last executing test programs:

14m46.688011499s ago: executing program 0 (id=347):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000100)={0xfe, 0x0, [{0x80000008, 0x0, 0x1, 0x4, 0xffffffff, 0x0, 0xeb}]})
close_range(r0, 0xffffffffffffffff, 0x0)

14m46.532494953s ago: executing program 32 (id=347):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000100)={0xfe, 0x0, [{0x80000008, 0x0, 0x1, 0x4, 0xffffffff, 0x0, 0xeb}]})
close_range(r0, 0xffffffffffffffff, 0x0)

14m28.332122542s ago: executing program 33 (id=596):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_CLEAR_HALT(r0, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})

13m10.127040254s ago: executing program 3 (id=1661):
unshare(0x6a040000)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f028, 0x5})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000002d00091327bd70000000000006"], 0x20}}, 0x84)

13m9.562102355s ago: executing program 3 (id=1668):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="1808"], 0x0, 0x4}, 0x94)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000032a9000070100f3ff830000580065159385e7"], 0x0}, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_OPENQRY(r1, 0x4b4c, &(0x7f0000000080))

13m9.43108362s ago: executing program 4 (id=1670):
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000001, 0x6031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
munlock(&(0x7f00002a4000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000623000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000e1b000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000f2b000/0x4000)=nil)
mremap(&(0x7f0000a2a000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f000068d000/0x4000)=nil)
munlockall()

13m9.084087603s ago: executing program 4 (id=1675):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x24}}, 0x0)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000002100)={0x0, 0x7735, 0x80, 0x0, 0x351}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

13m8.86697455s ago: executing program 4 (id=1679):
r0 = io_uring_setup(0x20, &(0x7f00000000c0)={0x0, 0x0, 0x3000, 0x80000000, 0xfefffffd})
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000140)=0x200000000)
io_setup(0x3, &(0x7f0000000000)=<r2=>0x0)
io_submit(r2, 0x3, &(0x7f00000009c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x10, r1, &(0x7f0000000280)="20e76a038fb62178f1ef3c191b9f15fe019090bb57ab0976470e9a302d2256670c6742ad4795054100f2cd845a1d95bda24776ac36c41ce82c056701e924fe384178863b0e2eac58", 0x48, 0xdc, 0x0, 0x2}, 0x0, 0x0])
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000300)={0x10000008})

13m8.524197167s ago: executing program 4 (id=1684):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0/file0\x00', 0x89901)
move_mount(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000300)='./file0/file0\x00', 0x206)

13m8.392708883s ago: executing program 4 (id=1685):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000002100)={0x0, 0x7735, 0x80, 0x0, 0x351}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

13m7.964112979s ago: executing program 4 (id=1690):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48)

13m7.828022024s ago: executing program 34 (id=1690):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48)

13m7.678341693s ago: executing program 3 (id=1692):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x0, 0x0, "0000000000000000f7fcfeff000000a88000"})
r1 = syz_open_pts(r0, 0x8182)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, 0x0)
write$vhost_msg_v2(r2, 0x0, 0x0)

13m7.272101907s ago: executing program 3 (id=1694):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x2)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x80101)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10)
chroot(&(0x7f0000000780)='./file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0\x00')

13m7.24119789s ago: executing program 3 (id=1695):
r0 = io_uring_setup(0x7cac, &(0x7f00000000c0)={0x0, 0x753a, 0x40, 0x2, 0x1fd})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

13m6.66294358s ago: executing program 3 (id=1699):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
getpid()
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000080)={r1, 0x1, 0x6})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000380)={<r2=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000240)={r2, 0x1, r0, 0x6})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000280)={r2, 0x0, 0x5})

13m6.494298342s ago: executing program 35 (id=1699):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
getpid()
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000080)={r1, 0x1, 0x6})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000380)={<r2=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000240)={r2, 0x1, r0, 0x6})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000280)={r2, 0x0, 0x5})

10m21.546846883s ago: executing program 7 (id=3650):
r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
sendmsg$rds(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x20000800}, 0x4000008)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x38, 0x0, @fd=r0, 0x100000001, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000280)={0x10000, 0xffffffffffffffff, 0x1, {0x7, 0xa44}, 0x80}, 0x1)

10m21.237993425s ago: executing program 7 (id=3654):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000009c0)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@getpolicy={0x50, 0x15, 0x4, 0x70bd2b, 0x25dfdbfb, {{@in=@loopback, @in=@rand_addr=0x64010101, 0x4e21, 0x8000, 0x4e22, 0x8, 0xa, 0x80, 0x0, 0x89}, 0x6e6bb4}}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x1)
recvmsg$unix(r1, &(0x7f00000004c0)={&(0x7f0000000180), 0x6e, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x22fe0}], 0x12}, 0x0)
sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0)

10m21.075194977s ago: executing program 7 (id=3657):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = syz_io_uring_setup(0x5e9, &(0x7f0000000480)={0x0, 0x9e6e, 0x1000, 0x2}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000240)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r2, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x20000044})
io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

10m20.067600913s ago: executing program 7 (id=3669):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000000)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0/file0\x00', 0x6cc01, 0x10)

10m19.971982927s ago: executing program 7 (id=3671):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x72, 0x4)
bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000180)=0xb27, 0x4)
connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto(r0, &(0x7f0000000400)="50fbdf12a30d7a48b2c5c84948f3426077a9f0ca1475183db3bf52a6b2cdb77ef9af2a603a3e78adff59fbb22bae1b2443011fd801251bcef8f165533aac58c7556dd51edc5a6865d4e29f0bbd0ed602050000000000002944de604d849a1e3b32905b0d26e9ff", 0x67, 0x4008044, 0x0, 0x0)
write$binfmt_misc(r0, &(0x7f00000003c0)='}', 0x1)
sendto$inet(r0, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd936d2571c3510b0000000000000000000000000000000000f32bb3874c926a8944caa4677d2eae3bc831e748000000", 0xfffffffffffffe88, 0x0, 0x0, 0x0)

10m18.918107403s ago: executing program 7 (id=3676):
getpid()
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, 0x0, 0x0}, 0x20)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)

10m18.716402765s ago: executing program 36 (id=3676):
getpid()
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, 0x0, 0x0}, 0x20)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)

9m31.945617416s ago: executing program 9 (id=4068):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000080)=0x1, 0x4)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x38, 0x4)
r2 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r3=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r3, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000014c0)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r3, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850)

9m29.268808338s ago: executing program 9 (id=4079):
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
lsetxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200), &(0x7f00000002c0)=@v3={0x3000000, [{0x2, 0x9}, {0x3, 0x3ff}]}, 0x18, 0x1)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x18)
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

9m29.169178523s ago: executing program 9 (id=4082):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
unshare(0x6020400)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x38, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

9m28.60569688s ago: executing program 9 (id=4083):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x842cc0, 0x0)

9m28.41609447s ago: executing program 9 (id=4086):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{0x0}], 0x1)
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x100000, 0x9)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x5}, 0x2)

9m27.844211857s ago: executing program 9 (id=4094):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x8, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x14)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x69, 0x3000, 0x4})
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
ioprio_get$pid(0x3, 0x0)

9m27.091897395s ago: executing program 37 (id=4094):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x8, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x14)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x69, 0x3000, 0x4})
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
ioprio_get$pid(0x3, 0x0)

9m18.36983521s ago: executing program 0 (id=4095):
r0 = io_uring_setup(0x2715, &(0x7f0000000200)={0x0, 0x3, 0x800})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r3 = accept(r1, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000080), &(0x7f00000002c0)=@tcp=r3}, 0x20)
close_range(r0, 0xffffffffffffffff, 0x0)

9m18.307558619s ago: executing program 0 (id=4135):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f00000001c0)=@framed={{}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a7fbb}, @ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xf4240, &(0x7f0000000100)=""/147}, 0x80)

9m17.388243541s ago: executing program 0 (id=4141):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
fcntl$setstatus(r0, 0x4, 0x40800)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000006, 0x4c831, 0xffffffffffffffff, 0x66154000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2)
rseq(&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0)

9m16.278114092s ago: executing program 0 (id=4143):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x243014, 0x0)
setpgid(0x0, r0)
chdir(&(0x7f0000000200)='./file0\x00')

9m15.385300959s ago: executing program 0 (id=4149):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, 0x0})
setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[], 0x44}}, 0x0)

9m0.05922513s ago: executing program 38 (id=4149):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, 0x0})
setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[], 0x44}}, 0x0)

19.332223295s ago: executing program 8 (id=6142):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000340)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r3, 0x0, 0x0, 0x0, <r4=>0x0})
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r5, 0x0)
shutdown(r5, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r2, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r4, r6, <r7=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)})
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r2, 0x3b8c, &(0x7f0000000100)={0x30, r7, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0})

16.032112753s ago: executing program 8 (id=6151):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x20400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x83fb, 0x789b1c25, 0x29, 0x4, 0x5, 0xcc7, 0x8, 0x8d, 0x9, 0x0, 0x2, 0x1, 0x1, 0x1, 0x6, 0x81, 0x6, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e5c, 0xb, 0xffc00004, 0x3c, 0x8, 0x100006, 0xf7fffff7, 0xfffffff8]})
r6 = socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$inet(r6, &(0x7f0000002ec0)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10, 0x0, 0x0, &(0x7f00000002c0)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x4000854)
ioctl$DRM_IOCTL_GET_STATS(r0, 0x80f86406, 0x0)

12.467955761s ago: executing program 8 (id=6159):
mknodat$null(0xffffffffffffff9c, 0x0, 0xb0a54e68b1cdafda, 0x103)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x15)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000200)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x8000, 0x700, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x67, 0x0, 0x0, 0x29, 0x0, @multicast1, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x2, {{0x5, 0x4, 0x0, 0x24, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty}}}})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={<r1=>0x0}, 0x0)
prlimit64(r1, 0xe, &(0x7f0000000000)={0x4, 0x409}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004340)=""/102376, 0x18fe8)
ptrace$getregset(0x4204, 0x0, 0x6, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000003bc0), r3)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r3, &(0x7f0000003cc0)={0x0, 0x0, &(0x7f0000003c80)={&(0x7f0000003c40)={0x14, r4, 0xc126a62263ed00c7, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x88c0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, 0x0, 0x0)

11.461727039s ago: executing program 5 (id=6163):
socket$key(0xf, 0x3, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000050, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_open_dev$usbmon(0x0, 0x6a2, 0x20000)
r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', 0x0, 0xfe44, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r3, &(0x7f0000000100)=[{0x0}], 0x1)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x20008040)

9.098650232s ago: executing program 8 (id=6168):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r0 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={<r3=>0xffffffffffffffff})
r4 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='fdinfo/3\x00')
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x40400c0}, 0x40)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r7, 0x0, 0x40010)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r3, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000100000001"], 0x18}, 0x0, 0x20040000})
io_uring_enter(r4, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)

9.09620381s ago: executing program 5 (id=6169):
socket$pppl2tp(0x18, 0x1, 0x1)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r2 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r2}, 0x94)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000140)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x800})
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r4, 0xffffffffffffffff, 0x0)

7.004732907s ago: executing program 6 (id=6176):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r1 = socket$netlink(0x10, 0x3, 0x2)
openat$mice(0xffffffffffffff9c, 0x0, 0x41)
io_uring_enter(0xffffffffffffffff, 0x2def, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r3, &(0x7f0000000540)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x10)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0404"], 0xd)
preadv(r0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/122, 0x7a}], 0x1, 0x0, 0xffffffff)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

6.986403499s ago: executing program 5 (id=6177):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
epoll_create1(0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_int(r2, &(0x7f0000000040)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0)
r4 = open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x0)
r5 = open(&(0x7f0000000080)='./bus\x00', 0x145542, 0x40)
ftruncate(r5, 0x2007ffd)
sendfile(r3, r4, 0x0, 0x1000a3)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, 0x0, 0x0)
sendmsg$nl_xfrm(r6, 0x0, 0x4800)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0)

6.018124577s ago: executing program 6 (id=6181):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$pptp(0x18, 0x1, 0x2)
connect$pptp(r3, &(0x7f0000000700)={0x18, 0x2, {0x0, @multicast1}}, 0x1e)
connect$pptp(r3, &(0x7f00000001c0)={0x18, 0x2, {0x2, @local}}, 0x1e)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x10)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

5.291956005s ago: executing program 8 (id=6182):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x2000)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlock(&(0x7f00007fe000/0x800000)=nil, 0x800000)
r2 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r2, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e24, 0x80000001, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x5}, {0xa, 0x4e24, 0xf5, @mcast2, 0x3}, 0xffffffffffffffff, {[0x2, 0x6, 0x401, 0x8, 0x10001, 0x8, 0x2, 0xd]}}, 0x5c)
r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
open(&(0x7f0000000100)='.\x00', 0x591002, 0x50f)

4.477525054s ago: executing program 1 (id=6184):
fanotify_init(0x1a, 0x800)
r0 = fsopen(0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x2, 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400400bce)
r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_clone3(0x0, 0x0)
write$FUSE_LK(0xffffffffffffffff, 0x0, 0x0)
mq_notify(0xffffffffffffffff, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, 0x0, 0x0)
close(0x3)

4.232122524s ago: executing program 1 (id=6185):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x3, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x2, 0xffffffff}, 0x0)
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='.\x00', 0x5000009)
add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000400)='_', 0x1, 0xfffffffffffffffe)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
getdents(r2, &(0x7f0000000400)=""/132, 0x84)
getsockname$packet(r2, &(0x7f0000000240)={0x11, 0x0, <r3=>0x0}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000020000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', r3, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f00000008c0)='fib6_table_lookup\x00', r4}, 0x10)
r5 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r5, &(0x7f00000003c0)={&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000100)="b7", 0x1}], 0x1}, 0x40080c0)

4.216491323s ago: executing program 5 (id=6186):
setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000000280)="1a000000", 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket(0x1d, 0x2, 0x6)
r3 = socket(0x1, 0x1, 0x0)
ioctl$SIOCGETSGCNT(r3, 0x89a0, &(0x7f0000000200)={@dev={0xac, 0x14, 0x14, 0x25}, @rand_addr=0x64010125})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0)
bind$can_j1939(r2, 0x0, 0x0)
epoll_create(0x2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000a3348484bb8df93fe521fe1040f858fb0192fdb61165ae96e54e95f986e1991666a28ea84021377f854fb46b740fc923244159bca8f8f9df6582f8c01dc05733e2e55fc52557ead879afe7c49146aea5741c8105fe87b521f427bf000000000000000000000000000000000000000000000000000000000000004f70139012486588"], 0x50)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe04}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4.148079773s ago: executing program 6 (id=6187):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)={0x24, 0x0, 0x1, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x60000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x8abb29e09f442f35, 0xffffffffffffffff, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0)
write$dsp(r7, &(0x7f00000004c0)="01", 0x1)
ioctl$SNDCTL_DSP_SYNC(r7, 0x5001, 0x0)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r8, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
bind$rose(0xffffffffffffffff, &(0x7f00000002c0)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x40)
connect$rose(0xffffffffffffffff, &(0x7f00000001c0)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x40)

4.103246627s ago: executing program 6 (id=6188):
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x800006, 0x8, 0x0, 0x3}, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
link(0x0, &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0})
name_to_handle_at(r2, &(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x0, &(0x7f00000000c0), 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, &(0x7f0000000400)=0xa4, 0x4)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000140)={'team_slave_0\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}})
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_stats})

2.606697227s ago: executing program 1 (id=6189):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, 0x0, &(0x7f00000008c0))
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
memfd_create(0x0, 0x3)

