last executing test programs:

1.855219649s ago: executing program 1 (id=2):
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[], 0x40}}, 0x90)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xaece, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f00000015c0)=""/4098, 0x1d}], 0x63, 0x0, 0x0)

1.758401041s ago: executing program 1 (id=6):
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
socket$inet_icmp(0x2, 0x2, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7f, 0x8b}, 0x0)
syslog(0x4, 0xfffffffffffffffc, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r4}, 0x18)
flock(0xffffffffffffffff, 0x5)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
socket(0x10, 0x3, 0x0)

1.688480312s ago: executing program 2 (id=3):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, 0x0, 0xc004)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c0000000203030000000000000000200000"], 0x1c}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0)
eventfd2(0x0, 0x0)
io_setup(0x81, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', <r7=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x1ff, {0x0, 0x0, 0x0, r7, {0xfff2}, {0x30}, {0x8, 0x10}}}, 0x24}}, 0x0)

1.650286913s ago: executing program 3 (id=4):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000280)=[@mss={0x2, 0x7}, @timestamp], 0x59)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000004000000080000000200000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000e3bb54645afe35a8ab03cf4934fdbfce875311aa23eaef8ed199535960cf8ced18e0b96772311dd436d4c9de57532cc8ce847051f239072ed2479ab1b09958f4a5275e9ba39a0ff3f38096b5cafd3ecc421553727bc113feec89f9c80d12d678305dd7ae670db7cb2112e6e4074375dc75bee0b01beda2c782c5c99c3368bee627afe1955f27dabf914ca77e0572fe478477967efa8405d8398a22eec2bd4cd58b7e4172c010f843f330c623b294e01386b16c5ebffd93a840ecd20bf3500f670926cc", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ftruncate(0xffffffffffffffff, 0x1f)
setitimer(0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0xea60}}, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000300)={0x0, 0x9c}, 0x0)
unshare(0x40020000)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
r3 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r3, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)

1.636726943s ago: executing program 4 (id=5):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
openat$vsock(0xffffffffffffff9c, 0x0, 0x4021, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
lstat(&(0x7f0000000140)='./bus/file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
stat(&(0x7f0000000540)='./bus\x00', &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
pipe2$9p(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r6 = dup(r5)
write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r6, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_DIRENTPLUS(r6, 0x0, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x7a, &(0x7f0000000780)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa008100000086dd60e400ff00403a00fe880000000000000000000000000001fe8000000000000000000000000000aa02009078000000006000000000021100fc02000000000000000000000000000000000000000008000000ffff0600140017c11d58674e624c1a146558aab57fff662b1b359032e479cd1161173ee813fc2c590e6176b4b653aa5ba0f76095990257ba3a58ded9931a5558d700a60224d0481fc91f23a80d564d0179c54e9b4279962a1bc0b002e75bc0dbd99b76d94a"], 0x0)
pipe(&(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000000c0)={'macvtap0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYRES32=r10, @ANYBLOB=' \x00', @ANYRES32=r10], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40080)
r11 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r8, &(0x7f0000000000), 0xfffffecc)
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000100)='./file0\x00', 0x810801, &(0x7f0000000140)=ANY=[], 0x4, 0x223, &(0x7f0000000240)="$eJzslb9rFEEUx78zu7e5RAlaaGFzFgEjmL3dPZU0grEXhETU8jBjiNnkwt0VuQNJgo2NtfiPWKSysNPK2kIFwcKUgiA4MrOzt7PebeJ6h03eB27uOz/em/dmZ9+CIIgTy+dP3z8+v7W4cgXAacxhyox/dbI13Fr/4aVTMfLN1uyTA6NvpvMMgJTZeveY/T0Ar5ccYC9xK6VtDcwZnyvgWivuguOy0ffA4KexysxagOGBGX68LQfZtKaNiAV72IpXH63HIlBNqJpINQ1pSOM/3GdYBVA1WzArvk6vv9GMgXYiYpGKikz3GZoqK3IHtps/Px3fEscN6wjU87r/7Om+6vtmPLDOLwRHaHQDDMtGL2IKvu/XTFeEVv4X3My/kzy2hL0ymVTHO4iy4uzCiCl1w482n46FynYjTXHcMH7JieYlpdxVwstdwX92qFIdOzAVR3krXhu28o7xI4w4pW7o3++VvtNqhHV6fZyx1jD7Spw/PHg77OfLf7u0kxe6cP3xlF+oa/N+Jo5vj7Q6lxu5WPDKeEe9IFl9Yi5wyapPrvVVqHc3t+udXn9hfbO5JtbEVhQ1rgdXg+BaVNe1OWlRhIuqrk8zlv9KwVqPedhpdrvtcAfotsNBP0paq+Iuv2p90zZc1z+O+Z/ZR0GnnX4oWX4PZn5c/ys17xQGTxAEQRAEQRAEQRAEQRAEUYYfNTC8mx305Wjc6I6e/h0AAP//pYth6A==")
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x103)
splice(r7, 0x0, r11, 0x0, 0x4ffe6, 0x0)
getresuid(&(0x7f0000000440), &(0x7f0000000400), &(0x7f00000004c0)=<r12=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',privport,access=', @ANYRESDEC=r12])
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x100000, &(0x7f0000000880)=ANY=[@ANYBLOB='fd=', @ANYRES32=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r3, @ANYBLOB="2c64656661756c745f7065726d697373696f6e732c626c6b73697a653d3078303030303030303030303030303430302c6d61785f726561643d3078303030303030303030303030303030312c7375626a5f747970653d962b2c7569643e", @ANYRESDEC=r12, @ANYBLOB="2c7375626a5f107365723d2f2e2c6f626a5f72536c653d2e5c2d25282b2c6d65617375726d2c6e6f6c617a7974696d652c00"])

