43}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x1d}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xfffffff9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xa}, @IPVS_CMD_ATTR_DEST={0x50, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x2}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xfffffffd}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast2}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x4048010}, 0x20000010)

919.651649ms ago: executing program 5 (id=2307):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
write$binfmt_misc(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r3, &(0x7f0000000240)=@other={'trylock', ' ', 'mem'}, 0xc)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x3)
socket$kcm(0xa, 0x2, 0x3a)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000), 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000001880)={'bond_slave_0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r6)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_STOP_AP(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r7, 0x401, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x20004000)
sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x14, r7, 0x200, 0x70bd2a, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20000004)
sendmsg$nl_route_sched(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=@newqdisc={0x9c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {0x1, 0xffff}, {0xffff, 0xd}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x3, 0x1, 0x1, 0x80002, 0x4}, 0xa4ca, 0x0, 0xfffffffd, 0x6, 0x0, 0x18, 0x9, 0xe, 0x3, 0x9, {0x10001, 0x7, 0x10001, 0x7, 0x2, 0x7fffffff}}}}, @qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8, "b4cbc290446391e3a4ab24c73348022c"}}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4c840}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0xc000)
r10 = syz_open_dev$loop(&(0x7f0000000400), 0x8, 0x0)
ioctl$BLKROGET(r10, 0x125e, &(0x7f0000000440))
r11 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, &(0x7f0000000200))
sendmsg$nl_route(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}]}, 0x34}}, 0x0)

783.724927ms ago: executing program 1 (id=2308):
r0 = open(&(0x7f0000000280)='.\x00', 0x141080, 0x0)
ioctl$USBDEVFS_REAPURB(r0, 0x4008550c, &(0x7f0000000000))
fcntl$notify(r0, 0x402, 0x8000003d)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="0a98c740d575bb79b98a2a0bff6bc7bf27823c34e5989c6ff998ffd3377bf9f209cac4c884c08d93264ba146dba4fb6fdbfda9da5eca83a84b21782851dc4b4e9d47452b05804fb3c8f3b4e56fac61803d3682cff413b8f9e4c33a70d0246a4a8a37db92928e0077b4f108f30da7698cc41fe689ebccc0", @ANYRES32, @ANYBLOB="0000000005000000183200000200"/24], &(0x7f0000000300)='syzkaller\x00', 0x4, 0xb9, &(0x7f0000000440)=""/185, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000540)={0x0, 0x1, 0x5, 0x7}, 0x10, 0x0, 0x0, 0x9, 0x0, &(0x7f0000000740)=[{0x2, 0x5, 0xe, 0x1}, {0x5, 0x3}, {0x5, 0x3, 0x0, 0xa}, {0x3, 0x2, 0x10, 0x3d0fad6d7b6fcb7a}, {0x4, 0x2, 0xfffffffe, 0x3}, {0x3, 0x2, 0x0, 0xa}, {0x3, 0x4, 0x4, 0x6}, {0x1, 0x5, 0xc, 0x7}, {0x2, 0x5, 0x7, 0x4}], 0x10, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f00000001c0)='fsi_master_gpio_cmd_abs_addr\x00', r1, 0x0, 0xe}, 0x1e)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r5, 0x29, 0x6, &(0x7f0000000180), 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00'}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000800)=ANY=[@ANYBLOB="9feb010018000000000000000200000002"], 0x0, 0x1a, 0x0, 0x6, 0x5}, 0x28)
r6 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r6, &(0x7f0000000000)=""/42, 0x2a)
getdents64(r6, &(0x7f0000000080)=""/147, 0x93)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00')
renameat2(r8, &(0x7f0000000d00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r8, &(0x7f0000000040)='./file1\x00', 0x5)
lseek(r8, 0x2004, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a24000000020a01080000000000000000050000060800024000000003080002400000000014000000"], 0x4c}}, 0xc050)

688.183329ms ago: executing program 7 (id=2309):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0xffff0000, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff0000}, 0x50)

497.431803ms ago: executing program 6 (id=2310):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x4000, 0x0)
sendmmsg$unix(r3, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000010c0)=[@cred={{0x1c, 0x1, 0x2, {r1}}}], 0x20, 0x1}}, {{&(0x7f0000000a80)=@abs={0x1, 0x0, 0x4e24}, 0x6e, 0x0, 0x0, &(0x7f0000001940), 0x0, 0x90}}], 0x2, 0x40)
ioctl$sock_FIOGETOWN(r2, 0x8903, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1a00000000000000000000000000000018110000", @ANYRES32], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
epoll_pwait(r5, &(0x7f0000000080)=[{}], 0x1, 0xbebd, &(0x7f00000001c0), 0x8)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0xa0179e08})

0s ago: executing program 7 (id=2311):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0xfffffffffffffdcf}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
syz_usb_connect(0x1, 0x3d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x100)
write$char_usb(r1, 0x0, 0x9)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000004ec0)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0)
write$6lowpan_control(r2, &(0x7f0000000100)='connect aa:aa:aa:aa:aa:10 0', 0x1b)

kernel console output (not intermixed with test programs):


[  229.052586][ T8461] RDX: 0000000004040140 RSI: 00002000000000c0 RDI: 0000000000000003
[  229.052597][ T8461] RBP: 00007ff24b148090 R08: 0000000000000000 R09: 0000000000000000
[  229.052608][ T8461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  229.052618][ T8461] R13: 00007ff24a5b6128 R14: 00007ff24a5b6090 R15: 00007fff079bc1c8
[  229.052642][ T8461]  </TASK>
[  229.793764][  T977] usb 1-1: USB disconnect, device number 18
[  231.685551][ T8484] FAULT_INJECTION: forcing a failure.
[  231.685551][ T8484] name failslab, interval 1, probability 0, space 0, times 0
[  231.706805][ T8484] CPU: 0 UID: 0 PID: 8484 Comm: syz.3.692 Not tainted syzkaller #0 PREEMPT(full) 
[  231.706826][ T8484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  231.706833][ T8484] Call Trace:
[  231.706837][ T8484]  <TASK>
[  231.706841][ T8484]  dump_stack_lvl+0x16c/0x1f0
[  231.706857][ T8484]  should_fail_ex+0x512/0x640
[  231.706869][ T8484]  ? fs_reclaim_acquire+0xae/0x150
[  231.706885][ T8484]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  231.706901][ T8484]  should_failslab+0xc2/0x120
[  231.706914][ T8484]  __kmalloc_noprof+0xd2/0x510
[  231.706929][ T8484]  tomoyo_realpath_from_path+0xc2/0x6e0
[  231.706946][ T8484]  ? tomoyo_profile+0x47/0x60
[  231.706958][ T8484]  tomoyo_path_number_perm+0x245/0x580
[  231.706971][ T8484]  ? tomoyo_path_number_perm+0x237/0x580
[  231.706986][ T8484]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  231.707000][ T8484]  ? find_held_lock+0x2b/0x80
[  231.707026][ T8484]  ? find_held_lock+0x2b/0x80
[  231.707038][ T8484]  ? hook_file_ioctl_common+0x145/0x410
[  231.707052][ T8484]  ? __fget_files+0x20e/0x3c0
[  231.707067][ T8484]  security_file_ioctl+0x9b/0x240
[  231.707084][ T8484]  __x64_sys_ioctl+0xb7/0x210
[  231.707101][ T8484]  do_syscall_64+0xcd/0x4c0
[  231.707114][ T8484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.707126][ T8484] RIP: 0033:0x7fe284d8ebe9
[  231.707135][ T8484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  231.707146][ T8484] RSP: 002b:00007fe285cb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  231.707157][ T8484] RAX: ffffffffffffffda RBX: 00007fe284fb5fa0 RCX: 00007fe284d8ebe9
[  231.707164][ T8484] RDX: 0000200000000040 RSI: 00000000c0305710 RDI: 0000000000000003
[  231.707170][ T8484] RBP: 00007fe285cb8090 R08: 0000000000000000 R09: 0000000000000000
[  231.707176][ T8484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  231.707182][ T8484] R13: 00007fe284fb6038 R14: 00007fe284fb5fa0 R15: 00007ffca88fee58
[  231.707196][ T8484]  </TASK>
[  231.707200][ T8484] ERROR: Out of memory at tomoyo_realpath_from_path.
[  232.224744][ T5921] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  233.162258][ T5921] usb 2-1: Using ep0 maxpacket: 32
[  233.349671][   T30] audit: type=1804 audit(1755953251.088:874): pid=8504 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.697" name="/newroot/113/file0" dev="tmpfs" ino=605 res=1 errno=0
[  233.461583][   T30] audit: type=1400 audit(1755953251.128:875): avc:  denied  { bind } for  pid=8505 comm="syz.2.698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  233.728529][ T5921] usb 2-1: device descriptor read/all, error -71
[  233.750530][  T878] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  233.910340][  T878] usb 4-1: Using ep0 maxpacket: 16
[  233.917323][  T878] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8
[  233.935030][   T30] audit: type=1400 audit(1755953251.668:876): avc:  denied  { read } for  pid=8523 comm="syz.0.706" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  233.942049][  T878] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  233.979264][ T8525] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  233.991859][  T878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.004862][ T8525] block device autoloading is deprecated and will be removed.
[  234.012749][   T30] audit: type=1400 audit(1755953251.668:877): avc:  denied  { open } for  pid=8523 comm="syz.0.706" path=2F3131362F66696C65302F66696C6530202864656C6574656429 dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  234.013209][  T878] usb 4-1: Product: syz
[  234.052675][  T878] usb 4-1: Manufacturer: syz
[  234.057626][  T878] usb 4-1: SerialNumber: syz
[  234.081782][  T878] usb 4-1: config 0 descriptor??
[  234.101772][  T878] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  234.116437][  T878] usb 4-1: Detected FT232R
[  234.176109][   T30] audit: type=1400 audit(1755953251.918:878): avc:  denied  { create } for  pid=8544 comm="syz.4.713" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  234.198918][   T30] audit: type=1400 audit(1755953251.918:879): avc:  denied  { mounton } for  pid=8544 comm="syz.4.713" path="/171/file0" dev="tmpfs" ino=938 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  234.228728][ T8548] overlayfs: failed to clone upperpath
[  234.307986][  T878] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  234.529045][  T878] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  234.779292][ T5921] usb 4-1: USB disconnect, device number 6
[  234.798153][ T5921] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  234.810126][ T5921] ftdi_sio 4-1:0.0: device disconnected
[  235.104872][ T8575] kernel read not supported for file /bus (pid: 8575 comm: syz.2.726)
[  235.115519][   T30] audit: type=1800 audit(1755953252.858:880): pid=8575 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.726" name="bus" dev="mqueue" ino=18035 res=0 errno=0
[  235.197913][ T8580] netlink: 32 bytes leftover after parsing attributes in process `syz.2.728'.
[  235.268395][   T30] audit: type=1400 audit(1755953253.008:881): avc:  denied  { mount } for  pid=8583 comm="syz.1.731" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  235.318133][   T30] audit: type=1400 audit(1755953253.058:882): avc:  denied  { unmount } for  pid=5843 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  235.591311][   T30] audit: type=1400 audit(1755953253.328:883): avc:  denied  { append } for  pid=8599 comm="syz.3.738" name="sg0" dev="devtmpfs" ino=771 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  237.944880][ T8690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.777'.
[  238.101566][ T8698] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  238.724316][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  238.724333][   T30] audit: type=1400 audit(1755953256.468:891): avc:  denied  { map } for  pid=8737 comm="syz.4.799" path="socket:[19516]" dev="sockfs" ino=19516 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  238.874780][   T30] audit: type=1400 audit(1755953256.618:892): avc:  denied  { connect } for  pid=8753 comm="syz.1.805" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  239.056512][ T8762] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  239.117594][   T30] audit: type=1400 audit(1755953256.848:893): avc:  denied  { ioctl } for  pid=8763 comm="syz.1.810" path="/dev/ptyq7" dev="devtmpfs" ino=126 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  239.221273][   T30] audit: type=1400 audit(1755953256.918:894): avc:  denied  { block_suspend } for  pid=8761 comm="syz.4.809" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  239.277769][ T8775] netlink: 32 bytes leftover after parsing attributes in process `syz.1.814'.
[  239.339969][ T8775] netlink: 32 bytes leftover after parsing attributes in process `syz.1.814'.
[  241.000099][ T8837] overlayfs: failed to clone upperpath
[  241.138545][   T30] audit: type=1400 audit(1755953258.878:895): avc:  denied  { append } for  pid=8844 comm="syz.4.845" name="rt_cache" dev="proc" ino=4026533095 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  241.872507][ T8891] netlink: 96 bytes leftover after parsing attributes in process `syz.3.866'.
[  242.199627][ T8913] netlink: 12 bytes leftover after parsing attributes in process `syz.2.877'.
[  242.284725][ T8913] bond1: (slave sit1): The slave device specified does not support setting the MAC address
[  242.313263][ T8913] bond1: (slave sit1): Error -95 calling set_mac_address
[  242.391912][   T30] audit: type=1400 audit(1755953260.138:896): avc:  denied  { getopt } for  pid=8924 comm="syz.3.882" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  242.414077][ T8919] sch_tbf: burst 124 is lower than device lo mtu (65550) !
[  242.536869][ T8930] syzkaller0: tun_chr_ioctl cmd 1074025673
[  242.615793][ T8938] netlink: 56 bytes leftover after parsing attributes in process `syz.0.888'.
[  242.644639][ T8938] netlink: 56 bytes leftover after parsing attributes in process `syz.0.888'.
[  242.876607][   T30] audit: type=1326 audit(1755953260.618:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8953 comm="syz.3.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe284d8ebe9 code=0x7ffc0000
[  242.957384][   T30] audit: type=1326 audit(1755953260.618:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8953 comm="syz.3.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe284d8ebe9 code=0x7ffc0000
[  243.046137][   T30] audit: type=1326 audit(1755953260.618:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8953 comm="syz.3.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=198 compat=0 ip=0x7fe284d8ebe9 code=0x7ffc0000
[  243.106253][   T30] audit: type=1326 audit(1755953260.618:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8953 comm="syz.3.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe284d8ebe9 code=0x7ffc0000
[  244.000364][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  244.000381][   T30] audit: type=1400 audit(1755953261.738:904): avc:  denied  { bind } for  pid=9032 comm="syz.2.934" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  244.031975][   T30] audit: type=1400 audit(1755953261.738:905): avc:  denied  { name_bind } for  pid=9032 comm="syz.2.934" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  244.054044][   T30] audit: type=1400 audit(1755953261.738:906): avc:  denied  { node_bind } for  pid=9032 comm="syz.2.934" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  244.288048][ T9045] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  244.448928][   T30] audit: type=1400 audit(1755953262.188:907): avc:  denied  { mount } for  pid=9057 comm="syz.4.944" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  244.580918][ T9060] netlink: 8 bytes leftover after parsing attributes in process `syz.2.946'.