2.605577317s ago: executing program 2 (id=6199):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22}, 0x21)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r1, 0x0, r3, 0x0, 0xaf4, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x303}, "1f891d5b00", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "dd6ed25e", "d4e9e1c90d89691c"}, 0x38)
recvmmsg(r1, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000140)=""/46, 0x2e}], 0x1}, 0x6}], 0x1, 0x100, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x4c}}, 0x0)
syz_open_dev$usbfs(0x0, 0x76, 0x101301)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0xffe)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x4000880)

2.584353652s ago: executing program 5 (id=6190):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r0, 0x80506409, &(0x7f0000000100)={0x0, 0x20, 0x10, 0x6dd, 0x4, 0x0, 0x2, 0xb05, 0x20, 0x1, 0x40, 0x7, &(0x7f0000000000)=[0x4], 0x8, 0x0})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000200)=0x5d4c, 0x4)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
recvfrom(r1, 0x0, 0x0, 0x40010001, 0x0, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20000004)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
preadv(r2, &(0x7f0000000100)=[{&(0x7f0000000400)=""/4108, 0x100c}], 0x1, 0x144, 0x0)
ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000080))

2.564567733s ago: executing program 2 (id=6191):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000280))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200400100000c0a01010000000000000000070000000900020073797a31000000000900010073797a300000000014010380100100800800034000000002"], 0x1d4}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e912162f8db0049d90491ceaebfd26d4eef2", 0x27}, {&(0x7f0000000580)="051a00000e80006558f2878f02000000000000203d83d3", 0x17}], 0x2)
mmap$xdp(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0x12, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2, &(0x7f0000000340)=0x1, 0xa, 0x0)
mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000080)=0x3, 0x8, 0x0)

1.763954476s ago: executing program 8 (id=6192):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000b40)='\xf3ouzce', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)

1.669133115s ago: executing program 6 (id=6193):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f0000000140)={0x4000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.603648171s ago: executing program 2 (id=6194):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
ioctl$SIOCPNGETOBJECT(r0, 0x89e0, &(0x7f0000000280)=0xfff)
r1 = socket(0x1f, 0x5, 0x0)
bind$packet(r1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008c}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f0000000440), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000005000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b80)=@newtaction={0x11c, 0x30, 0xeaa3ef926154e70d, 0x0, 0x0, {}, [{0x108, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{}, 0x1}}]}, {0x4}, {0xc}, {0xfffffffffffffd21, 0x8, {0x2}}}}, @m_sample={0xb8, 0x2, 0x0, 0x0, {{0xb}, {0x6c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x0, 0x2, {0x3, 0xd, 0x10000000, 0x0, 0x3}}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x100008, 0x4d82, 0xffffffffffffffff, 0x7ff, 0x4}}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0xfff, 0x88, 0x6, 0x3, 0x1}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0xffffffff}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x8}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x5}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x9, 0x9e07, 0x5, 0x3, 0x9}}]}, {0x22, 0x6, "b993a266d04d68c578a189161d7b3605ae1ad871dbd78a555343b82aff5a"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x11c}}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000063c0)={0x2020}, 0x2020)
r4 = syz_open_procfs(0x0, 0x0)
pread64(r4, 0x0, 0x0, 0x96)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[], 0x80}, 0x1, 0x0, 0x0, 0x4004000}, 0x50)
mount(&(0x7f0000000040)=@nullb, 0x0, 0x0, 0x0, 0x0)

1.331015498s ago: executing program 2 (id=6195):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
read$msr(r0, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x7fff, 0x0, 0x1}}, 0x40)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000001100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001180))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
gettid()
r3 = openat$audio(0xffffffffffffff9c, 0x0, 0x20480, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x7f)
socketpair$unix(0x1, 0x3, 0x0, 0x0)

1.283793255s ago: executing program 2 (id=6196):
socket(0x10, 0x803, 0x0)
socket(0xa, 0x3, 0x3a)
truncate(&(0x7f0000000100)='./file1\x00', 0x20fdfffffe)
creat(0x0, 0x135)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
r3 = getpid()
syz_pidfd_open(r3, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0xffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x2000000, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)

1.233093585s ago: executing program 5 (id=6197):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
ioctl$SIOCGETVIFCNT(r0, 0x89e0, &(0x7f0000000000))
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={<r1=>0x0}, &(0x7f0000000140)=0xc)
r2 = syz_open_procfs(r1, &(0x7f0000000100)='mountinfo\x00')
mq_timedreceive(r2, 0x0, 0x0, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
recvfrom$ax25(r4, &(0x7f0000000100)=""/87, 0x57, 0xeb59d7796265ba1a, &(0x7f00000002c0)={{0x3, @null, 0x4}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null]}, 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x1, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xf}, {0xd, 0xa}, {0x6}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7, 0x10001, 0x3, 0x0, 0x7}, 0xf0, 0x1, 0x8, 0x3, 0x88a, 0x9, 0x8e, 0x1f, 0x3, 0xff, {0x4415, 0x2, 0x800, 0x5, 0x0, 0x5}}}}]}, 0x78}}, 0x4000)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210283ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000080)=@arm64_fp={0x604000000010008a, &(0x7f0000000000)=0x7ff})

1.099716607s ago: executing program 1 (id=6198):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14)
r3 = syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r3, 0x40305652, &(0x7f0000000000)={0x0, 0x1, 0x8000, 0x0, 0x0, 0xfa000, 0x10000})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="0000000000004a641c0012000c000100626f6e64"], 0x3c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="70aaf0a58486e48500"/20, @ANYRES32=0x0, @ANYBLOB="7b13000000000000200012800b0001006272696467650000100002800c002100e902000000000000"], 0x40}}, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000500)={'aio_iiro_16\x00', [0x83eb, 0xe4, 0x4, 0x4, 0x5, 0xcc7, 0x8, 0x8d, 0xe, 0x4, 0x6, 0x1, 0x1, 0x1, 0x4000006, 0x101, 0xfffffffd, 0x1a449, 0x5f57, 0x40000003, 0x8a, 0x6, 0x0, 0x4, 0x800, 0xffe00000, 0x3a, 0x8, 0x6, 0xf7ffffff, 0xfffffff8]})

992.901081ms ago: executing program 1 (id=6200):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e00"], 0x70}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xa}}, 0x14}}, 0x20000080)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)

177.045732ms ago: executing program 6 (id=6201):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x3, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x2, 0xffffffff}, 0x0)
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='.\x00', 0x5000009)
add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000400)='_', 0x1, 0xfffffffffffffffe)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
getdents(r2, &(0x7f0000000400)=""/132, 0x84)
getsockname$packet(r2, &(0x7f0000000240)={0x11, 0x0, <r3=>0x0}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000020000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', r3, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f00000008c0)='fib6_table_lookup\x00', r4}, 0x10)
r5 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r5, &(0x7f00000003c0)={&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000100)="b7", 0x1}], 0x1}, 0x40080c0)

176.553602ms ago: executing program 2 (id=6202):
setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000000280)="1a000000", 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket(0x1d, 0x2, 0x6)
r3 = socket(0x1, 0x1, 0x0)
ioctl$SIOCGETSGCNT(r3, 0x89a0, &(0x7f0000000200)={@dev={0xac, 0x14, 0x14, 0x25}, @rand_addr=0x64010125})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0)
bind$can_j1939(r2, 0x0, 0x0)
epoll_create(0x2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000a3348484bb8df93fe521fe1040f858fb0192fdb61165ae96e54e95f986e1991666a28ea84021377f854fb46b740fc923244159bca8f8f9df6582f8c01dc05733e2e55fc52557ead879afe7c49146aea5741c8105fe87b521f427bf000000000000000000000000000000000000000000000000000000000000004f70139012486588"], 0x50)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe04}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

0s ago: executing program 1 (id=6203):
r0 = socket(0x1, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$WPAN_WANTLQI(r0, 0x0, 0x3, &(0x7f00000002c0), 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './mnt\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280), 0x48000, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
fcntl$getown(r3, 0x9)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x1000000008, 0x10000, 0x3}, 0x0)
add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_pauseparam={0x1f, 0x3}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001d40)=ANY=[@ANYBLOB="101300002d00090036bd70000100000004000000cb011180c708605d8a0c9549f671af21be3edd7313f3b3cefa172a8aae2f295cc7"], 0x1310}, 0x1, 0x0, 0x0, 0x20000004}, 0x84)
syz_emit_ethernet(0xce, &(0x7f0000000b00)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x98, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x2, 0x0, 0x0, 0x20000, 0x1000300, [{0x1, 0xc, "23d13a9528da89ca8687857fa1c05623e430a7e05df65bb50a75504311ee5de0f521d4ef8bdff765650746569fc64eab97bd29f1573ea4d0bf29234512d00dd30ae604dd40e3c151fd4d595866b48657d2cb4ed8721f45e586a02af6449001"}, {0x5, 0x4, "ef1dc0373c7ae5822ff95684d179152a6da7097d9a664860876ec7127430d92386b1dae46b"}]}}}}}}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="0380c20000000e577ca5a84f0800451000300080000000019078ac1e0001ac1414aa030090781206183f25fc00000067001c0007000064010101e000000292e380499d657807b1f372392d9e524f371a570efdf6bc3b4cdf5f1fad16732af7557840525d79bd502741c0a787ee07aa9953f06a5bf8562f344ba8946a78191ee5a0f66198a979151c778bf7f740e7d05262c8e07c0070e761760a2a76b4d63cfe3c8dbd169c534563ed6a8e86ab65f9425f4a72187a7a768686db4cbd95c10b72e3958644dace9528dd8635b58c2f9a5d66bc51f1de83a268b4c7a896fb8238c8ae0f6cb0a15e141621d70e6e93b7df27dedad37767ccc5c9c8cfa8c6943b2b7e13eb537d60d43be5dbedd10d6faf01e1d9f4abf089a8a161fda92bd3d6deee489038cd0b14787897cab752da47f16c35d2c8ab584b8a14112de543a58f"], 0x0)

kernel console output (not intermixed with test programs):

