last executing test programs:

2m38.574897947s ago: executing program 1 (id=2317):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff})
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040), 0x1000000, &(0x7f00000007c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000040)={r5, 0x9}, 0x8)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000080)={r5, 0x38, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x1, @remote, 0x5}, @in6={0xa, 0x4e22, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4}]}, &(0x7f00000000c0)=0x10)
syz_open_dev$tty1(0xc, 0x4, 0x4) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) (async)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) (async)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040), 0x1000000, &(0x7f00000007c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socket$inet_sctp(0x2, 0x1, 0x84) (async)
socket$inet_sctp(0x2, 0x1, 0x84) (async)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) (async)
setsockopt$inet_sctp_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000040)={r5, 0x9}, 0x8) (async)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000080)={r5, 0x38, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x1, @remote, 0x5}, @in6={0xa, 0x4e22, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4}]}, &(0x7f00000000c0)=0x10) (async)

2m38.52191417s ago: executing program 1 (id=2318):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = syz_usb_connect(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f00000000c0)={0x34, &(0x7f0000000180)=ANY=[@ANYBLOB="e7ea0200"], 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb702000008000000b704000000000000850000001600000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r3}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001040)={0x14, 0x52, 0x1, 0x0, 0x0, {0x1c}}, 0x14}}, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r6, &(0x7f00000000c0)={0x1f, 0x0, @none}, 0xe)
listen(r6, 0x9)
close_range(r5, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
r7 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r8 = syz_io_uring_setup(0x3ac6, &(0x7f00000001c0)={0x0, 0xfffffffd, 0x10100, 0x4, 0x37c}, &(0x7f0000000180)=<r9=>0x0, &(0x7f0000000100)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003880), 0x63}, 0x0, 0xe3d08660d3cd4684})
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r11, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@loopback, @in6=@empty, 0x0, 0x0, 0x8000, 0x0, 0x2, 0x0, 0x0, 0x6}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x1000000, 0x6}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x6c}, 0x2, @in=@rand_addr=0x64010101, 0x0, 0x4}}, 0xe8)
io_uring_enter(r8, 0x92, 0x0, 0x0, 0x0, 0x0)
bind$802154_raw(r7, &(0x7f0000000000)={0x24, @none={0x0, 0x3}}, 0x14)

2m37.792421784s ago: executing program 1 (id=2324):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$kcm(0x2, 0xa, 0x2)
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r1, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2, r5}})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
socket$pppoe(0x18, 0x1, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000200)={0x2})

2m37.490288432s ago: executing program 1 (id=2327):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="b70000000000000007000000000000009500e200000000001e5286574356940658273ad1326fc65be4b1037a74cfb5af100fc4e94d123d9b22a7561b8850821bc1f8b5b0a3e3b79b0d96ab7cc60e0e144f0f04bfffe68fe46421a161eedd1a5cee316f68f7617859f06c8efd5da6abe446649c322209b1af93c6c999058168ad0a70992124d19c7c9cc22ff9a6b1a058039ab938480e8697f8715bcb18e1fd0773909464a783148e0e7b604a6c47b33c43a3ffff92ec8bbde1af40f29cfcf0836a70a2f6b1192ab8f24ca363492393e1c2a3b190180caafbf8cfca720074bdcc7cbd978efd8404a1c700000000d97899514e64e36cad5eba82010b2d149ac02e5f07000000000000000000000000000000000000000000009d5df0e0dbb9821d9c5402474d5866ce5eb60188d83ac741b45aeacac594cf09de9b460f48b96ae8a0eead478e46c8ca3e4c5d2b3cb4ad48c830e8003c45f5b2dcbf36b7e8be59ca4b46266cf75bea8a22ab71895d954dc6d28864144c73391770690a9301cde97565d509effc252599b26555355d7955f551df82ea475a711ec56d00000000a89c7533c9955fd63cd00cb83d1228"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000740)=@bpf_ext={0x1c, 0x21, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000da0e0000000000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800b7040000010000008500000082000000cf99e0ff0000000018620000010000000000000001000000bd86010010000000b7080000000000007b8af8ff00000000b7080000080000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f00200000000000000000000182300000000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000000d300001f0ffffff70ba40001800000018170000", @ANYRES32=0x1, @ANYBLOB="00000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xc, &(0x7f0000000040)=""/12, 0x20800, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000100)={0x4, 0x7, 0x9, 0x81}, 0x10, 0x29cb1, r0, 0x0, &(0x7f0000000140)=[0xffffffffffffffff], 0x0, 0x10, 0x2, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000380)=ANY=[@ANYBLOB="280000001000039300"/20, @ANYRES32=0x0, @ANYBLOB="0b000000000201000500100005000000"], 0x28}, 0x1, 0x0, 0x0, 0x4040}, 0x24048001)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfe45)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x0, 0x0)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000001c0)=0x11, 0x36)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f00000000c0)='gfs2\x00', 0x22c8417, 0x0)
add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
r5 = socket$kcm(0x10, 0x2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r6, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbf9}, 0x8)
sendmsg$kcm(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e1406ca000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000100)='net\x00')
getdents64(r7, &(0x7f0000001180)=""/4089, 0xff9)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000240)={r0, r7, 0x3, 0x0, @void}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x1000000000000f, &(0x7f0000000180)=0x57bb, 0x3c)

2m35.478867219s ago: executing program 1 (id=2336):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400))
timer_create(0xfffffffc, 0x0, &(0x7f0000000040)=<r1=>0x0)
timer_settime(0x0, 0x0, &(0x7f0000000380)={{}, {0x0, 0x9}}, 0x0)
timer_settime(r1, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x9, 0x3})
r3 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
ioctl$I2C_SMBUS(r3, 0x720, &(0x7f00000000c0)={0x81, 0x6, 0x7, 0x0})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f00000001c0)={0x60, 0x3, &(0x7f0000001000/0x1000)=nil, &(0x7f00003f9000/0x3000)=nil, 0x4, 0x0, 0x0, 0x0, 0x4, 0x10, 0x0, 0x24})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f00000001c0)={0x48, 0x4})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f00000000c0)={{@host}, @host, 0x0, 0x0, 0x1, 0x4})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

2m35.429805142s ago: executing program 1 (id=2337):
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
lsetxattr$trusted_overlay_upper(&(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000280), &(0x7f00000003c0)={0x0, 0xfb, 0x108, 0x4, 0x0, "bc24d28daedea625c1bd56a0c87d4fd2", "5c2aba8a9d3d4a41d3191e0b5a171ff1887bf575a674141571cc56bccb3839e82ab2f8b2b2a398e75966a418baeb407e78f89092b449469ffd4723621273e903497e5733464af1fa44cbb47112307fb093ac8c4b1488f35b05740f09c6b23ed6fe1bdd568fcb38beff80f2d771f35daafb6708413c9eff931285d38acb3161b48d9a57ef893d166c14d63695053fd3cbbb1ac082de0a2d4308c70250ed1f4ae9c153943c2235a5de0df9814a4dd6831e6c173905da8309d3409f02812c32133c820dc0c0dd410ca6ff86e413d411da45693348add1f02bc0f4e665392e350606d287b2295bacef9bac8582710175f6ffb856f7"}, 0x108, 0x0)
listen(r0, 0x0)
r1 = memfd_secret(0x80000)
fsetxattr$system_posix_acl(r1, &(0x7f0000000380)='system.posix_acl_default\x00', 0x0, 0x0, 0x0)
getpeername$ax25(r1, &(0x7f0000000200)={{0x3, @netrom}, [@rose, @netrom, @default, @default, @default, @netrom, @rose, @rose]}, &(0x7f00000000c0)=0x48)
accept4(r0, 0x0, 0x0, 0x0)
mount$9p_unix(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=unix'])
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000100)={{0x77359400}, {0x0, 0x989680}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2400000020000100000000000000000002000000000000020000000008000400d3120000"], 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
socket$igmp(0x2, 0x3, 0x2)

2m19.994874116s ago: executing program 32 (id=2337):
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
lsetxattr$trusted_overlay_upper(&(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000280), &(0x7f00000003c0)={0x0, 0xfb, 0x108, 0x4, 0x0, "bc24d28daedea625c1bd56a0c87d4fd2", "5c2aba8a9d3d4a41d3191e0b5a171ff1887bf575a674141571cc56bccb3839e82ab2f8b2b2a398e75966a418baeb407e78f89092b449469ffd4723621273e903497e5733464af1fa44cbb47112307fb093ac8c4b1488f35b05740f09c6b23ed6fe1bdd568fcb38beff80f2d771f35daafb6708413c9eff931285d38acb3161b48d9a57ef893d166c14d63695053fd3cbbb1ac082de0a2d4308c70250ed1f4ae9c153943c2235a5de0df9814a4dd6831e6c173905da8309d3409f02812c32133c820dc0c0dd410ca6ff86e413d411da45693348add1f02bc0f4e665392e350606d287b2295bacef9bac8582710175f6ffb856f7"}, 0x108, 0x0)
listen(r0, 0x0)
r1 = memfd_secret(0x80000)
fsetxattr$system_posix_acl(r1, &(0x7f0000000380)='system.posix_acl_default\x00', 0x0, 0x0, 0x0)
getpeername$ax25(r1, &(0x7f0000000200)={{0x3, @netrom}, [@rose, @netrom, @default, @default, @default, @netrom, @rose, @rose]}, &(0x7f00000000c0)=0x48)
accept4(r0, 0x0, 0x0, 0x0)
mount$9p_unix(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=unix'])
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000100)={{0x77359400}, {0x0, 0x989680}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2400000020000100000000000000000002000000000000020000000008000400d3120000"], 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
socket$igmp(0x2, 0x3, 0x2)

15.062582543s ago: executing program 2 (id=2965):
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000500)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000003c0), 0x88743, 0x0)
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r3, 0x3b71, &(0x7f0000001400)={0x20, 0x2, 0x0, 0x100000000, 0x1})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='rseq_update\x00'}, 0x18)
r4 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000001400)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1", 0x8000}, 0x48, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
socket$netlink(0x10, 0x3, 0x0)
pipe2$watch_queue(&(0x7f0000000180)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r8, 0x6a)

11.939399969s ago: executing program 2 (id=2975):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f00000005c0)={0x0, 0x4, 0x0, 0x8, 0x4}, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
memfd_create(0x0, 0x3)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000080)="d800006019008111e00212ba0d8105040a600200ff0f040b067c55a1bc000900080006990300000015000500fe8081780d001500030001400200000901ac040000d67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d9345d63a2c00f30b74173b22e0822a92307f00000e97030000000000000000", 0xd9}], 0x1}, 0x0)

11.721071476s ago: executing program 2 (id=2978):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000040)={'ip_vti0\x00', &(0x7f00000000c0)={'erspan0\x00', 0x0, 0x7800, 0x7800, 0xc1fd, 0xc, {{0x5, 0x4, 0x0, 0x9, 0x14, 0x64, 0x0, 0x9, 0x4, 0x0, @broadcast, @empty}}}})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r4 = socket(0xf, 0x3, 0xffffffff)
r5 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6, 0x10000, 0x1000000}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd=r4, 0x0, 0x0, 0x0, {0x81}})
r8 = dup(0xffffffffffffffff)
listen(r8, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x290, 0x258, 0x258, 0x290, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, [0xff], [], 'veth0_vlan\x00', '\x00', {0xff}, {}, 0x11, 0x0, 0x0, 0x44}, 0x0, 0x120, 0x160, 0x0, {}, [@common=@eui64={{0x28}}, @common=@inet=@multiport={{0x50}, {0x0, 0xfe, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e21, 0x0, 0x0, 0xffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc]}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x3, 0x0, 0xff, 0x1, 0x7, 0x7, 0xbb]}}}, {{@ipv6={@private0, @remote, [0x0, 0x0, 0x0, 0xff000000], [], 'lo\x00', 'erspan0\x00', {}, {}, 0x62}, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {0x0, 0x4, 0x3}, {0x4, 0x0, 0x3}, 0x0, 0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x2001}}, {0x28}}}}, 0x3c0)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x2f, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r10 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r10, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f00000000c0)={0x0, 0xc1e, 0x9eb, 0x1, 0x0, [], [0x5, 0x2, 0x0, 0xfffffffe], [0x240, 0x22, 0x7f], [0x4, 0x81, 0x1, 0x5]})
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, 0x0)
io_uring_enter(r5, 0xdb4, 0x0, 0x0, 0x0, 0x0)
epoll_create1(0x80000)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r3, 0x7a5, &(0x7f0000000040)={{@my=0x0, 0x645}, 0x1, 0x1, 0x3})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r3, 0x7b1, &(0x7f0000000100)={0x0, 0x6, 0x0, 0x6})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="ef00000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r2, @ANYBLOB="080004000001"], 0x4c}}, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)

11.069941531s ago: executing program 2 (id=2979):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x48}]}]}, 0x58}}, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r1, 0xc0096616, &(0x7f0000000080)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, 0x0)

11.000952257s ago: executing program 2 (id=2981):
r0 = io_uring_setup(0x29e7, &(0x7f0000000480)={0x0, 0x0, 0x2})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f0000000080), 0x2)

8.76730462s ago: executing program 3 (id=2990):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
r3 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r3, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r4, 0x0, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x64, 0x64, 0x9, [@volatile={0x2, 0x0, 0x0, 0x9, 0x3}, @typedef={0x10, 0x0, 0x0, 0x8, 0x3}, @struct={0xe, 0x4, 0x0, 0x4, 0x1, 0x1, [{0x4, 0x4, 0x1000}, {0x5, 0x1, 0x3af}, {0xb, 0x5, 0x18c}, {0xb, 0x0, 0x4}]}, @int={0xd, 0x0, 0x0, 0x1, 0x0, 0x3d, 0x0, 0x4, 0x2}]}, {0x0, [0x2e, 0x61, 0x5f, 0x0, 0x2e, 0x61, 0x30]}}, &(0x7f0000000440)=""/150, 0x85, 0x96, 0x1, 0x8, 0x10000, @value}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x18, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
ioctl$CEC_DQEVENT(r7, 0xc0506107, 0x0)
ioctl$CEC_DQEVENT(r7, 0xc0506107, 0x0)

7.458906997s ago: executing program 3 (id=2992):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r0)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
socket(0x1, 0x803, 0x0)
unshare(0x46060480)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYBLOB="00000000000000000000002000000000000000005876b771ae4819db6393b57ee69cf39f5f9b865a01053b71c4c9b215e73fa14c7777217b35fec305a58e019f3ae91b8a0f27e436cea8484a0db199c03fcaf3943136d6ce9b475a9fce908e543d0da80180e746ca6b3d3df31a3c66cbcc48b3ed059e02de1e1afa4618228c277be1c2770b7dc8c6e70747f14dfc0b7ee4e6e32062eba1edb4eb8b889db317b89c1e526232c33e15ca81bcf688bd7f141aceda11888a10572cfca7837e42954ca0bdb55e9c2fcc72ee21aba8680732c873da8a7ff938bc90cce792b27e9f3eeddb", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00)\x00'/16], 0x50)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8005, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r1, 0xc02c564a, &(0x7f0000000040)={0x0, 0x100f, 0x1, @discrete={0x8, 0x81}})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = dup(r2)
bind$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x3}, 0xe)
accept4$vsock_stream(r3, 0x0, 0x0, 0x80000)
semop(0x0, &(0x7f0000000040)=[{0x4, 0x1}, {0x4}], 0x2)

7.452694026s ago: executing program 4 (id=2993):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000040)=0x1)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000480)={0x53, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r2, 0x5b03, 0x0)
writev(r2, &(0x7f00000004c0)=[{&(0x7f0000000100)="45f7199156", 0x5}], 0x1)
syz_usb_disconnect(r1)
write$tun(r0, &(0x7f00000000c0)=ANY=[], 0x17a)

7.113070681s ago: executing program 0 (id=2996):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newqdisc={0x24, 0x24, 0x20, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xd, 0xc}, {0xfffa, 0x10}, {0xffe0, 0x9}}}, 0x24}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x4880, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