875.307166ms ago: executing program 1 (id=7):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x4, 0x24, &(0x7f0000000400)=ANY=[], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000034fdeba50100b70300000000000085000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x1, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002)
sched_setscheduler(r4, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
r9 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x0, 0x12, 0x600, 0x1c0, 0x202, 0x290, 0x2e8, 0x2e8, 0x290, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth1_to_bond\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "0000000000000019b5115c2aee68d23a465cd431e150c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baeb8989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b500", 0x2}}, @common=@inet=@socket2={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0)
socket$key(0xf, 0x3, 0x2)

764.465488ms ago: executing program 2 (id=8):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x1002, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r0, &(0x7f00000021c0)={0x1f, 0xd3, @any, 0x3}, 0xe)
listen(r0, 0x9)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4)

763.656398ms ago: executing program 0 (id=1):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000000)={0x79})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000100)=0x4)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000080)=0x2)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000740)={"808653769f50df58624295cc7aeae1914d55ba337e30f9a12499193c721e5882fd645f9bb2e2cf88f1c084f6a82522cec7592c4114e068ac3f651dc519c1dc1e763bb8e987153e52c192c5e8652809b057e483fa3281dc50559a0867e1a66e314026cfe30b84c3a1d0bf3db7a748162421014d3fcac3c4cb7e6a22e3938e05c03693bd4a88b47311dd93bede2a46065704f63fd88dacc60ec3004705fe45c8dd154025e7ba8e0e8ebd0e9036ccf370829c44b18e0b759644657724838f714cdffc3937dbf27e0b34eb6d21a0a453b8f9b469e8a61de2c33888e5413a5f884be17c8d210994dedefd3ed29099fb61c4e943a7f2d2af4a47e64d63af12b3b054007d645d4b3e55b34cb894bd58b1d21a45bf9418a78b60c7b5341b9107bf4b0d37fe622a36cd305f2fa2f566786d636838eaf8658e432510170ce247ecc5102e890fb9a6faf4671421b1173995c262bfe6d45c5a0eda06109f0f049a6a1114764b85e7339ffbb22e84b623a686dd5287f23bc09007ba19f515e0b7e649ab8a6474859328a09a561f5ebcd6f9e8f38b7d12d0df01bf147852ed5b090e7baa56720d9ba22f71704704c322650e05a5a9f3351793adbb4f746992f879d990598344ead42b812e9599a20d51bad7ff93bf6104330897a7a34c10f95f60b934b2a864f6936cac5b5a73b628adadebea5ae5906e18c8927eab35e53fa6f016984e376e223363376dbc510810807b69e13e2946f6f8835a97efc8e6d8f78446203eae0bcd3e7f63c88499dc0829c3df2b9900225c7f3074c1fcab2170d8d45e18679d10cdc394ae214960c1655b5f61fcb55dcabe240eab6d7f55d879ed12288be37c89406c28d2f95eb95e72e2a4d11554f2a5c3a03f1bb1d0f554531ecf5f19a435d484569a5c42ea89a1e7d664ad8f6ece582bcdb2d53c8002035fc4d99c12aacfaaf34e88c989d553ca138020f273a4b407