last executing test programs:

8m32.435952057s ago: executing program 32 (id=53):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(0xffffffffffffffff, &(0x7f0000001600)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000540)=""/157, 0xff35}], 0x1}, 0x2}], 0x1, 0x2000, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r2, &(0x7f00000007c0)=[{{&(0x7f00000002c0)={0x2, 0x4e22, @local}, 0xffe3, 0x0}}], 0x400005c, 0x2400c8a0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80000)
splice(r1, 0x0, r3, 0x0, 0x38f9, 0x0)
write(r0, &(0x7f0000000040), 0xffffff4a)

7m40.5243314s ago: executing program 33 (id=514):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_pressure(r0, &(0x7f0000000180)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r1, &(0x7f0000000700)={'some', 0x5f, 0x9, 0x20, 0x7ff}, 0x2f)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0x8}, 0x1000003a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x2, 0x80000000, 0x20000006, 0x101, 0x6, 0x0, 0x0, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x13, 0x0, 0x4, 0x8, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0xffffffff, 0x100e661, 0x629, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x5, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x0, 0x7fff, 0x3e, 0x8c, 0x6, 0x10002, 0x0, 0x82, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x7, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0x6, 0xe, 0x2c0, 0xfffffff7, 0x9, 0xfffffffb, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xf, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x7, 0xff, 0x5, 0x1000005, 0x5f2e, 0xd, 0x902, 0x2, 0x4, 0x7, 0x4, 0x8009, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000004, 0xffff, 0x2, 0x4, 0x24f6d000, 0x3, 0x7c9d, 0x9, 0x8, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x2, 0x7, 0x5, 0xfffffffc, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x14, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800007, 0x200, 0x82, 0x0, 0x4, 0x2950bfad, 0x1000, 0xa2, 0x7, 0x1, 0x7, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x4000001c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x2, 0x93a, 0x5, 0x6, 0x0, 0xb8, 0xce7, 0x1ff, 0x2, 0x57, 0x81, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0x10000, 0x5, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0x0, 0xfffffff9, 0xfffff000, 0x10000, 0x185, 0x7e, 0x100, 0x9604, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x10, 0xffffffff, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x1000]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

7m32.960777337s ago: executing program 34 (id=589):
mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_9p2000}]}})
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r1, @ANYRESHEX=r2], 0x15)

7m16.372892321s ago: executing program 7 (id=719):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1c, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xead07d5ec9a6f40b, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x30, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

7m15.967109438s ago: executing program 7 (id=726):
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9d}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty, 0x0, 0x4}}, 0xe8)
r2 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7m15.788300578s ago: executing program 7 (id=728):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xfffff000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x4, 0x0, 0x0, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

7m15.524130356s ago: executing program 7 (id=730):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x102)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
unshare(0x28000600)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
chroot(&(0x7f0000000440)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9101)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000100)='./file0/../file0/../file0/../file0\x00')

7m15.430682977s ago: executing program 7 (id=731):
open(&(0x7f00000005c0)='./bus\x00', 0x628c2, 0x19)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r0, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x5, @empty, 0xa098}, {0xa, 0x4ea5, 0x9, @mcast1, 0x8}, r2, 0x8001}}, 0x48)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

7m14.975969929s ago: executing program 7 (id=736):
openat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x2d41, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, r1, {0x7, 0x1f, 0xfffffffe, 0x74220021, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101081, 0x4a)
fcntl$lock(r3, 0x5, &(0x7f0000000200)={0x1, 0x1, 0x0, 0x0, r2})

7m14.847782759s ago: executing program 35 (id=736):
openat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x2d41, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, r1, {0x7, 0x1f, 0xfffffffe, 0x74220021, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101081, 0x4a)
fcntl$lock(r3, 0x5, &(0x7f0000000200)={0x1, 0x1, 0x0, 0x0, r2})

6m30.719956474s ago: executing program 1 (id=1015):
getpid()
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = eventfd2(0x8, 0x1)
write$eventfd(r1, &(0x7f0000000040)=0xfffffffffffffffd, 0x8)
read(r1, &(0x7f0000000000)=""/57, 0x39)

6m29.739587938s ago: executing program 1 (id=1021):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00', <r4=>0x0})
r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r4}, 0x90)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB="340000001000010027bd70000000000000000000", @ANYRES32=r3, @ANYBLOB="004100000000000014002b8008000100", @ANYRES32=r5], 0x34}}, 0x4008800)

6m29.619125282s ago: executing program 1 (id=1024):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendmsg$inet6(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="dd", 0x1}], 0x1}, 0x24008800)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000340), 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)

6m29.471678036s ago: executing program 1 (id=1026):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
unshare(0x24020400)
mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x28a5291, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

6m29.312033492s ago: executing program 1 (id=1029):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000006280)="c9614df797d5bbaf2d529ccfe807cb2396820ca614edc8f52d067330a81f6c26f4cc0f48e5ae1d42335297538a44b9b28f2d36c39510bcdb6cf2fc17d9b35688d0447cc7167668496bdd28d8df1292b12b61894268f707c212263b3f1ae188c8a69527ac8e196f23028853fd4009294124f18fc47bd2322220e5f0d5d30223095e4e748803b6bf25ba87f40183766b5d2c3a6b3d2f7566b160f0e0742a6cabf6b0071295bc4d5ca4ee60a1fbdc8bbc1f2a59428bc836a1ef0c2dfcbe514f9857f7230f848af37be100dc4f4115ffcb0198774affeb7690dd6782a9f51987dba5d9fd0b6a3426c1ce1e04e48f4255c157450791ba022f0bad4844a22679bb17601987f461d7a35d7de8874cc3c47f360b3c31dfdbf7bb9f93ec80046118660e8bbb18930914f087c05df436073b9ccc5a740f8f634cc827245366b1179aaaddd2bd161f2fa413e1beded9f3063cabd52ece7139af17db00b63117a6b6a1ad8c33ed779d7dddf5b40c17635397b878c7117923f26767864e788da1f79dbbc769fbab45b34198b69dd0599904a0c1297812f9ad9cbf48c59d553b1004ab8213802f3a0852b5b827ab3ea7220873b379b459d7a09af061ccda8bd857d3b2bf2dbaea1b00e2cd0bcc8d6eb11c04bd21532bec66ae36d674a4dd01ab54c27d3267961ecfad0042837fea87d75cecc7a1a58f79f77d72fede0757b7c1f54a5040e741a0fc785ea0ad13bcfc0b69df4dc29dc75e331d2ba03c3cdf04e0a4490159b43c6ae2c010f276c85f3bc46ca94e73e11762739e40e6bfbc113f46ee6ab801b97d42fadc067e23a3151ae90ff64c80e64bba5313475948fbd24a6a95f7ec0b221c9f901c68d184d38b2e09cde68fbd6dd022b6fa1db26aa6ebe2128a93fcb7259ebcde896bd81685c881cb25f581e27479f929e1094852559209c255b0dd5317b148567674b235b10e093363e8e4bd15c4ab90c44abaadbfeabd65e26223543c415befff4d280ad0f0dc132b5413bbe96fdedcabc55e9f3eeead53a1f2d7c0455c8a3bda363a8c33c99888a05546f49dc4c3593aeb30b8ea314b77b8d117334d9c3f800a132e4c3bab461863f027dcfc066bf93f0426d74e02c92a0727309d5bf5bf8242a2b594b81de0e030e55f0125b5d4e12dbffc6806a6c7bd6d62c3d54e87f0607e08750d808a2f442a7eac0ec311c3498b9709ae2f505d5e8b3670079847644147741ffca679bbd1b658bc6c422e58d070f8608c246677af0e2efff5cbf88b3b4a0431a2f26648d64991cf99848012cb6eecb8a13ea91ce77d3c8f2bc047370f4811ae5c341371e3b65bed88294580ba90258c8d36683f21d91a8a914948b2222e4127b061cc0121b97a1b9b1c4ebb7ee166b5af58497d7e0ac90fda25e41a2490ec5d143d0e47475741b30138585637d7997fff2a8805a88c4bd75975ccffcbabefa3576328d86e802b8490e8a773e01afa74fa26c6849deb15b05596e7226cdc0c0ff364bcb4e62ec54984c9485b6eb819165972b9c935a3ae18c698438582e170437c538d7d24a935036964c77e6ed37de77c64384b258f7bbe944f630d3ca82c441c6b2c5bc73dd9f90ecff67a816de7b15bdcaa5a5f1bb8b270a8ac1119e1626e29eb5f2ae4595ca2e10c2e6b297c30c3eeb432ad374101938916c77aefd2ed0f5bb658922bdec9bd76767b9a4b56a15aaa2f7e7d06dba36710a4c8d69d2361aa5f1864710d0868d8f7616cffac40e0accd9b44df8cb5b5324039d82c44e9b97d3a77d914a3738cab84541f0dfc2ed93fb3a746d19cf73495cab380afcdac8acf300e34bb68917009ec1d205dc315669c6341218ebbd0a380c0d14396732e430544ea02d9aff1ffd199c475c4cd313aac4de1121055d806858ee1538436a5f3a549230a42698aeaa3b58b5b9dbf6e11292dad9e0535f5c0685105a448888101ca2228ab50af16b657bb9abb5d4c40cf03931f345663ef6e7655048f78bd23227c6a78bd8b8a457abad7267c8d3ed8decb74cfb21c98471c31f068fd8fea32f13d44783fac14b71e614fd156bddbbde1bf759d0023eb50345e970fa93efd99469583eecec690147f3c075da4efeda849b172829f34e31b281d844fb7c04ca49b30a15abbe493c191e003b76ccb8b2e560ddc3573c6182a87f8e5bdbe10333b3ff3381705984e5595831c025335d0438b053d17fe2f43424735ec3e9d0e8dc278d9e3f35d8d6881e47801d9f77ddf9954ba8f4fe95c295a67968b07bde6378b5ccf24f3d0d228b3cfb4624318828a2649af11698c56860c85617a5151f879846383f5fcf0e9ac483bc4c60beda3bd06000000c26850d31a852839f23f9e5ffd31d63a7cee2341f22f385d41521aacfe6faf1c5b1e024cd6c6cd4b8696b8e66c6268196da27dc4090552748260bba916b932cbf8066b07dbf5f75b5ea04c385d2ac971d079ab7d4a6bec1008b7564f167aa903acda2ef1756ddbdee86ad25b172479756036d1e11b5c2ab10e657e3b3c768840fd111477bfa05b9e7a2ee765d685f7688765f2441e052a60f56286e6d15ea19d98306a0a5b5efd5b1363bf357d836cb20bb2420ecff7fd682c78763bd1ab31561e6a36a20bf57024632e168bdbc82efa42f7302dc5519c2b56ba3e960437e69f5502048e914540bd4e6138e04e3cb04c75abaee441dd29e23a23948eecb2a7883ae6f3c35b3a3a965fd062688a5975059da47b6029f38baec8d3932295a2257c83a0f966aa7c19db13ccadb86c6c81d84a09bd0782cc87369c8b3a006fee64323c964dcd731fbcaa2f1c1b19f55688365f183bc26bcb636eb0622fc5f5804d46db493737078fe6a6e82f34e48eef5974787c8c4b8abd8a0dcf516862454915b7b9d81a48b9d14a3a08a9408e41c3522480a925cb9521f02cf4380aa44796fa9569aa5043787d9c3a0a345f202d66e28f6c5fc17f8998655bff0351687e2ef6ee523f965d37ed7c4c1fedc51ad7024d8c1102fef833ecf9289050b944e2e9a5646e090f5ab5be3759ea66ee79d5f870fea4ed505a231461421084317c6c5379c74ba5eef02b77c9687f49b05606c5969ae5c84f74a7d43b148dddaffcbd45e8c4eefacdd5c8c07f926baf0b1e7f65c7184c56c9ac355fde5df39557d4011b7eeb65a18fca8de446d9879404bf64f3e460232642960938e6c797d3d942534fa64b9fb0ec5648940456ae4ec22df6ccbaca34ff8a296640ed28f903db33533e0bb4927ac96312580810a38738d5c5ae638359379d244d0c45cc9bc4525648748f4a2becb101c08d7c4ecc407067cf1008cb0f14279bae658ea5f16084769ad66a8e6a9a5137ec65764ec6d25e688cf8a357252420b1ba619e8ab19d28019060434a9d2579be998e8a735778b690cad9512cc9604d2e60e01f2cbb714dbfd87795092e0ff7acb8217074a6d0b9ae00d80685798eb4bee828dff6e1f6858202381cb4051c6a5b6918f8c042a3698ac5eb402abc1f27932764ebd54daa45105666041c1a51e55bf1761c2dbe2c75a511b168f4961385d1a7b7c780fc1c23f1710b7c1e4716e99ed044ce4697fa3b649bc85443ef1b111549d342cd2a417158d01c483e6a2d6535a5801c00f5a7bb47a0d51656bd50824b2f998ea59cde88a7c329e09f19a704104309b674e9b6dd48acd0abee6366ae1ccc24fc2cb1fc0666e71c57e314464c2f2b950b76d426441265f34ae20af7e5dbf47773459f2e34a3b1a2af5d2f406cda82049ca734f22c6ac5e284c4f4c3f10edf89ba7eac611dfd27c46fbad61aa3c5acfd1a29611b917a26ba070169f08e81441e7d6f77f73837dcf6c758c40fecebab6475fee4a6105c844fc52eb603159d4762408911fce84b736a4fae34cb79dd525ebdd53b3b241a08c664a90a6bab087052b82db1f0a9e2f98b78b4998504b148711f47caac7229b708a562e6968b91720b585b2446f7f8aa848d433ebdf0d9d5c866ae7c3660f0be9734959533da9b9484dd10954c7bbc631fc07cf74d1a103076721639a19dec9ba88904c55c3d0e4829d14e48c3f93097521c4a9f4fbcf7b0d17baa7b742afd32a2e78be29f6fb37018bd0579af59985171a8dd5dd35af833fd8816cdd704fa5214260994cd64bae6c7d1376b864874de542dafb0a5c4b29c5bd887bf1dc8ec0e2f907fcffeb6522a3aa20c8ae5912b519049719cba277be7bb6c4341d65fc530804dec7ce5c1a64c4aef279c0da8a1bcc89a63542fc2af2cd1d69701c78db225c596190e81fadabd718b794689fafc929ed092b90218642ae0c75ffe6b9fa9baff10f2424d43ecda2867013d4f2e7562d3bcaa7f51f1f5a96bcc9bff8dd1bce4eaaf49626550183dc19eb358c146b657c2b34fe67a8ecb12b1b29b3d0bf28d6ecc13578f7d1ec1c7f7f76f325d920ff717c7d01baffa0d52166f6849832895f9ec960c65b06506caf39ea6ececccfa197ae151b948d415338c18b3ac35f6f96e67c7662de01f8a92c2a224f4567fc72333b43fb099dda8c49c3cbaee48cff545894390165fc290d798888a84c583b0096513a5c61b2ee1e836b17632cff8f71f9c73546882961cf25a010c7276791167e0dd7d2de8bf44abe9f12419c8776d84418d8e26463ea139e64f82f81fc5b577957f6d34b247a6d7d79aec95d80320b7999f398347835d82a74f3f5637a37ca08158d4022e39ef514f264ba84dacb3c5270272ae94ee3858eaf4de98e8d944273398e315dc42a277fb97d9ee7ddc4f7dbb6cbdbb9283ff1ecbde638ce6edeb18e680addd942f6632e73fc11ba5874a179c79ae67a6406d19ab7293af407cd319862fd4c9568a3bcf31a11adc4ddd8a924e10768594e4689a109daeff28f15a182ee3bfb347f0500005d8dcc691421b6fad377a9ceda726d195eb847ee879664861d4e2e0d3567362524303feafc2b552f0f1f64436ce9efaa63b2b268c674969c879d027c37aca197b71cfe47670cc268de9714a91a3a50c7c205daa613c56c1b1f13d34eaf8dbfc126e0e9fc10cd3e508154e6cea0572e179e424d2270454b1000a3bf4aac26b18efeb9115b6fcd3fcee6ed5b9c3d585394077c35850ef697c5f8a57a270431a0a2e81f6a62600130375de62e9796eed4e4e25bfd3f6addfe62addcf2b8fa8eb28d8c3fb20800a8e9ae87c114a1ae91ed347f8ff589cead9e646722180fd60bdc9d0923a1a6ec8fc6de5fadc2203344d459ef6f0145ff71a4cacdabaf1b55f262c86733dd109b747f8740a3959a13a32377e522997fbf93c41fe3408a67d7253df6e399345d9216600f82fefcba9db303442ab3f184c012b1359e8601d85d6b0312ea7b0474d0c8dbca06625643e94ffdacd9a0a2839674249370fa67a5681df0442079cf67bd073859cf3d423711639f8addb6a9acceda893f017f3ca1f23f1245473be8bc6b5c51abc5d088fc764b3d96c9bbe7908806e2b64908bd0be73aa09eeb09de1117d0159b17a166bdb1394892b815aabb68dd7aef00bb6660a31088c88d16d433079552f25801472a7302a44fcdaf13410d15ab5e690cabdfddf112046f58ded90f4d4cdc4de5bfbc5259456ace66f7dbde5c49446d377b87181f0ba03598973137ec2f9b038c0a8ddcd46a6d963086c383c9e86b98fafc0a3b8d7ace5e5f96a0414a4afd5ae75847997f982b338901d81a852081bd47ccd553c2a41aac73f2381e611c8c2581052779e0494f0e1efa0974e11659866f8687fae4236556988b24e0bfc2dceb6f71fe09ee3b4e723dbf369dd22b7889ba296d8c4062aeef1113839c793e4bf16a35b1388ec6af47c363855e03137e9e1d4795beef29d4bb62d611e14fd8f880ff1c8267f259b46229b96bd0e8f7068503b223fc01ba9d8986c601e9807bcd3c232babbbb3112c87d7c30ae496841c03b361045a31e9819b69ec7b94a12d1793ee0b9267a3f9b77e965d1089a2356c46a05f6facfe3e1fe10f5257dd1e83972a9bdf1275ed03ee0c32d8021f264ecd67f635051c9f51f69d4848876c7d68703cbdacaaac18c1ea5e43d9554ddfaeb22f72e73e53760ca15ee52fee57e153702f7f78001a282c8389adc9f1a9b33bda27d4ac6b29dca8b082db3f858df468570d2c099a2b2e5c0897e0183ab8b4dfb62d65d7492347d51ed7b69b414d0de1be678664c7209f849d62d0a5e3a64daeccd1f332831c4b91a11a5c48444e39cd19d0e45120d5ac9c03856df66c8615d359e2f89484a068468a3e319166631932b643d73ad3879b8c8854232384ec62bf7d3c68c51deacdf8685870842e57464659fc9cbfe75f97d8a34d730a74828757661040f9f2cd1832d4c15cb774e0af4d4d0dad5e0098e580f6259bcacb3557fd8442910c8222feb58104d075ef976218a6ceaf10a807b0df2fa5b08945ad17dbc17cd88d7a9bbe2d21332d2ce8a29abbfca7df2f498798e0cb0846c10e4a9125c0b7ab06902f15d8521c10def1ddc94e4f563252894f844a3ee109aec35f766001520926351795ecaa582e90598503a22a9d75bd60c8cb631897d98ea5d66d8f9f06345bb889c4aa21115518b444c2d9d45de72abc73659aafc00465cd3564834389576c5c04f911e2ac0082d72c58e2cec954e6ae72dba6c8b7ed682f488e81bc706d34c723fa3a7ba967b6b00e1abea0e7622a0d9ca17d403bcbf5e2316ab4d46734226ed6797c84161384fbb46b8fe8653cd351e526cca50e7ab8885dd7b5d240cfd15a0253830a7ceb9db44bb12529b77e3cc835442b4d58c7db6a762b7e2c5a3fb37ae9f1426a99823c2df6ca2f6fbf886af52e8565abb7904da69ad7f7029cf73ecc37b5a8c1da6a9e9e1cde38506c944130000303d494e422fe181c96a6359b377f18917ae78729911b40b7e69cbefea3c25dd9803aee3183ee3933b5c19d84a400e6c57cb20dc7c7e68739edbf1e8e3475e0a64823dedb46c27780ad01a90a4244891c262d8b0f99e3b1adbb906f82e1977a6101a9d2b44b4b9bfc1f102490ae19e657fa8e7f432eb52d2a4ce932d5346566b887ad4c4f4b5d0dbce790a429f546593e52979c8400441bfe8485c8b864f81b627cf1e20c800b0197b562d0f9b173ca3ba0fae69fe11b91909df9a98ba358e59edbd73da0707a170b3e51928c9c27863dbc83bdecf632b0cc757ab90a270312b2949fdd93f6bea54e303fb0a97b380d516a36f86f053e55e81504affaf7d7b1b8bbde5da525d3f60a628ae17918e07b32b408b51ad3ba6030c3555556334f2fe7c11098007f3e232c8953754c794f807b0ac3680b2a3688f5205d90ccce3ba9c7907508cec61287ad0aa55a151e639bb9086444bdcd149bc5c003340b8381d8c35b073729d2e95a21af1d9995c8093d570b59d8730dd04f3e26ac85e20166e5596082680de90522bcb9532d9e9dce3a10e998f25503902fd7814577ded668bbf3de129c024135a8af420ded350479f13d55290274e3ac63f4568ec7c7a8244f610458d85ecf29aa135d0e56ee52d743200a754ee4508e94d5bc15b3cc837de84fb3cf27ad7590dcaedb78fd8c8f46aaa3529fbb1a2536956c940b605eda0668b1a0f763060bba65d471450a2b34c328c9fb5971851b341a092e315e34a6801cc0808559e5de6d2d9508d11d3072426aa2d43e65f8429c48dbd03197c4f616c253a5b1b50e7ff7cd44df88f5f142997adf976cd2f0cffd673c1791ab969f9dad5867abe531227c059e7b7a9c2343aad230c83513a130ce6e0c4d6815e2bd91f99b6c514703f50fb43139f2e83c521b7e5a3ff4603f006bc7d162047e647234b87439278b10ccd92a4fca136f74d211592235e602d3643fa190cecc8edaf2d727dd5db07f9873048b1f75e19e7c39ef839c0703ec53f70c9fe39b43b98fdacd56b49a416e3b8c66604fb912e3672b8b1a6c5ff7db16320b599513d39460098138b7336d9152df98179f2e07c5abffd4ecf8a2cc8903a40563f187da3a99071bf0c93a65708cb36cd6a69545b78be13a3df9b6c336166b591637bc1be3dfc502200ea982d3b428824cf257184ee93f2d0f3168d4179d238497b84cb73abead20f710057b52ed535adee055081cee4aa842c82c220c160477c16bd1baaa73f46442d2a00658303a9433aa858ce880ed80fa04b592da3c3452a0810f759cbfccd7143d10427c1d39b5c5ecffc590377ce68976315db340e0c00d35d34bec22cfe95882f52f40248281c94758c809d5e65cbf9aeb2dffbdbf2f9a7d10dcd6e7eccc5781851c26990d4a2a2e71598dca6973bfabc82a6135bcc1ee3f1611ced7454e271cbd85a07a583fe89ea98dc4c1b52293adaadfd195b95e6fef37525736a048bd3bb7cc769c50b26c42445f2d5aa37c5ae529b90a5638d920a330ce1ebaf9d979e1b8ee70aba747f7f1a0b9a873167fb5829e64ad08facdfed0fdb76718ef97eeb028cbea23578969190d46e27f81d5eae27987007e217d540d11a33cb36e5768d34d7607ea83221cda3cfefb1cc65f171711160eaadc737013ec1d51de97afd4afc67aa15a23f197800a0566ef4937a6bba9f3334c0aa0e1ed7e9b5c3fc52a3ee112169ed5bce66e88a06f7f3fdda21a10b818c080f2e08e16af6eaac777dff81bfc2231f4cd7360d460091929035b268785e54b3704d52b8c32ffcdf00f21e7f8d3434b3e1ee711a8427596a0e8ae606d02b06914ba09c0a75b2858c7a8dcfff15e2a78549a447dd5d0d5ce912623e4b43fa4106d98e0a5f7960deef827fa30e52697f486cc9928e9b614253a461435d9e993f4a2a700dd0bc54519a2044f36e8f02fb78ca1025d1ce8c35366eddc90818ca1cf9e28bb8ae0f337efe98b82af2547fa03c3eb0813e942d92f1dedac412fa6738c73339959d8f620ceb02ef65dc0a9e4ca272d1965c73c2b06810ba6e13d83de07c4eecbb9e43744b414003057bc26fce09696e98146e59b79a6d817e26b132e3c935d8e5230335ae363a42084ba271058fb25268b139397ef984861d4adbec66e66477df46049fcb8e5f0179846ca020284eccac22b51c3273ae69898295686843bfe2c2ce4f43ea8668a3121558c52d4eb967341197f650e3f145877eb1f5de8377434b18eb2a7bdbb5d7db569d0564d2db7b31f174113d8487be7a5f91f97cda158aac83f0b84eb6a787d30f35f8a1e5ce28f9f86999a06cec497fcd1c8c1c570eb00f1946f300a03bf9b08584df33e2050950dcf4010928365d667d8ee42403c9d1bab54a7518428f7679e0a0e172f33bb3b8b0a829ea3d53fe478fc2556fdb4e51bfa638e9343f628ea570a096e016f5e47e4b72b29b445f9eb12d133277b1213eae6a2ea224ee80e30eb2fd12b08bfb56a588f2f2e67b9c2cb4795c025bb257e954a7720f57687482d119b1850208267eefe0e65b0dc022da6c3324a0d4e1d35dea840b6bdf2fc652579ba3fe55c41126ca4cd54636e86089451e97e5ce3d7cc2499f0882a2c761f0c74640d5152a5bad5091187cbc0c11683f53b5f2b8d4202e33f42070f13e77a63e0794c6ac5dc986a531ab49225d408d8da33a3c89ec856b336faaee251afabc4895afc41165fb558e6c26a3dc12037945f47fc6e60d710f68ca3dd2f18ca8d96cb9e60d2d91cd5b5f56168dc8bda3d3d31779e02c9c6349847504fac30a82466cd692becd3aec74238d336e20a31c2b97be3bbd90c3a2ad938d7ff1b033fc899006acb36eb561a37d4397c09403c845f6081a36d9e4c590f335ebffdee96a0208bf18a9a5ce84ee45c76a22786822e296a957920150f5e11c3354329d4dc328552fa3f2a93d506c7159ddc3054cb1447808cd87c78b9cf74ace81847d712a68d5e88f9c75808fe57383d9867b264e7e3ba233a6bc79a13bf35531e40a1c0d8becacf3d51b07a0cd50e81153e4a0a70128d36ffc096c408b55f47496d08b0153a3e669688a4354ba7dcb65fad21760813afa8a8e4789a9466d7997a27f92e9dfd0e3f9e499c188a200dddc7b57794a2239feb263e8421b79df4f0e6444704476e209101ac5fbc55d41ed0ea466b05401148963ae15dbebfb8d6981330e5b9dcdb01c9d6f9f95ccf28a878e891ae69163071eebd1b738861c58c7b8b0022379412596ea8c2914977e419c5ed53c32e7b191cb148784f42044947eb19e61daf6c853364037a9f734732c8fe5ef76fcec755469621aa4cb7cffd79ffb01b18630bff7751a7e13c3e1427f3cc068ff199ddfe132eaeb4ecd69e48ce59230eff0a81f98ed2835afe2f8911bd9b03ea42cf67abe104cc8b6ee648b515c53f082aaf2ff9cccd1c5c11b920ad82b3bab7e301547713acc37a507059d5a854d08c1330827c87bcf9fb8a337f9d786f653ae90fa293285d5b2b8baf0bc97214dceb9ce1f882acdc45fc1b1c9c1ab8b9931c284fdd21a1c459a064b66f9ccecdc34bf616d9c96c44d741410307968b30d5d4512d5e3c130e2837c10a534bdc7598015c2c0fd1ced2b19628494e5726e55816da6f64c599f7617298c5e1cf4459622dfbf795488238ae1c2716843d2c8ecd1427e068d868ff4d1fa4ba4c701ac81962372867d7c021dd1d0056ef9426e5f8f0579cb26c812abf463d954d5776a3b9f52691ba69ef9dc8fbad3bbafabf6080a9811d23fc9ef802a85a5c315c4700b4d8c68544ca96203f606065bd5e42e1f593d34ef6a086a5399505d12dcd85aafb81da899eb2f01d742b735ec7820330cc92e10b243cafb228c195ade2a4f096b0170bb1be7d5265af0b9598740a5a874326e60cf475c99cacecb013d1eb5202169bcc3d8a1b98484d0dd5b06e4c432e6af4b1fe2a897215295febd579ef3ff568cf02ff1a5c6ba147c4505b3a6119a43b0f960e5fafbcf50135b7efe743580d399f1b21dd8566ab93c12efe9a00902e9fdd333c08ddeebd1a0bcad6cf5ad53fbfa2ce04bb6aa24fe9367c63e2f4f90359b7db4d68d9b68d3d40a5722c6c1fb1e62b27ebbf1bdb39ed409fb579572d64078d1391bad71b2816183da174f2d5c956ae58fd926750a272921b919f0a4aa5f824a79ddaab60c7da7c282053274df30d1df6df3e7e023e9675c329f921999c3afd1ba877b1e19ed260f2119795db264fbb9d72f4a31f230d26e12ebfa04ff480f2e6636daf722ef11df1ee5d99cf999f7dd61606c132d5f8ce95e0b154af0cb9f9ad20a49dc86bb2ad7e2f86069123aa8e25347ab2367c10b3835b72f25e953041dea58242a9b6dcd3635c24bc75f69fc7f18e90fc7c02e11c5243fa9ffceb2951eef8538f49b05c08779e8b68ce637a95e41d057522b60e5b1ed27d5a9bbb1400d01c40ce78ca77ba40cfbfbf7a9104b5d3db2f27bc78136599f3c9434167c8c09a8cb159034cac86167174cda08f81f384a8ea3d0fb9344d2eb1ee9171a2ed8e8eb1d60b669db2274c6811a9d254083f5d0f65aacd3dd4dad307c48a1d46f354bab93bcf98b174c40b00717fd55381519ed602675faa9a7f9cad1c46f66bdfd0c8c16f93ab11cb5773227af6a104dd57783b3e03cfa19f5183af3c908bc53d62bcdcb68d767c6afe9fc3be46ff9a9e94833bd3900", 0x2000, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)={0x2})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f000000a100)=@vmx={0x0, 0x0, 0x2080, {0x0, 0x0, {}, 0x0, 0x7}})

