last executing test programs: 1m27.905887625s ago: executing program 4 (id=1044): sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100800001) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x400000000000002) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$bt_hci(r1, 0x84, 0x7f, &(0x7f00000011c0)=""/4072, &(0x7f0000001180)=0xfe8) socket$nl_generic(0x10, 0x3, 0x10) r2 = io_uring_setup(0x59b5, &(0x7f00000002c0)) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000001200)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20-simd,anubis-generic,nhpoly1305-sse2)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r4 = accept$alg(r3, 0x0, 0x0) write$binfmt_elf64(r4, &(0x7f0000000000)=ANY=[], 0x100000530) close_range(r2, 0xffffffffffffffff, 0x0) syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_REMOVE(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0}}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x36}, "7058abce57033f29eb6dc1f8b128a7537a3409329d374c37fd2f23cfa5a5495ffc36ac891ea6f898ba2a0784b3781c59e6bd91a231a6"}, 0x3a) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) connect$inet6(r6, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r6, &(0x7f0000000200), 0xfffffd9d) syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="02c90012000e0000000700ffff67640700b90f56a9d333b60c487bcdde0cf8d0735995315fe01c0f2327c74535e3886c660212078f4a7b00c1c3d055b845ac5cef765bff1e1f9674d2b7b08cd0f8ac082a8dc156bc573c09007e4cc96e88345b44913400b840fda4f5c54558944f47afb58c5cd9ac5dbe43bc80b0fab30f7e740085c941eed673a98556f1ac2c4b572aa89bdfcf78f97f8b8286508ad75a3651cf7c47845c82b4e870b2d660fe00000000000000"], 0x17) syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r7 = inotify_init() inotify_add_watch(r7, &(0x7f0000000180)='./file0\x00', 0x80000108) 34.011148236s ago: executing program 2 (id=1079): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="38003300c0000000e7ffffffffff080211000000"], 0x54}}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) geteuid() r7 = syz_open_dev$dri(&(0x7f0000000340), 0x5, 0x408041) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[0x0, 0x0], 0x2}) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r7, 0xc01064c7, &(0x7f00000002c0)={0x1, 0x0, &(0x7f0000000280)=[0x0]}) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000540)={r1, 0xffffffa1, &(0x7f0000000480)={&(0x7f0000000400)=""/51, 0x33, 0x0, &(0x7f0000000740)=""/138, 0x8a}}, 0x10) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab44f4850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='kfree\x00', r9}, 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r10 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r10, &(0x7f0000000f80)=""/4096, 0x300) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) 31.840669475s ago: executing program 2 (id=1081): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000ad90000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r5, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) setsockopt$inet6_int(r5, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, 0x0, 0x0) recvmmsg(r5, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) open_tree(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x8500) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 31.699326272s ago: executing program 4 (id=1050): syz_usb_connect(0x0, 0x2d, 0x0, 0x0) mknod(0x0, 0x200, 0x9) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() socket$nl_route(0x10, 0x3, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = syz_io_uring_setup(0x182e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100), 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f00000002c0)={&(0x7f0000001000)={[{&(0x7f0000000480)="278a9e9f6f96d7a18e2f66e9d46e126faccc8f6a4e5a21367a7106c8c7f12f41503606e6f92785773d5b062e5b2c9c3d63ba6a2f653f254dcd2caaa05d4ebe4f7b2c6facd307e7fe479bb2695bdb7a1155cb1643da012d79a82ddea62ebab8e75eba228fd90c7a2fb4ec84f867d9c8729a0cd01bad25b3bb6b5c9297ec2eefee69348ded52e79f3916fbd641914895b1a2a5d919d2e97c6046cc0198d46cb77fba849639a09a23fe3c73f76aa1b1aa11ae410b1405402160e149c4b179a43d1ef9a0ca914814f7e706200f83ea77ea06f45c71e632879029c957cb86d976c27001015a94c57dc0214c4acb78efa97d10", 0xf0}]}, 0x1, 0x2}, 0x1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$netlink(0x10, 0x3, 0x0) unshare(0x22020600) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x9362, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r6, 0x5421, &(0x7f00000003c0)=0x100000001) setsockopt$inet_tcp_int(r6, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4) connect$inet(r6, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) close(r6) unshare(0x8000500) r7 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') setns(r7, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_MEDIA_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x20}}, 0x0) 29.484414407s ago: executing program 2 (id=1082): syz_open_dev$MSR(0x0, 0x400000006, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_emit_ethernet(0x23, &(0x7f0000000400)={@link_local, @link_local, @void, {@mpls_uc={0x8847, {[], @generic="111cf913bc50973f8a9e773e9138dc1e42e47786bb"}}}}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r6, 0x0, 0x0, 0x0, 0x0}) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x6000) setresuid(0x0, r9, 0x0) prlimit64(0x0, 0x8, &(0x7f0000000000), 0x0) ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000140)={0x1a, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f00000002c0)={0x18, 0x0, r7, r10, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000040)={0x28, 0x3, r10, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000}) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000000)) socket$netlink(0x10, 0x3, 0x0) fsopen(&(0x7f0000000300)='vfat\x00', 0x0) 27.78663653s ago: executing program 2 (id=1084): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000040)=ANY=[], 0xfdef) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) ptrace$ARCH_GET_FS(0x1e, 0x0, 0x0, 0x1003) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000140)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x7, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}, 0xd8) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(&(0x7f0000000000)=@sg0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x11, 0x0, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000019080)='net/dev_mcast\x00') r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a80)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x80}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x6c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x40, 0x3, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x30, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x9}]}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe4}}, 0x0) pread64(r4, &(0x7f0000000080)=""/102356, 0x18fd4, 0x80) ioctl$sock_inet_SIOCDELRT(r4, 0x890c, &(0x7f0000000000)={0x0, {0x2, 0x4e21, @local}, {0x2, 0x0, @multicast1}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}) socket$key(0xf, 0x3, 0x2) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 26.433350813s ago: executing program 4 (id=1086): r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000000000000000008500"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) time(0xfffffffffffffffc) r5 = syz_io_uring_setup(0x24f7, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0xfffffffd, 0xfffffffd}, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_RECVMSG={0xa, 0x13, 0x0, r2, 0x0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000440)=""/66, 0x42}, {&(0x7f00000004c0)=""/67, 0x43}, {&(0x7f00000006c0)=""/147, 0x93}, {&(0x7f0000000340)=""/58, 0x3a}, {&(0x7f0000000780)=""/157, 0x9d}, {&(0x7f0000000840)=""/224, 0xe0}], 0x6, &(0x7f0000000940)=""/75, 0x4b}, 0x0, 0x40000021, 0x0, {0x1}}) io_uring_enter(r5, 0x4d92, 0x0, 0x0, 0x0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB], 0xd4}}, 0x4000) r9 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r9, &(0x7f00000000c0), 0x10) r10 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r9, &(0x7f0000000280)={&(0x7f0000000040)={0x1d, r11}, 0x10, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="01000000270000000200000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB], 0x48}}, 0x20004080) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="240000003b000701000000000000000004000000040000000400088008"], 0x24}}, 0x0) r12 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0xba01}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 25.190794246s ago: executing program 4 (id=1088): syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'tunl0\x00', &(0x7f0000000140)=@ethtool_cmd={0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x3c, r3, 0x1, 0xfffffeff, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {0x3}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @void}}]}, 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_tunnel_key={0x58, 0x1, 0x0, 0x0, {{0xf}, {0x28, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @multicast1}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9) connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={0x0, 0x43c}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r9, @ANYBLOB="0a0034000202020202020000040067000400cc00040008010600660000000000"], 0x3c}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000200)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cabf00", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra}}}}}, 0x0) write$binfmt_script(r6, &(0x7f0000000100), 0xfffffd9d) r10 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000880)={'macvlan1\x00', 0x0}) sendto$packet(r10, 0x0, 0x64, 0x0, &(0x7f00000001c0)={0x11, 0x1, r11, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$NL80211_CMD_DEL_PMKSA(r6, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="44000000d52f1640e032945295759fb7ecc3052670e75bda915536f9ac493f793446afa557281b5a94f0d093ab8fd4fd71f49402f923bedc3f0c592fef987179a2740b2294f22c92bbaa13718ce44160c47983194c85d6ecee48e98298a6fe522c559364c9cbb3d1a32812554c5d3d939a66fa6298ce960dea24b85d9b284f0b839719e508e2c2aef2b84dbe30a8a85247ebe249a775b431ab25bf894f2916e866f7e94d5aa13c4e9e9c2d588c9f55f0e5e87fd6446ac6a77d", @ANYRES16=r8, @ANYBLOB="000125bd7000fbdbdf253500000008000300", @ANYRES32=r9, @ANYBLOB="0c009900000400002b0000000a000600ffffffffffff00000600fd00ffff00000500200100000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000400)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000140300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c78cd3e7dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) sendfile(r5, r6, 0x0, 0x8000002b) 23.830886986s ago: executing program 2 (id=1090): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449}) socket$netlink(0x10, 0x3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0xfff) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0) syz_emit_ethernet(0x5e, &(0x7f00000001c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x28, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x22, 0x2}, @exp_fastopen={0xfe, 0xf, 0xf989, "467cb10d460896a479c096"}]}}}}}}}}, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000040)={{@my=0x1}, @host, 0x0, 0x0, 0x7}) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r3, 0x7a4, &(0x7f0000000180)={{@my=0x1, 0x2}, 0x5}) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents64(r6, &(0x7f0000002f40)=""/4098, 0x1002) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x5, 0x3, 0x0, 0x1000, &(0x7f000000a000/0x1000)=nil}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x4) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) bind$can_raw(0xffffffffffffffff, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000000180)=[{{}, {0x0, 0x0, 0x1, 0x1}}, {{}, {0x0, 0x0, 0x1, 0x1}}], 0x10) 23.674980901s ago: executing program 1 (id=1091): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0xc0241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000040)=ANY=[], 0xfdef) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) ptrace$ARCH_GET_FS(0x1e, 0x0, 0x0, 0x1003) inotify_add_watch(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000140)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x7, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}, 0xd8) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(&(0x7f0000000000)=@sg0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x11, 0x0, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000019080)='net/dev_mcast\x00') r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a80)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x80}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x6c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x40, 0x3, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x30, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x9}]}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe4}}, 0x0) pread64(r4, &(0x7f0000000080)=""/102356, 0x18fd4, 0x80) ioctl$sock_inet_SIOCDELRT(r4, 0x890c, &(0x7f0000000000)={0x0, {0x2, 0x4e21, @local}, {0x2, 0x0, @multicast1}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}) socket$key(0xf, 0x3, 0x2) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 22.833391137s ago: executing program 4 (id=1092): openat$tun(0xffffffffffffff9c, 0x0, 0x410301, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) syz_emit_vhci(0x0, 0x17) socket$kcm(0x2, 0x7, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000480)={'\x00', @local}) r0 = getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) kexec_load(0x0, 0x0, 0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) r2 = inotify_init() inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0xfe) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(0x0, 0x5) mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000000), 0x400, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat(r3, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x24c01, 0x0) io_setup(0x202, &(0x7f0000000200)) mkdir(0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave']) chdir(&(0x7f0000000140)='./file0\x00') r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000500)={'#! ', './file0', [], 0xa, "0f3ed68e28907ff47785eb54b3ff0700000000000075dd6f4d862dd994050a948499f05fa1bc508671d60532f9c9b2e5933190e22970bda52db04cc0111d24dcf50e7edab5ff0d2f06d58ecc511e2e17ca09eff35f7dc08a1bf9578a579a2849637d4f9b"}, 0x6f) 18.734690317s ago: executing program 0 (id=1095): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="38003300c0000000e7ffffffffff080211000000"], 0x54}}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) geteuid() r6 = syz_open_dev$dri(&(0x7f0000000340), 0x5, 0x408041) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[0x0, 0x0], 0x2}) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r6, 0xc01064c7, &(0x7f00000002c0)={0x1, 0x0, &(0x7f0000000280)=[0x0]}) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000540)={r1, 0xffffffa1, &(0x7f0000000480)={&(0x7f0000000400)=""/51, 0x33, 0x0, &(0x7f0000000740)=""/138, 0x8a}}, 0x10) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab44f4850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='kfree\x00', r8}, 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r9, &(0x7f0000000f80)=""/4096, 0x300) timer_create(0x4, &(0x7f0000000380)={0x0, 0x2a, 0x0, @tid=r2}, &(0x7f00000003c0)) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) 17.896239837s ago: executing program 4 (id=1097): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x96dca55c25fb4027, &(0x7f0000000180)=0x40000000010001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = syz_io_uring_setup(0x24f8, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000080)) r3 = socket$inet6_dccp(0xa, 0x6, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) io_uring_enter(r2, 0x5b43, 0x0, 0x0, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x1, 0x2ffffffff}, 0xc) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r6, &(0x7f0000000200)=ANY=[@ANYBLOB="5200030007"], 0xd) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000080), 0x4) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e0003000f000000028000001294", 0x2e}], 0x1}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000005080), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_TDLS_MGMT(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r3, 0x1, 0x7, &(0x7f0000000740), 0x4) ioctl$KVM_NMI(r0, 0xae9a) sendmmsg$inet6(r1, &(0x7f0000000e80)=[{{&(0x7f0000000240)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000480)="be", 0x1}], 0x1}}], 0x1, 0xc0c0) 17.894242021s ago: executing program 2 (id=1108): syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'tunl0\x00', &(0x7f0000000140)=@ethtool_cmd={0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x3c, r3, 0x1, 0xfffffeff, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {0x3}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @void}}]}, 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_tunnel_key={0x58, 0x1, 0x0, 0x0, {{0xf}, {0x28, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @multicast1}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9) connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={0x0, 0x43c}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r9, @ANYBLOB="0a0034000202020202020000040067000400cc00040008010600660000000000"], 0x3c}}, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) write$binfmt_script(r6, &(0x7f0000000100), 0xfffffd9d) r10 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000880)={'macvlan1\x00', 0x0}) sendto$packet(r10, 0x0, 0x64, 0x0, &(0x7f00000001c0)={0x11, 0x1, r11, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$NL80211_CMD_DEL_PMKSA(r6, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="44000000d52f1640e032945295759fb7ecc3052670e75bda915536f9ac493f793446afa557281b5a94f0d093ab8fd4fd71f49402f923bedc3f0c592fef987179a2740b2294f22c92bbaa13718ce44160c47983194c85d6ecee48e98298a6fe522c559364c9cbb3d1a32812554c5d3d939a66fa6298ce960dea24b85d9b284f0b839719e508e2c2aef2b84dbe30a8a85247ebe249a775b431ab25bf894f2916e866f7e94d5aa13c4e9e9c2d588c9f55f0e5e87fd6446ac6a77d", @ANYRES16=r8, @ANYBLOB="000125bd7000fbdbdf253500000008000300", @ANYRES32=r9, @ANYBLOB="0c009900000400002b0000000a000600ffffffffffff00000600fd00ffff00000500200100000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000400)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000140300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c78cd3e7dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) sendfile(r5, r6, 0x0, 0x8000002b) 16.890884437s ago: executing program 3 (id=1098): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_connect$cdc_ecm(0x0, 0x74, &(0x7f0000001b40)=ANY=[@ANYBLOB="0000ff2505a1a44000010203010902620001019620e90904007e02020600050a240600020000000000000000af080d240f014000000009000600021524120800a317a88b045e4f01a607c0ffcb7e392a0424020809058103ffac9327e54075745c00028065ff090503024000080f00"], &(0x7f0000001ec0)={0xa, &(0x7f0000001bc0)={0xa, 0x6, 0x200, 0x0, 0x7, 0x42, 0x8, 0xf}, 0x98, &(0x7f0000001c00)={0x5, 0xf, 0x98, 0x4, [@generic={0x69, 0x10, 0xa, "952e4c82429410370d54dbd051ce7881a95ba80dd6e7eb5e2fe84f1206025b2e4372060cb6d1e2f2690a0008c458ef42191deac212f42f9dfb145b53c097c48c9a8136a8d215a69da5aac519b2e053a28068dbd4fd8624a825d3b5ada7d6d5220638d34e16a4"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0xff, 0xda, 0x3}, @ssp_cap={0x10, 0x10, 0xa, 0x80, 0x1, 0x8, 0xff00, 0x7fff, [0x3f3f]}, @ssp_cap={0x10, 0x10, 0xa, 0xd, 0x1, 0x8, 0xf00, 0xfffe, [0xff3f0f]}]}, 0x2, [{0xde, &(0x7f0000001cc0)=@string={0xde, 