7.060561128s ago: executing program 0 (id=2997):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
getpid()
r1 = syz_open_dev$usbfs(&(0x7f0000000300), 0x3, 0x100)
ioctl$USBDEVFS_FREE_STREAMS(r1, 0x8008551d, &(0x7f0000000340)={0xc79a, 0x1d, [{0x9, 0x1}, {0x2, 0x1}, {0xf}, {0xc}, {0xd, 0x1}, {0x4}, {0x6, 0x1}, {0xc, 0x1}, {0xe, 0x1}, {0x2, 0x1}, {}, {}, {0x5, 0x1}, {0x8, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0xa}, {0xc, 0x1}, {0xe}, {0xe, 0x1}, {0x8}, {0x8, 0x1}, {0xf, 0x1}, {0x4, 0x1}, {0x1}, {0xe}, {0xe}, {0x2}, {0x5}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = syz_open_procfs(0x0, 0x0)
preadv(r3, 0x0, 0x0, 0x8f, 0x3b16)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000080)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$kcm(0x21, 0x0, 0xa)
socket$tipc(0x1e, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="18000000131467"], 0x18}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000380)={'vlan0\x00'})
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="1400000043b6948f3920dbc5b5a6ed34e0eb5b04243648cbc0887ccde599e123b904581aa6debb55aaeba52070fd329635c69c0e03eec434082a69ab92e89693cf82563620b4c26ae172", @ANYRES16=0x0, @ANYBLOB="01002bbd70000800000002000000"], 0x14}}, 0x20000004)

6.235850105s ago: executing program 3 (id=2998):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=@md5={0x1, "ace09d09376375c3b704b70700527e3a"}, 0x11, 0x2)
listen(r1, 0x5)
accept4(r1, 0x0, 0x0, 0x800)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

6.145814682s ago: executing program 0 (id=2999):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, &(0x7f0000000040)=[{0x2, 0x4, {0x2, 0xf0, 0x1}, {0x1, 0x0, 0x1}, 0x2, 0x1}], 0x4000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={0x2c, r4, 0x1, 0x0, 0x25dfdbfc, {0x24}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x0)

5.496581452s ago: executing program 0 (id=3000):
r0 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000204f045db600000000000109022d0001000060020904001005030001000921000036012205000905810300000c0007090502", @ANYRES16], 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet6_udp_int(r5, 0x11, 0xb, &(0x7f00000001c0)=0x100007, 0x4)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002bbd7000fedbdf2555000000080001005c00000008000300", @ANYRES32=r6], 0x30}, 0x1, 0x0, 0x0, 0x40895}, 0x4044840)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x40895}, 0x404c840)
close_range(r1, 0xffffffffffffffff, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000380)={0x18, &(0x7f0000000100)=ANY=[@ANYBLOB="000457"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r7 = socket$l2tp6(0xa, 0x2, 0x73)
bind$inet6(r7, 0x0, 0x0)

5.29731351s ago: executing program 5 (id=3002):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
r3 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r3, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r4, 0x0, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x64, 0x64, 0x9, [@volatile={0x2, 0x0, 0x0, 0x9, 0x3}, @typedef={0x10, 0x0, 0x0, 0x8, 0x3}, @struct={0xe, 0x4, 0x0, 0x4, 0x1, 0x1, [{0x4, 0x4, 0x1000}, {0x5, 0x1, 0x3af}, {0xb, 0x5, 0x18c}, {0xb, 0x0, 0x4}]}, @int={0xd, 0x0, 0x0, 0x1, 0x0, 0x3d, 0x0, 0x4, 0x2}]}, {0x0, [0x2e, 0x61, 0x5f, 0x0, 0x2e, 0x61, 0x30]}}, &(0x7f0000000440)=""/150, 0x85, 0x96, 0x1, 0x8, 0x10000, @value}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x18, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
ioctl$CEC_DQEVENT(r7, 0xc0506107, 0x0)
ioctl$CEC_DQEVENT(r7, 0xc0506107, 0x0)

5.147466091s ago: executing program 3 (id=3003):
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000380)={'vcan0\x00'})
sendmsg$can_j1939(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0xee)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00'}, 0x10)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)

4.061306232s ago: executing program 5 (id=3004):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = syz_usb_connect(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f00000000c0)={0xfffffe7e, &(0x7f0000000180)=ANY=[@ANYBLOB="e7ea020000166b35"], 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r3}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001040)={0x14, 0x52, 0x1, 0x0, 0x0, {0x1c}}, 0x14}}, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r6, &(0x7f00000000c0)={0x1f, 0x0, @none}, 0xe)
listen(r6, 0x9)
close_range(r5, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
r7 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r8 = syz_io_uring_setup(0x3ac6, &(0x7f00000001c0)={0x0, 0xfffffffd, 0x10100, 0x4, 0x37c}, &(0x7f0000000180)=<r9=>0x0, &(0x7f0000000100)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003880), 0x63}, 0x0, 0xe3d08660d3cd4684})
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r11, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@loopback, @in6=@empty, 0x0, 0x0, 0x8000, 0x0, 0x2, 0x0, 0x0, 0x6}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x1000000, 0x6}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x6c}, 0x2, @in=@rand_addr=0x64010101, 0x0, 0x4}}, 0xe8)
io_uring_enter(r8, 0x92, 0x0, 0x0, 0x0, 0x0)
bind$802154_raw(r7, &(0x7f0000000000)={0x24, @none={0x0, 0x3}}, 0x14)

4.041663252s ago: executing program 4 (id=3005):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1b, 0xc, &(0x7f0000000400)=ANY=[@ANYRESHEX=r0, @ANYRES64=r0], 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa6982a9, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f00000001c0)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[], 0x48)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000040)={0xc})
close(r7)
ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000080)={'veth1_to_batadv\x00', {0x2, 0x0, @remote}})
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_rdma(&(0x7f0000000000), &(0x7f0000000180)='.\x00', &(0x7f0000000200), 0x800, &(0x7f0000000380)=ANY=[@ANYBLOB="7472616e733d72646d612cc792fbaa584a323461d64a706f72743d30322c00bb4fb37263ba48ac028276ec411a8846b389587dcb5a0bfdb07d359d06eb856928d1954d8290f349f265b4eaa6d2214c95880061444f043e2c18fbea8037aff4457244a6377800c3bf7798370000000000000000955e6556ad0b20a5a5ae0000", @ANYRES8=r2])
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='pstore\x00', 0x1c011, 0x0)
r8 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r9, &(0x7f0000000000)={0x0, 0x6, &(0x7f0000003480)=[{&(0x7f0000000040)="1800000072006bcd9e3fe3dc6e080000070900000d000000", 0x18}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r10 = ioctl$LOOP_CTL_GET_FREE(r8, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r8, 0x4c81, r10)

3.650005639s ago: executing program 0 (id=3006):
syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001000000000904"], 0x0)
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x200000a, 0x813, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f0000000240)=ANY=[@ANYBLOB="080c00800000000000000000000000000000000000000001fe80000000000000000000000000003dfe88000000000000000000000000000100ff0200000000000000000000000000010000000000000000000000000000000100"/104], 0x68)
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x40305829, 0x0)
prlimit64(0x0, 0x7, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x6)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x2000c0c1)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x0, 0xc4)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000200)=0x4)
clock_gettime(0x3, 0x0)
mkdir(0x0, 0x41)

3.649417517s ago: executing program 3 (id=3007):
r0 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000204f045db600000000000109022d0001000060020904001005030001000921000036012205000905810300000c0007090502", @ANYRES16], 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet6_udp_int(r5, 0x11, 0xb, &(0x7f00000001c0)=0x100007, 0x4)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002bbd7000fedbdf2555000000080001005c00000008000300", @ANYRES32=r6], 0x30}, 0x1, 0x0, 0x0, 0x40895}, 0x4044840)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x40895}, 0x404c840)
close_range(r1, 0xffffffffffffffff, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000380)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0004"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r7 = socket$l2tp6(0xa, 0x2, 0x73)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e23, 0x6, @remote, 0x1}, 0x1c)

2.973509835s ago: executing program 5 (id=3008):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r7, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r7, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r8, &(0x7f0000000140)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYRESDEC=r0, @ANYRESOCT=r2, @ANYRESHEX, @ANYRES64, @ANYRES8=r4], 0x40}}, 0x0)
sendto$packet(r1, &(0x7f0000000000)='1', 0x26, 0x0, &(0x7f0000000200)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @local}, 0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x11, 0xffffffffffffffff, 0x0)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYRESOCT=r3], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r10}, 0x10)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
sendmsg$RDMA_NLDEV_CMD_SYS_GET(r8, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="48000000061401002abd7000020000000800010002000000080001000200000008000100010000070800010001800000080001000000000008000100000000000800010000000000b021446e5f8b69632894d1b82fe7ffbc05318ab1ac341c2ed3ec6938918ea3f661a5212718daae3a0fd346149a3cccdfb0f7034771fe89193236285fd9f1a4262d866200"/151], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x24008844)

2.899019763s ago: executing program 4 (id=3009):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
r2 = dup(r1)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000000010000"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000640)={'#! ', './file0'}, 0xb)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000380)={r7, r4, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x1c)
syz_emit_ethernet(0x3e, &(0x7f0000000040)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @udp={0x6, 0x6, "9428fa", 0x8, 0x11, 0x1, @empty, @private1, {[], {0x4e22, 0x4e20, 0x8}}}}}}, 0x0)

2.614401063s ago: executing program 4 (id=3010):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000e3000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x5, 0x0)
dup(0xffffffffffffffff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x35, 0x1, 0x4, 0x0, 0x0)
r4 = memfd_secret(0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000340)={r5, r4, 0x2f, 0x4608, @void}, 0x10)

1.460698924s ago: executing program 5 (id=3011):
mkdir(0x0, 0x40)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
write$tun(r0, &(0x7f0000000040)={@val={0x1c, 0x800}, @val={0x2, 0x3, 0x2, 0x11, 0x1, 0x404}, @mpls={[], @ipv4=@udp={{0x5, 0x4, 0x3, 0x27, 0x2c, 0x65, 0x0, 0xc, 0x11, 0x0, @private=0xa010102, @broadcast}, {0x4e20, 0x4e21, 0x18, 0x0, @wg=@data={0x4, 0x20006, 0x1}}}}}, 0x3a)

1.306750835s ago: executing program 4 (id=3012):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f00003e1000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x40, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r2, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
io_destroy(0x0)

995.500375ms ago: executing program 5 (id=3013):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32=r3, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x8100, r3, 0x1, 0x0, 0x6, @dev}, 0x14)

924.921473ms ago: executing program 5 (id=3014):
syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x17}, @hci_ev_le_advertising_info={{}, {0x1, [{0x1, 0x1, @any, 0xb, "092aef38d10c1d7f0d1678", 0x1}]}}}}, 0x1a)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, 0xffffffffffffffff, 0x100000)
syz_usb_connect$uac1(0x2, 0x84, &(0x7f0000000480)=ANY=[@ANYBLOB="12010102000000087a1d01014000010203010902720003010200104504000000010300000a24010600040201020c240205ff01047fff0f060007240888000ef204fc06761d0205000609040100000102000009040101010102000009050109ff03038004"], &(0x7f0000000680)={0x0, 0x0, 0x5, 0x0})
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c000000020601080000000200000000000000000d0003006c6973743a736574000000000500050000000000050001000700000005000400000000000900020073797a320000000014000780080006400000000008001740"], 0x5c}}, 0x0)

739.314623ms ago: executing program 2 (id=2983):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = syz_open_procfs(0x0, 0x0)
preadv(r2, 0x0, 0x0, 0x8f, 0x3b16)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000080)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$tipc(0x1e, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="18000000131467"], 0x18}, 0x1, 0x0, 0xf00}, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x14, 0x0, 0x1, 0x70bd2b, 0x8}, 0x14}}, 0x20000004)

679.484532ms ago: executing program 4 (id=3015):
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffff9})
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x0, 0xd, 0x9, 0x0, 0x0, 0x1e84c}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x2}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {0x4, 0x0, 0x6}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

558.833761ms ago: executing program 3 (id=3016):
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x0, <r0=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x12, 0x18}, [@ldst={0x4, 0x3, 0x0, 0x0, 0x2, 0x10}]}, &(0x7f00000004c0)='syzkaller\x00', 0xa, 0xc3, &(0x7f000000cf3d)=""/195, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000000), 0x10, r0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r6=>0x0)
io_submit(r6, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f00000001c0)='m', 0xfffffdfc}])
io_destroy(r6)
fcntl$setstatus(r5, 0x4, 0x42800)
read$FUSE(r4, &(0x7f0000003240)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r8, 0xc008aec1, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}, 0x6000)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x280030, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {'group_id', 0x3d, r10}, 0x2c, {[{@default_permissions}, {@default_permissions}, {@default_permissions}, {@allow_other}, {@default_permissions}, {@allow_other}, {@default_permissions}], [{@subj_user={'subj_user', 0x3d, '&:\\#'}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x31, 0x61, 0x62, 0x33, 0x36, 0x62, 0x30], 0x2d, [0x65, 0x35, 0x36, 0x39], 0x2d, [0x39, 0x34, 0x31, 0x32], 0x2d, [0x31, 0x36, 0x33, 0x34], 0x2d, [0x35, 0x39, 0x32, 0x0, 0x37, 0x32, 0x30, 0x31]}}}, {@fsname={'fsname', 0x3d, ':##'}}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}]}})

0s ago: executing program 0 (id=3017):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xf2fe, 0x0, 0x1, 0x250}, &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x30, 0x2, r9, 0x0, 0x0, 0x0, 0x40, 0x1, {0x1}})
io_uring_enter(r6, 0x8aa, 0x0, 0x4, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000100001000023215e940000000a00000002000000060a0b0400000000000000000200000008000a40000000000900010073797a30000000000900020073797a320000000014000000110001000000000000000000030000f052a3dc7aa1b867b3160155b1c4d1f8614876e5b850d1bfc53214db51778d4c52e475bf268b186343148db0ef"], 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x4000004)
r10 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r10, &(0x7f0000000000)={0x27}, 0x62)
listen(r10, 0x3)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
connect$rose(0xffffffffffffffff, &(0x7f0000000040)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0xfffffffe, [@bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @bcast]}, 0x40)

kernel console output (not intermixed with test programs):

