last executing test programs:

12.242466223s ago: executing program 1 (id=4081):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000a80)={'syz1\x00'}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501)
socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket(0xa, 0x5, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffe24, &(0x7f0000000000)='/proc/3\x00\xff\xff\xffat\x00AE\xf44.\xab%j'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$kcm(0xa, 0x922000000003, 0x11)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e00)={0x1b, 0x0, 0x0, 0x8000, 0x4, 0x1}, 0x48)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$packet(0x11, 0x4000000000002, 0x300)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
socket(0x23, 0x5, 0x0)
socket$inet(0x2, 0x80001, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x0, @empty}}}, &(0x7f00000001c0)=0x9c)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="4ba2000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r4, @ANYBLOB='\b\x00', @ANYRES8=r1], 0x44}}, 0x0)

12.234847401s ago: executing program 1 (id=4085):
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040), 0x24600, 0x0)
ioctl$CAPI_GET_SERIAL(r0, 0xc0044308, &(0x7f0000000080))
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f0000000040)=[{&(0x7f0000000180)="290000002000190f00003fffffffda060200000000e80001dd0000040d001800ea11c21d0005000000", 0x29}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
accept4(r3, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(r3, 0x40089416, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r5 = dup(0xffffffffffffffff)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x1)
write$sndseq(r6, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
r7 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x34})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, <r8=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r8})
fanotify_init(0x200, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

10.654426954s ago: executing program 3 (id=4092):
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000080), 0x10, &(0x7f0000000440)={&(0x7f0000000d00)=ANY=[@ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="00000040010000000000000000000000005b6048a2e4931133f6d9919fd48557d40798a2be4cc414e02216198977dc3d41ed0880c64c39e5f4059bae641ed151122d22a1adf42bb0920efdf4134e30fd30a89a841af23aaf5aa275bd5408d3ea5f843035456504be9dc4ed8a517a20d1580aa698c97ba67da8d95373e8250122f76f2d847bb2c569ca8d8b8e0ff87bf60db1ce4494929808a7f54911017028611718c4b4a16f2bc936a257406525f87ece05a1ed8020b5dd474ebff5b2710df4a53db2f5cad055601be130df"], 0x80}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x78, 0x78, 0x8, [@union={0x6, 0x6, 0x0, 0x5, 0x0, 0x0, [{0x7, 0x1, 0x5}, {0x4}, {0x2, 0x3, 0x5}, {0x0, 0x0, 0x80000000}, {0x5, 0x1}, {0xe, 0x6b1}]}, @fwd={0xc}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x5, [{0x0, 0x3, 0x6}]}]}, {0x0, [0x61, 0x61, 0x0, 0x1e, 0x2e, 0x61]}}, 0x0, 0x98, 0x0, 0x1, 0x2}, 0x20)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x5b, 0x8a}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001e40)={0x0, &(0x7f0000000440)=""/177, 0x0, &(0x7f0000000280), 0x7f, r0}, 0x38)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0x1e, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000300000000000000ffff0000b7080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000005484fc0c11000000850000000a00000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000", @ANYRES32=0x1, @ANYBLOB="00000000014d00009500000000000000"], &(0x7f0000000800)='syzkaller\x00', 0x9, 0xb2, &(0x7f0000000840)=""/178, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980)=[0x1, 0xffffffffffffffff, r0], &(0x7f00000009c0)=[{0x0, 0x3, 0x0, 0xb}, {0x2, 0x4, 0xe, 0x4}, {0x0, 0x3, 0x0, 0xd}, {0x4, 0x1, 0x5}], 0x10, 0xfffffffe}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(&(0x7f0000000040)=@cell={0x23, 'syz0:', 'syz0', '.backup'}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@dyn}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x1, 0x90, &(0x7f00000001c0)=""/144, 0x40f00, 0x10, '\x00', 0x0, 0x7, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000480)={0x4, 0xf, 0xffffffff, 0x4}, 0x10, 0x0, r1, 0x0, 0x0, &(0x7f0000000b00), 0x10, 0xff8}, 0x90)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, 0x0, 0x0)
setsockopt$sock_int(r3, 0x1, 0x9, &(0x7f0000000b00), 0x4)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309)
mlockall(0x2)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
recvmmsg(r7, &(0x7f00000015c0), 0x0, 0x0, 0x0)
socket(0x15, 0x0, 0x10)
sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="1800", @ANYRES16=r8, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000340)={r7, r2})
r9 = io_uring_setup(0x0, &(0x7f00000000c0))
io_uring_enter(r9, 0x0, 0x0, 0xf, &(0x7f0000000000), 0x18)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r10)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)

10.420557814s ago: executing program 1 (id=4094):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00'}, 0x90)
syz_emit_ethernet(0xe, &(0x7f0000000000)={@random="434a596143cc", @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, @address_request}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x1f4, 0xd50, 0x6558, &(0x7f0000000000)="ff", 0x0, 0x6, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x69)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=',arrier')
mount(&(0x7f0000000100)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='hfsplus\x00', 0x0, &(0x7f0000000340))

10.194717031s ago: executing program 2 (id=4096):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x12)
r0 = socket$rds(0x15, 0x5, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000000340)='./file1\x00', 0x0, 0x0)
linkat(r1, &(0x7f0000001180)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
creat(&(0x7f0000000000)='./file0\x00', 0x0)
unlinkat(r1, &(0x7f0000000200)='./file0\x00', 0x0)
unlink(&(0x7f0000000180)='./file1\x00')
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f0000000000)=0x1, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
dup(0xffffffffffffffff)
r2 = socket(0x25, 0x3, 0x0)
ioctl$SIOCX25GSUBSCRIP(r2, 0x89e0, &(0x7f0000000000)={'macvlan1\x00', 0x0, 0x5})

9.864139151s ago: executing program 1 (id=4098):
unshare(0x0)
unshare(0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xa}, 0x20)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'virt_wifi0\x00', 0x11})
r0 = socket$kcm(0x10, 0x2, 0x4)
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f0000000100)=r2, 0x4)
sendmsg$inet(r0, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb98}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000d00)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x458, 0x5014, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xb1}}}}}]}}]}}, &(0x7f00000010c0)={0x0, 0x0, 0x5, &(0x7f0000000140)={0x5, 0xf, 0x5}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/34, @ANYRES32=0x41424344], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_X86_SETUP_MCE(r6, 0x4008ae9c, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

9.634803994s ago: executing program 3 (id=4100):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x6, &(0x7f0000003480)=[{&(0x7f0000000040)="1800000072006bcd9e3fe3dc6e080000070900000d020000", 0x18}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58) (async)
r2 = syz_open_dev$cec(&(0x7f00000004c0), 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, 0x0}, 0x90) (async)
ioctl$CEC_DQEVENT(r2, 0x40046109, &(0x7f0000000240)) (async)
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = accept$alg(r1, 0x0, 0x0) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
sendmmsg$sock(r3, &(0x7f000000af80)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000002c0)="86", 0xff03}], 0x1}}], 0xfffffdef, 0x0)

9.455018283s ago: executing program 3 (id=4102):
r0 = openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000100)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, r0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10)
mkdir(0x0, 0x0)
unshare(0x22020000)
r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1}, 0x48)
r3 = fsmount(r0, 0x1, 0x85)
write$P9_RREADDIR(r3, &(0x7f0000000680)={0x49, 0x29, 0x1, {0x8, [{{0x8, 0x0, 0x4}, 0x7, 0x5, 0x7, './file0'}, {{0x10, 0x0, 0x8}, 0x5, 0xff, 0x7, './file0'}]}}, 0x49)
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="040e05003b20"], 0x8)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r2, 0x0, &(0x7f0000000a80)=@udp6=r4}, 0x20)
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r5, &(0x7f0000000280)={0xa, 0x0, 0x0, @empty}, 0x1c)
epoll_wait(r0, &(0x7f0000000140)=[{}, {}, {}, {}], 0x4, 0x4)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r2, &(0x7f0000000080), &(0x7f0000001840)=@udp6=r5}, 0x20)
ioperm(0x0, 0x3d, 0xd)
alarm(0x1)
alarm(0x0)
dup3(r2, r3, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')

8.418165192s ago: executing program 4 (id=4104):
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
syz_open_dev$dri(&(0x7f00000033c0), 0x0, 0x2380)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000340)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x1000})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9004}, 0x4)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10, &(0x7f0000000240)=0x3e, 0x4)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
r7 = syz_io_uring_setup(0x728d, &(0x7f00000035c0), &(0x7f0000000100)=<r8=>0x0, &(0x7f0000000180)=<r9=>0x0)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f0000000300)=@in={0x2, 0x0, @multicast1}})
io_uring_enter(r7, 0x291c, 0x0, 0x0, 0x0, 0x0)

7.035846775s ago: executing program 4 (id=4105):
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040), 0x24600, 0x0)
ioctl$CAPI_GET_SERIAL(r0, 0xc0044308, &(0x7f0000000080))
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f0000000040)=[{&(0x7f0000000180)="290000002000190f00003fffffffda060200000000e80001dd0000040d001800ea11c21d0005000000", 0x29}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
accept4(r4, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(r4, 0x40089416, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r6 = dup(0xffffffffffffffff)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x1)
write$sndseq(r7, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
r8 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x34})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, <r9=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r9})
r10 = fanotify_init(0x200, 0x0)
fanotify_mark(r10, 0x1, 0x4800003e, r2, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

6.318109208s ago: executing program 0 (id=4108):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x8, 0x3, 0x210, 0x0, 0x8, 0xfa04, 0xc0, 0x6c02, 0x178, 0x194, 0x194, 0x178, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'batadv_slave_1\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x98, 0xc0, 0x0, {0x0, 0x74020000}, [@common=@inet=@ecn={{0x28}, {0x10}}]}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'tunl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x270)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f910, 0x8000, '\x00', @ptr=0x20001100}})
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000000c0)="9c893f9de196128ada1780887af187ed", 0x10)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000100)="b9", 0x1, 0x4008084, 0x0, 0x0)
splice(r2, &(0x7f0000000040)=0x8000000000000000, r2, &(0x7f0000000080)=0x1, 0x100, 0x6)
r4 = add_key(&(0x7f0000000180)='rxrpc_s\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)="a67207983791ed3e0d7702cac787fa1827c204561f9325ac6c03a17655118b74ab1d2260845357444218bd3fe2765813af", 0x31, 0xfffffffffffffffc)
r5 = socket$caif_stream(0x25, 0x1, 0x2)
ioctl$sock_SIOCBRDELBR(r5, 0x89a1, &(0x7f0000000240)='wlan1\x00')
keyctl$revoke(0x3, r4)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x19)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

6.317374117s ago: executing program 2 (id=4109):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0xa0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x80000000, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0xd, [{@private=0xa010100}, {@private=0xa010101, 0x5}, {@remote}, {@broadcast, 0x80000002}, {@broadcast}, {@empty, 0xfffffb3f}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev, 0x20000}, {@remote, 0x800000}, {@multicast2}, {@private=0xa010101}, {@multicast2}, {@broadcast, 0x52b1}, {@empty}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x67, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@remote, @broadcast, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, &(0x7f0000000440)="0f300fc69f61b458a658a6c1d1667a66b8050000000f015e800f01c166b92c09000066b80980000066ba000000000f30f20f70ed3a640f01c3b802008ec8", 0x42}], 0xaaaaaaaaaaaaca1, 0x78, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r5, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x15}, 0x1c)
setsockopt$inet6_mreq(r5, 0x29, 0x4d, 0x0, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
mount(&(0x7f0000000480)=@nullb, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000580)='exfat\x00', 0x2020020, &(0x7f0000000540)='\x00')
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000080))
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000100), 0x2c000, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
socket$kcm(0xa, 0x0, 0x87)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f00000003c0))
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000005c0)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {}, 0x2c, {}, 0x2c, {[], [{@obj_type={'obj_type', 0x3d, ']['}}, {@subj_type={'subj_type', 0x3d, '(\x03'}}, {@pcr={'pcr', 0x3d, 0x30}}, {@fowner_gt}]}})
read$FUSE(r3, &(0x7f0000002400)={0x2020, 0x0, <r8=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
write$FUSE_INIT(r7, &(0x7f0000002300)={0x50, 0x0, r8, {0x7, 0x9}}, 0x50)
read$FUSE(r7, &(0x7f0000004580)={0x2020}, 0x2020)

5.977220487s ago: executing program 4 (id=4110):
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000080), 0x10, &(0x7f0000000440)={&(0x7f0000000d00)=ANY=[@ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="00000040010000000000000000000000005b6048a2e4931133f6d9919fd48557d40798a2be4cc414e02216198977dc3d41ed0880c64c39e5f4059bae641ed151122d22a1adf42bb0920efdf4134e30fd30a89a841af23aaf5aa275bd5408d3ea5f843035456504be9dc4ed8a517a20d1580aa698c97ba67da8d95373e8250122f76f2d847bb2c569ca8d8b8e0ff87bf60db1ce4494929808a7f54911017028611718c4b4a16f2bc936a257406525f87ece05a1ed8020b5dd474ebff5b2710df4a53db2f5cad055601be130df"], 0x80}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x78, 0x78, 0x8, [@union={0x6, 0x6, 0x0, 0x5, 0x0, 0x0, [{0x7, 0x1, 0x5}, {0x4}, {0x2, 0x3, 0x5}, {0x0, 0x0, 0x80000000}, {0x5, 0x1}, {0xe, 0x6b1}]}, @fwd={0xc}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x5, [{0x0, 0x3, 0x6}]}]}, {0x0, [0x61, 0x61, 0x0, 0x1e, 0x2e, 0x61]}}, 0x0, 0x98, 0x0, 0x1, 0x2}, 0x20)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x5b, 0x8a}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001e40)={0x0, &(0x7f0000000440)=""/177, 0x0, &(0x7f0000000280), 0x7f, r0}, 0x38)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0x1e, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000300000000000000ffff0000b7080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000005484fc0c11000000850000000a00000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000", @ANYRES32=0x1, @ANYBLOB="00000000014d00009500000000000000"], &(0x7f0000000800)='syzkaller\x00', 0x9, 0xb2, &(0x7f0000000840)=""/178, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980)=[0x1, 0xffffffffffffffff, r0], &(0x7f00000009c0)=[{0x0, 0x3, 0x0, 0xb}, {0x2, 0x4, 0xe, 0x4}, {0x0, 0x3, 0x0, 0xd}, {0x4, 0x1, 0x5}], 0x10, 0xfffffffe}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(&(0x7f0000000040)=@cell={0x23, 'syz0:', 'syz0', '.backup'}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@dyn}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x1, 0x90, &(0x7f00000001c0)=""/144, 0x40f00, 0x10, '\x00', 0x0, 0x7, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000480)={0x4, 0xf, 0xffffffff, 0x4}, 0x10, 0x0, r1, 0x0, 0x0, &(0x7f0000000b00), 0x10, 0xff8}, 0x90)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, 0x0, 0x0)
setsockopt$sock_int(r3, 0x1, 0x9, &(0x7f0000000b00), 0x4)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309)
mlockall(0x2)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
recvmmsg(r7, &(0x7f00000015c0), 0x0, 0x0, 0x0)
socket(0x15, 0x0, 0x10)
sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="1800", @ANYRES16=r8, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000340)={r7, r2})
r9 = io_uring_setup(0x0, &(0x7f00000000c0))
io_uring_enter(r9, 0x0, 0x0, 0xf, &(0x7f0000000000), 0x18)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r10)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)