[  244.660329][   T30] audit: type=1400 audit(1755953262.398:908): avc:  denied  { read } for  pid=9064 comm="syz.1.949" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  245.267580][   T30] audit: type=1400 audit(1755953263.008:909): avc:  denied  { ioctl } for  pid=9095 comm="syz.1.963" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  245.568093][ T9110] loop2: detected capacity change from 0 to 7
[  245.595728][ T5846] Dev loop2: unable to read RDB block 7
[  245.612526][ T5846]  loop2: unable to read partition table
[  245.625866][ T5846] loop2: partition table beyond EOD, truncated
[  245.665554][ T9110] Dev loop2: unable to read RDB block 7
[  245.690441][ T9110]  loop2: unable to read partition table
[  245.713628][ T9110] loop2: partition table beyond EOD, truncated
[  245.719907][ T9110] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  246.007572][   T30] audit: type=1400 audit(1755953263.748:910): avc:  denied  { read } for  pid=9117 comm="syz.1.972" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  246.053548][   T30] audit: type=1400 audit(1755953263.748:911): avc:  denied  { open } for  pid=9117 comm="syz.1.972" path="/194/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  246.092712][   T30] audit: type=1400 audit(1755953263.778:912): avc:  denied  { ioctl } for  pid=9117 comm="syz.1.972" path="/194/file0/file0" dev="fuse" ino=64 ioctlcmd=0x5415 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  246.235019][   T30] audit: type=1400 audit(1755953263.958:913): avc:  denied  { ioctl } for  pid=9125 comm="syz.0.975" path="/164/file0/file0" dev="fuse" ino=64 ioctlcmd=0x911 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  246.636669][ T9149] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  247.415942][ T9165] 9pnet: p9_errstr2errno: server reported unknown error vlen=1 Invalid name
[  247.415942][ T9165] 
[  247.641949][ T9178] netlink: 24 bytes leftover after parsing attributes in process `syz.4.997'.
[  247.863885][ T9190] Invalid ELF header len 16
[  248.478085][ T9220] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1014'.
[  248.538051][ T9223] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1015'.
[  248.615307][ T9226] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1017'.
[  248.635837][ T9231] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1018'.
[  248.647449][ T9231] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1018'.
[  250.554441][ T9247] syz.2.1024 (9247) used greatest stack depth: 19784 bytes left
[  250.719941][ T9276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1037'.
[  251.381336][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  251.381368][   T30] audit: type=1400 audit(1755953268.948:923): avc:  denied  { execute } for  pid=9288 comm="syz.3.1044" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=21384 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  251.742645][ T9298] 8021q: adding VLAN 0 to HW filter on device team0
[  251.752132][ T9298] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  252.660577][   T30] audit: type=1400 audit(1755953270.388:924): avc:  denied  { audit_read } for  pid=9361 comm="syz.4.1075" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  252.713140][   T30] audit: type=1400 audit(1755953270.388:925): avc:  denied  { nlmsg_write } for  pid=9361 comm="syz.4.1075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  253.240498][   T30] audit: type=1400 audit(1755953270.968:926): avc:  denied  { watch watch_reads } for  pid=9402 comm="syz.3.1095" path="/syzcgroup/unified/syz3" dev="cgroup2" ino=125 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  253.976513][   T30] audit: type=1400 audit(1755953271.708:927): avc:  denied  { accept } for  pid=9433 comm="syz.2.1110" lport=38940 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  254.318203][   T30] audit: type=1400 audit(1755953271.748:928): avc:  denied  { setopt } for  pid=9433 comm="syz.2.1110" lport=38940 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  254.616798][   T30] audit: type=1400 audit(1755953272.358:929): avc:  denied  { mounton } for  pid=9441 comm="syz.0.1114" path="/proc/592/task" dev="proc" ino=22624 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  255.368846][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  255.375209][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  259.233957][ T9530] fuse: Unknown parameter 'fd0x0000000000000003'
[  259.378708][ T9538] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1152'.
[  259.665753][ T9553] netlink: set zone limit has 4 unknown bytes
[  259.675890][ T9554] netlink: del zone limit has 4 unknown bytes
[  260.253301][   T30] audit: type=1804 audit(1755953277.998:930): pid=9572 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.1160" name="/newroot/207/file0" dev="tmpfs" ino=1091 res=1 errno=0
[  262.498173][ T9610] netlink: del zone limit has 4 unknown bytes
[  262.774747][ T9618] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1174'.
[  263.414079][ T9623] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1177'.
[  263.504854][ T9623] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1177'.
[  263.545679][ T9628] netlink: 236 bytes leftover after parsing attributes in process `syz.0.1179'.
[  265.922203][ T5849] Bluetooth: hci0: unexpected subevent 0x01 length: 37 > 18
[  265.934979][ T5849] Bluetooth: hci0: SCO packet for unknown connection handle 200
[  266.080409][ T9675] netlink: 236 bytes leftover after parsing attributes in process `syz.3.1198'.
[  266.322319][ T9690] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1197'.
[  271.136315][ T9797] dvmrp0: entered allmulticast mode
[  271.153414][ T9797] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1239'.
[  271.695065][ T9810] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1245'.
[  271.806461][ T9812] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1245'.
[  272.044138][ T5849] Bluetooth: hci0: command 0x0406 tx timeout
[  272.105362][ T9813] netlink: 4388 bytes leftover after parsing attributes in process `syz.4.1244'.
[  273.022949][ T9826] fuse: Bad value for 'fd'
[  273.832196][ T9852] fuse: Bad value for 'fd'
[  274.879062][ T9873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1270'.
[  276.137278][ T9910] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1287'.
[  276.163399][ T9899] netlink: 4388 bytes leftover after parsing attributes in process `syz.4.1273'.
[  276.185999][ T9910] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1287'.
[  277.475072][   T30] audit: type=1804 audit(1755953295.208:931): pid=9930 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.1294" name="file0" dev="tmpfs" ino=1640 res=1 errno=0
[  277.654630][ T9938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1297'.
[  279.002345][ T9983] fuse: Bad value for 'fd'
[  279.161546][ T9992] netlink: 4388 bytes leftover after parsing attributes in process `syz.3.1304'.
[  280.355064][T10023] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1331'.
[  280.366160][T10023] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1331'.
[  280.555433][ T5862] Bluetooth: hci4: unexpected subevent 0x01 length: 37 > 18
[  280.562828][ T5862] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  280.583766][ T5849] Bluetooth: hci4: SCO packet for unknown connection handle 200
[  280.603502][T10028] fuse: Bad value for 'fd'
[  280.793494][T10033] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=10033 comm=syz.3.1333
[  280.810493][T10033] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=10033 comm=syz.3.1333
[  280.903692][T10033] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2592 sclass=netlink_route_socket pid=10033 comm=syz.3.1333
[  281.371701][T10052] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1341'.
[  281.634819][T10060] fuse: Bad value for 'fd'
[  282.208937][   T30] audit: type=1804 audit(1755953299.928:932): pid=10080 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1353" name="file0" dev="tmpfs" ino=1523 res=1 errno=0
[  282.663100][ T3576] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.832783][ T3576] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.921649][T10093] overlayfs: failed to clone lowerpath
[  283.435050][ T3576] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.533289][ T5862] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  283.545481][ T5862] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  283.554524][ T5862] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  283.562880][ T5862] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  283.570429][ T5862] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  283.604252][   T30] audit: type=1400 audit(1755953301.338:933): avc:  denied  { mounton } for  pid=10100 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  284.136058][ T3576] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.254826][T10126] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1364'.
[  284.307340][T10124] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1368'.
[  284.405773][   T30] audit: type=1804 audit(1755953302.146:934): pid=10133 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.1370" name="file0" dev="tmpfs" ino=1443 res=1 errno=0
[  284.569238][ T3576] bridge_slave_1: left allmulticast mode
[  284.631629][ T3576] bridge_slave_1: left promiscuous mode
[  284.666927][   T30] audit: type=1326 audit(1755953302.406:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10137 comm="syz.4.1371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa53ab8ebe9 code=0x7ffc0000
[  284.698066][   T30] audit: type=1326 audit(1755953302.436:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10137 comm="syz.4.1371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa53ab8ebe9 code=0x7ffc0000
[  284.722792][ T3576] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.745197][   T30] audit: type=1326 audit(1755953302.486:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10137 comm="syz.4.1371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa53ab8ebe9 code=0x7ffc0000
[  284.839201][ T3576] bridge_slave_0: left allmulticast mode
[  284.845660][   T30] audit: type=1326 audit(1755953302.486:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10137 comm="syz.4.1371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa53ab8ebe9 code=0x7ffc0000
[  284.880174][ T3576] bridge_slave_0: left promiscuous mode
[  284.930381][ T3576] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.964370][   T30] audit: type=1326 audit(1755953302.486:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10137 comm="syz.4.1371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa53ab8ebe9 code=0x7ffc0000
[  285.222059][T10149] overlayfs: overlapping lowerdir path
[  285.640518][ T5849] Bluetooth: hci1: command tx timeout
[  285.663596][   T30] audit: type=1326 audit(1755953302.556:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10137 comm="syz.4.1371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa53ab8ebe9 code=0x7ffc0000
[  285.825975][   T30] audit: type=1326 audit(1755953302.556:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10137 comm="syz.4.1371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa53ab8ebe9 code=0x7ffc0000
[  286.020493][   T30] audit: type=1326 audit(1755953302.556:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10137 comm="syz.4.1371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa53ab8ebe9 code=0x7ffc0000
[  286.558817][ T3576] dvmrp0 (unregistering): left allmulticast mode
[  286.926599][ T3576] bond0 (unregistering): left promiscuous mode
[  286.934022][ T3576] bond_slave_0: left promiscuous mode
[  286.948443][ T3576] bond_slave_1: left promiscuous mode
[  286.966525][ T3576] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  286.984454][ T3576] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  286.997923][ T3576] bond0 (unregistering): Released all slaves
[  287.092338][T10183] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  287.731216][ T5849] Bluetooth: hci1: command tx timeout
[  287.889098][ T3576] batadv0: left promiscuous mode
[  287.982791][ T3576] hsr_slave_0: left promiscuous mode
[  287.997358][ T3576] hsr_slave_1: left promiscuous mode
[  288.114705][ T3576] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  288.120193][T10214] netlink: del zone limit has 4 unknown bytes
[  288.143727][ T5862] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  288.143987][ T3576] batman_adv: batadv0: Removing interface: batadv_slave_0
[  288.164647][ T5862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  288.174979][ T3576] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  288.180510][ T5862] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  288.202107][ T5862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  288.205166][ T3576] batman_adv: batadv0: Removing interface: batadv_slave_1
[  288.221033][ T5862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  288.338974][ T3576] veth1_macvtap: left promiscuous mode
[  288.349183][ T3576] veth0_macvtap: left promiscuous mode
[  288.362727][ T3576] veth1_vlan: left promiscuous mode
[  288.372756][ T3576] veth0_vlan: left promiscuous mode
[  288.611018][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  288.611035][   T30] audit: type=1804 audit(1755953306.360:950): pid=10234 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.1400" name="file0" dev="tmpfs" ino=1489 res=1 errno=0
[  288.836351][ T3576] team0 (unregistering): Port device team_slave_1 removed
[  288.879581][ T3576] team0 (unregistering): Port device team_slave_0 removed
[  288.940018][T10242] netlink: 236 bytes leftover after parsing attributes in process `syz.1.1404'.
[  289.133102][T10250] netlink: del zone limit has 4 unknown bytes
[  289.175919][ T3576] team0 (unregistering): Port device dummy0 removed
[  289.477560][T10260] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1412'.
[  289.518367][T10100] chnl_net:caif_netlink_parms(): no params data found
[  289.724082][T10264] netlink: 236 bytes leftover after parsing attributes in process `syz.4.1413'.
[  289.827869][ T5849] Bluetooth: hci1: command tx timeout
[  290.281774][ T5849] Bluetooth: hci0: command tx timeout
[  290.292635][T10100] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.299792][T10100] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.309885][T10100] bridge_slave_0: entered allmulticast mode
[  290.320012][T10100] bridge_slave_0: entered promiscuous mode
[  290.341056][T10100] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.348187][T10100] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.358484][T10100] bridge_slave_1: entered allmulticast mode
[  290.455623][T10100] bridge_slave_1: entered promiscuous mode
[  291.668221][T10100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  291.752525][T10100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  291.850714][T10299] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1420'.
[  291.882581][ T5849] Bluetooth: hci1: command tx timeout
[  291.892896][T10100] team0: Port device team_slave_0 added
[  291.901775][T10100] team0: Port device team_slave_1 added
[  292.715223][ T5849] Bluetooth: hci0: command tx timeout
[  292.853400][T10100] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.860889][T10100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.887495][T10100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.956168][ T3576] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.019615][T10100] batman_adv: batadv0: Adding interface: batadv_slave_1
[  293.026949][T10100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  293.057902][T10100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  293.578755][ T3576] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.658365][T10100] hsr_slave_0: entered promiscuous mode
[  293.665811][T10100] hsr_slave_1: entered promiscuous mode
[  293.682974][T10100] debugfs: 'hsr0' already exists in 'hsr'
[  293.689858][T10100] Cannot create hsr debugfs directory
[  293.696579][T10336] netlink: 236 bytes leftover after parsing attributes in process `syz.4.1427'.
[  293.710046][T10210] chnl_net:caif_netlink_parms(): no params data found
[  293.763472][ T3576] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.976235][ T3576] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.553049][T10210] bridge0: port 1(bridge_slave_0) entered blocking state
[  294.578744][T10210] bridge0: port 1(bridge_slave_0) entered disabled state
[  294.595121][T10210] bridge_slave_0: entered allmulticast mode
[  294.614904][T10210] bridge_slave_0: entered promiscuous mode
[  294.666814][T10210] bridge0: port 2(bridge_slave_1) entered blocking state
[  294.703376][T10210] bridge0: port 2(bridge_slave_1) entered disabled state
[  294.729775][T10210] bridge_slave_1: entered allmulticast mode
[  294.939203][ T5849] Bluetooth: hci0: command tx timeout
[  295.297374][T10210] bridge_slave_1: entered promiscuous mode
[  295.369984][T10374] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1436'.
[  295.589148][T10210] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  295.600704][T10210] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  295.704362][T10374] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.760532][T10210] team0: Port device team_slave_0 added
[  295.844123][T10210] team0: Port device team_slave_1 added
[  295.969101][T10100] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  295.987919][ T3576] bridge0: port 3(team0) entered disabled state
[  295.998134][ T3576] bridge_slave_1: left allmulticast mode
[  296.008601][ T3576] bridge_slave_1: left promiscuous mode
[  296.015554][ T3576] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.030826][ T3576] bridge_slave_0: left allmulticast mode
[  296.039058][ T3576] bridge_slave_0: left promiscuous mode
[  296.047470][ T3576] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.103598][T10397] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1443'.