6m27.975935212s ago: executing program 1 (id=1034):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r0, 0x200)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendto(r2, &(0x7f0000000000), 0xfeb5, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000006000)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)=""/93, 0x5d}], 0x1}, 0x4}], 0x1, 0x0, 0x0)
recvfrom(r1, &(0x7f0000000380)=""/49, 0xfec6, 0x10022, 0x0, 0x0)

6m27.576965983s ago: executing program 36 (id=1034):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r0, 0x200)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendto(r2, &(0x7f0000000000), 0xfeb5, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000006000)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)=""/93, 0x5d}], 0x1}, 0x4}], 0x1, 0x0, 0x0)
recvfrom(r1, &(0x7f0000000380)=""/49, 0xfec6, 0x10022, 0x0, 0x0)

6m20.087834758s ago: executing program 5 (id=1071):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f00000005c0), 0x10)
recvmmsg(r2, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}, {{0x0, 0x0, &(0x7f0000007040)=[{&(0x7f0000006040)=""/4086, 0x1000}], 0x1}, 0x8000}], 0x3fffffffffffdfc, 0x10002, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0)

6m17.299943557s ago: executing program 5 (id=1078):
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000040)='.\x00', 0x449)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x108)
mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file2\x00', 0x48)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
chdir(&(0x7f0000000000)='./file0\x00')
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000, 0xa00}])

6m17.106687061s ago: executing program 5 (id=1079):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0xac}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[], 0xac}, 0x1, 0x0, 0x0, 0x4000}, 0x4000894)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000180)=[@cr4={0x1, 0x40002}], 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000008000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000003c0)="0f0d51f40f01d10fc75800f30fc73600102ed5c01dc0000000008ec0640f017400aa66b9e408000066b81f6269e766ba000000000f309c0c0cb8d09bbc8966efbafc0cedba4300ba210066ed3626f00fc70d", 0x52}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6m16.84393451s ago: executing program 5 (id=1082):
r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
write$char_usb(r2, &(0x7f0000000100)="05", 0x1)
write$char_usb(r2, &(0x7f0000000340)="f4bc", 0x2)
syz_usb_disconnect(r0)

6m15.7966075s ago: executing program 5 (id=1085):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_clone(0x200, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@volatile}]})
chroot(&(0x7f0000000000)='./bus\x00')
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
fsync(r0)

6m15.648924323s ago: executing program 5 (id=1086):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0x0, 0x4})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0xfffffffffffffffd})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xffffffffffffff67, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000940)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000800)={@flat=@weak_handle={0x77682a85, 0xe, 0x1}, @flat=@weak_handle={0x77682a85, 0x1101, 0x3}, @flat=@weak_handle={0x77682a85, 0x1000, 0x3}}, &(0x7f00000000c0)={0x0, 0x18, 0x30}}, 0x1040}], 0x0, 0x0, 0x0})

5m59.951066807s ago: executing program 37 (id=1086):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0x0, 0x4})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0xfffffffffffffffd})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xffffffffffffff67, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000940)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000800)={@flat=@weak_handle={0x77682a85, 0xe, 0x1}, @flat=@weak_handle={0x77682a85, 0x1101, 0x3}, @flat=@weak_handle={0x77682a85, 0x1000, 0x3}}, &(0x7f00000000c0)={0x0, 0x18, 0x30}}, 0x1040}], 0x0, 0x0, 0x0})

5m52.91332504s ago: executing program 9 (id=1175):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = socket(0xa, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
r2 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=@get={0xe0, 0x13, 0x1, 0x0, 0x0, {{'xchacha20\x00'}, '\x00', '\x00', 0x0, 0x41}}, 0xe0}}, 0x0)

5m52.34718025s ago: executing program 9 (id=1176):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2, 0x0, <r3=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r3, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000040)={0x48, 0x2, r4, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x15, r5})

5m52.039736355s ago: executing program 9 (id=1177):
r0 = syz_usb_connect(0x5, 0x35, &(0x7f0000000500)=ANY=[@ANYBLOB="120100004aaf36207205a5580a27010203010902230001000000000904010901a37d7e03090500004000020401080b01"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x75, 0x1c, 0x1, 0x10, 0xfe6, 0x9800, 0xd19a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x29, 0x2, 0x0, 0xb4, 0x8c, 0xbb}}]}}]}}, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000c80)={0x34, &(0x7f0000000b00)={0x40, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0})

5m48.503028274s ago: executing program 9 (id=1190):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x10000})
listen(r0, 0x5)
r1 = socket(0x28, 0x5, 0x0)
setrlimit(0x40000000000008, &(0x7f0000000000))
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002480)=@deltfilter={0x24, 0x2d, 0x4, 0x70bd2f, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0x1, 0x2}, {0x4, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004885}, 0x40004)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f00000000c0)={0x1, 0x79e}, 0x8)
sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)

5m48.491813473s ago: executing program 0 (id=1191):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0x5, &(0x7f0000000980)=ANY=[@ANYBLOB="180200000a0000000000000003000000850000002c00000085000000d00000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0fff100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001011404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x702, 0xe, 0x700, &(0x7f0000000540)="e460334470b8d480eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

5m48.312404214s ago: executing program 9 (id=1192):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
chdir(&(0x7f0000000080)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x67)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x2000080, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x28800, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000140)={{0x1, 0x1, 0xb8, r1}, './file0\x00'})

5m48.202535556s ago: executing program 9 (id=1193):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x6}}]}}]}, 0x48}}, 0x20040084)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r6, {0xc, 0xc}, {0xa6, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)

5m46.685921051s ago: executing program 0 (id=1197):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12"], 0x48)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @ioapic={0x1000, 0xc000000, 0xfffffffb, 0xaaf, 0x0, [{0x4, 0x6, 0x2, '\x00', 0xfe}, {0x4, 0xe7, 0x9, '\x00', 0x7}, {0xf7, 0x8, 0x0, '\x00', 0x1}, {0x1, 0x5, 0x6, '\x00', 0x1}, {0xd2, 0x2, 0x5, '\x00', 0x6}, {0xe, 0x50, 0x0, '\x00', 0x9}, {0x7, 0x6, 0x7c, '\x00', 0x3}, {0x81, 0x8, 0x8, '\x00', 0x2}, {0xb, 0x80, 0xa, '\x00', 0x7}, {0x2, 0x9, 0x8, '\x00', 0x7}, {0xe, 0x80, 0x0, '\x00', 0x3}, {0x6, 0x40, 0x3, '\x00', 0x5}, {0x81, 0x81, 0x6, '\x00', 0x6}, {0x3, 0x2, 0x6, '\x00', 0x8}, {0x4, 0x2, 0x81}, {0x5, 0x0, 0x9, '\x00', 0x4}, {0x2, 0x9, 0xc1, '\x00', 0x3}, {0x5, 0x7, 0x5, '\x00', 0x9}, {0x23, 0x6, 0xb6, '\x00', 0x2}, {0x88, 0x3, 0x3f, '\x00', 0x4}, {0x8, 0xc, 0x3, '\x00', 0x3}, {0x0, 0x8, 0x6, '\x00', 0x5}, {0x6, 0x0, 0x8, '\x00', 0x10}, {0x40, 0x5, 0x81, '\x00', 0x5}]}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x3, 0x7, 0x5, 0x182, 0x0, 0x0, 0xf1, 0x9, 0x8, 0x1, 0x0, 0x9, 0x0, 0x8, 0x0, 0xbd9], 0x1, 0x1c4292})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5m45.81739517s ago: executing program 0 (id=1200):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000003a80)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0xfff1, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xe, 0x8}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