0x3, "17290a9e5611550cc0ce9ae29c0f63073770fc23f57d5980adb3ecf30ba9160633fc1954264f94147f536cef00289e3ea7238d1ed4c6ce775014a89bde76ace34f76cdd087c79f96850ca1bb23881d27604b1c17448d834ceaa7729e19a51d2ed85d318cf374890a1adc0daf1f33544d47574959bc7258127e78bdc2d84d72b7f09054e5987d79679bcf2aa3dfbaa353b1288f9b6edd7a112648d3e5dc409acd66ac8ed7a032814c604542bc794ddc5d67168a16dbeb30e504a91500f9c0307701a28820120d325781f7ccc3cd6cdcbddc608b2930129aedfb95e55b"}}, {0xc8, &(0x7f0000001dc0)=@string={0xc8, 0x3, "f97579aae511dcdc8b24be4b39ac137b8b8026f2267730d2d758c09ec828b8ec7834df9dff22fe46f11802d05fd1723b23001c13a18e180de371fb760d0fbeb788d331e4dd53fdbe5968fa7abc3eed6e09d02e5ea5c5c8d3dd27f29c548718c7ca6cef94e481c0b9b32d0ccd5a014c6cd1766caa2a86c2b7988e47613573c2ec4adadbfb7dc1197a362ab53329dd2a82b42e825b6bf53266c3eae4960a92833697694f5b18a09c8485847493ba3fdcc1f098193d88bf928585923d970f579f680c7b4f333269"}}]}) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000a00)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x1, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001b00)={r1, &(0x7f0000000a80)="fdc59cfeaa1046f351b75348f3a4cec2c0cc1b22d13595d2c0db015d0dc3d07f0346a742f284d1607629f7c34f08bbf0cdec885d0df16770d207873bb786c6dac1a8b7775ca5d34a36cd299f3175a40fca823c5c7185", &(0x7f0000000b00)=""/4096}, 0x20) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0xfffffffffffffe05) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = fcntl$getown(r2, 0x9) sched_setaffinity(r3, 0x8, &(0x7f00000002c0)=0x2) ptrace$setregset(0x4205, 0xffffffffffffffff, 0x4, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f00000000c0)='iocharset', &(0x7f0000000100)='iocharset', 0x0) r6 = openat$audio(0xffffffffffffff9c, 0x0, 0x109842, 0x0) ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000080)=0x9) ioctl$SNDCTL_DSP_STEREO(0xffffffffffffffff, 0xc0045003, &(0x7f0000000140)=0x5) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r6, 0x0) syz_io_uring_setup(0x1661, &(0x7f00000003c0)={0x0, 0x0, 0x80, 0x2, 0x162}, 0x0, 0x0) r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) write$binfmt_script(r7, &(0x7f00000000c0)={'#! ', './file0'}, 0xf000) socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000040)={0x0, 0x5, 0x5, {0x5, 0x22, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0xf0}, 0x0, 0x0}, 0x0) 16.297446074s ago: executing program 0 (id=1099): r0 = socket(0xa, 0x6, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x14, &(0x7f0000000040), 0x50) listen(0xffffffffffffffff, 0x0) accept$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)={0x44, 0x0, 0x400, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x39}, @val={0x8}, @val={0xc, 0x99, {0x1, 0x5}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x4e8}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x9}, @NL80211_ATTR_VENDOR_DATA={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x400}, 0x4040014) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1a, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r3 = dup(0xffffffffffffffff) write$P9_RLERRORu(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) ioctl$EXT4_IOC_GETFSUUID(0xffffffffffffffff, 0x8008662c, &(0x7f0000000280)) sendmsg$NFT_BATCH(r3, &(0x7f0000000400)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20008}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xc080}, 0x4000000) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="580000002a000900e4ff1000000000000400002c410011803cca935e56c61a30c6b6607f08fa86edc2bae6327cd7c70b7da0ceb943027c2b0269152f038733a772553d464c52f2ad8d3826362062ce174f160f6fb82027a05244a8b0371d122b60a501d4ccb2611ac163f027abea11946697a55e3020b3e0e770935c448e2661574e"], 0x58}}, 0x8040010) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) flock(0xffffffffffffffff, 0x1) r5 = openat$rdma_cm(0xffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r5, &(0x7f0000000880)={0xc, 0x8, 0xfa00, {&(0x7f0000002200)}}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x204, &(0x7f0000000cc0)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000d40)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @local}, r6}}, 0x48) creat(&(0x7f0000000080)='./bus\x00', 0x0) 16.208293772s ago: executing program 1 (id=1101): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, 0x0) socket$packet(0x11, 0x0, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r7 = dup(r6) r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r7, r7, 0x0, 0x20003) keyctl$set_timeout(0xf, 0x0, 0xe000) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000000)=0x15) read$FUSE(r0, &(0x7f0000003d80)={0x2020}, 0x1a4e) 12.563237286s ago: executing program 3 (id=1102): socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) dup(r1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket(0x10, 0x80002, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x15, 0x6, &(0x7f0000000200)=ANY=[@ANYBLOB="050000000000000069111a00000000008510000002000000850000000500000095000000000000009500a50500000000c8e659c9774bca170c0c94cfee800f545c38c675fd6403f226a7571fc00148cf20010815305b22fd1b5457ce8518aaef2112989a04bca24cc53293d8ac3d97b9e3251ad5964b9ebfc80b5b19b3072fe5fb4b8f989ec46fbfde8fb68ea241219512a3a3c4a0b8cc14ae53c3635ff91db67c15"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.dequeue\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs(0x0, &(0x7f0000000100)='net/igmp\x00') socket$inet(0x2, 0x2, 0x0) inotify_init() ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x2000, &(0x7f000003d000/0x2000)=nil}) socket$netlink(0x10, 0x3, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x20}, 0x1, 0xc00000000000000}, 0x0) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="4c00030007"], 0xd) 12.189916021s ago: executing program 3 (id=1103): creat(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x4e0c01) syz_init_net_socket$llc(0x1a, 0x1, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd600a8435001c0600000000000000000000a652ff00000000fe80000000aa00"], 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) syz_emit_ethernet(0x42, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @empty, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0xa, @local, @mcast1, @multicast, @mcast2}}}}, 0x0) write$dsp(r3, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0) ioctl$SNDCTL_DSP_STEREO(r3, 0x40045010, &(0x7f0000000080)) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r6, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r7 = dup(r6) write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB, @ANYRESHEX=r7]) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f0000000140)=ANY=[], 0x24, 0x0) 9.155847357s ago: executing program 3 (id=1104): syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'tunl0\x00', &(0x7f0000000140)=@ethtool_cmd={0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x3c, r3, 0x1, 0xfffffeff, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {0x3}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @void}}]}, 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_tunnel_key={0x58, 0x1, 0x0, 0x0, {{0xf}, {0x28, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @multicast1}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9) connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={0x0, 0x43c}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r9, @ANYBLOB="0a0034000202020202020000040067000400cc00040008010600660000000000"], 0x3c}}, 0x0) syz_emit_ethernet(0x4f, &(0x7f0000000200)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cabf00", 0x19, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x3, 0x1, "a78ce540065980"}]}}}}}}, 0x0) write$binfmt_script(r6, &(0x7f0000000100), 0xfffffd9d) r10 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000880)={'macvlan1\x00', 0x0}) sendto$packet(r10, 0x0, 0x64, 0x0, &(0x7f00000001c0)={0x11, 0x1, r11, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$NL80211_CMD_DEL_PMKSA(r6, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="44000000d52f1640e032945295759fb7ecc3052670e75bda915536f9ac493f793446afa557281b5a94f0d093ab8fd4fd71f49402f923bedc3f0c592fef987179a2740b2294f22c92bbaa13718ce44160c47983194c85d6ecee48e98298a6fe522c559364c9cbb3d1a32812554c5d3d939a66fa6298ce960dea24b85d9b284f0b839719e508e2c2aef2b84dbe30a8a85247ebe249a775b431ab25bf894f2916e866f7e94d5aa13c4e9e9c2d588c9f55f0e5e87fd6446ac6a77d", @ANYRES16=r8, @ANYBLOB="000125bd7000fbdbdf253500000008000300", @ANYRES32=r9, @ANYBLOB="0c009900000400002b0000000a000600ffffffffffff00000600fd00ffff00000500200100000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000400)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000140300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c78cd3e7dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) sendfile(r5, r6, 0x0, 0x8000002b) 7.602501661s ago: executing program 1 (id=1107): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) openat$full(0xffffffffffffff9c, 0x0, 0x408701, 0x0) syz_open_dev$vim2m(0x0, 0x8000000000000000, 0x2) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = timerfd_create(0x8, 0x0) timerfd_settime(r3, 0x3, &(0x7f0000000000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) timerfd_settime(r3, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x77359400}}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) pipe(0x0) r4 = memfd_create(&(0x7f0000000b40)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b \x00\x00\x00\x00\x00\x00\x01\x00\x00\xf7\xffg\xf5\x12oP\xfe\xe6\xd2SLR\xa1\x00\x00\x17\x1f$^\xe1\x00\x00\x00\x00\x00\x00\a\xff;\xeb\xf1\xd0\xce\xe5\x19\x12\b\x01\xd9\xae>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xdcc\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x05\x00\x00\x00\x00\x00\x00\x00\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4h$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?P\xac\x86\x13b\xa8D\x0f\x93\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\x9b\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x14M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\fw\xd9\xf5cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x16\x0f\x97\xe6j}J\xca\xb8)f\xd5\xfd>\x9bU\xb0\x03Zt0\xc0b\xad\xef@o\xc1\xd6\x17T\f\xc30\xe2\x89\xf6L\x1b1\x9c\t\xa7\x80\x1b:\xbb\x04\xd7\xd1\x06\xa0\xe9\xbah\xb6\xb2\xea/{Q\xca\x14\x13\x9ajWt\xc9\xecd\xe7\xf6\t\x9dJ\xa4^m\xf3\xb5Y\f\x8f\r\xd5)>A\xe9\xf59\'G[\xf0`\xf3\'\xe4\xb2\x1d\xaf\n\xc0\xc1\x1d}DY\x95&\xe7\xf4U\xff\xcd&\a\x9f\x1bg\xe5|~\xc1\xc5n\x12%ur\xa1\x9e`\xc2\x01\b,\x18\xaf\xccD\xdeag\xc6\xf3\xd6\x94\x9d\xae\x8bl\xee\x7fu\xe5bu\x84\x04\xb3@\xa1\xf7\xc6\x13\xf9I?^\xf3,\",aT\xfd\"\x01\x92\xb1\xbf\x8a\x15\x88\xfd\x8f\x88\x87\x82\x9c:L\xd2\xb8\xfa5\x066\x82\xf3_LUr\xfa\xd2\x99d \x97c9G\x99\xe3\xcc$\x96cu\x97\xe7\xc7a\tm\xe8F\xc7j\xf8\x98\x81\xe7\xf7\xab3F\xf4u\xdaav\xd21\v\x99HG\xdfx\x1cPl\t#\xc1\x8e\xddW', 0x6) fallocate(r4, 0x0, 0x0, 0x400001) fcntl$addseals(r4, 0x409, 0xc) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000380)={0x68, 0x19, 0x1, 0x0, 0x0, {0x1d, 0xd601, 0x9}, [@nested={0x4d, 0x12, 0x0, 0x1, [@generic="e1b4ec60444380f06084860a748b0b4e5c31b354dca400e72aaf74a756ca8a8b8087400da0a0599fdc4105ea3e5d74ab3876422bd91111d5b1762e53703a27fb2f7c461a14baeeaacc"]}, @nested={0x4, 0x6, 0x0, 0x1, [@generic]}]}, 0x68}}, 0x0) ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x80}) vmsplice(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) close(r6) 6.109084021s ago: executing program 1 (id=1109): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449}) socket$netlink(0x10, 0x3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0xfff) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0) syz_emit_ethernet(0x5e, &(0x7f00000001c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x28, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x22, 0x2}, @exp_fastopen={0xfe, 0xf, 0xf989, "467cb10d460896a479c096"}]}}}}}}}}, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000040)={{@my=0x1}, @host, 0x0, 0x0, 0x7}) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r3, 0x7a4, &(0x7f0000000180)={{@my=0x1, 0x2}, 0x5}) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents64(r6, &(0x7f0000002f40)=""/4098, 0x1002) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x5, 0x3, 0x0, 0x1000, &(0x7f000000a000/0x1000)=nil}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x4) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) bind$can_raw(0xffffffffffffffff, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000000180)=[{{}, {0x0, 0x0, 0x1, 0x1}}, {{}, {0x0, 0x0, 0x1, 0x1}}], 0x10) 6.108585283s ago: executing program 3 (id=1110): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f00000006c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fef7ff7a0af0fff80000ff79a4f0ff00000000b7060000efffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00ba23008500000098000000b70000000000000095000000000000006f88300eaa171100756695acf0af839ec5300a584fe44c80de0b061417e9ade22cecede5d5be6ab3d7828ee094518a5800000082c81ddfe3960a29ea15fa7e26f0f3e51416b698f6da6fe8af496d22585ffab3af24974fae00d824313ffef788c6983945dd3663f79f67e78a48b24a4bcdc33b38c5f86e96111199f0f0af9f42099a0f54041889b971cf394bd43473a5ac2acab9768cbc52ff7f000000000000711727c4a32a6b7ecdae05d2b3fed4572eb0d88976d2adda68000010000000c47b18cf93996a43e2e080f57fadf535d8b3078ebe16b10160fad64474a7b558f7a56f41022feec18e013abd8fda2b96779e534d0675fbcc13ba9f9eb96319fd5b49521d5cb2ced401d7b6fce658f203a9c2da91116d986730da1be85b0000829512099df32814820fbf7be91cd13b77f4e4e599f8bbca388247856073472312a9ff4273b9cd08000000000000616e888cda842c661577818c2069cb41a73b4b7fc28882cad315db3fffc5183deca7a32838ec0ad70d4f55382c1879b71ec504d2f3e3883428ee350123a5cad346f6d517f6fcea5b6bc4fcffffffffffff03f419a6e45fd98e77da4a8202ebbdafe6b2e38c9d7e506f5da2958cf7f0d9b31ca3275e64e29d39d158cebe43308cf8760588001172e19685e9a334aec76530861b772a1da96f0a227514bd0bc26df2b50a45e4eceae1ddfe88d58879d12afdb295ce2edecb253e0471714fa124211203000000000000001f502b6c760655ffb20ae13a1a94f7ae229fbf5da7cae4f994ee82fc98c864c3e352ad16f98208cf1469dd6c1212582a3687f7dbdf708929643f3f0f4e947c40742452685ec044fc71eaca9abc92145677e14054331801b1412b39049ed782742f9a1b6aca9123b243c1a68c047f2db79701b62c8cc0d2f608c7f62d107ebc68df9f8d296721c9d465dad604bc0dc500000000000000000000000000000000000000000568a4997dd54fa83aacd2d209f66de2e26dc2fd862a0b8ee149c148197176745fc8ff1dd5bd6611daa882298a37b041b34668d4662ea8fbe2e787dfc4c8bef2124f0439b2d18ec83361da5cc732f365b0a528db31b90bc1405b6d5301c34319ccae29b1d6034b665c79baeeeac5e71d24e2e3b6ffc5bc2dcb600e645c0048b45e286a49e888d21abfc817085d9c00e08525207e33505226fdda16e6da6dd31f7a1736029b87e8d6a05bcb356298d7dccd7de2af0885bd4939ff96ab74da3871b077e4058c8752ba4994eafed8b239d781638fa339fa0f7dd135af3f80e40f4b885770cf27d205a45d4702f97b8b7c57b180c50b2b370dfb35dc895e8f05d6e71829f36150b2cde31469c4aea0c64850eb3f3e0dc35f8cdd76bdde2018366c3201307c370433762676f72e68c962430a0000000000000000000000000000e737dc2e1a3fdebbb510c663d24f72b954965201f775b3739c14dd4832647c028be09f2809fd396fa26532a30a37737e95f0f41dd024b7bf8a6bf807c9fd9b8c7a39717729339dc3054117cb95693bdd61edcc2860b66545e194a961bdc5457d76ae1a87050e12ead896f3337d5a000000000000000000400000602bfd2f1ace65f2e74dc99cb73a37f40362b7904e8a0ea8d2d9805c924f9985d22972031a1223afa1288af3f48c93fcdb11963d0b748287448f722dc180e87637b662b11effabf45beda2e3a7e1adf8f94b619fa152b33440f2358a745848caf7000eb305c936d26964a2a85e133d01368b8d228d02f96064de261cf02c9632a0eb4ab259e8f4dd63d8b6d2d6b2a0c29fbab7d04d73a381c296af344655b64e12f216fbc646cc6bd60ca773d187f2fd317f6cb2309d1a13526a44b7d9b2bf93947dc3ac3340a7a114051d33d152310574f0d784910dc1a8f5bbf3610c544437626236458f285196161496389b02ba46a72da0149b4ddfdd4ef7862a07395752a37cb0244e94e1310e0c0a148a9a48b149bf2f345f3f89813c9eb05160f63f0b363deee5cb77ea6e951857e1942e5c56d72d724af7aa24a8aadb512f3302972c53b0eb7a693e0b0c775b21aed72995cfe9e9347a07d43ce3db9f22d461e86416ffff6f2e4e36306630052a2b03ee36ec52af0d684fabd5f38adffaa6c5a7a8100d1aefaf8576b363690b76e2eb96b07ab790cf63cfc334b7469b5b5b397c622f7c3ee064f9272443bcb928b6f7a2450cd33550a42843b0b5ac9e37134c81bd56b72e1030b05a5b3ac47b5af22a9dff0700004adacc71db2b15b4ffd98e30224763382ade45d164be76b2e9a674448f3ee2cd29707484df87ea6e8e6333b5fcb1b8b43a7c005ea800000000000000000000010000000000387592adc78ccfe479549e6f4efc14c4a5cfe845e6157d6fe70b278147edf0e25065ec6b17f8022493d105c9c31121e7957aeec5f7f2af0446d128778c8bf15b87a0eec6f4c75966b5f0e06744bda63134223416102aea1254d57c390e1f84ec7d5c3a758ce59c9e2c4ce1f28b6783661e272bf1cb5c8ac177aa9c6ccbead9a96b22394afb840247e5d69473b836f070dc0bf9302e33b03d4e07395c82e33667726b51ff24b0bbea730702835159e3517ffb3da0d01833589fec3bdab629b21e5d9e87c3c58d962ff5e75c81f583c64b7d5a643674801e18b06ca98b49d9e28d004c7ebccf076c64ef71421f672b0948b18ab5af448ca9446e71ba6dd4bd15a12553066de7cb767a121d56d9d26ce27fdbe6721191f2ed1cc3f9c5e3d5cba447c4793165b3cbf51c7d0cf9edf823641e1bc7db7803b60dc8b21e49a33a73ac00337067dfd3ecaf4e6dceee1048f300000000000000000000000000000000000000000000007958a50896df65337581398793d0a9abe75251908c07d2957ca70ad7ac31aae536294d6a944cd35f46cb554d8aecae5a72cb24596d896ff9ad83473567b6cb9d032c395a1459399cea31ebafc1e77649b55af527ca0f1ac972ee72a78391473c1b9e0000000000000000004076eac7e605f8de6f0ce5702af52c5d78bac0097d92f078a3a98229ebf281c3c876d2614109b69967871fea621fb2a29a77a1516b51d9b1c3c5ef1436f50fad4a1cd92a211fec61d37c8b410a20fbdeb642228d6cfeb8cda8eea3a7f343fcaa0459b9d916abb668d4799534307084ee7d854dd0850000000000000000000000002f40c3e24f9c0a56edf543425058c35febda26a43bdab770212186b84421d8b841cf9181d47c08cb392e414c1efba9978a97769e65ae443644dbdb32a50cdc717a34d1aa9ced37820a6d1cd0920a9a07e36a85e967bfa7f2caf1c9b52c06f4d178fbb91a169e9533e401819e57cab814761819b0fc517239a6777dbb92a7462538dbd8a4b82f87df7982b44b160a598c75bafa5a9b388a44303dbebc83ac2ad2da3ae80c851bc2fdb8d444597fdac4538aa33bb9204ffe534b15a1878be30157d0815d38fc2effeb7b87d6bd15e21c7b7c7d1ad7b3fd69b4bd06716a203e82f4c0413719eae0967fc70f03570375c2d0986b0200897e505afb87b878f3e13187001bba6a401bd56f3f8eb5384e33"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0xfffffffe}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0xe, 0x0, &(0x7f0000000040)="f7b98600"/14, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x3}, 0x50) socket$nl_generic(0x10, 0x3, 0x10) r1 = userfaultfd(0x80000) sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="020000000a0000000000000000000000020010000000000000000000000000000300000000c0000002000000ac1414000000000000000000030006000000010002000000ac1414000000000000000000"], 0x50}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0x50}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000004c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000005a00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900010000000a000000"], 0x28}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="a4010000160001000000000000000000fe8000000000000000000000000000bbfc0100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aa0000000033"], 0x1a4}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) keyctl$clear(0x11, 0xfffffffffffffffd) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x2, 0x9, 0x0, 0x9, 0x2, 0x0, 0x0, 0x25dfdbfb}, 0x10}}, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r5, 0x8982, &(0x7f0000000180)={0x8, 'veth1_vlan\x00', {'veth1_to_bond\x00'}, 0xff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x3c}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) recvfrom(r2, &(0x7f0000000080), 0x0, 0x2000, 0x0, 