tlink: 28 bytes leftover after parsing attributes in process `syz.2.2017'.
[  451.535517][T12506] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2017'.
[  451.584754][ T5874] kernel write not supported for file [eventfd] (pid: 5874 comm: kworker/0:6)
[  451.824458][T12514] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2019'.
[  452.246681][T12524] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2024'.
[  452.256989][   T30] audit: type=1400 audit(2000000069.860:826): avc:  denied  { setattr } for  pid=12523 comm="syz.1.2024" name="QIPCRTR" dev="sockfs" ino=27930 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  453.109500][T12539] dccp_invalid_packet: P.Data Offset(0) too small
[  453.633269][T12546] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=12546 comm=syz.1.2029
[  454.239243][T12559] overlayfs: failed to clone lowerpath
[  454.282779][T12561] netlink: 'syz.2.2036': attribute type 21 has an invalid length.
[  454.290741][T12561] netlink: 'syz.2.2036': attribute type 6 has an invalid length.
[  454.298453][T12561] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2036'.
[  454.310027][T12561] netlink: 'syz.2.2036': attribute type 21 has an invalid length.
[  454.318025][T12561] netlink: 'syz.2.2036': attribute type 6 has an invalid length.
[  454.325889][T12561] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2036'.
[  454.337757][T12557] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2034'.
[  455.722097][T12585] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=12585 comm=syz.4.2042
[  456.515394][T12595] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=12595 comm=syz.0.2044
[  456.713887][   T30] audit: type=1400 audit(2000000074.320:827): avc:  denied  { create } for  pid=12598 comm="syz.4.2047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  457.685393][ T5827] Bluetooth: hci3: unexpected event for opcode 0x0000
[  457.704003][T12618] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2051'.
[  458.017403][T12636] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2058'.
[  458.028832][T12636] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2058'.
[  458.775347][T12639] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=12639 comm=syz.0.2057
[  459.828015][T12652] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2063'.
[  461.343617][T12670] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2069'.
[  461.731707][ T5827] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  461.740549][ T5827] Bluetooth: hci3: Injecting HCI hardware error event
[  461.750681][ T5830] Bluetooth: hci3: hardware error 0x00
[  462.387530][T12686] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2073'.
[  463.880789][ T5830] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  465.808110][   T30] audit: type=1400 audit(2000000083.420:828): avc:  denied  { create } for  pid=12720 comm="syz.4.2081" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  465.969344][T12727] siw: device registration error -23
[  468.048150][   T30] audit: type=1400 audit(2000000085.660:829): avc:  denied  { setopt } for  pid=12766 comm="syz.2.2098" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  468.082410][   T30] audit: type=1400 audit(2000000085.690:830): avc:  denied  { read } for  pid=12766 comm="syz.2.2098" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  468.404829][T12786] netlink: 136 bytes leftover after parsing attributes in process `syz.2.2101'.
[  469.418699][   T30] audit: type=1400 audit(2000000087.020:831): avc:  denied  { nlmsg_write } for  pid=12794 comm="syz.3.2104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  469.821173][T12803] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=12803 comm=syz.4.2105
[  470.593840][T12819] lo speed is unknown, defaulting to 1000
[  473.788835][T12866] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2123'.
[  473.812690][T12866] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2123'.
[  473.917283][T12876] netlink: 'syz.0.2124': attribute type 1 has an invalid length.
[  474.902021][T12896] xt_CT: You must specify a L4 protocol and not use inversions on it
[  475.063140][T12899] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2129'.
[  475.089135][T12899] netlink: 'syz.1.2129': attribute type 4 has an invalid length.
[  475.645994][T12909] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  475.679518][T12909] CIFS mount error: No usable UNC path provided in device string!
[  475.679518][T12909] 
[  475.714620][T12909] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  476.729998][T12931] netlink: 'syz.3.2136': attribute type 39 has an invalid length.
[  476.776802][T12935] netlink: 'syz.1.2139': attribute type 9 has an invalid length.
[  477.302032][T12951] CIFS mount error: No usable UNC path provided in device string!
[  477.302032][T12951] 
[  477.312264][T12951] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  478.143307][   T30] audit: type=1400 audit(2000000095.750:832): avc:  denied  { ioctl } for  pid=12958 comm="syz.2.2145" path="socket:[28550]" dev="sockfs" ino=28550 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  479.906801][T12988] fuse: Bad value for 'user_id'
[  479.916513][T12988] fuse: Bad value for 'user_id'
[  479.960196][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  480.173945][T12997] PKCS7: Unknown OID: [5] 0.0
[  480.178998][T12997] PKCS7: Only support pkcs7_signedData type
[  481.101473][T13005] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2160'.
[  481.134666][   T30] audit: type=1400 audit(2000000098.750:833): avc:  denied  { read } for  pid=13007 comm="syz.1.2161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  481.483589][T13021] syz_tun: entered allmulticast mode
[  481.490820][T13021] fuse: Invalid rootmode
[  481.616772][T13020] syz_tun: left allmulticast mode
[  483.227784][T13039] syz.0.2172: attempt to access beyond end of device
[  483.227784][T13039] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[  483.241212][T13039] FAT-fs (loop1): unable to read boot sector
[  483.331709][   T30] audit: type=1400 audit(2000000100.840:834): avc:  denied  { mounton } for  pid=13034 comm="syz.0.2172" path="/398/file0" dev="tmpfs" ino=2115 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  483.944476][T13053] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2179'.
[  485.650327][ T5830] Bluetooth: hci1: command 0x0406 tx timeout
[  486.100949][T13094] fuse: Bad value for 'fd'
[  486.120018][T13096] 9pnet_fd: Insufficient options for proto=fd
[  487.270519][T13109] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2200'.
[  488.042661][T13123] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2205'.
[  488.053087][T13123] netlink: 59 bytes leftover after parsing attributes in process `syz.2.2205'.
[  488.063503][T13123] netlink: 59 bytes leftover after parsing attributes in process `syz.2.2205'.
[  488.308336][T13137] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2208'.
[  488.378152][   T30] audit: type=1400 audit(2000000105.990:835): avc:  denied  { ioctl } for  pid=13138 comm="syz.0.2210" path="socket:[29690]" dev="sockfs" ino=29690 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sock_file permissive=1
[  490.480970][T13178] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2221'.
[  491.560279][T13194] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=13194 comm=syz.4.2225
[  491.620645][T13199] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2228'.
[  492.987236][   T30] audit: type=1326 audit(2000000110.600:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  493.095921][T13213] overlayfs: failed to clone upperpath
[  493.152068][T13214] bpf: Bad value for 'gid'
[  493.332088][   T30] audit: type=1326 audit(2000000110.600:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  493.360359][   T30] audit: type=1326 audit(2000000110.600:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  493.414308][   T30] audit: type=1326 audit(2000000110.600:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  493.478070][   T30] audit: type=1326 audit(2000000110.600:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  493.507267][   T30] audit: type=1326 audit(2000000110.600:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  493.536794][   T30] audit: type=1326 audit(2000000110.600:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  493.570407][   T30] audit: type=1326 audit(2000000110.600:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  493.639710][   T30] audit: type=1326 audit(2000000110.600:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  493.669923][   T30] audit: type=1326 audit(2000000110.600:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  493.735733][   T30] audit: type=1326 audit(2000000110.600:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  493.788240][   T30] audit: type=1326 audit(2000000110.600:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  493.821933][T13230] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2235'.
[  493.830969][   T30] audit: type=1326 audit(2000000110.600:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13209 comm="syz.0.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  494.195316][T13235] tipc: Started in network mode
[  494.200404][T13235] tipc: Node identity 7f000001, cluster identity 4711
[  494.207337][T13235] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  494.245423][T13235] tipc: Enabled bearer <eth:team0>, priority 0
[  494.912691][T13243] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2241'.
[  495.251703][   T26] tipc: Node number set to 2130706433
[  495.428949][T13251] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=13251 comm=syz.1.2242
[  495.505606][T13257] netlink: 'syz.2.2243': attribute type 9 has an invalid length.
[  495.516244][T13257] netlink: 61951 bytes leftover after parsing attributes in process `syz.2.2243'.
[  495.773163][T13261] lo speed is unknown, defaulting to 1000
[  496.834976][T13284] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2252'.
[  497.273374][T13291] lo speed is unknown, defaulting to 1000
[  497.789011][T13309] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  497.812480][T13304] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=13304 comm=syz.3.2259
[  498.502521][T13326] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2264'.
[  498.547762][   T30] kauditd_printk_skb: 27 callbacks suppressed
[  498.547778][   T30] audit: type=1400 audit(2000000116.160:876): avc:  denied  { mount } for  pid=13299 comm="syz.2.2258" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  499.916301][T13348] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2272'.
[  500.056682][   T30] audit: type=1400 audit(2000000117.650:877): avc:  denied  { ioctl } for  pid=13358 comm="syz.1.2276" path="/file0" dev="9p" ino=2 ioctlcmd=0x89f1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  501.493200][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  501.499508][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  504.630128][T13423] tipc: Started in network mode
[  504.635027][T13423] tipc: Node identity aaaaaaaaaa35, cluster identity 4711
[  504.651229][T13423] tipc: Enabled bearer <eth:macvlan1>, priority 10
[  504.768049][T13430] netlink: 'syz.4.2303': attribute type 1 has an invalid length.
[  504.845718][T13430] 8021q: adding VLAN 0 to HW filter on device bond1
[  504.886932][T13437] netlink: 'syz.1.2307': attribute type 4 has an invalid length.
[  504.907382][T13437] netlink: 'syz.1.2307': attribute type 4 has an invalid length.
[  505.243312][   T30] audit: type=1400 audit(2000000122.820:878): avc:  denied  { cmd } for  pid=13438 comm="syz.0.2304" path="socket:[31160]" dev="sockfs" ino=31160 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  505.693276][T13466] 9pnet_fd: Insufficient options for proto=fd
[  505.803303][ T5874] tipc: Node number set to 10463914
[  506.401184][T13480] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2322'.
[  506.424886][T13480] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2322'.
[  506.487631][   T30] audit: type=1400 audit(2000000124.100:879): avc:  denied  { override_creds } for  pid=13483 comm="syz.1.2324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  506.764193][T13490] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2325'.
[  508.406713][T13514] netlink: 'syz.1.2327': attribute type 10 has an invalid length.
[  508.435905][T13514] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  508.665798][T13519] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  508.815795][T13526] bad cache= option: no%eet/syz0
[  508.815795][T13526] 
[  508.847858][T13526] CIFS: VFS: bad cache= option: no%eet/syz0
[  508.909879][   T30] audit: type=1400 audit(2000000126.520:880): avc:  denied  { mounton } for  pid=13527 comm="syz.1.2337" path=2F3438342FE91F7189591E9233614B dev="tmpfs" ino=2574 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  509.039545][T13533] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2339'.
[  509.060754][T13533] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2339'.
[  509.238780][T13539] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  509.540402][T13482] ceph: No mds server is up or the cluster is laggy
[  510.425165][T13569] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2353'.
[  510.425991][T13572] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2355'.
[  510.442208][   T30] audit: type=1326 audit(2000000128.060:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13571 comm="syz.2.2354" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5bfaf8d169 code=0x0
[  510.447360][T13572] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2355'.
[  511.052356][T13581] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2357'.
[  511.090163][T13581] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2357'.
[  512.010750][   T30] audit: type=1400 audit(2000000128.860:882): avc:  denied  { setopt } for  pid=13576 comm="syz.3.2356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  512.801635][T13607] __nla_validate_parse: 1 callbacks suppressed
[  512.801654][T13607] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2365'.
[  512.953078][T13620] nfs4: Unknown parameter 'rdm'
[  514.790437][T13650] netlink: set zone limit has 8 unknown bytes
[  515.721693][T13661] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2382'.
[  515.762933][T13661] netlink: 'syz.2.2382': attribute type 21 has an invalid length.
[  515.785686][T13657] bridge0: port 2(bridge_slave_1) entered disabled state
[  515.793169][T13657] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.938675][T13657] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  515.981149][T13659] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  516.433523][T13668] netlink: 'syz.0.2384': attribute type 5 has an invalid length.
[  517.358285][T13675] netlink: 236 bytes leftover after parsing attributes in process `syz.3.2386'.
[  517.469977][T13675] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2386'.
[  517.948571][   T30] audit: type=1400 audit(2000000135.560:883): avc:  denied  { create } for  pid=13697 comm="syz.4.2394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  517.969136][   T30] audit: type=1400 audit(2000000135.560:884): avc:  denied  { write } for  pid=13697 comm="syz.4.2394" path="socket:[31524]" dev="sockfs" ino=31524 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  519.412950][T13719] sctp: [Deprecated]: syz.0.2400 (pid 13719) Use of struct sctp_assoc_value in delayed_ack socket option.
[  519.412950][T13719] Use struct sctp_sack_info instead
[  519.433383][T13713] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  522.859254][T13762] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2414'.
[  522.869174][T13762] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2414'.
[  524.576734][T13795] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  524.586599][T13795] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  524.596739][T13795] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  524.609157][T13795] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  524.626175][T13795] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  524.633567][T13795] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  524.649533][   T30] audit: type=1400 audit(2000000142.260:885): avc:  denied  { mounton } for  pid=13793 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  524.667694][T13793] lo speed is unknown, defaulting to 1000
[  524.974002][T13793] chnl_net:caif_netlink_parms(): no params data found
[  525.542263][T13793] bridge0: port 1(bridge_slave_0) entered blocking state
[  525.554684][T13793] bridge0: port 1(bridge_slave_0) entered disabled state
[  525.562103][T13793] bridge_slave_0: entered allmulticast mode
[  525.569430][T13793] bridge_slave_0: entered promiscuous mode
[  525.588989][T13793] bridge0: port 2(bridge_slave_1) entered blocking state
[  525.600273][T13793] bridge0: port 2(bridge_slave_1) entered disabled state
[  525.612918][T13793] bridge_slave_1: entered allmulticast mode
[  525.621315][T13793] bridge_slave_1: entered promiscuous mode
[  525.669535][T13793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  525.682145][T13793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  525.705007][T13827] dns_resolver: Unsupported server list version (0)
[  525.717100][T13793] team0: Port device team_slave_0 added
[  525.727669][T13793] team0: Port device team_slave_1 added
[  525.818226][T13793] batman_adv: batadv0: Adding interface: batadv_slave_0
[  525.834676][T13793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  525.875424][T13793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  525.926957][T13793] batman_adv: batadv0: Adding interface: batadv_slave_1
[  525.944572][T13793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  526.181294][T13793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  526.202699][T13836] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2435'.
[  526.244495][T13793] hsr_slave_0: entered promiscuous mode
[  526.250673][T13793] hsr_slave_1: entered promiscuous mode
[  526.256685][T13793] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  526.265378][T13793] Cannot create hsr debugfs directory
[  526.397959][T13793] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  526.409352][T13793] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  526.418480][T13793] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  526.427927][T13793] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  526.701781][ T5830] Bluetooth: hci5: command tx timeout
[  527.212276][T13793] 8021q: adding VLAN 0 to HW filter on device bond0
[  527.234056][T13793] 8021q: adding VLAN 0 to HW filter on device team0
[  527.738315][   T30] audit: type=1326 audit(2000000145.230:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13845 comm="syz.2.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bfaf8d169 code=0x7ffc0000
[  527.786713][T13793] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  527.787748][T13852] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.2439'.
[  527.797557][   T30] audit: type=1326 audit(2000000145.250:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13845 comm="syz.2.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bfaf8d169 code=0x7ffc0000
[  527.815323][T13852] netlink: zone id is out of range
[  527.830471][T13793] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  527.836062][T13852] netlink: zone id is out of range
[  527.847740][   T30] audit: type=1326 audit(2000000145.290:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13845 comm="syz.2.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f5bfaf8d169 code=0x7ffc0000
[  527.859834][T13852] netlink: zone id is out of range
[  527.877970][T13854] dvmrp0: entered allmulticast mode
[  527.879774][T13852] netlink: zone id is out of range