[  296.504492][ T3576] dvmrp0 (unregistering): left allmulticast mode
[  297.004891][ T5849] Bluetooth: hci0: command tx timeout
[  297.036026][ T3576] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  297.056594][ T3576] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  297.073769][ T3576] bond0 (unregistering): Released all slaves
[  297.157410][ T3576] bond1 (unregistering): Released all slaves
[  297.172621][T10210] batman_adv: batadv0: Adding interface: batadv_slave_0
[  297.179650][T10210] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.206817][T10210] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  297.218084][T10100] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  297.253322][ T3576] tipc: Left network mode
[  297.260408][T10210] batman_adv: batadv0: Adding interface: batadv_slave_1
[  297.268839][T10210] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.326380][T10210] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  297.340393][T10100] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  297.389324][T10100] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  297.554847][T10210] hsr_slave_0: entered promiscuous mode
[  297.568429][T10210] hsr_slave_1: entered promiscuous mode
[  297.585653][T10210] debugfs: 'hsr0' already exists in 'hsr'
[  297.591965][T10210] Cannot create hsr debugfs directory
[  297.942407][ T3576] hsr_slave_0: left promiscuous mode
[  297.956002][ T3576] hsr_slave_1: left promiscuous mode
[  297.983080][ T3576] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  298.001156][ T3576] batman_adv: batadv0: Removing interface: batadv_slave_0
[  298.034584][ T3576] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  298.054485][ T3576] batman_adv: batadv0: Removing interface: batadv_slave_1
[  298.120005][ T3576] veth1_macvtap: left promiscuous mode
[  298.211223][T10458] fuse: Bad value for 'fd'
[  298.220687][ T3576] veth0_macvtap: left promiscuous mode
[  298.226305][ T3576] veth1_vlan: left promiscuous mode
[  298.260460][ T3576] veth0_vlan: left promiscuous mode
[  299.438678][ T3576] team_slave_1 (unregistering): left promiscuous mode
[  299.446349][ T3576] team_slave_1 (unregistering): left allmulticast mode
[  299.455349][ T3576] team0 (unregistering): Port device team_slave_1 removed
[  299.485645][ T3576] team_slave_0 (unregistering): left promiscuous mode
[  299.492609][ T3576] team_slave_0 (unregistering): left allmulticast mode
[  299.501550][ T3576] team0 (unregistering): Port device team_slave_0 removed
[  299.849974][T10478] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1461'.
[  300.045973][T10100] 8021q: adding VLAN 0 to HW filter on device bond0
[  300.207062][T10100] 8021q: adding VLAN 0 to HW filter on device team0
[  300.313296][T10493] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1467'.
[  300.326960][ T7839] bridge0: port 1(bridge_slave_0) entered blocking state
[  300.334109][ T7839] bridge0: port 1(bridge_slave_0) entered forwarding state
[  300.377434][ T7839] bridge0: port 2(bridge_slave_1) entered blocking state
[  300.384586][ T7839] bridge0: port 2(bridge_slave_1) entered forwarding state
[  300.398672][T10210] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  300.429161][T10210] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  300.444868][T10210] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  300.484588][T10210] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  300.547500][T10100] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  300.569615][T10100] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  300.670092][T10515] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1471'.
[  300.956868][T10210] 8021q: adding VLAN 0 to HW filter on device bond0
[  301.005735][T10210] 8021q: adding VLAN 0 to HW filter on device team0
[  301.045504][ T3576] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.052645][ T3576] bridge0: port 1(bridge_slave_0) entered forwarding state
[  301.111439][ T3576] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.118578][ T3576] bridge0: port 2(bridge_slave_1) entered forwarding state
[  301.350741][T10100] 8021q: adding VLAN 0 to HW filter on device batadv0
[  301.660585][T10210] 8021q: adding VLAN 0 to HW filter on device batadv0
[  302.113831][T10100] veth0_vlan: entered promiscuous mode
[  302.140613][T10100] veth1_vlan: entered promiscuous mode
[  302.197988][T10582] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1483'.
[  302.232385][T10100] veth0_macvtap: entered promiscuous mode
[  302.257140][T10100] veth1_macvtap: entered promiscuous mode
[  302.309367][T10100] batman_adv: batadv0: Interface activated: batadv_slave_0
[  302.355843][T10100] batman_adv: batadv0: Interface activated: batadv_slave_1
[  302.377968][T10592] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1485'.
[  302.754580][ T7846] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  302.765575][ T7846] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  303.114203][T10210] veth0_vlan: entered promiscuous mode
[  303.135978][T10210] veth1_vlan: entered promiscuous mode
[  303.148286][ T7846] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  303.251183][ T7846] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  303.348898][T10210] veth0_macvtap: entered promiscuous mode
[  303.401266][ T7838] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  303.408264][T10210] veth1_macvtap: entered promiscuous mode
[  303.409610][ T7838] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  303.531129][T10210] batman_adv: batadv0: Interface activated: batadv_slave_0
[  303.556195][T10210] batman_adv: batadv0: Interface activated: batadv_slave_1
[  303.593037][ T7838] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  303.614619][ T7839] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  303.620878][ T7838] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  303.670400][ T7839] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  303.679334][ T7839] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  303.748170][T10619] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1491'.
[  303.748940][   T30] audit: type=1400 audit(1755953321.490:951): avc:  denied  { mounton } for  pid=10100 comm="syz-executor" path="/root/syzkaller.XTho3o/syz-tmp" dev="sda1" ino=2048 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  303.831647][ T7839] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  303.856212][   T30] audit: type=1400 audit(1755953321.510:952): avc:  denied  { mounton } for  pid=10100 comm="syz-executor" path="/root/syzkaller.XTho3o/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  303.892842][   T30] audit: type=1400 audit(1755953321.510:953): avc:  denied  { mounton } for  pid=10100 comm="syz-executor" path="/root/syzkaller.XTho3o/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=26446 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  303.925812][   T30] audit: type=1400 audit(1755953321.560:954): avc:  denied  { mounton } for  pid=10100 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  303.998582][   T30] audit: type=1400 audit(1755953321.560:955): avc:  denied  { mounton } for  pid=10100 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  304.575498][ T7846] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  304.596887][ T7846] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  304.712646][ T7838] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  304.735160][ T7838] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  305.444595][   T30] audit: type=1400 audit(1755953323.183:956): avc:  denied  { setopt } for  pid=10668 comm="syz.6.1392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  306.335420][T10692] netlink: 9896 bytes leftover after parsing attributes in process `syz.1.1510'.
[  306.383919][T10692] netlink: del zone limit has 4 unknown bytes
[  307.295868][T10717] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1517'.
[  307.698519][T10734] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1522'.
[  312.116223][T10815] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  312.284431][T10827] netlink: del zone limit has 4 unknown bytes
[  312.347628][T10829] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1549'.
[  314.740632][T10884] overlay: Unknown parameter '/'
[  317.020842][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  317.029143][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  323.784888][T11017] netlink: 236 bytes leftover after parsing attributes in process `syz.6.1594'.
[  324.389247][T11037] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1599'.
[  325.017152][T11050] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1603'.
[  325.401537][T11066] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1608'.
[  326.813832][   T30] audit: type=1804 audit(1755953344.560:957): pid=11085 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.6.1611" name="/newroot/22/file0" dev="tmpfs" ino=130 res=1 errno=0
[  327.559879][T11097] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1615'.
[  327.601205][T11097] netlink: 236 bytes leftover after parsing attributes in process `syz.5.1615'.
[  327.748132][T11102] fuse: Bad value for 'group_id'
[  327.791653][T11102] fuse: Bad value for 'group_id'
[  327.931436][T11111] dvmrp0: entered allmulticast mode
[  327.958910][T11111] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1618'.
[  329.070802][T11128] fuse: Bad value for 'group_id'
[  329.078276][T11128] fuse: Bad value for 'group_id'
[  329.459516][   T30] audit: type=1804 audit(1755953347.200:958): pid=11143 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.1627" name="file0" dev="tmpfs" ino=2020 res=1 errno=0
[  329.501417][T11145] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1629'.
[  329.528722][T11145] netlink: 236 bytes leftover after parsing attributes in process `syz.2.1629'.
[  331.193276][T11180] overlayfs: missing 'lowerdir'
[  331.850898][T11183] netlink: 4388 bytes leftover after parsing attributes in process `syz.6.1625'.
[  334.816969][T11247] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1650'.
[  334.848535][T11247] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1650'.
[  335.215458][T11256] netlink: 236 bytes leftover after parsing attributes in process `syz.6.1653'.
[  336.654917][T11286] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1659'.
[  338.208615][T11313] netlink: 236 bytes leftover after parsing attributes in process `syz.6.1668'.
[  339.273681][T11332] dvmrp0: entered allmulticast mode
[  339.292747][T11332] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1673'.
[  339.575356][T11336] netlink: zone id is out of range
[  339.616462][T11336] netlink: set zone limit has 4 unknown bytes
[  340.743205][T11354] netlink: 236 bytes leftover after parsing attributes in process `syz.1.1681'.
[  340.864659][   T30] audit: type=1804 audit(1755953358.590:959): pid=11353 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.5.1680" name="/newroot/42/file0" dev="tmpfs" ino=231 res=1 errno=0
[  341.945940][T11376] netlink: zone id is out of range
[  342.015644][T11376] netlink: set zone limit has 4 unknown bytes
[  342.956707][T11390] netlink: 236 bytes leftover after parsing attributes in process `syz.2.1693'.
[  343.133718][T11395] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1694'.
[  343.536702][T11395] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1694'.
[  343.660663][T11400] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1696'.
[  344.530382][ T5929] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  344.691634][ T5929] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  344.709524][ T5929] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  344.765258][ T5929] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  344.776668][ T5929] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  344.788778][ T5929] usb 6-1: config 0 descriptor??
[  344.895216][T11423] netlink: 236 bytes leftover after parsing attributes in process `syz.2.1705'.
[  345.063597][T11427] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1704'.
[  345.999431][ T5929] uclogic 0003:256C:006D.0006: failed retrieving string descriptor #100: -71
[  346.012078][ T5929] uclogic 0003:256C:006D.0006: failed retrieving pen parameters: -71
[  346.046757][ T5929] uclogic 0003:256C:006D.0006: failed probing pen v1 parameters: -71
[  346.103942][ T5929] uclogic 0003:256C:006D.0006: failed probing parameters: -71
[  346.124531][ T5929] uclogic 0003:256C:006D.0006: probe with driver uclogic failed with error -71
[  346.173620][ T5929] usb 6-1: USB disconnect, device number 2
[  346.286682][T11446] fuse: Unknown parameter 'grou00000000000000000000'
[  348.381663][T11481] netlink: 236 bytes leftover after parsing attributes in process `syz.5.1725'.
[  348.493240][T11490] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11490 comm=syz.6.1729
[  348.523339][T11490] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11490 comm=syz.6.1729
[  348.718951][T11506] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1736'.
[  348.967316][T11513] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1738'.
[  349.128106][T11517] netlink: 236 bytes leftover after parsing attributes in process `syz.6.1739'.
[  352.195176][T11538] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11538 comm=syz.5.1743
[  352.246083][T11538] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11538 comm=syz.5.1743
[  352.440505][T11542] autofs: Unknown parameter '0x0000000000000000'
[  353.347459][T11565] netlink: 236 bytes leftover after parsing attributes in process `syz.5.1754'.
[  354.270011][T11575] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11575 comm=syz.5.1756
[  354.290235][T11575] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11575 comm=syz.5.1756
[  354.367526][T11579] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=11579 comm=syz.1.1759
[  354.432914][T11579] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=11579 comm=syz.1.1759
[  354.496232][T11579] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2592 sclass=netlink_route_socket pid=11579 comm=syz.1.1759
[  354.645204][   T30] audit: type=1400 audit(1755953372.388:960): avc:  denied  { ioctl } for  pid=11584 comm="syz.5.1761" path="socket:[28611]" dev="sockfs" ino=28611 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  355.340317][T11595] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1763'.
[  356.681633][ T5862] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  356.704112][ T5862] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  356.730355][ T5862] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  356.747065][ T5862] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  356.756656][ T5862] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  357.661233][T11609] chnl_net:caif_netlink_parms(): no params data found
[  358.488517][T11609] bridge0: port 1(bridge_slave_0) entered blocking state
[  358.497981][T11609] bridge0: port 1(bridge_slave_0) entered disabled state
[  358.506660][T11609] bridge_slave_0: entered allmulticast mode
[  358.543287][T11609] bridge_slave_0: entered promiscuous mode
[  358.563279][T11609] bridge0: port 2(bridge_slave_1) entered blocking state
[  358.840644][ T5849] Bluetooth: hci5: command tx timeout
[  358.870642][T11609] bridge0: port 2(bridge_slave_1) entered disabled state
[  358.877868][T11609] bridge_slave_1: entered allmulticast mode
[  358.885426][T11609] bridge_slave_1: entered promiscuous mode
[  358.963609][T11637] block nbd0: Attempted send on invalid socket
[  358.989901][T11637] blk_print_req_error: 10 callbacks suppressed
[  358.989918][T11637] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  359.051099][T11609] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  359.077777][T11609] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  359.137903][T11609] team0: Port device team_slave_0 added
[  359.152808][T11609] team0: Port device team_slave_1 added
[  359.225870][T11609] batman_adv: batadv0: Adding interface: batadv_slave_0
[  359.239344][T11609] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  359.370233][T11609] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  359.474087][T11646] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1773'.
[  359.487609][T11609] batman_adv: batadv0: Adding interface: batadv_slave_1
[  359.509430][T11609] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  359.638215][T11609] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  359.931107][T11609] hsr_slave_0: entered promiscuous mode
[  359.944323][T11609] hsr_slave_1: entered promiscuous mode
[  359.951467][T11609] debugfs: 'hsr0' already exists in 'hsr'
[  359.957396][T11609] Cannot create hsr debugfs directory
[  360.921373][ T5849] Bluetooth: hci5: command tx timeout
[  361.126947][T11609] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  361.152982][T11609] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  361.210100][T11609] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  361.221272][T11609] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  362.381608][T11697] o2cb: This node has not been configured.
[  362.387635][T11697] o2cb: Cluster check failed. Fix errors before retrying.