ve_1) entered blocking state
[  413.648808][T16573] bridge0: port 2(bridge_slave_1) entered disabled state
[  413.656551][T16573] bridge_slave_1: entered allmulticast mode
[  413.664757][T16573] bridge_slave_1: entered promiscuous mode
[  413.876436][T16573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  413.929771][T16573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  414.690089][ T8971] hsr_slave_0: left promiscuous mode
[  414.710299][ T8971] hsr_slave_1: left promiscuous mode
[  414.747370][ T8971] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  414.814798][ T8971] batman_adv: batadv0: Removing interface: batadv_slave_0
[  414.888947][ T8971] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  414.908616][ T8971] batman_adv: batadv0: Removing interface: batadv_slave_1
[  414.959824][ T8971] veth1_macvtap: left promiscuous mode
[  414.966116][ T8971] veth0_macvtap: left promiscuous mode
[  415.037950][ T8971] veth1_vlan: left promiscuous mode
[  415.045612][ T8971] veth0_vlan: left promiscuous mode
[  415.270039][ T5865] Bluetooth: hci1: command tx timeout
[  416.319810][T16648] overlayfs: failed to clone upperpath
[  416.902460][T16660] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4128'.
[  416.952057][ T8971] team0 (unregistering): Port device team_slave_1 removed
[  416.991807][ T8971] team0 (unregistering): Port device team_slave_0 removed
[  417.103496][T16662] overlayfs: failed to clone upperpath
[  417.308902][   T30] audit: type=1400 audit(1757367340.176:886): avc:  denied  { unmount } for  pid=16666 comm="syz.6.4131" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  417.427999][ T5865] Bluetooth: hci1: command tx timeout
[  417.797193][T16658] veth1_to_bond: entered promiscuous mode
[  417.803822][T16658] veth1_to_bond: left promiscuous mode
[  417.823920][T16660] bond0: (slave bond_slave_1): Releasing backup interface
[  417.854000][T16573] team0: Port device team_slave_0 added
[  417.862392][T16573] team0: Port device team_slave_1 added
[  417.917114][T16573] batman_adv: batadv0: Adding interface: batadv_slave_0
[  417.924899][T16573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  417.951181][T16573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  417.963913][T16573] batman_adv: batadv0: Adding interface: batadv_slave_1
[  417.971173][T16573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  418.000081][T16573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  418.030027][ T5958] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  418.047332][T16573] hsr_slave_0: entered promiscuous mode
[  418.054337][T16573] hsr_slave_1: entered promiscuous mode
[  418.060598][T16573] debugfs: 'hsr0' already exists in 'hsr'
[  418.066325][T16573] Cannot create hsr debugfs directory
[  418.191418][ T5958] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  418.202619][ T5958] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  418.212526][ T5958] usb 6-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  418.225515][ T5958] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.236371][ T5958] usb 6-1: config 0 descriptor??
[  418.408401][T16573] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  418.417552][T16573] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  418.427086][T16573] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  418.436803][T16573] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  418.501157][ T5958] usbhid 6-1:0.0: can't add hid device: -71
[  418.507146][ T5958] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  418.518715][ T5958] usb 6-1: USB disconnect, device number 29
[  418.520772][T16573] 8021q: adding VLAN 0 to HW filter on device bond0
[  418.545706][T16573] 8021q: adding VLAN 0 to HW filter on device team0
[  418.556357][ T8922] bridge0: port 1(bridge_slave_0) entered blocking state
[  418.563466][ T8922] bridge0: port 1(bridge_slave_0) entered forwarding state
[  418.575413][ T8970] bridge0: port 2(bridge_slave_1) entered blocking state
[  418.582551][ T8970] bridge0: port 2(bridge_slave_1) entered forwarding state
[  418.713582][T16573] 8021q: adding VLAN 0 to HW filter on device batadv0
[  418.746850][T16573] veth0_vlan: entered promiscuous mode
[  418.755837][T16573] veth1_vlan: entered promiscuous mode
[  418.780759][T16573] veth0_macvtap: entered promiscuous mode
[  418.788410][T16573] veth1_macvtap: entered promiscuous mode
[  418.806064][T16573] batman_adv: batadv0: Interface activated: batadv_slave_0
[  418.816834][T16573] batman_adv: batadv0: Interface activated: batadv_slave_1
[  418.829408][ T8922] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  418.839828][ T8922] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  418.854253][ T8962] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  418.863712][ T8922] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  418.920879][ T8970] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  418.928686][ T8970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  418.952596][ T8971] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  418.961483][ T8971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  419.255274][   T30] audit: type=1804 audit(1757367342.126:887): pid=16702 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.5.4137" name="file0" dev="ramfs" ino=66523 res=1 errno=0
[  419.530117][ T5865] Bluetooth: hci1: command tx timeout
[  420.573299][T16714] futex_wake_op: syz.2.4139 tries to shift op by 32; fix this program
[  421.439880][T16728] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  421.877169][   T30] audit: type=1400 audit(1757367344.746:888): avc:  denied  { mounton } for  pid=16725 comm="syz.0.4143" path="/3/file1/file0" dev="autofs" ino=65248 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  421.968843][ T8969] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  421.997728][ T8969] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  422.113995][ T8969] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  422.131609][ T8969] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  422.170132][ T8922] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  422.183963][ T8922] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  422.213923][ T8962] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  422.225807][ T8962] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  422.708792][T16749] loop9: detected capacity change from 0 to 7
[  422.715678][T16749] Buffer I/O error on dev loop9, logical block 0, async page read
[  422.723544][T16749] Buffer I/O error on dev loop9, logical block 0, async page read
[  422.731722][T16749] Buffer I/O error on dev loop9, logical block 0, async page read
[  422.739538][T16749] Buffer I/O error on dev loop9, logical block 0, async page read
[  422.747375][T16749] Buffer I/O error on dev loop9, logical block 0, async page read
[  422.755217][T16749] Buffer I/O error on dev loop9, logical block 0, async page read
[  422.763522][T16749] Buffer I/O error on dev loop9, logical block 0, async page read
[  422.771370][T16749] ldm_validate_partition_table(): Disk read failed.
[  422.777946][T16749] Buffer I/O error on dev loop9, logical block 0, async page read
[  422.785815][T16749] Buffer I/O error on dev loop9, logical block 0, async page read
[  422.794327][T16749] Buffer I/O error on dev loop9, logical block 0, async page read
[  422.802193][T16749] Dev loop9: unable to read RDB block 0
[  422.807835][T16749]  loop9: unable to read partition table
[  422.813551][T16749] loop9: partition table beyond EOD, truncated
[  422.819678][T16749] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  422.819678][T16749] 
) failed (rc=-5)
[  426.044612][   T30] audit: type=1400 audit(1757367348.916:889): avc:  denied  { rename } for  pid=16832 comm="syz.5.4185" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  427.226098][ T5865] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  427.236317][ T5865] CPU: 0 UID: 0 PID: 5865 Comm: kworker/u9:9 Not tainted syzkaller #0 PREEMPT(full) 
[  427.236343][ T5865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  427.236356][ T5865] Workqueue: hci0 hci_rx_work
[  427.236381][ T5865] Call Trace:
[  427.236387][ T5865]  <TASK>
[  427.236394][ T5865]  dump_stack_lvl+0x16c/0x1f0
[  427.236419][ T5865]  sysfs_warn_dup+0x7f/0xa0
[  427.236443][ T5865]  sysfs_create_dir_ns+0x24b/0x2b0
[  427.236467][ T5865]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  427.236490][ T5865]  ? find_held_lock+0x2b/0x80
[  427.236520][ T5865]  ? do_raw_spin_unlock+0x172/0x230
[  427.236543][ T5865]  kobject_add_internal+0x2c4/0x9b0
[  427.236573][ T5865]  kobject_add+0x16e/0x240
[  427.236597][ T5865]  ? __pfx_kobject_add+0x10/0x10
[  427.236624][ T5865]  ? do_raw_spin_unlock+0x172/0x230
[  427.236644][ T5865]  ? kobject_put+0xab/0x5a0
[  427.236676][ T5865]  device_add+0x288/0x1aa0
[  427.236709][ T5865]  ? __pfx_dev_set_name+0x10/0x10
[  427.236725][ T5865]  ? __pfx_device_add+0x10/0x10
[  427.236752][ T5865]  ? mgmt_send_event_skb+0x2fb/0x460
[  427.236779][ T5865]  hci_conn_add_sysfs+0x17e/0x230
[  427.236802][ T5865]  le_conn_complete_evt+0x1075/0x1d70
[  427.236821][ T5865]  ? preempt_count_sub+0xb0/0x160
[  427.236851][ T5865]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  427.236869][ T5865]  ? hci_event_packet+0x459/0x11c0
[  427.236898][ T5865]  hci_le_conn_complete_evt+0x23c/0x370
[  427.236922][ T5865]  hci_le_meta_evt+0x354/0x5e0
[  427.236942][ T5865]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  427.236965][ T5865]  hci_event_packet+0x682/0x11c0
[  427.236984][ T5865]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  427.237005][ T5865]  ? __pfx_hci_event_packet+0x10/0x10
[  427.237027][ T5865]  ? kcov_remote_start+0x3c9/0x6d0
[  427.237046][ T5865]  ? lockdep_hardirqs_on+0x7c/0x110
[  427.237074][ T5865]  hci_rx_work+0x2c5/0x16b0
[  427.237095][ T5865]  ? rcu_is_watching+0x12/0xc0
[  427.237121][ T5865]  process_one_work+0x9cc/0x1b70
[  427.237152][ T5865]  ? __pfx_process_one_work+0x10/0x10
[  427.237179][ T5865]  ? assign_work+0x1a0/0x250
[  427.237200][ T5865]  worker_thread+0x6c8/0xf10
[  427.237228][ T5865]  ? __kthread_parkme+0x19e/0x250
[  427.237255][ T5865]  ? __pfx_worker_thread+0x10/0x10
[  427.237274][ T5865]  kthread+0x3c2/0x780
[  427.237292][ T5865]  ? __pfx_kthread+0x10/0x10
[  427.237311][ T5865]  ? rcu_is_watching+0x12/0xc0
[  427.237333][ T5865]  ? __pfx_kthread+0x10/0x10
[  427.237351][ T5865]  ret_from_fork+0x5d4/0x6f0
[  427.237368][ T5865]  ? __pfx_kthread+0x10/0x10
[  427.237386][ T5865]  ret_from_fork_asm+0x1a/0x30
[  427.237421][ T5865]  </TASK>
[  427.237447][ T5865] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  427.502335][ T5865] Bluetooth: hci0: failed to register connection device
[  430.153985][T16921] overlayfs: failed to clone upperpath
[  433.119222][T16983] overlayfs: failed to clone upperpath
[  434.342772][   T30] audit: type=1326 audit(1757367357.216:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17000 comm="syz.2.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  434.381988][   T30] audit: type=1326 audit(1757367357.256:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17000 comm="syz.2.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  434.407578][   T30] audit: type=1326 audit(1757367357.256:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17000 comm="syz.2.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  434.438099][   T30] audit: type=1326 audit(1757367357.256:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17000 comm="syz.2.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  434.462833][   T30] audit: type=1326 audit(1757367357.256:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17000 comm="syz.2.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  434.486459][   T30] audit: type=1326 audit(1757367357.256:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17000 comm="syz.2.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=327 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  434.520315][   T30] audit: type=1326 audit(1757367357.256:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17000 comm="syz.2.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  434.544466][   T30] audit: type=1326 audit(1757367357.256:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17000 comm="syz.2.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  434.623664][   T30] audit: type=1326 audit(1757367357.256:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17000 comm="syz.2.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  434.657931][   T30] audit: type=1326 audit(1757367357.256:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17000 comm="syz.2.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  437.832899][ T5858] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  437.845959][ T5858] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  437.853698][ T5858] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  437.862974][ T5858] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  437.870797][ T5858] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  438.494020][ T8970] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.615166][ T8970] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.744512][ T8970] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.767455][T17029] chnl_net:caif_netlink_parms(): no params data found
[  438.821436][ T8970] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.914494][T17029] bridge0: port 1(bridge_slave_0) entered blocking state
[  438.921851][T17029] bridge0: port 1(bridge_slave_0) entered disabled state
[  438.928923][T17029] bridge_slave_0: entered allmulticast mode
[  438.936425][T17029] bridge_slave_0: entered promiscuous mode
[  438.943355][T17029] bridge0: port 2(bridge_slave_1) entered blocking state
[  438.952531][T17029] bridge0: port 2(bridge_slave_1) entered disabled state
[  438.959620][T17029] bridge_slave_1: entered allmulticast mode
[  438.968251][T17029] bridge_slave_1: entered promiscuous mode
[  439.005814][T17029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  439.017322][T17029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  439.054298][T17029] team0: Port device team_slave_0 added
[  439.063012][T17029] team0: Port device team_slave_1 added
[  439.076986][ T8970] bridge_slave_1: left allmulticast mode
[  439.082975][ T8970] bridge_slave_1: left promiscuous mode
[  439.088593][ T8970] bridge0: port 2(bridge_slave_1) entered disabled state
[  439.097290][ T8970] bridge_slave_0: left allmulticast mode
[  439.103536][ T8970] bridge_slave_0: left promiscuous mode
[  439.109149][ T8970] bridge0: port 1(bridge_slave_0) entered disabled state
[  439.343607][ T8970] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  439.355867][ T8970] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  439.367535][ T8970] bond0 (unregistering): Released all slaves
[  439.493539][T17029] batman_adv: batadv0: Adding interface: batadv_slave_0
[  439.515394][T17029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  439.516446][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  439.550231][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  439.560600][T17029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  439.575780][T17029] batman_adv: batadv0: Adding interface: batadv_slave_1
[  439.585658][T17029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  439.613902][T17029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  439.726206][T17059] 9pnet_fd: Insufficient options for proto=fd
[  439.754308][T17029] hsr_slave_0: entered promiscuous mode
[  439.765012][T17029] hsr_slave_1: entered promiscuous mode
[  439.772914][T17029] debugfs: 'hsr0' already exists in 'hsr'
[  439.778634][T17029] Cannot create hsr debugfs directory
[  439.925108][ T5865] Bluetooth: hci5: command tx timeout
[  441.249524][T17029] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.379509][ T8970] hsr_slave_0: left promiscuous mode
[  441.405339][ T8970] hsr_slave_1: left promiscuous mode
[  441.413856][ T8970] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  441.421762][ T8970] batman_adv: batadv0: Removing interface: batadv_slave_0
[  441.432573][ T8970] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  441.443211][ T8970] batman_adv: batadv0: Removing interface: batadv_slave_1
[  441.463828][ T8970] veth1_macvtap: left promiscuous mode
[  441.469309][ T8970] veth0_macvtap: left promiscuous mode
[  441.475563][ T8970] veth1_vlan: left promiscuous mode
[  441.481128][ T8970] veth0_vlan: left promiscuous mode
[  441.806349][ T8970] team0 (unregistering): Port device team_slave_1 removed
[  441.841301][ T8970] team0 (unregistering): Port device team_slave_0 removed
[  441.993324][ T5865] Bluetooth: hci5: command tx timeout
[  442.206977][T17029] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  442.336151][T17082] Process accounting resumed
[  442.338099][T17029] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.035990][T17029] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.555083][T17029] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  443.688711][T17029] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  443.740374][T17029] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  443.753913][T17029] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  444.110609][ T5865] Bluetooth: hci5: command tx timeout
[  444.515714][T17029] 8021q: adding VLAN 0 to HW filter on device bond0
[  444.548930][T17029] 8021q: adding VLAN 0 to HW filter on device team0
[  444.706102][ T8971] bridge0: port 1(bridge_slave_0) entered blocking state
[  444.713243][ T8971] bridge0: port 1(bridge_slave_0) entered forwarding state
[  444.775915][ T8970] bridge0: port 2(bridge_slave_1) entered blocking state
[  444.783025][ T8970] bridge0: port 2(bridge_slave_1) entered forwarding state
[  444.807005][T17115] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4283'.
[  444.816238][T17115] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4283'.
[  444.879156][T17119] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4285'.
[  445.457984][T17029] 8021q: adding VLAN 0 to HW filter on device batadv0
[  445.515732][T17029] veth0_vlan: entered promiscuous mode
[  445.529583][T17029] veth1_vlan: entered promiscuous mode
[  445.567804][T17029] veth0_macvtap: entered promiscuous mode
[  445.578805][T17029] veth1_macvtap: entered promiscuous mode
[  445.618981][T17029] batman_adv: batadv0: Interface activated: batadv_slave_0
[  445.650899][T17029] batman_adv: batadv0: Interface activated: batadv_slave_1
[  445.667804][ T8971] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  445.768423][ T8971] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  445.777755][ T8971] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  445.787894][T17154] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4294'.
[  445.798887][ T8971] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  446.150743][ T5865] Bluetooth: hci5: command tx timeout
[  446.409533][ T8971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  446.426856][ T8971] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  446.457814][T17161] netlink: 'syz.6.4297': attribute type 10 has an invalid length.