[  527.893235][   T30] audit: type=1326 audit(2000000145.290:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13845 comm="syz.2.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bfaf8d169 code=0x7ffc0000
[  527.944285][T13852] netlink: zone id is out of range
[  527.959823][T13852] netlink: zone id is out of range
[  527.980207][T13852] netlink: zone id is out of range
[  528.007277][T13852] netlink: zone id is out of range
[  528.008333][T10798] bridge0: port 1(bridge_slave_0) entered blocking state
[  528.019481][T10798] bridge0: port 1(bridge_slave_0) entered forwarding state
[  528.036900][T13852] netlink: get zone limit has 8 unknown bytes
[  528.051038][T10798] bridge0: port 2(bridge_slave_1) entered blocking state
[  528.058268][T10798] bridge0: port 2(bridge_slave_1) entered forwarding state
[  528.077409][   T30] audit: type=1326 audit(2000000145.290:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13845 comm="syz.2.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bfaf8d169 code=0x7ffc0000
[  528.135929][   T30] audit: type=1326 audit(2000000145.310:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13845 comm="syz.2.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f5bfaf8d169 code=0x7ffc0000
[  528.173528][   T30] audit: type=1326 audit(2000000145.350:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13845 comm="syz.2.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bfaf8d169 code=0x7ffc0000
[  528.183097][T13859] lo speed is unknown, defaulting to 1000
[  528.235368][   T30] audit: type=1326 audit(2000000145.350:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13845 comm="syz.2.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bfaf8d169 code=0x7ffc0000
[  528.266960][   T30] audit: type=1400 audit(2000000145.750:894): avc:  denied  { create } for  pid=13858 comm="syz.2.2441" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  528.367900][T13793] 8021q: adding VLAN 0 to HW filter on device batadv0
[  528.720238][T13877] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2443'.
[  528.762751][ T5830] Bluetooth: hci5: command tx timeout
[  529.236420][T13793] veth0_vlan: entered promiscuous mode
[  529.334849][T13793] veth1_vlan: entered promiscuous mode
[  529.395586][T13793] veth0_macvtap: entered promiscuous mode
[  529.413200][T13793] veth1_macvtap: entered promiscuous mode
[  529.554964][T13793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  529.571896][T13793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.062214][T13793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  530.077189][T13793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.090339][T13793] batman_adv: batadv0: Interface activated: batadv_slave_0
[  530.111909][T13793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  530.157312][T13793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.180087][T13793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  530.205622][T13793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.217497][T13793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  530.233806][T13793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.246864][T13793] batman_adv: batadv0: Interface activated: batadv_slave_1
[  530.257097][T13793] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  530.276099][T13793] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  530.464399][T13902] netlink: 'syz.3.2451': attribute type 1 has an invalid length.
[  530.472534][T13902] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2451'.
[  530.492022][T13793] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  530.501184][T13793] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  530.558177][T13901] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2451'.
[  530.620151][T13904] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=13904 comm=syz.2.2450
[  530.845023][T10797] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.865668][ T5830] Bluetooth: hci5: command tx timeout
[  530.879519][T13918] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2454'.
[  530.908515][T10797] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.944914][T13917] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2453'.
[  531.057264][T10798] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  531.105610][T10798] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  531.252082][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  531.252094][   T30] audit: type=1400 audit(2000000148.870:896): avc:  denied  { mounton } for  pid=13793 comm="syz-executor" path="/root/syzkaller.ONKZce/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  531.350186][   T30] audit: type=1326 audit(2000000148.950:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13920 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  531.434340][   T30] audit: type=1326 audit(2000000148.950:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13920 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  531.539286][   T30] audit: type=1326 audit(2000000148.950:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13920 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  531.850206][T13937] overlayfs: missing 'lowerdir'
[  532.604365][T13940] audit: audit_backlog=65 > audit_backlog_limit=64
[  532.611031][T13940] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  532.618659][T13940] audit: backlog limit exceeded
[  532.662686][ T5830] Bluetooth: hci5: unexpected event 0x09 length: 4 > 3
[  532.677855][   T30] audit: type=1326 audit(2000000148.950:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13920 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  532.709627][   T30] audit: type=1326 audit(2000000148.950:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13920 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  532.734841][   T30] audit: type=1326 audit(2000000148.950:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13920 comm="syz.0.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f9698d8d169 code=0x7ffc0000
[  532.920734][T13795] Bluetooth: hci5: command tx timeout
[  532.970947][T13922] Invalid source name
[  532.974953][T13922] UBIFS error (pid: 13922): cannot open "./file0", error -22
[  533.220635][T13951] netlink: 'syz.4.2463': attribute type 1 has an invalid length.
[  534.784300][T13985] sctp: [Deprecated]: syz.4.2476 (pid 13985) Use of int in max_burst socket option.
[  534.784300][T13985] Use struct sctp_assoc_value instead
[  535.579592][T14007] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2482'.
[  535.591642][T14007] netlink: 'syz.4.2482': attribute type 4 has an invalid length.
[  535.609820][T14007] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2482'.
[  536.178031][T14032] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0
[  536.349025][T14036] xt_hashlimit: overflow, try lower: 18446744073709551615/255
[  536.441468][   T49] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  536.780161][   T49] usb 6-1: Using ep0 maxpacket: 16
[  536.879509][   T49] usb 6-1: New USB device found, idVendor=0456, idProduct=f000, bcdDevice=f3.7f
[  536.996779][   T49] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.153505][   T49] usb 6-1: Product: syz
[  537.221362][   T49] usb 6-1: Manufacturer: syz
[  537.281890][   T49] usb 6-1: SerialNumber: syz
[  537.316098][   T49] usb 6-1: config 0 descriptor??
[  537.401108][   T49] ftdi_sio 6-1:0.0: Ignoring interface reserved for JTAG
[  537.600938][T14047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  537.624990][T14047] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  537.900842][   T49] usb 6-1: USB disconnect, device number 2
[  538.256352][T14058] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  538.489128][T14061] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.517695][T14061] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  538.535044][T14062] netlink: 'syz.4.2499': attribute type 10 has an invalid length.
[  538.563449][T14062] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2499'.
[  538.606979][T14062] team0: Failed to send port change of device geneve0 via netlink (err -105)
[  538.639686][T14062] team0: Failed to send options change via netlink (err -105)
[  538.647544][T14062] team0: Port device geneve0 added
[  538.785091][T14070] netlink: 'syz.3.2501': attribute type 1 has an invalid length.
[  538.849549][T14070] netlink: 'syz.3.2501': attribute type 2 has an invalid length.
[  539.121910][T14061] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.132586][T14061] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  539.291344][T14061] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.308675][T14061] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  539.337239][T14074] lo speed is unknown, defaulting to 1000
[  540.452459][T14061] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  540.570155][T14061] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  540.620402][   T30] kauditd_printk_skb: 520 callbacks suppressed
[  540.620417][   T30] audit: type=1400 audit(2000000158.240:1423): avc:  denied  { append } for  pid=14082 comm="syz.5.2505" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  541.043412][   T30] audit: type=1400 audit(2000000158.280:1424): avc:  denied  { read } for  pid=14082 comm="syz.5.2505" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  541.117552][T14061] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  541.152417][   T30] audit: type=1400 audit(2000000158.280:1425): avc:  denied  { open } for  pid=14082 comm="syz.5.2505" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  541.160124][T14061] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 20000 - 0
[  541.242634][T14061] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  541.260861][T14061] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 20000 - 0
[  541.287421][T14061] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  541.305919][T14061] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 20000 - 0
[  541.348485][T14061] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  541.380194][T14061] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 20000 - 0
[  541.558818][   T30] audit: type=1400 audit(2000000159.170:1426): avc:  denied  { write } for  pid=14096 comm="syz.5.2512" lport=56561 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  541.564665][T14101] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2506'.
[  541.593375][T14074] overlayfs: failed to clone upperpath
[  541.644698][   T30] audit: type=1400 audit(2000000159.170:1427): avc:  denied  { setopt } for  pid=14096 comm="syz.5.2512" lport=56561 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  541.800113][   T49] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  542.040190][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  542.100192][   T49] usb 6-1: Using ep0 maxpacket: 8
[  542.109629][   T49] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  542.127264][   T49] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  542.137576][   T49] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  542.151808][   T49] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  542.159811][T14103] xt_CT: You must specify a L4 protocol and not use inversions on it
[  542.165275][   T49] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  542.250750][   T49] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.290769][T14152] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2527'.
[  544.319776][T14152] netlink: 596 bytes leftover after parsing attributes in process `syz.3.2527'.
[  544.637358][   T49] usb 6-1: usb_control_msg returned -71
[  544.700072][   T49] usbtmc 6-1:16.0: can't read capabilities
[  544.749776][   T49] usb 6-1: USB disconnect, device number 3
[  544.766713][   T30] audit: type=1326 audit(2000000162.380:1428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14160 comm="syz.5.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a8bd8d169 code=0x7ffc0000
[  544.835567][   T30] audit: type=1326 audit(2000000162.410:1429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14160 comm="syz.5.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f3a8bd8d169 code=0x7ffc0000
[  544.909962][   T30] audit: type=1326 audit(2000000162.410:1430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14160 comm="syz.5.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a8bd8d169 code=0x7ffc0000
[  544.962185][T14155] lo speed is unknown, defaulting to 1000
[  544.984585][   T30] audit: type=1326 audit(2000000162.410:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14160 comm="syz.5.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a8bd8d169 code=0x7ffc0000
[  545.403244][   T30] audit: type=1326 audit(2000000162.410:1432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14160 comm="syz.5.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f3a8bd8d169 code=0x7ffc0000
[  545.959490][T14178] syzkaller0: entered allmulticast mode
[  546.165027][T14178] syzkaller0 (unregistering): left allmulticast mode
[  547.016001][T14181] overlay: Unknown parameter 'smackfshat'
[  547.378192][T14184] overlayfs: failed to clone upperpath
[  548.180352][   T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  548.774004][T14200] overlayfs: failed to clone upperpath
[  548.800107][   T10] usb 6-1: Using ep0 maxpacket: 8
[  548.829927][   T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  548.844482][   T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  548.872513][   T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  549.040076][   T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  549.049941][   T10] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  549.066746][   T10] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  549.090072][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  549.108174][   T10] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22
[  550.046246][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  550.046257][   T30] audit: type=1400 audit(2000000167.650:1435): avc:  denied  { mount } for  pid=14216 comm="syz.3.2546" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  550.216573][T14220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  550.233663][T14220] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  550.269440][T14222] 9pnet_fd: Insufficient options for proto=fd
[  551.350816][   T26] usb 6-1: USB disconnect, device number 4
[  551.769056][T14248] netlink: 'syz.2.2557': attribute type 1 has an invalid length.
[  551.916948][   T30] audit: type=1326 audit(2000000169.530:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14261 comm="syz.4.2564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5adcb8d169 code=0x7ffc0000
[  551.946453][   T30] audit: type=1326 audit(2000000169.530:1437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14261 comm="syz.4.2564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5adcb8d169 code=0x7ffc0000
[  551.970193][   T26] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  551.994861][   T30] audit: type=1326 audit(2000000169.540:1438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14261 comm="syz.4.2564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f5adcb8d169 code=0x7ffc0000
[  552.028294][   T30] audit: type=1326 audit(2000000169.540:1439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14261 comm="syz.4.2564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5adcb8d169 code=0x7ffc0000
[  552.057188][   T30] audit: type=1326 audit(2000000169.540:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14261 comm="syz.4.2564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5adcb8d169 code=0x7ffc0000
[  552.087383][   T30] audit: type=1326 audit(2000000169.540:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14261 comm="syz.4.2564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=198 compat=0 ip=0x7f5adcb8d169 code=0x7ffc0000
[  552.111460][   T30] audit: type=1326 audit(2000000169.540:1442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14261 comm="syz.4.2564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5adcb8d169 code=0x7ffc0000
[  552.121968][T14260] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2563'.
[  552.136945][   T30] audit: type=1326 audit(2000000169.540:1443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14261 comm="syz.4.2564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5adcb8d169 code=0x7ffc0000
[  552.144901][   T26] usb 6-1: Using ep0 maxpacket: 32
[  552.183290][   T26] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  552.190200][   T30] audit: type=1326 audit(2000000169.540:1444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14261 comm="syz.4.2564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5adcb8d169 code=0x7ffc0000
[  552.194508][   T26] usb 6-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  552.235724][   T26] usb 6-1: config 0 interface 0 has no altsetting 0
[  552.326470][   T26] usb 6-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  552.348446][   T26] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.362510][   T26] usb 6-1: config 0 descriptor??
[  552.377723][   T26] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  553.379512][   T10] usb 6-1: USB disconnect, device number 5
[  554.068821][T14289] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=251 sclass=netlink_route_socket pid=14289 comm=syz.0.2572
[  554.459050][T14292] overlayfs: failed to clone lowerpath
[  554.476812][T14295] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  555.104678][T14313] geneve2: entered promiscuous mode
[  555.110351][T14313] geneve2: entered allmulticast mode
[  556.232290][T14334] CIFS: iocharset name too long
[  556.371061][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  556.371091][   T30] audit: type=1800 audit(2000000173.860:1468): pid=14334 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.2585" name="nullb0" dev="tmpfs" ino=1218 res=0 errno=0
[  557.142789][T14344] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2590'.
[  557.152259][T14344] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  557.161821][T14344] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  557.822340][T14349] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2592'.
[  558.000940][T14359] lo speed is unknown, defaulting to 1000
[  559.722150][T14377] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2599'.
[  560.222861][T14394] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2602'.
[  560.682014][   T30] audit: type=1804 audit(2000000178.180:1469): pid=14402 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.5.2603" name="/newroot/25/file0" dev="tmpfs" ino=149 res=1 errno=0
[  560.998234][   T30] audit: type=1804 audit(2000000178.190:1470): pid=14402 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.5.2603" name="/newroot/25/file0" dev="tmpfs" ino=149 res=1 errno=0
[  561.952495][   T30] audit: type=1400 audit(2000000179.570:1471): avc:  denied  { setattr } for  pid=14430 comm="syz.5.2612" name="NETLINK" dev="sockfs" ino=34359 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  562.052867][T14431] 9pnet_fd: Insufficient options for proto=fd
[  562.540547][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  562.546874][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  562.599170][   T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  563.390101][   T10] usb 6-1: Using ep0 maxpacket: 8
[  563.398578][   T10] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  563.407869][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.419198][   T10] usb 6-1: Product: syz
[  563.430039][   T10] usb 6-1: Manufacturer: syz
[  563.434648][   T10] usb 6-1: SerialNumber: syz
[  563.465730][   T10] usb 6-1: config 0 descriptor??
[  563.602265][T14449] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  563.624167][T14449] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=14449 comm=syz.3.2616
[  563.734381][   T10] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  564.879145][T14459] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2621'.