0x0) syz_emit_ethernet(0x314, &(0x7f00000003c0)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd63055c9a02de3b01fe880000000000000000000000000101fa8000000000000000000000000000bb3a1f00000000000007180000000004153a79060200ffffffff00000000960d000000000000f77da4ae4d192586deba20dd9a2c025a7210e832db17f200496473c3c06345d0eac606be103897a5925c26c4d4eb5f84912de05b6ddb183c82c63ff9d168e0faf5b2af9ae31e3dd2788f48d58cb86a0f782b29208c303a0d67d96f171c324b994f41f9c9c2e4b970993ec067831185bbd6e4b7f19cffba583d4aaf3dfac70a010100010600000000000007200000000106014c00010000000000000002000000000000007f00000000000000c20400000008072000000001061f020007000000000000000300000000000000000000000000000005020081c204000080003a04010000000000ff010000000000000000000000000001ff0100000000000000000000000000015e0006006600000032000498670000008400ff3068000000a200081968000000001204090740ed0500000000000000000000000000000000ff020000000000000000000000000001ff010000000000000000200000000001fe8000000000000000000000000000aaff020000000000000000000000000001ff020000000000000000000000000001ff020000000000000000000000000001fe8000000000000000000000000000aa000000000000000000000000000000013808040400500300ff0200000100000000000000000000000000000001fc010000000000000000000000000000000000000000000000000000000000017fa10ec2a0e8fd56a673e99e40e6ee34266b3f69f1a28ce1119a7dd70bef294ab85d3615004e3f2516ee4431e31883ed80624b2b50f725c8118bb81c92e65b2696bfc9347d774e7ae3536e0305e818d6b62e160aa6cc7e5901ffde56d91a9c7275355eb79e7508bf53c68dcf91ef04e802be8c8a108f2a46268694547ec8e283f0dbc74e"], 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000000)="55c2164b8f499bce7fbbb9ba31912691b656c8a2eef4ee2a40e75ddb6178b4e59d", 0x21) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000005c0)={0xaa, 0x10}) 6.093357418s ago: executing program 0 (id=1117): syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'tunl0\x00', &(0x7f0000000140)=@ethtool_cmd={0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x3c, r3, 0x1, 0xfffffeff, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {0x3}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @void}}]}, 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_tunnel_key={0x58, 0x1, 0x0, 0x0, {{0xf}, {0x28, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @multicast1}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9) connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={0x0, 0x43c}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r9, @ANYBLOB="0a0034000202020202020000040067000400cc00040008010600660000000000"], 0x3c}}, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) write$binfmt_script(r6, &(0x7f0000000100), 0xfffffd9d) r10 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000880)={'macvlan1\x00', 0x0}) sendto$packet(r10, 0x0, 0x64, 0x0, &(0x7f00000001c0)={0x11, 0x1, r11, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$NL80211_CMD_DEL_PMKSA(r6, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="44000000d52f1640e032945295759fb7ecc3052670e75bda915536f9ac493f793446afa557281b5a94f0d093ab8fd4fd71f49402f923bedc3f0c592fef987179a2740b2294f22c92bbaa13718ce44160c47983194c85d6ecee48e98298a6fe522c559364c9cbb3d1a32812554c5d3d939a66fa6298ce960dea24b85d9b284f0b839719e508e2c2aef2b84dbe30a8a85247ebe249a775b431ab25bf894f2916e866f7e94d5aa13c4e9e9c2d588c9f55f0e5e87fd6446ac6a77d", @ANYRES16=r8, @ANYBLOB="000125bd7000fbdbdf253500000008000300", @ANYRES32=r9, @ANYBLOB="0c009900000400002b0000000a000600ffffffffffff00000600fd00ffff00000500200100000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000400)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000140300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c78cd3e7dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) sendfile(r5, r6, 0x0, 0x8000002b) 4.620084071s ago: executing program 0 (id=1111): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f00000025c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r5 = fanotify_init(0x4, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) fanotify_mark(r5, 0x101, 0x20, r6, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') 4.33083679s ago: executing program 1 (id=1112): sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f00000003c0)=ANY=[@ANYBLOB="081931060000008fecd0692545f831d1"], 0x14}}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d0000006700000005000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r2, 0xc0045009, &(0x7f0000000300)=0x8) ioctl$SNDCTL_DSP_SUBDIVIDE(r2, 0xc0045009, 0x0) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x24, &(0x7f00000000c0)={@multicast2, @empty}, 0xc) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x34, r6, 0x1, 0x0, 0x0, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8}]}, 0x34}}, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r4, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000", 0x36}], 0x1) r7 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r7, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r7, 0x0, 0x29, 0x0, 0x57) setsockopt$inet_mreqsrc(r3, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) socket$inet(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1d, 0x2, 0x6) bind$can_j1939(r8, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000000480)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 3.59239894s ago: executing program 0 (id=1113): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, 0x0) socket$packet(0x11, 0x0, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r7 = dup(r6) r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0x5) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r7, r7, 0x0, 0x20003) keyctl$set_timeout(0xf, 0x0, 0xe000) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000000)=0x15) read$FUSE(r0, &(0x7f0000003d80)={0x2020}, 0x1a4e) 628.371895ms ago: executing program 3 (id=1114): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, 0x0) socket$packet(0x11, 0x0, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r7 = dup(r6) r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0x5) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r7, r7, 0x0, 0x20003) keyctl$set_timeout(0xf, 0x0, 0xe000) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000000)=0x15) read$FUSE(r0, &(0x7f0000003d80)={0x2020}, 0x1a4e) 82.929637ms ago: executing program 1 (id=1115): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r2 = open(&(0x7f00000005c0)='./bus\x00', 0x0, 0x0) preadv2(r2, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000100)=ANY=[@ANYRES16=r1, @ANYBLOB="0108000000031c", @ANYRES32=r0, @ANYRESHEX=r2], 0x34}}, 0x0) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0x0, "abacdad8ffff8696d35d908ec969e72900", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f0000000000)={"cb02a6be95eab5700900a190c6d8cb00fc18137f1caf3e48018b251f7320a0e8", r4, 0xffffffffffffffff}) poll(&(0x7f0000000040)=[{r5}], 0x1, 0x0) io_setup(0x8, &(0x7f0000004200)=0x0) io_submit(r6, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0}]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{0x0}, {0x0}], 0x2, &(0x7f0000008640), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000ffd000/0x1000)=nil, 0x7fe4d2ddf000, 0x11) close(r7) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb4, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 0s ago: executing program 0 (id=1116): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, 0x0) socket$packet(0x11, 0x0, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r7 = dup(r6) r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r7, r7, 0x0, 0x20003) keyctl$set_timeout(0xf, 0x0, 0xe000) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000000)=0x15) read$FUSE(r0, &(0x7f0000003d80)={0x2020}, 0x1a4e) kernel console output (not intermixed with test programs): ysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.870" name="!selinuxselinux" dev="mqueue" ino=49419 res=0 errno=0 [ 990.091542][ T30] audit: type=1400 audit(1727202688.127:551): avc: denied { write } for pid=11621 comm="syz.4.871" laddr=fe80::b lport=43612 faddr=::1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 990.171681][ T30] audit: type=1400 audit(1727202688.181:552): avc: denied { write } for pid=11619 comm="syz.1.870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 990.191392][ T30] audit: type=1400 audit(1727202688.181:553): avc: denied { ioctl } for pid=11619 comm="syz.1.870" path="socket:[49427]" dev="sockfs" ino=49427 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 990.231642][ T940] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 990.416634][ T940] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 991.176300][ T940] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 991.193319][T11634] ip6gretap0 speed is unknown, defaulting to 1000 [ 991.200576][ T940] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 991.219443][ T940] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 991.238036][ T940] usb 5-1: config 1 has no interface number 0 [ 991.255193][ T940] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d6.01 [ 991.265208][T11635] netlink: 4 bytes leftover after parsing attributes in process `syz.3.872'. [ 991.336075][ T940] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 991.346528][T11638] netlink: 'syz.3.872': attribute type 1 has an invalid length. [ 991.437262][T11638] netlink: 224 bytes leftover after parsing attributes in process `syz.3.872'. [ 991.475112][ T940] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 991.526398][T11642] dccp_invalid_packet: pskb_may_pull failed [ 991.780621][ T940] snd_usb_pod 5-1:1.1: endpoint not available, using fallback values [ 991.924358][T11646] ubi0: attaching mtd0 [ 991.946831][T11646] ubi0: scanning is finished [ 992.460525][ T940] snd_usb_pod 5-1:1.1: invalid control EP [ 992.466312][ T940] snd_usb_pod 5-1:1.1: cannot start listening: -22 [ 992.675858][T11646] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 992.816246][T11656] overlayfs: failed to resolve './file1': -2 [ 993.734732][ T940] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 993.787379][ T940] snd_usb_pod 5-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 993.873329][ T940] usb 5-1: USB disconnect, device number 6 [ 1004.417414][ T30] audit: type=1400 audit(1727202704.017:554): avc: denied { mounton } for pid=11702 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 1004.488508][T11116] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1004.501106][T11116] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1004.520558][T11700] ip6gretap0 speed is unknown, defaulting to 1000 [ 1004.529444][T11116] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1004.552970][T11116] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1004.580195][T11116] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1004.600166][T11116] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1004.608323][T11706] netlink: 4 bytes leftover after parsing attributes in process `syz.3.886'. [ 1004.710973][T11707] Process accounting resumed [ 1004.775190][T11714] netlink: 'syz.3.886': attribute type 1 has an invalid length. [ 1004.783584][T11714] netlink: 224 bytes leftover after parsing attributes in process `syz.3.886'. [ 1004.798544][T11714] dccp_invalid_packet: pskb_may_pull failed [ 1004.896920][T11717] overlayfs: failed to resolve './file1': -2 [ 1005.911817][T11702] ip6gretap0 speed is unknown, defaulting to 1000 [ 1006.323974][T11116] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1006.334938][T11116] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1006.347389][T11116] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1006.379905][T11116] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1006.405288][T11725] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1006.405436][T11116] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 1006.422612][T11116] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1007.568670][T11116] Bluetooth: hci6: command tx timeout [ 1008.302391][ T2971] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1008.389335][T11116] Bluetooth: hci7: command tx timeout [ 1008.496827][ T2971] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.508606][ T5228] Bluetooth: hci6: command tx timeout [ 1009.530437][T11726] ip6gretap0 speed is unknown, defaulting to 1000 [ 1010.030161][ T2971] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1011.017218][ T5228] Bluetooth: hci7: command tx timeout [ 1011.076669][ T1257] ieee802154 phy0 wpan0: encryption failed: -22 [ 1011.083121][ T1257] ieee802154 phy1 wpan1: encryption failed: -22 [ 1011.214232][T11753] syz.2.895: attempt to access beyond end of device [ 1011.214232][T11753] nbd2: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 1011.259390][T11753] hfsplus: unable to find HFS+ superblock [ 1011.281771][ T2971] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1011.444833][ T5228] Bluetooth: hci6: command tx timeout [ 1011.649770][T11702] chnl_net:caif_netlink_parms(): no params data found [ 1011.990965][T11760] overlayfs: failed to resolve './file1': -2 [ 1013.002448][ T5228] Bluetooth: hci7: command 0x040f tx timeout [ 1013.825682][ T5228] Bluetooth: hci6: command tx timeout [ 1013.887863][ T5283] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1013.939929][T11702] bridge0: port 1(bridge_slave_0) entered blocking state [ 1013.969535][T11702] bridge0: port 1(bridge_slave_0) entered disabled state [ 1014.004521][T11702] bridge_slave_0: entered allmulticast mode [ 1014.025403][T11702] bridge_slave_0: entered promiscuous mode [ 1014.132222][ T5283] usb 4-1: Using ep0 maxpacket: 32 [ 1014.170133][ T5283] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 1014.237475][ T5283] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1014.285836][ T5283] usb 4-1: Product: syz [ 1014.297840][ T5283] usb 4-1: Manufacturer: syz [ 1014.309772][ T5283] usb 4-1: SerialNumber: syz [ 1014.325625][T11786] libceph: resolve '. [ 1014.325625][T11786] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 1014.325625][T11786] ' (ret=-3): failed [ 1014.348901][ T5283] usb 4-1: config 0 descriptor?? [ 1014.349659][T11779] netlink: 'syz.4.900': attribute type 13 has an invalid length. [ 1014.401933][T11702] bridge0: port 2(bridge_slave_1) entered blocking state [ 1014.446195][T11702] bridge0: port 2(bridge_slave_1) entered disabled state [ 1014.474919][T11702] bridge_slave_1: entered allmulticast mode [ 1014.504056][T11702] bridge_slave_1: entered promiscuous mode [ 1014.874813][ T5228] Bluetooth: hci7: command 0x040f tx timeout [ 1014.885910][ T2971] bridge_slave_1: left allmulticast mode [ 1014.901844][ T2971] bridge_slave_1: left promiscuous mode [ 1015.856950][ T2971] bridge0: port 2(bridge_slave_1) entered disabled state [ 1015.864949][ T5283] airspy 4-1:0.0: usb_control_msg() failed -110 request 09 [ 1015.872198][ T5283] airspy 4-1:0.0: Could not detect board [ 1015.916232][ T2971] bridge_slave_0: left allmulticast mode [ 1015.926872][ T5283] airspy 4-1:0.0: probe with driver airspy failed with error -110 [ 1015.960251][ T2971] bridge_slave_0: left promiscuous mode [ 1016.004282][ T2971] bridge0: port 1(bridge_slave_0) entered disabled state [ 1016.816538][ T5228] Bluetooth: hci7: command 0x040f tx timeout [ 1017.581245][ T25] usb 4-1: USB disconnect, device number 4 [ 1018.046369][ T5228] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 1018.421428][T11814] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1018.478562][ T2971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1018.515731][ T2971] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1018.541045][ T2971] bond0 (unregistering): Released all slaves [ 1018.616398][T11702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1018.638464][T11789] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1018.671153][T11789] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1018.700942][T11789] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1018.723522][T11789] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1018.737363][T11789] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1018.807045][T11810] warning: `syz.4.902' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1018.819373][T11789] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1018.877604][T11789] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1018.887153][T11702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1018.972760][T11789] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1019.003535][T11789] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1019.027307][T11789] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1019.057257][T11789] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1019.090578][T11789] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 1019.098988][T11726] chnl_net:caif_netlink_parms(): no params data found [ 1019.100612][T11789] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 1019.133111][T11789] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 1019.450227][T11702] team0: Port device team_slave_0 added [ 1020.297406][T11819] netlink: 8 bytes leftover after parsing attributes in process `syz.3.904'. [ 1020.347428][T11830] netlink: 4 bytes leftover after parsing attributes in process `syz.4.905'. [ 1020.456212][T11835] netlink: 'syz.4.905': attribute type 1 has an invalid length. [ 1020.488283][T11835] netlink: 224 bytes leftover after parsing attributes in process `syz.4.905'. [ 1020.541899][ T5228] Bluetooth: hci2: command 0x0406 tx timeout [ 1020.548087][T11116] Bluetooth: hci4: command 0x0406 tx timeout [ 1020.604511][T11820] netlink: 8 bytes leftover after parsing attributes in process `syz.3.904'. [ 1020.608586][T11835] dccp_invalid_packet: pskb_may_pull failed [ 1020.619962][T11116] Bluetooth: hci0: command 0x0c1a tx timeout [ 1020.667534][T11702] team0: Port device team_slave_1 added [ 1020.691609][T11116] Bluetooth: hci3: command 0x0c1a tx timeout [ 1020.873035][ T2971] hsr_slave_0: left promiscuous mode [ 1020.970836][T11116] Bluetooth: hci6: command 0x0c1a tx timeout [ 1020.989646][T11116] Bluetooth: hci7: command 0x040f tx timeout [ 1021.068437][ T2971] hsr_slave_1: left promiscuous mode [ 1021.089547][ T2971] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1021.100712][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1021.873371][ T2971] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1021.926311][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1022.785628][ T2971] veth1_macvtap: left promiscuous mode [ 1022.791259][T11116] Bluetooth: hci0: command 0x0c1a tx timeout [ 1022.791272][ T5228] Bluetooth: hci3: command 0x0c1a tx timeout [ 1022.805410][ T2971] veth0_macvtap: left promiscuous mode [ 1022.829152][ T2971] veth1_vlan: left promiscuous mode [ 1022.848322][ T2971] veth0_vlan: left promiscuous mode [ 1022.863542][ T5228] Bluetooth: hci6: command 0x0c1a tx timeout [ 1022.931141][ T5228] Bluetooth: hci7: command 0x040f tx timeout [ 1023.372966][T11864] netlink: 32 bytes leftover after parsing attributes in process `syz.3.910'. [ 1024.209810][ T2971] team0 (unregistering): Port device team_slave_1 removed [ 1024.261264][ T2971] team0 (unregistering): Port device team_slave_0 removed [ 1024.717974][ T5228] Bluetooth: hci3: command 0x0c1a tx timeout [ 1024.718065][T11116] Bluetooth: hci0: command 0x0c1a tx timeout [ 1024.802275][T11116] Bluetooth: hci6: command 0x0c1a tx timeout [ 1024.864240][T11828] ip6gretap0 speed is unknown, defaulting to 1000 [ 1024.871077][T11116] Bluetooth: hci7: command 0x040f tx timeout [ 1024.902048][T11702] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1024.909418][T11702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1024.957508][T11702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1024.985648][T11863] netlink: 'syz.3.910': attribute type 13 has an invalid length. [ 1025.181273][T11702] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1025.217600][T11702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1025.243515][ C1] vkms_vblank_simulate: vblank timer overrun [ 1025.254200][T11702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1026.046775][T11726] bridge0: port 1(bridge_slave_0) entered blocking state [ 1026.058782][T11726] bridge0: port 1(bridge_slave_0) entered disabled state [ 1026.067086][T11726] bridge_slave_0: entered allmulticast mode [ 1026.079615][T11726] bridge_slave_0: entered promiscuous mode [ 1026.664370][T11890] block device autoloading is deprecated and will be removed. [ 1027.032139][T11726] bridge0: port 2(bridge_slave_1) entered blocking state [ 1027.062410][T11726] bridge0: port 2(bridge_slave_1) entered disabled state [ 1027.095373][T11726] bridge_slave_1: entered allmulticast mode [ 1027.119815][T11726] bridge_slave_1: entered promiscuous mode [ 1027.326575][T11702] hsr_slave_0: entered promiscuous mode [ 1027.337093][T11702] hsr_slave_1: entered promiscuous mode [ 1027.349355][T11702] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1027.349508][T11702] Cannot create hsr debugfs directory [ 1027.810027][T11726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1028.066767][T11726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1028.241976][ T2971] IPVS: stop unused estimator thread 0... [ 1028.257026][T11726] team0: Port device team_slave_0 added [ 1028.264889][T11917] syz.2.916: attempt to access beyond end of device [ 1028.264889][T11917] nbd2: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 1028.312645][T11726] team0: Port device team_slave_1 added [ 1028.333452][T11917] hfsplus: unable to find HFS+ superblock [ 1028.669487][T11116] Bluetooth: hci0: command 0x0c1a tx timeout [ 1028.756457][T11726] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1028.775990][T11726] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1028.824947][T11726] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1028.981187][ T2971] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1029.259735][T11925] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1030.283680][T11726] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1030.290659][T11726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1030.316652][ C1] vkms_vblank_simulate: vblank timer overrun [ 1030.431295][T11726] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1030.437995][ T5228] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1030.488925][ T5228] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1030.540912][ T5228] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1030.550413][ T5228] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1030.559138][ T5228] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1030.567925][ T5228] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1030.624938][ T5320] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1030.704103][ T2971] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1030.859775][ T5320] usb 4-1: Using ep0 maxpacket: 32 [ 1031.226427][ T2971] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1031.467144][ T5320] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 1031.484896][ T5320] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1031.500720][ T5320] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1031.512375][ T5320] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1031.537545][ T5320] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1031.564242][ T5320] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1031.596800][ T5320] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1031.614924][ T5320] usb 4-1: Product: syz [ 1031.620004][ T5320] usb 4-1: Manufacturer: syz [ 1031.628943][ T5320] usb 4-1: SerialNumber: syz [ 1031.672713][ T5320] usb 4-1: config 0 descriptor?? [ 1031.691120][ T5320] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1031.726981][ T5320] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1031.880403][T11939] netlink: 32 bytes leftover after parsing attributes in process `syz.2.921'. [ 1031.985064][ T2971] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1032.258122][T11938] netlink: 'syz.2.921': attribute type 13 has an invalid length. [ 1032.535617][ T30] audit: type=1400 audit(1727202734.144:555): avc: denied { write } for pid=11928 comm="syz.3.920" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 1032.565421][ T5228] Bluetooth: hci1: command tx timeout [ 1032.785056][ T30] audit: type=1400 audit(1727202734.144:556): avc: denied { getopt } for pid=11928 comm="syz.3.920" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 1032.999473][ T30] audit: type=1400 audit(1727202734.144:557): avc: denied { listen } for pid=11928 comm="syz.3.920" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 1033.128123][T11726] hsr_slave_0: entered promiscuous mode [ 1033.163882][T11726] hsr_slave_1: entered promiscuous mode [ 1033.187451][T11726] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1033.197155][T11726] Cannot create hsr debugfs directory [ 1033.384593][T11930] ip6gretap0 speed is unknown, defaulting to 1000 [ 1033.588815][ T2971] bridge_slave_1: left allmulticast mode [ 1033.595933][ T2971] bridge_slave_1: left promiscuous mode [ 1033.601866][ T2971] bridge0: port 2(bridge_slave_1) entered disabled state [ 1033.612431][ T2971] bridge_slave_0: left allmulticast mode [ 1033.622129][ T2971] bridge_slave_0: left promiscuous mode [ 1033.638162][ T2971] bridge0: port 1(bridge_slave_0) entered disabled state [ 1033.986318][ T5320] usb 4-1: USB disconnect, device number 5 [ 1034.014539][ T5320] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 1035.019636][ T5228] Bluetooth: hci1: command tx timeout [ 1035.245425][ T30] audit: type=1326 audit(1727202737.127:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11957 comm="syz.3.924" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb15337def9 code=0x0 [ 1035.426394][T11961] netlink: 'syz.3.924': attribute type 1 has an invalid length. [ 1036.067986][ T2971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1036.090681][ T2971] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1036.110335][ T2971] bond0 (unregistering): Released all slaves [ 1036.987514][ T5228] Bluetooth: hci1: command tx timeout [ 1036.998342][T11948] netlink: 'syz.2.922': attribute type 4 has an invalid length. [ 1037.742212][ T2971] hsr_slave_0: left promiscuous mode [ 1037.767619][ T2971] hsr_slave_1: left promiscuous mode [ 1037.883676][ T2971] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1037.900713][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1037.922584][ T30] audit: type=1400 audit(1727202740.002:559): avc: denied { map } for pid=11967 comm="syz.2.927" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1037.947562][ T2971] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1038.015453][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1038.216253][ T2971] veth1_macvtap: left promiscuous mode [ 1038.221903][ T2971] veth0_macvtap: left promiscuous mode [ 1038.242020][ T2971] veth1_vlan: left promiscuous mode [ 1038.342383][ T2971] veth0_vlan: left promiscuous mode [ 1039.266684][ T5228] Bluetooth: hci1: command tx timeout [ 1042.738593][T11977] syz.3.925: attempt to access beyond end of device [ 1042.738593][T11977] nbd3: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 1042.773260][T11977] hfsplus: unable to find HFS+ superblock [ 1043.836327][ T2971] team0 (unregistering): Port device team_slave_1 removed [ 1043.924631][ T2971] team0 (unregistering): Port device team_slave_0 removed [ 1045.549501][T11702] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1045.608257][T11702] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1045.856411][T11702] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1046.761787][T11702] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1047.564697][T11930] chnl_net:caif_netlink_parms(): no params data found [ 1047.999673][T11116] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1048.017802][T11116] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1048.026953][T11116] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1048.065932][T11116] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1048.084196][T11116] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1048.093952][T11116] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1048.208601][T11726] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1048.289441][T11726] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1048.516328][ T2971] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1048.585745][T12019] netlink: 'syz.3.933': attribute type 4 has an invalid length. [ 1048.668492][T11726] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1048.708614][T11726] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1048.824447][ T2971] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1048.903246][T12011] ip6gretap0 speed is unknown, defaulting to 1000 [ 1048.911751][T11930] bridge0: port 1(bridge_slave_0) entered blocking state [ 1048.945418][T11930] bridge0: port 1(bridge_slave_0) entered disabled state [ 1048.973079][T11930] bridge_slave_0: entered allmulticast mode [ 1049.012779][T11930] bridge_slave_0: entered promiscuous mode [ 1049.058553][T11702] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1049.139558][ T2971] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1049.211577][T11930] bridge0: port 2(bridge_slave_1) entered blocking state [ 1049.229388][T11930] bridge0: port 2(bridge_slave_1) entered disabled state [ 1049.273623][T11930] bridge_slave_1: entered allmulticast mode [ 1049.302142][T11930] bridge_slave_1: entered promiscuous mode [ 1049.455439][ T2971] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1049.625068][T11702] 8021q: adding VLAN 0 to HW filter on device team0 [ 1049.695935][T11930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1049.784114][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 1049.791307][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1049.852907][T11930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1049.917413][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state [ 1049.924569][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1049.995582][T11116] Bluetooth: hci3: command tx timeout [ 1050.140976][T11930] team0: Port device team_slave_0 added [ 1050.195278][T11930] team0: Port device team_slave_1 added [ 1050.432440][T11930] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1050.482589][T11930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1050.508573][ C1] vkms_vblank_simulate: vblank timer overrun [ 1050.614552][T11930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1050.702016][ T30] audit: type=1326 audit(1727202753.660:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12056 comm="syz.3.935" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb15337def9 code=0x0 [ 1051.196514][ C1] vkms_vblank_simulate: vblank timer overrun [ 1051.905128][ T2971] bridge_slave_1: left allmulticast mode [ 1051.921734][ T2971] bridge_slave_1: left promiscuous mode [ 1051.934030][ T2971] bridge0: port 2(bridge_slave_1) entered disabled state [ 1051.942244][T11116] Bluetooth: hci3: command tx timeout [ 1051.957292][ T2971] bridge_slave_0: left allmulticast mode [ 1051.980678][ T2971] bridge_slave_0: left promiscuous mode [ 1051.986397][ T2971] bridge0: port 1(bridge_slave_0) entered disabled state [ 1053.370034][ T2971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1053.388985][ T2971] bond_slave_0: left promiscuous mode [ 1053.405507][ T2971] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1053.421362][ T2971] bond_slave_1: left promiscuous mode [ 1053.441410][ T2971] bond0 (unregistering): Released all slaves [ 1053.531652][T11930] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1053.546829][T11930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1053.607368][T11930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1053.799308][T11930] hsr_slave_0: entered promiscuous mode [ 1053.818841][T11930] hsr_slave_1: entered promiscuous mode [ 1053.872260][T11116] Bluetooth: hci3: command tx timeout [ 1054.002637][ T25] ip6gretap0 speed is unknown, defaulting to 1000 [ 1054.517064][T11726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1054.682168][T12101] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1054.797876][ T30] audit: type=1400 audit(1727202758.112:561): avc: denied { map } for pid=12098 comm="syz.3.938" path="socket:[52613]" dev="sockfs" ino=52613 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 1054.871155][ T30] audit: type=1400 audit(1727202758.134:562): avc: denied { read } for pid=12098 comm="syz.3.938" path="socket:[52613]" dev="sockfs" ino=52613 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 1055.242083][T12011] chnl_net:caif_netlink_parms(): no params data found [ 1055.343883][T11726] 8021q: adding VLAN 0 to HW filter on device team0 [ 1055.608636][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 1055.615831][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1055.712357][T11116] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 1055.761555][ T2971] hsr_slave_0: left promiscuous mode [ 1055.801901][ T2971] hsr_slave_1: left promiscuous mode [ 1055.816522][T11116] Bluetooth: hci3: command tx timeout [ 1055.859835][T11116] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 1055.878354][ T2971] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1055.911154][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1055.946977][ T2971] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1055.978093][T11116] Bluetooth: hci0: unexpected event for opcode 0x0c20 [ 1055.986945][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1056.084827][ T2971] veth1_macvtap: left promiscuous mode [ 1056.090424][ T2971] veth0_macvtap: left promiscuous mode [ 1056.115102][ T5228] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1056.136117][ T5228] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1056.145687][ T5228] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1056.161828][ T2971] veth1_vlan: left promiscuous mode [ 1056.170710][ T2971] veth0_vlan: left promiscuous mode [ 1056.179852][ T5228] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1056.188295][ T5228] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1056.196009][ T5228] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1056.891975][T12131] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1057.026145][T11116] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 1057.930529][T12135] netlink: 'syz.3.941': attribute type 1 has an invalid length. [ 1057.938411][T12135] netlink: 224 bytes leftover after parsing attributes in process `syz.3.941'. [ 1058.133284][T11116] Bluetooth: hci4: command tx timeout [ 1058.787673][ T2971] team0 (unregistering): Port device team_slave_1 removed [ 1058.876201][ T2971] team0 (unregistering): Port device team_slave_0 removed [ 1060.062302][T11116] Bluetooth: hci4: command tx timeout [ 1060.083321][ T30] audit: type=1400 audit(1727202763.767:563): avc: denied { ioctl } for pid=12139 comm="syz.3.942" path="/dev/usbmon5" dev="devtmpfs" ino=722 ioctlcmd=0x9208 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 1060.131100][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 1060.131246][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1060.181092][T11116] Bluetooth: hci0: unexpected event for opcode 0x080d [ 1060.248034][T12011] bridge0: port 1(bridge_slave_0) entered blocking state [ 1060.255316][T12011] bridge0: port 1(bridge_slave_0) entered disabled state [ 1060.265059][T12011] bridge_slave_0: entered allmulticast mode [ 1060.273411][T12011] bridge_slave_0: entered promiscuous mode [ 1060.287279][T12011] bridge0: port 2(bridge_slave_1) entered blocking state [ 1060.294969][T12011] bridge0: port 2(bridge_slave_1) entered disabled state [ 1060.302434][T12011] bridge_slave_1: entered allmulticast mode [ 1060.333522][T12011] bridge_slave_1: entered promiscuous mode [ 1060.547405][T12144] 9pnet_fd: Insufficient options for proto=fd [ 1060.605125][T12011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1060.623236][T12011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1060.669331][ T2971] IPVS: stop unused estimator thread 0... [ 1060.782231][T11930] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1061.005315][T11930] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1061.047593][T11930] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1061.104078][T12011] team0: Port device team_slave_0 added [ 1061.171825][T11930] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1061.238163][T12011] team0: Port device team_slave_1 added [ 1061.706066][ T5228] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1061.717248][ T5228] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1061.725782][ T5228] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1061.748402][ T5228] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1061.781137][ T5228] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1061.804482][ T5228] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1061.836886][ T5228] Bluetooth: hci0: Ignoring connect complete event for invalid link type [ 1062.001694][ T9994] Bluetooth: hci4: command tx timeout [ 1062.039639][T12011] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1062.056770][T12011] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1062.083725][ C1] vkms_vblank_simulate: vblank timer overrun [ 1062.091680][T12011] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1062.106799][T12011] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1062.118443][T12011] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1062.144376][ C1] vkms_vblank_simulate: vblank timer overrun [ 1062.156644][T12011] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1062.408435][T12011] hsr_slave_0: entered promiscuous mode [ 1062.422355][T12011] hsr_slave_1: entered promiscuous mode [ 1062.435761][T12011] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1062.446743][T12011] Cannot create hsr debugfs directory [ 1062.634304][T12169] netlink: 5 bytes leftover after parsing attributes in process `syz.3.945'. [ 1062.806943][ T9994] Bluetooth: hci0: Malformed Event: 0x2f [ 1062.992529][T12124] chnl_net:caif_netlink_parms(): no params data found [ 1063.223866][ T1050] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1063.377285][ T1050] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1063.484055][T12124] bridge0: port 1(bridge_slave_0) entered blocking state [ 1063.491656][T12124] bridge0: port 1(bridge_slave_0) entered disabled state [ 1063.499257][T12124] bridge_slave_0: entered allmulticast mode [ 1063.516758][T12124] bridge_slave_0: entered promiscuous mode [ 1063.608029][ T1050] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1063.636125][T12124] bridge0: port 2(bridge_slave_1) entered blocking state [ 1063.655414][T12124] bridge0: port 2(bridge_slave_1) entered disabled state [ 1063.663614][T12124] bridge_slave_1: entered allmulticast mode [ 1063.679993][T12124] bridge_slave_1: entered promiscuous mode [ 1063.715344][ T9994] Bluetooth: hci0: command 0x0c1a tx timeout [ 1063.738063][ T1050] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1063.789724][ T9994] Bluetooth: hci5: command tx timeout [ 1063.938842][ T9994] Bluetooth: hci4: command tx timeout [ 1063.939307][T11116] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 1063.953609][T11116] Bluetooth: hci0: Injecting HCI hardware error event [ 1063.969019][ T9994] Bluetooth: hci0: hardware error 0x00 [ 