5m45.548500632s ago: executing program 0 (id=1204):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x123e00, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r2}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TCSETSW2(r1, 0x5408, &(0x7f0000000540)={0xff, 0x37, 0xffffffee, 0x7fffffef, 0x0, "b850e43615b1b70500000000000400", 0x81002, 0x2})

5m44.277505492s ago: executing program 0 (id=1212):
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x28800, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='./file0/../file0\x00', 0x101)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000140)={{0x1, 0x1, 0xb8, r0}, './file0\x00'})

5m44.114833815s ago: executing program 0 (id=1215):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x1d17000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)

5m33.17264953s ago: executing program 38 (id=1193):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x6}}]}}]}, 0x48}}, 0x20040084)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r6, {0xc, 0xc}, {0xa6, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)

5m28.833094984s ago: executing program 39 (id=1215):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x1d17000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)

14.522731481s ago: executing program 8 (id=2259):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)=ANY=[@ANYBLOB="3c0000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0005000082180000140012800b00010062726964676500000400028008000a00", @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000010000104000000000009000000000000", @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r8], 0x4c}}, 0x884)

12.724056955s ago: executing program 6 (id=2263):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
userfaultfd(0x80001)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffcb9}]})
ptrace(0x10, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

11.274601102s ago: executing program 6 (id=2266):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000140)={0x1c, &(0x7f0000000180)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000780)={0x34, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000640)={0x2c, &(0x7f0000000440)={0x40, 0x7}, 0x0, 0x0, 0x0, 0x0})

10.285581476s ago: executing program 8 (id=2270):
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x50)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r2, &(0x7f0000000a80)=[{{0x0, 0x0, 0x0}, 0x70e}], 0x1, 0x2, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r0, r1, 0x26, 0x0, @void}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f00000006c0)=r3, 0x4)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0xc0041, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x15)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$TCSETS(r4, 0x40204706, &(0x7f0000000040)={0x8, 0x1, 0x6, 0x3f, 0x1a, "3eccd25569e20900"})

9.640409816s ago: executing program 2 (id=2271):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x3d1, 0x3, 0x20000000, 0x6, 0x6}, 0x76}}]}, {0x3}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}}, 0x2)
close(r3)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0x42}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000200)="27030200000314000e00073c002400000000001100000000000000000000000000000000000085dc9d9839dc1336", 0x2e}], 0x1}, 0x4005)

9.162110601s ago: executing program 3 (id=2273):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x8c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000f7ff0105daa8d9ff85c3000000c0000000000003000003"], 0x14}, 0x1, 0x0, 0x0, 0x8d0}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff)
r2 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000340)={r2})
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f00000005c0)={r2})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b705000000000000850000006d00000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)="d8001c00180081064e81f782db44fd56170d12a0b9b545c7", 0x18}], 0x1}, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e3, &(0x7f0000000180)={r2, r5})

9.122434839s ago: executing program 2 (id=2274):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x1, 0x803, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$FS_IOC_SETFLAGS(r3, 0x40186f40, &(0x7f0000000440)=0x20000)

7.947391233s ago: executing program 2 (id=2276):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000140)=0x40, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r3=>0x0})
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r6=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000300)=0x2, 0x4)
bind$xdp(r4, &(0x7f0000000100)={0x2c, 0x0, r6}, 0x10)
bind$xdp(r1, &(0x7f0000000240)={0x2c, 0x1, r6, 0x0, r4}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe}, {}, {0x7, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x0)

7.634862379s ago: executing program 4 (id=2277):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$kcm(0x10, 0x2, 0x0)
unshare(0x8000280)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = syz_pidfd_open(r3, 0x0)
ioctl$EXT4_IOC_MIGRATE(r4, 0xff07)

7.112640944s ago: executing program 3 (id=2278):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0xfffffffb, 0x80, 0x3, 0x0, 0x0, 0x8}, 0x1c)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000005e000ffb28bd7000ffdbdf2500", @ANYRES64], 0x1c}, 0x1, 0x0, 0x0, 0x4000010}, 0x44040)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000000)={0x0, 'bridge_slave_1\x00', {0x3}, 0x2})
recvmsg(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x102)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x4, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000380)="6466f081af9c6b000000000f9251780f01c3c744240025000000c7442402fd9a0000c7442406000000000f011c2466baa00066b83bfb66efb9da090000b80b000000ba000000000f30400f2212c401b4586eba66baf80cb8648df680ef66bafc0cb862f80000ef470f01cf", 0x6b}], 0x1, 0x0, 0x0, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18)

6.589644854s ago: executing program 4 (id=2279):
r0 = getpgid(0x0)
rt_sigqueueinfo(r0, 0x29, &(0x7f0000000080)={0x13, 0x200, 0x6})
socket$pppoe(0x18, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[], 0x18}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
write$cgroup_pid(r2, &(0x7f0000000000), 0x2a979d)
ioctl$SIOCSIFHWADDR(r2, 0x401c5820, 0x0)
socket$key(0xf, 0x3, 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014)

6.503924622s ago: executing program 6 (id=2280):
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000001140)='hugetlbfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)

6.443207887s ago: executing program 2 (id=2281):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000e00)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa000000000000007000000080000002d1501000000000095000000000000006916000000000000bf67000000000000350607000fff07206706000003000000160302000ee60060bf350000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dc725f431bcab0ef59b8f0e431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa0100000000000000b93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4ffcae1a8a793a7795a9214a92f66e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc3086936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154baa8e51489a614e69722bac30000000000000000000000000000a006b178438e930b2494db1bf624a70a19a45b8b71869afb13cb2ac1d2f3ec0d93a3e4fd0ad076c7d826f218aa6ba8ec5e58b7c64dc8616127087901dc65418a4b25bfa7ae8b5ad9642815f319230425e8bd89c6983d816d97d81a739917eecd26f9a3aecaf0acdaf6cffab38eae3b10b122b4bf521a46bf01a0c136f745113b589459fbe1666087a7c554a55e2b42ab7e405a77f405a348a64e356b7fb61e48ea9c87bf13f97052c51fdd49f3dbccf9874cf61807ae4b1665ccdd026d4580a068395e8cb851eeadb1da6d1009513ca73a685c66fb15f27eb74a7a4eb5966e3ef4be3ca8ba81b2d17d797265390ce616c3d7b566fe956fb93c6a43f4dc6bfc194daeb7b998d550773bc14aca"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)

6.27537509s ago: executing program 8 (id=2282):
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ffc000/0x4000)=nil)
shmctl$SHM_LOCK(r4, 0xb)

6.269965047s ago: executing program 3 (id=2283):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000180)={0x23800000, &(0x7f0000000040), 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280), 0x202800, 0x0)
io_setup(0x8, &(0x7f0000000600)=<r1=>0x0)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
mount$nfs(&(0x7f0000000040)='\x00', &(0x7f0000000400)='./cgroup\x00', &(0x7f0000000480), 0x400, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x23}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}], {0x14, 0x10}}, 0xa4}}, 0x4)
ioctl$EVIOCGKEYCODE_V2(r3, 0x80284504, &(0x7f0000000040)=""/185)
r5 = eventfd2(0xfffffff7, 0x80000)
io_submit(r1, 0x1, &(0x7f0000000240)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x0, r0, &(0x7f0000000100)="fe455c52f9ffdc00c77cd59684b6d85f46c95970684d414cb40df3f148e782adac456216f952a2b3289148b530d7026782ff4ab6c3cd62", 0x37, 0x6, 0x0, 0x2, r5}])
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

5.015073957s ago: executing program 2 (id=2284):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
getsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={<r3=>0x0, 0x1c, &(0x7f0000000240)=[@in6={0xa, 0x4e24, 0x40, @private1, 0x1}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={r3, @in6={{0xa, 0x4e24, 0x800, @empty, 0x9}}, 0x7, 0xfe00, 0x2, 0x3, 0x54, 0x6, 0xf5}, &(0x7f0000000480)=0x9c)
r4 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r4)
sendfile(r2, r2, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000280)={0x0, {}, 0x0, {}, 0x4000005, 0x0, 0xffffffff, 0x18, "28f5c9ea1f0197000011ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba76634793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d54100", "07a9400978042a8bfe1406584ae7df4af14e1df82d00", [0x7d, 0xd]})
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r4)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000380)=ANY=[@ANYBLOB="40000000090601030000000000000000000000090500010007000000080009400000000f0900020073797a310000001a100008800c00078008000940"], 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x22040000)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2082)

4.998367659s ago: executing program 4 (id=2285):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000087}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x35, 0x0, @void}, 0x10)
r3 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000), 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')

4.889591574s ago: executing program 6 (id=2286):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0)
ioctl$AUTOFS_IOC_FAIL(r4, 0x4c80, 0x7000000)

3.760766752s ago: executing program 4 (id=2287):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(0xffffffffffffffff, 0x0, 0x814)
r0 = socket(0x10, 0x80002, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

2.727210979s ago: executing program 6 (id=2288):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=5'])
chdir(&(0x7f0000000140)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ftruncate(r2, 0x8008976)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r2, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x715})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000001ac0)={0x0, 'veth0_vlan\x00', {0x3}, 0x4006})

2.726684276s ago: executing program 8 (id=2289):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x7d4165cc)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r2, 0x7d4165c9)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

2.647850871s ago: executing program 3 (id=2290):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x1000, 0x80000100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
getresuid(&(0x7f0000000240), &(0x7f0000000380), &(0x7f0000000280))
sendmsg$NFC_CMD_GET_DEVICE(r0, 0x0, 0x20040014)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r4)
sendmsg$NLBL_CALIPSO_C_ADD(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r5, 0x3, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)

2.592396604s ago: executing program 8 (id=2291):
r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1404200bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r3, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r4, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)
ioctl$USBDEVFS_REAPURB(r1, 0x4004550c, &(0x7f00000001c0))

1.172587463s ago: executing program 2 (id=2292):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000004f700000400000001"], 0x48)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socket(0x2, 0x80805, 0x0)
socket(0xa, 0x3, 0x87)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
socket$inet6_udplite(0xa, 0x2, 0x88)
unshare(0x2c020400)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x7, 0x6, 0x0, 0x1}, 0x48)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
pselect6(0x81, &(0x7f0000000000)={0xa, 0x7ff, 0x100, 0xffffffff, 0x8, 0xba4, 0xffffffffffffffff, 0xfffffffffffffff8}, 0x0, &(0x7f00000000c0)={0x6b40, 0x3, 0x0, 0x8, 0x1, 0x4000006, 0x8, 0x8080}, 0x0, 0x0)

1.108374555s ago: executing program 3 (id=2293):
unshare(0x2040400)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x145780, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000500)=@broute={'broute\x00', 0x20, 0x3, 0x49a, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000880], 0x0, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000200000000f931673100000000000000000020000000767863616e310000000000000000000070696d726567300000000000000000006e657464657673696d300000000000000180c2000001ffffffffffffbbbbbbbbbbbbffff80ffffffde0000002601000056010000726174656573740000000000000000000000000000000000000000000000000048000000000000006970365f7674693000000000000000006272696467655f736c6176655f300000100001000600000002000000ffffffffae00000000000000070000000000000007000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000d1ad666924e6bf25bbe8f9b7be105ec3d83e1d0b2736d99ca02b7aea9e350000434c41535349465900000000000000000000000000000000000000000000000008000000000000000300"/448]}, 0x238)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, r1}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x16, 0xf, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x8001}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1.058076324s ago: executing program 6 (id=2294):
recvmsg(0xffffffffffffffff, 0x0, 0x40)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req={0xfffffffd, 0x1, 0x6, 0x6}, 0x10)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x4, 0x0, 0xfffffffe, 0x0, 0x100}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
io_uring_setup(0xf08, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002080)=@newsa={0x144, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x717, 0x4e22, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0xfe, 0x1000000000000192, 0x9ba3, 0xffff, 0x208251c, 0x100005, 0xfffffffffffffffc, 0x4}, {0xffffffffffffffff, 0x2, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x70bd25, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0xb}}]}, 0x144}}, 0x844)

1.047052228s ago: executing program 4 (id=2295):
socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
socket$netlink(0x10, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/wireless\x00')
read$FUSE(r0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_OPENQRY(r4, 0x4b4c, &(0x7f0000000280))
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r2, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)

532.41988ms ago: executing program 8 (id=2296):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
r2 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x2b2}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000640)=<r4=>0x0)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x1b})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={&(0x7f0000000b00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@union]}}, 0x0, 0x26, 0x0, 0x1}, 0x28)

371.910476ms ago: executing program 3 (id=2297):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9c, 0x32, 0x3f, 0x8, 0x4a5, 0x3003, 0x3ab2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x2, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x28, 0xf0, 0xf6}}]}}]}}, 0x0)
eventfd(0x0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
syz_io_uring_setup(0x835, 0x0, &(0x7f0000000180), &(0x7f0000000140))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000040))
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
close_range(r2, 0xffffffffffffffff, 0x0)

0s ago: executing program 4 (id=2298):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x22003, 0x0)
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x40081, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x79, 0x0, 0x334})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x83f, 0x0, 0x2}]})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x6, 0x5635}]})
recvmsg(0xffffffffffffffff, 0x0, 0x12020)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