[  362.398582][T11697] (syz.6.1789,11697,0):user_dlm_register:674 ERROR: status = -22
[  362.406491][T11697] (syz.6.1789,11697,0):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "bus"
[  362.415668][   T30] audit: type=1400 audit(1755953380.108:961): avc:  denied  { add_name } for  pid=11695 comm="syz.6.1789" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  362.420384][T11609] 8021q: adding VLAN 0 to HW filter on device bond0
[  362.628796][   T30] audit: type=1400 audit(1755953380.118:962): avc:  denied  { create } for  pid=11695 comm="syz.6.1789" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  362.651995][   T30] audit: type=1400 audit(1755953380.118:963): avc:  denied  { associate } for  pid=11695 comm="syz.6.1789" name="bus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  362.694919][T11609] 8021q: adding VLAN 0 to HW filter on device team0
[  362.714085][ T1150] bridge0: port 1(bridge_slave_0) entered blocking state
[  362.721181][ T1150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  362.754397][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state
[  362.761486][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  362.799243][T11609] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  362.911722][T11702] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1056 sclass=netlink_route_socket pid=11702 comm=syz.1.1791
[  363.001235][ T5849] Bluetooth: hci5: command tx timeout
[  363.005399][   T30] audit: type=1804 audit(1755953380.748:964): pid=11707 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.6.1792" name="/newroot/70/file0" dev="tmpfs" ino=375 res=1 errno=0
[  363.287380][T11718] FAULT_INJECTION: forcing a failure.
[  363.287380][T11718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  363.338637][T11609] 8021q: adding VLAN 0 to HW filter on device batadv0
[  363.346537][T11718] CPU: 0 UID: 0 PID: 11718 Comm: syz.6.1796 Not tainted syzkaller #0 PREEMPT(full) 
[  363.346559][T11718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  363.346569][T11718] Call Trace:
[  363.346575][T11718]  <TASK>
[  363.346582][T11718]  dump_stack_lvl+0x16c/0x1f0
[  363.346607][T11718]  should_fail_ex+0x512/0x640
[  363.346630][T11718]  copy_fpstate_to_sigframe+0x854/0xaf0
[  363.346661][T11718]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  363.346684][T11718]  ? posixtimer_deliver_signal+0x105/0x6b0
[  363.346707][T11718]  ? posixtimer_deliver_signal+0x1c7/0x6b0
[  363.346722][T11718]  ? x86_task_fpu+0x5f/0x90
[  363.346746][T11718]  get_sigframe+0x4a8/0x9c0
[  363.346776][T11718]  ? __pfx_get_sigframe+0x10/0x10
[  363.346799][T11718]  ? _raw_spin_unlock_irq+0x23/0x50
[  363.346825][T11718]  ? siginfo_layout+0x177/0x290
[  363.346849][T11718]  x64_setup_rt_frame+0x12e/0xcf0
[  363.346878][T11718]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  363.346908][T11718]  arch_do_signal_or_restart+0x5e4/0x7d0
[  363.346931][T11718]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  363.346960][T11718]  ? __pfx_do_readv+0x10/0x10
[  363.346980][T11718]  exit_to_user_mode_loop+0x84/0x110
[  363.347000][T11718]  do_syscall_64+0x3f6/0x4c0
[  363.347020][T11718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.347037][T11718] RIP: 0033:0x7f3f0278ebe7
[  363.347054][T11718] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  363.347070][T11718] RSP: 002b:00007f3f0352f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  363.347086][T11718] RAX: 0000000000000013 RBX: 00007f3f029b5fa0 RCX: 00007f3f0278ebe9
[  363.347096][T11718] RDX: 0000000000000001 RSI: 0000200000009500 RDI: 0000000000000003
[  363.347106][T11718] RBP: 00007f3f0352f090 R08: 0000000000000000 R09: 0000000000000000
[  363.347115][T11718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  363.347125][T11718] R13: 00007f3f029b6038 R14: 00007f3f029b5fa0 R15: 00007ffcbc6611a8
[  363.347148][T11718]  </TASK>
[  363.778992][   T30] audit: type=1400 audit(1755953380.978:965): avc:  denied  { read write } for  pid=11717 comm="syz.6.1796" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  363.851660][   T30] audit: type=1400 audit(1755953380.978:966): avc:  denied  { open } for  pid=11717 comm="syz.6.1796" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  364.025759][   T30] audit: type=1400 audit(1755953380.988:967): avc:  denied  { ioctl } for  pid=11717 comm="syz.6.1796" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  364.929178][T11740] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1799'.
[  365.084062][ T5849] Bluetooth: hci5: command tx timeout
[  365.967789][T11609] veth0_vlan: entered promiscuous mode
[  365.985063][T11609] veth1_vlan: entered promiscuous mode
[  366.085345][T11609] veth0_macvtap: entered promiscuous mode
[  366.116108][T11609] veth1_macvtap: entered promiscuous mode
[  366.132501][T11755] autofs: Unknown parameter 'fd0x0000000000000000'
[  366.175379][T11609] batman_adv: batadv0: Interface activated: batadv_slave_0
[  366.319681][T11609] batman_adv: batadv0: Interface activated: batadv_slave_1
[  366.354524][ T7843] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  366.392792][ T7843] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  366.433353][ T7843] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  366.553363][ T7843] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  366.993135][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  367.052129][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  367.151981][ T7842] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  367.218269][ T7842] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  367.930248][ T5956] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  368.098320][ T5956] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.445364][ T5956] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.464677][ T5956] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  368.573544][ T5956] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.601137][ T5956] usb 7-1: config 0 descriptor??
[  369.348652][T11793] fuse: Unknown parameter 'group_id00000000000000000000'
[  369.965455][ T5956] uclogic 0003:256C:006D.0007: failed retrieving string descriptor #100: -71
[  369.976521][ T5956] uclogic 0003:256C:006D.0007: failed retrieving pen parameters: -71
[  369.996555][ T5956] uclogic 0003:256C:006D.0007: failed probing pen v1 parameters: -71
[  370.018186][ T5956] uclogic 0003:256C:006D.0007: failed probing parameters: -71
[  370.065142][ T5956] uclogic 0003:256C:006D.0007: probe with driver uclogic failed with error -71
[  370.107471][ T5956] usb 7-1: USB disconnect, device number 2
[  370.115813][T11807] netlink: zone id is out of range
[  370.152127][   T30] audit: type=1804 audit(1755953387.898:968): pid=11810 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.1818" name="file0" dev="tmpfs" ino=2084 res=1 errno=0
[  370.194380][T11812] netlink: 9896 bytes leftover after parsing attributes in process `syz.2.1817'.
[  370.210153][T11807] netlink: set zone limit has 4 unknown bytes
[  370.532716][T11829] fuse: Unknown parameter 'group_id00000000000000000000'
[  371.073847][T11832] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1823'.
[  371.608502][   T30] audit: type=1400 audit(1755953389.348:969): avc:  denied  { mount } for  pid=11845 comm="syz.2.1830" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  371.609810][T11847] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1830'.
[  371.638465][   T30] audit: type=1400 audit(1755953389.348:970): avc:  denied  { nlmsg_read } for  pid=11845 comm="syz.2.1830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  371.740272][ T5848] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  371.787533][T11848] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1830'.
[  371.796613][T11848] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1830'.
[  371.967420][T11848] geneve2: entered promiscuous mode
[  371.972971][T11848] geneve2: entered allmulticast mode
[  372.046343][ T5848] usb 8-1: Using ep0 maxpacket: 8
[  372.127986][ T5848] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  372.147454][ T5848] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  372.187712][ T5848] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  372.236817][ T5848] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  372.253451][ T5848] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  372.287231][ T5848] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  372.317725][ T5848] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.385552][T11858] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1831'.
[  372.625393][ T5848] usb 8-1: GET_CAPABILITIES returned 0
[  372.650407][ T5848] usbtmc 8-1:16.0: can't read capabilities
[  372.813817][T11842] FAULT_INJECTION: forcing a failure.
[  372.813817][T11842] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  372.826973][T11842] CPU: 1 UID: 0 PID: 11842 Comm: syz.7.1828 Not tainted syzkaller #0 PREEMPT(full) 
[  372.826989][T11842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  372.826995][T11842] Call Trace:
[  372.826999][T11842]  <TASK>
[  372.827003][T11842]  dump_stack_lvl+0x16c/0x1f0
[  372.827020][T11842]  should_fail_ex+0x512/0x640
[  372.827035][T11842]  _copy_from_user+0x2e/0xd0
[  372.827051][T11842]  io_submit_one+0xbb/0x1df0
[  372.827066][T11842]  ? __lock_acquire+0xb97/0x1ce0
[  372.827086][T11842]  ? __pfx_io_submit_one+0x10/0x10
[  372.827104][T11842]  ? __might_fault+0xe3/0x190
[  372.827114][T11842]  ? __might_fault+0x13b/0x190
[  372.827128][T11842]  ? __x64_sys_io_submit+0x1a9/0x350
[  372.827141][T11842]  __x64_sys_io_submit+0x1a9/0x350
[  372.827156][T11842]  ? __pfx___x64_sys_io_submit+0x10/0x10
[  372.827176][T11842]  do_syscall_64+0xcd/0x4c0
[  372.827189][T11842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.827200][T11842] RIP: 0033:0x7fd9c838ebe9
[  372.827209][T11842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.827219][T11842] RSP: 002b:00007fd9c92a9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  372.827230][T11842] RAX: ffffffffffffffda RBX: 00007fd9c85b5fa0 RCX: 00007fd9c838ebe9
[  372.827237][T11842] RDX: 0000200000000000 RSI: 0000000000000001 RDI: 00007fd9c9288000
[  372.827244][T11842] RBP: 00007fd9c92a9090 R08: 0000000000000000 R09: 0000000000000000
[  372.827250][T11842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.827256][T11842] R13: 00007fd9c85b6038 R14: 00007fd9c85b5fa0 R15: 00007ffd838f0ac8
[  372.827269][T11842]  </TASK>
[  372.828103][ T5848] usb 8-1: USB disconnect, device number 2
[  375.052689][   T30] audit: type=1400 audit(1755953392.788:971): avc:  denied  { map } for  pid=11888 comm="syz.6.1843" path="/dev/bus/usb/002/001" dev="devtmpfs" ino=724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  375.109812][   T30] audit: type=1400 audit(1755953392.788:972): avc:  denied  { execute } for  pid=11888 comm="syz.6.1843" path="/dev/bus/usb/002/001" dev="devtmpfs" ino=724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  375.997442][   T30] audit: type=1804 audit(1755953393.738:973): pid=11904 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1847" name="file0" dev="tmpfs" ino=2117 res=1 errno=0
[  377.091079][   T30] audit: type=1400 audit(1755953394.838:974): avc:  denied  { write } for  pid=11886 comm="syz.1.1842" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  378.124146][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  378.134918][T11937] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.144164][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  378.435615][T11952] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1858'.
[  378.570273][   T30] audit: type=1804 audit(1755953396.208:975): pid=11949 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.7.1860" name="/newroot/8/file0" dev="tmpfs" ino=60 res=1 errno=0
[  379.914335][T11974] fuse: Bad value for 'fd'
[  380.075098][T11976] ptrace attach of "./syz-executor exec"[10100] was attempted by "./syz-executor exec"[11976]
[  381.248664][T11993] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1874'.
[  381.352880][   T30] audit: type=1400 audit(1755953399.098:976): avc:  denied  { bind } for  pid=11994 comm="syz.5.1875" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  381.726651][T12007] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.1873'.
[  382.834739][T12016] fuse: Bad value for 'fd'
[  382.915760][T12018] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=12018 comm=syz.1.1881
[  382.929422][T12018] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=12018 comm=syz.1.1881
[  382.942759][T12018] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2592 sclass=netlink_route_socket pid=12018 comm=syz.1.1881
[  383.148509][T12025] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1884'.
[  383.401077][ T5848] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  383.656591][ T5848] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  383.666044][ T5848] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  383.680286][ T5848] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  383.778662][ T5848] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 49, changing to 9
[  383.802572][T12043] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1890'.
[  383.820990][ T5848] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8192, setting to 1024
[  383.833493][T12043] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1890'.
[  383.915149][ T5848] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  383.936260][ T5848] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  383.964633][ T5848] usb 6-1: Product: syz
[  383.977129][ T5848] usb 6-1: Manufacturer: syz
[  384.008849][ T5848] cdc_wdm 6-1:1.0: skipping garbage
[  384.026410][ T5848] cdc_wdm 6-1:1.0: skipping garbage
[  384.051552][ T5848] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  384.147704][ T5848] cdc_wdm 6-1:1.0: Unknown control protocol
[  384.232568][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  384.239294][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  384.246341][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  384.252944][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  384.259228][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  384.265820][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  384.272196][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  384.278779][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  384.285087][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  384.291664][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  384.297900][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  384.304486][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  384.314233][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  384.320828][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  384.323591][T12024] 9pnet_fd: Insufficient options for proto=fd
[  384.327364][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  384.339514][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  384.346775][   T30] audit: type=1400 audit(1755953401.978:977): avc:  denied  { read write } for  pid=12021 comm="syz.5.1883" name="cdc-wdm0" dev="devtmpfs" ino=2961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  384.372443][ T5968] usb 6-1: USB disconnect, device number 3
[  384.392373][   T30] audit: type=1400 audit(1755953401.978:978): avc:  denied  { open } for  pid=12021 comm="syz.5.1883" path="/dev/cdc-wdm0" dev="devtmpfs" ino=2961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  384.714619][T12052] fuse: Bad value for 'fd'
[  386.218019][T12079] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1901'.
[  386.234777][T12079] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1901'.
[  386.244128][T12079] bridge0: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms)
[  386.258743][T12079] bridge0: port 1(
) entered disabled state
[  386.290248][   T30] audit: type=1400 audit(1755953403.978:979): avc:  denied  { accept } for  pid=12077 comm="syz.1.1901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  386.427369][T12083] netlink: 'syz.2.1900': attribute type 10 has an invalid length.
[  386.435279][T12083] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1900'.
[  386.444725][T12083] team0: entered promiscuous mode
[  386.449769][T12083] team_slave_0: entered promiscuous mode
[  386.456629][T12083] team_slave_1: entered promiscuous mode
[  386.462362][   T30] audit: type=1400 audit(1755953404.168:980): avc:  denied  { getopt } for  pid=12073 comm="syz.2.1900" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  386.621179][T12083] team0: entered allmulticast mode
[  386.634269][T12083] team_slave_0: entered allmulticast mode
[  387.776663][T12083] team_slave_1: entered allmulticast mode
[  387.796153][T12083] bridge0: port 3(team0) entered blocking state
[  387.859803][T12083] bridge0: port 3(team0) entered disabled state
[  387.860300][T12093] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1900'.
[  387.906566][T12083] bridge0: port 3(team0) entered blocking state
[  387.912933][T12083] bridge0: port 3(team0) entered forwarding state
[  388.774710][T12107] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1907'.
[  390.290856][T12128] pim6reg: entered allmulticast mode
[  390.764455][T12126] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.1912'.
[  392.989419][T12156] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1917'.
[  393.839198][T12170] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1922'.
[  394.393376][T12184] fuse: Bad value for 'fd'
[  395.251823][T12197] FAULT_INJECTION: forcing a failure.