5.936051651s ago: executing program 0 (id=4111):
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="ffffffffffffd59185671ca388a825008100000008004500002600002000002f"], 0x3c)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r3, 0x40045402, &(0x7f0000000140)=0x8)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000180)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f00000000c0)={0x0, 0x1ff, 0x0, 0x0, 0xf})
ioctl$SNDRV_TIMER_IOCTL_START(r3, 0x54a0)
r4 = epoll_create(0x10000047)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {0x5}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x43}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x54}}, 0x0)
io_setup(0x3, &(0x7f0000000040))
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000400)={{{@in6=@ipv4, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@multicast1}, 0x0, @in6=@private1}}, &(0x7f00000005c0)=0xe8)
sendmsg$nl_netfilter(r5, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000540)={&(0x7f0000000740)=ANY=[@ANYBLOB="100200000f05010226bd7000fedbdf2505000009daa933f9f391263a9301cdbb608a4f9726abefe09830d8e97a5ee14e8bb30a7dcb5552aa5ffc91e2ae06611717c0374d5fe620204db399e7473d5ddaef418aee30c85f097e84dab038fa4fd9cb69c3181255b946f255fe95490d59e0cee0b2ff44f240e119a557a21df96766c28e286f42c068c647193c6b13c1fb115acbd5f61177f5c107f0af1dbb4f24afba836aba67d05e909d666d0e1f254b3b6aa3ec51e06b77147b105887e4e906f5aed8f9a5748942ac5aa7c3bcf3126a7877a0f2d49dbc81b54a5d15ff13972151f4971515f5c9d5150bba77a139e1d28fe422f8cb6f1f8be4dd2f991fabc88affb3b6179425f499c58974013f62a3b7b078a57f41e90e699e124a87273b55cc05b658b2b74b300596f584c7222482a9f5abae579e8973eb070f195a7b00991f2b17fef4c0d5d40c6e6f14d8d523c626ae99d3ac3e7b22cd9a7a91ebcbf14caf407a50a058690c1ecbeb45d4e02e6ac09a729acfbb7d485a2f88ccc1e223d405ec9f9643afd02490f3ce253a45832eed782ad16e08a36fef99dcc7ed5dd57c079a1a92e74829251983ff8050d720eb9257134258b443f284eb6400c408448977532d3d33b30d5326ad6f9e95089837b6fb0204aa43c6e4d605667729d8d49d45bdbd1b60ee7e8b95f2d7b7232367d379f3aad2ffddc7613440baf4c61eb11b863189228402572108005200", @ANYRES32=r6, @ANYBLOB="0100"], 0x210}, 0x1, 0x0, 0x0, 0x400c080}, 0x2400c041)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r8=>0x0})
r9 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, &(0x7f00000002c0)=0x1c, 0x800)
bind$inet6(r9, &(0x7f0000000380)={0xa, 0x4e23, 0x3ff, @mcast2, 0xae82}, 0x1c)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="1a2f6eed45a08307b0f72b82ef3ec65bb272de363e2357e9d3", @ANYRES16=0x0, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r8, @ANYBLOB="08009e0000280000"], 0x24}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000340))
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f00000042c0)={0x5, 0x10000, 0xffffff79, 0x0, 0x2})
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
ioctl$FIONCLEX(r0, 0x5450)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x3ff}}, './file2\x00'})
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)

5.821612185s ago: executing program 3 (id=4112):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000959800001801000020a0702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b7030000000000008500000073000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = memfd_create(&(0x7f0000000300), 0x0)
fallocate(r0, 0x0, 0x0, 0xffff)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000180), 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ftruncate(r0, 0x4)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000280)=ANY=[@ANYBLOB="000a06000000b1bad858db018ffe0a000000000000000000100000000000000000000000000000000500000000000000000000000000000000010720000000000602000200000000080000000000000000000000f6"], 0x60)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0x0, 0x9, 0x1}, 0x48)
r1 = socket(0x1e, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000a40)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
connect$tipc(r1, &(0x7f0000000040)=@id, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000008007b8af8ff00000000bfa200000000000007020000f8ffffffb703000007ec0000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(rfc4543(gcm_base(ctr(aes-aesni),ghash-generic)))\x00'}, 0x58)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

5.439403798s ago: executing program 3 (id=4113):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
sysfs$1(0x1, &(0x7f0000000100)='/dev/hwrng\x00')
r2 = socket(0x25, 0x5, 0x0)
getsockopt$sock_buf(r2, 0x1, 0x3b, 0x0, &(0x7f0000000140))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000002060102000000000000000000000000050001000700000005000400bd7f22ae4984bdadbe54ba91ea9981000000000c00078008001200000000000900020073797a31000000000500050072052d0fd4f057374cd0083fcb"], 0x5c}}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r4, 0x29, 0x4, &(0x7f0000000040)=0x9, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0xe)
recvmmsg(r4, &(0x7f00000016c0)=[{{0x0, 0x23, 0x0, 0x5f, &(0x7f00000000c0)=""/23, 0x17}, 0x7}], 0x1, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f00000003c0)={0x0, 0x1c00000})
dup(0xffffffffffffffff)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r5, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r5, 0x5001, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045003, &(0x7f0000000300))
socket$packet(0x11, 0x0, 0x300)
ioctl$TIOCSLCKTRMIOS(r0, 0x5457, 0x0)

5.295204419s ago: executing program 4 (id=4114):
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0xfff, 0x0, 0x3a, 0x87a, 0x0, 0x40000000}, 0x1c)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x14, 0x4, 0x8, 0x5}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r1, &(0x7f0000000000), 0x0}, 0x20)
lseek(0xffffffffffffffff, 0x0, 0x0)
pipe2(&(0x7f0000000100), 0x80080)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000180)=[{0x6, 0xfc, 0x0, 0x5a65}]})
fremovexattr(0xffffffffffffffff, 0x0)
mlock2(&(0x7f0000006000/0x2000)=nil, 0x2000, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
landlock_create_ruleset(0xfffffffffffffffc, 0x6c, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x80, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x54, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0x1a66}, @TCA_TBF_PRATE64={0xc, 0x5, 0x4f922dbb32345c75}, @TCA_TBF_PBURST={0x8, 0x7, 0x1e58}, @TCA_TBF_PARMS={0x28, 0x1, {{0xfa, 0x0, 0x7, 0x0, 0x0, 0x7fffffff}, {0x4, 0x0, 0x9, 0xdf, 0x6, 0x5e98000}, 0x7, 0x80}}, @TCA_TBF_RATE64={0xc, 0x4, 0x875daa00b316f1f}]}}]}, 0x80}}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000200000000000000000a000000000000000001000005000000000000000001000000000000000000"], &(0x7f0000000f40)=""/4087, 0x3e, 0xff7, 0x2}, 0x20)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0c000310"], 0xf)
getdents(0xffffffffffffffff, 0x0, 0x0)
inotify_init()
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r5, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)

5.012577765s ago: executing program 2 (id=4115):
bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48)
syz_open_dev$dri(&(0x7f00000033c0), 0x0, 0x2380)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000340)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x1000})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9004}, 0x4)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10, &(0x7f0000000240)=0x3e, 0x4)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
r7 = syz_io_uring_setup(0x728d, &(0x7f00000035c0), &(0x7f0000000100)=<r8=>0x0, &(0x7f0000000180)=<r9=>0x0)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f0000000300)=@in={0x2, 0x0, @multicast1}})
io_uring_enter(r7, 0x291c, 0x0, 0x0, 0x0, 0x0)

4.957401151s ago: executing program 0 (id=4116):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000040)={'wlan1\x00', 0x100})
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000000)={'geneve1\x00', 0x7ffe})

1.56963617s ago: executing program 2 (id=4117):
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x10, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x0, 0x10)
chdir(0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='qnx4\x00', 0x0, 0x0)

1.490208701s ago: executing program 1 (id=4118):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)={0x28, 0x5, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
r5 = syz_open_dev$vbi(&(0x7f00000003c0), 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000400)={<r6=>0x0, <r7=>0x0})
ioctl$VIDIOC_QUERYBUF_DMABUF(r5, 0xc0585609, &(0x7f00000004c0)={0x0, 0xa, 0x4, 0x0, 0x8, {r6, r7/1000+60000}, {0x2, 0x2, 0xe, 0x7f, 0x7, 0xff, "0b98d4b0"}, 0x1, 0x4, {}, 0x3})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
readv(r3, &(0x7f0000000480)=[{&(0x7f0000000180)=""/19, 0x13}], 0x2)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='pstore\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000300)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file1'}, 0x3a}], [], 0x2f})

1.454134874s ago: executing program 4 (id=4119):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18ddffffffffffffff0000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0xb}, {0x65, 0x0, 0x6}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x2, 0xa, 0x9}, {0x7, 0x0, 0x3, 0x9}, {}, {}, {0x15}}], {{0x5, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, &(0x7f0000000240))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r6, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
sendto$netrom(r6, 0x0, 0x2, 0x0, &(0x7f0000000000)={{0x6, @rose}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48)
ioctl$CAPI_CLR_FLAGS(0xffffffffffffffff, 0x80044325, &(0x7f00000000c0)=0x1)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020006000000020073797a310000000008000000000000000900010008797a30000000000800034000000001140000001100010000000000000000000000000a"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x68, &(0x7f0000000000)={&(0x7f0000001940)=ANY=[@ANYBLOB="140000001000010000000000e80000000000000a50000000120a09110000000000000000020000000900020073797a3100000000080004400000000f0900010073797a30000000000800034000000001"], 0x64}}, 0x0)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000040)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @loopback}}}, 0x48)

1.452788812s ago: executing program 3 (id=4120):
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040), 0x24600, 0x0)
ioctl$CAPI_GET_SERIAL(r0, 0xc0044308, &(0x7f0000000080))
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f0000000040)=[{&(0x7f0000000180)="290000002000190f00003fffffffda060200000000e80001dd0000040d001800ea11c21d0005000000", 0x29}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
accept4(r4, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(r4, 0x40089416, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r6 = dup(0xffffffffffffffff)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x1)
write$sndseq(r7, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
r8 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x34})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, <r9=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r9})
r10 = fanotify_init(0x200, 0x0)
fanotify_mark(r10, 0x1, 0x4800003e, r2, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

1.358276449s ago: executing program 0 (id=4121):
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x10, 0xffffffffffffffff, 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='qnx4\x00', 0x0, 0x0)

1.294803048s ago: executing program 2 (id=4122):
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x10, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x0, 0x10)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='qnx4\x00', 0x0, 0x0)

1.115091262s ago: executing program 0 (id=4123):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="10000000ff3300001036b30ca559b3074540689a904bd1c591887ef20000"], 0x10}, 0x0)

204.69962ms ago: executing program 2 (id=4124):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000db03000000000000009500000000000000"], 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_io_uring_setup(0xec5, &(0x7f00000008c0), &(0x7f0000000080)=<r2=>0x0, &(0x7f00000002c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r1, 0x0, 0x10a5, 0x3, &(0x7f0000000040)={[0x1]}, 0x8)
io_uring_enter(r1, 0x47fa, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r1, 0xde5, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
capset(0x0, &(0x7f0000000040))
clock_adjtime(0x0, &(0x7f0000000680)={0x19b1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x10000, 0xe5, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4b})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000005fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000005a80)={0x288, 0x0, 0x0, [{{}, {0x0, 0x0, 0x3, 0x0, ':#\x8e'}}, {{}, {0x0, 0x0, 0x4, 0x0, 'GPL\x00'}}, {}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00, 0x0, 0x10000}}, {0x0, 0x0, 0x5, 0x0, '::-\'&'}}]}, 0x0, 0x0})
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r4, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200]}, 0x45c)
io_setup(0x6, &(0x7f00000005c0)=<r5=>0x0)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r6, &(0x7f0000000000), 0x8)
listen(r6, 0x0)
io_submit(r5, 0x1, &(0x7f0000000640)=[&(0x7f0000000600)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}])
readv(r4, &(0x7f0000000080)=[{&(0x7f0000000580)=""/104, 0x68}], 0x1)
socket$nl_generic(0x10, 0x3, 0x10)

105.999752ms ago: executing program 0 (id=4125):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x8031, 0xffffffffffffffff, 0x0)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000080)=""/152)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='blkio.bfq.sectors\x00', 0x275a, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r3 = openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ipvlan0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="540000001000090400"/20, @ANYRES32=r6, @ANYBLOB="001c00000000000034001280110001006272696467655f736c617665000000001c00058005000900000000000500200000000000050008002923d7bb96a49fb063ca528e3024c9d5500fff5a277109fb404029d0796882b6d5877f247b6fa468aa36e5ca488fb91f9c27c7d527f997917cf5f464d0d1f88166d08ae1e32b1b13e245b4415b4b59ed04fc5700362ee028eb4aca8dbddde174b418e61c1abfb06eb986d4"], 0x54}}, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
mount$fuseblk(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000400), 0x40, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB="2c726f6f746d6f64653d303030303030303030303030ec0e36dce0a42a30303030303130303000000c05", @ANYRES8=r4, @ANYBLOB=',group_id=', @ANYRESHEX=r3, @ANYRESHEX=r4])
r8 = socket$inet6(0xa, 0x1, 0xf)
bind$inet6(r8, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r9, 0x1, 0x2, &(0x7f0000000240)=0x9, 0x4)
setsockopt$sock_int(r8, 0x1, 0x2, &(0x7f00000002c0)=0xffff, 0x4)
bind$inet6(r0, &(0x7f00000003c0)={0xa, 0xe22, 0x4, @dev={0xfe, 0x80, '\x00', 0x2c}}, 0xd)
r10 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r10, &(0x7f0000000180)=[{&(0x7f0000000700)="580000001500add427323b472545b45602117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_DISASSOCIATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="1162f8831f05000000000000000000000000000000002800000008000300", @ANYRES32=r12, @ANYBLOB="0c00990003000000310000000a00060050505050505000000600360000000000"], 0x3c}}, 0x0)
sendmsg$NL80211_CMD_GET_POWER_SAVE(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r11, @ANYBLOB="00002cbd7000fbdbdf253e0000000c009900030000fd2a0000005586078dbff2441d31fd85c196049cc0c34ae53d6c9de850cdb59504f340773b0f67fef990e8f19c848f6fd57e9662efd09b5ec858ef5cd25eb9b14d2133905275763a71356e35c46ab5fd2f05297be83e"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x20040880)
write$UHID_CREATE2(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="3426bd18beb7619ac6589d86da68efc69500430e6cd578dd0abb5efaae67f3dcd5a2eb6ff91a9b3c63483059d9c085af022b3baae1673ea3ffb541453440b11cedb8020b560096ec30aeba17113a0fca681f596eb44bb8a38c9f8ff6b99d2bf25914d33daa07e96c7c2620ccab6171408b179cd0a93224879222b8d1f051dbd289c59d2349efcafb2156396b24"], 0x1f7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0xffffd000)
setitimer(0x0, &(0x7f0000000000), 0x0)