up interface
[  264.863428][ T5806] Bluetooth: hci3: command tx timeout
[  264.923393][ T8921] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  264.956946][ T8921] bond0 (unregistering): Released all slaves
[  264.979226][ T8921] bond1 (unregistering): (slave veth3): Releasing active interface
[  264.997315][ T8921] veth0_to_bond: entered promiscuous mode
[  265.015733][ T8921] bond1 (unregistering): (slave veth0_to_bond): Releasing active interface
[  265.041266][ T8921] bond1 (unregistering): Released all slaves
[  265.260556][T10455] team0: Port device team_slave_0 added
[  265.294039][T10455] team0: Port device team_slave_1 added
[  265.781903][T10455] batman_adv: batadv0: Adding interface: batadv_slave_0
[  265.789668][T10455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  265.820428][T10455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  265.889432][T10455] batman_adv: batadv0: Adding interface: batadv_slave_1
[  265.901422][T10455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  265.973995][T10455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  266.129816][T10387] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.289563][   T29] audit: type=1400 audit(1771603589.012:500): avc:  denied  { read } for  pid=10624 comm="syz.8.1307" path="socket:[33064]" dev="sockfs" ino=33064 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  266.583360][T10455] hsr_slave_0: entered promiscuous mode
[  266.622878][T10455] hsr_slave_1: entered promiscuous mode
[  266.628802][T10455] debugfs: 'hsr0' already exists in 'hsr'
[  266.643883][T10455] Cannot create hsr debugfs directory
[  266.713009][ T8921] hsr_slave_0: left promiscuous mode
[  266.721329][ T8921] hsr_slave_1: left promiscuous mode
[  266.770312][ T8921] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  266.792267][ T8921] batman_adv: batadv0: Removing interface: batadv_slave_0
[  266.832425][ T8921] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  266.840784][ T8921] batman_adv: batadv0: Removing interface: batadv_slave_1
[  266.964860][ T8921] veth1_macvtap: left promiscuous mode
[  267.067484][ T8921] veth0_macvtap: left promiscuous mode
[  267.077127][ T8921] veth1_vlan: left promiscuous mode
[  267.094022][ T8921] veth0_vlan: left promiscuous mode
[  268.845889][ T8921] team0 (unregistering): Port device team_slave_1 removed
[  269.007638][ T8921] team0 (unregistering): Port device team_slave_0 removed
[  269.233337][ T8921] lo (unregistering): left allmulticast mode
[  269.343545][T10387] 8021q: adding VLAN 0 to HW filter on device team0
[  269.367514][ T8928] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.374686][ T8928] bridge0: port 1(bridge_slave_0) entered forwarding state
[  269.441334][ T8928] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.448545][ T8928] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.028143][   T29] audit: type=1400 audit(1771603592.884:501): avc:  denied  { sys_module } for  pid=10387 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  270.415062][T10684] netlink: 'syz.2.1319': attribute type 1 has an invalid length.
[  270.430727][T10684] netlink: 'syz.2.1319': attribute type 4 has an invalid length.
[  270.474945][T10684] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.1319'.
[  270.625891][T10387] 8021q: adding VLAN 0 to HW filter on device batadv0
N
	ÿúÚ
Iy	¯÷"M
–@
HY
”€€q-
{E9€".,€v¡òüb44d·ÛÛX©€/€Ž$€ÞÍ]uŸ’»<¸+„ex€€
y¸
D?	åµQ€
¸kL€	s@Wx
Ü
	ã�Gm	ø0u	׿	~ñr	,l	 ./file0/file0[  271.346790][T10387] veth0_vlan: entered promiscuous mode
[  271.389916][   T29] audit: type=1400 audit(1771603594.245:502): avc:  denied  { create } for  pid=10697 comm="syz.2.1323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  271.466352][T10387] veth1_vlan: entered promiscuous mode
./file0./file0fuseh-ûÿÿsß[  271.539751][   T29] audit: type=1400 audit(1771603594.275:503): avc:  denied  { getopt } for  pid=10697 comm="syz.2.1323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  271.598299][T10387] veth0_macvtap: entered promiscuous mode
[  271.610764][T10387] veth1_macvtap: entered promiscuous mode
[  271.635318][T10387] batman_adv: batadv0: Interface activated: batadv_slave_0
[  271.659463][T10387] batman_adv: batadv0: Interface activated: batadv_slave_1
[  271.675087][ T8928] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  271.755372][   T29] audit: type=1804 audit(1771603594.495:504): pid=10702 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.1324" name="/newroot/37/file0" dev="tmpfs" ino=232 res=1 errno=0
[  271.817036][ T8928] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  271.849927][ T8928] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  271.877007][ T8928] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  272.190223][   T29] audit: type=1400 audit(1771603594.935:505): avc:  denied  { mounton } for  pid=10716 comm="syz.8.1328" path="/121/file0" dev="tmpfs" ino=687 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  272.522274][ T8924] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  272.531142][ T8924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  272.652025][T10455] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  272.681156][ T8924] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  272.689092][ T8924] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  272.702529][T10455] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  272.752551][T10455] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  272.913187][T10455] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  272.982940][T10730] virtio-fs: tag </dev/md0> not found
[  273.556984][T10745] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1331'.
[  273.619600][T10745] ip6gre1: entered promiscuous mode
[  273.698871][T10745] ip6gre1: entered allmulticast mode
[  273.795619][T10751] netlink: 'syz.4.1331': attribute type 6 has an invalid length.
[  273.813868][T10751] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1331'.
[  273.951427][T10455] 8021q: adding VLAN 0 to HW filter on device bond0
[  274.007035][T10756] ip6_vti0 speed is unknown, defaulting to 1000
[  274.029142][T10455] 8021q: adding VLAN 0 to HW filter on device team0
[  274.216010][ T8926] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.223213][ T8926] bridge0: port 1(bridge_slave_0) entered forwarding state
[  274.555698][ T8926] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.562886][ T8926] bridge0: port 2(bridge_slave_1) entered forwarding state
[  276.189434][T10780] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  276.200397][T10780] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  276.272278][T10790] fuse: Bad value for 'fd'
[  276.360076][T10780] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  276.402932][T10780] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  276.406670][T10455] 8021q: adding VLAN 0 to HW filter on device batadv0
[  276.466617][T10780] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  276.517608][T10780] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  276.629636][T10780] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  276.714280][T10780] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  276.750083][T10780] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  276.824882][T10780] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  276.871759][T10780] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  276.887151][T10780] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  276.964428][T10780] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  277.220117][T10455] veth0_vlan: entered promiscuous mode
[  277.267735][T10455] veth1_vlan: entered promiscuous mode
[  277.361957][T10455] veth0_macvtap: entered promiscuous mode
[  277.392851][T10455] veth1_macvtap: entered promiscuous mode
[  277.510547][T10455] batman_adv: batadv0: Interface activated: batadv_slave_0
[  277.551428][T10455] batman_adv: batadv0: Interface activated: batadv_slave_1
[  277.583265][  T998] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  277.594979][  T998] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  277.627334][  T998] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  277.646514][  T998] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  277.677093][ T7907] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  277.850657][ T8924] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.867217][ T7907] usb 3-1: Using ep0 maxpacket: 16
[  277.875885][ T7907] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  277.891107][ T8924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.911968][ T7907] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  278.029232][ T8928] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.066535][ T7907] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  278.075640][ T7907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.091989][ T8928] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  278.099516][ T7912] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  278.122899][ T7907] usb 3-1: Product: syz
[  278.224578][ T5806] Bluetooth: hci0: command 0x0c1a tx timeout
[  278.226318][ T7907] usb 3-1: Manufacturer: syz
[  278.257495][ T7907] usb 3-1: SerialNumber: syz
[  278.295308][ T7907] usb 3-1: config 0 descriptor??
[  278.296436][ T7912] usb 5-1: Using ep0 maxpacket: 32
[  278.324542][ T7912] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  278.339471][ T7912] usb 5-1: config 0 has no interface number 0
[  278.343989][ T7907] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  278.358123][ T7912] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  278.368224][ T7912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.380886][ T7912] usb 5-1: Product: syz
[  278.389870][ T7912] usb 5-1: Manufacturer: syz
[  278.397744][ T7912] usb 5-1: SerialNumber: syz
[  278.401257][ T7907] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  278.408809][ T7912] usb 5-1: config 0 descriptor??
[  278.538363][ T5806] Bluetooth: hci5: command 0x0c1a tx timeout
[  278.776218][ T5806] Bluetooth: hci4: command 0x0c1a tx timeout
[  278.829127][ T7912] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  278.843131][ T7912] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  278.936567][ T5806] Bluetooth: hci3: command 0x0c1a tx timeout
[  278.962576][ T7907] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  278.985691][ T7907] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  279.055965][ T7911] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  279.209416][ T7911] usb 4-1: Using ep0 maxpacket: 32
[  279.228096][ T7911] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  279.247047][   T29] audit: type=1400 audit(1771603602.099:506): avc:  denied  { ioctl } for  pid=10858 comm="syz.8.1346" path="socket:[35194]" dev="sockfs" ino=35194 ioctlcmd=0x942e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  279.281299][ T7911] usb 4-1: config 0 has no interface number 0
[  279.291638][ T7911] usb 4-1: config 0 interface 184 has no altsetting 0
[  279.307919][ T7911] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  279.319418][ T7911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.336683][ T7911] usb 4-1: Product: syz
[  279.340913][ T7911] usb 4-1: Manufacturer: syz
[  279.345592][ T7911] usb 4-1: SerialNumber: syz
[  279.366860][ T7911] usb 4-1: config 0 descriptor??
[  279.596128][ T7907] em28xx 3-1:0.0: Unknown AC97 audio processor detected!
[  280.228311][ T7907] em28xx 3-1:0.0: couldn't setup AC97 register 2
[  280.295538][ T5806] Bluetooth: hci0: command 0x0c1a tx timeout
[  280.307212][ T7907] em28xx 3-1:0.0: couldn't setup AC97 register 4
[  280.321156][ T7907] em28xx 3-1:0.0: couldn't setup AC97 register 6
[  280.337810][ T7907] em28xx 3-1:0.0: couldn't setup AC97 register 54
[  280.350921][ T7907] em28xx 3-1:0.0: couldn't setup AC97 register 56
[  280.393706][ T7907] usb 3-1: USB disconnect, device number 20
[  280.615780][ T5806] Bluetooth: hci5: command 0x0c1a tx timeout
[  280.855556][ T5806] Bluetooth: hci4: command 0x0c1a tx timeout
[  280.863613][ T7911] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  280.915141][ T7911] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  281.016566][ T5806] Bluetooth: hci3: command 0x0c1a tx timeout
[  281.224440][ T7912] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000038: -71
[  281.236338][ T7912] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71
[  281.263050][ T7912] usb 5-1: USB disconnect, device number 5
[  281.988489][ T7911] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[  282.009174][ T7911] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[  282.026470][ T7911] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  282.038260][ T7911] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71
[  282.107119][ T7911] usb 4-1: USB disconnect, device number 8
[  282.431503][ T5806] Bluetooth: hci0: command 0x0c1a tx timeout
[  282.452154][T10912] Invalid option length (1048308) for dns_resolver key
[  282.604912][   T29] audit: type=1400 audit(1771603605.471:507): avc:  denied  { ioctl } for  pid=10910 comm="syz.2.1354" path="socket:[35236]" dev="sockfs" ino=35236 ioctlcmd=0x89ef scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  282.704145][ T5806] Bluetooth: hci5: command 0x0c1a tx timeout
[  282.800436][T10916] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  282.937076][ T5806] Bluetooth: hci4: command 0x0c1a tx timeout
[  283.094530][ T5806] Bluetooth: hci3: command 0x0c1a tx timeout
[  283.359355][T10930] cgroup: Unknown subsys name 'cpuset'
[  283.479420][   T29] audit: type=1804 audit(1771603606.341:508): pid=10933 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.1360" name="file0" dev="ramfs" ino=35340 res=1 errno=0
[  283.728737][T10930] ip6_vti0 speed is unknown, defaulting to 1000
[  283.858354][T10944] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1361'.
[  284.453526][ T5806] Bluetooth: hci0: command 0x0c1a tx timeout
[  284.686189][   T29] audit: type=1800 audit(1771603607.552:509): pid=10947 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.1362" name="/" dev="fuse" ino=4 res=0 errno=0
[  285.151507][   T29] audit: type=1400 audit(1771603607.842:510): avc:  denied  { connect } for  pid=10978 comm="syz.4.1369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  285.733910][T10986] Bluetooth: MGMT ver 1.23
[  290.167243][   T29] audit: type=1326 audit(1771603613.034:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11070 comm="syz.2.1389" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7a2719c629 code=0x0
[  292.989072][ T7912] usb 9-1: new full-speed USB device number 7 using dummy_hcd
[  293.086983][T11123] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1399'.
[  293.111329][T11123] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1399'.
[  293.176890][ T7912] usb 9-1: unable to get BOS descriptor or descriptor too short
[  293.194120][ T7912] usb 9-1: not running at top speed; connect to a high speed hub
[  293.253242][ T7912] usb 9-1: config 7 has an invalid interface number: 84 but max is 0
[  293.265996][ T7912] usb 9-1: config 7 has no interface number 0
[  293.278862][ T7912] usb 9-1: config 7 interface 84 altsetting 0 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  293.290328][ T7912] usb 9-1: config 7 interface 84 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  293.718492][   T29] audit: type=1326 audit(1771603616.586:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11113 comm="syz.3.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeffb9c629 code=0x7fc00000
[  294.255563][ T7912] usb 9-1: config 7 interface 84 altsetting 0 endpoint 0xC has invalid maxpacket 512, setting to 64
[  294.334743][ T7912] usb 9-1: string descriptor 0 read error: -22
[  294.341434][ T7912] usb 9-1: New USB device found, idVendor=1199, idProduct=0112, bcdDevice=aa.e3
[  294.351326][ T7912] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.389901][   T29] audit: type=1800 audit(1771603617.136:513): pid=11118 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.6.1396" name="/" dev="fuse" ino=9 res=0 errno=0
[  294.601964][ T7912] sierra 9-1:7.84: Sierra USB modem converter detected
[  294.860287][ T7912] usb 9-1: Sierra USB modem converter now attached to ttyUSB0
[  294.884508][ T7912] usb 9-1: Sierra USB modem converter now attached to ttyUSB1
[  294.938817][ T7912] usb 9-1: Sierra USB modem converter now attached to ttyUSB2
[  295.012250][ T7912] usb 9-1: USB disconnect, device number 7
[  295.036161][ T7912] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  295.141141][ T7912] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1
[  295.182523][ T7912] sierra ttyUSB2: Sierra USB modem converter now disconnected from ttyUSB2
[  295.210720][ T7912] sierra 9-1:7.84: device disconnected
[  295.885613][T11182] comedi comedi3: comedi_test: 33787 microvolt, 2023431205 microsecond waveform attached
[  297.389834][   T29] audit: type=1400 audit(1771603620.258:514): avc:  denied  { firmware_load } for  pid=11208 comm="syz.3.1416" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  297.868387][T11210] syz.3.1416 (11210) used greatest stack depth: 18472 bytes left
[  298.303448][T11232] netlink: set zone limit has 4 unknown bytes
[  299.816667][ T7928] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  300.096046][ T7928] usb 9-1: Using ep0 maxpacket: 16
[  300.113228][ T7928] usb 9-1: config 0 has no interfaces?
[  300.118899][ T7928] usb 9-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00
[  300.144994][ T7928] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.293037][ T7928] usb 9-1: config 0 descriptor??
[  300.966313][   T24] usb 9-1: USB disconnect, device number 8
[  301.038325][   T29] audit: type=1400 audit(1771603623.910:515): avc:  denied  { getopt } for  pid=11275 comm="syz.4.1427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  304.636256][T11326] lo: entered promiscuous mode
[  304.665170][T11326] tunl0: entered promiscuous mode
[  304.693678][T11326] gre0: entered promiscuous mode
[  304.768017][T11326] gretap0: entered promiscuous mode
[  304.824550][T11326] erspan0: entered promiscuous mode
[  304.835318][T11326] ip_vti0: entered promiscuous mode
[  304.856348][T11326] ip6_vti0: entered promiscuous mode
[  304.912906][T11326] sit0: entered promiscuous mode
[  304.977086][T11326] ip6tnl0: entered promiscuous mode
[  304.993921][T11326] ip6gre0: entered promiscuous mode
[  305.027877][T11326] syz_tun: entered promiscuous mode
[  305.079871][T11326] ip6gretap0: entered promiscuous mode
[  305.107870][T11326] bridge0: port 2(bridge_slave_1) entered disabled state
[  305.115184][T11326] bridge0: port 1(bridge_slave_0) entered disabled state
[  305.283256][T11326] bridge0: entered promiscuous mode
[  305.313146][T11326] vcan0: entered promiscuous mode
[  305.340983][T11326] bond0: entered promiscuous mode
[  305.348982][T11326] bond_slave_0: entered promiscuous mode
[  305.395687][T11326] bond_slave_1: entered promiscuous mode
[  305.455947][   T29] audit: type=1400 audit(1771603628.332:516): avc:  denied  { watch_mount } for  pid=11336 comm="syz.2.1443" path="/327" dev="tmpfs" ino=1728 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  305.480145][T11326] team0: entered promiscuous mode
[  305.542782][T11326] team_slave_0: entered promiscuous mode
[  305.552739][   T29] audit: type=1400 audit(1771603628.402:517): avc:  denied  { read write } for  pid=5809 comm="syz-executor" name="loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  305.604861][T11326] team_slave_1: entered promiscuous mode
[  305.669916][T11326] dummy0: entered promiscuous mode
[  305.717988][T11326] nlmon0: entered promiscuous mode
[  305.735159][T11326] caif0: entered promiscuous mode
[  305.752819][T11326] batadv0: entered promiscuous mode
[  305.776647][T11326] vxcan0: entered promiscuous mode
[  305.797474][   T29] audit: type=1400 audit(1771603628.402:518): avc:  denied  { open } for  pid=5809 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  305.806186][T11326] vxcan1: entered promiscuous mode
[  305.891834][T11326] veth0: entered promiscuous mode
[  305.907717][ T5872] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  305.927388][T11326] veth1: entered promiscuous mode
[  305.953189][   T29] audit: type=1400 audit(1771603628.402:519): avc:  denied  { ioctl } for  pid=5809 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  306.051252][T11326] wg0: entered promiscuous mode
[  306.078400][T11326] wg1: entered promiscuous mode
[  306.094026][T11326] wg2: entered promiscuous mode
[  306.102470][ T5872] usb 3-1: Using ep0 maxpacket: 8
[  306.111174][ T5872] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  306.133317][T11326] veth0_to_bridge: entered promiscuous mode
[  306.157278][ T5872] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  306.178738][T11326] veth1_to_bridge: entered promiscuous mode
[  306.185545][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.207561][T11326] veth0_to_bond: entered promiscuous mode
[  306.216799][ T5872] usb 3-1: config 0 descriptor??
[  306.235446][T11326] veth1_to_bond: entered promiscuous mode
[  306.255060][T11326] veth0_to_team: entered promiscuous mode
[  306.277661][T11326] veth1_to_team: entered promiscuous mode
[  306.301232][T11326] veth0_to_batadv: entered promiscuous mode
[  306.316966][T11326] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  306.340958][T11326] batadv_slave_0: entered promiscuous mode
[  306.352824][T11326] veth1_to_batadv: entered promiscuous mode
[  306.364648][T11326] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  306.386261][T11326] batadv_slave_1: entered promiscuous mode
[  306.399037][T11326] xfrm0: entered promiscuous mode
[  306.421867][T11326] veth0_to_hsr: entered promiscuous mode
[  306.440895][T11326] veth1_to_hsr: entered promiscuous mode
[  306.459738][ T5872] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  306.474619][T11326] hsr0: entered promiscuous mode
[  306.511732][T11326] veth1_virt_wifi: entered promiscuous mode
[  306.558739][T11326] veth0_virt_wifi: entered promiscuous mode
[  306.589188][T11326] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  306.638743][   T29] audit: type=1400 audit(1771603629.513:520): avc:  denied  { audit_read } for  pid=11348 comm="syz.6.1447" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  306.694093][T11326] vlan0: entered promiscuous mode
[  306.707432][T11326] vlan1: entered promiscuous mode
[  306.716258][T11326] macvlan0: entered promiscuous mode
[  306.739566][T11326] macvlan1: entered promiscuous mode
[  306.772293][T11326] ipvlan0: entered promiscuous mode
[  306.779912][T11326] ipvlan1: entered promiscuous mode
[  306.804645][T11326] macvtap0: entered promiscuous mode
[  306.814752][T11326] macsec0: entered promiscuous mode
[  306.837243][T11326] geneve0: entered promiscuous mode
[  306.853574][T11326] geneve1: entered promiscuous mode
[  306.867109][T11326] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  306.893744][T11326] netdevsim netdevsim3 netdevsim1: entered promiscuous mode
[  306.908315][T11326] netdevsim netdevsim3 netdevsim2: entered promiscuous mode
[  306.927093][T11326] netdevsim netdevsim3 netdevsim3: entered promiscuous mode
[  306.959748][T11326] mac80211_hwsim hwsim26 wlan0: entered promiscuous mode
[  306.985140][T11326] mac80211_hwsim hwsim27 wlan1: entered promiscuous mode