[  564.906285][T14459] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2621'.
[  564.948694][T14461] netlink: 'syz.3.2622': attribute type 16 has an invalid length.
[  564.957419][T14463] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2623'.
[  564.988376][T14461] netlink: 'syz.3.2622': attribute type 17 has an invalid length.
[  566.539257][ T5874] kernel write not supported for file [eventfd] (pid: 5874 comm: kworker/0:6)
[  566.561039][T14473] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  566.683502][   T10] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  567.025910][T14492] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=14492 comm=syz.4.2630
[  567.260296][   T10] usb 6-1: USB disconnect, device number 6
[  567.465059][T14505] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2635'.
[  569.202484][   T30] audit: type=1400 audit(2000000186.820:1472): avc:  denied  { listen } for  pid=14534 comm="syz.5.2644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  569.228899][   T30] audit: type=1400 audit(2000000186.820:1473): avc:  denied  { accept } for  pid=14534 comm="syz.5.2644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  569.937270][T14547] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2647'.
[  570.048572][   T30] audit: type=1400 audit(2000000187.660:1474): avc:  denied  { create } for  pid=14548 comm="syz.5.2648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  570.321365][T14551] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  570.330966][T14551] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  570.405996][   T30] audit: type=1400 audit(2000000188.020:1475): avc:  denied  { read } for  pid=14548 comm="syz.5.2648" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  571.161282][T14560] IPVS: Error joining to the multicast group
[  571.640381][T14564] lo speed is unknown, defaulting to 1000
[  574.150555][   T30] audit: type=1400 audit(2000000191.770:1476): avc:  denied  { sys_chroot } for  pid=14628 comm="dhcpcd" capability=18  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[  574.254203][   T30] audit: type=1400 audit(2000000191.770:1477): avc:  denied  { setgid } for  pid=14628 comm="dhcpcd" capability=6  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[  574.289211][   T30] audit: type=1400 audit(2000000191.770:1478): avc:  denied  { setrlimit } for  pid=14628 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1
[  575.772171][T14684] netlink: 'syz.2.2672': attribute type 16 has an invalid length.
[  575.832376][T14684] netlink: 'syz.2.2672': attribute type 17 has an invalid length.
[  579.002495][T14734] sctp: [Deprecated]: syz.4.2686 (pid 14734) Use of struct sctp_assoc_value in delayed_ack socket option.
[  579.002495][T14734] Use struct sctp_sack_info instead
[  579.790158][  T970] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  579.978411][  T970] usb 6-1: Using ep0 maxpacket: 32
[  580.016473][  T970] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  580.041612][  T970] usb 6-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  580.105360][  T970] usb 6-1: config 0 interface 0 has no altsetting 0
[  580.124243][  T970] usb 6-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  580.136529][  T970] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.181253][  T970] usb 6-1: config 0 descriptor??
[  580.253644][  T970] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  580.604611][T14732] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2685'.
[  580.774027][T14768] devpts: called with bogus options
[  581.336197][  T970] usb 6-1: USB disconnect, device number 7
[  581.389026][T14771] lo speed is unknown, defaulting to 1000
[  581.449049][T14773] netlink: 'syz.5.2696': attribute type 21 has an invalid length.
[  581.456995][T14773] netlink: 168 bytes leftover after parsing attributes in process `syz.5.2696'.
[  583.619201][T14798] lo speed is unknown, defaulting to 1000
[  583.734225][T14804] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2707'.
[  583.742176][T14806] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2706'.
[  584.496969][T14817] IPVS: set_ctl: invalid protocol: 2 224.0.0.1:20002
[  584.508208][T14816] trusted_key: encrypted_key: master key parameter 'tru' is invalid
[  584.511875][T14819] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2710'.
[  584.533467][T14819] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2710'.
[  585.302754][T14834] netlink: 'syz.5.2714': attribute type 4 has an invalid length.
[  585.314295][T14834] netlink: 'syz.5.2714': attribute type 4 has an invalid length.
[  587.193859][T14854] lo speed is unknown, defaulting to 1000
[  587.551652][T14867] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2718'.
[  587.917194][T14879] netlink: 'syz.3.2721': attribute type 1 has an invalid length.
[  588.774043][T14893] ip6t_rpfilter: unknown options
[  589.717932][T14918] lo speed is unknown, defaulting to 1000
[  590.750413][T14931] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2734'.
[  591.390092][ T5874] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  592.571573][ T5874] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  592.586744][ T5874] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  592.606005][ T5874] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  592.623248][ T5874] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  592.637537][ T5874] usb 6-1: Product: syz
[  592.667827][ T5874] usb 6-1: Manufacturer: syz
[  592.673299][ T5874] usb 6-1: SerialNumber: syz
[  592.680634][ T5874] usb 6-1: config 0 descriptor??
[  592.689690][ T5874] hub 6-1:0.0: bad descriptor, ignoring hub
[  592.699177][ T5874] hub 6-1:0.0: probe with driver hub failed with error -5
[  592.831514][T14965] lo speed is unknown, defaulting to 1000
[  593.725908][T14974] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2735'.
[  593.937208][ T5874] libceph: connect (1)[c::]:6789 error -101
[  593.970656][ T5874] libceph: mon0 (1)[c::]:6789 connect error
[  594.236566][   T30] audit: type=1804 audit(594.084:1479): pid=14985 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.2746" name="file0" dev="tmpfs" ino=3111 res=1 errno=0
[  594.506374][  T970] usb 6-1: USB disconnect, device number 8
[  594.520543][    T9] libceph: connect (1)[c::]:6789 error -101
[  594.527214][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  594.575047][   T30] audit: type=1804 audit(594.094:1480): pid=14985 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.2746" name="file0" dev="tmpfs" ino=3111 res=1 errno=0
[  594.812092][T14989] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pid=14989 comm=syz.4.2747
[  594.987473][   T30] audit: type=1400 audit(594.954:1481): avc:  denied  { shutdown } for  pid=14996 comm="syz.3.2750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  595.041852][  T970] libceph: connect (1)[c::]:6789 error -101
[  595.048077][  T970] libceph: mon0 (1)[c::]:6789 connect error
[  595.070402][   T26] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  595.220126][   T26] usb 6-1: Using ep0 maxpacket: 32
[  595.227707][   T26] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  595.238232][   T26] usb 6-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  595.251485][   T26] usb 6-1: config 0 interface 0 has no altsetting 0
[  595.258164][   T26] usb 6-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  595.267381][   T26] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.276778][   T26] usb 6-1: config 0 descriptor??
[  595.286283][   T26] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  595.494394][T14991] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2748'.
[  595.647543][T15002] 9pnet_fd: Insufficient options for proto=fd
[  595.667530][T15002] lo speed is unknown, defaulting to 1000
[  595.907823][   T26] usb 6-1: USB disconnect, device number 9
[  595.943547][T15008] lo speed is unknown, defaulting to 1000
[  596.546847][   T10] libceph: connect (1)[c::]:6789 error -101
[  596.554965][T14980] ceph: No mds server is up or the cluster is laggy
[  596.561861][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  596.692918][   T30] audit: type=1400 audit(596.664:1482): avc:  denied  { write } for  pid=15013 comm="syz.5.2754" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  596.720079][   T30] audit: type=1400 audit(596.664:1483): avc:  denied  { open } for  pid=15013 comm="syz.5.2754" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  596.761807][ T5830] Bluetooth: hci2: command 0x0406 tx timeout
[  597.355675][T15026] netlink: 'syz.0.2758': attribute type 7 has an invalid length.
[  597.515898][T15026] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2758'.
[  597.578347][T15027] lo speed is unknown, defaulting to 1000
[  597.930273][   T30] audit: type=1400 audit(597.764:1484): avc:  denied  { bind } for  pid=15018 comm="syz.2.2755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  598.021179][T15033] lo speed is unknown, defaulting to 1000
[  598.039693][   T30] audit: type=1400 audit(597.814:1485): avc:  denied  { shutdown } for  pid=15018 comm="syz.2.2755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  598.926121][T15045] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2763'.
[  599.232124][T15051] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2764'.
[  601.118784][T15071] IPVS: set_ctl: invalid protocol: 8 255.255.255.255:20000
[  601.215868][T15074] netlink: 'syz.3.2769': attribute type 16 has an invalid length.
[  601.230355][T15074] netlink: 'syz.3.2769': attribute type 17 has an invalid length.
[  603.152923][T15108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  603.380686][T15108] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  603.828861][   T10] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  604.266157][T15119] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2780'.
[  604.470176][   T10] usb 6-1: Using ep0 maxpacket: 16
[  604.500077][   T10] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  604.530582][   T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  604.560174][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  604.583305][   T10] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  604.610064][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.618168][   T10] usb 6-1: Product: syz
[  604.630391][   T10] usb 6-1: Manufacturer: syz
[  604.635038][   T10] usb 6-1: SerialNumber: syz
[  605.037804][   T10] usb 6-1: 0:2 : does not exist
[  605.057956][   T10] usb 6-1: 1:0: cannot get min/max values for control 4 (id 1)
[  605.113690][   T10] usb 6-1: USB disconnect, device number 10
[  605.157198][T15126] lo speed is unknown, defaulting to 1000
[  605.280706][T14238] udevd[14238]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  606.320198][   T30] audit: type=1400 audit(606.284:1486): avc:  denied  { connect } for  pid=15138 comm="syz.5.2784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  606.398681][   T30] audit: type=1400 audit(606.364:1487): avc:  denied  { shutdown } for  pid=15138 comm="syz.5.2784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  606.430228][   T30] audit: type=1326 audit(606.374:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15138 comm="syz.5.2784" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3a8bd8d169 code=0x0
[  606.504220][T15142] 9pnet_fd: Insufficient options for proto=fd
[  606.573615][T15147] netlink: 'syz.0.2788': attribute type 4 has an invalid length.
[  607.489155][T15155] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2791'.
[  607.558700][T15158] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  607.572014][T15158] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  607.580711][T15158] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  607.591060][T15158] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  607.601799][T15158] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  607.613113][T15158] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  607.702193][ T3536] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.719750][T15157] lo speed is unknown, defaulting to 1000
[  607.726965][   T10] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  607.783911][ T3536] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.880200][ T3536] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.893553][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  607.905911][   T10] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  607.915378][   T10] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  607.930038][   T10] usb 6-1: Product: syz
[  607.934218][   T10] usb 6-1: Manufacturer: syz
[  607.938798][   T10] usb 6-1: SerialNumber: syz
[  607.955725][   T10] usb 6-1: config 0 descriptor??
[  607.972285][   T10] hub 6-1:0.0: bad descriptor, ignoring hub
[  607.978261][   T10] hub 6-1:0.0: probe with driver hub failed with error -5
[  607.986353][ T3536] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  608.009198][T15157] chnl_net:caif_netlink_parms(): no params data found
[  608.140686][T15157] bridge0: port 1(bridge_slave_0) entered blocking state
[  608.150718][T15157] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.157897][T15157] bridge_slave_0: entered allmulticast mode
[  608.165896][T15157] bridge_slave_0: entered promiscuous mode
[  608.187386][T15157] bridge0: port 2(bridge_slave_1) entered blocking state
[  608.213393][T15157] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.220848][T15157] bridge_slave_1: entered allmulticast mode
[  608.227293][T15157] bridge_slave_1: entered promiscuous mode
[  608.365855][T15158] Bluetooth: hci5: command 0x0405 tx timeout
[  608.415709][ T3536] bond2 (unregistering): (slave ip6erspan0): Releasing active interface
[  608.468049][T15177] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2792'.
[  608.814721][ T3536] bond0 (unregistering): Released all slaves
[  608.919129][ T3536] bond1 (unregistering): Released all slaves
[  609.025594][ T3536] bond2 (unregistering): (slave veth3): Releasing active interface
[  609.035615][ T3536] bond2 (unregistering): Released all slaves
[  609.047538][T15157] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  609.085682][T15157] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  609.197133][   T26] usb 6-1: USB disconnect, device number 11
[  609.354165][T15157] team0: Port device team_slave_0 added
[  609.388632][T15157] team0: Port device team_slave_1 added
[  609.664117][T15157] batman_adv: batadv0: Adding interface: batadv_slave_0
[  609.681166][   T30] audit: type=1400 audit(609.654:1489): avc:  denied  { ioctl } for  pid=15181 comm="syz.2.2798" path="socket:[36854]" dev="sockfs" ino=36854 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  609.718746][T15157] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  609.740134][T15158] Bluetooth: hci6: command tx timeout
[  609.776771][T15157] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  609.794081][T15157] batman_adv: batadv0: Adding interface: batadv_slave_1
[  609.802486][T15157] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  609.828842][    C1] vkms_vblank_simulate: vblank timer overrun
[  609.835263][T15157] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  609.961920][T15196] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048)
[  609.992697][   T30] audit: type=1400 audit(609.964:1490): avc:  denied  { shutdown } for  pid=15195 comm="syz.2.2801" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  610.012780][    C1] vkms_vblank_simulate: vblank timer overrun
[  610.044501][T15157] hsr_slave_0: entered promiscuous mode
[  610.053464][T15157] hsr_slave_1: entered promiscuous mode
[  610.059442][T15157] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  610.074653][   T30] audit: type=1400 audit(610.044:1491): avc:  denied  { accept } for  pid=15195 comm="syz.2.2801" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  610.112941][T15157] Cannot create hsr debugfs directory
[  610.143335][T15203] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2802'.
[  610.555256][ T3536] hsr_slave_0: left promiscuous mode
[  610.570539][   T10] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  610.578248][ T3536] hsr_slave_1: left promiscuous mode
[  610.598952][ T3536] veth1_macvtap: left promiscuous mode
[  610.617734][ T3536] veth0_macvtap: left promiscuous mode
[  610.629932][ T3536] veth1_vlan: left promiscuous mode
[  610.760716][   T10] usb 6-1: Using ep0 maxpacket: 32
[  610.801882][   T10] usb 6-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  610.811286][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.819355][   T10] usb 6-1: Product: syz
[  610.824825][   T10] usb 6-1: Manufacturer: syz
[  610.829502][   T10] usb 6-1: SerialNumber: syz
[  610.860684][   T10] usb 6-1: config 0 descriptor??
[  610.882184][   T10] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  611.490603][   T10] gspca_ov534_9: reg_w failed -110
[  611.800255][T15158] Bluetooth: hci6: command tx timeout
[  611.950507][   T10] gspca_ov534_9: Unknown sensor 0000
[  611.950569][   T10] ov534_9 6-1:0.0: probe with driver ov534_9 failed with error -22
[  613.800948][T14987] usb 6-1: USB disconnect, device number 12
[  613.812820][ T3536] IPVS: stop unused estimator thread 0...
[  613.914657][T15158] Bluetooth: hci6: command tx timeout
[  613.972747][T15157] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  614.040934][T15157] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  614.073238][T15157] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  614.189382][T15157] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  614.527159][T15157] 8021q: adding VLAN 0 to HW filter on device bond0
[  614.631372][T15157] 8021q: adding VLAN 0 to HW filter on device team0
[  614.692473][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.699570][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  614.733156][ T3536] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.740289][ T3536] bridge0: port 2(bridge_slave_1) entered forwarding state
[  615.281354][T15288] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=15288 comm=syz.4.2816
[  615.449544][T15157] 8021q: adding VLAN 0 to HW filter on device batadv0
[  615.940114][T15157] veth0_vlan: entered promiscuous mode
[  615.953745][T15157] veth1_vlan: entered promiscuous mode
[  615.964562][T15158] Bluetooth: hci6: command tx timeout
[  616.033867][   T30] audit: type=1400 audit(615.974:1492): avc:  denied  { recv } for  pid=0 comm="swapper/0" saddr=10.128.0.169 src=30006 daddr=10.128.1.80 dest=55610 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  616.062697][T15157] veth0_macvtap: entered promiscuous mode
[  616.103513][   T30] audit: type=1400 audit(616.034:1493): avc:  denied  { egress } for  pid=13911 comm="kworker/1:3" daddr=ff02::16 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[  616.125910][T15157] veth1_macvtap: entered promiscuous mode
[  616.156618][T15157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  616.918239][T15157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.934893][   T30] audit: type=1400 audit(616.034:1494): avc:  denied  { sendto } for  pid=13911 comm="kworker/1:3" daddr=ff02::16 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[  616.973649][T15157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  617.072409][T15157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  617.088825][   T30] audit: type=1400 audit(616.044:1495): avc:  denied  { read } for  pid=5181 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  617.116790][T15347] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2824'.
[  617.132527][T15157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  617.157901][T15157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  617.168169][   T30] audit: type=1400 audit(616.044:1496): avc:  denied  { search } for  pid=5181 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  617.190977][T15157] batman_adv: batadv0: Interface activated: batadv_slave_0