c9f11f9c61f34d985a5e2acdf0ab14db335be776b84013153951363180d96fa765eb226b4bf25a652077749e6a8e987f9898f152205b175eee8c1e3fe47ab8ff68edd3453a0721817a29f4b3ea3022c3a5af3daf4d0cb9c4a34e3627e38bbeba0a67e5f142e252956d87a4fff8528b09432f2f5f4c15fbfdd2451925ea73f7a8bf37262580ab47d265ed6bfe3fb3e4e19feaa13a089fdba86043686d59792b865375b5665d6b91470ec80b7115ac095e4822815aeac232a1900daa6bd95efec249d485cf5e5a266e938d74ab9060622aa426cb76e9e22f24f6498448cc7c0c6ebf7dbc289f68faa0aeca1d51739f9d5868e573adc9a49523b476fe6f5e746ab57e50a996a38fe5f3d9181a8a03881aff8cb124bf981421d24e7d04b0aa43330616f4ebee30d23629f6f1387fdc0b3de32df913c205a211b921f7715c91f60bab4f7799b16798ae04baf89b9ae93becc59b"})
mremap(&(0x7f00003ff000/0xc00000)=nil, 0xc00000, 0x2000, 0x3, &(0x7f0000000000/0x2000)=nil)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

706.191249ms ago: executing program 2 (id=9):
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x101180, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

534.959911ms ago: executing program 0 (id=10):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000600)="450f2300642e65450fc73f8f0978cb950000000066ba4300ec0f320f01f866b804018ec8f200eb2e4081a78c0b84a262fa31e9652e470f78de", 0x39}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

511.151402ms ago: executing program 4 (id=11):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8800, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x79)

147.506268ms ago: executing program 3 (id=12):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f0000000000)={0x1d, r1}, 0x10)
sendmsg$can_raw(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=@can={{0x4, 0x0, 0x1, 0x1}, 0x1, 0x2, 0x0, 0x0, "0d000000000000a0"}, 0x10}, 0x1, 0x0, 0x0, 0x8000}, 0x200008e1)

131.215158ms ago: executing program 3 (id=13):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000080)=0x1, 0x4)

92.251579ms ago: executing program 0 (id=14):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x1802, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x804)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040), 0x6)
getsockname(r1, 0x0, &(0x7f0000000180))

70.393879ms ago: executing program 3 (id=15):
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x1802, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
io_submit(0x0, 0x1, &(0x7f0000000040)=[0x0])
bind$bt_hci(r2, &(0x7f0000000040), 0x6)
write$bt_hci(r2, &(0x7f0000000100)={0x1, @le_ltk_neg_reply={{0x201b, 0x2}, {0xc8}}}, 0x6)
sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000001b00)={&(0x7f00000017c0)={0x14, 0x0, 0x21, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4050)
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c089}, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

68.292179ms ago: executing program 4 (id=16):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000880)={0x1, 0x0, [{0xc0000101, 0x0, 0x7}]})