62.725338ms ago: executing program 4 (id=4126):
r0 = getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 32)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0) (async, rerun: 32)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, 0x0, 0x15)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000dc0)='svcrdma_sq_post_err\x00', r6}, 0x10) (async)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f00000006c0)=@nat={'nat\x00', 0x2, 0x5, 0x690, 0xf0, 0x298, 0xffffffff, 0xf0, 0x0, 0x5c0, 0x5c0, 0xffffffff, 0x5c0, 0x5c0, 0x5, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], 'dvmrp0\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv4=@loopback, @ipv4=@multicast1, @gre_key, @gre_key}}}, {{@ipv6={@dev, @loopback, [], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0x160, 0x1a8, 0x0, {}, [@common=@unspec=@conntrack1={{0xb8}, {{@ipv4=@remote, [], @ipv4=@multicast2, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x19, @ipv6=@mcast2, @ipv6=@loopback, @icmp_id, @gre_key}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @gre_key, @gre_key}}}, {{@uncond, 0x0, 0x210, 0x238, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @empty}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @empty, @private1, @private0, @dev, @local, @mcast1, @ipv4={'\x00', '\xff\xff', @multicast2}, @mcast2, @private1, @private1, @local, @dev]}}, @common=@srh={{0x30}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6f0) (async, rerun: 64)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) (rerun: 64)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000e00)=ANY=[@ANYRES64=r2], 0xb0) (async)
mount$9p_fd(0x20000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0) (async)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r8, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
ioctl$BTRFS_IOC_BALANCE_V2(r3, 0xc4009420, &(0x7f00000002c0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402, @struct, 0x4, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffff]}, {0x10000, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, @usage=0x10001, 0x0, 0x0, [0x0, 0x0, 0xc4]}, {0x0, @struct={0x4, 0x40}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @usage, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1]}})
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000280), 0xfea7) (async, rerun: 32)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, 0x0, &(0x7f00000001c0)) (async, rerun: 32)
prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x0) (async)
accept4$x25(0xffffffffffffffff, 0x0, 0x0, 0x80800) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
socket$inet_dccp(0x2, 0x6, 0x0) (async, rerun: 32)
r9 = getpid()
process_vm_readv(r9, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async, rerun: 64)
move_pages(r9, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0) (rerun: 64)

0s ago: executing program 1 (id=4127):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000019640)=@newtaction={0x18, 0x30, 0x20, 0x1, 0x0, {}, [{0x4}]}, 0x18}}, 0x4000000)
mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3, 0x0, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0x18ffc}, {0x0}], 0x2, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x3, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, r1}, 0x90)
syz_emit_vhci(0x0, 0xd)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
syz_emit_vhci(&(0x7f0000000300)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x6e}, "be9e68e6a43db4df3048e5bcb825b1de53572638c7b360fa7592b411722aa1463bd45ac702ddaaf7af3d77d84c800e28e1e9bc52c40b30955187fe87a600b5ac2f13691c5a249932f5c23a1aea341915ff2be85635646f4769c1b10c5acdc666beaf415d627a99af44aa45b1f3d0"}, 0x72)
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
read$FUSE(r2, &(0x7f0000003680)={0x2020}, 0x2020)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
creat(&(0x7f0000000040)='./file0/file1\x00', 0x0)
unlink(&(0x7f0000000440)='./file0/file1/file0\x00')
socket(0x1, 0x802, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000300))
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000000)=""/5, 0x5}], 0x1, 0x2f, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)

kernel console output (not intermixed with test programs):