[  446.469631][T17161] netlink: 40 bytes leftover after parsing attributes in process `syz.6.4297'.
[  446.486643][T17161] dummy0: entered promiscuous mode
[  446.515712][T17161] bridge0: port 1(dummy0) entered blocking state
[  446.566246][T17161] bridge0: port 1(dummy0) entered disabled state
[  446.575928][T17161] dummy0: entered allmulticast mode
[  446.593223][T17161] bridge0: port 1(dummy0) entered blocking state
[  446.599666][T17161] bridge0: port 1(dummy0) entered forwarding state
[  446.617151][ T8953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  446.631442][ T8953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  447.135088][T17167] netlink: 'syz.2.4299': attribute type 2 has an invalid length.
[  447.240098][T17167] netlink: 116 bytes leftover after parsing attributes in process `syz.2.4299'.
[  447.399310][T17185] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  449.565790][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  449.565805][   T30] audit: type=1326 audit(1757367628.469:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17211 comm="syz.6.4312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  449.672295][   T30] audit: type=1326 audit(1757367628.469:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17211 comm="syz.6.4312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  449.817861][   T30] audit: type=1326 audit(1757367628.479:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17211 comm="syz.6.4312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  449.855321][   T30] audit: type=1326 audit(1757367628.479:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17211 comm="syz.6.4312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  449.943395][   T30] audit: type=1326 audit(1757367628.479:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17211 comm="syz.6.4312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  449.977249][   T30] audit: type=1326 audit(1757367628.479:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17211 comm="syz.6.4312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  450.002620][   T30] audit: type=1326 audit(1757367628.479:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17211 comm="syz.6.4312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  450.155370][T17224] netlink: 'syz.5.4316': attribute type 4 has an invalid length.
[  450.194369][T17224] netlink: 'syz.5.4316': attribute type 4 has an invalid length.
[  450.289422][   T30] audit: type=1326 audit(1757367628.479:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17211 comm="syz.6.4312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  450.489521][   T30] audit: type=1326 audit(1757367628.479:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17211 comm="syz.6.4312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  450.567916][   T30] audit: type=1326 audit(1757367628.479:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17211 comm="syz.6.4312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  450.893125][T17237] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4321'.
[  450.902505][T17234] overlayfs: workdir and upperdir must reside under the same mount
[  451.803205][T17270] overlayfs: failed to clone upperpath
[  453.980648][T17285] VFS: Mount too revealing
[  454.058165][T17298] overlayfs: failed to clone upperpath
[  454.987674][T17283] netlink: 'syz.5.4336': attribute type 2 has an invalid length.
[  455.377474][T17313] block nbd5: Attempted send on invalid socket
[  455.456289][T17313] I/O error, dev nbd5, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  455.626586][   T25] block nbd5: Attempted send on invalid socket
[  455.633469][   T25] I/O error, dev nbd5, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  455.644359][T17313] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  455.689840][T17313] block nbd5: Attempted send on invalid socket
[  455.780525][T17313] I/O error, dev nbd5, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  455.860399][T17313] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  455.872315][T17313] block nbd5: Attempted send on invalid socket
[  455.952233][T17313] I/O error, dev nbd5, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  456.055005][T17313] block nbd5: Attempted send on invalid socket
[  456.098045][T17313] I/O error, dev nbd5, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  456.217114][T17313] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  456.460502][T17313] block nbd5: Attempted send on invalid socket
[  456.470375][T17313] I/O error, dev nbd5, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  456.510199][T17313] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  456.536090][T17313] block nbd5: Attempted send on invalid socket
[  456.557866][T17313] I/O error, dev nbd5, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  456.590481][T17313] block nbd5: Attempted send on invalid socket
[  456.596719][T17313] I/O error, dev nbd5, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  456.606358][T17313] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  456.622036][T17313] block nbd5: Attempted send on invalid socket
[  456.628266][T17313] I/O error, dev nbd5, sector 4096 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  456.654452][T17313] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  456.670681][T17313] UDF-fs: warning (device nbd5): udf_fill_super: No partition found (1)
[  458.230568][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  458.230583][   T30] audit: type=1400 audit(1757367637.049:932): avc:  denied  { setopt } for  pid=17339 comm="syz.1.4354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  458.339987][ T5958] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  458.570068][ T5958] usb 6-1: Using ep0 maxpacket: 16
[  458.578054][ T5958] usb 6-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice=93.b9
[  458.601026][ T5958] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.636902][ T5958] usb 6-1: Product: syz
[  458.689982][ T5958] usb 6-1: Manufacturer: syz
[  458.726664][ T5958] usb 6-1: SerialNumber: syz
[  458.765855][ T5958] usb 6-1: config 0 descriptor??
[  459.004424][ T5958] speedtch 6-1:0.0: speedtch_bind: wrong device class 141
[  459.011770][ T5958] speedtch 6-1:0.0: usbatm_usb_probe: bind failed: -19!
[  459.064074][ T5958] usb 6-1: USB disconnect, device number 30
[  460.600510][T17379] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4368'.
[  460.669375][T17379] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17379 comm=syz.6.4368
[  463.336566][T17419] overlayfs: failed to clone upperpath
[  465.912565][T17462] /dev/nullb0: Can't lookup blockdev
[  468.104953][T17498] overlayfs: failed to clone upperpath
[  468.614478][T17506] cgroup: fork rejected by pids controller in /syz6
[  468.779380][   T30] audit: type=1400 audit(1757367647.679:933): avc:  denied  { watch watch_reads } for  pid=17541 comm="syz.5.4416" path="/" dev="configfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  469.517748][T17557] affs: No valid root block on device nullb0
[  470.864080][T17572] netlink: 'syz.1.4427': attribute type 10 has an invalid length.
[  470.918350][T17572] syz_tun: entered promiscuous mode
[  470.996617][T17572] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  471.418690][   T30] audit: type=1400 audit(1757367650.319:934): avc:  denied  { ioctl } for  pid=17583 comm="syz.5.4430" path="pid:[4026532786]" dev="nsfs" ino=4026532786 ioctlcmd=0x64c2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  472.955933][T17623] netlink: 'syz.5.4443': attribute type 1 has an invalid length.
[  473.009252][T17624] netlink: 'syz.1.4442': attribute type 10 has an invalid length.
[  473.025772][T17624] team0: Port device dummy0 added
[  473.039198][T17626] bond4: (slave vti0): The slave device specified does not support setting the MAC address
[  473.054711][T17626] bond4: (slave vti0): Setting fail_over_mac to active for active-backup mode
[  473.176403][T17626] bond4: (slave vti0): making interface the new active one
[  473.211839][T17623] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4443'.
[  473.787976][T17626] bond4: (slave vti0): Enslaving as an active interface with an up link
[  473.828246][T17623] 8021q: adding VLAN 0 to HW filter on device bond4
[  474.019978][   T30] audit: type=1400 audit(1757367652.909:935): avc:  denied  { getopt } for  pid=17638 comm="syz.5.4447" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  474.140887][T17641] wg2: entered promiscuous mode
[  474.145762][T17641] wg2: entered allmulticast mode
[  474.232987][T17645] Set syz0 is full, maxelem 0 reached
[  477.069460][T17706] overlayfs: failed to clone upperpath
[  480.393943][T17762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4491'.
[  481.507574][T17774] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4494'.
[  481.517627][T17774] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4494'.
[  481.526928][T17774] netlink: 36 bytes leftover after parsing attributes in process `syz.6.4494'.
[  483.154738][T17790] overlayfs: failed to clone upperpath
[  483.342123][   T30] audit: type=1400 audit(1757367662.249:936): avc:  denied  { ioctl } for  pid=17799 comm="syz.2.4505" path="socket:[69478]" dev="sockfs" ino=69478 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  484.544375][T17841] netlink: 'syz.2.4517': attribute type 10 has an invalid length.
[  484.634191][   T54] IPVS: starting estimator thread 0...
[  484.815914][T17844] IPVS: using max 48 ests per chain, 115200 per kthread
[  487.237512][T17870] overlayfs: failed to clone upperpath
[  487.560546][ T5865] Bluetooth: hci4: unexpected cc 0x203e length: 2 > 1
[  487.563393][T17882] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4528'.
[  491.590060][ T5865] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  491.601177][ T5865] Bluetooth: hci4: Injecting HCI hardware error event
[  491.609163][ T5858] Bluetooth: hci4: hardware error 0x00
[  493.712722][ T5858] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  494.337061][T17973] sch_tbf: burst 1821 is lower than device lo mtu (65550) !
[  494.385858][T17973] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4560'.
[  495.967753][   T30] audit: type=1400 audit(1757367674.439:937): avc:  denied  { shutdown } for  pid=17979 comm="syz.2.4562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  496.020831][   T30] audit: type=1400 audit(1757367674.439:938): avc:  denied  { read } for  pid=17979 comm="syz.2.4562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  496.085204][T17990] overlayfs: failed to clone upperpath
[  496.193639][T17993] netlink: 1319 bytes leftover after parsing attributes in process `syz.2.4568'.
[  496.941780][   T30] audit: type=1400 audit(1757367675.619:939): avc:  denied  { create } for  pid=18001 comm="syz.5.4571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  497.228687][   T30] audit: type=1400 audit(1757367675.639:940): avc:  denied  { getopt } for  pid=18001 comm="syz.5.4571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  499.413066][T18041] overlayfs: failed to clone upperpath
[  500.501891][T18056] tipc: New replicast peer: 255.255.255.255
[  500.508176][T18056] tipc: Enabled bearer <udp:syz2>, priority 10
[  500.517366][T18056] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4592'.
[  500.532639][T18056] tipc: Disabling bearer <udp:syz2>
[  500.548049][T18056] netlink: 48 bytes leftover after parsing attributes in process `syz.6.4592'.
[  500.953841][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  500.973509][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  504.022354][T18119] netlink: 'syz.5.4613': attribute type 10 has an invalid length.
[  504.087516][T18119] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  504.113368][ T8969] bond0: (slave dummy0): interface is now down
[  504.133262][ T8969] bond0: now running without any active interface!
[  504.320437][ T5848] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  504.480206][ T5848] usb 6-1: Using ep0 maxpacket: 32
[  504.486564][ T5848] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  504.495897][ T5848] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.505716][ T5848] usb 6-1: config 0 descriptor??
[  504.714440][ T5848] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  504.723314][ T5848] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  504.732955][ T5848] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  504.740295][ T5848] usb 6-1: media controller created
[  504.757826][ T5848] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  504.915523][ T5848] az6027: usb out operation failed. (-71)
[  504.922008][ T5848] az6027: usb out operation failed. (-71)
[  504.927705][ T5848] stb0899_attach: Driver disabled by Kconfig
[  504.933846][ T5848] az6027: no front-end attached
[  504.933846][ T5848] 
[  504.941185][ T5848] az6027: usb out operation failed. (-71)
[  504.946877][ T5848] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  504.958247][ T5848] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input37
[  504.973548][ T5848] dvb-usb: schedule remote query interval to 400 msecs.
[  504.987411][ T5848] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  505.013644][ T5848] usb 6-1: USB disconnect, device number 31
[  505.046414][ T5848] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  506.179314][   T30] audit: type=1400 audit(1757367685.059:941): avc:  denied  { ioctl } for  pid=18155 comm="syz.1.4626" path="socket:[71090]" dev="sockfs" ino=71090 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  506.409084][   T30] audit: type=1400 audit(1757367685.299:942): avc:  denied  { read } for  pid=18164 comm="syz.2.4630" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  507.541324][T18176] md2: using deprecated bitmap file support
[  507.549215][T18176] md2: error: bitmap file must be a regular file
[  507.970172][T18192] 9pnet_fd: Insufficient options for proto=fd
[  509.613497][ T5902] libceph: connect (1)[c::]:6789 error -101
[  509.619523][ T5902] libceph: mon0 (1)[c::]:6789 connect error
[  509.886991][T18212] ceph: No mds server is up or the cluster is laggy
[  509.899470][ T5902] libceph: connect (1)[c::]:6789 error -101
[  509.910407][ T5902] libceph: mon0 (1)[c::]:6789 connect error
[  510.609541][T18230] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4651'.
[  510.639986][   T30] audit: type=1400 audit(1757367689.509:943): avc:  denied  { nlmsg_read } for  pid=18229 comm="syz.1.4651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  511.650707][T18247] overlayfs: failed to clone upperpath
[  512.121839][T18263] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4664'.
[  512.214695][T18266] devpts: Bad value for 'max'
[  512.627467][   T30] audit: type=1400 audit(1757367691.529:944): avc:  denied  { shutdown } for  pid=18273 comm="syz.2.4668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  513.495360][T18282] overlayfs: failed to clone upperpath
[  514.071080][ T5858] Bluetooth: hci0: unexpected cc 0x1004 length: 9 < 11
[  514.079171][ T5858] Bluetooth: hci0: unexpected event for opcode 0x1004
[  514.244919][T18304] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4678'.
[  514.289721][T18304] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18304 comm=syz.1.4678
[  518.292746][ T5858] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  518.302236][ T5858] Bluetooth: hci0: Injecting HCI hardware error event
[  518.538611][ T5858] Bluetooth: hci0: hardware error 0x00
[  520.693721][T18376] ptrace attach of "./syz-executor exec"[6806] was attempted by "./syz-executor exec"[18376]
[  521.089304][ T5858] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  525.493276][   T30] audit: type=1400 audit(1757367704.399:945): avc:  denied  { bind } for  pid=18438 comm="syz.2.4718" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  526.200564][   T30] audit: type=1400 audit(1757367705.099:946): avc:  denied  { listen } for  pid=18454 comm="syz.6.4726" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  526.221566][   T30] audit: type=1400 audit(1757367705.099:947): avc:  denied  { accept } for  pid=18454 comm="syz.6.4726" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  526.950473][   T54] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  527.163442][T18469] sch_tbf: burst 1023 is lower than device lo mtu (11337746) !
[  527.171215][   T54] usb 6-1: config 0 has no interfaces?
[  527.172813][   T54] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  527.194247][   T54] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.236789][   T54] usb 6-1: Product: syz
[  527.250352][   T54] usb 6-1: Manufacturer: syz
[  527.633443][T18471] sch_tbf: burst 0 is lower than device lo mtu (11337746) !
[  527.740091][   T54] usb 6-1: SerialNumber: syz
[  527.746160][   T54] usb 6-1: config 0 descriptor??
[  528.060004][T18478] netlink: 52 bytes leftover after parsing attributes in process `syz.6.4730'.
[  529.386333][ T5902] IPVS: starting estimator thread 0...
[  529.500464][T18491] IPVS: using max 77 ests per chain, 184800 per kthread
[  529.873040][ T5909] usb 6-1: USB disconnect, device number 32
[  532.285755][T18534] : entered promiscuous mode
[  534.107549][T18545] lo speed is unknown, defaulting to 1000
[  534.114204][T18545] lo speed is unknown, defaulting to 1000
[  534.123578][T18545] lo speed is unknown, defaulting to 1000
[  534.212142][T18545] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  534.909771][T18545] lo speed is unknown, defaulting to 1000
[  535.159869][T18545] lo speed is unknown, defaulting to 1000
[  535.226766][T18545] lo speed is unknown, defaulting to 1000
[  535.297394][T18545] lo speed is unknown, defaulting to 1000
[  535.386774][T18545] lo speed is unknown, defaulting to 1000
[  535.421513][T18545] lo speed is unknown, defaulting to 1000
[  535.453830][T18545] lo speed is unknown, defaulting to 1000
[  537.298831][T18592] syz_tun: entered allmulticast mode
[  537.311405][T18592] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4769'.
[  537.383039][T18592] syz_tun (unregistering): left allmulticast mode
[  537.430287][T18592] bond0: (slave syz_tun): Releasing backup interface
[  537.633067][T18598] netlink: 'syz.6.4773': attribute type 4 has an invalid length.
[  537.650597][T18598] netlink: 'syz.6.4773': attribute type 4 has an invalid length.
[  538.069290][   T30] audit: type=1400 audit(1757367716.899:948): avc:  denied  { read } for  pid=18606 comm="syz.2.4777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  541.007287][T18652] overlayfs: failed to clone upperpath
[  541.168734][T18647] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  541.699006][T18659] lo speed is unknown, defaulting to 1000
[  541.751687][T18663] overlayfs: failed to clone upperpath
[  542.669409][T18682] netlink: 'syz.1.4801': attribute type 10 has an invalid length.
[  542.787517][T18682] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  543.943065][T18694] lo: entered allmulticast mode
[  544.595974][T18692] lo: left allmulticast mode
[  545.180528][T18717] overlayfs: failed to clone upperpath
[  545.668839][T18712] lo speed is unknown, defaulting to 1000