53.256739ms ago: executing program 2 (id=17):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000180)={0x120003, 0x0, [0x1, 0xe0de, 0x3, 0xc, 0x0, 0x80000de04, 0x80000001, 0x8000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

983.45µs ago: executing program 0 (id=18):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, 0x0, 0xc004)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c0000000203030000000000000000200000"], 0x1c}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0)
eventfd2(0x0, 0x0)
io_setup(0x81, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', <r7=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x1ff, {0x0, 0x0, 0x0, r7, {0xfff2}, {0x30}, {0x8, 0x10}}}, 0x24}}, 0x0)

489.17µs ago: executing program 4 (id=19):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
pipe(0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)='8', 0x1}], 0x4a, 0x0)
write(0xffffffffffffffff, &(0x7f0000002e00)='R{', 0x2)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000040000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket(0x10, 0x803, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=@newtfilter={0x10c, 0x2c, 0xd2b, 0x70bd29, 0x35dfdbfb, {0x0, 0x0, 0x0, r7, {0x6}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0xe0, 0x2, [@TCA_U32_FLAGS={0x8, 0xb, 0x2}, @TCA_U32_SEL={0xd4, 0x5, {0x0, 0x9, 0x4, 0x9e, 0x8, 0x0, 0x4, 0x5, [{0x5, 0x0, 0x10001, 0x8000}, {0x6, 0xfffffff8, 0x2, 0xffff}, {0x6, 0xfffff801, 0x1000, 0x6}, {0x0, 0x20000000, 0x8, 0x1a15}, {0x9, 0x8, 0xb, 0x4}, {0xc9, 0x1, 0x7, 0x4}, {0x9, 0xc, 0x2, 0x400}, {0xac8, 0x27, 0x5, 0x6}, {0x6, 0x7, 0x7, 0x7}, {0x745, 0x3, 0xe9, 0x4a}, {0x9, 0x9, 0x5, 0x7}, {0x2f875030, 0x3, 0x7, 0x2}]}}]}}]}, 0x10c}}, 0x24040084)