:1.1: probe with driver cdc_mbim failed with error -71
[  609.092140][ T5146] usbtest 3-1:1.1: probe with driver usbtest failed with error -71
[  609.110431][ T5146] usb 3-1: USB disconnect, device number 15
[  609.271439][   T29] audit: type=1400 audit(1719975434.605:670): avc:  denied  { mount } for  pid=14199 comm="syz.1.3037" name="/" dev="rpc_pipefs" ino=49104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  609.308307][   T29] audit: type=1400 audit(1719975434.635:671): avc:  denied  { watch } for  pid=14199 comm="syz.1.3037" path="/185/file0" dev="rpc_pipefs" ino=49104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=dir permissive=1
[  609.336402][   T29] audit: type=1400 audit(1719975434.665:672): avc:  denied  { unmount } for  pid=14199 comm="syz.1.3037" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  609.919461][ T5094] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  610.116178][ T5094] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  610.137284][ T5094] usb 3-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  610.165686][ T5094] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  610.189242][ T5094] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  610.208608][ T5094] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.351490][ T5094] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -2
[  610.496329][T14033] udevd[14033]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  610.555819][ T5146] usb 3-1: USB disconnect, device number 16
[  611.036620][   T29] audit: type=1400 audit(1719975436.355:673): avc:  denied  { getopt } for  pid=14233 comm="syz.3.3050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  611.657480][T14258] Can't find a SQUASHFS superblock on nullb0
[  612.149953][ T5164] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  612.359442][ T5164] usb 4-1: Using ep0 maxpacket: 8
[  612.380272][ T5164] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  612.391388][ T5164] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  612.412527][ T5164] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  612.437739][ T5164] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  612.466463][ T5164] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  612.516209][ T5164] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  612.544445][ T5164] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.806879][ T5164] usb 4-1: GET_CAPABILITIES returned 0
[  612.820545][ T5164] usbtmc 4-1:16.0: can't read capabilities
[  613.024880][ T5164] usb 4-1: USB disconnect, device number 11
[  613.119288][ T5170] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  613.319408][ T5170] usb 1-1: Using ep0 maxpacket: 16
[  613.333333][ T5170] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  613.369691][ T5170] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  613.389332][ T5170] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  613.407840][ T5170] usb 1-1: SerialNumber: syz
[  613.438599][ T5170] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  613.459272][ T5170] cdc_acm 1-1:1.0: This needs exactly 3 endpoints
[  613.461600][T14285] trusted_key: encrypted_key: keyword 'neÂ]5wÁ°ã"+Ã_ w' not recognized
[  613.465747][ T5170] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -22
[  613.608536][T14289] Can't find a SQUASHFS superblock on nullb0
[  615.160291][T14315] tipc: Started in network mode
[  615.165570][T14315] tipc: Node identity 2007ff, cluster identity 4711
[  615.173078][T14315] tipc: Node number set to 2099199
[  615.275840][   T29] audit: type=1400 audit(1719975440.605:674): avc:  denied  { name_bind } for  pid=14319 comm="syz.3.3085" path="socket:[49390]" dev="sockfs" ino=49390 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  615.830387][ T5170] usb 1-1: USB disconnect, device number 21
[  616.980798][T14354] tmpfs: Bad value for 'mpol'
[  617.592083][T14326] syz.1.3087 (14326): drop_caches: 2
[  617.759555][   T29] audit: type=1326 audit(1719975443.095:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14380 comm="syz.2.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c29375b99 code=0x7ffc0000
[  617.864568][   T29] audit: type=1326 audit(1719975443.125:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14380 comm="syz.2.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c29375b99 code=0x7ffc0000
[  617.979403][   T29] audit: type=1326 audit(1719975443.125:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14380 comm="syz.2.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f6c29375b99 code=0x7ffc0000
[  617.989542][T14388] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3113'.
[  618.078922][   T29] audit: type=1326 audit(1719975443.125:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14380 comm="syz.2.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c29375b99 code=0x7ffc0000
[  618.119655][T14396] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3113'.
[  619.680469][ T5095] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  619.696579][ T5095] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  619.706216][ T5095] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  619.729702][ T5095] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  619.746148][ T5095] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  619.753942][ T5095] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  619.778868][ T5085] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  619.789178][ T5085] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  619.796716][ T5085] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  619.806349][ T5085] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  619.824426][ T5085] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  619.843777][ T5085] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  619.973159][ T4215] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.162359][ T4215] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.343992][ T4215] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.506307][   T29] audit: type=1400 audit(1719975445.835:679): avc:  denied  { setattr } for  pid=14445 comm="syz.4.3136" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1
[  620.656468][ T4215] team0: Port device netdevsim0 removed
[  620.685113][ T4215] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.685519][T14415] syz.2.3122 (14415): drop_caches: 2
[  621.321736][ T5087] IPVS: starting estimator thread 0...
[  621.449580][T14469] IPVS: using max 16 ests per chain, 38400 per kthread
[  621.682480][ T4215] bridge_slave_1: left allmulticast mode
[  621.709363][ T4215] bridge_slave_1: left promiscuous mode
[  621.722997][ T4215] bridge0: port 2(bridge_slave_1) entered disabled state
[  621.743775][ T4215] bridge_slave_0: left allmulticast mode
[  621.753852][ T4215] bridge_slave_0: left promiscuous mode
[  621.778200][ T4215] bridge0: port 1(bridge_slave_0) entered disabled state
[  621.868448][ T4215] batman_adv: batadv0: Interface deactivated: bridge0
[  621.900829][ T5095] Bluetooth: hci3: command tx timeout
[  622.893292][T14498] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3154'.
[  623.740246][ T4215] batman_adv: batadv0: Removing interface: bridge0
[  623.987430][ T5095] Bluetooth: hci3: command tx timeout
[  624.495548][ T4215] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  624.548194][ T4215] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  624.584270][ T4215] bond0 (unregistering): Released all slaves
[  624.601957][   T29] audit: type=1326 audit(1719975449.935:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14513 comm="syz.3.3160" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87db775b99 code=0x0
[  624.634306][T14431] chnl_net:caif_netlink_parms(): no params data found
[  624.648179][T14493] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3154'.
[  624.873924][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  624.881060][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  625.163679][T14528] x_tables: eb_tables: quota.0 match: invalid size 24 (kernel) != (user) 0
[  625.381993][T14431] bridge0: port 1(bridge_slave_0) entered blocking state
[  625.416223][T14431] bridge0: port 1(bridge_slave_0) entered disabled state
[  625.452958][T14431] bridge_slave_0: entered allmulticast mode
[  625.488069][T14431] bridge_slave_0: entered promiscuous mode
[  625.620180][ T4215] hsr_slave_0: left promiscuous mode
[  625.659064][ T4215] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  625.705439][ T4215] batman_adv: batadv0: Removing interface: batadv_slave_0
[  626.557746][ T5095] Bluetooth: hci3: command tx timeout
[  626.564702][ T4215] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  626.603907][ T4215] batman_adv: batadv0: Removing interface: batadv_slave_1
[  626.765225][ T4215] veth1_macvtap: left promiscuous mode
[  626.799338][ T4215] veth0_macvtap: left promiscuous mode
[  626.821602][ T4215] veth1_vlan: left promiscuous mode
[  626.839356][ T4215] veth0_vlan: left promiscuous mode
[  628.620097][ T5095] Bluetooth: hci3: command tx timeout
[  628.902051][ T4215] team0 (unregistering): Port device team_slave_1 removed
[  628.958998][ T4215] team0 (unregistering): Port device team_slave_0 removed
[  629.479442][T14431] bridge0: port 2(bridge_slave_1) entered blocking state
[  629.486783][T14431] bridge0: port 2(bridge_slave_1) entered disabled state
[  629.509443][T14431] bridge_slave_1: entered allmulticast mode
[  629.517050][T14431] bridge_slave_1: entered promiscuous mode
[  629.610591][T14586] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3181'.
[  630.142076][T14431] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  630.285006][T14431] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  630.579686][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  630.735995][T14431] team0: Port device team_slave_0 added
[  630.804246][T14431] team0: Port device team_slave_1 added
[  631.015546][T14431] batman_adv: batadv0: Adding interface: batadv_slave_0
[  631.035710][T14431] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  631.139419][T14431] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  631.239564][T14431] batman_adv: batadv0: Adding interface: batadv_slave_1
[  631.257654][T14431] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  631.351724][T14431] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  631.373089][T14616] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  631.381226][T14616] IPv6: NLM_F_CREATE should be set when creating new route
[  631.466873][ T4215] IPVS: stop unused estimator thread 0...
[  631.618079][T14622] netlink: 320 bytes leftover after parsing attributes in process `syz.1.3188'.
[  631.727853][T14431] hsr_slave_0: entered promiscuous mode
[  631.731331][T14431] hsr_slave_1: entered promiscuous mode
[  631.734276][T14431] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  631.734346][T14431] Cannot create hsr debugfs directory
[  631.806565][T14622] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  632.019006][   T29] audit: type=1400 audit(1719975457.345:681): avc:  denied  { map } for  pid=14627 comm="syz.2.3190" path="socket:[49960]" dev="sockfs" ino=49960 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  633.531039][ T5085] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  633.545313][ T5085] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  633.553771][ T5085] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  633.562231][ T5085] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  634.255468][ T5085] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  634.264924][ T5085] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  634.655163][ T4215] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.864448][ T4215] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  635.068237][ T4215] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  635.235228][ T4215] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  635.446364][T14431] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  635.524831][T14431] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  635.539897][T14431] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  635.669739][T14431] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  635.781684][ T4215] bridge_slave_1: left allmulticast mode
[  635.787381][ T4215] bridge_slave_1: left promiscuous mode
[  635.799996][ T4215] bridge0: port 2(bridge_slave_1) entered disabled state
[  635.820576][ T4215] bridge_slave_0: left allmulticast mode
[  635.826264][ T4215] bridge_slave_0: left promiscuous mode
[  635.841684][ T4215] bridge0: port 1(bridge_slave_0) entered disabled state
[  636.382658][ T5095] Bluetooth: hci2: command tx timeout
[  636.415979][ T4215] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  636.428530][ T4215] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  636.441154][ T4215] bond0 (unregistering): (slave team1): Releasing backup interface
[  636.455290][ T4215] bond0 (unregistering): Released all slaves
[  636.474935][ T4215] bond1 (unregistering): Released all slaves
[  636.495636][ T4215] bond2 (unregistering): Released all slaves
[  636.628496][T14651] chnl_net:caif_netlink_parms(): no params data found
[  636.863929][T14651] bridge0: port 1(bridge_slave_0) entered blocking state
[  636.871289][T14651] bridge0: port 1(bridge_slave_0) entered disabled state
[  636.878569][T14651] bridge_slave_0: entered allmulticast mode
[  636.888656][T14651] bridge_slave_0: entered promiscuous mode
[  636.901849][T14651] bridge0: port 2(bridge_slave_1) entered blocking state
[  636.909020][T14651] bridge0: port 2(bridge_slave_1) entered disabled state
[  636.919372][T14651] bridge_slave_1: entered allmulticast mode
[  636.927207][T14651] bridge_slave_1: entered promiscuous mode
[  637.006033][T14651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  637.074788][ T4215] hsr_slave_0: left promiscuous mode
[  637.091519][ T4215] hsr_slave_1: left promiscuous mode
[  637.097894][ T4215] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  637.105762][ T4215] batman_adv: batadv0: Removing interface: batadv_slave_0
[  637.127027][ T4215] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  637.147609][ T4215] batman_adv: batadv0: Removing interface: batadv_slave_1
[  637.201969][ T4215] veth1_macvtap: left promiscuous mode
[  637.207576][ T4215] veth0_macvtap: left promiscuous mode
[  637.225977][ T4215] veth1_vlan: left promiscuous mode
[  637.231700][ T4215] veth0_vlan: left promiscuous mode
[  638.459286][ T5095] Bluetooth: hci2: command tx timeout
[  638.720487][ T4215] team0 (unregistering): Port device team_slave_1 removed
[  639.405644][T14651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  639.525179][T14651] team0: Port device team_slave_0 added
[  639.541226][T14651] team0: Port device team_slave_1 added
[  639.614709][T14651] batman_adv: batadv0: Adding interface: batadv_slave_0
[  639.621857][T14651] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  639.647971][T14651] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  639.671023][T14431] 8021q: adding VLAN 0 to HW filter on device bond0
[  639.679107][T14651] batman_adv: batadv0: Adding interface: batadv_slave_1
[  639.689207][T14651] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  639.718713][T14651] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  639.825981][T14651] hsr_slave_0: entered promiscuous mode
[  639.840664][T14651] hsr_slave_1: entered promiscuous mode
[  639.849513][T14651] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  639.857092][T14651] Cannot create hsr debugfs directory
[  639.951357][T14431] 8021q: adding VLAN 0 to HW filter on device team0
[  640.040083][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  640.047332][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  640.088025][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[  640.095275][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[  640.201050][ T4215] IPVS: stop unused estimator thread 0...
[  640.539916][ T5095] Bluetooth: hci2: command tx timeout
[  640.828936][T14431] 8021q: adding VLAN 0 to HW filter on device batadv0
[  640.967201][   T29] audit: type=1326 audit(1719975466.295:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14750 comm="syz.1.3198" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x0
[  641.025994][T14431] veth0_vlan: entered promiscuous mode
[  641.092705][T14431] veth1_vlan: entered promiscuous mode
[  641.283483][T14431] veth0_macvtap: entered promiscuous mode
[  641.336294][T14431] veth1_macvtap: entered promiscuous mode
[  641.444343][T14651] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  641.516566][T14651] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  641.559654][T14651] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  641.630129][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.659209][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.669096][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.711187][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.739364][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.759206][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.769042][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.792484][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.805021][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.835929][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.862614][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.879206][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.897160][T14431] batman_adv: batadv0: Interface activated: batadv_slave_0
[  641.921064][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  641.979415][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  642.001311][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  642.034491][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  642.054668][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  642.088629][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  642.120520][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  642.169539][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  642.203307][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  642.235696][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  642.270652][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  642.297431][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  642.314260][T14431] batman_adv: batadv0: Interface activated: batadv_slave_1
[  642.323932][T14651] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  642.368641][T14773] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3203'.
[  642.619685][T14431] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  642.640522][ T5095] Bluetooth: hci2: command tx timeout
[  642.749947][T14431] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  642.882067][T14431] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  642.931398][T14431] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  643.436617][T14795] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3211'.
[  643.460085][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  643.491157][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  643.659704][T14795] team0: entered promiscuous mode
[  643.664792][T14795] team_slave_0: entered promiscuous mode
[  643.683007][T14795] team_slave_1: entered promiscuous mode
[  643.712190][ T4215] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  643.724641][T14800] team_slave_0: entered allmulticast mode
[  643.740349][ T4215] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  643.798096][T14800] team0: Port device team_slave_0 removed
[  643.843849][T14651] 8021q: adding VLAN 0 to HW filter on device bond0
[  643.917953][T14794] team0: left promiscuous mode
[  643.941642][T14794] team_slave_1: left promiscuous mode
[  643.980361][T14651] 8021q: adding VLAN 0 to HW filter on device team0
[  644.034682][ T5087] bridge0: port 1(bridge_slave_0) entered blocking state
[  644.041852][ T5087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  644.151563][ T5087] bridge0: port 2(bridge_slave_1) entered blocking state
[  644.158725][ T5087] bridge0: port 2(bridge_slave_1) entered forwarding state
[  645.700333][T14826] netlink: 'syz.0.3220': attribute type 4 has an invalid length.
[  645.823644][T14651] 8021q: adding VLAN 0 to HW filter on device batadv0
[  648.349699][T14847] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  648.349825][T14847] IPv6: NLM_F_CREATE should be set when creating new route
[  648.648077][T14651] veth0_vlan: entered promiscuous mode
[  648.690452][T14651] veth1_vlan: entered promiscuous mode
[  648.801134][T14651] veth0_macvtap: entered promiscuous mode
[  648.967164][T14651] veth1_macvtap: entered promiscuous mode
[  648.998907][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  649.082205][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  649.092346][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  649.103378][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  649.113516][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  649.125304][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  649.135747][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  649.776715][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  649.814022][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  649.852964][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  649.920373][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  649.947007][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  649.976231][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  649.987437][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  650.022414][T14651] batman_adv: batadv0: Interface activated: batadv_slave_0