[  546.513609][T18735] Invalid option length (57448) for dns_resolver key
[  547.877417][T18745] netlink: 'syz.5.4819': attribute type 10 has an invalid length.
[  547.973397][T18745] bond0: (slave netdevsim0): Enslaving as an active interface with a down link
[  548.410880][T18757] overlayfs: failed to clone upperpath
[  548.653620][   T30] audit: type=1400 audit(1757367727.519:949): avc:  denied  { mount } for  pid=18760 comm="syz.6.4828" name="/" dev="bdev" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bdev_t tclass=filesystem permissive=1
[  548.685888][   T30] audit: type=1400 audit(1757367727.559:950): avc:  denied  { create } for  pid=18760 comm="syz.6.4828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  549.129285][T18766] netlink: 'syz.6.4829': attribute type 4 has an invalid length.
[  549.157381][T18766] netlink: 'syz.6.4829': attribute type 4 has an invalid length.
[  550.644787][T18785] netlink: 'syz.6.4836': attribute type 10 has an invalid length.
[  550.652949][T18785] hsr0: entered promiscuous mode
[  550.659113][T18785] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  550.669388][T18785] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  550.681939][T18785] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  551.100481][T18798] : entered promiscuous mode
[  551.748905][T18805] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  551.780297][T18805] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  551.817542][T18805] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  551.890212][T18805] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  551.897416][T18805] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  551.904689][T18805] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  551.916356][T18805] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  551.926109][T18805] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  551.933546][T18805] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  551.940959][T18805] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  552.150395][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  556.433749][   T30] audit: type=1400 audit(1757367735.329:951): avc:  denied  { checkpoint_restore } for  pid=18855 comm="syz.5.4858" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  559.230537][T18881] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4864'.
[  559.868125][   T30] audit: type=1400 audit(1757367738.759:952): avc:  denied  { append } for  pid=18885 comm="syz.5.4868" name="sg0" dev="devtmpfs" ino=753 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  560.100347][ T5902] usb 6-1: new full-speed USB device number 33 using dummy_hcd
[  560.266840][ T5902] usb 6-1: config 0 has an invalid interface number: 220 but max is 0
[  560.275297][ T5902] usb 6-1: config 0 has no interface number 0
[  560.307031][ T5902] usb 6-1: config 0 interface 220 has no altsetting 0
[  560.384668][ T5902] usb 6-1: New USB device found, idVendor=0ace, idProduct=1611, bcdDevice=b7.19
[  560.404251][ T5902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.419938][ T5902] usb 6-1: Product: syz
[  560.425991][ T5902] usb 6-1: Manufacturer: syz
[  560.440468][ T5902] usb 6-1: SerialNumber: syz
[  560.447340][ T5902] usb 6-1: config 0 descriptor??
[  560.461917][ T5902] cdc_acm 6-1:0.220: Zero length descriptor references
[  560.468854][ T5902] cdc_acm 6-1:0.220: probe with driver cdc_acm failed with error -22
[  560.633157][T18905] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4874'.
[  560.645126][T18905] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4874'.
[  561.474218][T18919] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4880'.
[  561.667740][T18934] netlink: 'syz.6.4884': attribute type 3 has an invalid length.
[  561.681181][T18934] netlink: 'syz.6.4884': attribute type 3 has an invalid length.
[  562.402407][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  562.410276][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  562.648507][ T5902] usb 6-1: USB disconnect, device number 33
[  564.485377][ T5865] Bluetooth: hci5: command 0x0406 tx timeout
[  564.802802][   T54] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  565.221220][   T54] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  565.231571][   T54] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  565.241354][   T54] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  565.256588][   T54] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  565.266039][   T54] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  565.274219][   T54] usb 6-1: Product: syz
[  565.278426][   T54] usb 6-1: Manufacturer: syz
[  565.283166][   T54] usb 6-1: SerialNumber: syz
[  565.565859][   T54] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 34 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  565.660354][T18986] uprobe: syz.1.4898:18986 failed to unregister, leaking uprobe
[  565.799154][ T5958] usb 6-1: USB disconnect, device number 34
[  565.810400][ T5958] usblp0: removed
[  568.230697][   T30] audit: type=1400 audit(1757367747.079:953): avc:  denied  { shutdown } for  pid=19011 comm="syz.1.4907" lport=9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  568.426928][T19021] bond0: (slave dummy0): Releasing backup interface
[  568.445721][T19021] bond0: (slave bond_slave_0): Releasing backup interface
[  568.455339][T19021] team0: Port device team_slave_0 removed
[  568.475758][T19021] team0: Port device team_slave_1 removed
[  568.483348][T19021] batman_adv: batadv0: Removing interface: batadv_slave_0
[  568.508904][T19021] bond2: (slave geneve2): Releasing active interface
[  572.476592][   T30] audit: type=1326 audit(1757367751.379:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19078 comm="syz.5.4928" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f621958ebe9 code=0x0
[  572.662452][T19083] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4927'.
[  573.371505][T19094] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4932'.
[  573.531081][T19099] netlink: 'syz.6.4931': attribute type 3 has an invalid length.
[  573.538860][T19099] netlink: 201372 bytes leftover after parsing attributes in process `syz.6.4931'.
[  574.220853][T19100] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  574.227386][T19100] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  574.416595][T19100] vhci_hcd vhci_hcd.0: Device attached
[  574.597418][T19101] vhci_hcd: connection closed
[  574.660215][ T5958] usb 43-1: new high-speed USB device number 2 using vhci_hcd
[  575.186619][ T8925] vhci_hcd: stop threads
[  575.191279][ T8925] vhci_hcd: release socket
[  575.195888][ T8925] vhci_hcd: disconnect device
[  575.543386][T19112] netlink: 'syz.1.4936': attribute type 10 has an invalid length.
[  575.574685][T19112] bond0: (slave netdevsim0): Releasing backup interface
[  575.597432][T19112] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  575.635131][T19112] team0: Failed to send options change via netlink (err -105)
[  575.760200][T19112] team0: Port device netdevsim0 added
[  577.267856][   T54] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  577.433507][   T54] usb 6-1: Using ep0 maxpacket: 16
[  577.499232][   T54] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  577.518837][   T54] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.540873][   T54] usb 6-1: Product: syz
[  577.557156][   T54] usb 6-1: Manufacturer: syz
[  577.574782][   T54] usb 6-1: SerialNumber: syz
[  577.607048][   T54] r8152-cfgselector 6-1: Unknown version 0x0000
[  577.637751][   T54] r8152-cfgselector 6-1: config 0 descriptor??
[  577.657472][T19158] sctp: [Deprecated]: syz.2.4952 (pid 19158) Use of struct sctp_assoc_value in delayed_ack socket option.
[  577.657472][T19158] Use struct sctp_sack_info instead
[  577.674358][   T30] audit: type=1400 audit(1757367756.559:955): avc:  denied  { write } for  pid=19157 comm="syz.2.4952" lport=56909 faddr=::ffff:100.1.1.1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  577.728110][   T30] audit: type=1400 audit(1757367756.559:956): avc:  denied  { setopt } for  pid=19157 comm="syz.2.4952" lport=56909 faddr=::ffff:100.1.1.1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  577.907433][T19142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  577.916053][T19142] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  577.928470][   T54] r8152-cfgselector 6-1: Unknown version 0x0000
[  577.955552][   T54] r8152-cfgselector 6-1: bad CDC descriptors
[  577.971549][   T54] r8152-cfgselector 6-1: USB disconnect, device number 35
[  579.419785][T19168] netlink: 'syz.1.4955': attribute type 10 has an invalid length.
[  580.315288][ T5958] vhci_hcd: vhci_device speed not set
[  584.643609][   T30] audit: type=1400 audit(1757367763.549:957): avc:  denied  { getopt } for  pid=19247 comm="syz.6.4979" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  584.685945][T19250] 9pnet_fd: Insufficient options for proto=fd
[  586.574279][T19243] Bluetooth: hci5: command 0x0406 tx timeout
[  587.720012][ T5958] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  587.747252][T19277] netlink: 'syz.6.4987': attribute type 10 has an invalid length.
[  587.772376][T19277] 8021q: adding VLAN 0 to HW filter on device team0
[  587.879934][ T5958] usb 6-1: Using ep0 maxpacket: 16
[  587.896561][ T5958] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  587.917247][ T5958] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  587.931817][ T5958] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  587.946987][ T5958] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  587.959463][ T5958] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  587.967615][ T5958] usb 6-1: SerialNumber: syz
[  587.980492][ T5958] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[  587.988414][ T5958] cdc_acm 6-1:1.0: This needs exactly 3 endpoints
[  587.997817][ T5958] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -22
[  588.244192][ T5958] usb 6-1: USB disconnect, device number 36
[  588.342934][T19288] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4992'.
[  589.156389][T19294] bridge5: entered allmulticast mode
[  589.334790][T19300] netlink: 'syz.1.4997': attribute type 1 has an invalid length.
[  592.573931][   T30] audit: type=1400 audit(1757367771.399:958): avc:  denied  { getopt } for  pid=19346 comm="syz.1.5013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  592.970292][T19352] netlink: 'syz.5.5014': attribute type 1 has an invalid length.
[  593.099321][T19354] veth9: entered promiscuous mode
[  593.396968][T19354] bond5: (slave veth9): Enslaving as a backup interface with a down link
[  593.442322][T19352] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5014'.
[  593.553623][ T8925] netdevsim netdevsim7 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  593.820264][ T8925] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  593.930794][T19352] 8021q: adding VLAN 0 to HW filter on device bond5
[  594.267921][ T8925] netdevsim netdevsim7 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  594.297202][ T8925] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.884633][ T8925] netdevsim netdevsim7 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  595.106442][ T8925] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  595.229367][   T30] audit: type=1400 audit(1757367774.129:959): avc:  denied  { relabelfrom } for  pid=19377 comm="syz.2.5023" name="" dev="pipefs" ino=75964 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  595.625806][ T8925] netdevsim netdevsim7 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  595.666012][ T8925] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  598.664269][ T8925] dvmrp8 (unregistering): left allmulticast mode
[  600.461581][ T8925] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  600.480486][ T8925] bond_slave_0: left allmulticast mode
[  600.489953][ T8925] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  600.500445][ T8925] bond_slave_1: left allmulticast mode
[  600.508098][ T8925] bond0 (unregistering): Released all slaves
[  600.633348][ T8925] bond1 (unregistering): (slave veth5): Releasing active interface
[  600.645159][ T8925] dummy0: entered promiscuous mode
[  600.654615][ T8925] bond1 (unregistering): (slave dummy0): Releasing active interface
[  600.667537][ T8925] bond1 (unregistering): Released all slaves
[  600.691426][T19427] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  603.210273][ T8925] hsr_slave_0: left promiscuous mode
[  603.262948][ T8925] hsr_slave_1: left promiscuous mode
[  603.280283][ T8925] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  603.287668][ T8925] batman_adv: batadv0: Removing interface: batadv_slave_0
[  603.383272][ T8925] veth1_macvtap: left promiscuous mode
[  603.472801][ T8925] veth0_macvtap: left promiscuous mode
[  603.480682][ T8925] veth1_vlan: left promiscuous mode
[  603.490439][ T8925] veth0_vlan: left promiscuous mode
[  605.593707][   T30] audit: type=1326 audit(1757367784.499:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19481 comm="syz.5.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f621958ebe9 code=0x7ffc0000
[  606.103181][   T30] audit: type=1326 audit(1757367784.499:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19481 comm="syz.5.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f621958ebe9 code=0x7ffc0000
[  606.162522][   T30] audit: type=1326 audit(1757367785.059:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19481 comm="syz.5.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f621958ebe9 code=0x7ffc0000
[  606.196457][   T30] audit: type=1326 audit(1757367785.059:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19481 comm="syz.5.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f621958ebe9 code=0x7ffc0000
[  606.229890][   T30] audit: type=1326 audit(1757367785.059:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19481 comm="syz.5.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f621958ebe9 code=0x7ffc0000
[  606.318767][   T30] audit: type=1326 audit(1757367785.059:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19481 comm="syz.5.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f621958ebe9 code=0x7ffc0000
[  606.402735][   T30] audit: type=1326 audit(1757367785.059:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19481 comm="syz.5.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f621958ebe9 code=0x7ffc0000
[  606.610593][   T30] audit: type=1326 audit(1757367785.059:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19481 comm="syz.5.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f621958ebe9 code=0x7ffc0000
[  606.677577][   T30] audit: type=1326 audit(1757367785.059:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19481 comm="syz.5.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f621958ebe9 code=0x7ffc0000
[  607.953142][   T30] audit: type=1326 audit(1757367785.059:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19481 comm="syz.5.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f621958ebe9 code=0x7ffc0000
[  608.145991][T19499] trusted_key: encrypted_key: hex blob is missing
[  608.195977][T19497] tipc: Failed to remove unknown binding: 66,1,1/4:263523879/263523881
[  608.218568][T19497] tipc: Failed to remove unknown binding: 66,1,1/4:263523879/263523881
[  608.230338][T19497] tipc: Failed to remove unknown binding: 66,1,1/4:263523879/263523881
[  608.345201][ T8925] team0 (unregistering): Port device team_slave_1 removed
[  608.380454][ T8925] team0 (unregistering): Port device team_slave_0 removed
[  608.404063][ T8970] smc: removing ib device syz!
[  610.868590][T19527] overlayfs: failed to clone upperpath
[  611.098214][T19529] lo speed is unknown, defaulting to 1000
[  612.132531][ T8925] IPVS: stop unused estimator thread 0...
[  613.787591][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  613.787608][   T30] audit: type=1400 audit(1757367792.689:984): avc:  denied  { lock } for  pid=19589 comm="syz.6.5088" path="socket:[75636]" dev="sockfs" ino=75636 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  615.591158][   T30] audit: type=1400 audit(1757367794.499:985): avc:  denied  { getopt } for  pid=19611 comm="syz.5.5093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  617.186676][T19626] netlink: 277 bytes leftover after parsing attributes in process `syz.6.5097'.
[  620.220445][T19660] netlink: 156 bytes leftover after parsing attributes in process `syz.6.5109'.
[  621.678501][   T30] audit: type=1400 audit(1757367800.579:986): avc:  denied  { write } for  pid=19670 comm="syz.5.5113" name="file0" dev="tmpfs" ino=4942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  623.850446][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  623.866156][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  625.947431][T19714] netlink: 'syz.6.5125': attribute type 1 has an invalid length.
[  626.739238][T19723] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5125'.
[  626.840717][T19725] gretap1: entered promiscuous mode
[  626.858103][T19725] bond8: (slave gretap1): making interface the new active one
[  626.910400][T19725] bond8: (slave gretap1): Enslaving as an active interface with an up link
[  631.181382][   T30] audit: type=1326 audit(1757367810.089:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19796 comm="syz.6.5152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7fc00000
[  631.239329][   T30] audit: type=1326 audit(1757367810.109:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19796 comm="syz.6.5152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7fc00000
[  631.281148][   T30] audit: type=1326 audit(1757367810.169:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19796 comm="syz.6.5152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7fc00000
[  631.307209][   T30] audit: type=1326 audit(1757367810.169:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19796 comm="syz.6.5152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7fc00000
[  631.445204][   T30] audit: type=1400 audit(1757367810.179:991): avc:  denied  { create } for  pid=19801 comm="syz.5.5153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  631.465354][   T30] audit: type=1400 audit(1757367810.179:992): avc:  denied  { ioctl } for  pid=19801 comm="syz.5.5153" path="socket:[78185]" dev="sockfs" ino=78185 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  631.945725][   T30] audit: type=1326 audit(1757367810.849:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19796 comm="syz.6.5152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7fc00000
[  635.098013][T19844] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5165'.
[  635.372289][T19847] bridge0: port 1(dummy0) entered disabled state
[  635.564179][T19855] bridge0: port 2(bridge_slave_1) entered disabled state
[  635.571748][T19855] bridge0: port 1(bridge_slave_0) entered disabled state
[  635.636209][T19855] wg2: left promiscuous mode
[  635.645907][T19855] wg2: left allmulticast mode
[  635.692855][T19855] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  635.703919][T19868] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5170'.