0s ago: executing program 2 (id=20):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, 0x0, 0x57)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x10000}}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd}}, 0xe8)
r2 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x25dfdbfe, {{@in6=@private0={0xfc, 0x0, '\x00', 0x40}, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x400, 0x0, 0x0, 0xa, 0x60, 0x80, 0x0, 0x0, 0xee01}, {}, {}, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001000000000000"], 0xb8}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket(0x28, 0x5, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.232' (ED25519) to the list of known hosts.
[   21.850367][   T30] audit: type=1400 audit(1753568317.383:64): avc:  denied  { mounton } for  pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.851868][  T273] cgroup: Unknown subsys name 'net'
[   21.873152][   T30] audit: type=1400 audit(1753568317.383:65): avc:  denied  { mount } for  pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.900483][   T30] audit: type=1400 audit(1753568317.403:66): avc:  denied  { unmount } for  pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.900906][  T273] cgroup: Unknown subsys name 'devices'
[   22.041461][  T273] cgroup: Unknown subsys name 'hugetlb'
[   22.047077][  T273] cgroup: Unknown subsys name 'rlimit'
[   22.246830][   T30] audit: type=1400 audit(1753568317.773:67): avc:  denied  { setattr } for  pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   22.270221][   T30] audit: type=1400 audit(1753568317.773:68): avc:  denied  { mounton } for  pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   22.276670][  T275] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   22.295210][   T30] audit: type=1400 audit(1753568317.773:69): avc:  denied  { mount } for  pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   22.326794][   T30] audit: type=1400 audit(1753568317.833:70): avc:  denied  { relabelto } for  pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.338371][  T273] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   22.352460][   T30] audit: type=1400 audit(1753568317.833:71): avc:  denied  { write } for  pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.386577][   T30] audit: type=1400 audit(1753568317.863:72): avc:  denied  { read } for  pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.412133][   T30] audit: type=1400 audit(1753568317.863:73): avc:  denied  { open } for  pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   24.317888][  T282] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.325014][  T282] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.332540][  T282] device bridge_slave_0 entered promiscuous mode
[   24.344051][  T281] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.351651][  T281] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.359352][  T281] device bridge_slave_0 entered promiscuous mode
[   24.367372][  T281] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.374477][  T281] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.381957][  T281] device bridge_slave_1 entered promiscuous mode
[   24.391275][  T282] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.398318][  T282] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.405754][  T282] device bridge_slave_1 entered promiscuous mode
[   24.499702][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.506891][  T283] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.514343][  T283] device bridge_slave_0 entered promiscuous mode
[   24.522864][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.529963][  T283] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.537452][  T283] device bridge_slave_1 entered promiscuous mode
[   24.558830][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.565947][  T285] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.573613][  T285] device bridge_slave_0 entered promiscuous mode
[   24.593543][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.600660][  T285] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.608047][  T285] device bridge_slave_1 entered promiscuous mode
[   24.621485][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.628541][  T284] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.636047][  T284] device bridge_slave_0 entered promiscuous mode
[   24.643005][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.650080][  T284] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.657539][  T284] device bridge_slave_1 entered promiscuous mode
[   24.824236][  T281] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.831346][  T281] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.838664][  T281] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.845730][  T281] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.858688][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.865779][  T285] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.873108][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.880157][  T285] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.900577][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.907643][  T284] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.914941][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.921984][  T284] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.930663][  T282] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.937710][  T282] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.944995][  T282] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.952755][  T282] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.963808][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.970965][  T283] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.978228][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.985273][  T283] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.038399][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.046951][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.054623][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.062050][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.070746][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.078193][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.085646][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.093277][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.100792][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.108527][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.116731][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   