[  307.013912][ T8926] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  307.050682][ T8926] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  307.128519][ T8926] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  307.198707][ T8926] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  307.222144][T11362] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1449'.
[  307.239684][T11365] netlink: 104 bytes leftover after parsing attributes in process `syz.8.1450'.
[  307.385803][T11367] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11367 comm=syz.3.1449
[  307.458017][T11369] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1451'.
[  307.637195][T11369] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11369 comm=syz.6.1451
[  307.691918][ T7911] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  307.721423][   T29] audit: type=1326 audit(1771603630.593:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11372 comm="syz.3.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeffb9c629 code=0x7fc00000
[  307.766436][   T29] audit: type=1326 audit(1771603630.623:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11372 comm="syz.3.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbeffb9c629 code=0x7fc00000
[  307.871886][ T7911] usb 9-1: device descriptor read/64, error -71
[  308.209003][ T7911] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  308.413138][ T7911] usb 9-1: device descriptor read/64, error -71
[  308.484249][   T29] audit: type=1326 audit(1771603631.363:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11372 comm="syz.3.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeffb9c629 code=0x7fc00000
[  308.532784][ T7911] usb usb9-port1: attempt power cycle
[  308.629626][ T7903] usb 3-1: USB disconnect, device number 21
[  308.901151][ T7911] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  308.979706][ T7911] usb 9-1: device descriptor read/8, error -71
[  309.365594][ T7911] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  309.454386][ T7911] usb 9-1: device descriptor read/8, error -71
[  309.686744][ T7911] usb usb9-port1: unable to enumerate USB device
[  310.345756][T11409] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.354846][T11409] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.467864][   T29] audit: type=1400 audit(1771603634.335:524): avc:  denied  { create } for  pid=11416 comm="syz.4.1468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  312.004399][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  312.011592][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  312.198989][   T29] audit: type=1400 audit(1771603634.425:525): avc:  denied  { kexec_image_load } for  pid=11427 comm="syz.8.1470" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  316.686643][T11502] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1485'.
[  316.966410][T11510] netlink: 'syz.3.1487': attribute type 2 has an invalid length.
[  317.048886][T11510] netlink: 'syz.3.1487': attribute type 2 has an invalid length.
[  317.355973][   T29] audit: type=1400 audit(1771603640.228:526): avc:  denied  { ioctl } for  pid=11514 comm="syz.4.1488" path="socket:[37514]" dev="sockfs" ino=37514 ioctlcmd=0x61d0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  317.481378][   T29] audit: type=1400 audit(1771603640.348:527): avc:  denied  { read } for  pid=11523 comm="syz.2.1490" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  318.687358][   T29] audit: type=1400 audit(1771603641.539:528): avc:  denied  { write } for  pid=11514 comm="syz.4.1488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  318.788376][T11514] lec:lec_atm_close: lec0: Shut down!
[  320.596613][   T29] audit: type=1400 audit(1771603643.480:529): avc:  denied  { nlmsg_write } for  pid=11572 comm="syz.6.1501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  320.715417][   T29] audit: type=1400 audit(1771603643.480:530): avc:  denied  { nlmsg_read } for  pid=11572 comm="syz.6.1501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  320.742767][   T29] audit: type=1400 audit(1771603643.480:531): avc:  denied  { audit_write } for  pid=11572 comm="syz.6.1501" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  321.239318][T11583] syz_tun: entered allmulticast mode
[  321.255397][  T998] syzkaller0: tun_net_xmit 76
[  321.260610][  T998] syzkaller0: tun_net_xmit 48
[  321.285072][ T7911] syzkaller0: tun_net_xmit 76
[  321.326099][ T7912] syzkaller0: tun_net_xmit 76
[  321.466828][T11577] syzkaller0: delete flow: hash 3993609149 index 1
[  323.254445][   T29] audit: type=1400 audit(1771603646.111:532): avc:  denied  { create } for  pid=11617 comm="syz.3.1509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  324.933692][   T29] audit: type=1326 audit(1771603647.792:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11638 comm="syz.8.1516" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc1fbb9c629 code=0x0
[  329.018389][T11679] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1526'.
[  329.481753][T11623] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  329.493690][  T998] netdevsim netdevsim8 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  329.504694][T11679] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1526'.
[  329.520780][T11623] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  329.530429][  T998] netdevsim netdevsim8 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  329.551961][T11623] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  329.560946][   T29] audit: type=1400 audit(1771603652.444:534): avc:  denied  { firmware_load } for  pid=11619 comm="syz.2.1510" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  329.586544][  T998] netdevsim netdevsim8 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  329.608973][  T998] netdevsim netdevsim8 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  329.970744][T11660] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  329.993401][T11660] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  330.001584][T11660] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  330.010839][T11660] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  330.188967][   T29] audit: type=1400 audit(1771603653.074:535): avc:  denied  { create } for  pid=11691 comm="syz.6.1531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  330.220176][T11686] kvm: pic: level sensitive irq not supported
[  330.220766][T11686] kvm: pic: single mode not supported
[  330.246753][T11686] kvm: pic: single mode not supported
[  330.262056][   T29] audit: type=1400 audit(1771603653.144:536): avc:  denied  { read } for  pid=11687 comm="syz.2.1528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  330.288205][T11686] kvm: pic: single mode not supported
[  330.288234][T11686] kvm: pic: level sensitive irq not supported
[  330.289019][T11700] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  331.552090][ T5806] Bluetooth: hci0: command 0x0c1a tx timeout
[  331.711396][T11721] futex_wake_op: syz.8.1535 tries to shift op by -1; fix this program
[  331.769582][ T7912] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  332.012521][ T7912] usb 4-1: config 0 has an invalid interface number: 199 but max is 1
[  332.047909][ T5806] Bluetooth: hci3: command 0x0c1a tx timeout
[  332.054305][ T5806] Bluetooth: hci4: command 0x0c1a tx timeout
[  332.062508][ T5806] Bluetooth: hci5: command 0x0c1a tx timeout
[  332.420838][ T7912] usb 4-1: config 0 has no interface number 1
[  332.442186][ T7912] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  332.460601][ T7912] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  332.540543][ T7912] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  332.550537][ T7912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  332.799530][ T7912] usb 4-1: SerialNumber: syz
[  332.841680][ T7912] usb 4-1: config 0 descriptor??
[  332.891348][ T7912] uvcvideo 4-1:0.199: Found UVC 0.00 device <unnamed> (0002:0000)
[  332.908965][ T7912] uvcvideo 4-1:0.199: No valid video chain found.
[  333.255461][   T29] audit: type=1400 audit(1771603656.146:537): avc:  denied  { write } for  pid=11743 comm="syz.4.1542" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  334.434008][ T5879] usb 4-1: USB disconnect, device number 9
[  335.847691][T11819] netlink: 5204 bytes leftover after parsing attributes in process `syz.4.1550'.
[  336.396570][T11824] netlink: 'syz.3.1552': attribute type 1 has an invalid length.
[  336.449817][T11824] 8021q: adding VLAN 0 to HW filter on device bond1
[  336.806470][T11824] ip6erspan0: entered promiscuous mode
[  336.878887][T11824] bond1: (slave ip6erspan0): making interface the new active one
[  336.912769][T11824] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[  337.015316][ T5812] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  337.558048][ T5812] usb 5-1: Using ep0 maxpacket: 8
[  337.629525][ T5812] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  337.654532][ T5812] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.681759][ T5812] usb 5-1: Product: syz
[  337.693103][ T5812] usb 5-1: Manufacturer: syz
[  337.707783][ T5812] usb 5-1: SerialNumber: syz
[  337.721731][ T5812] usb 5-1: config 0 descriptor??
[  337.855516][   T29] audit: type=1400 audit(1771603660.738:538): avc:  denied  { create } for  pid=11852 comm="syz.6.1558" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  338.306698][T11862] xt_ecn: cannot match TCP bits for non-tcp packets
[  338.535017][ T5812] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  338.567911][ T5812] gspca_sunplus: reg_w_riv err -71
[  338.578767][ T5812] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  338.755757][ T5812] usb 5-1: USB disconnect, device number 6
[  338.828868][T11872] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1561'.
[  339.246389][ T5812] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  339.267872][T11885] netlink: 'syz.4.1564': attribute type 13 has an invalid length.
[  339.406378][ T5812] usb 4-1: Using ep0 maxpacket: 16
[  339.423370][ T5812] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  339.447400][ T5812] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  339.460596][ T5812] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.547425][ T5812] usb 4-1: Product: syz
[  339.566581][ T5812] usb 4-1: Manufacturer: syz
[  339.597846][ T5812] usb 4-1: SerialNumber: syz
[  339.622283][ T5812] usb 4-1: config 0 descriptor??
[  339.681147][ T5812] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  339.736125][ T5812] em28xx 4-1:0.0: DVB interface 0 found: bulk
[  339.845772][ T7922] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  340.040910][ T7922] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  340.062815][ T7922] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  340.089346][ T7922] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  340.126866][ T7922] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  340.153581][ T7922] usb 7-1: Manufacturer: syz
[  340.186079][ T7922] usb 7-1: config 0 descriptor??
[  340.245791][   T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  340.314188][ T5812] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  340.901635][ T7922] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0
[  340.942687][ T7922] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0
[  340.976105][ T7922] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0
[  341.012358][ T7922] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0
[  341.050214][ T7922] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0
[  341.083552][ T7922] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0
[  341.116977][ T7922] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0
[  341.197242][ T7922] pyra 0003:1E7D:2CF6.0009: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0
[  341.730812][ T7922] pyra 0003:1E7D:2CF6.0009: couldn't init struct pyra_device
[  341.813342][ T7922] pyra 0003:1E7D:2CF6.0009: couldn't install mouse
[  341.915957][ T7922] pyra 0003:1E7D:2CF6.0009: probe with driver pyra failed with error -71
[  342.024898][   T10] usb 5-1: Using ep0 maxpacket: 16
[  342.063055][ T7922] usb 7-1: USB disconnect, device number 2
[  342.200674][ T5812] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  342.216106][   T10] usb 5-1: config 0 has no interfaces?
[  342.221618][   T10] usb 5-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00
[  342.252871][ T5812] em28xx 4-1:0.0: board has no eeprom
[  342.270645][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.315348][   T10] usb 5-1: config 0 descriptor??
[  342.388942][T11925] fido_id[11925]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  342.684643][ T5812] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  342.692525][ T5812] em28xx 4-1:0.0: dvb set to bulk mode.
[  342.745772][   T10] em28xx 4-1:0.0: Binding DVB extension
[  342.749288][T11936] netlink: 'syz.6.1574': attribute type 1 has an invalid length.
[  342.790273][T11936] 8021q: adding VLAN 0 to HW filter on device bond1
[  342.815569][T11936] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1574'.
[  342.830138][T11936] bond1: entered promiscuous mode
[  342.840613][ T5812] usb 4-1: USB disconnect, device number 10
[  342.844227][T11936] bond1: entered allmulticast mode
[  342.862657][T11936] bond1: (slave dummy0): making interface the new active one
[  342.882193][ T5812] em28xx 4-1:0.0: Disconnecting em28xx
[  342.888463][T11936] dummy0: entered promiscuous mode
[  342.893733][T11936] dummy0: entered allmulticast mode
[  342.904321][ T5872] usb 5-1: USB disconnect, device number 7
[  342.991730][T11936] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  343.036204][   T10] em28xx 4-1:0.0: Registering input extension
[  343.042961][ T5812] em28xx 4-1:0.0: Closing input extension
[  343.152068][ T5812] em28xx 4-1:0.0: Freeing device
[  344.514926][ T5473] lec:lec_start_xmit: lec0:No lecd attached
[  345.126661][   T29] audit: type=1400 audit(1771603668.022:539): avc:  denied  { create } for  pid=11971 comm="syz.8.1582" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  345.342829][   T29] audit: type=1400 audit(1771603668.022:540): avc:  denied  { bind } for  pid=11971 comm="syz.8.1582" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  345.744269][ T5808] Bluetooth: hci4: unexpected event for opcode 0x0c5a
[  345.878081][T11987] netlink: 'syz.2.1586': attribute type 1 has an invalid length.
[  346.577319][   T29] audit: type=1400 audit(1771603669.473:541): avc:  denied  { accept } for  pid=11989 comm="syz.6.1587" path="socket:[39135]" dev="sockfs" ino=39135 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  347.842671][T12012] netlink: 'syz.8.1593': attribute type 1 has an invalid length.
[  347.974244][T12012] bond1: entered promiscuous mode
[  347.984487][T12012] 8021q: adding VLAN 0 to HW filter on device bond1
[  348.015892][   T29] audit: type=1400 audit(1771603670.913:542): avc:  denied  { create } for  pid=12011 comm="syz.8.1593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  348.047698][T12014] bond1: (slave bridge2): making interface the new active one
[  348.055577][T12014] bridge2: entered promiscuous mode
[  348.062959][T12014] bond1: (slave bridge2): Enslaving as an active interface with an up link
[  348.111106][   T29] audit: type=1400 audit(1771603671.003:543): avc:  denied  { write } for  pid=12011 comm="syz.8.1593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  348.139619][T12012] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  348.152831][T12012] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  349.540866][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5030 ms
[  349.549326][    C1] lec:lec_tx_timeout: lec0
[  349.560664][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  349.655393][T12029] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  350.458973][T12029] picdev_read: 26 callbacks suppressed
[  350.458990][T12029] kvm: pic: non byte read
[  350.508961][T12029] kvm: pic: level sensitive irq not supported
[  350.509062][T12029] kvm: pic: non byte read
[  350.566510][T12029] kvm: pic: level sensitive irq not supported
[  350.578523][T12029] kvm: pic: non byte read
[  350.618967][T12029] kvm: pic: level sensitive irq not supported
[  350.619296][T12029] kvm: pic: non byte read
[  351.353230][   T29] audit: type=1400 audit(1771603674.205:544): avc:  denied  { execute } for  pid=12042 comm="syz.8.1600" path=2F6D656D66643A1033717D329ACEAF0386E7C0148F5ED5FDA10DAC374194EBCD09202864656C6574656429 dev="hugetlbfs" ino=39244 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  353.344814][   T29] audit: type=1804 audit(1771603676.246:545): pid=12074 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1609" name="/newroot/355/file0" dev="tmpfs" ino=1893 res=1 errno=0
[  353.740344][   T29] audit: type=1804 audit(1771603676.646:546): pid=12074 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.1609" name="/newroot/355/file0" dev="tmpfs" ino=1893 res=1 errno=0
[  354.568127][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  354.576180][    C1] lec:lec_tx_timeout: lec0
[  354.580801][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  355.029323][   T29] audit: type=1400 audit(1771603677.887:547): avc:  denied  { accept } for  pid=12103 comm="syz.4.1617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  356.529274][T12112] ip6_vti0 speed is unknown, defaulting to 1000
[  356.788916][T12125] syzkaller1: entered promiscuous mode
[  356.804750][T12125] syzkaller1: entered allmulticast mode
[  357.012617][   T29] audit: type=1400 audit(1771603679.908:548): avc:  denied  { ioctl } for  pid=12123 comm="syz.4.1621" path="socket:[38802]" dev="sockfs" ino=38802 ioctlcmd=0x9429 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  357.148398][   T29] audit: type=1400 audit(1771603680.038:549): avc:  denied  { recv } for  pid=0 comm="swapper/1" saddr=10.128.0.169 src=38018 daddr=10.128.0.56 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  357.525257][   T29] audit: type=1400 audit(1771603680.418:550): avc:  denied  { read append } for  pid=12142 comm="syz.4.1624" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  357.536782][T12144] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  357.728314][   T29] audit: type=1400 audit(1771603680.418:551): avc:  denied  { open } for  pid=12142 comm="syz.4.1624" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  358.618835][   T29] audit: type=1400 audit(1771603681.519:552): avc:  denied  { prog_load } for  pid=12165 comm="syz.6.1626" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  358.717930][   T29] audit: type=1400 audit(1771603681.519:553): avc:  denied  { bpf } for  pid=12165 comm="syz.6.1626" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  358.794899][   T29] audit: type=1400 audit(1771603681.679:554): avc:  denied  { write } for  pid=12165 comm="syz.6.1626" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  358.861433][   T29] audit: type=1400 audit(1771603681.679:555): avc:  denied  { open } for  pid=12165 comm="syz.6.1626" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  359.501811][   T29] audit: type=1400 audit(1771603682.399:556): avc:  denied  { read } for  pid=12180 comm="syz.6.1630" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  359.585642][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  359.593687][    C1] lec:lec_tx_timeout: lec0
[  359.598836][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  359.766215][   T29] audit: type=1400 audit(1771603682.429:557): avc:  denied  { open } for  pid=12180 comm="syz.6.1630" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  363.843331][   T29] kauditd_printk_skb: 3 callbacks suppressed
[  363.843344][   T29] audit: type=1400 audit(1771603686.731:561): avc:  denied  { setopt } for  pid=12228 comm="syz.2.1643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  364.314130][ T5879] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  364.602247][ T5879] usb 9-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  364.613259][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  364.621327][    C1] lec:lec_tx_timeout: lec0
[  364.626235][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  364.672940][ T5879] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.745217][ T5879] usb 9-1: Product: syz
[  364.780825][ T5879] usb 9-1: Manufacturer: syz
[  364.787936][   T29] audit: type=1400 audit(1771603687.612:562): avc:  denied  { map_create } for  pid=12240 comm="syz.4.1648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  364.836607][ T5879] usb 9-1: SerialNumber: syz
[  365.213756][   T29] audit: type=1400 audit(1771603687.652:563): avc:  denied  { map_read map_write } for  pid=12240 comm="syz.4.1648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  365.534751][T12248] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1649'.
[  365.729231][ T5879] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  365.755049][ T5879] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  367.569008][ T5879] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000040. ret = -EPROTO
[  367.583319][ T5879] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[  367.596442][ T5879] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  367.619584][ T5879] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  367.630639][ T5879] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  367.655387][ T5879] lan78xx 9-1:1.0: probe with driver lan78xx failed with error -71
[  367.690972][ T5879] usb 9-1: USB disconnect, device number 13
[  367.716373][   T29] audit: type=1400 audit(1771603690.623:564): avc:  denied  { write } for  pid=12270 comm="syz.6.1654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  367.752563][   T29] audit: type=1400 audit(1771603690.623:565): avc:  denied  { ioctl } for  pid=12270 comm="syz.6.1654" path="socket:[40005]" dev="sockfs" ino=40005 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  367.891514][   T29] audit: type=1400 audit(1771603690.793:566): avc:  denied  { mounton } for  pid=12274 comm="syz.3.1656" path="/61/file0" dev="tmpfs" ino=331 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  368.016783][   T29] audit: type=1804 audit(1771603690.913:567): pid=12275 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.1656" name="/newroot/61/file0" dev="fuse" ino=1 res=1 errno=0
[  368.038929][   T29] audit: type=1804 audit(1771603690.923:568): pid=12275 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.1656" name="/newroot/61/file0" dev="fuse" ino=1 res=1 errno=0
[  368.061253][   T29] audit: type=1800 audit(1771603690.923:569): pid=12275 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1656" name="/" dev="fuse" ino=1 res=0 errno=0
[  369.630586][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  369.638633][    C1] lec:lec_tx_timeout: lec0
[  369.650630][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  370.760105][ T7928] usb 9-1: new full-speed USB device number 14 using dummy_hcd
[  370.951639][ T7928] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  370.969963][ T7928] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  370.997990][ T7928] usb 9-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.00
[  371.007281][ T7928] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.024522][ T7928] usb 9-1: Product: syz
[  371.028755][ T7928] usb 9-1: Manufacturer: syz
[  371.039892][ T7928] usb 9-1: SerialNumber: syz
[  371.051200][ T7928] usb 9-1: config 0 descriptor??