[  635.718792][T19855] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  635.804905][ T8969] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  635.843518][ T8969] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  636.037588][ T8969] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  636.088555][ T8969] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  636.338034][ T8969] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  636.355413][ T8969] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  636.366491][ T8969] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  636.378827][ T8969] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  636.398871][ T8969] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  636.416839][ T8969] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  636.428538][ T8969] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  636.540452][ T8969] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  636.677852][T19877] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  637.222966][T19879] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709
[  638.965125][   T30] audit: type=1326 audit(1757367817.869:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19910 comm="syz.1.5185" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f509378ebe9 code=0x0
[  639.726101][T19919] netlink: 156 bytes leftover after parsing attributes in process `syz.5.5187'.
[  641.565626][ T5909] Process accounting resumed
[  641.635664][   T30] audit: type=1400 audit(1757367820.539:995): avc:  denied  { write } for  pid=19949 comm="syz.5.5198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  644.068434][T19978] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5206'.
[  644.836055][T19983] lo speed is unknown, defaulting to 1000
[  653.102666][ T5924] IPVS: starting estimator thread 0...
[  653.240013][T20070] IPVS: using max 44 ests per chain, 105600 per kthread
[  654.168009][   T30] audit: type=1400 audit(1757367833.069:996): avc:  denied  { getopt } for  pid=20086 comm="syz.2.5239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  654.168014][T20087] IPVS: length: 56 != 206581052192
[  654.207319][T20087] IPVS: set_ctl: invalid protocol: 115 224.0.0.2:20004
[  657.846938][T20129] overlayfs: failed to clone upperpath
[  662.170419][T20185] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5271'.
[  662.528550][T20191] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5271'.
[  663.389953][  T913] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  663.733602][  T913] usb 6-1: Using ep0 maxpacket: 16
[  663.771202][  T913] usb 6-1: unable to get BOS descriptor or descriptor too short
[  663.845617][  T913] usb 6-1: config 2 has an invalid interface number: 215 but max is 0
[  663.956998][  T913] usb 6-1: config 2 has no interface number 0
[  663.963317][  T913] usb 6-1: config 2 interface 215 has no altsetting 0
[  663.972200][  T913] usb 6-1: New USB device found, idVendor=2639, idProduct=0017, bcdDevice=31.66
[  663.989298][  T913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.997676][  T913] usb 6-1: Product: syz
[  664.003803][  T913] usb 6-1: Manufacturer: syz
[  664.009743][  T913] usb 6-1: SerialNumber: syz
[  665.810112][  T913] usb 6-1: USB disconnect, device number 37
[  666.057068][T20222] lo speed is unknown, defaulting to 1000
[  671.332209][T20287] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5299'.
[  672.152366][   T30] audit: type=1400 audit(1757367850.589:997): avc:  denied  { ioctl } for  pid=20292 comm="syz.5.5300" path="/dev/sg0" dev="devtmpfs" ino=753 ioctlcmd=0x5393 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  679.252444][T21251] lo speed is unknown, defaulting to 1000
[  679.859127][ T8966] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  680.163364][ T8966] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  680.294149][ T8966] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  680.672654][ T8966] bond0: (slave netdevsim0): Releasing backup interface
[  680.714895][ T8966] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  680.774358][   T30] audit: type=1400 audit(1757367859.679:998): avc:  denied  { create } for  pid=21272 comm="syz.1.5325" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  680.884859][   T30] audit: type=1400 audit(1757367859.719:999): avc:  denied  { accept } for  pid=21272 comm="syz.1.5325" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  681.146650][T19243] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  681.162532][T19243] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  681.172024][T19243] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  681.183202][T19243] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  681.191323][T19243] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  681.486078][ T8966] bond4 (unregistering): (slave vti0): Releasing backup interface
[  681.882579][   T30] audit: type=1800 audit(1757367860.779:1000): pid=21289 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.5330" name="file1" dev="tmpfs" ino=1288 res=0 errno=0
[  682.612368][ T8966] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  682.643537][ T8966] bond0 (unregistering): Released all slaves
[  682.696573][ T8966] bond1 (unregistering): Released all slaves
[  682.719772][ T8966] bond2 (unregistering): Released all slaves
[  683.103321][ T8966] bond3 (unregistering): (slave veth7): Releasing active interface
[  683.116518][ T8966] bond3 (unregistering): Released all slaves
[  683.235830][ T8966] bond4 (unregistering): Released all slaves
[  683.276500][T19243] Bluetooth: hci1: command tx timeout
[  683.446081][ T8966] bond5 (unregistering): (slave veth9): Releasing backup interface
[  683.456047][ T8966] bond5 (unregistering): Released all slaves
[  683.491645][T21282] lo speed is unknown, defaulting to 1000
[  683.635567][ T8966] : left promiscuous mode
[  683.731387][ T8966] tipc: Left network mode
[  684.138945][T21282] chnl_net:caif_netlink_parms(): no params data found
[  684.282398][ T8966] hsr_slave_0: left promiscuous mode
[  684.313654][ T8966] veth1_macvtap: left promiscuous mode
[  684.328177][ T8966] veth0_macvtap: left promiscuous mode
[  685.296123][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  685.308314][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  685.380197][T19243] Bluetooth: hci1: command tx timeout
[  687.045681][ T5924] lo speed is unknown, defaulting to 1000
[  687.533238][ T5924] infiniband syz2: ib_query_port failed (-19)
[  687.542446][T19243] Bluetooth: hci1: command tx timeout
[  687.782046][T21282] bridge0: port 1(bridge_slave_0) entered blocking state
[  687.789159][T21282] bridge0: port 1(bridge_slave_0) entered disabled state
[  687.809817][T21282] bridge_slave_0: entered allmulticast mode
[  688.262319][T21282] bridge_slave_0: entered promiscuous mode
[  688.271697][T21282] bridge0: port 2(bridge_slave_1) entered blocking state
[  688.278840][T21282] bridge0: port 2(bridge_slave_1) entered disabled state
[  688.286326][T21282] bridge_slave_1: entered allmulticast mode
[  688.294472][T21282] bridge_slave_1: entered promiscuous mode
[  688.405379][T21282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  688.423488][T21282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  688.473681][T21282] team0: Port device team_slave_0 added
[  689.049947][T21282] team0: Port device team_slave_1 added
[  689.118087][T21282] batman_adv: batadv0: Adding interface: batadv_slave_0
[  689.126485][T21282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  689.156582][T21282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  689.169779][T21282] batman_adv: batadv0: Adding interface: batadv_slave_1
[  689.199025][T21282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  689.235733][T21282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  689.599923][T19243] Bluetooth: hci1: command tx timeout
[  689.678250][T21282] hsr_slave_0: entered promiscuous mode
[  689.792319][T21282] hsr_slave_1: entered promiscuous mode
[  690.754107][ T8966] IPVS: stop unused estimator thread 0...
[  693.082374][T21401] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5362'.
[  693.721296][T21282] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  693.780561][T21282] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  693.933820][T21282] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  694.115352][T21406] netlink: 'syz.1.5364': attribute type 1 has an invalid length.
[  694.123489][T21406] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.5364'.
[  694.343000][T21282] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  694.524588][T21282] 8021q: adding VLAN 0 to HW filter on device bond0
[  694.545661][T21282] 8021q: adding VLAN 0 to HW filter on device team0
[  694.563054][ T8958] bridge0: port 1(bridge_slave_0) entered blocking state
[  694.570143][ T8958] bridge0: port 1(bridge_slave_0) entered forwarding state
[  694.614648][ T8958] bridge0: port 2(bridge_slave_1) entered blocking state
[  694.621790][ T8958] bridge0: port 2(bridge_slave_1) entered forwarding state
[  694.735000][T21282] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  694.745385][T21282] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  695.773697][   T30] audit: type=1400 audit(1757367873.969:1001): avc:  denied  { setattr } for  pid=21421 comm="syz.2.5366" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  696.500143][   T30] audit: type=1400 audit(1757367875.399:1002): avc:  denied  { allowed } for  pid=21431 comm="syz.2.5368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  696.545318][T21282] 8021q: adding VLAN 0 to HW filter on device batadv0
[  696.711765][T21443] netlink: 96 bytes leftover after parsing attributes in process `syz.2.5372'.
[  697.808544][   T30] audit: type=1400 audit(1757367876.709:1003): avc:  denied  { read } for  pid=21458 comm="syz.6.5375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  698.000944][T21282] veth0_vlan: entered promiscuous mode
[  698.026629][T21282] veth1_vlan: entered promiscuous mode
[  698.058898][T21282] veth0_macvtap: entered promiscuous mode
[  698.078540][T21282] veth1_macvtap: entered promiscuous mode
[  698.098484][T21282] batman_adv: batadv0: Interface activated: batadv_slave_0
[  698.118544][T21282] batman_adv: batadv0: Interface activated: batadv_slave_1
[  698.148590][ T8966] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  698.194342][ T8966] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  698.249725][ T8966] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  698.298003][ T8966] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  698.361970][ T8966] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  698.386239][ T8966] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  698.591545][ T2959] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  698.599372][ T2959] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  698.697147][   T30] audit: type=1326 audit(1757367877.599:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21463 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  699.160285][ T5924] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  699.827340][   T30] audit: type=1326 audit(1757367877.629:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21463 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  699.851535][   T30] audit: type=1326 audit(1757367877.629:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21463 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  699.875754][   T30] audit: type=1326 audit(1757367877.629:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21463 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  699.916559][   T30] audit: type=1326 audit(1757367877.859:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21463 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  699.940674][   T30] audit: type=1326 audit(1757367877.859:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21463 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  699.964526][   T30] audit: type=1326 audit(1757367877.859:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21463 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  699.994978][T21467] nvme_fabrics: missing parameter 'transport=%s'
[  700.009263][T21467] nvme_fabrics: missing parameter 'nqn=%s'
[  700.430168][ T5924] usb 6-1: Using ep0 maxpacket: 8
[  700.436517][ T5924] usb 6-1: config 0 has an invalid interface number: 143 but max is 0
[  700.447738][T21477] overlayfs: failed to clone upperpath
[  700.449884][ T5924] usb 6-1: config 0 has no interface number 0
[  700.459276][ T5924] usb 6-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  700.470297][ T5924] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.629386][ T5924] usb 6-1: config 0 descriptor??
[  701.091184][ T5924] viperboard 6-1:0.143: version 0.00 found at bus 006 address 038
[  701.270224][ T5924] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[  701.284294][ T5924] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  702.266925][ T5924] usb 6-1: USB disconnect, device number 38
[  702.757253][T21494] netlink: 92 bytes leftover after parsing attributes in process `syz.1.5378'.
[  702.812020][T21494] netlink: 92 bytes leftover after parsing attributes in process `syz.1.5378'.
[  704.496036][T21509] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5389'.
[  704.526403][T21509] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5389'.
[  704.715433][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  704.715448][   T30] audit: type=1400 audit(1757367883.619:1041): avc:  denied  { ioctl } for  pid=21510 comm="syz.6.5390" path="socket:[81324]" dev="sockfs" ino=81324 ioctlcmd=0x542c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  707.507938][T21536] program syz.5.5393 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  711.144025][T21573] veth1_macvtap: left promiscuous mode
[  711.536509][T21584] netlink: 'syz.6.5411': attribute type 11 has an invalid length.
[  714.586650][T21612] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5418'.
[  714.600118][T21612] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5418'.
[  715.599628][T21612] netlink: 'syz.5.5418': attribute type 10 has an invalid length.
[  715.712240][T21612] bridge0: port 3(team0) entered blocking state
[  715.718713][T21612] bridge0: port 3(team0) entered disabled state
[  715.763587][T21612] team0: entered allmulticast mode
[  715.768783][T21612] team_slave_0: entered allmulticast mode
[  715.787505][T21612] team_slave_1: entered allmulticast mode
[  715.796215][T21612] team0: entered promiscuous mode
[  715.801318][T21612] team_slave_0: entered promiscuous mode
[  715.807155][T21612] team_slave_1: entered promiscuous mode
[  715.813279][T21612] bridge0: port 3(team0) entered blocking state
[  715.819605][T21612] bridge0: port 3(team0) entered forwarding state
[  719.541474][T21653] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5432'.
[  719.550647][T21653] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5432'.
[  719.559571][T21653] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5432'.
[  721.101967][T21675] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5440'.
[  721.766742][T21680] libceph: resolve '.
[  721.766742][T21680] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  721.766742][T21680] ' (ret=-3): failed
[  722.213661][T21675] hsr_slave_1 (unregistering): left promiscuous mode
[  723.070743][T21689] netlink: 'syz.5.5442': attribute type 1 has an invalid length.
[  723.161059][T21689] vlan2: entered promiscuous mode
[  723.166087][T21689] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  723.190144][T21689] vlan2: entered allmulticast mode
[  723.199878][T21689] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  723.232779][   T30] audit: type=1400 audit(1757367902.139:1042): avc:  denied  { write } for  pid=21688 comm="syz.5.5442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  723.532745][T21694] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5443'.
[  725.834754][   T30] audit: type=1400 audit(1757367904.739:1043): avc:  denied  { sqpoll } for  pid=21718 comm="syz.2.5454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  733.089965][T21826] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5484'.
[  733.952318][T21830] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5485'.
[  733.961255][T21830] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5485'.
[  736.061740][T21854] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5492'.
[  736.071773][T21854] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5492'.
[  737.328253][   T30] audit: type=1800 audit(1757367915.389:1044): pid=21857 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.5494" name="bus" dev="overlay" ino=144 res=0 errno=0
[  741.294237][T21906] overlayfs: missing 'lowerdir'
[  744.010159][   T30] audit: type=1400 audit(1757367922.809:1045): avc:  denied  { cmd } for  pid=21935 comm="syz.6.5516" path="socket:[82992]" dev="sockfs" ino=82992 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  746.991443][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  747.000382][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  747.837736][T21983] bond1: entered allmulticast mode
[  752.380487][T22031] 9pnet: Could not find request transport: fd0x00000000000000000xffffffffffffffff
[  752.472166][T22039] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5548'.
[  754.715639][T22075] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  755.764786][T22086] nfs: Unknown parameter 'smackfstransmute'
[  756.349471][T22090] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=22090 comm=syz.1.5562
[  758.743460][T22120] netlink: 'syz.5.5570': attribute type 2 has an invalid length.
[  759.658381][T22110] overlayfs: failed to clone lowerpath
[  759.996311][T22116] I/O error, dev loop13, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  759.999871][   T30] audit: type=1400 audit(1757367938.899:1046): avc:  denied  { bind } for  pid=22114 comm="syz.6.5571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  760.076963][T22116] EXT4-fs (loop13): unable to read superblock
[  761.500187][T22140] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5576'.
[  773.746061][T22256] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5610'.
[  773.985336][T22256] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=22256 comm=syz.5.5610