25.124263][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.150752][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.158206][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.166472][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.173518][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.182044][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.190250][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.197388][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.204815][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.212825][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.220826][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   25.228217][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.238163][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.266517][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.274902][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.282608][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.291129][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.298198][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.305661][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.313997][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.321051][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.328475][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.336679][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.343733][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.351137][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.359371][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.366407][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.373936][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.395281][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.403439][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.412066][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.419421][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.427704][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.435783][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.444050][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.451113][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.467809][  T281] device veth0_vlan entered promiscuous mode
[   25.474915][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   25.483228][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.491295][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   25.499520][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.507488][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.516258][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.524566][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.532673][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.542080][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.549638][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.563121][  T285] device veth0_vlan entered promiscuous mode
[   25.572472][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.580902][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.589768][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.597709][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.605983][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.614472][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.623003][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   25.631274][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.639583][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.647101][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.664325][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   25.672547][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.680784][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.689041][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.698692][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.707134][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.720922][  T282] device veth0_vlan entered promiscuous mode
[   25.727438][  T281] device veth1_macvtap entered promiscuous mode
[   25.735343][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   25.743189][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.751350][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.759615][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.767042][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.778684][  T283] device veth0_vlan entered promiscuous mode
[   25.788764][  T285] device veth1_macvtap entered promiscuous mode
[   25.796442][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.804537][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.813188][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.821542][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.829785][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   25.837336][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.845733][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.854229][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.861732][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.881255][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.889587][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.897869][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.906465][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.923996][  T281] request_module fs-gadgetfs succeeded, but still no fs?
[   25.925127][  T284] device veth0_vlan entered promiscuous mode
[   25.938358][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.947325][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.955863][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.964681][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.973148][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.981215][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.989480][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.996950][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.006996][  T282] device veth1_macvtap entered promiscuous mode