[  650.105142][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  650.129306][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  650.149194][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  650.169188][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  650.179023][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  650.209004][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  650.229198][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  650.249200][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  650.259032][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  650.282501][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  650.299346][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  650.321715][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  650.343648][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  650.354387][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  650.366699][T14651] batman_adv: batadv0: Interface activated: batadv_slave_1
[  650.396011][T14651] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  650.417546][T14651] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  650.426483][T14651] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  650.449200][T14651] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  650.623206][ T1037] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  650.642864][ T1037] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  650.752167][ T1062] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  650.779867][ T1062] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  651.061277][T14878] UBIFS error (pid: 14878): cannot open "./file0", error -22
[  651.079231][   T29] audit: type=1400 audit(1719975476.385:683): avc:  denied  { mounton } for  pid=14876 comm="syz.1.3235" path="/228/file0" dev="tmpfs" ino=1211 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  651.113381][T14880] netlink: 'syz.3.3234': attribute type 2 has an invalid length.
[  651.349360][T14892] netlink: 'syz.3.3241': attribute type 21 has an invalid length.
[  653.971160][ T5085] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  653.988037][ T5085] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  654.004212][ T5085] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  654.014583][ T5085] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  654.033343][ T5085] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  654.043597][ T5085] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  654.339900][   T29] audit: type=1400 audit(1719975479.665:684): avc:  denied  { setattr } for  pid=14948 comm="syz.3.3264" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  654.427380][   T29] audit: type=1400 audit(1719975479.705:685): avc:  denied  { write } for  pid=14948 comm="syz.3.3264" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  654.521924][   T29] audit: type=1400 audit(1719975479.705:686): avc:  denied  { open } for  pid=14948 comm="syz.3.3264" path="/221/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  654.789810][T14963] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3270'.
[  655.139475][T14976] syz.4.3274 (14976): /proc/14975/oom_adj is deprecated, please use /proc/14975/oom_score_adj instead.
[  655.205140][T14941] chnl_net:caif_netlink_parms(): no params data found
[  655.521569][ T5138] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  655.529330][ T5094] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  655.758755][ T5094] usb 2-1: config 36 has too many interfaces: 248, using maximum allowed: 32
[  655.808773][ T5094] usb 2-1: config 36 has 1 interface, different from the descriptor's value: 248
[  655.836968][ T5138] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  655.859560][ T5094] usb 2-1: config 36 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  655.877927][ T5138] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.901650][T14941] bridge0: port 1(bridge_slave_0) entered blocking state
[  655.910727][ T5094] usb 2-1: config 36 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0
[  655.930916][ T5138] usb 1-1: Product: syz
[  655.935120][ T5138] usb 1-1: Manufacturer: syz
[  655.961588][T14941] bridge0: port 1(bridge_slave_0) entered disabled state
[  655.964918][T14994] ALSA: mixer_oss: invalid OSS volume ''
[  655.968868][T14941] bridge_slave_0: entered allmulticast mode
[  655.982009][ T5138] usb 1-1: SerialNumber: syz
[  656.013707][ T5138] usb 1-1: config 0 descriptor??
[  656.029499][ T5094] usb 2-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  656.038532][ T5094] usb 2-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  656.081664][ T5094] usb 2-1: Manufacturer: syz
[  656.092309][T14941] bridge_slave_0: entered promiscuous mode
[  656.109295][ T5094] usb 2-1: SerialNumber: syz
[  656.117683][T14941] bridge0: port 2(bridge_slave_1) entered blocking state
[  656.143282][ T5085] Bluetooth: hci7: command tx timeout
[  656.159398][T14941] bridge0: port 2(bridge_slave_1) entered disabled state
[  656.166786][T14941] bridge_slave_1: entered allmulticast mode
[  656.270979][T14941] bridge_slave_1: entered promiscuous mode
[  656.344819][   T29] audit: type=1400 audit(1719975481.675:687): avc:  denied  { setattr } for  pid=14999 comm="syz.3.3281" name="UDPLITEv6" dev="sockfs" ino=53534 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  656.481190][ T5094] yealink 2-1:36.0: invalid payload size 0, expected 16
[  656.554957][ T5094] input: Yealink usb-p1k as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:36.0/input/input26
[  656.652732][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  656.659950][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  656.666874][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  656.673791][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  656.680709][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  656.687620][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  656.694534][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  656.701463][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  656.708227][    C1] yealink 2-1:36.0: urb_ctl_callback - usb_submit_urb failed -90
[  656.744998][ T5094] usb 2-1: USB disconnect, device number 19
[  656.958246][T14941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  657.002166][T14941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  657.045271][   T25] usb 1-1: USB disconnect, device number 22
[  657.544176][ T1044] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  658.344427][ T5085] Bluetooth: hci7: command tx timeout
[  658.400199][T14941] team0: Port device team_slave_0 added
[  658.449967][T14941] team0: Port device team_slave_1 added
[  658.673307][ T1044] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  658.821334][T14941] batman_adv: batadv0: Adding interface: batadv_slave_0
[  658.839246][T14941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.907651][T14941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  658.976149][ T1044] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  659.010518][T14941] batman_adv: batadv0: Adding interface: batadv_slave_1
[  659.026355][T14941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  659.070608][T14941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  659.161914][ T1044] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  659.459912][T14941] hsr_slave_0: entered promiscuous mode
[  659.563902][T14941] hsr_slave_1: entered promiscuous mode
[  659.691688][T14941] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  659.708806][T14941] Cannot create hsr debugfs directory
[  660.421406][ T5085] Bluetooth: hci7: command tx timeout
[  660.449640][   T29] audit: type=1400 audit(1719975485.785:688): avc:  denied  { write } for  pid=15041 comm="syz.1.3295" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  660.622996][T15054] befs: (nullb0): No write support. Marking filesystem read-only
[  660.645277][T15054] befs: (nullb0): invalid magic header
[  660.831758][   T29] audit: type=1400 audit(1719975486.165:689): avc:  denied  { read } for  pid=15057 comm="syz.1.3300" name="usbmon0" dev="devtmpfs" ino=704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  660.934644][   T29] audit: type=1400 audit(1719975486.165:690): avc:  denied  { open } for  pid=15057 comm="syz.1.3300" path="/dev/usbmon0" dev="devtmpfs" ino=704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  661.059813][   T29] audit: type=1400 audit(1719975486.225:691): avc:  denied  { ioctl } for  pid=15057 comm="syz.1.3300" path="/dev/usbmon0" dev="devtmpfs" ino=704 ioctlcmd=0x9201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  661.275391][ T1044] bridge_slave_1: left allmulticast mode
[  661.309078][ T1044] bridge_slave_1: left promiscuous mode
[  661.337802][ T1044] bridge0: port 2(bridge_slave_1) entered disabled state
[  661.431206][ T1044] bridge_slave_0: left allmulticast mode
[  661.458033][ T1044] bridge_slave_0: left promiscuous mode
[  661.564511][ T1044] bridge0: port 1(bridge_slave_0) entered disabled state
[  661.759355][    T8] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  661.977417][    T8] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  661.999095][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.019278][    T8] usb 1-1: Product: syz
[  662.042161][    T8] usb 1-1: Manufacturer: syz
[  662.055036][    T8] usb 1-1: SerialNumber: syz
[  662.127276][    T8] usb 1-1: config 0 descriptor??
[  662.459459][ T5085] Bluetooth: hci7: command tx timeout
[  662.983117][T15107] binder: 15104:15107 ioctl 8912 20000540 returned -22
[  662.992467][T15107] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3315'.
[  663.038053][ T5146] usb 1-1: USB disconnect, device number 23
[  663.247029][ T1044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  663.267316][ T1044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  663.286015][ T1044] bond0 (unregistering): (slave team1): Releasing backup interface
[  663.302929][ T1044] bond0 (unregistering): Released all slaves
[  663.326132][ T1044] bond1 (unregistering): Released all slaves
[  663.353576][T15099] netlink: 2016 bytes leftover after parsing attributes in process `syz.1.3312'.
[  663.386660][T15099] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3312'.
[  663.530009][ T1044] IPVS: stopping master sync thread 12893 ...
[  664.276059][ T1044] hsr_slave_0: left promiscuous mode
[  664.357448][ T1044] hsr_slave_1: left promiscuous mode
[  664.401282][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  664.526440][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_0
[  664.610696][   T35] Bluetooth: hci6: Frame reassembly failed (-84)
[  666.022005][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  666.055860][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_1
[  666.198483][ T1044] veth1_macvtap: left promiscuous mode
[  666.233122][ T1044] veth0_macvtap: left promiscuous mode
[  666.252036][ T1044] veth1_vlan: left promiscuous mode
[  666.265424][ T1044] veth0_vlan: left promiscuous mode
[  666.546910][ T5085] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  667.619577][ T5097] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  667.798464][ T1044] team0 (unregistering): Port device team_slave_1 removed
[  667.855099][ T1044] team0 (unregistering): Port device team_slave_0 removed
[  667.855239][ T5097] usb 4-1: config 0 has an invalid interface number: 32 but max is 0
[  667.870907][ T5097] usb 4-1: config 0 has no interface number 0
[  667.877043][ T5097] usb 4-1: too many endpoints for config 0 interface 32 altsetting 32: 32, using maximum allowed: 30
[  667.893493][ T5097] usb 4-1: config 0 interface 32 altsetting 32 has 0 endpoint descriptors, different from the interface descriptor's value: 32
[  667.906999][ T5097] usb 4-1: config 0 interface 32 has no altsetting 0
[  667.918180][ T5097] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  667.927450][ T5097] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.935619][ T5097] usb 4-1: Product: syz
[  667.940011][ T5097] usb 4-1: Manufacturer: syz
[  667.944645][ T5097] usb 4-1: SerialNumber: syz
[  667.967814][ T5097] usb 4-1: config 0 descriptor??
[  668.831117][ T5097] usb 4-1: USB disconnect, device number 12
[  669.164588][T15177] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3337'.
[  669.241452][T14740] udevd[14740]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.32/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  669.664839][T14941] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  670.531989][   T29] audit: type=1400 audit(1719975495.265:692): avc:  denied  { module_load } for  pid=15188 comm="syz.1.3341" path="/sys/kernel/fscaps" dev="sysfs" ino=1361 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[  670.684604][T14941] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  670.978746][T14941] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  671.034675][T14941] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  671.500325][T14941] 8021q: adding VLAN 0 to HW filter on device bond0
[  671.507156][T15222] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=15222 comm=syz.3.3349
[  671.595791][T14941] 8021q: adding VLAN 0 to HW filter on device team0
[  671.633185][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state
[  671.640451][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state
[  672.017323][ T5170] bridge0: port 2(bridge_slave_1) entered blocking state
[  672.024608][ T5170] bridge0: port 2(bridge_slave_1) entered forwarding state
[  672.190597][T15231] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3351'.
[  672.200264][T15231] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3351'.
[  673.208180][   T29] audit: type=1326 audit(1719975498.535:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15239 comm="syz.3.3355" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87db775b99 code=0x0
[  673.738018][T15249] netlink: 'syz.4.3354': attribute type 4 has an invalid length.
[  674.553539][T14941] 8021q: adding VLAN 0 to HW filter on device batadv0
[  674.746462][T14941] veth0_vlan: entered promiscuous mode
[  674.771840][T14941] veth1_vlan: entered promiscuous mode
[  674.883530][T14941] veth0_macvtap: entered promiscuous mode
[  674.905589][T14941] veth1_macvtap: entered promiscuous mode
[  674.991232][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  675.097915][   T29] audit: type=1326 audit(1719975500.425:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15273 comm="syz.3.3367" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87db775b99 code=0x0
[  675.142945][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  675.181323][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  675.232280][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  675.262536][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  675.316245][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  675.332295][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  675.369827][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  675.521716][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  675.734499][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  676.095647][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  676.146598][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  676.197124][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  676.214885][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  676.246458][T14941] batman_adv: batadv0: Interface activated: batadv_slave_0
[  676.295708][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  676.338584][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  676.370447][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  676.383519][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  676.394645][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  676.419336][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  676.449516][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  676.476049][T15286] evm: overlay not supported
[  676.476468][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  676.507790][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  676.532946][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  676.554983][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  676.588687][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  676.616489][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  676.643678][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  676.661520][T14941] batman_adv: batadv0: Interface activated: batadv_slave_1
[  676.740657][T14941] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  676.773211][T14941] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  676.808648][T14941] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  676.838258][T14941] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  677.885673][ T1044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  677.914807][ T1044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  678.631370][ T1053] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  678.710269][ T1053] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  681.405760][T15376] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3399'.
[  682.155399][T15393] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3405'.
[  682.164778][T15393] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3405'.
[  684.212508][   T29] audit: type=1400 audit(1719975509.535:695): avc:  denied  { module_load } for  pid=15416 comm="syz.3.3413" path="/260/bus" dev="tmpfs" ino=1406 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  684.213139][T15417] Invalid ELF header magic: != ELF
[  684.645272][ T1044] Bluetooth: hci6: Frame reassembly failed (-84)
[  684.676744][T15427] Bluetooth: hci6: Frame reassembly failed (-84)
[  686.306291][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  686.314285][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  686.319299][    T8] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  686.519338][    T8] usb 3-1: Using ep0 maxpacket: 8
[  686.527661][    T8] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  686.541633][    T8] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  686.551990][    T8] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  686.561932][    T8] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  686.578479][    T8] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  686.594158][    T8] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  686.605964][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  686.699488][ T5095] Bluetooth: hci6: command 0x1003 tx timeout
[  686.707135][ T5085] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  686.780058][ T1148] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  686.815289][   T29] audit: type=1400 audit(1719975512.145:696): avc:  denied  { create } for  pid=15502 comm="syz.0.3449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  686.821544][T15503] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3449'.
[  686.890358][   T29] audit: type=1400 audit(1719975512.145:697): avc:  denied  { write } for  pid=15502 comm="syz.0.3449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  686.910934][    T8] usb 3-1: usb_control_msg returned -32
[  686.916565][    T8] usbtmc 3-1:16.0: can't read capabilities
[  686.940433][   T29] audit: type=1400 audit(1719975512.145:698): avc:  denied  { nlmsg_write } for  pid=15502 comm="syz.0.3449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  686.991527][ T1148] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11
[  687.003717][ T1148] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  687.017463][   T29] audit: type=1400 audit(1719975512.185:699): avc:  denied  { execmem } for  pid=15504 comm="syz.1.3450" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  687.029183][ T1148] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  687.078181][ T1148] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  687.118233][ T1148] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.142091][ T1148] usb 4-1: config 0 descriptor??
[  687.148085][T15495] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  687.297407][T15513] usbtmc 3-1:16.0: usb_bulk_msg returned -71
[  687.523326][   T25] usb 3-1: USB disconnect, device number 17
[  687.581695][ T1148] plantronics 0003:047F:FFFF.000E: unknown main item tag 0xd
[  687.612327][ T1148] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving
[  687.639999][ T1148] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  687.847703][   T25] usb 4-1: USB disconnect, device number 13
[  688.860978][ T5085] Bluetooth: hci7: Controller not accepting commands anymore: ncmd = 0
[  688.873053][ T5085] Bluetooth: hci7: Injecting HCI hardware error event
[  688.883772][ T5095] Bluetooth: hci7: hardware error 0x00
[  689.799706][T15569] input: syz1 as /devices/virtual/input/input28
[  689.990206][   T25] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  690.241558][   T25] usb 1-1: config 36 has too many interfaces: 248, using maximum allowed: 32
[  690.329314][   T25] usb 1-1: config 36 has 1 interface, different from the descriptor's value: 248
[  690.368078][   T25] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  690.459086][   T25] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0
[  690.659036][   T25] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  690.748091][   T25] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  690.939403][ T5095] Bluetooth: hci7: Opcode 0x0c03 failed: -110
[  690.960658][   T25] usb 1-1: Manufacturer: syz
[  690.965307][   T25] usb 1-1: SerialNumber: syz
[  691.283906][   T25] yealink 1-1:36.0: invalid payload size 0, expected 16
[  691.306067][   T25] input: Yealink usb-p1k as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:36.0/input/input29
[  691.334530][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  691.341559][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  691.348548][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  691.355523][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  691.362494][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  691.369474][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  691.376457][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  691.383403][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  691.390155][    C1] yealink 1-1:36.0: urb_ctl_callback - usb_submit_urb failed -90
[  691.433866][   T25] usb 1-1: USB disconnect, device number 24