[  395.251823][T12197] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  395.440736][T12197] CPU: 0 UID: 0 PID: 12197 Comm: syz.7.1932 Not tainted syzkaller #0 PREEMPT(full) 
[  395.440762][T12197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  395.440773][T12197] Call Trace:
[  395.440778][T12197]  <TASK>
[  395.440785][T12197]  dump_stack_lvl+0x16c/0x1f0
[  395.440808][T12197]  should_fail_ex+0x512/0x640
[  395.440832][T12197]  _copy_to_user+0x32/0xd0
[  395.440858][T12197]  simple_read_from_buffer+0xcb/0x170
[  395.440878][T12197]  proc_fail_nth_read+0x197/0x240
[  395.440899][T12197]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  395.440912][T12197]  ? rw_verify_area+0xcf/0x6c0
[  395.440929][T12197]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  395.440941][T12197]  vfs_read+0x1e1/0xcf0
[  395.440954][T12197]  ? __pfx___mutex_lock+0x10/0x10
[  395.440966][T12197]  ? __pfx_vfs_read+0x10/0x10
[  395.440981][T12197]  ? __fget_files+0x20e/0x3c0
[  395.440997][T12197]  ksys_read+0x12a/0x250
[  395.441007][T12197]  ? __pfx_ksys_read+0x10/0x10
[  395.441022][T12197]  do_syscall_64+0xcd/0x4c0
[  395.441035][T12197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.441046][T12197] RIP: 0033:0x7fd9c838d5fc
[  395.441055][T12197] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  395.441066][T12197] RSP: 002b:00007fd9c9143030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  395.441077][T12197] RAX: ffffffffffffffda RBX: 00007fd9c85b6090 RCX: 00007fd9c838d5fc
[  395.441085][T12197] RDX: 000000000000000f RSI: 00007fd9c91430a0 RDI: 0000000000000006
[  395.441091][T12197] RBP: 00007fd9c9143090 R08: 0000000000000000 R09: 0000000000000000
[  395.441097][T12197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  395.441103][T12197] R13: 00007fd9c85b6128 R14: 00007fd9c85b6090 R15: 00007ffd838f0ac8
[  395.441117][T12197]  </TASK>
[  395.503495][T12205] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1934'.
[  395.688939][T12185] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.1927'.
[  396.151799][T12218] netlink: 108 bytes leftover after parsing attributes in process `syz.6.1937'.
[  396.337309][T12223] No control pipe specified
[  396.689071][T12229] fuse: Invalid rootmode
[  397.871881][ T5956] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  398.154987][ T5956] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  398.214209][ T5956] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  398.247201][T12255] dvmrp0: entered allmulticast mode
[  398.258341][T12255] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1948'.
[  398.288631][ T5956] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  398.322475][ T5956] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.370268][ T5956] usb 7-1: config 0 descriptor??
[  399.060131][T12261] netlink: 4388 bytes leftover after parsing attributes in process `syz.2.1949'.
[  399.462572][ T5956] uclogic 0003:256C:006D.0008: failed retrieving string descriptor #100: -71
[  399.483703][ T5956] uclogic 0003:256C:006D.0008: failed retrieving pen parameters: -71
[  399.506894][ T5956] uclogic 0003:256C:006D.0008: failed probing pen v1 parameters: -71
[  399.522937][ T5956] uclogic 0003:256C:006D.0008: failed probing parameters: -71
[  399.652914][ T5956] uclogic 0003:256C:006D.0008: probe with driver uclogic failed with error -71
[  399.825523][ T5956] usb 7-1: USB disconnect, device number 3
[  404.081388][T12300] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1961'.
[  404.118408][T12304] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1963'.
[  404.191588][T12304] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1963'.
[  404.510672][  T977] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  404.829689][  T977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  405.021647][  T977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  405.190249][  T977] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  405.208372][  T977] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.371559][T12330] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1970'.
[  405.832460][ T5862] Bluetooth: hci1: command 0x0406 tx timeout
[  405.896949][  T977] usb 6-1: config 0 descriptor??
[  406.289426][   T30] audit: type=1400 audit(1755953424.025:981): avc:  denied  { getopt } for  pid=12337 comm="syz.6.1971" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  407.140335][  T977] uclogic 0003:256C:006D.0009: failed retrieving string descriptor #100: -71
[  407.185906][  T977] uclogic 0003:256C:006D.0009: failed retrieving pen parameters: -71
[  407.206279][  T977] uclogic 0003:256C:006D.0009: failed probing pen v1 parameters: -71
[  407.225044][  T977] uclogic 0003:256C:006D.0009: failed probing parameters: -71
[  407.240428][  T977] uclogic 0003:256C:006D.0009: probe with driver uclogic failed with error -71
[  407.300014][  T977] usb 6-1: USB disconnect, device number 4
[  407.740715][T12362] FAULT_INJECTION: forcing a failure.
[  407.740715][T12362] name failslab, interval 1, probability 0, space 0, times 0
[  407.766543][T12362] CPU: 1 UID: 0 PID: 12362 Comm: syz.7.1979 Not tainted syzkaller #0 PREEMPT(full) 
[  407.766568][T12362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  407.766578][T12362] Call Trace:
[  407.766583][T12362]  <TASK>
[  407.766589][T12362]  dump_stack_lvl+0x16c/0x1f0
[  407.766617][T12362]  should_fail_ex+0x512/0x640
[  407.766635][T12362]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  407.766663][T12362]  should_failslab+0xc2/0x120
[  407.766682][T12362]  __kmalloc_cache_noprof+0x6a/0x3e0
[  407.766707][T12362]  ? sctp_datamsg_from_user+0x8d/0x1320
[  407.766734][T12362]  sctp_datamsg_from_user+0x8d/0x1320
[  407.766756][T12362]  ? __sk_mem_raise_allocated+0x94d/0x1670
[  407.766776][T12362]  ? __pfx___might_resched+0x10/0x10
[  407.766800][T12362]  ? __sk_mem_schedule+0xd0/0x100
[  407.766819][T12362]  sctp_sendmsg_to_asoc+0xaf5/0x1bf0
[  407.766846][T12362]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  407.766863][T12362]  ? do_raw_spin_lock+0x12c/0x2b0
[  407.766882][T12362]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  407.766906][T12362]  ? sctp_sendmsg_check_sflags+0x176/0x320
[  407.766927][T12362]  sctp_sendmsg+0xea2/0x1e10
[  407.766955][T12362]  ? __pfx_sctp_sendmsg+0x10/0x10
[  407.766981][T12362]  ? __pfx_sock_has_perm+0x10/0x10
[  407.767016][T12362]  ? __pfx_sctp_sendmsg+0x10/0x10
[  407.767039][T12362]  inet_sendmsg+0x11c/0x140
[  407.767065][T12362]  sock_write_iter+0x4aa/0x5b0
[  407.767089][T12362]  ? __pfx_sock_write_iter+0x10/0x10
[  407.767123][T12362]  ? __pfx_file_has_perm+0x10/0x10
[  407.767148][T12362]  do_iter_readv_writev+0x662/0x9e0
[  407.767178][T12362]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  407.767205][T12362]  ? selinux_file_permission+0x126/0x660
[  407.767231][T12362]  ? bpf_lsm_file_permission+0x9/0x10
[  407.767253][T12362]  ? security_file_permission+0x71/0x210
[  407.767279][T12362]  ? rw_verify_area+0xcf/0x6c0
[  407.767307][T12362]  vfs_writev+0x35f/0xde0
[  407.767326][T12362]  ? __lock_acquire+0x62e/0x1ce0
[  407.767353][T12362]  ? __pfx_vfs_writev+0x10/0x10
[  407.767388][T12362]  ? __fget_files+0x20e/0x3c0
[  407.767406][T12362]  ? __fget_files+0x140/0x3c0
[  407.767431][T12362]  ? do_writev+0x28c/0x340
[  407.767446][T12362]  do_writev+0x28c/0x340
[  407.767462][T12362]  ? __pfx_do_writev+0x10/0x10
[  407.767486][T12362]  do_syscall_64+0xcd/0x4c0
[  407.767508][T12362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.767525][T12362] RIP: 0033:0x7fd9c838ebe9
[  407.767540][T12362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  407.767557][T12362] RSP: 002b:00007fd9c92a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  407.767574][T12362] RAX: ffffffffffffffda RBX: 00007fd9c85b5fa0 RCX: 00007fd9c838ebe9
[  407.767586][T12362] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000003
[  407.767596][T12362] RBP: 00007fd9c92a9090 R08: 0000000000000000 R09: 0000000000000000
[  407.767606][T12362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.767620][T12362] R13: 00007fd9c85b6038 R14: 00007fd9c85b5fa0 R15: 00007ffd838f0ac8
[  407.767645][T12362]  </TASK>
[  408.254147][T12376] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1985'.
[  408.507642][ T5922] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  408.702226][ T5922] usb 6-1: Using ep0 maxpacket: 32
[  408.727808][ T5922] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  408.744285][ T5922] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.766769][ T5922] usb 6-1: config 0 descriptor??
[  408.994904][ T5922] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  409.031869][ T5922] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  409.051548][ T5922] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  409.058703][ T5922] usb 6-1: media controller created
[  409.186412][ T5922] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  409.227832][ T5922] az6027: usb out operation failed. (-71)
[  409.255628][   T30] audit: type=1400 audit(1755953426.990:982): avc:  denied  { write } for  pid=12385 comm="syz.6.1988" path="socket:[31697]" dev="sockfs" ino=31697 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  409.315962][ T5922] az6027: usb out operation failed. (-71)
[  409.326742][ T5922] stb0899_attach: Driver disabled by Kconfig
[  409.333085][ T5922] az6027: no front-end attached
[  409.333085][ T5922] 
[  409.343277][ T5922] az6027: usb out operation failed. (-71)
[  409.349057][ T5922] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  409.411120][ T5922] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input10
[  409.526487][ T5922] dvb-usb: schedule remote query interval to 400 msecs.
[  409.540414][ T5922] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  409.567397][ T5922] usb 6-1: USB disconnect, device number 5
[  409.725435][ T5922] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  410.285542][T12408] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1996'.
[  411.168893][ T5862] Bluetooth: hci0: command 0x0406 tx timeout
[  411.260286][T12414] fuse: Unknown parameter 'use00000000000000000000'
[  411.685631][T12424] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2002'.
[  411.939441][T12427] netlink: 4388 bytes leftover after parsing attributes in process `syz.5.1997'.
[  413.610304][  T977] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  413.961789][T12458] fuse: Unknown parameter 'use00000000000000000000'
[  413.975287][  T977] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  413.990359][  T977] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  414.085158][  T977] usb 8-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  414.114359][  T977] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.132158][  T977] usb 8-1: config 0 descriptor??
[  414.228728][T12463] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2012'.
[  414.673167][T12466] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2013'.
[  414.856433][T12466] bridge0: port 2(bridge_slave_1) entered disabled state
[  415.154404][  T977] uclogic 0003:256C:006D.000A: failed retrieving string descriptor #100: -71
[  415.200285][  T977] uclogic 0003:256C:006D.000A: failed retrieving pen parameters: -71
[  415.220579][  T977] uclogic 0003:256C:006D.000A: failed probing pen v1 parameters: -71
[  415.239242][  T977] uclogic 0003:256C:006D.000A: failed probing parameters: -71
[  415.253417][  T977] uclogic 0003:256C:006D.000A: probe with driver uclogic failed with error -71
[  415.290482][  T977] usb 8-1: USB disconnect, device number 3
[  417.210664][T12495] fuse: Unknown parameter 'use00000000000000000000'
[  417.347931][T12500] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2023'.
[  417.696508][T12505] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2024'.
[  418.700246][   T30] audit: type=1400 audit(1755953436.442:983): avc:  denied  { mount } for  pid=12509 comm="syz.2.2027" name="/" dev="configfs" ino=1059 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  418.730430][   T30] audit: type=1400 audit(1755953436.442:984): avc:  denied  { search } for  pid=12509 comm="syz.2.2027" name="/" dev="configfs" ino=1059 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  418.793449][T12519] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2029'.
[  420.410547][   T30] audit: type=1400 audit(1755953438.152:985): avc:  denied  { ioctl } for  pid=12530 comm="syz.1.2035" path="socket:[32909]" dev="sockfs" ino=32909 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  420.462780][   T30] audit: type=1400 audit(1755953438.212:986): avc:  denied  { watch watch_reads } for  pid=12530 comm="syz.1.2035" path="/443" dev="tmpfs" ino=2308 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  421.510247][ T5956] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  421.524077][T12551] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2040'.
[  421.664290][T12555] block nbd6: shutting down sockets
[  421.680473][ T5956] usb 6-1: Using ep0 maxpacket: 16
[  421.697490][ T5956] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  421.730531][ T5956] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  421.861117][ T5956] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  421.894351][ T5956] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  422.490781][ T5956] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.502701][ T5956] usb 6-1: config 0 descriptor??
[  422.971105][T12574] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2047'.
[  423.079514][T12580] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2049'.
[  423.110750][ T5956] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  423.250276][ T5956] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  423.352383][T12546] FAULT_INJECTION: forcing a failure.
[  423.352383][T12546] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  423.460320][T12546] CPU: 1 UID: 0 PID: 12546 Comm: syz.5.2038 Not tainted syzkaller #0 PREEMPT(full) 
[  423.460345][T12546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  423.460355][T12546] Call Trace:
[  423.460363][T12546]  <TASK>
[  423.460367][T12546]  dump_stack_lvl+0x16c/0x1f0
[  423.460384][T12546]  should_fail_ex+0x512/0x640
[  423.460398][T12546]  _copy_to_user+0x32/0xd0
[  423.460414][T12546]  simple_read_from_buffer+0xcb/0x170
[  423.460427][T12546]  proc_fail_nth_read+0x197/0x240
[  423.460440][T12546]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  423.460453][T12546]  ? rw_verify_area+0xcf/0x6c0
[  423.460470][T12546]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  423.460482][T12546]  vfs_read+0x1e1/0xcf0
[  423.460494][T12546]  ? __pfx___mutex_lock+0x10/0x10
[  423.460507][T12546]  ? __pfx_vfs_read+0x10/0x10
[  423.460521][T12546]  ? __fget_files+0x20e/0x3c0
[  423.460542][T12546]  ksys_read+0x12a/0x250
[  423.460552][T12546]  ? __pfx_ksys_read+0x10/0x10
[  423.460563][T12546]  ? fdget+0x187/0x210
[  423.460576][T12546]  do_syscall_64+0xcd/0x4c0
[  423.460590][T12546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.460601][T12546] RIP: 0033:0x7f653218d5fc
[  423.460610][T12546] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  423.460621][T12546] RSP: 002b:00007f6532f58030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  423.460632][T12546] RAX: ffffffffffffffda RBX: 00007f65323b5fa0 RCX: 00007f653218d5fc
[  423.460638][T12546] RDX: 000000000000000f RSI: 00007f6532f580a0 RDI: 0000000000000004
[  423.460644][T12546] RBP: 00007f6532f58090 R08: 0000000000000000 R09: 0000000000000000
[  423.460651][T12546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  423.460657][T12546] R13: 00007f65323b6038 R14: 00007f65323b5fa0 R15: 00007ffc0eb04b58
[  423.460670][T12546]  </TASK>
[  423.851174][ T5956] HID 045e:07da: Invalid code 65791 type 1
[  424.050375][ T5956] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.000B/input/input11
[  424.077549][T12588] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  424.108249][ T5956] microsoft 0003:045E:07DA.000B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  424.146035][ T5956] usb 6-1: USB disconnect, device number 6
[  424.406870][T12594] fido_id[12594]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[  424.890430][ T5921] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  424.930624][ T5956] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  425.130538][T12604] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2052'.