[  617.206102][T15157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  617.252352][   T30] audit: type=1400 audit(616.044:1497): avc:  denied  { append } for  pid=5181 comm="syslogd" name="messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  617.259031][T15350] audit: audit_backlog=65 > audit_backlog_limit=64
[  617.274590][T15157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  617.305995][T15350] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64
[  617.315921][T15350] audit: backlog limit exceeded
[  617.326017][T15157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  617.338954][   T30] audit: type=1400 audit(616.044:1498): avc:  denied  { open } for  pid=5181 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  617.362112][T15157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  617.372340][T15157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  617.383940][T15157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  617.397356][T15157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  617.408308][T15157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  617.419378][T15157] batman_adv: batadv0: Interface activated: batadv_slave_1
[  618.295847][T15367] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2827'.
[  618.539131][T15157] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  618.640346][T15157] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  618.672705][T15157] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  618.710119][T15157] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  618.771602][T15373] lo speed is unknown, defaulting to 1000
[  618.796409][T15362] geneve2: entered promiscuous mode
[  618.801794][T15362] geneve2: entered allmulticast mode
[  619.751621][T10797] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  619.857856][T15391] 9pnet_fd: Insufficient options for proto=fd
[  619.870611][T10797] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  619.917788][ T3526] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  619.934768][T15390] overlay: Unknown parameter 'smackfshat'
[  619.943894][ T3526] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  620.130426][ T5874] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  620.373737][ T5874] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  620.386120][ T5874] usb 6-1: config 0 interface 0 has no altsetting 0
[  620.705354][ T5874] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  620.787215][ T5874] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  620.836785][ T5874] usb 6-1: Product: syz
[  620.859852][ T5874] usb 6-1: Manufacturer: syz
[  620.893730][ T5874] usb 6-1: SerialNumber: syz
[  620.932271][ T5874] usb 6-1: config 0 descriptor??
[  620.944069][ T5874] usb 6-1: selecting invalid altsetting 0
[  621.051759][   T30] kauditd_printk_skb: 144 callbacks suppressed
[  621.051775][   T30] audit: type=1400 audit(621.024:1643): avc:  denied  { create } for  pid=15414 comm="syz.0.2838" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  621.125078][T15417] lo speed is unknown, defaulting to 1000
[  621.175007][   T30] audit: type=1400 audit(621.104:1644): avc:  denied  { ioctl } for  pid=15414 comm="syz.0.2838" path="socket:[38273]" dev="sockfs" ino=38273 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  621.236395][   T30] audit: type=1400 audit(621.204:1645): avc:  denied  { ioctl } for  pid=15393 comm="syz.5.2832" path="socket:[38306]" dev="sockfs" ino=38306 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  621.302266][   T49] usb 6-1: USB disconnect, device number 13
[  621.340875][   T30] audit: type=1400 audit(621.204:1646): avc:  denied  { map_read map_write } for  pid=15423 comm="syz.3.2840" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  621.377282][   T30] audit: type=1400 audit(621.204:1647): avc:  denied  { write } for  pid=15423 comm="syz.3.2840" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  621.399154][T15424] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2832'.
[  621.421204][   T30] audit: type=1400 audit(621.284:1648): avc:  denied  { perfmon } for  pid=15393 comm="syz.5.2832" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  621.447089][T15424] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  621.456550][T15424] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  621.460466][   T30] audit: type=1400 audit(621.284:1649): avc:  denied  { read } for  pid=15393 comm="syz.5.2832" dev="nsfs" ino=4026533990 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  621.465400][T15424] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  621.488151][   T30] audit: type=1400 audit(621.284:1650): avc:  denied  { open } for  pid=15393 comm="syz.5.2832" path="net:[4026533990]" dev="nsfs" ino=4026533990 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  621.495475][T15424] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  621.549846][T15424] vxlan0: entered promiscuous mode
[  621.559032][   T30] audit: type=1400 audit(621.284:1651): avc:  denied  { create } for  pid=15393 comm="syz.5.2832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  621.605908][T15436] bpf: Bad value for 'uid'
[  621.630924][   T30] audit: type=1400 audit(621.294:1652): avc:  denied  { ioctl } for  pid=15393 comm="syz.5.2832" path="socket:[38309]" dev="sockfs" ino=38309 ioctlcmd=0x8b32 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  621.740451][T15441] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  621.986496][T15455] bridge0: entered promiscuous mode
[  623.144555][T15466] netlink: 'syz.0.2855': attribute type 7 has an invalid length.
[  623.224527][T15466] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2855'.
[  623.260499][T15471] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2857'.
[  623.441364][T15471] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2857'.
[  623.450585][T15471] netlink: 'syz.3.2857': attribute type 18 has an invalid length.
[  623.587585][T15480] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2859'.
[  623.596583][T15480] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2859'.
[  623.690313][T15481] 9pnet_fd: Insufficient options for proto=fd
[  623.990492][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  623.996821][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  624.457884][T15495] netlink: 'syz.0.2864': attribute type 1 has an invalid length.
[  626.272996][   T30] kauditd_printk_skb: 42 callbacks suppressed
[  626.273013][   T30] audit: type=1400 audit(626.244:1695): avc:  denied  { mount } for  pid=15508 comm="syz.2.2868" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  626.644541][T15510] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=15510 comm=syz.2.2868
[  627.544498][T15495] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  627.810849][   T30] audit: type=1400 audit(627.784:1696): avc:  denied  { bind } for  pid=15523 comm="syz.5.2873" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  627.866838][   T30] audit: type=1400 audit(627.804:1697): avc:  denied  { listen } for  pid=15523 comm="syz.5.2873" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  627.960318][   T49] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  628.130116][   T49] usb 4-1: Using ep0 maxpacket: 32
[  628.156674][   T49] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  628.180494][   T49] usb 4-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  628.194150][   T49] usb 4-1: config 0 interface 0 has no altsetting 0
[  628.201130][   T49] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  628.210747][   T49] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  628.222970][   T49] usb 4-1: config 0 descriptor??
[  628.233373][   T49] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  628.462295][   T30] audit: type=1400 audit(628.434:1698): avc:  denied  { bind } for  pid=15516 comm="syz.3.2872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  628.484062][T15518] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2872'.
[  628.513041][T15518] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2872'.
[  628.529540][   T30] audit: type=1400 audit(628.434:1699): avc:  denied  { name_bind } for  pid=15516 comm="syz.3.2872" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  628.576140][   T30] audit: type=1400 audit(628.434:1700): avc:  denied  { node_bind } for  pid=15516 comm="syz.3.2872" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  628.640101][   T30] audit: type=1400 audit(628.464:1701): avc:  denied  { read } for  pid=15528 comm="syz.5.2875" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  628.710145][   T30] audit: type=1400 audit(628.464:1702): avc:  denied  { open } for  pid=15528 comm="syz.5.2875" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  628.769656][   T30] audit: type=1400 audit(628.464:1703): avc:  denied  { ioctl } for  pid=15528 comm="syz.5.2875" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  628.799918][T15534] lo speed is unknown, defaulting to 1000
[  629.412493][   T30] audit: type=1400 audit(628.534:1704): avc:  denied  { write } for  pid=15528 comm="syz.5.2875" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  629.496886][   T10] usb 4-1: USB disconnect, device number 2
[  629.783000][T15556] SET target dimension over the limit!
[  630.229121][T15553] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2884'.
[  630.249118][T15561] lo speed is unknown, defaulting to 1000
[  630.737724][T15573] overlayfs: failed to clone upperpath
[  631.316932][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  631.316948][   T30] audit: type=1400 audit(631.274:1717): avc:  denied  { getopt } for  pid=15572 comm="syz.2.2888" lport=141 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  631.684483][   T30] audit: type=1400 audit(631.354:1718): avc:  denied  { setopt } for  pid=15577 comm="syz.3.2890" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  632.323236][   T30] audit: type=1400 audit(632.294:1719): avc:  denied  { read } for  pid=15589 comm="syz.3.2894" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  632.440556][   T30] audit: type=1400 audit(632.294:1720): avc:  denied  { open } for  pid=15589 comm="syz.3.2894" path="/dev/dri/renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  632.500054][   T30] audit: type=1400 audit(632.294:1721): avc:  denied  { write } for  pid=15589 comm="syz.3.2894" name="mcfilter" dev="proc" ino=4026534241 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  632.676063][   T30] audit: type=1400 audit(632.644:1722): avc:  denied  { read } for  pid=15597 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  633.078179][T13795] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  633.096448][T13795] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  633.108588][T13795] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  633.125784][T13795] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  633.139632][T13795] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  633.148473][T13795] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  633.153754][   T30] audit: type=1400 audit(632.784:1723): avc:  denied  { open } for  pid=15597 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  633.191005][   T30] audit: type=1400 audit(633.164:1724): avc:  denied  { read } for  pid=15598 comm="syz.5.2896" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  633.214345][   T30] audit: type=1400 audit(633.164:1725): avc:  denied  { open } for  pid=15598 comm="syz.5.2896" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  633.237509][   T30] audit: type=1400 audit(633.174:1726): avc:  denied  { mounton } for  pid=15597 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  633.298455][T15597] lo speed is unknown, defaulting to 1000
[  633.475019][T15607] bridge_slave_0: left allmulticast mode
[  633.587526][T15607] bridge_slave_0: left promiscuous mode
[  633.614886][T15607] bridge0: port 1(bridge_slave_0) entered disabled state
[  634.077050][T15607] bridge_slave_1: left allmulticast mode
[  634.083041][T15607] bridge_slave_1: left promiscuous mode
[  634.088798][T15607] bridge0: port 2(bridge_slave_1) entered disabled state
[  634.101831][T15607] bond0: (slave bond_slave_0): Releasing backup interface
[  634.117932][T15607] bond0: (slave bond_slave_1): Releasing backup interface
[  634.147859][T15607] team0: Port device team_slave_0 removed
[  634.167841][T15607] team0: Port device team_slave_1 removed
[  634.174164][T15607] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  634.182455][T15607] batman_adv: batadv0: Removing interface: batadv_slave_0
[  634.191031][T15607] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  634.198567][T15607] batman_adv: batadv0: Removing interface: batadv_slave_1
[  634.226387][T15607] batman_adv: batadv0: Removing interface: macvlan2
[  634.234096][T15607] bond2: (slave ip6erspan0): Releasing active interface
[  634.247673][T15607] batman_adv: batadv0: Interface deactivated: ip6gretap2
[  634.256443][T15607] batman_adv: batadv0: Removing interface: ip6gretap2
[  634.296697][ T3536] smc: removing ib device syz1
[  635.237513][T15627] lo speed is unknown, defaulting to 1000
[  635.244030][T13795] Bluetooth: hci4: command tx timeout
[  635.496473][T15597] chnl_net:caif_netlink_parms(): no params data found
[  636.569060][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  636.569078][   T30] audit: type=1400 audit(636.384:1731): avc:  denied  { unmount } for  pid=13793 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  637.426271][T13795] Bluetooth: hci4: command tx timeout
[  637.450349][   T30] audit: type=1400 audit(636.764:1732): avc:  denied  { create } for  pid=15652 comm="syz.3.2908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  637.603961][   T30] audit: type=1400 audit(636.764:1733): avc:  denied  { bind } for  pid=15652 comm="syz.3.2908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  637.625857][   T30] audit: type=1400 audit(636.864:1734): avc:  denied  { name_bind } for  pid=15657 comm="syz.5.2910" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  638.012076][T15597] bridge0: port 1(bridge_slave_0) entered blocking state
[  638.029437][T15597] bridge0: port 1(bridge_slave_0) entered disabled state
[  638.047413][T15597] bridge_slave_0: entered allmulticast mode
[  638.250151][T15597] bridge_slave_0: entered promiscuous mode
[  638.283246][T15597] bridge0: port 2(bridge_slave_1) entered blocking state
[  638.302144][T15597] bridge0: port 2(bridge_slave_1) entered disabled state
[  638.315400][T15597] bridge_slave_1: entered allmulticast mode
[  638.327555][T15597] bridge_slave_1: entered promiscuous mode
[  638.385981][T15597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  638.409723][T15597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  638.466364][T15597] team0: Port device team_slave_0 added
[  638.474268][T15597] team0: Port device team_slave_1 added
[  638.493922][T15597] batman_adv: batadv0: Adding interface: batadv_slave_0
[  638.501000][T15597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  638.576668][T15597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  638.594548][T15597] batman_adv: batadv0: Adding interface: batadv_slave_1
[  638.604090][T15597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  638.630818][T15597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  638.647899][   T30] audit: type=1400 audit(638.614:1735): avc:  denied  { append } for  pid=15676 comm="syz.3.2914" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  638.671610][   T30] audit: type=1400 audit(638.614:1736): avc:  denied  { ioctl } for  pid=15676 comm="syz.3.2914" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x64ac scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  638.697198][   T30] audit: type=1400 audit(638.644:1737): avc:  denied  { write } for  pid=15676 comm="syz.3.2914" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  638.697622][   T49] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  638.794565][ T3536] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.804787][ T3536] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  638.824088][T15597] hsr_slave_0: entered promiscuous mode
[  638.832374][T15597] hsr_slave_1: entered promiscuous mode
[  638.838249][T15597] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  638.846466][T15597] Cannot create hsr debugfs directory
[  638.873443][ T3536] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.883857][ T3536] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  638.920307][   T49] usb 6-1: Using ep0 maxpacket: 16
[  638.933075][   T49] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  638.956612][   T49] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  638.967117][   T49] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  638.980515][   T49] usb 6-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  638.989640][   T49] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.001898][   T49] usb 6-1: config 0 descriptor??
[  639.003346][ T3536] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.013407][   T49] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input14
[  639.034977][ T5184] pxrc 6-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  639.040407][   T30] audit: type=1400 audit(639.004:1738): avc:  denied  { read } for  pid=5184 comm="acpid" name="js0" dev="devtmpfs" ino=2818 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  639.057593][ T3536] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  639.064265][    C1] vkms_vblank_simulate: vblank timer overrun
[  639.064914][   T30] audit: type=1400 audit(639.004:1739): avc:  denied  { open } for  pid=5184 comm="acpid" path="/dev/input/js0" dev="devtmpfs" ino=2818 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  639.102940][    C1] vkms_vblank_simulate: vblank timer overrun
[  639.119559][ T5184] pxrc 6-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  639.134947][ T5184] pxrc 6-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  639.152248][ T5184] pxrc 6-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  639.166092][ T3536] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.179023][ T3536] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  639.199318][T14238] pxrc 6-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  639.228905][   T49] usb 6-1: USB disconnect, device number 14
[  639.234344][ T5184] pxrc 6-1:0.0: pxrc_open - usb_submit_urb failed, error: -19
[  639.240244][   T30] audit: type=1400 audit(639.194:1740): avc:  denied  { write } for  pid=15674 comm="syz.5.2913" name="event1" dev="devtmpfs" ino=919 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  639.264940][    C1] vkms_vblank_simulate: vblank timer overrun
[  639.385005][ T3536] batadv1: left allmulticast mode
[  639.390895][ T3536] batadv1: left promiscuous mode
[  639.398233][ T3536] bridge0: port 1(batadv1) entered disabled state
[  639.480684][T13795] Bluetooth: hci4: command tx timeout
[  639.790238][  T970] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  640.011427][T15700] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2922'.
[  640.030158][  T970] usb 4-1: Using ep0 maxpacket: 32
[  640.036793][  T970] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  640.059017][ T3536] team0: Port device geneve0 removed
[  640.065751][  T970] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  640.090576][  T970] usb 4-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  640.103748][  T970] usb 4-1: config 0 interface 0 has no altsetting 0
[  640.113849][  T970] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  640.126670][  T970] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.141902][  T970] usb 4-1: config 0 descriptor??
[  640.374513][T15686] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2918'.
[  640.420580][ T3536] bond0 (unregistering): Released all slaves
[  640.510371][T15704] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2918'.