[  691.819574][ T5095] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  691.830214][ T5095] Bluetooth: hci3: Injecting HCI hardware error event
[  691.839961][ T5095] Bluetooth: hci3: hardware error 0x00
[  692.584949][T15636] overlayfs: failed to resolve './file1': -2
[  692.918453][T15632] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3504'.
[  693.713544][   T29] audit: type=1400 audit(1719975519.045:700): avc:  denied  { ioctl } for  pid=15660 comm="syz.3.3517" path="socket:[56223]" dev="sockfs" ino=56223 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  693.723035][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  693.796073][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  693.818317][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  693.854057][T15668] ieee802154 phy0 wpan0: encryption failed: -22
[  693.861471][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  693.912030][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  693.958434][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  693.974734][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  693.988329][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  693.989269][ T5095] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  694.010969][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  694.021494][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  694.038053][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  694.048677][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  694.059042][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  694.069623][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  694.079817][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  694.090374][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  694.365042][   T29] audit: type=1326 audit(1719975519.685:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15678 comm="syz.1.3524" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x0
[  695.601732][T15708] Mount JFS Failure: -22
[  696.099938][   T25] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  696.302734][   T25] usb 1-1: config 36 has too many interfaces: 248, using maximum allowed: 32
[  696.379905][   T25] usb 1-1: config 36 has 1 interface, different from the descriptor's value: 248
[  696.426324][   T25] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  696.471814][   T25] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0
[  696.504012][   T25] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  696.518923][   T25] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  696.527389][   T25] usb 1-1: Manufacturer: syz
[  696.533228][   T25] usb 1-1: SerialNumber: syz
[  696.831394][   T25] yealink 1-1:36.0: invalid payload size 0, expected 16
[  696.863617][   T25] input: Yealink usb-p1k as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:36.0/input/input30
[  696.891919][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  696.898940][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  696.905930][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  696.912971][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  696.919952][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  696.926881][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  696.933850][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  696.940765][    C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  696.947513][    C1] yealink 1-1:36.0: urb_ctl_callback - usb_submit_urb failed -90
[  697.005635][   T25] usb 1-1: USB disconnect, device number 25
[  698.519351][T15757] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  698.759499][   T25] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  698.959300][   T25] usb 2-1: Using ep0 maxpacket: 32
[  698.989274][   T25] usb 2-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config
[  699.013661][   T25] usb 2-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0
[  699.059248][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.095999][   T25] usb 2-1: config 0 descriptor??
[  699.122706][   T25] usb 2-1: bad CDC descriptors
[  699.434336][ T5094] usb 2-1: USB disconnect, device number 20
[  700.980522][   T29] audit: type=1400 audit(1719975526.305:702): avc:  denied  { relabelfrom } for  pid=15832 comm="syz.1.3587" name="NETLINK" dev="sockfs" ino=57724 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  701.039364][ T5095] block nbd2: Receive control failed (result -32)
[  701.051737][T15831] block nbd2: shutting down sockets
[  701.094040][   T29] audit: type=1400 audit(1719975526.315:703): avc:  denied  { relabelto } for  pid=15832 comm="syz.1.3587" name="NETLINK" dev="sockfs" ino=57724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1
[  701.499537][ T5165] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  701.711881][ T5165] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  701.733201][ T5165] usb 2-1: New USB device found, idVendor=0403, idProduct=fc0d, bcdDevice=eb.04
[  701.759314][ T5165] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.809406][ T5165] usb 2-1: config 0 descriptor??
[  701.818174][ T5165] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  701.850078][ T5165] ftdi_sio ttyUSB0: unknown device type: 0xeb04
[  702.028537][ T5165] usb 2-1: USB disconnect, device number 21
[  702.060929][ T5165] ftdi_sio 2-1:0.0: device disconnected
[  702.587691][T15883] netlink: 14601 bytes leftover after parsing attributes in process `syz.0.3608'.
[  702.639400][ T5165] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  702.855833][ T5165] usb 4-1: Using ep0 maxpacket: 32
[  702.876941][ T5165] usb 4-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config
[  702.907929][ T5165] usb 4-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0
[  702.942194][ T5165] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  702.955132][   T29] audit: type=1400 audit(1719975528.275:704): avc:  denied  { setattr } for  pid=15892 comm="syz.0.3613" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  703.012442][ T5165] usb 4-1: config 0 descriptor??
[  703.027325][ T5165] usb 4-1: bad CDC descriptors
[  703.131631][T15902] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  703.194848][T15905] Cannot find add_set index 0 as target
[  703.349052][ T5165] usb 4-1: USB disconnect, device number 14
[  704.146727][T15934] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  704.353017][   T29] audit: type=1400 audit(1719975529.685:705): avc:  denied  { getopt } for  pid=15938 comm="syz.0.3631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  704.481082][   T29] audit: type=1400 audit(1719975529.815:706): avc:  denied  { read } for  pid=15942 comm="syz.0.3633" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  704.527917][   T29] audit: type=1400 audit(1719975529.815:707): avc:  denied  { open } for  pid=15942 comm="syz.0.3633" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  704.896747][   T29] audit: type=1400 audit(1719975530.225:708): avc:  denied  { getattr } for  pid=15949 comm="syz.3.3635" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  706.434644][T16004] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  706.550623][T16008] fuse: Bad value for 'fd'
[  706.859560][T16019] netlink: 'syz.4.3661': attribute type 11 has an invalid length.
[  707.268286][   T29] audit: type=1326 audit(1719975532.585:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16027 comm="syz.4.3663" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce74575b99 code=0x0
[  709.229261][ T5097] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  709.309742][T16089] netlink: 'syz.2.3686': attribute type 11 has an invalid length.
[  709.446881][ T5097] usb 4-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=26.ea
[  709.473704][ T5097] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  709.538296][ T5097] usb 4-1: config 0 descriptor??
[  709.563783][ T5097] usb 4-1: Invalid firmware size=18.
[  709.748827][T16097] netlink: 'syz.0.3690': attribute type 3 has an invalid length.
[  709.777465][T16097] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3690'.
[  709.798306][ T5097] usb 4-1: USB disconnect, device number 15
[  709.808960][T16097] netlink: 'syz.0.3690': attribute type 4 has an invalid length.
[  709.886679][T16097] netlink: 'syz.0.3690': attribute type 4 has an invalid length.
[  711.753165][T16149] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3709'.
[  711.762438][T16149] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3709'.
[  712.010518][T16157] netlink: 'syz.4.3714': attribute type 3 has an invalid length.
[  712.032182][ T5097] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  712.040790][T16157] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3714'.
[  712.077180][T16157] netlink: 'syz.4.3714': attribute type 4 has an invalid length.
[  712.090774][T16157] netlink: 'syz.4.3714': attribute type 4 has an invalid length.
[  712.245089][ T5097] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  712.284790][ T5097] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  712.328350][   T29] audit: type=1400 audit(1719975537.655:710): avc:  denied  { bind } for  pid=16168 comm="syz.0.3717" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  712.360995][ T5097] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  712.397429][ T5097] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  712.423978][ T5097] usb 4-1: Manufacturer: syz
[  712.447701][ T5097] usb 4-1: config 0 descriptor??
[  712.479459][ T5097] igorplugusb 4-1:0.0: incorrect number of endpoints
[  712.495877][T16172] fuse: Bad value for 'fd'
[  712.681963][T16146] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  712.709102][T16146] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  712.769755][T16146] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  712.795738][T16146] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  712.861271][ T5138] usb 4-1: USB disconnect, device number 16
[  716.022322][ T1062] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  716.255854][ T1062] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  716.629223][ T1062] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  716.887443][ T1062] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  716.926254][ T5085] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  716.940112][ T5085] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  716.949915][ T5085] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  716.959433][ T5085] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  716.967470][ T5085] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  716.975259][ T5085] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  717.488094][ T1062] bridge_slave_1: left allmulticast mode
[  717.509271][ T1062] bridge_slave_1: left promiscuous mode
[  717.515165][ T1062] bridge0: port 2(bridge_slave_1) entered disabled state
[  717.603417][ T1062] bridge_slave_0: left allmulticast mode
[  717.620194][ T1062] bridge_slave_0: left promiscuous mode
[  717.630821][ T1062] bridge0: port 1(bridge_slave_0) entered disabled state
[  719.019814][ T5085] Bluetooth: hci3: command tx timeout
[  719.458203][ T1062] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  719.475261][ T1062] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  719.486816][ T1062] bond0 (unregistering): Released all slaves
[  719.502262][T16293] chnl_net:caif_netlink_parms(): no params data found
[  719.639231][   T29] audit: type=1400 audit(1719975544.965:711): avc:  denied  { getopt } for  pid=16342 comm="syz.1.3781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  720.522390][    T8] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  720.765251][    T8] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  720.940445][    T8] usb 3-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  721.002266][    T8] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  721.086075][    T8] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  721.099375][ T5085] Bluetooth: hci3: command tx timeout
[  721.159436][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  721.370931][    T8] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -2
[  721.473609][T15006] udevd[15006]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  721.510763][ T1062] hsr_slave_0: left promiscuous mode
[  721.517096][ T1062] hsr_slave_1: left promiscuous mode
[  721.541427][ T1062] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  721.548883][ T1062] batman_adv: batadv0: Removing interface: batadv_slave_0
[  721.597501][ T5165] usb 3-1: USB disconnect, device number 18
[  721.621506][ T1062] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  721.628963][ T1062] batman_adv: batadv0: Removing interface: batadv_slave_1
[  721.720518][ T1062] veth1_macvtap: left promiscuous mode
[  721.726117][ T1062] veth0_macvtap: left promiscuous mode
[  721.745989][ T1062] veth1_vlan: left promiscuous mode
[  721.760219][ T1062] veth0_vlan: left promiscuous mode
[  722.576265][   T29] audit: type=1326 audit(1719975547.905:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291af75b99 code=0x7ffc0000
[  722.650846][   T29] audit: type=1326 audit(1719975547.935:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291af75b99 code=0x7ffc0000
[  722.749320][   T29] audit: type=1326 audit(1719975547.935:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f291af75b99 code=0x7ffc0000
[  722.829318][   T29] audit: type=1326 audit(1719975547.935:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291af75b99 code=0x7ffc0000
[  722.895050][   T29] audit: type=1326 audit(1719975547.935:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291af75b99 code=0x7ffc0000
[  722.959345][   T29] audit: type=1326 audit(1719975547.945:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f291af75b99 code=0x7ffc0000
[  722.993126][   T29] audit: type=1326 audit(1719975547.945:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291af75b99 code=0x7ffc0000
[  723.027422][   T29] audit: type=1326 audit(1719975547.945:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f291af75b99 code=0x7ffc0000
[  723.069318][   T29] audit: type=1326 audit(1719975547.945:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291af75b99 code=0x7ffc0000
[  723.189304][ T5085] Bluetooth: hci3: command tx timeout
[  723.368422][T16409] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3796'.
[  723.416095][ T1062] team0 (unregistering): Port device team_slave_1 removed
[  723.499913][T16413] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3796'.
[  723.559125][T16413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3796'.
[  723.571221][ T1062] team0 (unregistering): Port device team_slave_0 removed
[  724.225526][T16293] bridge0: port 1(bridge_slave_0) entered blocking state
[  724.233132][T16293] bridge0: port 1(bridge_slave_0) entered disabled state
[  724.240742][T16293] bridge_slave_0: entered allmulticast mode
[  724.248871][T16293] bridge_slave_0: entered promiscuous mode
[  724.286220][T16387] netlink: 2088 bytes leftover after parsing attributes in process `syz.4.3790'.
[  724.413985][T16293] bridge0: port 2(bridge_slave_1) entered blocking state
[  724.429439][T16293] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.449468][T16293] bridge_slave_1: entered allmulticast mode
[  724.467322][T16293] bridge_slave_1: entered promiscuous mode
[  724.649295][   T29] kauditd_printk_skb: 8 callbacks suppressed
[  724.649314][   T29] audit: type=1400 audit(1719975549.965:729): avc:  denied  { getopt } for  pid=16430 comm="syz.3.3801" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  724.761197][T16293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  724.793314][   T29] audit: type=1326 audit(1719975550.125:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16437 comm="syz.3.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87db775b99 code=0x7ffc0000
[  724.834593][T16432] bond0: entered promiscuous mode
[  724.859314][T16432] bond_slave_0: entered promiscuous mode
[  724.870502][   T29] audit: type=1326 audit(1719975550.125:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16437 comm="syz.3.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87db775b99 code=0x7ffc0000
[  724.906554][T16432] bond_slave_1: entered promiscuous mode
[  724.918652][   T29] audit: type=1326 audit(1719975550.135:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16437 comm="syz.3.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f87db775b99 code=0x7ffc0000
[  724.985769][T16293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  725.007551][   T29] audit: type=1326 audit(1719975550.135:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16437 comm="syz.3.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87db775b99 code=0x7ffc0000
[  725.252271][T16293] team0: Port device team_slave_0 added
[  725.270801][ T5085] Bluetooth: hci3: command tx timeout
[  725.314702][T16293] team0: Port device team_slave_1 added
[  726.043577][T16293] batman_adv: batadv0: Adding interface: batadv_slave_0
[  726.096938][T16293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  726.203931][T16293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  726.260094][T16293] batman_adv: batadv0: Adding interface: batadv_slave_1
[  726.287410][T16293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  726.339047][T16293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  726.447446][T16472] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3813'.
[  726.679379][T16479] input: syz1 as /devices/virtual/input/input31
[  726.713935][T16293] hsr_slave_0: entered promiscuous mode
[  726.754547][T16293] hsr_slave_1: entered promiscuous mode
[  726.767938][T16293] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  726.780704][T16293] Cannot create hsr debugfs directory
[  726.828350][T16480] bond0: entered promiscuous mode
[  726.851585][T16480] bond_slave_0: entered promiscuous mode
[  726.892585][T16480] bond_slave_1: entered promiscuous mode
[  727.378076][   T29] audit: type=1326 audit(1719975552.705:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16504 comm="syz.1.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  727.484581][   T29] audit: type=1326 audit(1719975552.705:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16504 comm="syz.1.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  727.573658][   T29] audit: type=1326 audit(1719975552.735:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16504 comm="syz.1.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  727.674130][   T29] audit: type=1326 audit(1719975552.735:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16504 comm="syz.1.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  727.770056][   T29] audit: type=1326 audit(1719975552.735:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16504 comm="syz.1.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  728.213788][T16521] bond0: entered promiscuous mode
[  728.218913][T16521] bond_slave_0: entered promiscuous mode
[  728.250871][T16521] bond_slave_1: entered promiscuous mode
[  728.300741][T16521] team1: entered promiscuous mode
[  729.492425][T16293] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  729.533768][T16293] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  729.541336][T16567] kernel profiling enabled (shift: 3)
[  729.611590][T16293] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  729.663766][T16293] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  730.006640][T16293] 8021q: adding VLAN 0 to HW filter on device bond0
[  730.073488][T16293] 8021q: adding VLAN 0 to HW filter on device team0
[  730.111640][ T5165] bridge0: port 1(bridge_slave_0) entered blocking state
[  730.118892][ T5165] bridge0: port 1(bridge_slave_0) entered forwarding state
[  730.181841][ T5165] bridge0: port 2(bridge_slave_1) entered blocking state
[  730.189112][ T5165] bridge0: port 2(bridge_slave_1) entered forwarding state
[  730.356546][T16293] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  730.944116][T16293] 8021q: adding VLAN 0 to HW filter on device batadv0
[  731.137297][T16293] veth0_vlan: entered promiscuous mode
[  731.237364][T16293] veth1_vlan: entered promiscuous mode
[  731.962860][T16293] veth0_macvtap: entered promiscuous mode
[  732.056652][T16293] veth1_macvtap: entered promiscuous mode
[  732.182070][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  732.194116][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.203995][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  732.265049][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.309343][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  732.332492][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.384122][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  732.406351][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.429423][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  732.459703][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.479956][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  732.505914][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.522372][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  732.541836][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.591287][T16293] batman_adv: batadv0: Interface activated: batadv_slave_0
[  732.643451][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  732.667098][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.716433][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  732.737641][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.757920][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  732.779689][   T29] kauditd_printk_skb: 59 callbacks suppressed
[  732.779706][   T29] audit: type=1400 audit(1719975558.105:798): avc:  denied  { setopt } for  pid=16627 comm="syz.1.3857" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  732.819367][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.850969][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  732.883122][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.910600][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  732.929209][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.939089][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  732.975223][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  732.991934][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  733.012654][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  733.041507][T16293] batman_adv: batadv0: Interface activated: batadv_slave_1