1064.118592][T12124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1064.150827][T12124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1064.227344][T12160] chnl_net:caif_netlink_parms(): no params data found [ 1064.332471][T11930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1064.373993][T12124] team0: Port device team_slave_0 added [ 1064.388013][T12124] team0: Port device team_slave_1 added [ 1064.541086][T11930] 8021q: adding VLAN 0 to HW filter on device team0 [ 1064.657062][ T1050] bridge_slave_1: left allmulticast mode [ 1064.662904][ T1050] bridge_slave_1: left promiscuous mode [ 1064.670699][ T1050] bridge0: port 2(bridge_slave_1) entered disabled state [ 1064.710011][ T1050] bridge_slave_0: left allmulticast mode [ 1064.722816][ T1050] bridge_slave_0: left promiscuous mode [ 1064.741693][ T1050] bridge0: port 1(bridge_slave_0) entered disabled state [ 1064.798104][ T1050] bridge_slave_1: left allmulticast mode [ 1064.803756][ T1050] bridge_slave_1: left promiscuous mode [ 1064.829053][ T1050] bridge0: port 2(bridge_slave_1) entered disabled state [ 1064.862303][ T1050] bridge_slave_0: left allmulticast mode [ 1064.867948][ T1050] bridge_slave_0: left promiscuous mode [ 1064.875025][ T1050] bridge0: port 1(bridge_slave_0) entered disabled state [ 1064.906003][T12200] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1065.727908][T11116] Bluetooth: hci5: command tx timeout [ 1065.952357][ T9994] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1066.216907][T12206] ubi0: attaching mtd0 [ 1066.229767][T12206] ubi0: scanning is finished [ 1066.371379][ T30] audit: type=1400 audit(1727202770.419:564): avc: denied { ioctl } for pid=12203 comm="syz.3.947" path="/dev/nullb0" dev="devtmpfs" ino=682 ioctlcmd=0x125f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1066.932631][T12206] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1067.129930][ T1050] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1067.144401][ T1050] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1067.158568][ T1050] bond0 (unregistering): Released all slaves [ 1067.545805][ T1050] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1067.572583][ T1050] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1067.594857][ T1050] bond0 (unregistering): Released all slaves [ 1067.619097][T12212] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1067.667848][ T9994] Bluetooth: hci5: command tx timeout [ 1067.879748][T12124] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1067.918541][T12124] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1067.944446][ C1] vkms_vblank_simulate: vblank timer overrun [ 1067.951015][T12124] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1068.003831][ T2971] bridge0: port 1(bridge_slave_0) entered blocking state [ 1068.010973][ T2971] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1068.023853][ T2971] bridge0: port 2(bridge_slave_1) entered blocking state [ 1068.031005][ T2971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1068.209270][T12160] bridge0: port 1(bridge_slave_0) entered blocking state [ 1068.216534][T12160] bridge0: port 1(bridge_slave_0) entered disabled state [ 1068.228679][T12160] bridge_slave_0: entered allmulticast mode [ 1068.236712][T12160] bridge_slave_0: entered promiscuous mode [ 1068.246144][T12160] bridge0: port 2(bridge_slave_1) entered blocking state [ 1068.253360][T12160] bridge0: port 2(bridge_slave_1) entered disabled state [ 1068.260764][T12160] bridge_slave_1: entered allmulticast mode [ 1068.268715][T12160] bridge_slave_1: entered promiscuous mode [ 1068.276710][T12124] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1068.291137][T12124] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1068.334512][T12124] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1068.364418][ T1257] ieee802154 phy1 wpan1: encryption failed: -22 [ 1068.901883][T12160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1068.951632][T12124] hsr_slave_0: entered promiscuous mode [ 1068.979039][T12124] hsr_slave_1: entered promiscuous mode [ 1069.004545][T12124] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1069.018259][T12124] Cannot create hsr debugfs directory [ 1069.136017][ T1050] hsr_slave_0: left promiscuous mode [ 1069.147462][ T1050] hsr_slave_1: left promiscuous mode [ 1069.164824][ T1050] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1069.397014][ T1050] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1069.410004][ T1050] hsr_slave_0: left promiscuous mode [ 1069.415982][ T1050] hsr_slave_1: left promiscuous mode [ 1069.426959][ T1050] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1069.437534][ T1050] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1069.629337][ T9994] Bluetooth: hci5: command tx timeout [ 1069.842444][ T1050] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1069.892757][ T1050] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1070.054377][ T1050] veth1_macvtap: left promiscuous mode [ 1070.070257][ T1050] veth0_macvtap: left promiscuous mode [ 1070.076369][ T1050] veth1_vlan: left promiscuous mode [ 1070.082614][ T1050] veth0_vlan: left promiscuous mode [ 1071.112508][ T1050] team0 (unregistering): Port device team_slave_1 removed [ 1071.383304][ T1050] team0 (unregistering): Port device team_slave_0 removed [ 1073.011519][T12239] Falling back ldisc for ttyS3. [ 1073.453555][ T1050] team0 (unregistering): Port device team_slave_1 removed [ 1073.514055][ T1050] team0 (unregistering): Port device team_slave_0 removed [ 1074.212401][T12160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1074.300986][T12160] team0: Port device team_slave_0 added [ 1074.456955][T12160] team0: Port device team_slave_1 added [ 1074.709032][T12160] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1074.732317][T12160] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1074.758231][ C1] vkms_vblank_simulate: vblank timer overrun [ 1074.784532][T12160] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1074.800951][T12160] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1074.808557][T12160] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1074.834590][ C1] vkms_vblank_simulate: vblank timer overrun [ 1074.843438][T12160] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1074.924909][T12253] netlink: 'syz.3.952': attribute type 4 has an invalid length. [ 1075.343823][T12160] hsr_slave_0: entered promiscuous mode [ 1075.368598][T12160] hsr_slave_1: entered promiscuous mode [ 1075.393187][T12160] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1075.409938][T12160] Cannot create hsr debugfs directory [ 1075.505145][T12011] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1075.544240][T12011] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1075.644488][T12011] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1075.805663][T12011] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1076.236846][T11930] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1076.241329][ T30] audit: type=1400 audit(1727202781.105:565): avc: denied { listen } for pid=12270 comm="syz.3.954" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1076.263923][ C1] vkms_vblank_simulate: vblank timer overrun [ 1076.706369][T12280] capability: warning: `syz.3.954' uses 32-bit capabilities (legacy support in use) [ 1077.253654][T12011] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1077.391877][T12124] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1077.444590][T12124] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1077.524141][T12124] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1077.577055][T12011] 8021q: adding VLAN 0 to HW filter on device team0 [ 1077.642301][T12011] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1077.662937][T12011] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1077.685148][T12124] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1077.727073][T11930] veth0_vlan: entered promiscuous mode [ 1077.767164][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 1077.774462][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1077.795622][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 1077.802932][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1077.971709][T12287] binder: BINDER_SET_CONTEXT_MGR already set [ 1077.978337][T12287] binder: 12283:12287 ioctl 4018620d 20000000 returned -16 [ 1077.999478][T11930] veth1_vlan: entered promiscuous mode [ 1078.042073][T12288] binder: 12283:12288 ioctl c0306201 0 returned -14 [ 1078.406636][T11930] veth0_macvtap: entered promiscuous mode [ 1078.435824][T11930] veth1_macvtap: entered promiscuous mode [ 1078.662591][T11930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1078.674919][T11930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1078.686461][T11930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1078.701798][T11930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1078.742528][T11930] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1078.766182][T11930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1078.787172][T11930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1078.798600][T11930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1078.810160][T11930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1078.837144][T11930] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1078.867957][ T1050] bridge_slave_1: left allmulticast mode [ 1078.886598][ T1050] bridge_slave_1: left promiscuous mode [ 1078.897614][ T1050] bridge0: port 2(bridge_slave_1) entered disabled state [ 1078.919353][ T1050] bridge_slave_0: left allmulticast mode [ 1078.926423][ T1050] bridge_slave_0: left promiscuous mode [ 1078.934433][ T1050] bridge0: port 1(bridge_slave_0) entered disabled state [ 1079.542731][ T1050] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1079.558427][ T1050] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1079.575169][ T1050] bond0 (unregistering): Released all slaves [ 1079.607664][T12294] bridge0: port 3(gretap0) entered blocking state [ 1079.614505][T12294] bridge0: port 3(gretap0) entered disabled state [ 1079.623858][T12294] gretap0: entered allmulticast mode [ 1079.630538][T12294] gretap0: entered promiscuous mode [ 1079.638116][T12294] bridge0: port 3(gretap0) entered blocking state [ 1079.645330][T12294] bridge0: port 3(gretap0) entered forwarding state [ 1079.785184][T11930] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1079.797246][T11930] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1079.811998][T11930] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1079.821342][T11930] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1079.838153][T12011] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1079.899189][ T1050] hsr_slave_0: left promiscuous mode [ 1079.925676][ T1050] hsr_slave_1: left promiscuous mode [ 1079.940256][ T1050] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1079.950017][ T1050] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1080.162903][T12299] NILFS (loop3): device size too small [ 1080.402142][ T1050] team0 (unregistering): Port device team_slave_1 removed [ 1080.485047][ T1050] team0 (unregistering): Port device team_slave_0 removed [ 1081.455888][T12302] syz.3.958: attempt to access beyond end of device [ 1081.455888][T12302] nbd3: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 1081.498312][T12302] hfsplus: unable to find HFS+ superblock [ 1081.609372][T12011] veth0_vlan: entered promiscuous mode [ 1081.680245][T12124] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1081.766544][T12011] veth1_vlan: entered promiscuous mode [ 1081.766789][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1081.790428][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1081.971990][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1081.992214][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1082.026555][T12124] 8021q: adding VLAN 0 to HW filter on device team0 [ 1082.051699][T12160] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1082.135084][T12160] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1082.173028][T12160] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1082.224810][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 1082.232073][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1082.311663][T12160] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1082.461812][T12124] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1083.603839][T12124] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1083.692853][ T1050] bridge0: port 2(bridge_slave_1) entered blocking state [ 1083.700113][ T1050] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1083.803621][T12011] veth0_macvtap: entered promiscuous mode [ 1085.338667][ T30] audit: type=1400 audit(1727202789.677:566): avc: denied { ioctl } for pid=12321 comm="syz.3.960" path="socket:[53730]" dev="sockfs" ino=53730 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 1085.400288][ T30] audit: type=1400 audit(1727202789.699:567): avc: denied { write } for pid=12321 comm="syz.3.960" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 1085.429073][T12011] veth1_macvtap: entered promiscuous mode [ 1085.551857][T12011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1085.608650][T12011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1085.637706][T12011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1085.669116][T12011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1085.702442][T12011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1085.729820][T12011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1085.756721][T12011] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1085.818754][T12011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1085.849859][T12011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1085.860092][ T5277] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1085.869115][T12011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1085.891118][T12011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1085.934014][T12011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1085.954981][T12011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1085.991361][T12011] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1086.056391][ T5277] usb 4-1: Using ep0 maxpacket: 16 [ 1086.111406][ T5277] usb 4-1: New USB device found, idVendor=23a7, idProduct=fedc, bcdDevice=e0.0b [ 1086.121027][ T5277] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1086.180993][ T5277] usb 4-1: Product: syz [ 1086.193254][ T5277] usb 4-1: Manufacturer: syz [ 1086.199625][ T5277] usb 4-1: SerialNumber: syz [ 1086.224931][ T5277] usb 4-1: config 0 descriptor?? [ 1086.226240][T12011] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1086.258344][T12011] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1086.274956][T12011] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1086.285217][T12011] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1086.364557][T12124] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1086.698110][T12160] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1086.821925][ T5277] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1086.843905][ T5277] usb 4-1: MIDIStreaming interface descriptor not found [ 1086.935313][ T1127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1086.964359][ T1127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1087.012232][T12160] 8021q: adding VLAN 0 to HW filter on device team0 [ 1087.055875][T12124] veth0_vlan: entered promiscuous mode [ 1087.144165][ T5277] usb 4-1: USB disconnect, device number 6 [ 1087.229387][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1087.254552][T12124] veth1_vlan: entered promiscuous mode [ 1087.276689][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1087.312227][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 1087.319468][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1087.452843][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 1087.460077][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1087.716006][T12124] veth0_macvtap: entered promiscuous mode [ 1087.841457][T12124] veth1_macvtap: entered promiscuous mode [ 1088.055120][T12160] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1088.315966][ T30] audit: type=1400 audit(1727203049.998:568): avc: denied { append } for pid=12376 comm="syz.4.964" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 1088.874001][ T30] audit: type=1400 audit(1727203049.998:569): avc: denied { open } for pid=12376 comm="syz.4.964" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 1088.965423][T12124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1089.534865][ T30] audit: type=1400 audit(1727203050.877:570): avc: denied { bind } for pid=12383 comm="syz.3.965" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 1089.774972][T12124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1089.942997][T12124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1089.996942][T12124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.054122][T12124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1090.083188][ T30] audit: type=1800 audit(1727203051.972:571): pid=12402 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.966" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1090.139756][T12124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.518929][T12124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1095.572267][T12124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.592379][T12124] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1095.891109][T12124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.926893][T12124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.972706][T12124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1096.006709][T12124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1096.044273][T12124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1096.131370][T12124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1096.193158][T12124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1096.225154][T12124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1096.254445][T12124] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1096.278163][T12414] netlink: 'syz.3.967': attribute type 4 has an invalid length. [ 1096.328128][T12124] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.347722][T12124] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.360518][T12124] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.392374][T12124] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.508764][T12160] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1099.207958][ T6373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1099.215822][ T6373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1099.272974][T12160] veth0_vlan: entered promiscuous mode [ 1104.878040][T12160] veth1_vlan: entered promiscuous mode [ 1104.937572][ T2979] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1105.027054][ T2979] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1105.270819][T12160] veth0_macvtap: entered promiscuous mode [ 1106.256451][T12160] veth1_macvtap: entered promiscuous mode [ 