[  640.747171][ T3536] bond1 (unregistering): Released all slaves
[  641.358958][  T970] usbhid 4-1:0.0: can't add hid device: -71
[  641.365826][  T970] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  641.399463][  T970] usb 4-1: USB disconnect, device number 3
[  641.560254][T13795] Bluetooth: hci4: command tx timeout
[  641.633793][T15717] lo speed is unknown, defaulting to 1000
[  641.652587][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  641.652600][   T30] audit: type=1400 audit(641.624:1755): avc:  denied  { accept } for  pid=15716 comm="syz.5.2925" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  641.976240][T15597] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  642.007613][T15597] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  642.032555][T15597] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  642.052083][T15597] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  642.178171][T15597] 8021q: adding VLAN 0 to HW filter on device bond0
[  642.207250][T15597] 8021q: adding VLAN 0 to HW filter on device team0
[  642.409199][T15730] vivid-007: disconnect
[  642.421036][T15730] vivid-007: reconnect
[  642.454800][   T30] audit: type=1400 audit(642.424:1756): avc:  denied  { module_load } for  pid=15746 comm="syz.2.2932" path="/584/bus" dev="tmpfs" ino=3130 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  642.484281][T15690] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  642.552724][T15750] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2932'.
[  642.713348][T15690] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64
[  642.727417][T15690] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  642.750067][T15690] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  642.758261][T15690] usb 4-1: Product: syz
[  642.790040][T15690] usb 4-1: Manufacturer: syz
[  642.794679][T15690] usb 4-1: SerialNumber: syz
[  642.810971][T15690] usb 4-1: config 0 descriptor??
[  642.817258][T15745] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  642.835277][ T7755] bridge0: port 1(bridge_slave_0) entered blocking state
[  642.842395][ T7755] bridge0: port 1(bridge_slave_0) entered forwarding state
[  642.860658][T15690] hub 4-1:0.0: bad descriptor, ignoring hub
[  642.866598][T15690] hub 4-1:0.0: probe with driver hub failed with error -5
[  642.894745][ T7755] bridge0: port 2(bridge_slave_1) entered blocking state
[  642.901871][ T7755] bridge0: port 2(bridge_slave_1) entered forwarding state
[  643.027284][   T30] audit: type=1400 audit(642.994:1757): avc:  denied  { write } for  pid=15755 comm="syz.5.2934" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  643.050036][    C1] vkms_vblank_simulate: vblank timer overrun
[  643.141303][T15756] netem: change failed
[  643.276878][T15597] 8021q: adding VLAN 0 to HW filter on device batadv0
[  643.433500][ T3536] tipc: Disabling bearer <eth:macvlan1>
[  643.446953][T15772] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2931'.
[  643.481022][ T3536] tipc: Left network mode
[  643.532616][T15774] lo speed is unknown, defaulting to 1000
[  643.771861][  T970] usb 4-1: USB disconnect, device number 4
[  643.846058][ T3536] hsr_slave_0: left promiscuous mode
[  643.867117][ T3536] hsr_slave_1: left promiscuous mode
[  643.888134][ T3536] veth1_macvtap: left promiscuous mode
[  643.894975][ T3536] veth0_macvtap: left promiscuous mode
[  644.008300][ T3536] veth1_vlan: left promiscuous mode
[  644.841152][   T30] audit: type=1400 audit(644.814:1758): avc:  denied  { write } for  pid=15803 comm="syz.5.2942" name="001" dev="devtmpfs" ino=747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  644.871998][T15804] netlink: 'syz.5.2942': attribute type 10 has an invalid length.
[  644.990156][   T30] audit: type=1400 audit(644.954:1759): avc:  denied  { append } for  pid=15803 comm="syz.5.2942" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  645.577318][   T30] audit: type=1400 audit(645.544:1760): avc:  denied  { append } for  pid=15813 comm="syz.3.2944" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  645.640772][   T30] audit: type=1400 audit(645.544:1761): avc:  denied  { map } for  pid=15813 comm="syz.3.2944" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  645.709234][   T30] audit: type=1400 audit(645.544:1762): avc:  denied  { execute } for  pid=15813 comm="syz.3.2944" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  645.806059][   T30] audit: type=1400 audit(645.774:1763): avc:  denied  { ioctl } for  pid=15817 comm="syz.3.2946" path="socket:[40440]" dev="sockfs" ino=40440 ioctlcmd=0x9410 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  645.964187][T15804] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  645.971657][   T30] audit: type=1400 audit(645.934:1764): avc:  denied  { name_bind } for  pid=15819 comm="syz.0.2947" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  646.063982][T15822] netlink: 'syz.3.2948': attribute type 16 has an invalid length.
[  646.074530][T15822] netlink: 'syz.3.2948': attribute type 17 has an invalid length.
[  646.083109][T15822] netlink: 'syz.3.2948': attribute type 27 has an invalid length.
[  646.104799][T15597] veth0_vlan: entered promiscuous mode
[  646.176136][T15597] veth1_vlan: entered promiscuous mode
[  647.030089][T15690] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  647.079197][T15597] veth0_macvtap: entered promiscuous mode
[  647.117027][T15843] 9pnet_fd: Insufficient options for proto=fd
[  647.125508][T15597] veth1_macvtap: entered promiscuous mode
[  647.171994][T15597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.208832][T15597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.225195][T15597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.236141][T15597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.246453][T15690] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  647.255585][T15597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.266930][T15690] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  647.272604][T15597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.279186][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  647.279197][   T30] audit: type=1400 audit(647.244:1769): avc:  denied  { create } for  pid=15844 comm="syz.0.2957" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  647.289586][T15597] batman_adv: batadv0: Interface activated: batadv_slave_0
[  647.297936][T15690] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  647.336546][T15842] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2955'.
[  647.372451][   T30] audit: type=1400 audit(647.344:1770): avc:  denied  { unlink } for  pid=5821 comm="syz-executor" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=2989 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  647.422663][T15690] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  647.434424][T15690] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.438089][T15597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  647.454400][T15597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.459432][T15690] usb 6-1: config 0 descriptor??
[  647.471002][T15597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  647.484275][   T30] audit: type=1400 audit(647.444:1771): avc:  denied  { write } for  pid=5181 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  647.501692][T15597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.506424][   T30] audit: type=1400 audit(647.444:1772): avc:  denied  { remove_name } for  pid=5181 comm="syslogd" name="messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  647.519690][T15597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  647.538261][T13911] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  647.552495][T15597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.556352][   T30] audit: type=1400 audit(647.444:1773): avc:  denied  { rename } for  pid=5181 comm="syslogd" name="messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  647.569599][T15597] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  647.599316][   T30] audit: type=1400 audit(647.444:1774): avc:  denied  { add_name } for  pid=5181 comm="syslogd" name="messages.0" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  647.603023][T15597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.621825][   T30] audit: type=1400 audit(647.444:1775): avc:  denied  { unlink } for  pid=5181 comm="syslogd" name="messages.0" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  647.637848][T15597] batman_adv: batadv0: Interface activated: batadv_slave_1
[  647.654169][   T30] audit: type=1400 audit(647.444:1776): avc:  denied  { create } for  pid=5181 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  647.678088][T15597] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  647.690450][T15597] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  647.705091][T15597] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  647.714023][T15597] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  647.728960][ T3536] IPVS: stop unused estimator thread 0...
[  647.770358][T13911] usb 4-1: Using ep0 maxpacket: 16
[  647.776842][T13911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  647.802877][T13911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  647.824440][T10798] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  647.832472][T13911] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  647.846134][T10798] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  647.854387][T13911] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  647.864019][T13911] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.884803][T13911] usb 4-1: config 0 descriptor??
[  647.891491][T10798] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  647.899723][T10798] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  647.909433][T15690] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  647.923115][T15690] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  647.950968][T15690] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  648.023854][T15852] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2959'.
[  648.037372][   T30] audit: type=1400 audit(647.994:1777): avc:  denied  { nlmsg_read } for  pid=15851 comm="syz.2.2959" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  648.109104][T15855] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2567 sclass=netlink_route_socket pid=15855 comm=syz.2.2960
[  648.452581][   T30] audit: type=1400 audit(648.424:1778): avc:  denied  { mount } for  pid=15828 comm="syz.5.2951" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  650.275335][T13911] usbhid 4-1:0.0: can't add hid device: -71
[  651.069567][ T5874] usb 6-1: USB disconnect, device number 15
[  651.495236][T13911] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  651.499848][T15899] input: syz0 as /devices/virtual/input/input16
[  651.536249][T13911] usb 4-1: USB disconnect, device number 5
[  651.730705][T13795] Bluetooth: hci5: command 0x0405 tx timeout
[  652.040307][T13911] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  652.512641][T13911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64
[  652.528839][T13911] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  652.540120][T13911] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  652.640903][T13911] usb 4-1: Product: syz
[  652.663325][T13911] usb 4-1: Manufacturer: syz
[  652.751308][T13911] usb 4-1: SerialNumber: syz
[  652.840751][ T5870] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  653.065469][T15921] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2978'.
[  653.082888][T13911] usb 4-1: config 0 descriptor??
[  653.095377][T15892] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  653.107327][T13911] hub 4-1:0.0: bad descriptor, ignoring hub
[  653.113632][T13911] hub 4-1:0.0: probe with driver hub failed with error -5
[  653.138781][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  653.138796][   T30] audit: type=1400 audit(653.104:1784): avc:  denied  { ioctl } for  pid=15923 comm="syz.2.2979" path="socket:[41765]" dev="sockfs" ino=41765 ioctlcmd=0x6616 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  653.222287][   T49] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  653.250157][ T5870] usb 5-1: Using ep0 maxpacket: 16
[  653.256770][ T5870] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  653.275003][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  653.287091][ T5870] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  653.296671][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  653.305655][ T5870] usb 5-1: Product: syz
[  653.310495][ T5870] usb 5-1: Manufacturer: syz
[  653.315154][ T5870] usb 5-1: SerialNumber: syz
[  653.322878][ T5870] usb 5-1: config 0 descriptor??
[  653.333612][ T5870] em28xx 5-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[  653.556129][   T49] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64
[  653.573632][   T49] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  653.581245][T15892] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2968'.
[  653.583399][   T49] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  653.601197][   T49] usb 6-1: Product: syz
[  653.605377][   T49] usb 6-1: Manufacturer: syz
[  653.625098][   T49] usb 6-1: SerialNumber: syz
[  653.641003][   T49] usb 6-1: config 0 descriptor??
[  653.666409][T15922] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  653.739383][T15934] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2982'.
[  653.778855][ T5904] usb 4-1: USB disconnect, device number 6
[  654.310301][   T49] hub 6-1:0.0: bad descriptor, ignoring hub
[  654.316298][   T49] hub 6-1:0.0: probe with driver hub failed with error -5
[  654.395399][   T30] audit: type=1400 audit(654.364:1785): avc:  denied  { read } for  pid=15935 comm="syz.0.2984" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  654.877386][T15922] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2977'.
[  654.888137][T13795] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  654.899554][T13795] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  654.908493][T13795] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  654.917562][T13795] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  654.927790][T13795] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  654.935219][T13795] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  655.060899][ T5904] usb 6-1: USB disconnect, device number 16
[  655.093396][   T30] audit: type=1400 audit(655.064:1786): avc:  denied  { write } for  pid=15944 comm="syz.3.2987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  655.315811][  T970] usb 5-1: USB disconnect, device number 10
[  655.496698][T15942] chnl_net:caif_netlink_parms(): no params data found
[  656.921958][T15942] bridge0: port 1(bridge_slave_0) entered blocking state
[  656.929049][T15942] bridge0: port 1(bridge_slave_0) entered disabled state
[  656.941630][T15942] bridge_slave_0: entered allmulticast mode
[  656.957374][T15942] bridge_slave_0: entered promiscuous mode
[  656.992278][T15942] bridge0: port 2(bridge_slave_1) entered blocking state
[  657.000914][T13795] Bluetooth: hci2: command tx timeout
[  657.029596][T15942] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.065504][T15942] bridge_slave_1: entered allmulticast mode
[  657.079431][   T30] audit: type=1400 audit(657.044:1787): avc:  denied  { listen } for  pid=15977 comm="syz.0.2995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  657.085170][T15942] bridge_slave_1: entered promiscuous mode
[  657.301986][ T5874] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  657.323578][T15942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  657.408002][T15985] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2997'.
[  657.859107][   T30] audit: type=1400 audit(657.374:1788): avc:  denied  { create } for  pid=15981 comm="syz.0.2997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  657.891125][T15942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  657.930327][ T5874] usb 5-1: Using ep0 maxpacket: 8
[  657.938058][ T5874] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  657.952126][ T5874] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  657.962165][ T5874] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  657.971992][ T5874] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  657.982002][ T5874] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  657.995096][ T5874] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  658.005775][ T5874] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.040862][T15942] team0: Port device team_slave_0 added
[  658.089092][T15942] team0: Port device team_slave_1 added
[  658.197534][T15942] batman_adv: batadv0: Adding interface: batadv_slave_0
[  658.230182][ T5874] usb 5-1: GET_CAPABILITIES returned 0
[  658.235803][T15942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.262097][ T5874] usbtmc 5-1:16.0: can't read capabilities
[  658.300945][T15942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  658.316310][T15942] batman_adv: batadv0: Adding interface: batadv_slave_1
[  658.323930][T15942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.350592][T15942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  658.399857][T15942] hsr_slave_0: entered promiscuous mode
[  658.408195][T15942] hsr_slave_1: entered promiscuous mode
[  658.414908][T15942] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  658.423856][T15942] Cannot create hsr debugfs directory
[  658.563994][T15972] usbtmc 5-1:16.0: usb_control_msg returned -71
[  658.564229][ T5904] usb 5-1: USB disconnect, device number 11
[  658.667003][T15942] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  658.779892][T15942] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  658.831019][T15994] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3000'.
[  658.842703][T15994] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3000'.
[  658.893543][T15942] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  659.081795][T13795] Bluetooth: hci2: command tx timeout
[  659.108622][T15942] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.603407][T15942] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  660.687670][T15942] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  660.803708][   T30] audit: type=1400 audit(660.754:1789): avc:  denied  { mount } for  pid=16006 comm="syz.4.3005" name="/" dev="pstore" ino=4315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  661.121040][T15942] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  661.124764][   T30] audit: type=1400 audit(660.764:1790): avc:  denied  { read } for  pid=16006 comm="syz.4.3005" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  661.158132][   T30] audit: type=1400 audit(660.764:1791): avc:  denied  { open } for  pid=16006 comm="syz.4.3005" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  661.161124][T15942] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  661.183190][T13795] Bluetooth: hci2: command tx timeout
[  661.240707][   T30] audit: type=1400 audit(660.844:1792): avc:  denied  { ioctl } for  pid=16006 comm="syz.4.3005" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  661.285313][T15942] 8021q: adding VLAN 0 to HW filter on device bond0
[  661.300524][T15942] 8021q: adding VLAN 0 to HW filter on device team0
[  661.328293][T15942] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  661.341633][   T30] audit: type=1400 audit(661.314:1793): avc:  denied  { unmount } for  pid=15597 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  661.369234][T15942] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  661.398484][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  661.400086][   T10] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  661.405642][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  661.442515][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  661.449653][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  661.904144][T15942] 8021q: adding VLAN 0 to HW filter on device batadv0