[  733.065119][T16293] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  733.094671][T16293] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  733.135026][T16293] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  733.184803][T16293] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  733.867033][T16642] bond0: entered promiscuous mode
[  733.914127][T16642] bond_slave_0: entered promiscuous mode
[  733.951017][T16642] bond_slave_1: entered promiscuous mode
[  734.310950][T16654] netlink: 320 bytes leftover after parsing attributes in process `syz.1.3863'.
[  734.421276][ T1044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  734.429135][ T1044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  734.592069][ T1044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  734.631684][ T1044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  735.040802][T16670] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3865'.
[  735.106907][T16670] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3865'.
[  735.609582][ T5097] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  735.776115][T16670] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3865'.
[  736.047066][ T5097] usb 2-1: Using ep0 maxpacket: 8
[  736.080374][ T5097] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  736.119294][ T5097] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  736.169212][ T5097] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  736.239736][ T5097] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00
[  736.260303][ T5097] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  736.294440][ T5097] usb 2-1: config 0 descriptor??
[  737.771629][   T29] audit: type=1400 audit(1719975563.085:799): avc:  denied  { setopt } for  pid=16729 comm="syz.3.3880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  737.776234][ T5097] usbhid 2-1:0.0: can't add hid device: -71
[  737.922093][ T5097] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  737.943753][ T5097] usb 2-1: USB disconnect, device number 22
[  739.939506][ T5138] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  740.378961][ T5138] usb 3-1: Using ep0 maxpacket: 8
[  740.420308][ T5138] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  740.449793][ T5138] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  740.467100][ T5138] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  740.491553][ T5138] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00
[  740.519316][ T5138] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  740.571088][ T5138] usb 3-1: config 0 descriptor??
[  740.911980][T16808] smc: net device ip6_vti0 applied user defined pnetid SYZ0
[  742.197990][ T5138] usbhid 3-1:0.0: can't add hid device: -71
[  742.482764][ T5138] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  742.545970][ T5138] usb 3-1: USB disconnect, device number 19
[  743.252171][T16855] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  744.111935][T16872] binder: 16871:16872 ioctl c0306201 20000380 returned -14
[  744.132144][T16876] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3927'.
[  744.299812][ T5085] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  744.308777][ T5085] Bluetooth: hci3: Injecting HCI hardware error event
[  744.319625][ T5085] Bluetooth: hci3: hardware error 0x00
[  744.741400][T16894] FAULT_INJECTION: forcing a failure.
[  744.741400][T16894] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  744.786343][T16894] CPU: 0 PID: 16894 Comm: syz.3.3935 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0
[  744.796554][T16894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  744.806636][T16894] Call Trace:
[  744.809933][T16894]  <TASK>
[  744.812878][T16894]  dump_stack_lvl+0x16c/0x1f0
[  744.817581][T16894]  should_fail_ex+0x497/0x5b0
[  744.822287][T16894]  _copy_from_iter+0x2a1/0x1140
[  744.827169][T16894]  ? __pfx__copy_from_iter+0x10/0x10
[  744.832481][T16894]  ? tun_build_skb.constprop.0+0x198/0x1250
[  744.838407][T16894]  ? __pfx_lock_release+0x10/0x10
[  744.843462][T16894]  ? mark_lock+0xb5/0xc60
[  744.847828][T16894]  copy_page_from_iter+0xa5/0x120
[  744.852880][T16894]  tun_build_skb.constprop.0+0x274/0x1250
[  744.858632][T16894]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  744.864799][T16894]  ? hlock_class+0x4e/0x130
[  744.869321][T16894]  ? __lock_acquire+0xc5d/0x3b30
[  744.874276][T16894]  tun_get_user+0x888/0x3c30
[  744.878894][T16894]  ? __pfx_tun_get_user+0x10/0x10
[  744.883939][T16894]  ? find_held_lock+0x2d/0x110
[  744.888713][T16894]  ? __pfx_lock_release+0x10/0x10
[  744.893752][T16894]  tun_chr_write_iter+0xe8/0x210
[  744.898703][T16894]  vfs_write+0x6b6/0x1140
[  744.903053][T16894]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  744.908614][T16894]  ? __pfx_vfs_write+0x10/0x10
[  744.913389][T16894]  ? __fget_files+0x256/0x400
[  744.918072][T16894]  ? __fget_light+0x173/0x210
[  744.922765][T16894]  ksys_write+0x12f/0x260
[  744.927099][T16894]  ? __pfx_ksys_write+0x10/0x10
[  744.931956][T16894]  do_syscall_64+0xcd/0x250
[  744.936475][T16894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.942386][T16894] RIP: 0033:0x7f87db77471f
[  744.946811][T16894] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48
[  744.966421][T16894] RSP: 002b:00007f87dc53d010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  744.974837][T16894] RAX: ffffffffffffffda RBX: 00007f87db903f60 RCX: 00007f87db77471f
[  744.982804][T16894] RDX: 000000000000009e RSI: 0000000020000180 RDI: 00000000000000c8
[  744.990774][T16894] RBP: 00007f87dc53d0a0 R08: 0000000000000000 R09: 0000000000000000
[  744.998741][T16894] R10: 000000000000009e R11: 0000000000000293 R12: 0000000000000001
[  745.006711][T16894] R13: 000000000000000b R14: 00007f87db903f60 R15: 00007ffea6dbbe88
[  745.014685][T16894]  </TASK>
[  745.059289][   T29] audit: type=1326 audit(1719975570.355:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  745.066893][T16899] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  745.150921][   T29] audit: type=1326 audit(1719975570.475:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  745.247778][   T29] audit: type=1326 audit(1719975570.475:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  745.343580][   T29] audit: type=1326 audit(1719975570.475:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  745.409390][T16904] raw_sendmsg: syz.3.3939 forgot to set AF_INET. Fix it!
[  745.470415][   T29] audit: type=1326 audit(1719975570.475:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  745.516425][   T29] audit: type=1326 audit(1719975570.475:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  745.594572][   T29] audit: type=1326 audit(1719975570.485:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  745.734845][   T29] audit: type=1326 audit(1719975570.485:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  745.809539][   T29] audit: type=1326 audit(1719975570.485:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000
[  745.875417][   T29] audit: type=1326 audit(1719975570.485:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7faaecf745d0 code=0x7ffc0000
[  746.089385][T16934] binder: 16927:16934 ioctl 40046210 0 returned -14
[  746.383824][T16946] FAULT_INJECTION: forcing a failure.
[  746.383824][T16946] name failslab, interval 1, probability 0, space 0, times 1
[  746.416498][T16946] CPU: 1 PID: 16946 Comm: syz.2.3949 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0
[  746.426664][T16946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  746.436719][T16946] Call Trace:
[  746.440000][T16946]  <TASK>
[  746.442936][T16946]  dump_stack_lvl+0x16c/0x1f0
[  746.447610][T16946]  should_fail_ex+0x497/0x5b0
[  746.452280][T16946]  should_failslab+0x9/0x20
[  746.456779][T16946]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  746.460325][ T5085] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  746.462150][T16946]  ? __build_skb+0x3f/0x90
[  746.462187][T16946]  __build_skb+0x3f/0x90
[  746.477246][T16946]  build_skb+0x22/0x280
[  746.481434][T16946]  __tun_build_skb+0x2c/0x340
[  746.486141][T16946]  tun_build_skb.constprop.0+0x7df/0x1250
[  746.491855][T16946]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  746.498012][T16946]  ? hlock_class+0x4e/0x130
[  746.502529][T16946]  ? __lock_acquire+0xc5d/0x3b30
[  746.507462][T16946]  tun_get_user+0x888/0x3c30
[  746.512052][T16946]  ? __pfx_tun_get_user+0x10/0x10
[  746.517068][T16946]  ? find_held_lock+0x2d/0x110
[  746.521834][T16946]  ? __pfx_lock_release+0x10/0x10
[  746.526862][T16946]  tun_chr_write_iter+0xe8/0x210
[  746.531796][T16946]  vfs_write+0x6b6/0x1140
[  746.536130][T16946]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  746.541703][T16946]  ? __pfx_vfs_write+0x10/0x10
[  746.546479][T16946]  ? __fget_files+0x256/0x400
[  746.551153][T16946]  ? __fget_light+0x173/0x210
[  746.555819][T16946]  ksys_write+0x12f/0x260
[  746.560155][T16946]  ? __pfx_ksys_write+0x10/0x10
[  746.565013][T16946]  do_syscall_64+0xcd/0x250
[  746.569520][T16946]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  746.575420][T16946] RIP: 0033:0x7f291af7471f
[  746.579829][T16946] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48
[  746.599432][T16946] RSP: 002b:00007f291be06010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  746.607843][T16946] RAX: ffffffffffffffda RBX: 00007f291b103f60 RCX: 00007f291af7471f
[  746.615812][T16946] RDX: 000000000000009e RSI: 0000000020000180 RDI: 00000000000000c8
[  746.623787][T16946] RBP: 00007f291be060a0 R08: 0000000000000000 R09: 0000000000000000
[  746.631761][T16946] R10: 000000000000009e R11: 0000000000000293 R12: 0000000000000001
[  746.639729][T16946] R13: 000000000000000b R14: 00007f291b103f60 R15: 00007ffd19798918
[  746.647699][T16946]  </TASK>
[  746.892805][T16954] Cannot find set identified by id 0 to match
[  747.413456][ T5085] Bluetooth: hci2: link tx timeout
[  747.421519][ T5085] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  747.742292][T16971] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.755739][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  747.764583][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  748.069330][ T5138] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  748.255260][T16992] FAULT_INJECTION: forcing a failure.
[  748.255260][T16992] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  748.289726][ T5138] usb 3-1: Using ep0 maxpacket: 8
[  748.299099][T16992] CPU: 1 PID: 16992 Comm: syz.1.3963 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0
[  748.309300][T16992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  748.319370][T16992] Call Trace:
[  748.322662][T16992]  <TASK>
[  748.325606][T16992]  dump_stack_lvl+0x16c/0x1f0
[  748.330321][T16992]  should_fail_ex+0x497/0x5b0
[  748.335015][T16992]  _copy_to_user+0x30/0xc0
[  748.339424][T16992]  simple_read_from_buffer+0xd0/0x160
[  748.344792][T16992]  proc_fail_nth_read+0x1b0/0x290
[  748.349810][T16992]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  748.355347][T16992]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  748.360883][T16992]  vfs_read+0x1d4/0xbd0
[  748.365042][T16992]  ? __fdget_pos+0xeb/0x180
[  748.369560][T16992]  ? __pfx_vfs_read+0x10/0x10
[  748.374253][T16992]  ? __pfx___mutex_lock+0x10/0x10
[  748.379272][T16992]  ? __fget_files+0x256/0x400
[  748.383963][T16992]  ksys_read+0x12f/0x260
[  748.388194][T16992]  ? __pfx_ksys_read+0x10/0x10
[  748.392949][T16992]  do_syscall_64+0xcd/0x250
[  748.397443][T16992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.403342][T16992] RIP: 0033:0x7faaecf7467c
[  748.407773][T16992] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  748.427389][T16992] RSP: 002b:00007faaedd61040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  748.435785][T16992] RAX: ffffffffffffffda RBX: 00007faaed103f60 RCX: 00007faaecf7467c
[  748.443739][T16992] RDX: 000000000000000f RSI: 00007faaedd610b0 RDI: 0000000000000003
[  748.451713][T16992] RBP: 00007faaedd610a0 R08: 0000000000000000 R09: 0000000000000000
[  748.459670][T16992] R10: 000000000000009e R11: 0000000000000246 R12: 0000000000000001
[  748.467633][T16992] R13: 000000000000000b R14: 00007faaed103f60 R15: 00007ffc93469b68
[  748.475614][T16992]  </TASK>
[  748.499860][ T5138] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  748.510380][ T5138] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  748.519559][ T5138] usb 3-1: config 1 has no interface number 1
[  748.536147][ T5138] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  749.107256][T17002] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.3964'.
[  749.195250][ T5138] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  749.203366][ T5138] usb 3-1: Product: syz
[  749.207553][ T5138] usb 3-1: Manufacturer: syz
[  749.212217][ T5138] usb 3-1: SerialNumber: syz
[  749.416799][T17012] Cannot find set identified by id 0 to match
[  749.473109][T16971] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  749.511306][ T5095] Bluetooth: hci2: command 0x0406 tx timeout
[  749.558705][T16971] trusted_key: syz.2.3957 sent an empty control message without MSG_MORE.
[  749.650407][T17024] unknown channel width for channel at 909000KHz?
[  749.656934][T17024] unknown channel width for channel at 909000KHz?
[  749.677709][T17024] unknown channel width for channel at 909000KHz?
[  749.685290][T17021] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3969'.
[  750.046236][T17032] binder: 17026:17032 ioctl 8912 20000540 returned -22
[  750.149451][T17032] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3972'.
[  750.887616][ T5138] usb 3-1: USB disconnect, device number 20
[  751.132949][T17057] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3979'.
[  751.154632][T15006] udevd[15006]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  751.299285][   T29] kauditd_printk_skb: 54 callbacks suppressed
[  751.299304][   T29] audit: type=1804 audit(1719975576.625:864): pid=17047 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.3977" name="/newroot/364/bus/cgroup.controllers" dev="overlay" ino=1955 res=1 errno=0
[  751.379247][   T29] audit: type=1326 audit(1719975576.685:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17051 comm="syz.1.3979" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x0
[  751.649308][ T1148] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  751.843849][ T1148] usb 3-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=26.ea
[  751.868852][ T1148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  751.909657][   T29] audit: type=1400 audit(1719975577.215:866): avc:  denied  { write } for  pid=17065 comm="syz.3.3982" name="pfkey" dev="proc" ino=4026534754 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  751.940736][ T1148] usb 3-1: config 0 descriptor??
[  751.946582][T17068] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3983'.
[  751.975240][ T1148] usb 3-1: Invalid firmware size=18.
[  752.169278][T17071] binder: 17070:17071 ioctl c0306201 20000380 returned -14
[  752.545291][ T1148] usb 3-1: USB disconnect, device number 21
[  752.848809][   T29] audit: type=1400 audit(1719975578.175:867): avc:  denied  { create } for  pid=17083 comm="syz.3.3986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  752.903874][T17091] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3986'.
[  752.929661][   T29] audit: type=1400 audit(1719975578.235:868): avc:  denied  { connect } for  pid=17083 comm="syz.3.3986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  753.067562][   T29] audit: type=1400 audit(1719975578.395:869): avc:  denied  { setopt } for  pid=17095 comm="syz.4.3989" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  753.099658][T17098] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3989'.
[  753.108627][   T29] audit: type=1400 audit(1719975578.425:870): avc:  denied  { nlmsg_read } for  pid=17095 comm="syz.4.3989" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  753.129663][T17096] binder: 17092:17096 ioctl 8912 20000540 returned -22
[  753.151942][T17096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3988'.
[  753.348121][   T29] audit: type=1400 audit(1719975578.675:871): avc:  denied  { mounton } for  pid=17100 comm="syz.0.3990" path="/21/file1/file0" dev="autofs" ino=63903 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  753.393540][   T29] audit: type=1400 audit(1719975578.715:872): avc:  denied  { read } for  pid=17100 comm="syz.0.3990" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  753.471687][   T29] audit: type=1400 audit(1719975578.715:873): avc:  denied  { open } for  pid=17100 comm="syz.0.3990" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  755.154311][T17136] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3995'.
[  756.934481][T17158] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4005'.
[  756.980749][   T29] kauditd_printk_skb: 3 callbacks suppressed
[  756.980767][   T29] audit: type=1400 audit(1719975582.315:877): avc:  denied  { append } for  pid=17159 comm="syz.1.4006" name="nvram" dev="devtmpfs" ino=625 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  757.333669][   T29] audit: type=1400 audit(1719975582.665:878): avc:  denied  { write } for  pid=17167 comm="syz.3.4009" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  757.475096][T17171] netlink: 'syz.3.4010': attribute type 62 has an invalid length.
[  757.882960][   T29] audit: type=1400 audit(1719975583.215:879): avc:  denied  { bind } for  pid=17176 comm="syz.2.4011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  757.918549][   T29] audit: type=1400 audit(1719975583.245:880): avc:  denied  { listen } for  pid=17176 comm="syz.2.4011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  757.977182][T17177] bond1: entered promiscuous mode
[  758.006591][T17177] bond1: entered allmulticast mode
[  758.019875][T17177] 8021q: adding VLAN 0 to HW filter on device bond1
[  758.287254][T17187] input: syz1 as /devices/virtual/input/input33
[  758.914733][   T29] audit: type=1804 audit(1719975584.245:881): pid=17192 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.4015" name="/newroot/149/bus/cgroup.controllers" dev="overlay" ino=808 res=1 errno=0
[  759.294477][T17202] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4017'.
[  759.462465][   T29] audit: type=1326 audit(1719975584.795:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17207 comm="syz.4.4020" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce74575b99 code=0x0
[  759.909485][T17213] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4021'.
[  760.078288][T17218] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4022'.
[  760.659152][    C1] Adjusting tsc more than 11% (8578408 vs 8464029)
[  760.973293][T17229] binder: 17228:17229 ioctl 8912 20000540 returned -22
[  761.026892][T17229] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4024'.
[  761.193628][T17240] input: syz1 as /devices/virtual/input/input34
[  761.654755][ T5087] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  761.840898][ T5087] usb 3-1: Using ep0 maxpacket: 16
[  761.849281][ T5087] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  761.870978][ T5087] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  761.901151][ T5087] usb 3-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  761.940957][ T5087] usb 3-1: New USB device found, idVendor=0525, idProduct=9ea1, bcdDevice= 0.40
[  761.950597][ T5087] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  761.967001][ T5087] usb 3-1: Product: syz
[  761.972000][ T5087] usb 3-1: Manufacturer: syz
[  761.982997][ T5087] usb 3-1: SerialNumber: syz
[  762.022342][ T5087] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found
[  762.052265][ T5087] cdc_ncm 3-1:1.0: bind() failure
[  762.291105][ T5138] usb 3-1: USB disconnect, device number 22
[  762.533246][T17266] misc userio: Can't change port type on an already running userio instance
[  762.592181][T17269] misc userio: Begin command sent, but we're already running
[  762.817837][ T5138] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  763.040723][ T5138] usb 3-1: Using ep0 maxpacket: 32
[  763.047477][ T5138] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  763.063815][ T5138] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  763.092105][ T5138] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  763.103852][ T5138] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  763.118993][ T5138] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  763.129377][ T5138] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  763.145237][ T5138] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  763.155258][ T5138] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  763.163284][ T5138] usb 3-1: Product: syz
[  763.167589][ T5138] usb 3-1: Manufacturer: syz
[  763.173267][ T5138] usb 3-1: SerialNumber: syz
[  764.727454][ T5138] cdc_ncm 3-1:1.0: bind() failure
[  764.768613][ T5138] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  764.791989][ T5138] cdc_ncm 3-1:1.1: bind() failure
[  764.839852][   T29] audit: type=1400 audit(1719975590.579:883): avc:  denied  { setopt } for  pid=17288 comm="syz.4.4041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  764.888807][ T5138] usb 3-1: USB disconnect, device number 23
[  765.041297][T17292] Bluetooth: MGMT ver 1.22
[  765.476795][ T5095] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  765.488402][ T5095] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  765.497291][ T5095] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  765.525062][ T5095] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  765.535626][ T5095] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  765.543519][ T5095] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  765.870889][ T1062] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  765.922582][T17313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  765.977898][T17313] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  766.142585][ T1062] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.325875][ T1062] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.524149][ T1062] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  767.669256][ T5095] Bluetooth: hci3: command tx timeout