[  371.825419][   T29] audit: type=1326 audit(1771603694.725:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12297 comm="syz.8.1662" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc1fbb9c629 code=0x0
[  371.921938][ T5812] usb 9-1: USB disconnect, device number 14
[  373.160703][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  373.195205][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  373.882659][   T29] audit: type=1400 audit(1771603696.796:571): avc:  denied  { prog_run } for  pid=12320 comm="syz.3.1668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  374.658060][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  374.666101][    C1] lec:lec_tx_timeout: lec0
[  374.677031][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  375.532839][   T29] audit: type=1400 audit(1771603698.427:572): avc:  denied  { write } for  pid=12331 comm="syz.6.1671" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  376.274407][T12251] bridge1: port 1(veth5) entered blocking state
[  376.300497][T12251] bridge1: port 1(veth5) entered disabled state
[  376.306975][T12251] veth5: entered allmulticast mode
[  376.328233][T12251] veth5: entered promiscuous mode
[  376.375869][T12254] bridge1: port 2(veth7) entered blocking state
[  376.396129][T12254] bridge1: port 2(veth7) entered disabled state
[  376.409248][T12254] veth7: entered allmulticast mode
[  376.419415][T12254] veth7: entered promiscuous mode
[  378.362962][T12372] mac80211_hwsim hwsim28 wlan0: entered allmulticast mode
[  378.388893][T12372] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  379.685714][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  379.693766][    C1] lec:lec_tx_timeout: lec0
[  379.699503][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  380.582092][ T5879] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  380.645090][   T29] audit: type=1400 audit(1771603703.369:573): avc:  denied  { bind } for  pid=12397 comm="syz.2.1692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  380.823171][ T5879] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  380.832808][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.841076][ T5879] usb 5-1: Product: syz
[  380.847469][ T5879] usb 5-1: Manufacturer: syz
[  380.852153][ T5879] usb 5-1: SerialNumber: syz
[  380.859902][ T5879] usb 5-1: config 0 descriptor??
[  381.155433][ T5879] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  381.926272][T12420] netlink: 'syz.8.1698': attribute type 1 has an invalid length.
[  381.934092][T12420] netlink: 'syz.8.1698': attribute type 4 has an invalid length.
[  381.942268][T12420] netlink: 9462 bytes leftover after parsing attributes in process `syz.8.1698'.
[  382.520350][T12422] netlink: 'syz.8.1698': attribute type 1 has an invalid length.
[  382.529554][T12422] netlink: 'syz.8.1698': attribute type 4 has an invalid length.
[  382.541579][T12422] netlink: 9462 bytes leftover after parsing attributes in process `syz.8.1698'.
[  382.737852][   T29] audit: type=1400 audit(1771603705.621:574): avc:  denied  { ioctl } for  pid=12419 comm="syz.8.1698" path="socket:[40701]" dev="sockfs" ino=40701 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  383.217809][ T5879] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  383.550155][ T5879] usb 5-1: USB disconnect, device number 8
[  384.080079][T12442] batman_adv: batadv0: Removing interface: batadv_slave_0
[  384.187759][T12442] batman_adv: batadv0: Removing interface: batadv_slave_1
[  384.300972][T12447] ptrace attach of "./syz-executor exec"[5809] was attempted by " Àÿ      Ðÿ      ð¥      Àÿ      Àÿ      Ðÿ      àÿ              ðÿ      °ÿ      Àÿ                 ÿÿÿÿ                                                                                                                                                                                                                                                                                                                                                                                                                      /sys/kernel/debug/binder/stats                                                                                                  8             
€      \x09       Û       
    þÿÿú  ÿÿÿÿ                                                                                                                                                                                                                                                                   
[  384.713023][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  384.812092][    C1] lec:lec_tx_timeout: lec0
[  384.816749][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  385.524917][T12469] netlink: 'syz.2.1710': attribute type 1 has an invalid length.
[  385.533789][T12469] netlink: 'syz.2.1710': attribute type 3 has an invalid length.
[  385.541552][T12469] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1710'.
[  389.144938][   T29] audit: type=1400 audit(1771603712.064:575): avc:  denied  { listen } for  pid=12495 comm="syz.6.1721" lport=53785 faddr=fc00:: scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  389.271587][ T7907] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  389.471953][ T7907] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  389.794332][ T7907] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  389.818355][ T7907] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  389.834474][ T7907] usb 4-1: config 0 interface 0 has no altsetting 0
[  389.866799][ T7907] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  389.885310][ T7907] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  389.913168][ T7907] usb 4-1: config 0 interface 0 has no altsetting 0
[  389.929085][ T7907] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  389.946036][ T7907] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  389.970134][ T7907] usb 4-1: config 0 interface 0 has no altsetting 0
[  389.987121][ T7907] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  390.008554][ T7907] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  390.037160][ T7907] usb 4-1: config 0 interface 0 has no altsetting 0
[  390.058125][ T7907] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  390.101041][ T7907] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  390.117859][ T7907] usb 4-1: config 0 interface 0 has no altsetting 0
[  390.127347][ T7907] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  390.136805][ T7907] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  390.196257][ T7907] usb 4-1: config 0 interface 0 has no altsetting 0
[  390.217736][ T7907] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  390.248026][ T7907] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  390.274985][ T7907] usb 4-1: config 0 interface 0 has no altsetting 0
[  390.289227][ T7907] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  390.469177][ T7907] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  390.481201][ T7907] usb 4-1: config 0 interface 0 has no altsetting 0
[  390.612392][ T7907] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  390.622264][ T7907] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  390.666867][ T7907] usb 4-1: Product: syz
[  390.674157][ T7907] usb 4-1: Manufacturer: syz
[  390.680940][ T7907] usb 4-1: SerialNumber: syz
[  390.691351][ T7907] usb 4-1: config 0 descriptor??
[  390.707503][ T7907] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  391.039920][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 6230 ms
[  391.047998][    C1] lec:lec_tx_timeout: lec0
[  391.059902][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  392.734731][ T7912] usb 4-1: USB disconnect, device number 11
[  392.791702][ T7912] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  394.088732][T12550] x_tables: ip_tables: ah match: only valid for protocol 51
[  396.797007][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5740 ms
[  396.805036][    C1] lec:lec_tx_timeout: lec0
[  396.809912][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  397.408725][   T29] audit: type=1400 audit(1771603720.328:576): avc:  denied  { watch } for  pid=12574 comm="syz.3.1746" path="/81/bus/file1" dev="overlay" ino=442 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  397.457673][T12578] syzkaller0: entered promiscuous mode
[  397.495635][T12578] syzkaller0: entered allmulticast mode
[  398.287496][T12585] capability: warning: `syz.4.1748' uses 32-bit capabilities (legacy support in use)
[  402.434816][ T7912] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  402.554109][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5750 ms
[  402.562185][    C1] lec:lec_tx_timeout: lec0
[  402.574203][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  403.678999][ T7912] usb 5-1: Using ep0 maxpacket: 16
[  403.686424][ T7912] usb 5-1: config 1 has an invalid interface number: 69 but max is 0
[  403.703915][ T7912] usb 5-1: config 1 has no interface number 0
[  403.711287][ T7912] usb 5-1: config 1 interface 69 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  403.721769][ T7912] usb 5-1: config 1 interface 69 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 64
[  403.734261][ T7912] usb 5-1: config 1 interface 69 has no altsetting 0
[  403.748525][ T7912] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a7e, bcdDevice=60.c4
[  403.760243][ T7912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.783531][ T7912] usb 5-1: Product: syz
[  403.798363][ T7912] usb 5-1: Manufacturer: syz
[  403.809609][ T7912] usb 5-1: SerialNumber: syz
[  403.833264][T12616] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  403.853845][T12616] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  403.876109][ T7912] ipaq 5-1:1.69: PocketPC PDA converter detected
[  404.226767][ T7912] ipaq 5-1:1.69: probe with driver ipaq failed with error -71
[  404.265950][ T7912] usb 5-1: USB disconnect, device number 9
[  404.532305][   T29] audit: type=1400 audit(1771603727.311:577): avc:  denied  { override_creds } for  pid=12625 comm="syz.6.1761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  405.669109][T12645] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1763'.
[  406.086826][T12644] syzkaller0: entered promiscuous mode
[  406.094334][T12644] syzkaller0: entered allmulticast mode
[  406.110124][T12644] tipc: Started in network mode
[  406.131367][T12644] tipc: Node identity 2aad28be3e18, cluster identity 4711
[  406.145822][T12644] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  406.157920][T12643] tipc: Resetting bearer <eth:syzkaller0>
[  406.199030][T12643] tipc: Disabling bearer <eth:syzkaller0>
[  407.581622][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  407.589652][    C1] lec:lec_tx_timeout: lec0
[  407.594861][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  408.172388][T12661] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  408.251044][   T29] audit: type=1400 audit(1771603731.113:578): avc:  denied  { shutdown } for  pid=12664 comm="syz.2.1770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  408.292275][T12661] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  408.298465][T12661] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  408.312595][T12661] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  410.154417][ T5808] Bluetooth: hci0: command 0x0c1a tx timeout
[  410.358008][   T29] audit: type=1800 audit(1771603733.114:579): pid=12682 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.1773" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  410.406042][ T5808] Bluetooth: hci4: command 0x0c1a tx timeout
[  410.412679][ T5808] Bluetooth: hci5: command 0x0c1a tx timeout
[  410.418710][ T5808] Bluetooth: hci3: command 0x0c1a tx timeout
[  412.609086][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  412.617156][    C1] lec:lec_tx_timeout: lec0
[  412.622871][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  414.067306][T12723] Set syz1 is full, maxelem 6117 reached
[  414.738319][   T29] audit: type=1400 audit(1771603737.557:580): avc:  denied  { create } for  pid=12730 comm="syz.6.1788" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  417.636557][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  417.644597][    C1] lec:lec_tx_timeout: lec0
[  417.649283][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  418.179676][T12767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1795'.
[  418.294184][   T29] audit: type=1400 audit(1771603741.198:581): avc:  denied  { mount } for  pid=12762 comm="syz.6.1797" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  418.635458][   T29] audit: type=1400 audit(1771603741.208:582): avc:  denied  { unmount } for  pid=12762 comm="syz.6.1797" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  418.654497][T12767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1795'.
[  421.657550][   T29] audit: type=1400 audit(1771603744.590:583): avc:  denied  { setopt } for  pid=12804 comm="syz.4.1808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  422.057672][ T7907] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  422.256416][ T7907] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  422.267933][ T7907] usb 5-1: config 0 interface 0 has no altsetting 0
[  422.286986][ T7907] usb 5-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=b1.f9
[  422.297218][ T7907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.315125][ T7907] usb 5-1: Product: syz
[  422.325081][ T7907] usb 5-1: Manufacturer: syz
[  422.335170][ T7907] usb 5-1: SerialNumber: syz
[  422.398042][ T7907] usb 5-1: config 0 descriptor??
[  422.447265][ T7907] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  422.468948][ T7907] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  422.654040][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  422.654120][    C1] lec:lec_tx_timeout: lec0
[  422.654200][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  422.873685][ T7907] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  422.873780][ T7907] usb 5-1: media controller created
[  423.098498][ T7907] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  423.362007][T12832] openvswitch: netlink: Flow key attr not present in new flow.
[  423.488352][ T7907] DVB: Unable to find symbol tda10046_attach()
[  423.508268][ T7907] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  423.563190][   T29] audit: type=1400 audit(1771603746.491:584): avc:  denied  { setopt } for  pid=12834 comm="syz.8.1816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  423.616688][ T7907] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  424.608144][ T7907] dvb_usb_m920x 5-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  424.666155][   T29] audit: type=1804 audit(1771603747.572:585): pid=12843 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1818" name="bus" dev="ramfs" ino=43284 res=1 errno=0
[  424.687763][ T7907] usb 5-1: USB disconnect, device number 10
[  424.783134][   T29] audit: type=1804 audit(1771603747.572:586): pid=12843 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.1818" name="bus" dev="ramfs" ino=43284 res=1 errno=0
[  424.845989][   T29] audit: type=1400 audit(1771603747.582:587): avc:  denied  { watch watch_reads } for  pid=12839 comm="syz.3.1817" path="pipe:[42415]" dev="pipefs" ino=42415 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  425.083746][ T5879] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  425.253671][ T5879] usb 7-1: Using ep0 maxpacket: 16
[  425.266314][ T5879] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  425.293382][ T5879] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  425.323402][ T5879] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  425.342114][ T5879] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  425.383291][ T5879] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  425.399408][ T5879] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  425.411393][ T5879] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  425.420367][ T5879] usb 7-1: Manufacturer: syz
[  425.514083][ T5879] usb 7-1: config 0 descriptor??
[  427.472636][ T5879] rc_core: IR keymap rc-hauppauge not found
[  427.508176][ T5879] Registered IR keymap rc-empty
[  427.545602][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  427.642513][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  427.661564][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  427.669608][    C1] lec:lec_tx_timeout: lec0
[  427.674165][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  427.764446][T12868] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1825'.
[  427.775000][ T5879] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  427.801813][T12868] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1825'.
[  427.813598][ T5879] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input23
[  427.915277][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  427.943696][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  427.989113][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  428.032312][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  428.072067][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  428.113142][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  428.152743][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  428.194231][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  428.222164][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  428.242297][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  428.280356][ T5879] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  428.393230][ T5879] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  428.409561][ T5879] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  428.425812][ T5879] usb 7-1: USB disconnect, device number 3
[  428.511309][ T7928] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  428.681094][ T7928] usb 3-1: Using ep0 maxpacket: 32
[  430.767156][ T5806] Bluetooth: hci0: unexpected event for opcode 0x0c7b
[  431.679222][ T5879] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  431.760340][T12928] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12928 comm=syz.8.1841
[  432.197133][T12928] netlink: 'syz.8.1841': attribute type 1 has an invalid length.
[  432.222651][ T5879] usb 4-1: config 22 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  432.251811][ T5879] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  432.275256][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  432.291801][ T5879] usb 4-1: SerialNumber: syz
[  432.322703][ T7928] usb 3-1: unable to get BOS descriptor or descriptor too short
[  432.448821][ T7928] usb 3-1: unable to read config index 0 descriptor/start: -71
[  432.479216][ T7928] usb 3-1: can't read configurations, error -71
[  432.492342][T12930] bond2: (slave gretap1): making interface the new active one
[  432.511160][T12930] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  432.689021][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  432.697077][    C1] lec:lec_tx_timeout: lec0
[  432.702217][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  432.772092][T12928] vlan2: entered allmulticast mode
[  433.320683][T12928] bond2: entered allmulticast mode
[  433.333382][T12928] gretap1: entered allmulticast mode
[  433.495136][T12928] bond2: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  434.076411][ T5879] cdc_ether 4-1:22.0 usb0: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42
[  434.104501][T12939] ip6_vti0 speed is unknown, defaulting to 1000
[  434.371768][   T29] audit: type=1326 audit(1771603757.306:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12955 comm="syz.2.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a2719c629 code=0x7ffc0000
[  434.395726][   T29] audit: type=1326 audit(1771603757.306:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12955 comm="syz.2.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a2719c629 code=0x7ffc0000
[  434.451442][   T29] audit: type=1326 audit(1771603757.386:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12955 comm="syz.2.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a2719c629 code=0x7ffc0000
[  434.641186][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  434.647748][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  434.779979][ T5806] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  434.790888][ T5806] Bluetooth: hci0: Injecting HCI hardware error event
[  434.802232][ T5808] Bluetooth: hci0: hardware error 0x00
[  434.829486][   T29] audit: type=1326 audit(1771603757.767:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12955 comm="syz.2.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f7a2719c629 code=0x7ffc0000
[  434.875666][   T29] audit: type=1326 audit(1771603757.767:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12955 comm="syz.2.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a2719c629 code=0x7ffc0000
[  434.974821][ T7928] usb 4-1: USB disconnect, device number 12
[  434.990093][ T7928] cdc_ether 4-1:22.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device
[  435.003574][   T29] audit: type=1326 audit(1771603757.767:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12955 comm="syz.2.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a2719c629 code=0x7ffc0000
[  435.049449][   T29] audit: type=1326 audit(1771603757.767:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12955 comm="syz.2.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a2719c629 code=0x7ffc0000
[  435.267194][   T29] audit: type=1326 audit(1771603757.767:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12955 comm="syz.2.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a2719c629 code=0x7ffc0000
[  435.785656][   T29] audit: type=1326 audit(1771603757.767:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12955 comm="syz.2.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f7a2719c629 code=0x7ffc0000
[  435.952273][   T29] audit: type=1326 audit(1771603757.767:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12955 comm="syz.2.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a2719c629 code=0x7ffc0000
[  436.587846][T12978] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1854'.
[  436.861835][ T5808] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  437.895972][T12978] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12978 comm=syz.3.1854
[  439.015884][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 6320 ms
[  439.024019][    C1] lec:lec_tx_timeout: lec0
[  439.028704][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  444.783212][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5760 ms
[  444.791242][    C1] lec:lec_tx_timeout: lec0
[  444.803004][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  445.791072][   T29] kauditd_printk_skb: 62 callbacks suppressed
[  445.791092][   T29] audit: type=1400 audit(1771603768.712:660): avc:  denied  { listen } for  pid=13081 comm="syz.2.1877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  445.853083][   T29] audit: type=1400 audit(1771603768.712:661): avc:  denied  { accept } for  pid=13081 comm="syz.2.1877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  446.102007][T13094] Cannot find add_set index 0 as target
[  448.172957][T13115] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1887'.
[  450.540128][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5740 ms
[  450.548225][    C1] lec:lec_tx_timeout: lec0
[  450.553781][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  451.892073][T13138] syzkaller0: entered promiscuous mode