[  774.165304][T22262] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  774.245433][   T30] audit: type=1326 audit(1757367953.139:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22265 comm="syz.2.5613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  774.290230][   T30] audit: type=1326 audit(1757367953.139:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22265 comm="syz.2.5613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  774.347259][   T30] audit: type=1326 audit(1757367953.139:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22265 comm="syz.2.5613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  774.373486][   T30] audit: type=1326 audit(1757367953.139:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22265 comm="syz.2.5613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  774.397154][   T30] audit: type=1326 audit(1757367953.149:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22265 comm="syz.2.5613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  774.488577][   T30] audit: type=1326 audit(1757367953.149:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22265 comm="syz.2.5613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  774.664199][   T30] audit: type=1326 audit(1757367953.149:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22265 comm="syz.2.5613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  774.692449][   T30] audit: type=1326 audit(1757367953.149:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22265 comm="syz.2.5613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  774.767638][   T30] audit: type=1326 audit(1757367953.149:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22265 comm="syz.2.5613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  775.264068][   T30] audit: type=1326 audit(1757367953.149:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22265 comm="syz.2.5613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  775.401418][T22286] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5618'.
[  775.415332][T22286] bond0: entered promiscuous mode
[  775.420948][T22286] bond_slave_0: entered promiscuous mode
[  775.426734][T22286] bond_slave_1: entered promiscuous mode
[  775.863267][T22286] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  775.901767][T22286] bond0: left promiscuous mode
[  775.906551][T22286] bond_slave_0: left promiscuous mode
[  775.954187][T22286] bond_slave_1: left promiscuous mode
[  778.083087][T22316] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5627'.
[  778.958020][T22331] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  780.261268][T22340] netlink: 'syz.5.5635': attribute type 1 has an invalid length.
[  780.269320][T22340] netlink: 224 bytes leftover after parsing attributes in process `syz.5.5635'.
[  782.840783][T22377] infiniband syz!: set down
[  782.845648][T22377] infiniband syz!: added team_slave_0
[  782.878781][T22377] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR
[  782.882598][T22377] infiniband syz!: Couldn't open port 1
[  782.905490][T22377] RDS/IB: syz!: added
[  782.909472][T22377] smc: adding ib device syz! with port count 1
[  782.915803][T22377] smc:    ib device syz! port 1 has pnetid 
[  783.441015][T22378] netem: incorrect ge model size
[  783.446284][T22378] netem: change failed
[  784.189590][T22389] dummy0: left allmulticast mode
[  784.200339][T22389] bridge0: port 1(dummy0) entered disabled state
[  784.302375][T22385] netlink: 'syz.6.5649': attribute type 10 has an invalid length.
[  787.099978][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  787.099996][   T30] audit: type=1400 audit(1757367965.809:1076): avc:  denied  { accept } for  pid=22419 comm="syz.2.5659" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  793.207594][T22497] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  795.746802][T22536] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5689'.
[  796.379586][   T30] audit: type=1400 audit(1757367974.769:1077): avc:  denied  { read } for  pid=22534 comm="syz.6.5690" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  796.597839][T22548] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22
[  796.606558][T22548] netdevsim netdevsim5: Direct firmware load for . failed with error -22
[  796.617672][T22548] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[  798.142294][T22564] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  798.364878][T22547] cgroup: fork rejected by pids controller in /syz2
[  798.383936][T22589] tipc: Started in network mode
[  798.397114][T22589] tipc: Node identity 0638ea6c4e8c, cluster identity 4711
[  798.439986][T22589] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  798.455716][T22571] syzkaller0: entered promiscuous mode
[  798.461493][T22571] syzkaller0: entered allmulticast mode
[  798.495778][T22571] tipc: Resetting bearer <eth:syzkaller0>
[  798.505399][T22570] tipc: Resetting bearer <eth:syzkaller0>
[  798.516855][T22570] tipc: Disabling bearer <eth:syzkaller0>
[  798.669389][T22721] batman_adv: batadv0: Adding interface: ipvlan2
[  798.675804][T22721] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  798.701281][T22721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  798.711709][T22721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  798.721534][T22721] batman_adv: batadv0: Interface activated: ipvlan2
[  799.864559][T22834] virtio-fs: tag <> not found
[  805.159907][ T5865] Bluetooth: hci1: command 0x0406 tx timeout
[  806.270234][T22896] overlayfs: failed to resolve './bus': -2
[  807.198301][T22904] IPv6: NLM_F_CREATE should be specified when creating new route
[  808.174750][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  808.187748][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  809.329119][T22917] trusted_key: encrypted_key: keylen parameter is missing
[  810.388333][T22938] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5731'.
[  810.445994][T22940] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  810.456298][T22940] syzkaller0: entered promiscuous mode
[  810.485648][T22940] syzkaller0: entered allmulticast mode
[  810.512158][T22940] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  810.532296][T22940] tipc: Resetting bearer <eth:syzkaller0>
[  810.568662][T22939] tipc: Resetting bearer <eth:syzkaller0>
[  810.652438][T22939] tipc: Disabling bearer <eth:syzkaller0>
[  812.079379][T22957] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  812.098449][T22957] syzkaller0: entered promiscuous mode
[  812.105150][T22957] syzkaller0: entered allmulticast mode
[  812.208871][T22957] tipc: Resetting bearer <eth:syzkaller0>
[  812.218536][T22956] tipc: Resetting bearer <eth:syzkaller0>
[  812.232226][T22956] tipc: Disabling bearer <eth:syzkaller0>
[  812.374990][T22964] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  812.382347][T22964] syzkaller0: entered promiscuous mode
[  812.387851][T22964] syzkaller0: entered allmulticast mode
[  812.486668][T22964] tipc: Resetting bearer <eth:syzkaller0>
[  812.605770][T22963] tipc: Resetting bearer <eth:syzkaller0>
[  813.003187][T22963] tipc: Disabling bearer <eth:syzkaller0>
[  815.991611][T19243] Bluetooth: hci5: unexpected event for opcode 0x0c57
[  816.018738][T22994] kvm: kvm [22993]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[  819.425998][T23042] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  820.070105][T19243] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  820.078861][T19243] Bluetooth: hci5: Injecting HCI hardware error event
[  820.087698][ T5865] Bluetooth: hci5: hardware error 0x00
[  820.372813][T23060] trusted_key: encrypted_key: insufficient parameters specified
[  820.641566][T23059] mac80211_hwsim hwsim36 wlan1: entered allmulticast mode
[  821.253449][T23075] netlink: zone id is out of range
[  821.262844][T23075] netlink: zone id is out of range
[  821.267944][T23075] netlink: zone id is out of range
[  821.280072][T23075] netlink: zone id is out of range
[  821.306992][T23075] netlink: set zone limit has 4 unknown bytes
[  822.227293][T23081] netlink: 'syz.5.5774': attribute type 1 has an invalid length.
[  822.235330][ T5865] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  822.423181][T23083] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  822.438269][T23083] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  822.458492][T23085] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  822.479654][T23081] gretap1: entered promiscuous mode
[  822.532682][T23081] bond1: (slave gretap1): making interface the new active one
[  822.569709][T23081] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  822.593460][T23083] macvlan2: entered promiscuous mode
[  822.598820][T23083] macvlan2: entered allmulticast mode
[  822.604960][T23083] bond1: entered promiscuous mode
[  822.614447][T23083] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  822.643471][T23083] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1
[  822.678814][T23083] bond1: left promiscuous mode
[  823.853061][T23107] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5779'.
[  824.652266][   T30] audit: type=1400 audit(1757368003.559:1078): avc:  denied  { ioctl } for  pid=23109 comm="syz.5.5782" path="socket:[85441]" dev="sockfs" ino=85441 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  825.850276][T23126] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  826.322091][T23126] syzkaller0: entered promiscuous mode
[  826.343821][T23126] syzkaller0: entered allmulticast mode
[  826.374748][T23126] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  826.420656][T23126] tipc: Resetting bearer <eth:syzkaller0>
[  826.609586][T23125] tipc: Resetting bearer <eth:syzkaller0>
[  827.148350][ T5931] tipc: Node number set to 1219816044
[  827.755786][T23125] tipc: Disabling bearer <eth:syzkaller0>
[  829.095237][T23148] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5793'.
[  834.551063][T23198] netlink: 'syz.2.5805': attribute type 10 has an invalid length.
[  834.566241][T23198] batman_adv: batadv0: Adding interface: wlan0
[  834.573400][T23198] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  834.601672][T23198] batman_adv: batadv0: Not using interface wlan0 (retrying later): interface not active
[  835.752160][T23214] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  835.857087][T23215] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5810'.
[  835.867491][T23215] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5810'.
[  835.876727][T23215] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5810'.
[  835.886013][T23215] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5810'.
[  835.894981][T23215] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5810'.
[  837.082995][T23220] 8021q: adding VLAN 0 to HW filter on device bond5
[  837.138291][T23223] bond5: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  837.241880][ T8964] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  837.304931][T23224] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  837.315134][T23224] bond5: (slave macvlan0): Enslaving as a backup interface with a down link
[  837.381462][ T8962] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  850.937207][ T2959] Bluetooth: hci3: Frame reassembly failed (-84)
[  852.949942][T19243] Bluetooth: hci3: command 0x1003 tx timeout
[  853.007651][ T5865] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  853.919028][T23406] netlink: 'syz.2.5858': attribute type 1 has an invalid length.
[  854.065081][T23406] 8021q: adding VLAN 0 to HW filter on device bond6
[  854.588311][T23409] 8021q: adding VLAN 0 to HW filter on device bond6
[  854.596030][T23409] bond6: (slave vxcan1): The slave device specified does not support setting the MAC address
[  854.607110][T23409] bond6: (slave vxcan1): Error -95 calling set_mac_address
[  854.633544][T23410] gretap1: entered promiscuous mode
[  854.643234][T23410] bond6: (slave gretap1): making interface the new active one
[  854.652526][T23410] bond6: (slave gretap1): Enslaving as an active interface with an up link
[  854.665688][T23406] macvlan1: entered promiscuous mode
[  854.671428][T23406] macvlan1: entered allmulticast mode
[  854.697389][T23406] bond6: entered promiscuous mode
[  854.706599][T23406] 8021q: adding VLAN 0 to HW filter on device macvlan1
[  854.739311][T23406] bond6: (slave macvlan1): the slave hw address is in use by the bond; giving it the hw address of gretap1
[  854.786579][T23406] bond6: left promiscuous mode
[  855.362370][   T30] audit: type=1400 audit(1757368034.269:1079): avc:  denied  { read } for  pid=23421 comm="syz.5.5862" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  855.399127][   T30] audit: type=1400 audit(1757368034.289:1080): avc:  denied  { open } for  pid=23421 comm="syz.5.5862" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  859.620849][   T30] audit: type=1400 audit(1757368038.509:1081): avc:  denied  { setopt } for  pid=23461 comm="syz.5.5872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  860.624249][ T5931] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  860.785228][ T5931] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  860.805020][ T5931] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  860.948306][ T5931] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  860.959380][ T5931] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  861.130606][ T5931] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  861.164480][ T5931] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  861.199333][ T5931] usb 6-1: config 0 descriptor??
[  861.585558][ T5931] hdpvr 6-1:0.0: firmware version 0x51 dated 
[  861.603029][ T5931] hdpvr 6-1:0.0: untested firmware, the driver might not work.
[  862.314277][ T5931] hdpvr 6-1:0.0: Could not setup controls
[  862.325162][ T5931] hdpvr 6-1:0.0: registering videodev failed
[  862.369223][ T5931] hdpvr 6-1:0.0: probe with driver hdpvr failed with error -71
[  862.421055][ T5931] usb 6-1: USB disconnect, device number 39
[  864.328439][T23520] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5889'.
[  864.394340][ T2959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  864.418004][ T2959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  869.607294][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  869.614051][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  873.742004][T23629] netlink: 60 bytes leftover after parsing attributes in process `syz.6.5914'.
[  873.827631][T23631] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5912'.
[  873.837339][T23631] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5912'.
[  877.220869][T23663] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5924'.
[  877.230471][T23663] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5924'.
[  877.431400][   T30] audit: type=1400 audit(1757368056.339:1082): avc:  denied  { ioctl } for  pid=23664 comm="syz.2.5925" path="socket:[87339]" dev="sockfs" ino=87339 ioctlcmd=0x89e9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  880.102564][T23698] netlink: 'syz.5.5933': attribute type 1 has an invalid length.
[  880.159040][T23698] 8021q: adding VLAN 0 to HW filter on device bond2
[  880.226193][T23704] overlayfs: failed to clone upperpath
[  880.331209][T23698] veth5: entered promiscuous mode
[  880.339226][T23698] bond2: (slave veth5): Enslaving as an active interface with a down link
[  880.531798][T23703] bond2: (slave geneve2): making interface the new active one
[  880.540390][T23703] geneve2: entered promiscuous mode
[  880.545932][T23703] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  880.658690][T23706] vlan2: entered allmulticast mode
[  880.708839][T23706] bond2: entered allmulticast mode
[  880.761936][T23706] geneve2: entered allmulticast mode
[  880.874860][T23706] bond2: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  880.975797][T23719] mac80211_hwsim hwsim32 ������: renamed from wlan0
[  887.892668][T23784] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  888.586139][T23792] vlan2: entered promiscuous mode
[  888.630002][T23792] bridge0: entered promiscuous mode
[  888.665961][T23792] vlan2: entered allmulticast mode
[  888.671837][T23792] bridge0: entered allmulticast mode
[  888.698448][T23790] team0: left allmulticast mode
[  888.717758][T23790] team_slave_0: left allmulticast mode
[  888.737758][T23790] team_slave_1: left allmulticast mode
[  888.756869][T23790] team0: left promiscuous mode
[  888.870992][T23790] team_slave_0: left promiscuous mode
[  888.889101][T23790] team_slave_1: left promiscuous mode
[  888.896903][T23790] bridge0: port 3(team0) entered disabled state
[  888.928767][T23790] bridge_slave_0: left allmulticast mode
[  888.955309][T23790] bridge_slave_0: left promiscuous mode
[  888.992845][T23790] bridge0: port 1(bridge_slave_0) entered disabled state
[  889.020666][T23790] bridge_slave_1: left allmulticast mode
[  889.032604][T23790] bridge_slave_1: left promiscuous mode
[  889.038987][T23790] bridge0: port 2(bridge_slave_1) entered disabled state
[  889.277392][T23790] bond0: (slave bond_slave_0): Releasing backup interface
[  889.314771][T23790] bond0: (slave bond_slave_1): Releasing backup interface
[  889.332985][T23790] team0: Port device team_slave_0 removed
[  889.342451][T23790] team0: Port device team_slave_1 removed
[  889.349040][T23790] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  889.358050][T23790] batman_adv: batadv0: Removing interface: batadv_slave_0
[  889.368094][T23790] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  889.406060][T23790] batman_adv: batadv0: Removing interface: batadv_slave_1
[  889.447308][T23790] bond1: (slave gretap1): Releasing active interface
[  889.507978][T23790] bond2: (slave veth5): Releasing active interface
[  889.559155][T23790] bond2: (slave veth5): the permanent HWaddr of slave - f6:e3:97:23:b1:25 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  889.606615][T23790] bond2: (slave geneve2): Releasing active interface
[  889.629070][T23790] geneve2: left allmulticast mode
[  889.657543][T23790] geneve2: left promiscuous mode
[  889.858769][T23795] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5952'.
[  889.910338][T23796] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5952'.
[  891.252663][   T30] audit: type=1400 audit(1757368070.069:1083): avc:  denied  { read } for  pid=23820 comm="syz.5.5962" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  891.973117][   T30] audit: type=1400 audit(1757368070.079:1084): avc:  denied  { open } for  pid=23820 comm="syz.5.5962" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  892.016910][   T30] audit: type=1400 audit(1757368070.089:1085): avc:  denied  { ioctl } for  pid=23820 comm="syz.5.5962" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 ioctlcmd=0x9427 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  892.187928][T23830] 9pnet_fd: Insufficient options for proto=fd
[  893.874560][   T30] audit: type=1400 audit(1757368072.229:1086): avc:  denied  { ioctl } for  pid=23840 comm="syz.6.5967" path="socket:[86820]" dev="sockfs" ino=86820 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  893.899423][    C1] vkms_vblank_simulate: vblank timer overrun
[  895.583624][T23836] 8021q: adding VLAN 0 to HW filter on device bond0
[  895.591827][T23836] 8021q: adding VLAN 0 to HW filter on device team0
[  896.011011][T23836] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  896.186408][T23874] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  896.225100][T23867] tipc: Resetting bearer <eth:syzkaller0>
[  896.250310][T23875] syzkaller0: entered promiscuous mode
[  896.271572][T23875] syzkaller0: entered allmulticast mode
[  896.333693][T23866] tipc: Resetting bearer <eth:syzkaller0>
[  896.348135][T23866] tipc: Disabling bearer <eth:syzkaller0>
[  897.988617][   T30] audit: type=1400 audit(1757368076.849:1087): avc:  denied  { lock } for  pid=23889 comm="syz.5.5980" path="socket:[86869]" dev="sockfs" ino=86869 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  903.119963][T23936] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5992'.
[  903.128932][T23936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5992'.