[  768.259762][   T29] audit: type=1400 audit(1719975594.023:884): avc:  denied  { getopt } for  pid=17362 comm="syz.3.4058" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  768.369433][T17302] chnl_net:caif_netlink_parms(): no params data found
[  768.493839][ T1062] bridge_slave_1: left allmulticast mode
[  768.529012][ T1062] bridge_slave_1: left promiscuous mode
[  768.558042][ T1062] bridge0: port 2(bridge_slave_1) entered disabled state
[  768.595914][ T1062] bridge_slave_0: left allmulticast mode
[  768.606490][T17369] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17369 comm=syz.3.4058
[  768.618081][ T1062] bridge_slave_0: left promiscuous mode
[  768.657573][ T1062] bridge0: port 1(bridge_slave_0) entered disabled state
[  769.882092][ T1062] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  769.894798][ T1062] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  769.906495][ T1062] bond0 (unregistering): Released all slaves
[  769.923660][ T5095] Bluetooth: hci3: command tx timeout
[  769.961521][T17369] (unnamed net_device) (uninitialized): (slave team_slave_0): Device is not bonding slave
[  769.986996][T17369] (unnamed net_device) (uninitialized): option active_slave: invalid value (team_slave_0)
[  770.454837][T17399] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4061'.
[  770.620359][T17302] bridge0: port 1(bridge_slave_0) entered blocking state
[  770.638467][T17302] bridge0: port 1(bridge_slave_0) entered disabled state
[  770.666711][T17302] bridge_slave_0: entered allmulticast mode
[  770.697799][T17302] bridge_slave_0: entered promiscuous mode
[  770.757040][T17409] xt_hashlimit: size too large, truncated to 1048576
[  770.785392][ T1062] hsr_slave_0: left promiscuous mode
[  770.808722][T17409] xt_hashlimit: Unknown mode mask 312, kernel too old?
[  770.809420][ T1062] hsr_slave_1: left promiscuous mode
[  770.858719][ T1062] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  770.903066][ T1062] batman_adv: batadv0: Removing interface: batadv_slave_0
[  770.934911][ T1062] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  770.947594][ T1062] batman_adv: batadv0: Removing interface: batadv_slave_1
[  771.116852][ T1062] veth1_macvtap: left promiscuous mode
[  771.174467][ T1062] veth0_macvtap: left promiscuous mode
[  771.206109][ T1062] veth1_vlan: left promiscuous mode
[  771.233205][ T1062] veth0_vlan: left promiscuous mode
[  771.529071][T17429] input: syz1 as /devices/virtual/input/input38
[  771.804894][T17435] sctp: [Deprecated]: syz.4.4069 (pid 17435) Use of int in max_burst socket option deprecated.
[  771.804894][T17435] Use struct sctp_assoc_value instead
[  772.177347][ T5095] Bluetooth: hci3: command tx timeout
[  773.008003][ T1062] team0 (unregistering): Port device team_slave_1 removed
[  773.060961][ T1062] team0 (unregistering): Port device team_slave_0 removed
[  773.099818][ T5164] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  773.320001][ T5164] usb 4-1: Using ep0 maxpacket: 32
[  773.333826][ T5164] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  773.342491][ T5164] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  773.353959][ T5164] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  773.368060][ T5164] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  773.377749][ T5164] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  773.388777][ T5164] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  773.411346][ T5164] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  773.420450][ T5164] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  773.437047][ T5164] usb 4-1: config 0 descriptor??
[  773.702206][ T5164] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  773.724661][ T5164] usb 4-1: USB disconnect, device number 17
[  773.740470][ T5164] usblp0: removed
[  773.812586][T17302] bridge0: port 2(bridge_slave_1) entered blocking state
[  773.819958][T17302] bridge0: port 2(bridge_slave_1) entered disabled state
[  773.828258][T17302] bridge_slave_1: entered allmulticast mode
[  773.836268][T17302] bridge_slave_1: entered promiscuous mode
[  774.073522][T17302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  774.283364][T17302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  774.325182][ T5164] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  774.434720][ T5095] Bluetooth: hci3: command tx timeout
[  775.143592][T17302] team0: Port device team_slave_0 added
[  775.187808][ T5164] usb 4-1: Using ep0 maxpacket: 32
[  775.204048][ T5164] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  775.226045][ T5164] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  775.449002][ T5164] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  775.449867][ T5164] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  775.466686][T17302] team0: Port device team_slave_1 added
[  775.468449][ T5164] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  775.485089][ T5164] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  775.487785][ T5164] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  775.526758][ T5164] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  775.590648][ T5164] usb 4-1: config 0 descriptor??
[  776.154600][ T5164] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 18 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  776.277819][ T5164] usb 4-1: USB disconnect, device number 18
[  776.305704][ T5164] usblp0: removed
[  776.399792][T17302] batman_adv: batadv0: Adding interface: batadv_slave_0
[  776.421825][T17302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  776.502439][T17491] input: syz1 as /devices/virtual/input/input39
[  776.546544][T17302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  776.641094][T17302] batman_adv: batadv0: Adding interface: batadv_slave_1
[  776.648571][T17302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  776.724768][T17302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  776.998307][T17302] hsr_slave_0: entered promiscuous mode
[  777.044283][T17302] hsr_slave_1: entered promiscuous mode
[  777.080051][T17302] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  777.121961][T17302] Cannot create hsr debugfs directory
[  778.583493][T17302] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  778.649727][T17302] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  778.699212][T17302] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  778.719879][T17302] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  779.105639][T17302] 8021q: adding VLAN 0 to HW filter on device bond0
[  779.170660][T17302] 8021q: adding VLAN 0 to HW filter on device team0
[  779.233111][ T5087] bridge0: port 1(bridge_slave_0) entered blocking state
[  779.240238][ T5087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  779.280753][ T5087] bridge0: port 2(bridge_slave_1) entered blocking state
[  779.288075][ T5087] bridge0: port 2(bridge_slave_1) entered forwarding state
[  779.861101][T17302] 8021q: adding VLAN 0 to HW filter on device batadv0
[  780.100235][T17302] veth0_vlan: entered promiscuous mode
[  780.158303][T17302] veth1_vlan: entered promiscuous mode
[  780.279684][T17302] veth0_macvtap: entered promiscuous mode
[  780.306323][T17302] veth1_macvtap: entered promiscuous mode
[  780.353496][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  780.380888][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.399438][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  780.409917][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.433302][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  780.453520][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.463388][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  780.489808][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.507660][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  780.518131][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.540883][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  780.561892][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.572294][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  780.595546][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.623675][T17302] batman_adv: batadv0: Interface activated: batadv_slave_0
[  780.642973][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  780.668202][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.690511][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  780.701675][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.727687][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  780.740626][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.762997][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  780.774015][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.797951][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  780.808659][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.830460][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  780.841219][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.865154][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  780.875604][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.906059][T17302] batman_adv: batadv0: Interface activated: batadv_slave_1
[  780.955204][T17302] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  780.969048][T17302] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  780.984396][T17302] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  780.993130][T17302] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  781.157050][ T4215] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  781.177164][ T4215] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  781.221382][ T1062] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  781.232655][ T1062] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  807.019862][T17616] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4084'.
[  808.548004][T17629] veth0_vlan: left promiscuous mode
[  808.882370][T17654] input: syz1 as /devices/virtual/input/input40
[  809.129600][T17660] hfsplus: unable to parse mount options
[  809.696056][T17680] xt_l2tp: v2 tid > 0xffff: 262144
[  809.815956][ T1148] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  809.935659][T17690] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.4101'.
[  809.945187][T17690] openvswitch: netlink: Message has 3074 unknown bytes.
[  810.778549][ T1148] usb 2-1: Using ep0 maxpacket: 32
[  810.788591][   T29] audit: type=1400 audit(1719975632.475:885): avc:  denied  { name_bind } for  pid=17687 comm="syz.0.4101" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  810.838896][ T1148] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  810.988754][   T29] audit: type=1400 audit(1719975632.531:886): avc:  denied  { name_connect } for  pid=17687 comm="syz.0.4101" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  811.010876][    C1] vkms_vblank_simulate: vblank timer overrun
[  811.021799][   T29] audit: type=1400 audit(1719975633.306:887): avc:  denied  { write } for  pid=17693 comm="syz.4.4104" name="card0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  811.044737][    C1] vkms_vblank_simulate: vblank timer overrun
[  811.072060][ T1148] usb 2-1: New USB device found, idVendor=0458, idProduct=5014, bcdDevice= 0.40
[  811.331236][ T1148] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  811.349782][ T1148] usb 2-1: Product: syz
[  811.354809][ T5095] Bluetooth: hci3: command tx timeout
[  811.417585][ T1148] usb 2-1: Manufacturer: syz
[  811.730267][ T1148] usb 2-1: SerialNumber: syz
[  812.177918][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  812.184414][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  812.233907][ T1148] usbhid 2-1:1.0: couldn't find an input interrupt endpoint
[  812.345109][   T29] audit: type=1400 audit(1719975634.709:888): avc:  denied  { create } for  pid=17663 comm="syz.2.4096" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  812.572587][T17710] input: syz1 as /devices/virtual/input/input41
[  813.101122][T17716] xt_TCPMSS: Only works on TCP SYN packets
[  813.196718][   T29] audit: type=1400 audit(1719975635.503:889): avc:  denied  { ioctl } for  pid=17715 comm="syz.0.4108" path="socket:[67059]" dev="sockfs" ino=67059 ioctlcmd=0x89a1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  813.660589][T17724] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4111'.
[  813.737898][   T29] audit: type=1400 audit(1719975635.992:890): avc:  denied  { nnp_transition } for  pid=17723 comm="syz.0.4111" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1
[  813.788188][   T29] audit: type=1400 audit(1719975636.020:891): avc:  denied  { transition } for  pid=17723 comm="syz.0.4111" path="/9/file2" dev="tmpfs" ino=66 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  813.834035][ T5165] usb 2-1: USB disconnect, device number 23
[  813.880339][   T29] audit: type=1400 audit(1719975636.020:892): avc:  denied  { entrypoint } for  pid=17723 comm="syz.0.4111" path="/9/file2" dev="tmpfs" ino=66 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  813.938480][   T29] audit: type=1400 audit(1719975636.020:893): avc:  denied  { noatsecure } for  pid=17723 comm="syz.0.4111" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  814.066926][   T29] audit: type=1400 audit(1719975636.297:894): avc:  denied  { getopt } for  pid=17734 comm="syz.3.4113" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  814.106508][T17736] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4113'.
[  814.235572][T17739] sch_tbf: burst 7768 is lower than device lo mtu (11337746) !
[  814.507233][ T5095] Bluetooth: hci2: unexpected event for opcode 0x1003
[  817.883759][T17752] qnx4: no qnx4 filesystem (no root dir).
[  817.976899][T17760] qnx4: no qnx4 filesystem (no root dir).
[  818.003518][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  818.003536][   T29] audit: type=1400 audit(1719975639.933:897): avc:  denied  { mount } for  pid=17753 comm="syz.1.4118" name="/" dev="pstore" ino=3096 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  818.031936][    C1] vkms_vblank_simulate: vblank timer overrun
[  818.160976][T17764] qnx4: no qnx4 filesystem (no root dir).
[  818.396140][T17769] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4119'.
[  818.957299][ T5095] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  818.967794][ T5095] Bluetooth: hci2: Injecting HCI hardware error event
[  818.982768][ T5085] Bluetooth: hci2: hardware error 0x00
[  818.982775][   T29] audit: type=1400 audit(1719975640.229:898): avc:  denied  { connect } for  pid=17755 comm="syz.4.4119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  818.988288][   T29] audit: type=1400 audit(1719975640.293:899): avc:  denied  { write } for  pid=17755 comm="syz.4.4119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  819.220234][   T29] audit: type=1400 audit(1719975641.050:900): avc:  denied  { unmount } for  pid=11428 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  819.221827][ T5085] ------------[ cut here ]------------
[  819.246949][ T5085] ida_free called for id=8192 which is not allocated.
[  819.258136][ T5085] WARNING: CPU: 1 PID: 5085 at lib/idr.c:525 ida_free+0x1fb/0x2f0
[  819.266468][ T5085] Modules linked in:
[  819.271032][ T5085] CPU: 1 PID: 5085 Comm: kworker/u9:2 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0
[  819.281840][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  819.292506][ T5085] Workqueue: hci2 hci_error_reset
[  819.297671][ T5085] RIP: 0010:ida_free+0x1fb/0x2f0
[  819.302648][ T5085] Code: bb f6 41 83 fe 3e 76 73 e8 f2 fa bb f6 48 8b 7c 24 28 4c 89 ee e8 c5 0c 19 00 90 48 c7 c7 e0 2b 81 8c 89 ee e8 96 15 7e f6 90 <0f> 0b 90 90 e8 cc fa bb f6 48 b8 00 00 00 00 00 fc ff df 48 01 c3
[  819.322382][ T5085] RSP: 0018:ffffc9000320fa38 EFLAGS: 00010286
[  819.328493][ T5085] RAX: 0000000000000000 RBX: 1ffff92000641f48 RCX: ffffffff81500069
[  819.336456][ T5085] RDX: ffff8880698c8000 RSI: ffffffff81500076 RDI: 0000000000000001
[  819.344677][ T5085] RBP: 0000000000002000 R08: 0000000000000001 R09: 0000000000000000
[  819.352739][ T5085] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
[  819.361165][ T5085] R13: 0000000000000293 R14: 0000000000000000 R15: 0000000000000000
[  819.369127][ T5085] FS:  0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
[  819.378322][ T5085] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  819.384961][ T5085] CR2: 00007fce752356b8 CR3: 0000000029c46000 CR4: 00000000003506f0
[  819.392995][ T5085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  819.400972][ T5085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  819.408956][ T5085] Call Trace:
[  819.412224][ T5085]  <TASK>
[  819.415197][ T5085]  ? show_regs+0x8c/0xa0
[  819.419439][ T5085]  ? __warn+0xe5/0x3c0
[  819.423507][ T5085]  ? preempt_schedule_notrace+0x62/0xe0
[  819.429094][ T5085]  ? ida_free+0x1fb/0x2f0
[  819.433433][ T5085]  ? report_bug+0x3c0/0x580
[  819.437950][ T5085]  ? handle_bug+0x3d/0x70
[  819.442274][ T5085]  ? exc_invalid_op+0x17/0x50
[  819.446989][ T5085]  ? asm_exc_invalid_op+0x1a/0x20
[  819.452036][ T5085]  ? __warn_printk+0x199/0x350
[  819.456820][ T5085]  ? __warn_printk+0x1a6/0x350
[  819.461578][ T5085]  ? ida_free+0x1fb/0x2f0
[  819.465903][ T5085]  ? ida_free+0x1fa/0x2f0
[  819.470659][ T5085]  ? __pfx_ida_free+0x10/0x10
[  819.475334][ T5085]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  819.480866][ T5085]  hci_conn_del+0x768/0xdb0
[  819.485392][ T5085]  hci_conn_hash_flush+0x18f/0x260
[  819.490545][ T5085]  hci_dev_close_sync+0x591/0x1100
[  819.495690][ T5085]  ? __pfx_bt_err+0x10/0x10
[  819.500252][ T5085]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  819.505808][ T5085]  ? __pfx_lock_acquire+0x10/0x10
[  819.510923][ T5085]  ? __pfx_lock_release+0x10/0x10
[  819.515967][ T5085]  hci_dev_do_close+0x2e/0x90
[  819.520637][ T5085]  hci_error_reset+0xbf/0x320
[  819.525348][ T5085]  process_one_work+0x9c5/0x1b40
[  819.530307][ T5085]  ? __pfx_lock_acquire+0x10/0x10
[  819.535349][ T5085]  ? __pfx_process_one_work+0x10/0x10
[  819.540769][ T5085]  ? assign_work+0x1a0/0x250
[  819.545426][ T5085]  worker_thread+0x6c8/0xf30
[  819.550007][ T5085]  ? __pfx_worker_thread+0x10/0x10
[  819.555168][ T5085]  kthread+0x2c1/0x3a0
[  819.559238][ T5085]  ? _raw_spin_unlock_irq+0x23/0x50
[  819.564472][ T5085]  ? __pfx_kthread+0x10/0x10
[  819.569093][ T5085]  ret_from_fork+0x45/0x80
[  819.573512][ T5085]  ? __pfx_kthread+0x10/0x10
[  819.578507][ T5085]  ret_from_fork_asm+0x1a/0x30
[  819.583277][ T5085]  </TASK>
[  819.586542][ T5085] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  819.593813][ T5085] CPU: 1 PID: 5085 Comm: kworker/u9:2 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0
[  819.604062][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  819.614109][ T5085] Workqueue: hci2 hci_error_reset
[  819.619142][ T5085] Call Trace:
[  819.622415][ T5085]  <TASK>
[  819.625333][ T5085]  dump_stack_lvl+0x3d/0x1f0
[  819.629912][ T5085]  panic+0x6f5/0x7a0
[  819.633817][ T5085]  ? __pfx_panic+0x10/0x10
[  819.638225][ T5085]  ? show_trace_log_lvl+0x363/0x500
[  819.643420][ T5085]  ? check_panic_on_warn+0x1f/0xb0
[  819.648524][ T5085]  ? ida_free+0x1fb/0x2f0
[  819.652838][ T5085]  check_panic_on_warn+0xab/0xb0
[  819.657769][ T5085]  __warn+0xf1/0x3c0
[  819.661656][ T5085]  ? preempt_schedule_notrace+0x62/0xe0
[  819.667187][ T5085]  ? ida_free+0x1fb/0x2f0
[  819.671501][ T5085]  report_bug+0x3c0/0x580
[  819.675817][ T5085]  handle_bug+0x3d/0x70
[  819.679961][ T5085]  exc_invalid_op+0x17/0x50
[  819.684457][ T5085]  asm_exc_invalid_op+0x1a/0x20
[  819.689305][ T5085] RIP: 0010:ida_free+0x1fb/0x2f0
[  819.694231][ T5085] Code: bb f6 41 83 fe 3e 76 73 e8 f2 fa bb f6 48 8b 7c 24 28 4c 89 ee e8 c5 0c 19 00 90 48 c7 c7 e0 2b 81 8c 89 ee e8 96 15 7e f6 90 <0f> 0b 90 90 e8 cc fa bb f6 48 b8 00 00 00 00 00 fc ff df 48 01 c3
[  819.713825][ T5085] RSP: 0018:ffffc9000320fa38 EFLAGS: 00010286
[  819.719878][ T5085] RAX: 0000000000000000 RBX: 1ffff92000641f48 RCX: ffffffff81500069
[  819.727834][ T5085] RDX: ffff8880698c8000 RSI: ffffffff81500076 RDI: 0000000000000001
[  819.735790][ T5085] RBP: 0000000000002000 R08: 0000000000000001 R09: 0000000000000000
[  819.743744][ T5085] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
[  819.751732][ T5085] R13: 0000000000000293 R14: 0000000000000000 R15: 0000000000000000
[  819.759700][ T5085]  ? __warn_printk+0x199/0x350
[  819.764466][ T5085]  ? __warn_printk+0x1a6/0x350
[  819.769226][ T5085]  ? ida_free+0x1fa/0x2f0
[  819.773544][ T5085]  ? __pfx_ida_free+0x10/0x10
[  819.778206][ T5085]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  819.783486][ T5085]  hci_conn_del+0x768/0xdb0
[  819.788010][ T5085]  hci_conn_hash_flush+0x18f/0x260
[  819.793113][ T5085]  hci_dev_close_sync+0x591/0x1100
[  819.798217][ T5085]  ? __pfx_bt_err+0x10/0x10
[  819.802711][ T5085]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  819.808253][ T5085]  ? __pfx_lock_acquire+0x10/0x10
[  819.813271][ T5085]  ? __pfx_lock_release+0x10/0x10
[  819.818299][ T5085]  hci_dev_do_close+0x2e/0x90
[  819.823015][ T5085]  hci_error_reset+0xbf/0x320
[  819.827695][ T5085]  process_one_work+0x9c5/0x1b40
[  819.832629][ T5085]  ? __pfx_lock_acquire+0x10/0x10
[  819.837650][ T5085]  ? __pfx_process_one_work+0x10/0x10
[  819.843011][ T5085]  ? assign_work+0x1a0/0x250
[  819.847601][ T5085]  worker_thread+0x6c8/0xf30
[  819.852179][ T5085]  ? __pfx_worker_thread+0x10/0x10
[  819.857276][ T5085]  kthread+0x2c1/0x3a0
[  819.861337][ T5085]  ? _raw_spin_unlock_irq+0x23/0x50
[  819.866524][ T5085]  ? __pfx_kthread+0x10/0x10
[  819.871104][ T5085]  ret_from_fork+0x45/0x80
[  819.875512][ T5085]  ? __pfx_kthread+0x10/0x10
[  819.880093][ T5085]  ret_from_fork_asm+0x1a/0x30
[  819.884848][ T5085]  </TASK>
[  819.888091][ T5085] Kernel Offset: disabled
[  819.892542][ T5085] Rebooting in 86400 seconds..