[  425.520384][ T5921] usb 8-1: Using ep0 maxpacket: 8
[  425.526956][ T5921] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  425.538619][ T5956] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  425.553253][ T5921] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  425.563533][ T5956] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  425.584030][ T5921] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  425.594870][ T5956] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  425.604005][ T5921] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  425.617888][ T5956] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.631910][ T5956] usb 6-1: config 0 descriptor??
[  425.639695][ T5921] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  425.669154][ T5921] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.042743][ T5921] usb 8-1: GET_CAPABILITIES returned 0
[  426.055144][ T5921] usbtmc 8-1:16.0: can't read capabilities
[  426.231291][ T5921] IPVS: starting estimator thread 0...
[  426.239432][    C0] usbtmc 8-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  426.254193][ T5921] usb 8-1: USB disconnect, device number 4
[  426.340206][T12621] IPVS: using max 39 ests per chain, 93600 per kthread
[  426.978896][ T5956] uclogic 0003:256C:006D.000C: failed retrieving string descriptor #200: -71
[  427.012483][ T5956] uclogic 0003:256C:006D.000C: failed retrieving pen parameters: -71
[  427.054329][ T5956] uclogic 0003:256C:006D.000C: failed probing pen v2 parameters: -71
[  427.078640][ T5956] uclogic 0003:256C:006D.000C: failed probing parameters: -71
[  427.104716][ T5956] uclogic 0003:256C:006D.000C: probe with driver uclogic failed with error -71
[  427.136027][ T5956] usb 6-1: USB disconnect, device number 7
[  428.571032][T12634] FAULT_INJECTION: forcing a failure.
[  428.571032][T12634] name failslab, interval 1, probability 0, space 0, times 0
[  428.631752][T12634] CPU: 0 UID: 0 PID: 12634 Comm: syz.7.2062 Not tainted syzkaller #0 PREEMPT(full) 
[  428.631777][T12634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  428.631787][T12634] Call Trace:
[  428.631792][T12634]  <TASK>
[  428.631799][T12634]  dump_stack_lvl+0x16c/0x1f0
[  428.631822][T12634]  should_fail_ex+0x512/0x640
[  428.631841][T12634]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  428.631862][T12634]  should_failslab+0xc2/0x120
[  428.631883][T12634]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  428.631900][T12634]  ? getname_flags.part.0+0x4c/0x550
[  428.631927][T12634]  getname_flags.part.0+0x4c/0x550
[  428.631948][T12634]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  428.631969][T12634]  getname_flags+0x93/0xf0
[  428.631985][T12634]  user_path_at+0x24/0x60
[  428.632003][T12634]  do_fchownat+0xf9/0x200
[  428.632025][T12634]  ? __pfx_do_fchownat+0x10/0x10
[  428.632047][T12634]  ? __pfx_ksys_write+0x10/0x10
[  428.632066][T12634]  __x64_sys_fchownat+0xbd/0x160
[  428.632086][T12634]  ? do_syscall_64+0x91/0x4c0
[  428.632104][T12634]  ? lockdep_hardirqs_on+0x7c/0x110
[  428.632121][T12634]  do_syscall_64+0xcd/0x4c0
[  428.632139][T12634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.632155][T12634] RIP: 0033:0x7fd9c838ebe9
[  428.632170][T12634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  428.632185][T12634] RSP: 002b:00007fd9c92a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000104
[  428.632201][T12634] RAX: ffffffffffffffda RBX: 00007fd9c85b5fa0 RCX: 00007fd9c838ebe9
[  428.632211][T12634] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  428.632221][T12634] RBP: 00007fd9c92a9090 R08: 0000000000000100 R09: 0000000000000000
[  428.632231][T12634] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[  428.632241][T12634] R13: 00007fd9c85b6038 R14: 00007fd9c85b5fa0 R15: 00007ffd838f0ac8
[  428.632264][T12634]  </TASK>
[  428.855950][T12641] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2066'.
[  428.983723][T12646] binder: 12642:12646 ioctl c0306201 2000000001c0 returned -14
[  429.484253][T12660] netlink: 64 bytes leftover after parsing attributes in process `syz.7.2070'.
[  430.185755][ T5956] IPVS: starting estimator thread 0...
[  430.196256][   T30] audit: type=1400 audit(1755953447.932:987): avc:  denied  { append } for  pid=12664 comm="syz.7.2074" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  430.230323][T12666] IPVS: set_ctl: invalid protocol: 48 172.20.20.170:0
[  430.238347][T12666] IPVS: length: 56 != 206581052192
[  430.340389][T12667] IPVS: using max 37 ests per chain, 88800 per kthread
[  430.389553][   T30] audit: type=1400 audit(1755953447.982:988): avc:  denied  { getopt } for  pid=12664 comm="syz.7.2074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  430.510268][ T5922] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  430.677825][ T5922] usb 8-1: unable to get BOS descriptor or descriptor too short
[  430.900777][ T5922] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  430.937068][ T5922] usb 8-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  431.066349][ T5922] usb 8-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 33279, setting to 1024
[  431.080414][   T30] audit: type=1400 audit(1755953448.832:989): avc:  denied  { lock } for  pid=12674 comm="syz.6.2076" path="socket:[33118]" dev="sockfs" ino=33118 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  431.084397][ T5922] usb 8-1: config 1 interface 1 has no altsetting 0
[  431.113129][ T5849] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  431.179978][ T5849] CPU: 0 UID: 0 PID: 5849 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  431.180007][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  431.180020][ T5849] Workqueue: hci0 hci_rx_work
[  431.180042][ T5849] Call Trace:
[  431.180049][ T5849]  <TASK>
[  431.180056][ T5849]  dump_stack_lvl+0x16c/0x1f0
[  431.180079][ T5849]  sysfs_warn_dup+0x7f/0xa0
[  431.180103][ T5849]  sysfs_create_dir_ns+0x24b/0x2b0
[  431.180130][ T5849]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  431.180150][ T5849]  ? find_held_lock+0x2b/0x80
[  431.180177][ T5849]  ? do_raw_spin_unlock+0x172/0x230
[  431.180199][ T5849]  kobject_add_internal+0x2c4/0x9b0
[  431.180227][ T5849]  kobject_add+0x16e/0x240
[  431.180249][ T5849]  ? __pfx_kobject_add+0x10/0x10
[  431.180273][ T5849]  ? do_raw_spin_unlock+0x172/0x230
[  431.180294][ T5849]  ? kobject_put+0xab/0x5a0
[  431.180325][ T5849]  device_add+0x288/0x1aa0
[  431.180351][ T5849]  ? __pfx_dev_set_name+0x10/0x10
[  431.180379][ T5849]  ? __pfx_device_add+0x10/0x10
[  431.180403][ T5849]  ? mgmt_send_event_skb+0x2fb/0x460
[  431.180442][ T5849]  hci_conn_add_sysfs+0x17e/0x230
[  431.180463][ T5849]  le_conn_complete_evt+0x1075/0x1d70
[  431.180491][ T5849]  ? preempt_count_sub+0xf0/0x160
[  431.180521][ T5849]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  431.180548][ T5849]  ? hci_event_packet+0x459/0x11c0
[  431.180586][ T5849]  hci_le_conn_complete_evt+0x23c/0x370
[  431.180623][ T5849]  hci_le_meta_evt+0x357/0x5e0
[  431.180641][ T5849]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  431.180674][ T5849]  hci_event_packet+0x682/0x11c0
[  431.180702][ T5849]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  431.180722][ T5849]  ? __pfx_hci_event_packet+0x10/0x10
[  431.180763][ T5849]  ? kcov_remote_start+0x3c9/0x6d0
[  431.180784][ T5849]  ? lockdep_hardirqs_on+0x7c/0x110
[  431.180810][ T5849]  hci_rx_work+0x2c5/0x16b0
[  431.180829][ T5849]  ? rcu_is_watching+0x12/0xc0
[  431.180857][ T5849]  process_one_work+0x9cf/0x1b70
[  431.180889][ T5849]  ? __pfx_process_one_work+0x10/0x10
[  431.180918][ T5849]  ? assign_work+0x1a0/0x250
[  431.180940][ T5849]  worker_thread+0x6c8/0xf10
[  431.180969][ T5849]  ? __kthread_parkme+0x19e/0x250
[  431.180997][ T5849]  ? __pfx_worker_thread+0x10/0x10
[  431.181017][ T5849]  kthread+0x3c2/0x780
[  431.181036][ T5849]  ? __pfx_kthread+0x10/0x10
[  431.181056][ T5849]  ? rcu_is_watching+0x12/0xc0
[  431.181079][ T5849]  ? __pfx_kthread+0x10/0x10
[  431.181098][ T5849]  ret_from_fork+0x5d7/0x6f0
[  431.181115][ T5849]  ? __pfx_kthread+0x10/0x10
[  431.181134][ T5849]  ret_from_fork_asm+0x1a/0x30
[  431.181171][ T5849]  </TASK>
[  431.187531][ T5922] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  431.191634][ T5849] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  431.454848][ T5849] Bluetooth: hci0: failed to register connection device
[  431.505435][T12681] netlink: 201916 bytes leftover after parsing attributes in process `syz.1.2079'.
[  431.522150][ T5922] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.555289][ T5922] usb 8-1: Product: syz
[  431.559496][ T5922] usb 8-1: Manufacturer: syz
[  431.576798][T12681] netlink: 201916 bytes leftover after parsing attributes in process `syz.1.2079'.
[  431.595746][ T5922] usb 8-1: SerialNumber: syz
[  431.640100][T12681] netlink: 201916 bytes leftover after parsing attributes in process `syz.1.2079'.
[  431.674644][T12681] netlink: 201916 bytes leftover after parsing attributes in process `syz.1.2079'.
[  431.690774][T12681] netlink: 201916 bytes leftover after parsing attributes in process `syz.1.2079'.
[  431.713035][T12681] netlink: 201916 bytes leftover after parsing attributes in process `syz.1.2079'.
[  431.760661][T12681] netlink: 201916 bytes leftover after parsing attributes in process `syz.1.2079'.
[  431.830866][T12681] netlink: 201916 bytes leftover after parsing attributes in process `syz.1.2079'.
[  431.841730][T12666] IPVS: set_ctl: invalid protocol: 115 224.0.0.2:20004
[  431.873064][   T30] audit: type=1400 audit(1755953449.612:990): avc:  denied  { read } for  pid=12664 comm="syz.7.2074" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  431.898033][ T5922] usb 8-1: 2:1 : no or invalid class specific endpoint descriptor
[  431.927229][ T5922] usb 8-1: 2:1 : unknown format tag 0x1009 is detected.  processed as MPEG.
[  431.946017][ T5922] usb 8-1: found format II with max.bitrate = 2418, frame size=7
[  431.963024][ T5922] usb 8-1: 2:1 : no or invalid class specific endpoint descriptor
[  431.986607][ T5922] usb 8-1: 2:1 : unknown format tag 0x1009 is detected.  processed as MPEG.
[  432.012168][ T5922] usb 8-1: found format II with max.bitrate = 2418, frame size=7
[  432.190563][   T30] audit: type=1400 audit(1755953449.612:991): avc:  denied  { open } for  pid=12664 comm="syz.7.2074" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  432.221169][ T5922] usb 8-1: USB disconnect, device number 5
[  432.577175][T12704] FAULT_INJECTION: forcing a failure.
[  432.577175][T12704] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  432.620871][T12704] CPU: 1 UID: 0 PID: 12704 Comm: syz.6.2081 Not tainted syzkaller #0 PREEMPT(full) 
[  432.620898][T12704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  432.620908][T12704] Call Trace:
[  432.620915][T12704]  <TASK>
[  432.620923][T12704]  dump_stack_lvl+0x16c/0x1f0
[  432.620948][T12704]  should_fail_ex+0x512/0x640
[  432.620972][T12704]  _copy_from_user+0x2e/0xd0
[  432.620995][T12704]  copy_msghdr_from_user+0x98/0x160
[  432.621014][T12704]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  432.621045][T12704]  ___sys_sendmsg+0xfe/0x1d0
[  432.621064][T12704]  ? __pfx____sys_sendmsg+0x10/0x10
[  432.621112][T12704]  __sys_sendmsg+0x16d/0x220
[  432.621132][T12704]  ? __pfx___sys_sendmsg+0x10/0x10
[  432.621167][T12704]  do_syscall_64+0xcd/0x4c0
[  432.621189][T12704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.621206][T12704] RIP: 0033:0x7f3f0278ebe9
[  432.621222][T12704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  432.621238][T12704] RSP: 002b:00007f3f009f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  432.621254][T12704] RAX: ffffffffffffffda RBX: 00007f3f029b6180 RCX: 00007f3f0278ebe9
[  432.621266][T12704] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000005
[  432.621277][T12704] RBP: 00007f3f009f6090 R08: 0000000000000000 R09: 0000000000000000
[  432.621287][T12704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  432.621297][T12704] R13: 00007f3f029b6218 R14: 00007f3f029b6180 R15: 00007ffcbc6611a8
[  432.621320][T12704]  </TASK>
[  433.160423][ T5922] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  433.330592][ T5922] usb 6-1: Using ep0 maxpacket: 16
[  433.625538][ T5922] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  433.640269][ T5922] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  433.651992][ T5922] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  433.751275][ T5922] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  433.767819][ T5922] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.808580][ T5922] usb 6-1: config 0 descriptor??
[  434.320045][ T5922] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  434.334307][ T5922] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  434.358344][ T5922] HID 045e:07da: Invalid code 65791 type 1
[  434.368559][T12732] __nla_validate_parse: 26 callbacks suppressed
[  434.368574][T12732] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2096'.
[  434.467222][ T5922] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.000D/input/input13
[  434.500378][ T5922] microsoft 0003:045E:07DA.000D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  434.834908][T12707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  434.908698][T12707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  435.098695][ T5921] usb 6-1: USB disconnect, device number 8
[  436.010226][ T5960] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  436.100019][T12757] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2103'.