[  661.913214][   T10] usb 4-1: Using ep0 maxpacket: 32
[  661.918539][T16026] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5126 sclass=netlink_route_socket pid=16026 comm=syz.5.3008
[  661.934841][   T10] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  661.945161][   T10] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  661.956248][   T10] usb 4-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  661.969889][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[  661.977227][   T10] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  661.986971][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.016176][T15942] veth0_vlan: entered promiscuous mode
[  662.037015][T15942] veth1_vlan: entered promiscuous mode
[  662.061906][   T10] usb 4-1: config 0 descriptor??
[  662.099602][T15942] veth0_macvtap: entered promiscuous mode
[  662.117637][T15942] veth1_macvtap: entered promiscuous mode
[  662.156688][T15942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  662.169311][T15942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  662.179548][T15942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  662.190194][T15942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  662.427828][T16017] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3007'.
[  662.489437][T16034] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3007'.
[  662.595480][T15942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  662.607159][T15942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  662.617238][T15942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  662.629402][T15942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  662.854486][T15942] batman_adv: batadv0: Interface activated: batadv_slave_0
[  662.867109][T15942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  662.877708][T15942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  662.905490][T15942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  662.946454][T15942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  662.980062][T15942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  662.991191][T15942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  663.002181][T15942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  663.012922][T15942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  663.023291][T15942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  663.034120][T15942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  663.045149][T15942] batman_adv: batadv0: Interface activated: batadv_slave_1
[  663.065043][   T10] usbhid 4-1:0.0: can't add hid device: -71
[  663.068511][T15942] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  663.080229][   T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  663.082451][T15942] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  663.099650][T15942] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  663.114639][   T10] usb 4-1: USB disconnect, device number 7
[  663.124295][T15942] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  663.250325][T13795] Bluetooth: hci2: command tx timeout
[  663.266000][T16043] netlink: 'syz.5.3013': attribute type 7 has an invalid length.
[  663.274164][T16043] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3013'.
[  663.301512][ T3526] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  663.340565][ T3526] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  663.413205][ T7755] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  663.433673][ T7755] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  664.196948][ T5904] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  664.295729][   T31] INFO: task syz.1.2337:13528 blocked for more than 143 seconds.
[  664.349640][   T31]       Not tainted 6.14.0-rc6-syzkaller #0
[  664.375992][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  664.553419][   T30] audit: type=1400 audit(664.404:1794): avc:  denied  { write } for  pid=5811 comm="syz-executor" path="pipe:[3849]" dev="pipefs" ino=3849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  664.732141][   T31] task:syz.1.2337      state:D stack:28016 pid:13528 tgid:13527 ppid:5822   task_flags:0x400740 flags:0x00004006
[  664.744201][   T31] Call Trace:
[  664.747485][   T31]  <TASK>
[  664.750608][   T31]  __schedule+0xf43/0x5890
[  664.755040][   T31]  ? __pfx___lock_acquire+0x10/0x10
[  664.760337][   T31]  ? find_held_lock+0x2d/0x110
[  664.765133][   T31]  ? __pfx___schedule+0x10/0x10
[  664.920472][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  665.256208][   T31]  ? schedule+0x298/0x350
[  665.260745][ T5904] usb 6-1: unable to get BOS descriptor or descriptor too short
[  665.270223][   T31]  ? __pfx_lock_release+0x10/0x10
[  665.275293][   T31]  ? finish_task_switch.isra.0+0x217/0xcc0
[  665.281729][   T31]  ? lock_acquire+0x2f/0xb0
[  665.286313][   T31]  ? schedule+0x1fd/0x350
[  665.290830][ T5904] usb 6-1: not running at top speed; connect to a high speed hub
[  665.298649][   T31]  schedule+0xe7/0x350
[  665.302890][   T31]  schedule_timeout+0x244/0x280
[  665.307772][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  665.314073][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  665.319458][   T31]  __wait_for_common+0x3e1/0x600
[  665.324964][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  665.330539][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  665.336070][   T31]  ? preempt_schedule_thunk+0x1a/0x30
[  665.341650][   T31]  wait_for_completion_state+0x1c/0x40
[  665.347147][   T31]  do_coredump+0x86f/0x4410
[  665.351774][   T31]  ? unwind_get_return_address+0x59/0xa0
[  665.357448][   T31]  ? __pfx_do_coredump+0x10/0x10
[  665.362583][   T31]  ? stack_trace_save+0x95/0xd0
[  665.367447][   T31]  ? __pfx_stack_trace_save+0x10/0x10
[  665.373327][   T31]  ? hlock_class+0x4e/0x130
[  665.377846][   T31]  ? stack_depot_save_flags+0x28/0x9c0
[  665.383426][   T31]  ? kasan_save_stack+0x42/0x60
[  665.388284][   T31]  ? kasan_save_stack+0x33/0x60
[  665.393280][   T31]  ? kasan_save_track+0x14/0x30
[  665.398162][   T31]  ? kasan_save_free_info+0x3b/0x60
[  665.403853][   T31]  ? __kasan_slab_free+0x51/0x70
[  665.408863][   T31]  ? kmem_cache_free+0x2e2/0x4d0
[  665.414297][   T31]  ? __sigqueue_free+0xba/0x2a0
[  665.419455][   T31]  ? get_signal+0xcbc/0x26c0
[  665.424174][   T31]  ? arch_do_signal_or_restart+0x90/0x7e0
[  665.429908][   T31]  ? syscall_exit_to_user_mode+0x150/0x2a0
[  665.435934][   T31]  ? find_held_lock+0x2d/0x110
[  665.440770][   T31]  ? proc_coredump_connector+0x2d2/0x4f0
[  665.446420][   T31]  ? __pfx_proc_coredump_connector+0x10/0x10
[  665.452604][   T31]  get_signal+0x230b/0x26c0
[  665.457158][   T31]  ? __pfx_get_signal+0x10/0x10
[  665.462068][   T31]  ? rcu_is_watching+0x12/0xc0
[  665.466847][   T31]  ? __local_bh_enable_ip+0xa4/0x120
[  665.472406][   T31]  arch_do_signal_or_restart+0x90/0x7e0
[  665.477968][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  665.484701][   T31]  ? rcu_is_watching+0x12/0xc0
[  665.490331][   T31]  syscall_exit_to_user_mode+0x150/0x2a0
[  665.496124][   T31]  do_syscall_64+0xda/0x250
[  665.500867][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.506784][   T31] RIP: 0033:0x7f49a384e750
[  665.511362][   T31] RSP: 002b:00007f49a48963f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  665.520103][   T31] RAX: 0000000000000000 RBX: 00007f49a3ba5fa8 RCX: 00007f49a398d169
[  665.528091][   T31] RDX: 00007f49a4896400 RSI: 00007f49a4896530 RDI: 000000000000000b
[  665.536257][   T31] RBP: 00007f49a3ba5fa0 R08: 00007f49a4898000 R09: 0000000000000000
[  665.544307][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f49a3ba5fac
[  665.552452][   T31] R13: 0000000000000000 R14: 00007ffe22527410 R15: 00007ffe225274f8
[  665.560627][   T31]  </TASK>
[  665.563687][   T31] 
[  665.563687][   T31] Showing all locks held in the system:
[  665.571587][   T31] 1 lock held by khungtaskd/31:
[  665.577016][   T31]  #0: ffffffff8e1bd0c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390
[  665.587245][   T31] 2 locks held by getty/5587:
[  665.592122][   T31]  #0: ffff88814d4740a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  665.601999][   T31]  #1: ffffc900033332f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480
[  665.612320][   T31] 3 locks held by kworker/1:4/5870:
[  665.617578][   T31]  #0: ffff88801b078d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  665.650461][   T31]  #1: ffffc90003ff7d18 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  665.700030][   T31]  #2: ffff8880621f9240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1bb/0x26d0
[  665.723376][   T31] 2 locks held by kworker/0:6/5874:
[  665.728629][   T31]  #0: ffff88801b078d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  665.780175][   T31]  #1: ffffc90004037d18 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  665.789962][   T31] 3 locks held by kworker/1:5/5904:
[  665.822212][   T31]  #0: ffff888140472948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  665.870053][   T31]  #1: ffffc900032afd18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  665.911247][   T31]  #2: ffff88814535a190 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c1/0x4e10
[  665.922067][   T31] 3 locks held by syz-executor/15597:
[  665.927728][   T31]  #0: ffff88805c77cd80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  665.937539][   T31]  #1: ffff88805c77c078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ab/0x11a0
[  665.947405][   T31]  #2: ffff888068f52338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7f/0x730
[  665.956830][   T31] 3 locks held by syz-executor/15942:
[  665.962383][   T31]  #0: ffff888051114d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  665.972060][   T31]  #1: ffff888051114078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ab/0x11a0
[  665.981840][   T31]  #2: ffff888071305338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7f/0x730
[  665.991251][   T31] 3 locks held by syz.5.3014/16044:
[  665.996465][   T31]  #0: ffff888030e04d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  666.006663][   T31]  #1: ffff888030e04078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ab/0x11a0
[  666.016456][   T31]  #2: ffff888036b92338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7f/0x730
[  666.027291][   T31] 3 locks held by syz.3.3016/16058:
[  666.032863][   T31]  #0: ffff88808cfb0d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  666.042742][   T31]  #1: ffff88808cfb0078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ab/0x11a0
[  666.057824][   T31]  #2: ffff8881412d7338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7f/0x730
[  666.067344][   T31] 1 lock held by syz.0.3017/16061:
[  666.072862][   T31]  #0: ffffffff8e1c8538 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a4/0x3b0
[  666.088218][   T31] 
[  666.118101][   T31] =============================================
[  666.118101][   T31] 
[  666.134446][   T31] NMI backtrace for cpu 0
[  666.134459][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-rc6-syzkaller #0
[  666.134477][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  666.134486][   T31] Call Trace:
[  666.134491][   T31]  <TASK>
[  666.134498][   T31]  dump_stack_lvl+0x116/0x1f0
[  666.134526][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  666.134544][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  666.134567][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  666.134584][   T31]  watchdog+0xf62/0x12b0
[  666.134615][   T31]  ? __pfx_watchdog+0x10/0x10
[  666.134638][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  666.134660][   T31]  ? __kthread_parkme+0x148/0x220
[  666.134678][   T31]  ? __pfx_watchdog+0x10/0x10
[  666.134702][   T31]  kthread+0x3af/0x750
[  666.134721][   T31]  ? __pfx_kthread+0x10/0x10
[  666.134745][   T31]  ? __pfx_kthread+0x10/0x10
[  666.134764][   T31]  ret_from_fork+0x45/0x80
[  666.134785][   T31]  ? __pfx_kthread+0x10/0x10
[  666.134802][   T31]  ret_from_fork_asm+0x1a/0x30
[  666.134830][   T31]  </TASK>
[  666.134835][   T31] Sending NMI from CPU 0 to CPUs 1:
[  666.246751][    C1] NMI backtrace for cpu 1
[  666.246764][    C1] CPU: 1 UID: 0 PID: 16061 Comm: syz.0.3017 Not tainted 6.14.0-rc6-syzkaller #0
[  666.246779][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  666.246786][    C1] RIP: 0010:lock_release+0x4dd/0x6f0
[  666.246813][    C1] Code: 00 00 49 8b 7e 08 4c 89 e6 48 8b 54 24 08 e8 3a 50 fe ff 65 ff 0d 7b 23 6d 7e 0f 85 a7 fb ff ff e8 78 3f 95 ff e9 a4 fb ff ff <e8> 4e df 08 00 84 c0 0f 85 cd fb ff ff 80 3d eb 2f b4 0e 00 0f 85
[  666.246826][    C1] RSP: 0018:ffffc9000471eeb0 EFLAGS: 00000047
[  666.246837][    C1] RAX: 0000000000000001 RBX: 1ffff920008e3dd8 RCX: ffffffff8196b1a9
[  666.246845][    C1] RDX: fffffbfff20c4c63 RSI: 0000000000000008 RDI: ffffffff90626310
[  666.246853][    C1] RBP: 0000000000000001 R08: 0000000000000000 R09: fffffbfff20c4c62
[  666.246861][    C1] R10: ffffffff90626317 R11: 0000000000000003 R12: ffffffff9aa934c8
[  666.246868][    C1] R13: ffff888063d07718 R14: 1ffff920008e3df6 R15: ffffffff9aa934a8
[  666.246877][    C1] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  666.246890][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  666.246898][    C1] CR2: 00007f42824d7d60 CR3: 000000002fca0000 CR4: 00000000003526f0
[  666.246906][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  666.246913][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  666.246920][    C1] Call Trace:
[  666.246925][    C1]  <NMI>
[  666.246930][    C1]  ? nmi_cpu_backtrace+0x1d8/0x390
[  666.246945][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  666.246961][    C1]  ? nmi_handle+0x1ac/0x5d0
[  666.246979][    C1]  ? lock_release+0x4dd/0x6f0
[  666.246994][    C1]  ? default_do_nmi+0x6a/0x160
[  666.247007][    C1]  ? exc_nmi+0x170/0x1e0
[  666.247019][    C1]  ? end_repeat_nmi+0xf/0x53
[  666.247038][    C1]  ? lock_release+0xa9/0x6f0
[  666.247054][    C1]  ? lock_release+0x4dd/0x6f0
[  666.247070][    C1]  ? lock_release+0x4dd/0x6f0
[  666.247086][    C1]  ? lock_release+0x4dd/0x6f0
[  666.247102][    C1]  </NMI>
[  666.247105][    C1]  <TASK>
[  666.247110][    C1]  ? debug_object_activate+0x2e6/0x4a0
[  666.247125][    C1]  ? __pfx_lock_release+0x10/0x10
[  666.247142][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  666.247154][    C1]  ? pcpu_alloc+0x12/0x350
[  666.247168][    C1]  _raw_spin_unlock_irqrestore+0x1a/0x80
[  666.247183][    C1]  debug_object_activate+0x2e6/0x4a0
[  666.247199][    C1]  ? __pfx_debug_object_activate+0x10/0x10
[  666.247217][    C1]  ? __pfx_radix_tree_node_rcu_free+0x10/0x10
[  666.247231][    C1]  __call_rcu_common.constprop.0+0x2c/0x870
[  666.247250][    C1]  xas_store+0xc8c/0x1930
[  666.247270][    C1]  page_cache_delete+0x32d/0x520
[  666.247285][    C1]  ? __pfx_lock_release+0x10/0x10
[  666.247301][    C1]  ? __pfx_page_cache_delete+0x10/0x10
[  666.247321][    C1]  filemap_remove_folio+0xfe/0x250
[  666.247338][    C1]  truncate_inode_folio+0x49/0x70
[  666.247351][    C1]  shmem_undo_range+0x36e/0x1170
[  666.247370][    C1]  ? __pfx_shmem_undo_range+0x10/0x10
[  666.247387][    C1]  ? kernel_text_address+0x8d/0x100
[  666.247410][    C1]  ? lock_acquire+0x2f/0xb0
[  666.247425][    C1]  ? hlock_class+0x4e/0x130
[  666.247446][    C1]  ? __pfx___lock_acquire+0x10/0x10
[  666.247461][    C1]  ? hlock_class+0x4e/0x130
[  666.247473][    C1]  ? __lock_acquire+0x15a9/0x3c40
[  666.247490][    C1]  shmem_evict_inode+0x3a3/0xba0
[  666.247506][    C1]  ? find_held_lock+0x2d/0x110
[  666.247519][    C1]  ? __pfx_shmem_evict_inode+0x10/0x10
[  666.247534][    C1]  ? evict+0x3c8/0x960
[  666.247549][    C1]  ? __pfx_lock_release+0x10/0x10
[  666.247566][    C1]  ? lock_acquire+0x2f/0xb0
[  666.247583][    C1]  ? __pfx_shmem_evict_inode+0x10/0x10
[  666.247599][    C1]  evict+0x409/0x960
[  666.247613][    C1]  ? __pfx_evict+0x10/0x10
[  666.247631][    C1]  iput+0x52a/0x890
[  666.247645][    C1]  ? __pfx_generic_delete_inode+0x10/0x10
[  666.247664][    C1]  dentry_unlink_inode+0x29c/0x480
[  666.247679][    C1]  __dentry_kill+0x1d0/0x600
[  666.247693][    C1]  ? shrink_dentry_list+0x11a/0x5d0
[  666.247709][    C1]  shrink_dentry_list+0x140/0x5d0
[  666.247726][    C1]  ? shrink_dcache_parent+0x75/0x530
[  666.247742][    C1]  shrink_dcache_parent+0xe2/0x530
[  666.247758][    C1]  ? __pfx_shrink_dcache_parent+0x10/0x10
[  666.247774][    C1]  ? do_raw_spin_lock+0x12d/0x2c0
[  666.247785][    C1]  ? lock_acquire+0x2f/0xb0
[  666.247807][    C1]  shrink_dcache_for_umount+0xa1/0x3e0
[  666.247825][    C1]  generic_shutdown_super+0x6c/0x390
[  666.247841][    C1]  kill_litter_super+0x70/0xa0
[  666.247857][    C1]  deactivate_locked_super+0xbe/0x1a0
[  666.247875][    C1]  deactivate_super+0xde/0x100
[  666.247892][    C1]  cleanup_mnt+0x222/0x450
[  666.247910][    C1]  task_work_run+0x14e/0x250
[  666.247926][    C1]  ? __pfx_task_work_run+0x10/0x10
[  666.247944][    C1]  do_exit+0xad8/0x2d70
[  666.247957][    C1]  ? get_signal+0x8f7/0x26c0
[  666.247975][    C1]  ? __pfx_do_exit+0x10/0x10
[  666.247987][    C1]  ? do_raw_spin_lock+0x12d/0x2c0
[  666.247999][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  666.248012][    C1]  do_group_exit+0xd3/0x2a0
[  666.248025][    C1]  get_signal+0x24ed/0x26c0
[  666.248044][    C1]  ? __pfx_lock_release+0x10/0x10
[  666.248061][    C1]  ? __pfx_get_signal+0x10/0x10
[  666.248080][    C1]  arch_do_signal_or_restart+0x90/0x7e0
[  666.248095][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  666.248112][    C1]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  666.248132][    C1]  syscall_exit_to_user_mode+0x150/0x2a0
[  666.248148][    C1]  do_syscall_64+0xda/0x250
[  666.248164][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.248179][    C1] RIP: 0033:0x7f9698d8d169
[  666.248189][    C1] Code: Unable to access opcode bytes at 0x7f9698d8d13f.
[  666.248195][    C1] RSP: 002b:00007f9699b99038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  666.248206][    C1] RAX: 0000000000010106 RBX: 00007f9698fa6080 RCX: 00007f9698d8d169
[  666.248214][    C1] RDX: 0000000000010106 RSI: 00004000000000c0 RDI: 0000000000000006
[  666.248222][    C1] RBP: 00007f9698e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  666.248229][    C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  666.248237][    C1] R13: 0000000000000000 R14: 00007f9698fa6080 R15: 00007ffef64b2838
[  666.248249][    C1]  </TASK>
[  666.864480][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  666.871373][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-rc6-syzkaller #0
[  666.880141][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  666.890200][   T31] Call Trace:
[  666.893474][   T31]  <TASK>
[  666.896403][   T31]  dump_stack_lvl+0x3d/0x1f0
[  666.900999][   T31]  panic+0x71d/0x800
[  666.904893][   T31]  ? __pfx_panic+0x10/0x10
[  666.909309][   T31]  ? preempt_schedule_thunk+0x1a/0x30
[  666.914685][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  666.920670][   T31]  ? preempt_schedule_thunk+0x1a/0x30
[  666.926047][   T31]  ? watchdog+0xdcc/0x12b0
[  666.930474][   T31]  ? watchdog+0xdbf/0x12b0
[  666.934900][   T31]  watchdog+0xddd/0x12b0
[  666.939166][   T31]  ? __pfx_watchdog+0x10/0x10
[  666.943869][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  666.949083][   T31]  ? __kthread_parkme+0x148/0x220
[  666.954163][   T31]  ? __pfx_watchdog+0x10/0x10
[  666.958885][   T31]  kthread+0x3af/0x750
[  666.962967][   T31]  ? __pfx_kthread+0x10/0x10
[  666.967569][   T31]  ? __pfx_kthread+0x10/0x10
[  666.972162][   T31]  ret_from_fork+0x45/0x80
[  666.976607][   T31]  ? __pfx_kthread+0x10/0x10
[  666.981204][   T31]  ret_from_fork_asm+0x1a/0x30
[  666.985978][   T31]  </TASK>
[  666.989236][   T31] Kernel Offset: disabled
[  666.993544][   T31] Rebooting in 86400 seconds..