[   26.028838][  T283] device veth1_macvtap entered promiscuous mode
[   26.035907][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   26.041034][  T335] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   26.045433][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.068262][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   26.076490][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.085989][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.096342][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.104724][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.116335][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   26.124753][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.133072][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   26.155228][  T284] device veth1_macvtap entered promiscuous mode
[   26.203651][  T341] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'.
[   26.246257][  T343] loop4: detected capacity change from 0 to 1024
[   26.263652][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.277803][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   26.291393][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.300376][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.308880][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.317468][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.326649][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.328662][  T343] EXT4-fs (loop4): Ignoring removed orlov option
[   26.359494][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.368311][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.693402][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.711506][  T343] EXT4-fs (loop4): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[   26.879488][  T351] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'.
[   26.922963][  T358] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=358 comm=syz.4.5
[   27.003090][   T30] kauditd_printk_skb: 50 callbacks suppressed
[   27.003143][   T30] audit: type=1400 audit(1753568322.533:124): avc:  denied  { read } for  pid=360 comm="syz.1.7" name="event0" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   27.035153][   T30] audit: type=1400 audit(1753568322.533:125): avc:  denied  { open } for  pid=360 comm="syz.1.7" path="/dev/input/event0" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   27.069474][   T30] audit: type=1400 audit(1753568322.543:126): avc:  denied  { mounton } for  pid=342 comm="syz.4.5" path="/0/bus/file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   27.117334][   T30] audit: type=1400 audit(1753568322.593:127): avc:  denied  { mounton } for  pid=342 comm="syz.4.5" path="/0/bus/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   27.195487][   T30] audit: type=1326 audit(1753568322.633:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=346 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9757059a9 code=0x7ffc0000
[   27.304739][   T30] audit: type=1326 audit(1753568322.633:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=346 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9757059a9 code=0x7ffc0000
[   27.364810][   T30] audit: type=1400 audit(1753568322.643:130): avc:  denied  { write } for  pid=362 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   27.453305][  T374] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   27.640499][   T30] audit: type=1400 audit(1753568322.653:131): avc:  denied  { create } for  pid=364 comm="syz.2.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   27.670225][   T30] audit: type=1400 audit(1753568322.653:132): avc:  denied  { bind } for  pid=364 comm="syz.2.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   27.690022][   T30] audit: type=1400 audit(1753568322.653:133): avc:  denied  { listen } for  pid=364 comm="syz.2.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   27.717997][  T371] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[   27.729565][  T371] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[   27.795297][   T20] kernel read not supported for file /rfkill (pid: 20 comm: kworker/0:1)
[   27.831321][  T353] Bluetooth: hci0: Frame reassembly failed (-84)
[   27.875162][  T396] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18'.
[   27.888674][  T400] ==================================================================
[   27.896874][  T400] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   27.906120][  T400] Read of size 1 at addr ffff8881118963f8 by task syz.2.20/400
[   27.913691][  T400] 
[   27.916049][  T400] CPU: 0 PID: 400 Comm: syz.2.20 Not tainted 5.15.189-syzkaller-00079-ga71626bd56a5 #0
[   27.925713][  T400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   27.935816][  T400] Call Trace:
[   27.939132][  T400]  <TASK>
[   27.942080][  T400]  __dump_stack+0x21/0x30
[   27.946431][  T400]  dump_stack_lvl+0xee/0x150
[   27.951042][  T400]  ? show_regs_print_info+0x20/0x20
[   27.956266][  T400]  ? load_image+0x3a0/0x3a0
[   27.962917][  T400]  ? unwind_get_return_address+0x4d/0x90
[   27.968648][  T400]  print_address_description+0x7f/0x2c0
[   27.974225][  T400]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   27.980782][  T400]  kasan_report+0xf1/0x140
[   27.985200][  T400]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   27.991739][  T400]  __asan_report_load1_noabort+0x14/0x20
[   27.997383][  T400]  xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   28.003719][  T400]  xfrm_policy_inexact_insert_node+0x938/0xb50
[   28.009879][  T400]  ? netlink_unicast+0x876/0xa40
[   28.014832][  T400]  xfrm_policy_inexact_alloc_chain+0x53a/0xb30
[   28.020987][  T400]  xfrm_policy_inexact_insert+0x70/0x1130
[   28.026734][  T400]  ? __get_hash_thresh+0x10c/0x420
[   28.031847][  T400]  ? policy_hash_bysel+0x110/0x4f0
[   28.036953][  T400]  xfrm_policy_insert+0x126/0x9a0
[   28.042145][  T400]  ? xfrm_policy_construct+0x54f/0x1f00
[   28.047686][  T400]  xfrm_add_policy+0x4d1/0x830