[  436.651700][ T5960] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  436.674749][ T5960] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  436.785558][ T5960] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  436.946754][ T5960] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  437.183497][ T5960] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.204388][ T5960] usb 7-1: Product: syz
[  437.210393][ T5960] usb 7-1: Manufacturer: syz
[  437.215240][ T5960] usb 7-1: SerialNumber: syz
[  437.255780][ T5960] hub 7-1:1.0: bad descriptor, ignoring hub
[  437.306254][ T5960] hub 7-1:1.0: probe with driver hub failed with error -5
[  437.763528][ T5960] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  438.006769][   T30] audit: type=1400 audit(1755953455.742:992): avc:  denied  { read write } for  pid=12745 comm="syz.6.2099" name="lp0" dev="devtmpfs" ino=3024 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  438.059654][   T30] audit: type=1400 audit(1755953455.742:993): avc:  denied  { open } for  pid=12745 comm="syz.6.2099" path="/dev/usb/lp0" dev="devtmpfs" ino=3024 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  438.514530][T12791] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2112'.
[  438.841640][T12793] netlink: 'syz.5.2110': attribute type 10 has an invalid length.
[  438.894376][T12793] 8021q: adding VLAN 0 to HW filter on device team0
[  438.921285][T12793] bond0: (slave team0): Enslaving as an active interface with an up link
[  439.181899][ T5907] usb 7-1: USB disconnect, device number 4
[  439.217119][ T5907] usblp0: removed
[  439.628156][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  439.636922][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  441.323708][   T30] audit: type=1400 audit(1755953459.064:994): avc:  denied  { ioctl } for  pid=12818 comm="syz.6.2119" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9379 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  441.348785][    C1] vkms_vblank_simulate: vblank timer overrun
[  441.349632][T12819] devtmpfs: Cannot change global quota limit on remount
[  441.369204][   T30] audit: type=1400 audit(1755953459.074:995): avc:  denied  { mount } for  pid=12818 comm="syz.6.2119" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  441.391509][    C1] vkms_vblank_simulate: vblank timer overrun
[  441.403651][   T30] audit: type=1400 audit(1755953459.094:996): avc:  denied  { remount } for  pid=12818 comm="syz.6.2119" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  441.432153][   T30] audit: type=1400 audit(1755953459.184:997): avc:  denied  { watch watch_reads } for  pid=12818 comm="syz.6.2119" path="/133/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  442.149709][T12836] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2123'.
[  442.298333][T12840] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2124'.
[  443.125788][   T30] audit: type=1400 audit(1755953460.874:998): avc:  denied  { unmount } for  pid=10210 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  443.434132][T12846] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  443.442017][T12846] batman_adv: batadv0: Removing interface: batadv_slave_0
[  443.504769][T12846] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  443.512447][T12846] batman_adv: batadv0: Removing interface: batadv_slave_1
[  444.559815][   T30] audit: type=1400 audit(1755953462.304:999): avc:  denied  { setopt } for  pid=12864 comm="syz.5.2132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  444.800487][ T5922] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  445.448972][ T5922] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  445.572723][ T5922] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  445.585458][ T5922] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  445.595839][ T5922] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.609613][ T5922] usb 7-1: config 0 descriptor??
[  446.730344][ T5956] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  446.749717][ T5922] uclogic 0003:256C:006D.000E: failed retrieving string descriptor #100: -71
[  446.781321][ T5922] uclogic 0003:256C:006D.000E: failed retrieving pen parameters: -71
[  446.789425][ T5922] uclogic 0003:256C:006D.000E: failed probing pen v1 parameters: -71
[  446.817242][ T5922] uclogic 0003:256C:006D.000E: failed probing parameters: -71
[  446.831949][ T5922] uclogic 0003:256C:006D.000E: probe with driver uclogic failed with error -71
[  446.875052][ T5922] usb 7-1: USB disconnect, device number 5
[  446.890328][ T5956] usb 6-1: Using ep0 maxpacket: 16
[  446.899282][ T5956] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  446.940164][ T5956] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  446.968409][ T5956] usb 6-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  447.030910][T12895] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2141'.
[  447.120622][ T5956] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.150731][ T5956] usb 6-1: config 0 descriptor??
[  447.566839][ T5956] aureal 0003:0755:2626.000F: report_id 1108778202 is invalid
[  447.575576][ T5956] aureal 0003:0755:2626.000F: item 0 4 1 8 parsing failed
[  447.588267][ T5956] aureal 0003:0755:2626.000F: probe with driver aureal failed with error -22
[  447.602853][T12902] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.2138'.
[  447.767697][ T5956] usb 6-1: USB disconnect, device number 9
[  449.346893][   T30] audit: type=1400 audit(1755953467.074:1000): avc:  denied  { read write } for  pid=12922 comm="syz.6.2149" name="cgroup.subtree_control" dev="cgroup2" ino=399 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  449.448511][ T5907] kernel write not supported for file /sequencer (pid: 5907 comm: kworker/1:5)
[  450.095436][   T30] audit: type=1400 audit(1755953467.084:1001): avc:  denied  { open } for  pid=12922 comm="syz.6.2149" path="<too_long>" dev="cgroup2" ino=399 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  450.120624][   T30] audit: type=1400 audit(1755953467.094:1002): avc:  denied  { ioctl } for  pid=12922 comm="syz.6.2149" path="<too_long>" dev="cgroup2" ino=399 ioctlcmd=0x9402 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  450.177793][T12931] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2150'.
[  450.563988][T12938] netlink: 'syz.2.2153': attribute type 9 has an invalid length.
[  450.598262][T12938] netlink: 'syz.2.2153': attribute type 9 has an invalid length.
[  450.640354][T12938] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2153'.
[  451.317090][T12957] openvswitch: netlink: Duplicate or invalid key (type 0).
[  451.333127][T12957] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  451.920033][T12982] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2166'.
[  451.987553][T12986] fuse: Unknown parameter '0x0000000000000003'
[  452.131712][T12990] netlink: 4400 bytes leftover after parsing attributes in process `syz.7.2162'.
[  452.161802][T12990] workqueue: name exceeds WQ_NAME_LEN. Truncating to: Ç`]Š•Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`
[  452.938307][T12993] netlink: 'syz.5.2164': attribute type 6 has an invalid length.
[  453.423325][T13006] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2170'.
[  455.236611][   T30] audit: type=1400 audit(1755953472.954:1003): avc:  denied  { lock } for  pid=13020 comm="syz.6.2175" path="socket:[33704]" dev="sockfs" ino=33704 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  456.009684][T13040] 9pnet_fd: Insufficient options for proto=fd
[  456.017447][T13039] 9pnet_fd: Insufficient options for proto=fd
[  456.248831][T13046] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2182'.
[  457.540821][   T30] audit: type=1400 audit(1755953475.294:1004): avc:  denied  { read write } for  pid=13066 comm="syz.1.2188" name="file0" dev="tmpfs" ino=2498 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  457.604385][   T30] audit: type=1400 audit(1755953475.314:1005): avc:  denied  { open } for  pid=13066 comm="syz.1.2188" path="/479/file0" dev="tmpfs" ino=2498 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  457.680356][   T30] audit: type=1400 audit(1755953475.314:1006): avc:  denied  { ioctl } for  pid=13066 comm="syz.1.2188" path="/479/file0" dev="tmpfs" ino=2498 ioctlcmd=0x5451 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  457.724032][T13075] delete_channel: no stack
[  457.727494][   T30] audit: type=1400 audit(1755953475.474:1007): avc:  denied  { write } for  pid=13058 comm="syz.2.2185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  458.417615][T13086] netlink: 236 bytes leftover after parsing attributes in process `syz.7.2193'.
[  459.189313][   T30] audit: type=1400 audit(1755953476.934:1008): avc:  denied  { ioctl } for  pid=13091 comm="syz.1.2194" path="socket:[34302]" dev="sockfs" ino=34302 ioctlcmd=0x8b32 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  462.331258][T13153] netlink: 'syz.6.2212': attribute type 5 has an invalid length.
[  462.360432][T13153] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2212'.
[  463.540295][ T5921] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  463.625704][ T5960] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  463.813632][ T5921] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  463.825095][ T5960] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  463.834306][ T5960] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.842789][ T5921] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  464.490494][ T5960] usb 6-1: config 0 descriptor??
[  464.495644][ T5921] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  464.504762][ T5921] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.569980][T13166] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  464.582619][ T5921] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  465.877444][ T5960] usb 6-1: Cannot set autoneg
[  465.884455][ T5960] MOSCHIP usb-ethernet driver 6-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  465.958305][ T5960] usb 6-1: USB disconnect, device number 10
[  466.336431][ T5960] usb 7-1: USB disconnect, device number 6
[  467.353095][T13216] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.2229'.
[  467.685321][   T30] audit: type=1400 audit(1755953485.334:1009): avc:  denied  { remount } for  pid=13217 comm="syz.6.2230" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  468.643426][   T30] audit: type=1400 audit(1755953486.394:1010): avc:  denied  { read } for  pid=13223 comm="syz.6.2232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  468.841011][T13227] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1056 sclass=netlink_route_socket pid=13227 comm=syz.6.2234
[  470.677930][T13258] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  470.744018][T13262] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1056 sclass=netlink_route_socket pid=13262 comm=syz.1.2242
[  470.766247][T13258] vim2m vim2m.0: vidioc_s_fmt queue busy
[  471.354022][   T30] audit: type=1804 audit(1755953489.104:1011): pid=13266 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.5.2244" name="/newroot/125/file0" dev="tmpfs" ino=659 res=1 errno=0
[  472.236547][T13276] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1056 sclass=netlink_route_socket pid=13276 comm=syz.6.2247
[  472.507908][   T30] audit: type=1400 audit(1755953490.254:1012): avc:  denied  { setattr } for  pid=13280 comm="syz.6.2249" name="NETLINK" dev="sockfs" ino=34593 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  473.022430][T13297] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2253'.
[  473.144362][T13301] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2257'.
[  473.285554][   T30] audit: type=1804 audit(1755953491.034:1013): pid=13306 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.2256" name="file0" dev="tmpfs" ino=2597 res=1 errno=0
[  473.469648][T13307] netlink: 4388 bytes leftover after parsing attributes in process `syz.7.2246'.
[  476.572588][T13366] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=97 sclass=netlink_route_socket pid=13366 comm=syz.2.2277
[  476.968681][T13366] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pid=13366 comm=syz.2.2277
[  478.950652][T13412] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2290'.
[  479.702066][T13420] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.2292'.
[  479.859276][T13423] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  479.890770][T13423] FAULT_INJECTION: forcing a failure.
[  479.890770][T13423] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  479.939292][T13424] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  479.954535][T13423] CPU: 0 UID: 0 PID: 13423 Comm: syz.7.2294 Not tainted syzkaller #0 PREEMPT(full) 
[  479.954565][T13423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  479.954575][T13423] Call Trace:
[  479.954581][T13423]  <TASK>
[  479.954588][T13423]  dump_stack_lvl+0x16c/0x1f0
[  479.954612][T13423]  should_fail_ex+0x512/0x640
[  479.954636][T13423]  _copy_from_iter+0x29f/0x1720
[  479.954660][T13423]  ? __lock_acquire+0x62e/0x1ce0
[  479.954690][T13423]  ? __pfx__copy_from_iter+0x10/0x10
[  479.954710][T13423]  ? __lock_acquire+0x62e/0x1ce0
[  479.954748][T13423]  copy_page_from_iter+0xde/0x180
[  479.954774][T13423]  tun_build_skb.constprop.0+0x2e8/0x1500
[  479.954807][T13423]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  479.954830][T13423]  ? unwind_get_return_address+0x59/0xa0
[  479.954851][T13423]  ? arch_stack_walk+0xa6/0x100
[  479.954888][T13423]  ? _kstrtoull+0x145/0x200
[  479.954903][T13423]  ? __pfx__kstrtoull+0x10/0x10
[  479.954921][T13423]  tun_get_user+0x14ae/0x3ce0
[  479.954954][T13423]  ? __pfx_tun_get_user+0x10/0x10
[  479.954980][T13423]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  479.955007][T13423]  ? find_held_lock+0x2b/0x80
[  479.955025][T13423]  ? tun_get+0x191/0x370
[  479.955050][T13423]  tun_chr_write_iter+0xdc/0x210
[  479.955072][T13423]  vfs_write+0x7d3/0x11d0
[  479.955089][T13423]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  479.955112][T13423]  ? __pfx_vfs_write+0x10/0x10
[  479.955126][T13423]  ? find_held_lock+0x2b/0x80
[  479.955157][T13423]  ksys_write+0x12a/0x250
[  479.955173][T13423]  ? __pfx_ksys_write+0x10/0x10
[  479.955194][T13423]  do_syscall_64+0xcd/0x4c0
[  479.955213][T13423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.955228][T13423] RIP: 0033:0x7fd9c838d69f
[  479.955242][T13423] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  479.955256][T13423] RSP: 002b:00007fd9c92a9000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  479.955272][T13423] RAX: ffffffffffffffda RBX: 00007fd9c85b5fa0 RCX: 00007fd9c838d69f
[  479.955282][T13423] RDX: 0000000000000042 RSI: 0000200000000080 RDI: 00000000000000c8
[  479.955291][T13423] RBP: 00007fd9c92a9090 R08: 0000000000000000 R09: 0000000000000000
[  479.955300][T13423] R10: 0000000000000042 R11: 0000000000000293 R12: 0000000000000001
[  479.955309][T13423] R13: 00007fd9c85b6038 R14: 00007fd9c85b5fa0 R15: 00007ffd838f0ac8
[  479.955330][T13423]  </TASK>
[  480.264173][T13426] tipc: Started in network mode
[  480.271367][T13426] tipc: Node identity aee727ee80dd, cluster identity 4711
[  480.278661][T13426] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  480.331257][T13429] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2293'.
[  481.204288][T13433] syzkaller0: entered promiscuous mode
[  481.209752][T13433] syzkaller0: entered allmulticast mode
[  481.214256][   T30] audit: type=1400 audit(1755953498.204:1014): avc:  denied  { accept } for  pid=13421 comm="syz.1.2293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  481.272126][ T5956] tipc: Node number set to 775563246
[  481.423214][T13429] bond0: (slave bond_slave_1): Releasing backup interface
[  481.619836][T13439] tipc: Resetting bearer <eth:syzkaller0>
[  481.780173][ T5956] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  481.941289][ T5956] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  482.033911][ T5956] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  482.062165][ T5956] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  482.124710][ T5956] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  482.211086][ T5956] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  482.222792][ T5956] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.250691][ T5956] usb 8-1: config 0 descriptor??
[  483.250418][ T5849] Bluetooth: hci5: command 0x0406 tx timeout
[  483.258150][T13425] tipc: Resetting bearer <eth:syzkaller0>
[  483.581712][T13425] tipc: Disabling bearer <eth:syzkaller0>
[  483.642890][ T5956] usbhid 8-1:0.0: can't add hid device: -71
[  483.648931][ T5956] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  483.764545][ T5956] usb 8-1: USB disconnect, device number 6
[  483.768727][T13465] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2304'.