[  903.138264][T23936] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5992'.
[  903.369153][T23942] netlink: 'syz.5.5987': attribute type 30 has an invalid length.
[  910.923957][   T30] audit: type=1800 audit(1757368089.349:1088): pid=24021 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.5.6012" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0
[  911.196574][   T30] audit: type=1326 audit(1757368090.029:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23999 comm="syz.2.6008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  911.335774][   T30] audit: type=1326 audit(1757368090.029:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23999 comm="syz.2.6008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  911.434516][   T30] audit: type=1326 audit(1757368090.029:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23999 comm="syz.2.6008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  911.494538][T24030] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  911.707635][   T30] audit: type=1326 audit(1757368090.029:1092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23999 comm="syz.2.6008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  911.787956][   T30] audit: type=1326 audit(1757368090.029:1093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23999 comm="syz.2.6008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32078ebe9 code=0x7ffc0000
[  917.663565][T24086] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  921.113145][T24116] pimreg: entered allmulticast mode
[  921.145770][T24118] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  921.603654][T24116] pimreg: left allmulticast mode
[  921.796739][T24122] netlink: 'syz.1.6035': attribute type 10 has an invalid length.
[  922.203177][T24122] batman_adv: batadv0: Adding interface: ������
[  922.245522][T24122] batman_adv: batadv0: The MTU of interface ������ is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  922.320261][T24122] batman_adv: batadv0: Not using interface ������ (retrying later): interface not active
[  922.387177][T24134] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6042'.
[  924.964456][T24166] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  925.942983][T24183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6055'.
[  925.952122][T24183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6055'.
[  925.961061][T24183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6055'.
[  925.969965][T24183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6055'.
[  925.978839][T24183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6055'.
[  925.987902][T24183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6055'.
[  925.997080][T24183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6055'.
[  926.006106][T24183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6055'.
[  926.015036][T24183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6055'.
[  927.021080][T24185] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  927.346239][T24201] net veth1_virt_wifi ������: renamed from virt_wifi0
[  927.485548][   T30] audit: type=1400 audit(1757368106.339:1094): avc:  denied  { listen } for  pid=24180 comm="syz.5.6056" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  927.723828][   T30] audit: type=1326 audit(1757368106.629:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24206 comm="syz.1.6064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f509378ebe9 code=0x7ffc0000
[  928.104207][T24209] __nla_validate_parse: 8 callbacks suppressed
[  928.104217][T24209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6065'.
[  928.122294][T24209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6065'.
[  928.148490][   T30] audit: type=1326 audit(1757368106.679:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24206 comm="syz.1.6064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f509378ebe9 code=0x7ffc0000
[  928.184077][T24209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6065'.
[  928.185218][   T30] audit: type=1326 audit(1757368106.709:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24206 comm="syz.1.6064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f509378ebe9 code=0x7ffc0000
[  928.280281][T24209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6065'.
[  928.299998][T24209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6065'.
[  928.319360][   T30] audit: type=1326 audit(1757368106.709:1098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24206 comm="syz.1.6064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f509378ebe9 code=0x7ffc0000
[  928.475684][T24196] netlink: 'syz.6.6057': attribute type 10 has an invalid length.
[  928.582478][   T30] audit: type=1326 audit(1757368106.709:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24206 comm="syz.1.6064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f509378ebe9 code=0x7ffc0000
[  928.646129][   T30] audit: type=1326 audit(1757368106.709:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24206 comm="syz.1.6064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f509378ebe9 code=0x7ffc0000
[  928.735418][T24216] netlink: 'syz.1.6067': attribute type 4 has an invalid length.
[  928.775963][   T30] audit: type=1326 audit(1757368106.709:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24206 comm="syz.1.6064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f509378ebe9 code=0x7ffc0000
[  928.783116][T24216] netlink: 'syz.1.6067': attribute type 4 has an invalid length.
[  929.091956][   T30] audit: type=1326 audit(1757368106.709:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24206 comm="syz.1.6064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f509378ebe9 code=0x7ffc0000
[  929.263385][   T30] audit: type=1326 audit(1757368106.709:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24206 comm="syz.1.6064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f509378ebe9 code=0x7ffc0000
[  930.515680][T24233] I/O error, dev loop13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  930.526117][T24233] FAT-fs (loop13): unable to read boot sector
[  931.040236][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  931.051814][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  933.260986][T24261] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6076'.
[  939.673220][T24317] netlink: 'syz.6.6092': attribute type 4 has an invalid length.
[  939.690640][T24317] netlink: 'syz.6.6092': attribute type 4 has an invalid length.
[  941.562022][T24330] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  942.421302][T24348] netlink: 'syz.5.6099': attribute type 10 has an invalid length.
[  942.429176][T24348] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6099'.
[  946.123082][T24383] ptrace attach of "./syz-executor exec"[7467] was attempted by "./syz-executor exec"[24383]
[  946.258633][  T913] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  946.548786][  T913] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  946.558620][  T913] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  946.568622][  T913] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  946.608973][  T913] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  946.664603][  T913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  946.738065][  T913] usb 6-1: config 0 descriptor??
[  946.752868][  T913] hdpvr 6-1:0.0: Could not find bulk-in endpoint
[  946.759309][  T913] hdpvr 6-1:0.0: probe with driver hdpvr failed with error -12
[  949.024941][ T1207] usb 6-1: USB disconnect, device number 40
[  951.574123][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  951.574134][   T30] audit: type=1400 audit(1757368130.449:1123): avc:  denied  { lock } for  pid=24415 comm="syz.1.6119" path="socket:[89238]" dev="sockfs" ino=89238 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  952.408776][T24439] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6124'.
[  952.421008][T24439] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6124'.
[  955.909661][T24482] bridge5: the hash_elasticity option has been deprecated and is always 16
[  955.920909][T24482] bridge5: entered allmulticast mode
[  956.351734][   T30] audit: type=1326 audit(1757368135.249:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ff00000
[  956.416802][   T30] audit: type=1326 audit(1757368135.249:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ff00000
[  956.494109][   T30] audit: type=1326 audit(1757368135.249:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ff00000
[  956.523268][   T30] audit: type=1326 audit(1757368135.249:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ff00000
[  956.550860][   T30] audit: type=1326 audit(1757368135.249:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ff00000
[  956.576563][   T30] audit: type=1326 audit(1757368135.249:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ff00000
[  956.690472][   T30] audit: type=1326 audit(1757368135.249:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ff00000
[  957.174131][   T30] audit: type=1326 audit(1757368135.249:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ff00000
[  957.226788][   T30] audit: type=1326 audit(1757368135.249:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f688158e7eb code=0x7ff00000
[  957.253382][   T30] audit: type=1326 audit(1757368135.249:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f688158e7eb code=0x7ff00000
[  957.310393][   T30] audit: type=1326 audit(1757368135.249:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f688158e7eb code=0x7ff00000
[  957.339002][   T30] audit: type=1326 audit(1757368135.249:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f688158e7eb code=0x7ff00000
[  957.363089][   T30] audit: type=1326 audit(1757368135.249:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f688158e7eb code=0x7ff00000
[  957.424209][   T30] audit: type=1326 audit(1757368135.249:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f688158e7eb code=0x7ff00000
[  957.536069][   T30] audit: type=1326 audit(1757368135.249:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f688158e7eb code=0x7ff00000
[  957.922601][   T30] audit: type=1326 audit(1757368135.249:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24484 comm="syz.6.6137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f688158e7eb code=0x7ff00000
[  959.164183][T24516] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=24516 comm=syz.5.6146
[  961.299089][T24531] ALSA: mixer_oss: invalid OSS volume 'u'
[  966.821131][   T30] kauditd_printk_skb: 52 callbacks suppressed
[  966.821152][   T30] audit: type=1326 audit(1757368145.709:1192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24586 comm="syz.6.6165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  966.864227][   T30] audit: type=1326 audit(1757368145.709:1193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24586 comm="syz.6.6165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  967.040271][   T30] audit: type=1326 audit(1757368145.709:1194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24586 comm="syz.6.6165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  967.066753][   T30] audit: type=1326 audit(1757368145.709:1195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24586 comm="syz.6.6165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  967.239056][   T30] audit: type=1326 audit(1757368145.709:1196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24586 comm="syz.6.6165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  967.319989][   T30] audit: type=1326 audit(1757368145.709:1197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24586 comm="syz.6.6165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  967.857507][   T30] audit: type=1326 audit(1757368145.709:1198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24586 comm="syz.6.6165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  967.882342][   T30] audit: type=1400 audit(1757368145.709:1199): avc:  denied  { name_bind } for  pid=24586 comm="syz.6.6165" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  967.903922][   T30] audit: type=1326 audit(1757368145.709:1200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24586 comm="syz.6.6165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  968.095257][   T30] audit: type=1326 audit(1757368145.709:1201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24586 comm="syz.6.6165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f688158ebe9 code=0x7ffc0000
[  975.030826][T24690] netlink: 260 bytes leftover after parsing attributes in process `syz.2.6191'.
[  975.039956][T24690] netlink: 260 bytes leftover after parsing attributes in process `syz.2.6191'.
[  975.935792][T24702] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6194'.
[  975.945566][T24702] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6194'.
[  975.954672][T24702] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6194'.
[  975.963734][T24702] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6194'.
[  975.972852][T24702] netlink: 104 bytes leftover after parsing attributes in process `syz.2.6194'.
[  976.172112][T24710] syz_tun: entered allmulticast mode
[  976.246426][T24714] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  976.295373][T24717] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6198'.
[  977.681211][T24751] netlink: 4400 bytes leftover after parsing attributes in process `syz.1.6203'.
[  977.724834][T24750] 
[  977.727170][T24750] ============================================
[  977.733293][T24750] WARNING: possible recursive locking detected
[  977.739412][T24750] syzkaller #0 Not tainted
[  977.743795][T24750] --------------------------------------------
[  977.749919][T24750] syz.1.6203/24750 is trying to acquire lock:
[  977.755952][T24750] ffff8880361f0d30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: __netdev_update_features+0x915/0x1da0
[  977.766891][T24750] 
[  977.766891][T24750] but task is already holding lock:
[  977.774227][T24750] ffff8880361f0d30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: dev_ethtool+0x37b/0x5bc0
[  977.784031][T24750] and the lock comparison function returns 0:
[  977.790066][T24750] 
[  977.790066][T24750] other info that might help us debug this:
[  977.798095][T24750]  Possible unsafe locking scenario:
[  977.798095][T24750] 
[  977.805515][T24750]        CPU0
[  977.808768][T24750]        ----
[  977.812019][T24750]   lock(&dev_instance_lock_key#20);
[  977.817283][T24750]   lock(&dev_instance_lock_key#20);
[  977.822545][T24750] 
[  977.822545][T24750]  *** DEADLOCK ***
[  977.822545][T24750] 
[  977.830658][T24750]  May be due to missing lock nesting notation
[  977.830658][T24750] 
[  977.838945][T24750] 2 locks held by syz.1.6203/24750:
[  977.844110][T24750]  #0: ffffffff90384ac8 (rtnl_mutex){+.+.}-{4:4}, at: dev_ethtool+0x253/0x5bc0
[  977.853045][T24750]  #1: ffff8880361f0d30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: dev_ethtool+0x37b/0x5bc0
[  977.863279][T24750] 
[  977.863279][T24750] stack backtrace:
[  977.869143][T24750] CPU: 0 UID: 0 PID: 24750 Comm: syz.1.6203 Not tainted syzkaller #0 PREEMPT(full) 
[  977.869160][T24750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  977.869169][T24750] Call Trace:
[  977.869173][T24750]  <TASK>
[  977.869178][T24750]  dump_stack_lvl+0x116/0x1f0
[  977.869199][T24750]  print_deadlock_bug+0x1e9/0x240
[  977.869220][T24750]  __lock_acquire+0x1133/0x1ce0
[  977.869244][T24750]  lock_acquire+0x179/0x350
[  977.869265][T24750]  ? __netdev_update_features+0x915/0x1da0
[  977.869286][T24750]  ? __pfx___might_resched+0x10/0x10
[  977.869305][T24750]  ? __netdev_update_features+0x915/0x1da0
[  977.869322][T24750]  __mutex_lock+0x193/0x1060
[  977.869338][T24750]  ? __netdev_update_features+0x915/0x1da0
[  977.869358][T24750]  ? __pfx___mutex_lock+0x10/0x10
[  977.869375][T24750]  ? lockdep_hardirqs_on+0x7c/0x110
[  977.869396][T24750]  ? __netdev_update_features+0x915/0x1da0
[  977.869413][T24750]  __netdev_update_features+0x915/0x1da0
[  977.869433][T24750]  ? __pfx___netdev_update_features+0x10/0x10
[  977.869451][T24750]  ? mark_held_locks+0x49/0x80
[  977.869469][T24750]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  977.869485][T24750]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  977.869500][T24750]  ? rcu_preempt_deferred_qs_irqrestore+0x500/0xbc0
[  977.869516][T24750]  netdev_change_features+0x64/0xb0
[  977.869534][T24750]  ? __pfx_netdev_change_features+0x10/0x10
[  977.869551][T24750]  ? __team_compute_features+0x368/0x5c0
[  977.869573][T24750]  team_device_event+0x421/0x520
[  977.869586][T24750]  notifier_call_chain+0xb9/0x410
[  977.869605][T24750]  ? __pfx_team_device_event+0x10/0x10
[  977.869625][T24750]  call_netdevice_notifiers_info+0xbe/0x140
[  977.869649][T24750]  netdev_features_change+0x79/0xa0
[  977.869669][T24750]  ? __pfx_netdev_features_change+0x10/0x10
[  977.869692][T24750]  dev_ethtool+0x9b8/0x5bc0
[  977.869708][T24750]  ? __pick_eevdf+0x127/0x670
[  977.869731][T24750]  ? __pfx_dev_ethtool+0x10/0x10
[  977.869745][T24750]  ? find_held_lock+0x2b/0x80
[  977.869762][T24750]  ? start_dl_timer+0x25a/0x5e0
[  977.869778][T24750]  ? rcu_is_watching+0x12/0xc0
[  977.869796][T24750]  ? __resched_curr+0x2ac/0x3b0
[  977.869811][T24750]  ? __pfx___resched_curr+0x10/0x10
[  977.869828][T24750]  ? __pick_eevdf+0x127/0x670
[  977.869847][T24750]  ? find_held_lock+0x2b/0x80
[  977.869862][T24750]  ? __schedule+0x3fef/0x5de0
[  977.869877][T24750]  ? rcu_is_watching+0x12/0xc0
[  977.869894][T24750]  ? trace_sched_exit_tp+0xd1/0x120
[  977.869908][T24750]  ? __schedule+0x11a3/0x5de0
[  977.869925][T24750]  ? __lock_acquire+0x62e/0x1ce0
[  977.869949][T24750]  ? find_held_lock+0x2b/0x80
[  977.869965][T24750]  ? dev_load+0x8e/0x240
[  977.869981][T24750]  dev_ioctl+0x290/0x10e0
[  977.869997][T24750]  sock_do_ioctl+0x19d/0x280
[  977.870015][T24750]  ? lockdep_hardirqs_on+0x7c/0x110
[  977.870031][T24750]  ? __pfx_sock_do_ioctl+0x10/0x10
[  977.870054][T24750]  ? write_comp_data+0x11/0x90
[  977.870069][T24750]  sock_ioctl+0x227/0x6b0
[  977.870081][T24750]  ? __pfx_sock_ioctl+0x10/0x10
[  977.870092][T24750]  ? hook_file_ioctl_common+0x145/0x410
[  977.870109][T24750]  ? selinux_file_ioctl+0x180/0x270
[  977.870128][T24750]  ? selinux_file_ioctl+0xb4/0x270
[  977.870148][T24750]  ? __pfx_sock_ioctl+0x10/0x10
[  977.870160][T24750]  __x64_sys_ioctl+0x18b/0x210
[  977.870182][T24750]  do_syscall_64+0xcd/0x4c0
[  977.870201][T24750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  977.870215][T24750] RIP: 0033:0x7f509378ebe9
[  977.870226][T24750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  977.870240][T24750] RSP: 002b:00007f5094571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  977.870252][T24750] RAX: ffffffffffffffda RBX: 00007f50939c6270 RCX: 00007f509378ebe9
[  977.870261][T24750] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000003
[  977.870269][T24750] RBP: 00007f5093811e19 R08: 0000000000000000 R09: 0000000000000000
[  977.870277][T24750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  977.870285][T24750] R13: 00007f50939c6308 R14: 00007f50939c6270 R15: 00007ffc5c793408
[  977.870298][T24750]  </TASK>