1106.510890][T12160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1106.598229][T12160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1106.639374][T12160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1106.670532][T12160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1106.681067][T12160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1106.709344][T12160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1106.725040][T12160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1106.740734][T12160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1106.766982][T12160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1106.780968][T12160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1106.886114][T12160] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1106.963425][T12160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1107.053879][T12160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1107.095023][T12160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1107.122600][T12160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1107.296915][T12160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1107.335380][T12160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1107.367368][T12160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1107.415059][T12160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1107.432401][T12160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1107.442915][T12160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1107.454133][T12160] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1107.676534][T12471] netlink: 'syz.2.974': attribute type 13 has an invalid length. [ 1108.018995][ T5277] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 1108.075305][T12473] netlink: 'syz.4.975': attribute type 12 has an invalid length. [ 1108.090513][T12482] mkiss: ax0: crc mode is auto. [ 1108.205616][T12160] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1108.229206][T12160] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1108.290177][T12160] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1108.296739][ T5277] usb 5-1: language id specifier not provided by device, defaulting to English [ 1108.324749][T12160] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1108.347040][ T5277] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 1108.378890][ T5277] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1108.508776][ T5277] usb 5-1: SerialNumber: æ…­èš¡âµ¬îžŸé§ à¯ƒá„”î¬«å¯€æ¢”ã‹§îƒ—â‰­í¬ [ 1108.549295][ T5277] usb 5-1: config 0 descriptor?? [ 1108.667273][ T5277] usb 5-1: Found UVC 0.00 device (18ec:3288) [ 1108.736454][ T5277] usb 5-1: No valid video chain found. [ 1109.242657][T12501] netlink: 'syz.3.978': attribute type 4 has an invalid length. [ 1110.679536][ T2971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1110.709287][ T2971] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1110.726343][ T4633] usb 5-1: USB disconnect, device number 7 [ 1110.894156][ T1127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1110.934969][ T1127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1111.911687][T12528] Unsupported ieee802154 address type: 0 [ 1113.143673][T12532] netlink: 44 bytes leftover after parsing attributes in process `syz.3.981'. [ 1113.163067][ T30] audit: type=1400 audit(1727203076.627:572): avc: denied { create } for pid=12537 comm="syz.1.985" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1113.193649][ T30] audit: type=1400 audit(1727203076.627:573): avc: denied { ioctl } for pid=12537 comm="syz.1.985" path="socket:[56032]" dev="sockfs" ino=56032 ioctlcmd=0x89e4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1114.196820][T12550] netlink: 'syz.0.986': attribute type 13 has an invalid length. [ 1114.432607][T12552] mkiss: ax0: crc mode is auto. [ 1115.138283][T12560] netlink: 4 bytes leftover after parsing attributes in process `syz.3.989'. [ 1115.280737][T12563] dccp_invalid_packet: pskb_may_pull failed [ 1115.699803][T12568] netlink: 'syz.0.990': attribute type 4 has an invalid length. [ 1116.283745][T12578] syz.3.992: attempt to access beyond end of device [ 1116.283745][T12578] nbd3: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 1116.283822][T12578] hfsplus: unable to find HFS+ superblock [ 1116.439622][T12579] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1125.540265][ T30] audit: type=1400 audit(1727203084.470:574): avc: denied { mount } for pid=12594 comm="syz.2.997" name="/" dev="autofs" ino=56115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 1125.653056][ T1257] ieee802154 phy1 wpan1: encryption failed: -22 [ 1127.159713][ T30] audit: type=1400 audit(1727203091.733:575): avc: denied { unmount } for pid=12011 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 1127.179807][ C1] vkms_vblank_simulate: vblank timer overrun [ 1127.441725][T12615] syz.0.1001: attempt to access beyond end of device [ 1127.441725][T12615] nbd0: rw=2048, sector=2, nr_sectors = 2 limit=0 [ 1127.461675][T12615] hfsplus: unable to find HFS+ superblock [ 1127.845331][T12621] hub 9-0:1.0: USB hub found [ 1127.854873][T12621] hub 9-0:1.0: 8 ports detected [ 1129.186706][T11116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1129.199659][T11116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1129.218898][T11116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1129.244051][T11116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1129.252971][T11116] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1129.261128][T11116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1129.328912][T12630] netlink: 'syz.0.1003': attribute type 4 has an invalid length. [ 1129.349165][T12614] wg2: entered promiscuous mode [ 1129.373105][T12614] wg2: entered allmulticast mode [ 1129.428299][T11116] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1129.470726][T11116] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1129.480588][T11116] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1129.489001][T11116] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1129.498567][T11116] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1129.509173][T11116] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1131.250979][ T9994] Bluetooth: hci0: command tx timeout [ 1131.625807][ T9994] Bluetooth: hci4: command tx timeout [ 1133.143122][T11116] Bluetooth: hci0: command tx timeout [ 1133.404540][ T1050] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1133.517004][T11116] Bluetooth: hci4: command tx timeout [ 1135.003429][ T1050] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1135.048795][T12662] dlm: no local IP address has been set [ 1135.067803][T12662] dlm: cannot start dlm midcomms -107 [ 1135.073716][T11116] Bluetooth: hci0: command tx timeout [ 1135.275626][T12662] trusted_key: encrypted_key: hex blob is missing [ 1135.286540][ T1050] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1135.456788][T11116] Bluetooth: hci4: command tx timeout [ 1135.509421][ T1050] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1135.849572][T12673] binder: BINDER_SET_CONTEXT_MGR already set [ 1135.860828][T12673] binder: 12667:12673 ioctl 4018620d 20000040 returned -16 [ 1137.260722][T11116] Bluetooth: hci0: command tx timeout [ 1137.767264][T11116] Bluetooth: hci4: command tx timeout [ 1139.173485][T12632] chnl_net:caif_netlink_parms(): no params data found [ 1139.432151][T12688] netlink: 'syz.4.1014': attribute type 72 has an invalid length. [ 1139.468413][T12688] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1014'. [ 1140.448415][ T1050] bridge_slave_1: left allmulticast mode [ 1140.479503][ T1050] bridge_slave_1: left promiscuous mode [ 1140.498783][ T1050] bridge0: port 2(bridge_slave_1) entered disabled state [ 1140.532922][ T1050] bridge_slave_0: left allmulticast mode [ 1140.541532][ T1050] bridge_slave_0: left promiscuous mode [ 1140.553374][ T1050] bridge0: port 1(bridge_slave_0) entered disabled state [ 1142.175328][ T1050] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1142.216691][ T1050] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1142.263246][ T1050] bond0 (unregistering): Released all slaves [ 1142.783120][T12632] bridge0: port 1(bridge_slave_0) entered blocking state [ 1142.790552][T12632] bridge0: port 1(bridge_slave_0) entered disabled state [ 1142.799116][T12632] bridge_slave_0: entered allmulticast mode [ 1142.807728][T12632] bridge_slave_0: entered promiscuous mode [ 1143.357522][T12721] netlink: 'syz.0.1026': attribute type 1 has an invalid length. [ 1143.365395][T12721] netlink: 512 bytes leftover after parsing attributes in process `syz.0.1026'. [ 1143.451669][ T30] audit: type=1400 audit(1727203109.222:576): avc: denied { write } for pid=12715 comm="syz.0.1026" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 1143.498998][T12626] chnl_net:caif_netlink_parms(): no params data found [ 1143.573671][T12632] bridge0: port 2(bridge_slave_1) entered blocking state [ 1143.580931][T12632] bridge0: port 2(bridge_slave_1) entered disabled state [ 1143.607318][T12632] bridge_slave_1: entered allmulticast mode [ 1143.649723][T12632] bridge_slave_1: entered promiscuous mode [ 1143.817499][T12729] ubi0: attaching mtd0 [ 1143.828724][T12729] ubi0: scanning is finished [ 1143.930058][T12729] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1143.938291][T12729] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1143.945681][T12729] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1143.952752][T12729] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1143.960389][T12729] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1143.968724][T12729] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1143.976942][T12729] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1234637224 [ 1143.987093][T12729] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1144.036900][T12731] ubi0: background thread "ubi_bgt0d" started, PID 12731 [ 1144.713250][T12632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1144.960774][T12632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1145.064717][ T1050] hsr_slave_0: left promiscuous mode [ 1145.084674][ T1050] hsr_slave_1: left promiscuous mode [ 1145.106366][ T1050] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1145.151234][ T1050] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1145.171072][ T1050] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1145.189464][ T1050] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1145.213908][T12374] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1145.285442][ T1050] veth1_macvtap: left promiscuous mode [ 1145.337383][ T1050] veth0_macvtap: left promiscuous mode [ 1145.343143][ T1050] veth1_vlan: left promiscuous mode [ 1145.454403][ T1050] veth0_vlan: left promiscuous mode [ 1145.488936][T12374] usb 1-1: Using ep0 maxpacket: 32 [ 1145.534931][T12374] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 1145.562989][T12374] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1145.572298][T12374] usb 1-1: Product: syz [ 1145.576570][T12374] usb 1-1: Manufacturer: syz [ 1145.603550][T12374] usb 1-1: SerialNumber: syz [ 1145.627113][T12374] usb 1-1: config 0 descriptor?? [ 1145.644407][T12374] usb 1-1: bad CDC descriptors [ 1145.659377][T12374] usb 1-1: unsupported MDLM descriptors [ 1146.641079][T11116] Bluetooth: hci1: command 0x0406 tx timeout [ 1146.969060][ T1050] team0 (unregistering): Port device team_slave_1 removed [ 1146.987519][ T5320] usb 1-1: USB disconnect, device number 3 [ 1148.515979][ T1050] team0 (unregistering): Port device team_slave_0 removed [ 1150.177565][ T30] audit: type=1400 audit(1727203116.442:577): avc: denied { setattr } for pid=12759 comm="syz.0.1025" name="vbi2" dev="devtmpfs" ino=884 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 1150.774735][T12744] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1022'. [ 1150.831168][T12746] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1022'. [ 1150.953708][T12632] team0: Port device team_slave_0 added [ 1151.147988][T12632] team0: Port device team_slave_1 added [ 1152.342227][T12773] netlink: 'syz.2.1027': attribute type 72 has an invalid length. [ 1152.390544][T12773] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1027'. [ 1153.600720][T12808] Cannot find map_set index 0 as target [ 1153.949713][T12632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1153.985625][T12632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1154.011545][ C1] vkms_vblank_simulate: vblank timer overrun [ 1154.034411][T12632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1154.824932][T12626] bridge0: port 1(bridge_slave_0) entered blocking state [ 1154.860232][T12626] bridge0: port 1(bridge_slave_0) entered disabled state [ 1154.869806][T12626] bridge_slave_0: entered allmulticast mode [ 1154.885352][T12626] bridge_slave_0: entered promiscuous mode [ 1154.922084][T12626] bridge0: port 2(bridge_slave_1) entered blocking state [ 1154.929861][T12626] bridge0: port 2(bridge_slave_1) entered disabled state [ 1154.937984][T12626] bridge_slave_1: entered allmulticast mode [ 1154.973273][T12626] bridge_slave_1: entered promiscuous mode [ 1155.044966][T12632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1155.052563][T12632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1155.097505][T12632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1155.304520][T12626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1155.343589][T12626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1155.529870][ T30] audit: type=1400 audit(1727203122.182:578): avc: denied { write } for pid=12825 comm="syz.0.1035" name="binder1" dev="binder" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1155.571140][T12822] input: syz1 as /devices/virtual/input/input14 [ 1155.578204][T12827] binder: 12825:12827 ioctl 400c620e 20000380 returned -22 [ 1155.752890][ T30] audit: type=1400 audit(1727203122.300:579): avc: denied { connect } for pid=12825 comm="syz.0.1035" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 1161.130329][T12632] hsr_slave_0: entered promiscuous mode [ 1161.177466][T12632] hsr_slave_1: entered promiscuous mode [ 1161.204140][T12632] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1161.225877][T12632] Cannot create hsr debugfs directory [ 1161.288123][T12626] team0: Port device team_slave_0 added [ 1161.330701][T12626] team0: Port device team_slave_1 added [ 1161.342156][T12835] cgroup: No subsys list or none specified [ 1161.569438][T12626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1161.603536][T12626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1161.682224][T12626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1161.720701][T12836] netlink: 'syz.4.1037': attribute type 49 has an invalid length. [ 1161.907019][T12626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1161.932589][T12626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1161.968081][T12626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1162.222301][T12626] hsr_slave_0: entered promiscuous mode [ 1162.248751][T12626] hsr_slave_1: entered promiscuous mode [ 1162.275442][T12626] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1162.302381][T12626] Cannot create hsr debugfs directory [ 1162.740232][T12632] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1163.908446][T12873] virtio-fs: tag <(null)> not found [ 1164.910993][T12632] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1164.993396][T12880] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11) [ 1165.000037][T12880] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1165.060382][T12880] vhci_hcd vhci_hcd.0: Device attached [ 1165.088895][T12884] vhci_hcd: connection closed [ 1165.154144][ T29] vhci_hcd: stop threads [ 1165.201403][ T29] vhci_hcd: release socket [ 1165.218061][ T29] vhci_hcd: disconnect device [ 1165.267530][ T5273] vhci_hcd: vhci_device speed not set [ 1165.295471][T12632] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1165.754475][T12632] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1165.818653][T11116] Bluetooth: hci3: command 0x0406 tx timeout [ 1166.507672][T12632] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1166.602145][T12632] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1166.945765][T12909] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1167.662903][T12632] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1167.866201][T12632] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1173.392200][ T30] audit: type=1400 audit(1727203135.830:580): avc: denied { ioctl } for pid=12918 comm="syz.0.1047" path="socket:[57945]" dev="sockfs" ino=57945 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1174.408715][T12632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1174.427000][T12924] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1048'. [ 1174.531939][T12632] 8021q: adding VLAN 0 to HW filter on device team0 [ 1174.723051][ T2971] bridge0: port 1(bridge_slave_0) entered blocking state [ 1174.730160][ T2971] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1174.768176][ T2971] bridge0: port 2(bridge_slave_1) entered blocking state [ 1174.775334][ T2971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1175.136662][T12626] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1175.505711][ T5283] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 1175.728350][ T5283] usb 1-1: Using ep0 maxpacket: 8 [ 1175.750034][ T5283] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1175.780565][ T5283] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1175.818299][ T5283] usb 1-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 1175.855266][ T5283] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1175.897792][ T5283] usb 1-1: config 0 descriptor?? [ 1175.902632][ T2971] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1175.972083][T12626] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1176.141407][ T5233] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1176.153038][ T5228] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1176.153244][ T5233] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1176.174201][ T5228] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1176.174361][ T5233] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1176.191776][ T5233] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1176.197425][ T5228] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1176.210780][ T5233] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1176.221516][ T5233] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1176.231071][ T5228] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1176.231169][ T5233] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1176.288409][T11116] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1176.359224][ T2971] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1176.374101][ T30] audit: type=1400 audit(1727203373.547:581): avc: denied { setopt } for pid=12933 comm="syz.0.1052" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1176.396040][T12626] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1176.413396][T12934] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1052'. [ 1176.454941][ T2971] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1176.598578][ T2971] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1176.645815][ T5283] hid-picolcd 0003:04D8:F002.0002: unknown main item tag 0x0 [ 1176.662818][T12626] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1176.678474][ T5283] hid-picolcd 0003:04D8:F002.0002: item fetching failed at offset 5/7 [ 1176.698201][ T5283] hid-picolcd 0003:04D8:F002.0002: device report parse failed [ 1176.720774][ T5283] hid-picolcd 0003:04D8:F002.0002: probe with driver hid-picolcd failed with error -22 [ 1176.803259][T12632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1177.039386][T12810] usb 1-1: USB disconnect, device number 4 [ 1177.334339][ T2971] bridge_slave_1: left allmulticast mode [ 1177.349063][ T2971] bridge_slave_1: left promiscuous mode [ 1177.384803][ T2971] bridge0: port 2(bridge_slave_1) entered disabled state [ 1177.405511][ T2971] bridge_slave_0: left allmulticast mode [ 1177.411473][ T2971] bridge_slave_0: left promiscuous mode [ 1177.417940][ T2971] bridge0: port 1(bridge_slave_0) entered disabled state [ 1178.171370][T11116] Bluetooth: hci3: command tx timeout [ 1178.249830][T11116] Bluetooth: hci1: command tx timeout [ 1178.663734][ T2971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1178.738292][ T2971] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1178.769826][ T2971] bond0 (unregistering): Released all slaves [ 1179.486551][ T30] audit: type=1400 audit(1727203376.701:582): avc: denied { mount } for pid=12991 comm="syz.0.1054" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 1180.001463][T12632] veth0_vlan: entered promiscuous mode [ 1180.041722][T12632] veth1_vlan: entered promiscuous mode [ 1180.049437][T11116] Bluetooth: hci5: command 0x0406 tx timeout [ 1180.061057][ T30] audit: type=1400 audit(1727203377.474:583): avc: denied { unmount } for pid=12160 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 1180.114775][ T9994] Bluetooth: hci3: command tx timeout [ 1180.178161][T12937] chnl_net:caif_netlink_parms(): no params data found [ 1180.194041][ T9994] Bluetooth: hci1: command tx timeout [ 1180.228742][T13007] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1055'. [ 1180.427217][ T2971] hsr_slave_0: left promiscuous mode [ 1180.440097][ T2971] hsr_slave_1: left promiscuous mode [ 1180.453485][ T2971] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1180.466938][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1180.484328][ T2971] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1180.493426][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1180.525481][ T2971] veth1_macvtap: left promiscuous mode [ 1180.531205][ T2971] veth0_macvtap: left promiscuous mode [ 1180.536861][ T2971] veth1_vlan: left promiscuous mode [ 1180.542313][T12374] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1180.544618][ T2971] veth0_vlan: left promiscuous mode [ 1180.727074][T12374] usb 1-1: Using ep0 maxpacket: 8 [ 1180.757255][T12374] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1180.770888][T12374] usb 1-1: New USB device found, idVendor=1b3d, idProduct=0146, bcdDevice= 1.b8 [ 1180.783432][T12374] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1180.795130][T12374] usb 1-1: config 0 descriptor?? [ 1180.837038][T12374] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 1180.853790][T12374] usb 1-1: Detected SIO [ 1180.893904][T12374] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1181.549766][ T2971] team0 (unregistering): Port device team_slave_1 removed [ 1181.660741][ T2971] team0 (unregistering): Port device team_slave_0 removed [ 1182.051911][ T9994] Bluetooth: hci3: command tx timeout [ 1182.123202][ T9994] Bluetooth: hci1: command tx timeout [ 1182.511057][T11116] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1182.526939][T11116] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1182.536536][T11116] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1182.538990][ T940] usb 1-1: USB disconnect, device number 5 [ 1182.564114][T11116] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1182.577365][T11116] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1182.585602][T11116] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1182.600822][ T940] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1182.629721][ T940] ftdi_sio 1-1:0.0: device disconnected [ 1182.878028][ T1257] ieee802154 phy1 wpan1: encryption failed: -22 [ 1183.420678][T12937] bridge0: port 1(bridge_slave_0) entered blocking state [ 1183.447951][T12937] bridge0: port 1(bridge_slave_0) entered disabled state [ 1183.455240][T12937] bridge_slave_0: entered allmulticast mode [ 1183.491040][T12937] bridge_slave_0: entered promiscuous mode [ 1183.510793][T12937] bridge0: port 2(bridge_slave_1) entered blocking state [ 1183.542262][T12937] bridge0: port 2(bridge_slave_1) entered disabled state [ 1183.568977][T12937] bridge_slave_1: entered allmulticast mode [ 1183.572369][T13024] netlink: 'syz.0.1056': attribute type 72 has an invalid length. [ 1183.597551][T12937] bridge_slave_1: entered promiscuous mode [ 1183.622528][T13024] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1056'. [ 1183.844411][T12939] chnl_net:caif_netlink_parms(): no params data found [ 1183.986883][ T9994] Bluetooth: hci3: command tx timeout [ 1184.064160][ T9994] Bluetooth: hci1: command tx timeout [ 1184.149604][T11116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1184.161607][T11116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1184.172179][T11116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1184.180953][T11116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1184.189031][T11116] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1184.209367][T11116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1184.527134][T12937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1184.576011][T12937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1184.588599][ T9994] Bluetooth: hci6: command tx timeout [ 1184.883550][ T30] audit: type=1400 audit(1727203382.666:584): avc: denied { execute } for pid=13042 comm="syz.0.1057" dev="hugetlbfs" ino=58362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1184.906653][ T30] audit: type=1400 audit(1727203382.666:585): avc: denied { execute_no_trans } for pid=13042 comm="syz.0.1057" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CE1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F520C8103EC95C85174CBFCF91DF4DF3025E542A202864656C6574656429 dev="hugetlbfs" ino=58362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1184.941886][T12937] team0: Port device team_slave_0 added [ 1185.105433][T12937] team0: Port device team_slave_1 added [ 1185.264675][T12939] bridge0: port 1(bridge_slave_0) entered blocking state [ 1185.272317][T12939] bridge0: port 1(bridge_slave_0) entered disabled state [ 1185.290562][T12939] bridge_slave_0: entered allmulticast mode [ 1185.303599][T12939] bridge_slave_0: entered promiscuous mode [ 1185.363238][T12937] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1185.371573][T12937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1185.399024][T12937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1186.065309][T12939] bridge0: port 2(bridge_slave_1) entered blocking state [ 1186.072792][T12939] bridge0: port 2(bridge_slave_1) entered disabled state [ 1186.081118][T12939] bridge_slave_1: entered allmulticast mode [ 1186.089131][T12939] bridge_slave_1: entered promiscuous mode [ 1186.126654][T12937] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1186.133778][T12937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1186.159921][ T9994] Bluetooth: hci0: command tx timeout [ 1186.168357][T12937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1186.287437][T12937] hsr_slave_0: entered promiscuous mode [ 1186.317042][T12937] hsr_slave_1: entered promiscuous mode [ 1186.579661][ T9994] Bluetooth: hci6: command tx timeout [ 1186.994993][T12939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1187.295186][T12939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1187.616056][T13014] chnl_net:caif_netlink_parms(): no params data found [ 1187.771030][T12939] team0: Port device team_slave_0 added [ 1187.920792][T12939] team0: Port device team_slave_1 added [ 1188.088803][ T9994] Bluetooth: hci0: command tx timeout [ 1188.160607][T12939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1188.167743][T12939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1188.195448][T12939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1188.287337][T12939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1188.294928][T12939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1188.321263][T12939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1188.362752][ T5273] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 1188.461556][ T9994] Bluetooth: hci6: command tx timeout [ 1188.474344][T13014] bridge0: port 1(bridge_slave_0) entered blocking state [ 1188.482590][T13014] bridge0: port 1(bridge_slave_0) entered disabled state [ 1188.490748][T13014] bridge_slave_0: entered allmulticast mode [ 1188.498257][T13014] bridge_slave_0: entered promiscuous mode [ 1188.542697][T12937] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1188.562112][ T5273] usb 1-1: config 0 has an invalid interface number: 108 but max is 0 [ 1188.570719][ T5273] usb 1-1: config 0 has no interface number 0 [ 1188.582964][ T5273] usb 1-1: config 0 interface 108 altsetting 231 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1188.608112][ T5273] usb 1-1: config 0 interface 108 altsetting 231 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1188.621299][ T5273] usb 1-1: config 0 interface 108 has no altsetting 0 [ 1188.628136][ T5273] usb 1-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 1188.640067][ T5273] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1188.655887][ T5273] usb 1-1: config 0 descriptor?? [ 1188.670538][T12939] hsr_slave_0: entered promiscuous mode [ 1188.684947][T12939] hsr_slave_1: entered promiscuous mode [ 1188.691355][T12939] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1188.701388][T12939] Cannot create hsr debugfs directory [ 1188.726704][T13014] bridge0: port 2(bridge_slave_1) entered blocking state [ 1188.738223][T13014] bridge0: port 2(bridge_slave_1) entered disabled state [ 1188.745864][T13014] bridge_slave_1: entered allmulticast mode [ 1188.754743][T13014] bridge_slave_1: entered promiscuous mode [ 1188.906446][T12937] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1189.008135][T12937] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1189.059696][T13014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1189.305021][T13084] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1189.325790][T13084] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1189.336964][T12937] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1189.363975][T13084] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1189.399968][T13084] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1189.412798][T13014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1189.747595][T13032] chnl_net:caif_netlink_parms(): no params data found [ 1189.988285][ T30] audit: type=1400 audit(1727203388.074:586): avc: denied { accept } for pid=13083 comm="syz.0.1061" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 1190.051067][ T9994] Bluetooth: hci0: command tx timeout [ 1190.399445][ T9994] Bluetooth: hci6: command tx timeout [ 1190.856171][T13014] team0: Port device team_slave_0 added [ 1190.947765][T13014] team0: Port device team_slave_1 added [ 1191.104410][T13014] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1191.119310][T13014] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1191.149773][T13014] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1191.170045][T13014] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1191.177512][T13014] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1191.204097][T13014] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1191.254639][T13032] bridge0: port 1(bridge_slave_0) entered blocking state [ 1191.262258][T13032] bridge0: port 1(bridge_slave_0) entered disabled state [ 1191.269671][T13032] bridge_slave_0: entered allmulticast mode [ 1191.278181][T13032] bridge_slave_0: entered promiscuous mode [ 1191.328855][T13032] bridge0: port 2(bridge_slave_1) entered blocking state [ 1191.336404][T13032] bridge0: port 2(bridge_slave_1) entered disabled state [ 1191.344616][T13032] bridge_slave_1: entered allmulticast mode [ 1191.353267][T13032] bridge_slave_1: entered promiscuous mode [ 1191.735724][ T5273] usbhid 1-1:0.108: can't add hid device: -71 [ 1191.742662][ T5273] usbhid 1-1:0.108: probe with driver usbhid failed with error -71 [ 1191.759106][ T5273] usb 1-1: USB disconnect, device number 6 [ 1191.880398][T12937] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1191.952071][T12937] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1191.967208][ T9994] Bluetooth: hci0: command tx timeout [ 1191.987054][T13032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1192.037532][T13032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1192.166778][ T30] audit: type=1400 audit(1727203390.488:587): avc: denied { mounton } for pid=13125 comm="syz.0.1062" path="/36/file0" dev="tmpfs" ino=222 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 1192.167263][T13014] hsr_slave_0: entered promiscuous mode [ 1192.219605][T13014] hsr_slave_1: entered promiscuous mode [ 1192.226711][T13014] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1192.234275][T13014] Cannot create hsr debugfs directory [ 1192.368282][T12937] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1192.380204][T12937] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1192.656922][ T2971] bridge_slave_1: left allmulticast mode [ 1192.663378][ T2971] bridge_slave_1: left promiscuous mode [ 1192.673642][ T2971] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.701058][ T2971] bridge_slave_0: left allmulticast mode [ 1192.707613][ T2971] bridge_slave_0: left promiscuous mode [ 1192.717060][ T2971] bridge0: port 1(bridge_slave_0) entered disabled state [ 1192.730993][ T2971] bridge_slave_1: left allmulticast mode [ 1192.738028][ T2971] bridge_slave_1: left promiscuous mode [ 1192.763632][ T2971] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.791090][ T2971] bridge_slave_0: left allmulticast mode [ 1192.796853][ T2971] bridge_slave_0: left promiscuous mode [ 1192.802638][ T2971] bridge0: port 1(bridge_slave_0) entered disabled state [ 1192.815784][ T2971] bridge_slave_1: left allmulticast mode [ 1192.821443][ T2971] bridge_slave_1: left promiscuous mode [ 1192.829464][ T2971] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.840024][ T2971] bridge_slave_0: left allmulticast mode [ 1192.850577][ T2971] bridge_slave_0: left promiscuous mode [ 1192.856442][ T2971] bridge0: port 1(bridge_slave_0) entered disabled state [ 1194.091095][ T30] audit: type=1400 audit(1727203392.537:588): avc: denied { setattr } for pid=13136 comm="syz.0.1064" name="ptmx" dev="devtmpfs" ino=617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ptmx_t tclass=chr_file permissive=1 [ 1194.124061][ T30] audit: type=1400 audit(1727203392.559:589): avc: denied { append } for pid=13136 comm="syz.0.1064" name="binder1" dev="binder" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1194.929215][ T2971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1194.943897][ T2971] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1194.956170][ T2971] bond0 (unregistering): Released all slaves [ 1194.973579][ T2971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1194.986664][ T2971] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1194.997900][ T2971] bond0 (unregistering): Released all slaves [ 1195.169323][ T2971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1195.180328][ T2971] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1195.202903][ T2971] bond0 (unregistering): Released all slaves [ 1195.231753][T13032] team0: Port device team_slave_0 added [ 1195.242311][T13032] team0: Port device team_slave_1 added [ 1195.515342][T13139] dvmrp0: entered allmulticast mode [ 1195.763846][T13032] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1195.787009][T13032] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1195.848854][T13032] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1195.865166][T13032] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1195.872308][T13032] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1195.900893][T13032] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1196.881569][T13032] hsr_slave_0: entered promiscuous mode [ 1196.903993][T13032] hsr_slave_1: entered promiscuous mode [ 1196.923595][T13032] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1196.936702][T13032] Cannot create hsr debugfs directory [ 1196.979590][ T2971] hsr_slave_0: left promiscuous mode [ 1196.990066][ T2971] hsr_slave_1: left promiscuous mode [ 1196.996484][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1197.017765][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1197.032405][ T2971] hsr_slave_0: left promiscuous mode [ 1197.039698][ T2971] hsr_slave_1: left promiscuous mode [ 1197.050599][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1197.061593][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1197.084070][ T2971] hsr_slave_0: left promiscuous mode [ 1197.096225][ T2971] hsr_slave_1: left promiscuous mode [ 1197.102654][ T2971] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1197.112372][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1197.131247][ T2971] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1197.139153][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1197.214769][ T2971] veth1_vlan: left promiscuous mode [ 1197.230070][ T2971] veth0_vlan: left promiscuous mode [ 1197.245843][ T2971] veth1_macvtap: left promiscuous mode [ 1197.251732][ T2971] veth0_macvtap: left promiscuous mode [ 1197.257861][ T2971] veth1_vlan: left promiscuous mode [ 1197.263924][ T2971] veth0_vlan: left promiscuous mode [ 1198.291769][ T2971] team0 (unregistering): Port device team_slave_1 removed [ 1198.352807][ T2971] team0 (unregistering): Port device team_slave_0 removed [ 1199.131723][ T2971] team0 (unregistering): Port device team_slave_1 removed [ 1199.174789][ T2971] team0 (unregistering): Port device team_slave_0 removed [ 1200.026714][ T2971] team0 (unregistering): Port device team_slave_1 removed [ 1200.087759][ T2971] team0 (unregistering): Port device team_slave_0 removed [ 1203.282095][T12939] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1204.153028][T12939] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1204.221411][T12939] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1204.408536][T12939] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1205.302558][T12937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1206.389383][T12937] 8021q: adding VLAN 0 to HW filter on device team0 [ 1206.519861][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 1206.527280][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1206.563954][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 1206.571194][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1206.795971][T13014] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1207.001456][T13014] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1207.075200][T13182] netlink: 'syz.0.1071': attribute type 2 has an invalid length. [ 1207.083018][T13182] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1071'. [ 1207.668873][T13014] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1207.764847][T13014] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1208.206682][T12939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1208.301027][T13193] Unsupported ieee802154 address type: 0 [ 1209.329693][T12939] 8021q: adding VLAN 0 to HW filter on device team0 [ 1209.499471][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 1209.506750][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1209.634874][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state [ 1209.642169][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1210.080910][ T30] audit: type=1400 