[  484.033506][   T30] audit: type=1400 audit(1755953501.784:1015): avc:  denied  { bind } for  pid=13469 comm="syz.6.2306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  484.057128][T13470] ufs: You didn't specify the type of your ufs filesystem
[  484.057128][T13470] 
[  484.057128][T13470] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  484.057128][T13470] 
[  484.057128][T13470] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  484.122066][T13470] ufs: ufstype=old is supported read-only
[  484.136718][T13470] ufs: ufs_fill_super(): bad magic number
[  484.180546][   T30] audit: type=1400 audit(1755953501.804:1016): avc:  denied  { mounton } for  pid=13469 comm="syz.6.2306" path="/syzcgroup/unified/syz6" dev="cgroup2" ino=336 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  484.260286][   T30] audit: type=1400 audit(1755953501.904:1017): avc:  denied  { read write } for  pid=13471 comm="syz.5.2307" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  484.395042][T13470] team0: No ports can be present during mode change
[  484.413195][   T30] audit: type=1400 audit(1755953501.904:1018): avc:  denied  { open } for  pid=13471 comm="syz.5.2307" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  485.705588][   T31] INFO: task syz.4.1684:11361 blocked for more than 143 seconds.
SYZFAIL: failed to send rpc
[  485.843959][   T31]       Not tainted syzkaller #0
[  485.848923][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
fd=3 want=56 sent=0 n=-1 (errno 32: Broken pipe)
[  485.900635][   T30] audit: type=1400 audit(1755953503.624:1019): avc:  denied  { write } for  pid=5831 comm="syz-executor" path="pipe:[4029]" dev="pipefs" ino=4029 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  485.923865][   T31] task:syz.4.1684      state:D stack:28232 pid:11361 tgid:11359 ppid:5845   task_flags:0x400640 flags:0x00004004
[  485.996949][T13479] netlink: 'syz.5.2307': attribute type 21 has an invalid length.
[  486.005819][T13479] netlink: 128 bytes leftover after parsing attributes in process `syz.5.2307'.
[  486.015555][T13479] netlink: 'syz.5.2307': attribute type 4 has an invalid length.
[  486.029378][   T31] Call Trace:
[  486.042755][   T31]  <TASK>
[  486.045704][   T31]  __schedule+0x1190/0x5de0
[  486.100373][T13479] netlink: 3 bytes leftover after parsing attributes in process `syz.5.2307'.
[  486.120320][   T31]  ? __pfx___schedule+0x10/0x10
[  486.125227][   T31]  ? find_held_lock+0x2b/0x80
[  486.129904][   T31]  ? schedule+0x2d7/0x3a0
[  486.156120][   T31]  schedule+0xe7/0x3a0
[  486.161304][   T31]  schedule_timeout+0x257/0x290
[  486.166171][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  486.172325][   T31]  ? rcu_is_watching+0x12/0xc0
[  486.177096][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  486.182542][   T31]  __wait_for_common+0x2fc/0x4e0
[  486.187551][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  486.193972][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  486.220188][   T31]  ? __pfx_try_to_wake_up+0x10/0x10
[  486.225440][   T31]  ? rcu_is_watching+0x12/0xc0
[  486.230358][ T5848] usb 8-1: new low-speed USB device number 7 using dummy_hcd
[  486.250277][   T31]  wait_for_completion_state+0x1c/0x40
[  486.255811][   T31]  vfs_coredump+0x981/0x5670
[  486.320291][   T31]  ? __pfx_vfs_coredump+0x10/0x10
[  486.325384][   T31]  ? __lock_acquire+0x62e/0x1ce0
[  486.360210][   T31]  ? __lock_acquire+0x62e/0x1ce0
[  486.365224][   T31]  ? lock_acquire+0x179/0x350
[  486.369935][   T31]  ? lock_acquire+0x179/0x350
[  486.430176][   T31]  ? find_held_lock+0x2b/0x80
[  486.434899][   T31]  ? is_bpf_text_address+0x8a/0x1a0
[  486.463786][   T31]  ? bpf_ksym_find+0x127/0x1c0
[  486.490185][   T31]  ? __kernel_text_address+0xd/0x40
[  486.510247][   T31]  ? unwind_get_return_address+0x59/0xa0
[  486.550128][   T31]  ? arch_stack_walk+0xa6/0x100
[  486.560368][   T31]  ? stack_trace_save+0x8e/0xc0
[  486.565226][   T31]  ? __pfx_stack_trace_save+0x10/0x10
[  486.620266][   T31]  ? stack_depot_save_flags+0x29/0x9c0
[  486.630385][   T31]  ? __lock_acquire+0xb97/0x1ce0
[  486.636145][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.642540][   T31]  ? proc_coredump_connector+0x2d1/0x4f0
[  486.656524][   T31]  ? __pfx_proc_coredump_connector+0x10/0x10
[  486.662557][   T31]  ? rcu_is_watching+0x12/0xc0
[  486.667322][   T31]  get_signal+0x22e3/0x26d0
[  486.671849][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  486.677038][   T31]  ? __pfx_get_signal+0x10/0x10
[  486.681928][   T31]  ? force_sig_info_to_task+0x3a0/0x660
[  486.687481][   T31]  arch_do_signal_or_restart+0x8f/0x7d0
[  486.693046][   T31]  ? __pfx_force_exit_sig+0x10/0x10
[  486.698240][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  486.706163][   T31]  ? syscall_user_dispatch+0x12c/0x140
[  486.711652][   T31]  exit_to_user_mode_loop+0x84/0x110
[  486.716929][   T31]  do_syscall_64+0x3f6/0x4c0
[  486.721545][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.727455][   T31] RIP: 0033:0x7fa53ab8ebe9
[  486.731891][   T31] RSP: 002b:00007fa53b93c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  486.740352][   T31] RAX: ffffffffffffffda RBX: 00007fa53adb6098 RCX: 00007fa53ab8ebe9
[  486.748310][   T31] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa53adb609c
[  486.756289][   T31] RBP: 00007fa53adb6090 R08: 00007fa53b95e000 R09: 0000000000000000
[  486.764311][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  486.772306][   T31] R13: 00007fa53adb6128 R14: 00007ffd412cd9b0 R15: 00007ffd412cda98
[  486.780293][   T31]  </TASK>
[  486.783449][   T31] 
[  486.783449][   T31] Showing all locks held in the system:
[  486.801028][   T31] 1 lock held by khungtaskd/31:
[  486.806646][   T31]  #0: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  486.903135][   T31] 2 locks held by getty/5604:
[  486.907857][   T31]  #0: ffff88814d9620a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  487.000432][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  487.050206][   T31] 2 locks held by syz-executor/5843:
[  487.055517][   T31] 5 locks held by kworker/1:3/5848:
[  487.100188][   T31]  #0: ffff8880222ab948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  487.150123][   T31]  #1: ffffc90002fb7d10 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  487.200126][   T31]  #2: ffff888029ca6198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fe0
[  487.209049][   T31]  #3: ffff888029d51518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x2981/0x4fe0
[  487.290328][   T31]  #4: ffff8880297e6768 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x29aa/0x4fe0
[  487.300014][   T31] 2 locks held by kworker/0:5/5956:
[  487.370195][   T31]  #0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  487.389069][   T31]  #1: ffffc9000434fd10 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  487.410183][   T31] 2 locks held by kworker/u8:18/7847:
[  487.415568][   T31]  #0: ffff888141a85948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  487.450163][   T31]  #1: ffffc90003527d10 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  487.481106][   T31] 3 locks held by syz-executor/10210:
[  487.486492][   T31]  #0: ffff888025de0dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  487.510168][   T31]  #1: ffff888025de00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0
[  487.519885][   T31]  #2: ffffffff905eab28 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260
[  487.550240][   T31] 3 locks held by syz.2.2302/13462:
[  487.555465][   T31] 5 locks held by syz.5.2307/13474:
[  487.570174][   T31]  #0: ffff88807f2a4dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  487.579794][   T31]  #1: ffff88807f2a40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0
[  487.610118][   T31]  #2: ffffffff905eab28 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260
[  487.630117][   T31]  #3: ffff8880577a0338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730
[  487.639468][   T31]  #4: ffffffff8e5cc7b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  487.670128][   T31] 1 lock held by dhcpcd/13487:
[  487.674910][   T31]  #0: ffff888056872c08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release+0x86/0x270
[  487.702995][   T31] 2 locks held by dhcpcd/13488:
[  487.707858][   T31]  #0: ffff88807f5fdc08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release+0x86/0x270
[  487.747268][   T31]  #1: ffffffff8e5cc7b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  487.757402][   T31] 3 locks held by syz.7.2311/13490:
[  487.762717][   T31]  #0: ffff888078170dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  487.783462][   T31]  #1: ffff8880781700b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0
[  487.793194][   T31]  #2: ffffffff905eab28 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260
[  487.803297][   T31] 1 lock held by dhcpcd/13492:
[  487.808045][   T31]  #0: ffff88807f5fac08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release+0x86/0x270
[  487.818642][   T31] 1 lock held by dhcpcd/13494:
[  487.823874][   T31]  #0: ffff88807f6ad008 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release+0x86/0x270
[  487.836082][   T31] 
[  487.843967][   T31] =============================================
[  487.843967][   T31] 
[  487.855163][   T31] NMI backtrace for cpu 1
[  487.855177][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  487.855196][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  487.855205][   T31] Call Trace:
[  487.855210][   T31]  <TASK>
[  487.855217][   T31]  dump_stack_lvl+0x116/0x1f0
[  487.855245][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  487.855266][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  487.855283][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  487.855310][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  487.855336][   T31]  watchdog+0xf0e/0x1260
[  487.855358][   T31]  ? __pfx_watchdog+0x10/0x10
[  487.855373][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  487.855390][   T31]  ? __kthread_parkme+0x19e/0x250
[  487.855414][   T31]  ? __pfx_watchdog+0x10/0x10
[  487.855430][   T31]  kthread+0x3c2/0x780
[  487.855445][   T31]  ? __pfx_kthread+0x10/0x10
[  487.855463][   T31]  ? rcu_is_watching+0x12/0xc0
[  487.855482][   T31]  ? __pfx_kthread+0x10/0x10
[  487.855498][   T31]  ret_from_fork+0x5d7/0x6f0
[  487.855512][   T31]  ? __pfx_kthread+0x10/0x10
[  487.855527][   T31]  ret_from_fork_asm+0x1a/0x30
[  487.855556][   T31]  </TASK>
[  487.855584][   T31] Sending NMI from CPU 1 to CPUs 0:
[  487.979809][    C0] NMI backtrace for cpu 0
[  487.979822][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  487.979841][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  487.979850][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  487.979874][    C0] Code: 4c 62 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 52 16 00 fb f4 <e9> 4c 09 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  487.979891][    C0] RSP: 0018:ffffffff8e207e08 EFLAGS: 000002c2
[  487.979904][    C0] RAX: 0000000000f6c4bb RBX: 0000000000000000 RCX: ffffffff8b93bc29
[  487.979915][    C0] RDX: 0000000000000000 RSI: ffffffff8de4fd50 RDI: ffffffff8c162900
[  487.979925][    C0] RBP: fffffbfff1c52ef8 R08: 0000000000000001 R09: ffffed1017086655
[  487.979935][    C0] R10: ffff8880b84332ab R11: 0000000000000000 R12: 0000000000000000
[  487.979944][    C0] R13: ffffffff8e2977c0 R14: ffffffff90ab4390 R15: 0000000000000000
[  487.979954][    C0] FS:  0000000000000000(0000) GS:ffff8881246bc000(0000) knlGS:0000000000000000
[  487.979969][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  487.979981][    C0] CR2: 00007ffdc8f24330 CR3: 000000000e380000 CR4: 00000000003526f0
[  487.979991][    C0] DR0: 0000000000008009 DR1: 0000000000000000 DR2: 0000000000000000
[  487.980000][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  487.980009][    C0] Call Trace:
[  487.980015][    C0]  <TASK>
[  487.980020][    C0]  default_idle+0x13/0x20
[  487.980040][    C0]  default_idle_call+0x6d/0xb0
[  487.980059][    C0]  do_idle+0x391/0x510
[  487.980080][    C0]  ? __pfx_do_idle+0x10/0x10
[  487.980102][    C0]  ? do_idle+0x1c/0x510
[  487.980121][    C0]  cpu_startup_entry+0x4f/0x60
[  487.980139][    C0]  rest_init+0x16b/0x2b0
[  487.980155][    C0]  ? acpi_subsystem_init+0x133/0x180
[  487.980175][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  487.980190][    C0]  start_kernel+0x3ee/0x4d0
[  487.980210][    C0]  x86_64_start_reservations+0x18/0x30
[  487.980229][    C0]  x86_64_start_kernel+0x130/0x190
[  487.980242][    C0]  common_startup_64+0x13e/0x148
[  487.980262][    C0]  </TASK>
[  487.989773][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  487.989789][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  487.989807][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  487.989818][   T31] Call Trace:
[  487.989824][   T31]  <TASK>
[  487.989831][   T31]  dump_stack_lvl+0x3d/0x1f0
[  487.989852][   T31]  vpanic+0x6e8/0x7a0
[  487.989876][   T31]  ? __pfx_vpanic+0x10/0x10
[  487.989904][   T31]  ? __pfx___irq_work_queue_local+0x10/0x10
[  487.989926][   T31]  panic+0xca/0xd0
[  487.989948][   T31]  ? __pfx_panic+0x10/0x10
[  487.989971][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  487.989995][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[  487.990019][   T31]  ? watchdog+0xd78/0x1260
[  487.990036][   T31]  ? watchdog+0xd6b/0x1260
[  487.990053][   T31]  watchdog+0xd89/0x1260
[  487.990074][   T31]  ? __pfx_watchdog+0x10/0x10
[  487.990089][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  487.990107][   T31]  ? __kthread_parkme+0x19e/0x250
[  487.990130][   T31]  ? __pfx_watchdog+0x10/0x10
[  487.990147][   T31]  kthread+0x3c2/0x780
[  487.990163][   T31]  ? __pfx_kthread+0x10/0x10
[  487.990186][   T31]  ? rcu_is_watching+0x12/0xc0
[  487.990206][   T31]  ? __pfx_kthread+0x10/0x10
[  487.990221][   T31]  ret_from_fork+0x5d7/0x6f0
[  487.990236][   T31]  ? __pfx_kthread+0x10/0x10
[  487.990252][   T31]  ret_from_fork_asm+0x1a/0x30
[  487.990280][   T31]  </TASK>
[  488.321735][   T31] Kernel Offset: disabled
[  488.326030][   T31] Rebooting in 86400 seconds..