[  451.907929][T13138] syzkaller0: entered allmulticast mode
[  451.965091][   T29] audit: type=1400 audit(1771603774.915:662): avc:  denied  { mount } for  pid=13145 comm="syz.3.1896" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  451.996075][T13146] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  452.013831][   T29] audit: type=1400 audit(1771603774.945:663): avc:  denied  { mounton } for  pid=13145 comm="syz.3.1896" path="/110/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  452.094839][   T29] audit: type=1400 audit(1771603775.025:664): avc:  denied  { associate } for  pid=13147 comm="syz.2.1897" name="3" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  452.145367][T13146] ip6_vti0 speed is unknown, defaulting to 1000
[  452.219368][T13151] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1899'.
[  452.954690][T13169] Set syz1 is full, maxelem 65536 reached
[  454.076682][   T29] audit: type=1800 audit(1771603777.016:665): pid=13190 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.6.1895" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  454.341057][T13193] ip6_vti0 speed is unknown, defaulting to 1000
[  454.402088][T13197] syzkaller0: entered promiscuous mode
[  454.407670][T13197] syzkaller0: entered allmulticast mode
[  455.557757][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  455.565860][    C1] lec:lec_tx_timeout: lec0
[  455.570898][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  456.110334][T13218] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1918'.
[  456.129244][T13218] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1918'.
[  459.233215][T13248] netlink: set zone limit has 4 unknown bytes
[  460.336332][T13257] __kmem_cache_create_args(9p-fcall-cache-1) failed with error -12
[  460.344277][T13257] CPU: 0 UID: 0 PID: 13257 Comm: syz.4.1930 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  460.344301][T13257] Tainted: [L]=SOFTLOCKUP
[  460.344307][T13257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  460.344315][T13257] Call Trace:
[  460.344322][T13257]  <TASK>
[  460.344328][T13257]  dump_stack_lvl+0x100/0x190
[  460.344354][T13257]  __kmem_cache_create_args.cold+0x33/0x6e
[  460.344375][T13257]  p9_client_create+0xa5d/0xd40
[  460.344392][T13257]  ? __pfx_p9_client_create+0x10/0x10
[  460.344408][T13257]  ? lockdep_init_map_type+0x5c/0x250
[  460.344431][T13257]  ? __raw_spin_lock_init+0x3a/0x110
[  460.344446][T13257]  v9fs_session_init+0x40/0xce0
[  460.344463][T13257]  ? kasan_save_track+0x14/0x30
[  460.344487][T13257]  v9fs_get_tree+0xb8/0xb50
[  460.344504][T13257]  ? rcu_is_watching+0x12/0xc0
[  460.344519][T13257]  ? __pfx_v9fs_get_tree+0x10/0x10
[  460.344535][T13257]  ? bpf_lsm_capable+0x9/0x10
[  460.344546][T13257]  ? security_capable+0x80/0x260
[  460.344564][T13257]  vfs_get_tree+0x92/0x320
[  460.344582][T13257]  path_mount+0x7d0/0x23d0
[  460.344598][T13257]  ? __pfx_path_mount+0x10/0x10
[  460.344610][T13257]  ? irqentry_exit+0x180/0x670
[  460.344626][T13257]  ? __x64_sys_mount+0x206/0x310
[  460.344641][T13257]  ? __x64_sys_mount+0x293/0x310
[  460.344654][T13257]  __x64_sys_mount+0x293/0x310
[  460.344667][T13257]  ? __pfx___x64_sys_mount+0x10/0x10
[  460.344683][T13257]  do_syscall_64+0x106/0xf80
[  460.344694][T13257]  ? clear_bhb_loop+0x40/0x90
[  460.344707][T13257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.344719][T13257] RIP: 0033:0x7f793f19c629
[  460.344733][T13257] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  460.344744][T13257] RSP: 002b:00007f79400e2028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  460.344756][T13257] RAX: ffffffffffffffda RBX: 00007f793f416180 RCX: 00007f793f19c629
[  460.344763][T13257] RDX: 0000200000000e40 RSI: 0000200000000040 RDI: 0000000000000000
[  460.344770][T13257] RBP: 00007f793f232b39 R08: 0000200000000e80 R09: 0000000000000000
[  460.344776][T13257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  460.344782][T13257] R13: 00007f793f416218 R14: 00007f793f416180 R15: 00007ffd5095bb48
[  460.344795][T13257]  </TASK>
[  460.575250][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  460.583395][    C1] lec:lec_tx_timeout: lec0
[  460.593337][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  460.674277][T13260] overlayfs: missing 'lowerdir'
[  461.047849][   T29] audit: type=1326 audit(1771603784.000:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13261 comm="syz.2.1932" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7a2719c629 code=0x0
[  461.111503][T13265] overlayfs: failed to clone upperpath
[  461.667940][ T7928] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  462.376883][ T7928] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  462.399453][ T7928] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  462.440449][ T7928] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  463.157203][ T7928] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  463.264113][ T7928] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  463.282189][ T7928] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  463.304838][ T7928] usb 5-1: Manufacturer: syz
[  463.344242][ T7928] usb 5-1: config 0 descriptor??
[  463.815189][ T7928] appleir 0003:05AC:8243.000A: unknown main item tag 0x0
[  463.943690][ T7928] appleir 0003:05AC:8243.000A: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  464.015050][ T7928] usb 5-1: USB disconnect, device number 11
[  464.112562][T13305] fido_id[13305]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  465.602688][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  465.610770][    C1] lec:lec_tx_timeout: lec0
[  465.615750][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  466.235613][T13334] netlink: 'syz.2.1947': attribute type 12 has an invalid length.
[  466.262394][ T7907] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  466.738081][ T7907] usb 7-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  466.771876][ T7907] usb 7-1: config 0 interface 0 has no altsetting 0
[  466.800285][T13339] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13339 comm=syz.4.1952
[  466.817855][ T7907] usb 7-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00
[  466.860815][ T7907] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.965887][ T7907] usb 7-1: config 0 descriptor??
[  466.972455][T13325] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  467.272913][T13325] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  467.622658][T13325] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  467.636578][T13325] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  467.648788][T13325] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  467.890121][ T7907] kye 0003:0458:4018.000B: bogus close delimiter
[  467.954410][ T7907] kye 0003:0458:4018.000B: item 0 0 2 10 parsing failed
[  467.964943][ T7907] kye 0003:0458:4018.000B: parse failed
[  467.982137][ T7907] kye 0003:0458:4018.000B: probe with driver kye failed with error -22
[  468.528537][T13363] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1959'.
[  469.250795][   T29] audit: type=1800 audit(1771603792.194:667): pid=13354 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.1957" name="bus" dev="ramfs" ino=44377 res=0 errno=0
[  469.359247][ T7907] usb 7-1: USB disconnect, device number 4
[  469.438214][T13369] syzkaller0: entered promiscuous mode
[  469.450904][T13369] syzkaller0: entered allmulticast mode
[  469.801374][ T5808] Bluetooth: hci4: command 0x0c1a tx timeout
[  470.260264][ T7928] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  470.539350][ T7928] usb 9-1: Using ep0 maxpacket: 32
[  470.552036][ T7928] usb 9-1: config 0 has an invalid interface number: 51 but max is 0
[  470.568554][ T7928] usb 9-1: config 0 has no interface number 0
[  470.590985][ T7928] usb 9-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  470.620060][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  470.628096][    C1] lec:lec_tx_timeout: lec0
[  470.640227][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  470.795775][T13405] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1970'.
[  470.830859][ T7928] usb 9-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  471.548662][   T29] audit: type=1400 audit(1771603794.105:668): avc:  denied  { read } for  pid=13403 comm="syz.4.1973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  471.600918][   T29] audit: type=1400 audit(1771603794.255:669): avc:  denied  { setopt } for  pid=13403 comm="syz.4.1973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  471.706236][ T7928] usb 9-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  471.753441][ T7928] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.783137][ T7928] usb 9-1: Product: syz
[  471.787885][ T7928] usb 9-1: Manufacturer: syz
[  471.793996][ T7928] usb 9-1: SerialNumber: syz
[  471.819003][T13413] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  471.833222][ T7928] usb 9-1: config 0 descriptor??
[  471.856853][ T7928] quatech2 9-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  472.068800][ T7928] usb 9-1: qt2_setup_urbs - submit read urb failed -90
[  472.110885][T13413] SELinux: failed to load policy
[  472.116155][ T7928] quatech2 9-1:0.51: probe with driver quatech2 failed with error -90
[  472.131993][T13425] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1977'.
[  472.160445][T13425] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1977'.
[  472.341361][ T5879] usb 9-1: USB disconnect, device number 15
[  472.638659][   T29] audit: type=1400 audit(1771603795.415:670): avc:  denied  { execheap } for  pid=13429 comm="syz.4.1978" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  473.577926][   T29] audit: type=1400 audit(1771603795.576:671): avc:  denied  { remount } for  pid=13428 comm="syz.2.1979" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  473.701218][T13446] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1982'.
[  475.657537][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  475.665585][    C1] lec:lec_tx_timeout: lec0
[  475.677607][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  477.742083][ T5808] Bluetooth: hci4: SCO packet for unknown connection handle 0
[  478.837517][T13477] io-wq is not configured for unbound workers
[  479.227250][   T29] audit: type=1400 audit(1771603802.169:672): avc:  denied  { write } for  pid=13480 comm="syz.8.1989" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  481.529615][T13508] Cannot find set identified by id 0 to match
[  481.874461][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 6200 ms
[  481.882517][    C1] lec:lec_tx_timeout: lec0
[  481.888213][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  483.164984][   T29] audit: type=1400 audit(1771603805.520:673): avc:  denied  { block_suspend } for  pid=13525 comm="syz.2.2007" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  484.349033][T13539] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2010'.
[  487.631659][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5750 ms
[  487.639750][    C1] lec:lec_tx_timeout: lec0
[  487.645275][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  488.568491][   T29] audit: type=1400 audit(1771603811.534:674): avc:  denied  { connect } for  pid=13605 comm="syz.8.2027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  488.860626][T13610] netlink: 'syz.6.2028': attribute type 1 has an invalid length.
[  488.887411][   T29] audit: type=1400 audit(1771603811.704:675): avc:  denied  { write } for  pid=13605 comm="syz.8.2027" path="socket:[44942]" dev="sockfs" ino=44942 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  489.842248][T13610] bond2: (slave gretap1): Enslaving as a backup interface with an up link
[  489.944863][T13610] macvlan2: entered promiscuous mode
[  489.963265][T13610] macvlan2: entered allmulticast mode
[  489.984985][T13610] bond2: entered promiscuous mode
[  490.007660][T13610] gretap1: entered promiscuous mode
[  490.033914][T13610] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  490.184135][T13610] bond2: left promiscuous mode
[  490.188971][T13610] gretap1: left promiscuous mode
[  491.061454][T13637] netlink: 'syz.6.2034': attribute type 39 has an invalid length.
[  491.236118][T13641] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -17959, delta: 1
[  491.248791][   T29] audit: type=1804 audit(1771603814.205:676): pid=13641 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.2035" name="/newroot/182/file0" dev="tmpfs" ino=982 res=1 errno=0
[  491.290232][T13641] ref_ctr increment failed for inode: 0x3d6 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff888066c24980
[  491.326128][T13635] ip6_vti0 speed is unknown, defaulting to 1000
[  492.098711][T13641] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -17959, delta: -1
[  492.159351][T13641] ref_ctr decrement failed for inode: 0x3d6 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff888066c24980
[  492.234795][T13644] netlink: 277 bytes leftover after parsing attributes in process `syz.3.2038'.
[  492.364988][T13641] uprobe: syz.4.2035:13641 failed to unregister, leaking uprobe
[  492.600479][T13664] netlink: 'syz.2.2042': attribute type 10 has an invalid length.
[  492.608522][T13664] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  492.618772][T13664] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  492.649030][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  492.657077][    C1] lec:lec_tx_timeout: lec0
[  492.669088][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  494.148997][ T5879] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  494.641767][ T5879] usb 9-1: Using ep0 maxpacket: 16
[  494.665073][ T5879] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  494.723135][ T5879] usb 9-1: config 0 has no interfaces?
[  494.839437][ T5879] usb 9-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.5a
[  494.898660][ T5879] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.951748][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  495.958238][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  496.101746][ T5879] usb 9-1: config 0 descriptor??
[  496.825422][T13674] netlink: 36 bytes leftover after parsing attributes in process `syz.8.2046'.
[  496.834676][T13674] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2046'.
[  497.046095][ T7907] usb 9-1: USB disconnect, device number 16
[  498.282310][   T29] audit: type=1400 audit(1771603821.248:677): avc:  denied  { getopt } for  pid=13702 comm="syz.6.2053" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  498.516078][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5850 ms
[  498.524231][    C1] lec:lec_tx_timeout: lec0
[  498.528976][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  499.679456][T13727] fuse: Bad value for 'fd'
[  499.687468][T13727] Set syz0 is full, maxelem 0 reached
[  499.698628][T13727] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  499.944101][T13733] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2063'.
[  499.997379][T13733] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[  500.087350][   T29] audit: type=1326 audit(1771603823.059:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13737 comm="syz.4.2064" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f793f19c629 code=0x0
[  501.507897][T13758] syzkaller0: entered promiscuous mode
[  501.514668][T13758] syzkaller0: entered allmulticast mode
[  501.555259][ T5879] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  501.730582][ T5879] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  501.769582][ T5879] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  501.788144][ T5879] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  501.820663][ T5879] usb 7-1: Manufacturer: syz
[  501.847234][ T5879] usb 7-1: config 0 descriptor??
[  501.963884][ T5879] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  502.187927][ T7907] IPVS: starting estimator thread 0...
[  502.393334][T13767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2074'.
[  502.444902][T13765] IPVS: using max 42 ests per chain, 100800 per kthread
[  502.502156][T13746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  502.541937][T13770] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  502.563373][T13746] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  502.645093][ T7928] usb 7-1: USB disconnect, device number 5
[  502.896987][T13782] xt_hashlimit: max too large, truncated to 1048576
[  502.917719][T13782] xt_hashlimit: overflow, rate too high: 0
[  502.994945][T13779] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2079'.
[  503.533724][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  503.541763][    C1] lec:lec_tx_timeout: lec0
[  503.547623][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  505.430056][ T7922] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  506.118813][ T7922] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  506.131456][ T7922] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  506.148446][ T7922] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  506.162019][ T7922] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  506.180664][ T7922] usb 7-1: Manufacturer: syz
[  506.201723][ T7922] usb 7-1: config 0 descriptor??
[  507.367574][ T7922] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  507.412916][ T7922] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  507.440118][ T7922] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  507.468353][ T7922] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  507.492485][ T7922] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  507.509608][ T7922] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  507.529957][ T7922] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  507.534090][T13816] syzkaller0: entered promiscuous mode
[  507.542911][T13816] syzkaller0: entered allmulticast mode
[  507.702525][ T7922] pyra 0003:1E7D:2CF6.000C: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0
[  508.561095][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  508.569155][    C1] lec:lec_tx_timeout: lec0
[  508.573916][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  508.928968][ T7922] pyra 0003:1E7D:2CF6.000C: couldn't init struct pyra_device
[  508.942316][ T7922] pyra 0003:1E7D:2CF6.000C: couldn't install mouse
[  508.968191][ T7922] pyra 0003:1E7D:2CF6.000C: probe with driver pyra failed with error -71
[  509.001807][ T7922] usb 7-1: USB disconnect, device number 6
[  509.772949][T13842] fido_id[13842]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  512.420252][   T29] audit: type=1400 audit(1771603835.395:679): avc:  denied  { create } for  pid=13875 comm="syz.6.2103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  512.444719][   T29] audit: type=1400 audit(1771603835.405:680): avc:  denied  { connect } for  pid=13875 comm="syz.6.2103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  512.591095][   T29] audit: type=1400 audit(1771603835.495:681): avc:  denied  { getopt } for  pid=13875 comm="syz.6.2103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  513.172030][   T29] audit: type=1400 audit(1771603836.056:682): avc:  denied  { ioctl } for  pid=13875 comm="syz.6.2103" path="socket:[45698]" dev="sockfs" ino=45698 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  513.588562][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  513.596620][    C1] lec:lec_tx_timeout: lec0
[  513.608705][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  515.400905][   T29] audit: type=1400 audit(1771603838.377:683): avc:  denied  { create } for  pid=13912 comm="syz.3.2114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  517.645550][  T760] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  517.909036][T13945] netlink: 2048 bytes leftover after parsing attributes in process `syz.4.2120'.
[  517.945116][T13945] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2120'.
[  518.591679][  T760] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.616051][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  518.624142][    C1] lec:lec_tx_timeout: lec0
[  518.628733][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  518.718914][  T760] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.478886][  T760] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  521.698940][T13991] netlink: 'syz.2.2130': attribute type 11 has an invalid length.
[  522.024939][  T760] bridge_slave_1: left allmulticast mode
[  522.042908][  T760] bridge_slave_1: left promiscuous mode
[  522.148722][  T760] bridge0: port 2(bridge_slave_1) entered disabled state
[  522.596224][  T760] bridge_slave_0: left allmulticast mode
[  522.614248][  T760] bridge_slave_0: left promiscuous mode
[  522.640786][  T760] bridge0: port 1(bridge_slave_0) entered disabled state
[  523.583108][ T3512] smc: removing ib device syz2
[  523.634687][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  523.642818][    C1] lec:lec_tx_timeout: lec0
[  523.648976][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  525.383246][  T760] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  525.548551][  T760] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  526.017587][  T760] bond0 (unregistering): Released all slaves
[  529.850507][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 6200 ms
[  529.858557][    C1] lec:lec_tx_timeout: lec0
[  529.863307][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  533.056571][   T29] audit: type=1326 audit(1771603856.046:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14109 comm="syz.4.2160" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f793f19c629 code=0x0
[  533.624372][T14123] netlink: 'syz.3.2146': attribute type 1 has an invalid length.
[  533.684444][T14123] bond2: entered promiscuous mode
[  533.699928][T14117] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2160'.
[  533.714199][T14123] bond2: entered allmulticast mode
[  533.893950][T14123] 8021q: adding VLAN 0 to HW filter on device bond2
[  534.413913][T14127] erspan1: entered allmulticast mode
[  534.439174][T14127] bond2: (slave erspan1): making interface the new active one
[  534.453362][T14127] erspan1: entered promiscuous mode
[  534.462258][T14127] bond2: (slave erspan1): Enslaving as an active interface with an up link
[  534.732787][   T29] audit: type=1400 audit(1771603857.717:685): avc:  denied  { getopt } for  pid=14137 comm="syz.3.2166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  535.123836][ T5808] Bluetooth: hci4: unexpected event for opcode 0x1408
[  535.617521][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5760 ms
[  535.625606][    C1] lec:lec_tx_timeout: lec0
[  535.630460][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  535.774653][T14161] netlink: 'syz.2.2169': attribute type 1 has an invalid length.
[  535.910678][T14173] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2169'.
[  535.955028][T14173] bond4: (slave bridge4): making interface the new active one
[  535.966734][T14173] bond4: (slave bridge4): Enslaving as an active interface with an up link
[  537.272444][T14161] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2169'.
[  537.310517][  T760] hsr_slave_0: left promiscuous mode
[  537.599712][  T760] hsr_slave_1: left promiscuous mode
[  537.605487][  T760] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  537.720618][  T760] batman_adv: batadv0: Removing interface: batadv_slave_0