[   28.052447][  T400]  ? xfrm_dump_sa_done+0xc0/0xc0
[   28.057478][  T400]  xfrm_user_rcv_msg+0x45c/0x6e0
[   28.062413][  T400]  ? xfrm_netlink_rcv+0x90/0x90
[   28.067264][  T400]  ? avc_has_perm_noaudit+0x460/0x460
[   28.072715][  T400]  ? x64_sys_call+0x4b/0x9a0
[   28.077311][  T400]  ? selinux_nlmsg_lookup+0x237/0x4c0
[   28.082692][  T400]  netlink_rcv_skb+0x1e0/0x430
[   28.087454][  T400]  ? xfrm_netlink_rcv+0x90/0x90
[   28.092306][  T400]  ? netlink_ack+0xb60/0xb60
[   28.096897][  T400]  ? wait_for_completion_killable_timeout+0x10/0x10
[   28.103481][  T400]  ? __netlink_lookup+0x387/0x3b0
[   28.108503][  T400]  xfrm_netlink_rcv+0x72/0x90
[   28.113173][  T400]  netlink_unicast+0x876/0xa40
[   28.117938][  T400]  netlink_sendmsg+0x86a/0xb70
[   28.122697][  T400]  ? netlink_getsockopt+0x530/0x530
[   28.127897][  T400]  ? sock_alloc_file+0xba/0x260
[   28.132752][  T400]  ? security_socket_sendmsg+0x82/0xa0
[   28.138216][  T400]  ? netlink_getsockopt+0x530/0x530
[   28.143414][  T400]  ____sys_sendmsg+0x5a2/0x8c0
[   28.148179][  T400]  ? __sys_sendmsg_sock+0x40/0x40
[   28.153201][  T400]  ? import_iovec+0x7c/0xb0
[   28.157837][  T400]  ___sys_sendmsg+0x1f0/0x260
[   28.162523][  T400]  ? __sys_sendmsg+0x250/0x250
[   28.167289][  T400]  ? __fdget+0x1a1/0x230
[   28.171533][  T400]  __x64_sys_sendmsg+0x1e2/0x2a0
[   28.176567][  T400]  ? ___sys_sendmsg+0x260/0x260
[   28.182857][  T400]  ? __kasan_check_write+0x14/0x20
[   28.187977][  T400]  ? switch_fpu_return+0x15d/0x2c0
[   28.193101][  T400]  x64_sys_call+0x4b/0x9a0
[   28.197532][  T400]  do_syscall_64+0x4c/0xa0
[   28.201949][  T400]  ? clear_bhb_loop+0x50/0xa0
[   28.206619][  T400]  ? clear_bhb_loop+0x50/0xa0
[   28.211288][  T400]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   28.217178][  T400] RIP: 0033:0x7fcee1da79a9
[   28.221595][  T400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   28.241198][  T400] RSP: 002b:00007fcee0410038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   28.249669][  T400] RAX: ffffffffffffffda RBX: 00007fcee1fcefa0 RCX: 00007fcee1da79a9
[   28.257670][  T400] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000009
[   28.265676][  T400] RBP: 00007fcee1e29d69 R08: 0000000000000000 R09: 0000000000000000
[   28.273650][  T400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   28.281625][  T400] R13: 0000000000000000 R14: 00007fcee1fcefa0 R15: 00007ffdca077038
[   28.289608][  T400]  </TASK>
[   28.292629][  T400] 
[   28.294950][  T400] Allocated by task 400:
[   28.299192][  T400]  __kasan_kmalloc+0xda/0x110
[   28.303876][  T400]  __kmalloc+0x13d/0x2c0
[   28.308121][  T400]  sk_prot_alloc+0xed/0x320
[   28.312629][  T400]  sk_alloc+0x38/0x430
[   28.316701][  T400]  pfkey_create+0x12a/0x660
[   28.321210][  T400]  __sock_create+0x38d/0x7a0
[   28.325800][  T400]  __sys_socket+0xec/0x190
[   28.330211][  T400]  __x64_sys_socket+0x7a/0x90
[   28.334885][  T400]  x64_sys_call+0x8c5/0x9a0
[   28.339393][  T400]  do_syscall_64+0x4c/0xa0
[   28.343806][  T400]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   28.349725][  T400] 
[   28.352043][  T400] The buggy address belongs to the object at ffff888111896000
[   28.352043][  T400]  which belongs to the cache kmalloc-1k of size 1024
[   28.366093][  T400] The buggy address is located 1016 bytes inside of
[   28.366093][  T400]  1024-byte region [ffff888111896000, ffff888111896400)
[   28.379538][  T400] The buggy address belongs to the page:
[   28.385165][  T400] page:ffffea0004462400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111890
[   28.395415][  T400] head:ffffea0004462400 order:3 compound_mapcount:0 compound_pincount:0
[   28.403738][  T400] flags: 0x4000000000010200(slab|head|zone=1)
[   28.409816][  T400] raw: 4000000000010200 ffffea000444f400 0000000300000003 ffff888100043080
[   28.418418][  T400] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   28.427007][  T400] page dumped because: kasan: bad access detected
[   28.433421][  T400] page_owner tracks the page as allocated
[   28.439129][  T400] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 101, ts 5652665368, free_ts 0
[   28.457309][  T400]  post_alloc_hook+0x192/0x1b0
[   28.462083][  T400]  prep_new_page+0x1c/0x110
[   28.466586][  T400]  get_page_from_freelist+0x2cc5/0x2d50
[   28.472136][  T400]  __alloc_pages+0x18f/0x440
[   28.476943][  T400]  new_slab+0xa1/0x4d0
[   28.481035][  T400]  ___slab_alloc+0x381/0x810
[   28.485635][  T400]  __slab_alloc+0x49/0x90
[   28.489975][  T400]  __kmalloc_track_caller+0x169/0x2c0
[   28.495351][  T400]  __alloc_skb+0x21a/0x740
[   28.499768][  T400]  netlink_sendmsg+0x602/0xb70
[   28.504554][  T400]  ____sys_sendmsg+0x5a2/0x8c0
[   28.509316][  T400]  ___sys_sendmsg+0x1f0/0x260
[   28.513999][  T400]  __x64_sys_sendmsg+0x1e2/0x2a0
[   28.518935][  T400]  x64_sys_call+0x4b/0x9a0
[   28.523353][  T400]  do_syscall_64+0x4c/0xa0
[   28.527774][  T400]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   28.533683][  T400] page_owner free stack trace missing
[   28.539257][  T400] 
[   28.541860][  T400] Memory state around the buggy address:
[   28.547674][  T400]  ffff888111896280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.555748][  T400]  ffff888111896300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.563809][  T400] >ffff888111896380: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   28.571866][  T400]                                                                 ^
[   28.579842][  T400]  ffff888111896400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.587901][  T400]  ffff888111896480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.595965][  T400] ==================================================================
[   28.604041][  T400] Disabling lock debugging due to kernel taint
[   28.797041][  T403] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18'.
[   29.849357][   T20] Bluetooth: hci0: command 0x1003 tx timeout
[   29.855554][  T394] Bluetooth: hci0: sending frame failed (-49)
[   31.929252][   T20] Bluetooth: hci0: command 0x1001 tx timeout
[   31.935585][  T394] Bluetooth: hci0: sending frame failed (-49)
[   34.009357][   T20] Bluetooth: hci0: command 0x1009 tx timeout