[  537.927214][  T760] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  537.955450][  T760] batman_adv: batadv0: Removing interface: batadv_slave_1
[  538.637583][  T760] veth1_macvtap: left promiscuous mode
[  538.646645][  T760] veth0_macvtap: left promiscuous mode
[  538.652296][  T760] veth1_vlan: left promiscuous mode
[  538.685699][  T760] veth0_vlan: left promiscuous mode
[  538.791498][T14197] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2177'.
[  538.822338][T14197] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2177'.
[  538.866161][T14197] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2177'.
[  538.908665][T14197] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2177'.
[  539.143253][ T5808] Bluetooth: hci4: command 0x0c1a tx timeout
[  539.635059][T14217] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2173'.
[  540.335652][  T760] team0 (unregistering): Port device team_slave_1 removed
[  540.362657][  T760] team0 (unregistering): Port device team_slave_0 removed
[  540.528877][T14161] 8021q: adding VLAN 0 to HW filter on device bond4
[  540.583244][T14205] bridge_slave_0: left allmulticast mode
[  540.599750][T14205] bridge_slave_0: left promiscuous mode
[  540.612681][T14205] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.639238][T14205] bridge_slave_1: left allmulticast mode
[  540.645080][T14205] bridge_slave_1: left promiscuous mode
[  540.651002][T14205] bridge0: port 2(bridge_slave_1) entered disabled state
[  540.666042][T14205] bond0: (slave bond_slave_0): Releasing backup interface
[  540.679328][T14205] bond0: (slave bond_slave_1): Releasing backup interface
[  540.697510][T14205] team0: Port device team_slave_0 removed
[  540.704898][T14205] team0: Port device team_slave_1 removed
[  540.711044][T14205] batman_adv: batadv0: Removing interface: batadv_slave_0
[  540.726089][T14205] batman_adv: batadv0: Removing interface: batadv_slave_1
[  540.736922][T14205] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  540.768896][T14211] team0: Mode changed to "loadbalance"
[  541.444637][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5820 ms
[  541.452674][    C1] lec:lec_tx_timeout: lec0
[  541.459617][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  541.537601][T14244] __vm_enough_memory: pid: 14244, comm: syz.6.2184, bytes: 11727735640064 not enough memory for the allocation
[  542.304079][ T5806] Bluetooth: hci4: unexpected Set CIG Parameters response data
[  542.313351][ T5806] Bluetooth: hci4: unexpected event for opcode 0x2062
[  543.207019][  T760] IPVS: stop unused estimator thread 0...
[  544.867361][T14281] binder: 14276:14281 ioctl 4018620d 0 returned -22
[  546.352970][ T5806] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  546.361969][ T5806] Bluetooth: hci4: Injecting HCI hardware error event
[  546.374506][ T5808] Bluetooth: hci4: hardware error 0x00
[  546.472147][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  546.480228][    C1] lec:lec_tx_timeout: lec0
[  546.486611][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  548.056452][T14328] syzkaller0: entered promiscuous mode
[  548.071395][T14328] syzkaller0: entered allmulticast mode
[  548.133495][ T7907] usb 9-1: new full-speed USB device number 17 using dummy_hcd
[  548.463501][ T7907] usb 9-1: config index 0 descriptor too short (expected 28277, got 36)
[  548.478270][ T7907] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  548.491353][ T5808] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  548.660312][ T7907] usb 9-1: config 0 has no interfaces?
[  548.697149][ T7907] usb 9-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  548.715773][ T7907] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.763670][T14345] trusted_key: encrypted_key: key user:syz not found
[  549.123639][   T29] audit: type=1400 audit(1771603871.764:686): avc:  denied  { create } for  pid=14342 comm="syz.4.2204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  549.184556][ T7907] usb 9-1: config 0 descriptor??
[  549.566658][T14351] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2206'.
[  550.995200][ T7922] usb 9-1: USB disconnect, device number 17
[  551.068115][T14373] tmpfs: Unknown parameter 'usrquota·'
[  551.499590][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  551.507678][    C1] lec:lec_tx_timeout: lec0
[  551.512296][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  551.738624][T14388] netlink: 'syz.8.2212': attribute type 9 has an invalid length.
[  551.746998][T14388] netlink: 'syz.8.2212': attribute type 7 has an invalid length.
[  551.754869][T14388] netlink: 'syz.8.2212': attribute type 8 has an invalid length.
[  555.732559][   T29] audit: type=1800 audit(1771603878.727:687): pid=14403 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.2215" name="bus" dev="ramfs" ino=49978 res=0 errno=0
[  555.916976][T14420] syzkaller0: entered promiscuous mode
[  555.926967][T14420] syzkaller0: entered allmulticast mode
[  556.355304][   T29] audit: type=1400 audit(1771603878.997:688): avc:  denied  { create } for  pid=14422 comm="syz.6.2222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  556.381878][T14424] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2221'.
[  556.527102][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  556.535199][    C1] lec:lec_tx_timeout: lec0
[  556.539941][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  557.552272][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  557.552402][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  559.511175][T14465] xt_hashlimit: size too large, truncated to 1048576
[  561.464691][ T7922] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  561.544714][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  561.552797][    C1] lec:lec_tx_timeout: lec0
[  561.564607][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  562.094530][ T7922] usb 5-1: Using ep0 maxpacket: 16
[  562.101739][ T7922] usb 5-1: no configurations
[  562.108729][ T7922] usb 5-1: can't read configurations, error -22
[  562.654738][T14497] netlink: 64 bytes leftover after parsing attributes in process `syz.8.2234'.
[  563.173877][ T7922] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  563.577731][   T29] audit: type=1400 audit(1771603886.421:689): avc:  denied  { setopt } for  pid=14502 comm="syz.8.2238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  563.598599][ T7922] usb 5-1: Using ep0 maxpacket: 16
[  563.633088][ T7922] usb 5-1: device descriptor read/all, error -71
[  563.648205][ T7922] usb usb5-port1: attempt power cycle
[  565.955872][T14532] netlink: 6032 bytes leftover after parsing attributes in process `syz.3.2243'.
[  566.572024][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  566.580119][    C1] lec:lec_tx_timeout: lec0
[  566.585713][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  566.738750][   T29] audit: type=1400 audit(1771603889.352:690): avc:  denied  { ioctl } for  pid=14540 comm="syz.6.2246" path="/dev/rtc0" dev="devtmpfs" ino=922 ioctlcmd=0x7003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  567.216053][ T7922] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  567.253061][ T7922] usb 5-1: Using ep0 maxpacket: 16
[  567.260187][ T7922] usb 5-1: config 0 has no interfaces?
[  567.297913][ T7922] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  567.326771][ T7922] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  567.492202][ T7922] usb 5-1: Manufacturer: syz
[  567.512337][ T7922] usb 5-1: config 0 descriptor??
[  568.706020][   T29] audit: type=1400 audit(1771603891.293:691): avc:  denied  { lock } for  pid=14577 comm="syz.6.2254" path="socket:[50316]" dev="sockfs" ino=50316 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  569.719079][ T7912] usb 5-1: USB disconnect, device number 14
[  569.819795][   T29] audit: type=1400 audit(1771603892.824:692): avc:  denied  { accept } for  pid=14599 comm="syz.8.2244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  571.196181][T14615] netlink: 'syz.8.2259': attribute type 1 has an invalid length.
[  571.589538][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  571.597660][    C1] lec:lec_tx_timeout: lec0
[  571.602242][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  571.922661][T14624] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  571.991434][T14624] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  572.017771][   T29] audit: type=1400 audit(1771603895.025:693): avc:  denied  { unmount } for  pid=10455 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  572.054212][T14630] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2262'.
[  573.296928][T14628] bond3: (slave bridge4): Enslaving as an active interface with a down link
[  573.468750][T14615] macvlan2: entered promiscuous mode
[  573.474085][T14615] macvlan2: entered allmulticast mode
[  573.523815][T14615] bond3: entered promiscuous mode
[  573.583242][T14615] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  573.702122][T14615] bond3: left promiscuous mode
[  574.119020][   T24] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  574.493873][   T24] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  574.521444][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  574.927339][   T24] usb 7-1: Product: syz
[  574.932215][   T24] usb 7-1: Manufacturer: syz
[  574.936861][   T24] usb 7-1: SerialNumber: syz
[  575.070767][   T24] usb 7-1: config 0 descriptor??
[  575.380599][   T24] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  575.466770][   T29] audit: type=1400 audit(1771603898.467:694): avc:  denied  { accept } for  pid=14675 comm="syz.3.2272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  576.607014][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  576.615123][    C1] lec:lec_tx_timeout: lec0
[  576.619785][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  577.096669][   T29] audit: type=1400 audit(1771603900.098:695): avc:  denied  { ioctl } for  pid=14699 comm="syz.3.2273" path="socket:[51312]" dev="sockfs" ino=51312 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  577.458549][   T24] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  577.764107][   T24] usb 7-1: USB disconnect, device number 7
[  578.090645][T14707] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2276'.
[  578.663181][   T29] audit: type=1400 audit(1771603901.639:696): avc:  denied  { mount } for  pid=14722 comm="syz.6.2280" name="/" dev="hugetlbfs" ino=51365 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  581.001037][   T29] audit: type=1400 audit(1771603903.389:697): avc:  denied  { write } for  pid=14738 comm="syz.4.2285" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  582.114362][   T29] audit: type=1400 audit(1771603904.620:698): avc:  denied  { write } for  pid=14737 comm="syz.6.2286" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  582.264841][   T29] audit: type=1400 audit(1771603905.270:699): avc:  denied  { append } for  pid=14747 comm="syz.8.2291" name="001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  582.944165][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 6330 ms
[  582.952226][    C1] lec:lec_tx_timeout: lec0
[  582.957143][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  583.448642][T14755] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2287'.
[  583.471684][T14755] bridge2: port 1(veth0_to_bond) entered blocking state
[  583.478807][T14755] bridge2: port 1(veth0_to_bond) entered disabled state
[  583.487475][T14755] veth0_to_bond: entered allmulticast mode
[  583.516694][T14755] veth0_to_bond: entered promiscuous mode
[  583.635132][T14758] bridge2: port 2(veth9) entered blocking state
[  583.651110][T14758] bridge2: port 2(veth9) entered disabled state
[  583.661456][T14758] veth9: entered allmulticast mode
[  583.678848][T14758] veth9: entered promiscuous mode
[  584.822245][T14763] ==================================================================
[  584.830358][T14763] BUG: KASAN: slab-use-after-free in __list_add_valid_or_report+0x105/0x130
[  584.839071][T14763] Read of size 8 at addr ffff88806686fb00 by task syz.2.2292/14763
[  584.846981][T14763] 
[  584.849307][T14763] CPU: 1 UID: 0 PID: 14763 Comm: syz.2.2292 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  584.849324][T14763] Tainted: [L]=SOFTLOCKUP
[  584.849328][T14763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  584.849335][T14763] Call Trace:
[  584.849342][T14763]  <TASK>
[  584.849347][T14763]  dump_stack_lvl+0x100/0x190
[  584.849373][T14763]  print_report+0x156/0x4c9
[  584.849393][T14763]  ? __virt_addr_valid+0x81/0x620
[  584.849413][T14763]  ? __phys_addr+0xe8/0x180
[  584.849431][T14763]  ? __list_add_valid_or_report+0x105/0x130
[  584.849446][T14763]  kasan_report+0xdf/0x1e0
[  584.849464][T14763]  ? __list_add_valid_or_report+0x105/0x130
[  584.849479][T14763]  __list_add_valid_or_report+0x105/0x130
[  584.849492][T14763]  clone_mnt+0x633/0x930
[  584.849508][T14763]  copy_tree+0xfc/0xbf0
[  584.849519][T14763]  ? __pfx_down_write+0x10/0x10
[  584.849534][T14763]  copy_mnt_ns+0x2bd/0xc30
[  584.849546][T14763]  ? create_new_namespaces+0x30/0xac0
[  584.849561][T14763]  ? rcu_is_watching+0x12/0xc0
[  584.849574][T14763]  create_new_namespaces+0xd3/0xac0
[  584.849588][T14763]  ? bpf_lsm_capable+0x9/0x10
[  584.849598][T14763]  ? security_capable+0x80/0x260
[  584.849615][T14763]  unshare_nsproxy_namespaces+0xc3/0x1f0
[  584.849630][T14763]  ksys_unshare+0x455/0xab0
[  584.849647][T14763]  ? __pfx_ksys_unshare+0x10/0x10
[  584.849665][T14763]  __x64_sys_unshare+0x31/0x40
[  584.849679][T14763]  do_syscall_64+0x106/0xf80
[  584.849691][T14763]  ? clear_bhb_loop+0x40/0x90
[  584.849704][T14763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.849722][T14763] RIP: 0033:0x7f7a2719c629
[  584.849733][T14763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  584.849745][T14763] RSP: 002b:00007f7a2811d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  584.849758][T14763] RAX: ffffffffffffffda RBX: 00007f7a27415fa0 RCX: 00007f7a2719c629
[  584.849765][T14763] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c020400
[  584.849772][T14763] RBP: 00007f7a27232b39 R08: 0000000000000000 R09: 0000000000000000
[  584.849778][T14763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  584.849784][T14763] R13: 00007f7a27416038 R14: 00007f7a27415fa0 R15: 00007fff92139658
[  584.849795][T14763]  </TASK>
[  584.849800][T14763] 
[  585.075956][T14763] Allocated by task 14230:
[  585.080351][T14763]  kasan_save_stack+0x30/0x50
[  585.085031][T14763]  kasan_save_track+0x14/0x30
[  585.089690][T14763]  __kasan_slab_alloc+0x89/0x90
[  585.094529][T14763]  kmem_cache_alloc_noprof+0x241/0x6e0
[  585.099969][T14763]  alloc_vfsmnt+0x23/0x6a0
[  585.104365][T14763]  clone_mnt+0x4b/0x930
[  585.108500][T14763]  vfs_open_tree+0xb02/0x1500
[  585.113155][T14763]  __x64_sys_open_tree+0xa3/0x150
[  585.118186][T14763]  do_syscall_64+0x106/0xf80
[  585.122759][T14763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.128646][T14763] 
[  585.130961][T14763] Freed by task 5809:
[  585.134919][T14763]  kasan_save_stack+0x30/0x50
[  585.139599][T14763]  kasan_save_track+0x14/0x30
[  585.144276][T14763]  kasan_save_free_info+0x3b/0x70
[  585.149279][T14763]  __kasan_slab_free+0x5f/0x80
[  585.154028][T14763]  kmem_cache_free+0x124/0x6a0
[  585.158771][T14763]  rcu_core+0x5a2/0x10d0
[  585.162992][T14763]  handle_softirqs+0x1eb/0x9e0
[  585.167742][T14763]  __irq_exit_rcu+0xef/0x150
[  585.172311][T14763]  irq_exit_rcu+0x9/0x30
[  585.176535][T14763]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  585.182157][T14763]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  585.188119][T14763] 
[  585.190421][T14763] Last potentially related work creation:
[  585.196108][T14763]  kasan_save_stack+0x30/0x50
[  585.200771][T14763]  kasan_record_aux_stack+0xa7/0xc0
[  585.205962][T14763]  __call_rcu_common.constprop.0+0xa5/0x9b0
[  585.211860][T14763]  task_work_run+0x150/0x240
[  585.216431][T14763]  exit_to_user_mode_loop+0x100/0x4a0
[  585.221791][T14763]  do_syscall_64+0x67c/0xf80
[  585.226358][T14763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.232231][T14763] 
[  585.234533][T14763] Second to last potentially related work creation:
[  585.241090][T14763]  kasan_save_stack+0x30/0x50
[  585.245755][T14763]  kasan_record_aux_stack+0xa7/0xc0
[  585.250930][T14763]  task_work_add+0x28b/0x3b0
[  585.255498][T14763]  mntput_no_expire_slowpath+0x3da/0xb00
[  585.261122][T14763]  mntput_no_expire+0x1fd/0x220
[  585.265958][T14763]  mntput+0x6b/0xa0
[  585.269750][T14763]  vfs_open_tree+0x1235/0x1500
[  585.274493][T14763]  __x64_sys_open_tree+0xa3/0x150
[  585.279496][T14763]  do_syscall_64+0x106/0xf80
[  585.284069][T14763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.289944][T14763] 
[  585.292245][T14763] The buggy address belongs to the object at ffff88806686fa40
[  585.292245][T14763]  which belongs to the cache mnt_cache of size 352
[  585.306104][T14763] The buggy address is located 192 bytes inside of
[  585.306104][T14763]  freed 352-byte region [ffff88806686fa40, ffff88806686fba0)
[  585.319882][T14763] 
[  585.322185][T14763] The buggy address belongs to the physical page:
[  585.328572][T14763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806686f6c0 pfn:0x6686e
[  585.338612][T14763] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  585.347087][T14763] memcg:ffff88803fefe401
[  585.351299][T14763] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  585.359776][T14763] page_type: f5(slab)
[  585.363740][T14763] raw: 00fff00000000240 ffff888140445140 ffff88801ce8adc8 ffffea0001730010
[  585.372301][T14763] raw: ffff88806686f6c0 000000080012000d 00000000f5000000 ffff88803fefe401
[  585.380861][T14763] head: 00fff00000000240 ffff888140445140 ffff88801ce8adc8 ffffea0001730010
[  585.389511][T14763] head: ffff88806686f6c0 000000080012000d 00000000f5000000 ffff88803fefe401
[  585.398162][T14763] head: 00fff00000000001 ffffea00019a1b81 00000000ffffffff 00000000ffffffff
[  585.406812][T14763] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  585.415458][T14763] page dumped because: kasan: bad access detected
[  585.421848][T14763] page_owner tracks the page as allocated
[  585.427536][T14763] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5810, tgid 5810 (syz-executor), ts 65684089675, free_ts 65564194923
[  585.448885][T14763]  post_alloc_hook+0x153/0x170
[  585.453652][T14763]  get_page_from_freelist+0x111d/0x3140
[  585.459181][T14763]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[  585.465062][T14763]  new_slab+0xa6/0x6d0
[  585.469112][T14763]  refill_objects+0x26b/0x400
[  585.473767][T14763]  __pcs_replace_empty_main+0x19f/0x600
[  585.479295][T14763]  kmem_cache_alloc_noprof+0x480/0x6e0
[  585.484736][T14763]  alloc_vfsmnt+0x23/0x6a0
[  585.489135][T14763]  clone_mnt+0x4b/0x930
[  585.493273][T14763]  copy_tree+0x329/0xbf0
[  585.497495][T14763]  __do_loopback+0x2fc/0x520
[  585.502061][T14763]  path_mount+0x1967/0x23d0
[  585.506545][T14763]  __x64_sys_mount+0x293/0x310
[  585.511296][T14763]  do_syscall_64+0x106/0xf80
[  585.515868][T14763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.521746][T14763] page last free pid 5815 tgid 5815 stack trace:
[  585.528048][T14763]  __free_frozen_pages+0x7e1/0x10d0
[  585.533225][T14763]  qlist_free_all+0x47/0xe0
[  585.537712][T14763]  kasan_quarantine_reduce+0x1a0/0x1f0
[  585.543154][T14763]  __kasan_slab_alloc+0x69/0x90
[  585.547988][T14763]  __kmalloc_noprof+0x2b9/0x850
[  585.552819][T14763]  genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290
[  585.559481][T14763]  genl_family_rcv_msg_doit+0xc7/0x300
[  585.564924][T14763]  genl_rcv_msg+0x560/0x800
[  585.569410][T14763]  netlink_rcv_skb+0x159/0x420
[  585.574154][T14763]  genl_rcv+0x28/0x40
[  585.578117][T14763]  netlink_unicast+0x5aa/0x870
[  585.582859][T14763]  netlink_sendmsg+0x8b0/0xda0
[  585.587602][T14763]  __sys_sendto+0x4aa/0x520
[  585.592090][T14763]  __x64_sys_sendto+0xe0/0x1c0
[  585.596836][T14763]  do_syscall_64+0x106/0xf80
[  585.601406][T14763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.607277][T14763] 
[  585.609579][T14763] Memory state around the buggy address:
[  585.615212][T14763]  ffff88806686fa00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  585.623252][T14763]  ffff88806686fa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  585.631293][T14763] >ffff88806686fb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  585.639325][T14763]                    ^
[  585.643368][T14763]  ffff88806686fb80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  585.651413][T14763]  ffff88806686fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  585.659454][T14763] ==================================================================
[  585.721736][T14763] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  585.728985][T14763] CPU: 0 UID: 0 PID: 14763 Comm: syz.2.2292 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  585.739921][T14763] Tainted: [L]=SOFTLOCKUP
[  585.744250][T14763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  585.754311][T14763] Call Trace:
[  585.757580][T14763]  <TASK>
[  585.760491][T14763]  dump_stack_lvl+0x100/0x190
[  585.765174][T14763]  vpanic+0x552/0x970
[  585.769127][T14763]  ? __pfx_vpanic+0x10/0x10
[  585.773601][T14763]  ? __list_add_valid_or_report+0x105/0x130
[  585.779464][T14763]  panic+0xd1/0xe0
[  585.783154][T14763]  ? __pfx_panic+0x10/0x10
[  585.787541][T14763]  ? __list_add_valid_or_report+0x105/0x130
[  585.793404][T14763]  ? preempt_schedule_common+0x42/0xc0
[  585.798845][T14763]  check_panic_on_warn.cold+0x19/0x34
[  585.804190][T14763]  end_report.part.0+0x3a/0x90
[  585.808941][T14763]  kasan_report.cold+0xe/0x18
[  585.813595][T14763]  ? __list_add_valid_or_report+0x105/0x130
[  585.819486][T14763]  __list_add_valid_or_report+0x105/0x130
[  585.825188][T14763]  clone_mnt+0x633/0x930
[  585.829406][T14763]  copy_tree+0xfc/0xbf0
[  585.833534][T14763]  ? __pfx_down_write+0x10/0x10
[  585.838358][T14763]  copy_mnt_ns+0x2bd/0xc30
[  585.842770][T14763]  ? create_new_namespaces+0x30/0xac0
[  585.848126][T14763]  ? rcu_is_watching+0x12/0xc0
[  585.852861][T14763]  create_new_namespaces+0xd3/0xac0
[  585.858033][T14763]  ? bpf_lsm_capable+0x9/0x10
[  585.862768][T14763]  ? security_capable+0x80/0x260
[  585.867684][T14763]  unshare_nsproxy_namespaces+0xc3/0x1f0
[  585.873289][T14763]  ksys_unshare+0x455/0xab0
[  585.877769][T14763]  ? __pfx_ksys_unshare+0x10/0x10
[  585.882774][T14763]  __x64_sys_unshare+0x31/0x40
[  585.887517][T14763]  do_syscall_64+0x106/0xf80
[  585.892081][T14763]  ? clear_bhb_loop+0x40/0x90
[  585.896732][T14763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.902599][T14763] RIP: 0033:0x7f7a2719c629
[  585.906987][T14763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  585.926563][T14763] RSP: 002b:00007f7a2811d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  585.934947][T14763] RAX: ffffffffffffffda RBX: 00007f7a27415fa0 RCX: 00007f7a2719c629
[  585.942912][T14763] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c020400
[  585.950855][T14763] RBP: 00007f7a27232b39 R08: 0000000000000000 R09: 0000000000000000
[  585.958799][T14763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  585.966743][T14763] R13: 00007f7a27416038 R14: 00007f7a27415fa0 R15: 00007fff92139658
[  585.974692][T14763]  </TASK>
[  585.977979][T14763] Kernel Offset: disabled
[  585.982291][T14763] Rebooting in 86400 seconds..