audit(1727203409.596:590): avc: denied { ioctl } for pid=13198 comm="syz.0.1073" path="/47/file0/file0" dev="fuse" ino=0 ioctlcmd=0x2202 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 1210.643116][T13014] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1210.651837][T13032] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1210.672651][T13032] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1210.738113][T13032] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1210.768815][T13032] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1210.810711][T13014] 8021q: adding VLAN 0 to HW filter on device team0 [ 1210.827115][T12937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1210.866326][ T9946] bridge0: port 1(bridge_slave_0) entered blocking state [ 1210.873548][ T9946] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1210.945989][ T9946] bridge0: port 2(bridge_slave_1) entered blocking state [ 1210.953211][ T9946] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1211.275585][T12937] veth0_vlan: entered promiscuous mode [ 1211.426031][T12937] veth1_vlan: entered promiscuous mode [ 1211.513266][T12939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1211.568463][T13032] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1211.679296][T13032] 8021q: adding VLAN 0 to HW filter on device team0 [ 1211.712047][T12937] veth0_macvtap: entered promiscuous mode [ 1211.770983][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 1211.778227][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1211.831042][T12937] veth1_macvtap: entered promiscuous mode [ 1211.873209][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state [ 1211.880445][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1211.963586][T13240] netlink: 'syz.0.1075': attribute type 13 has an invalid length. [ 1212.084245][T12937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1212.119083][T12937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1212.152432][T12937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1212.182467][T12937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1212.211572][T12937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1212.243310][T12937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1212.277432][T12937] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1212.330532][T12937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1212.386228][T12937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1212.415585][T12937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1212.455217][T12937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1212.486666][T12937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1212.498695][T12937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1212.520265][T12937] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1212.577360][T13014] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1212.625923][T12937] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1212.640731][T12937] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1212.650097][T12937] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1212.659229][T12937] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1212.935102][T13014] veth0_vlan: entered promiscuous mode [ 1212.975788][T12939] veth0_vlan: entered promiscuous mode [ 1213.099506][T12939] veth1_vlan: entered promiscuous mode [ 1213.275961][T13014] veth1_vlan: entered promiscuous mode [ 1216.769031][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1216.814390][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1217.024524][T13032] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1217.041856][ T1127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1217.065113][ T1127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1217.072069][T12939] veth0_macvtap: entered promiscuous mode [ 1217.155228][T13014] veth0_macvtap: entered promiscuous mode [ 1217.258176][T12939] veth1_macvtap: entered promiscuous mode [ 1217.372131][T13014] veth1_macvtap: entered promiscuous mode [ 1217.403632][T13279] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1217.418725][T13283] syz.0.1077: attempt to access beyond end of device [ 1217.418725][T13283] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1217.483003][T13032] veth0_vlan: entered promiscuous mode [ 1217.485700][T13283] SQUASHFS error: Failed to read block 0x0: -5 [ 1217.513618][T13283] unable to read squashfs_super_block [ 1217.563469][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1217.587168][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1217.608212][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1217.619280][ T30] audit: type=1400 audit(1727203417.793:591): avc: denied { bind } for pid=13281 comm="syz.2.1049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1217.630690][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1217.648977][T13284] Bluetooth: MGMT ver 1.23 [ 1217.715935][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1217.737328][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1217.773852][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1217.802531][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1217.860886][T12939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1217.959738][T13284] netlink: 'syz.2.1049': attribute type 10 has an invalid length. [ 1218.109926][T13284] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 1218.181849][T13288] netdevsim netdevsim2 : renamed from netdevsim0 (while UP) [ 1218.338245][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1218.380476][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1218.444820][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1218.495227][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1218.523642][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1218.573702][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1218.595153][T12939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1218.616004][T12939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1218.671082][T12939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1218.714779][T13032] veth1_vlan: entered promiscuous mode [ 1218.759388][T13014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1218.818010][T13014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1218.844285][T13014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1218.868798][T13014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1218.903859][T13014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1218.915200][T13014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1218.925464][T13014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1218.938704][T13014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1218.954439][T13014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1218.965410][T13014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1218.977909][T13014] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1219.002293][T12939] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1219.020823][T12939] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1219.041879][T12939] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1219.088206][T12939] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1219.127901][T13014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1219.138663][T13014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.156599][T13014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1219.190610][T13014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.201828][T13014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1219.212416][T13014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.238033][T13014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1219.269474][T13014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.293548][T13014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1219.323698][T13014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.365567][T13014] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1219.572055][T13014] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1219.607758][T13014] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1219.627079][T13014] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1219.655904][T13014] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1219.879247][T13032] veth0_macvtap: entered promiscuous mode [ 1219.887938][T12810] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1219.940340][ T2971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1219.966911][ T2971] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1220.002337][T13032] veth1_macvtap: entered promiscuous mode [ 1220.016530][T13307] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1220.089026][T12810] usb 1-1: Using ep0 maxpacket: 32 [ 1220.101709][T13032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1220.117996][T12810] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 1220.140814][T13032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1220.141138][T12810] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1220.178595][T13032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1220.187638][T12810] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1220.203261][T13032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1220.221717][T12810] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1220.243586][T13032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1220.253094][T12810] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1220.274846][T13032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1220.286754][T12810] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1220.292307][T13032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1220.314847][T13032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1220.317352][T12810] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1220.335354][T13032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1220.352236][T13032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1220.379135][T12810] usb 1-1: Product: syz [ 1220.382902][T13032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1220.402187][T12810] usb 1-1: Manufacturer: syz [ 1220.410568][T12810] usb 1-1: SerialNumber: syz [ 1220.410594][T13032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1220.447743][T13032] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1220.451683][T12810] usb 1-1: config 0 descriptor?? [ 1220.504741][ T1050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1220.519895][T12810] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1220.520024][ T1050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1220.540846][T12810] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1220.604783][T13032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1220.628667][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1220.639490][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1220.647019][T13032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1220.658017][T13032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1220.668584][T13032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1220.706437][T13032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1220.717232][T13032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1220.744799][T13032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1220.758505][T13032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1220.769610][T13032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1220.780432][T13032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1220.790422][T13032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1220.811491][T13032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1220.833344][T13032] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1220.880859][T13032] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1220.921480][T13032] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1220.935003][T13032] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1220.950540][T13032] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1221.370387][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1221.459234][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1223.353457][ T5273] usb 1-1: USB disconnect, device number 7 [ 1223.376775][ T5273] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 1223.591640][ T1127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1223.628805][ T1127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1224.515778][T13349] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1225.276464][T13350] mkiss: ax0: crc mode is auto. [ 1225.411097][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1225.509523][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1226.389097][T13359] /dev/sg0: Can't lookup blockdev [ 1228.951353][T13384] netlink: 'syz.4.1088': attribute type 13 has an invalid length. [ 1229.471091][T13407] mkiss: ax0: crc mode is auto. [ 1229.874046][T13415] /dev/sg0: Can't lookup blockdev [ 1230.909454][T13435] mkiss: ax0: crc mode is auto. [ 1235.862145][T13441] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1236.275948][T13451] netlink: 'syz.2.1108': attribute type 13 has an invalid length. [ 1236.325435][ T1050] gretap0: left allmulticast mode [ 1236.334389][ T1050] gretap0: left promiscuous mode [ 1236.339631][ T1050] bridge0: port 3(gretap0) entered disabled state [ 1236.393562][ T1050] bridge_slave_1: left allmulticast mode [ 1236.427112][ T1050] bridge_slave_1: left promiscuous mode [ 1236.530140][ T1050] bridge0: port 2(bridge_slave_1) entered disabled state [ 1236.553696][ T1050] bridge_slave_0: left allmulticast mode [ 1236.594124][ T1050] bridge_slave_0: left promiscuous mode [ 1236.599925][ T1050] bridge0: port 1(bridge_slave_0) entered disabled state [ 1236.675668][ T5283] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1236.977631][ T5283] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1236.992882][ T5283] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1237.017596][ T5283] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1240.051184][ T5283] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1240.152424][ T1257] ieee802154 phy1 wpan1: encryption failed: -22 [ 1240.172316][ T5283] usb 4-1: config 0 descriptor?? [ 1240.187897][ T5283] usb 4-1: can't set config #0, error -71 [ 1240.202798][ T5283] usb 4-1: USB disconnect, device number 7 [ 1242.688780][T13475] 9pnet_fd: Insufficient options for proto=fd [ 1243.509790][T13474] syz.3.1103 (13474): drop_caches: 2 [ 1244.453634][ T1050] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1244.515330][ T1050] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1244.539797][ T1050] bond0 (unregistering): Released all slaves [ 1244.701393][T13449] netlink: 'syz.4.1097': attribute type 10 has an invalid length. [ 1244.929155][T13449] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 1244.978252][T13452] netdevsim netdevsim4 : renamed from netdevsim0 (while UP) [ 1245.303081][T13480] netlink: 'syz.3.1104': attribute type 13 has an invalid length. [ 1246.747522][T13492] netlink: 'syz.0.1117': attribute type 13 has an invalid length. [ 1246.856176][T11116] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1246.869352][T11116] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1246.882210][T11116] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1246.912541][T11116] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1246.924611][T11116] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1246.932387][T11116] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1247.244345][ T9994] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1247.255498][ T9994] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1247.264656][ T9994] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1247.273225][ T9994] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1247.280931][ T9994] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1247.288350][ T9994] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1247.376046][T13506] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1110'. [ 1247.721654][ T30] audit: type=1400 audit(1727203450.098:592): avc: denied { ioctl } for pid=13505 comm="syz.3.1110" path="socket:[62738]" dev="sockfs" ino=62738 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1247.978670][ T30] audit: type=1400 audit(1727203450.259:593): avc: denied { read } for pid=13505 comm="syz.3.1110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1248.310209][ T1050] hsr_slave_0: left promiscuous mode [ 1248.318643][ T1050] hsr_slave_1: left promiscuous mode [ 1248.334216][ T1050] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1248.364030][ T1050] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1248.382095][ T1050] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1248.390069][ T1050] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1248.440522][ T1050] veth1_macvtap: left promiscuous mode [ 1248.483688][ T1050] veth0_macvtap: left promiscuous mode [ 1248.513479][ T1050] veth1_vlan: left promiscuous mode [ 1248.519189][ T1050] veth0_vlan: left promiscuous mode [ 1248.626942][T13512] overlayfs: missing 'workdir' [ 1248.899929][T11116] Bluetooth: hci4: command tx timeout [ 1249.230902][T11116] Bluetooth: hci3: command tx timeout [ 1250.796658][T11116] Bluetooth: hci4: command tx timeout [ 1250.863276][ T1050] team0 (unregistering): Port device team_slave_1 removed [ 1250.960150][ T1050] team0 (unregistering): Port device team_slave_0 removed [ 1251.169092][T11116] Bluetooth: hci3: command tx timeout [ 1252.117185][T13520] Falling back ldisc for ttyS3. [ 1252.124058][T13521] netlink: 'syz.1.1112': attribute type 4 has an invalid length. [ 1252.506364][T13530] mkiss: ax0: crc mode is auto. [ 1252.746718][T11116] Bluetooth: hci4: command tx timeout [ 1253.063202][ T30] audit: type=1400 audit(1727203455.828:594): avc: denied { create } for pid=13534 comm="syz.1.1115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1253.108513][T11116] Bluetooth: hci3: command tx timeout [ 1297.446719][ T1257] ieee802154 phy1 wpan1: encryption failed: -22 [ 1350.945697][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1350.952669][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P2971/1:b..l [ 1350.961118][ C0] rcu: (detected by 0, t=10502 jiffies, g=118081, q=797 ncpus=2) [ 1350.968907][ C0] task:kworker/u8:8 state:R running task stack:23312 pid:2971 tgid:2971 ppid:2 flags:0x00004000 [ 1350.981639][ C0] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 1350.989447][ C0] Call Trace: [ 1350.992766][ C0] [ 1350.995686][ C0] __schedule+0xe37/0x5490 [ 1351.000098][ C0] ? __pfx_mark_lock+0x10/0x10 [ 1351.004864][ C0] ? __pfx_mark_lock+0x10/0x10 [ 1351.009617][ C0] ? batadv_tvlv_container_ogm_append+0x1b5/0x510 [ 1351.016028][ C0] ? batadv_iv_ogm_schedule_buff+0x121e/0x14d0 [ 1351.022187][ C0] ? __pfx___schedule+0x10/0x10 [ 1351.027030][ C0] ? hlock_class+0x4e/0x130 [ 1351.031538][ C0] ? mark_held_locks+0x9f/0xe0 [ 1351.036296][ C0] preempt_schedule_irq+0x51/0x90 [ 1351.041316][ C0] irqentry_exit+0x36/0x90 [ 1351.045723][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1351.051710][ C0] RIP: 0010:lock_acquire+0x1f2/0x560 [ 1351.056991][ C0] Code: c1 05 ea b0 98 7e 83 f8 01 0f 85 ea 02 00 00 9c 58 f6 c4 02 0f 85 d5 02 00 00 48 85 ed 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24 [ 1351.076596][ C0] RSP: 0018:ffffc9000afa7a70 EFLAGS: 00000206 [ 1351.082696][ C0] RAX: dffffc0000000000 RBX: 1ffff920015f4f50 RCX: 0000000000000001 [ 1351.090670][ C0] RDX: 0000000000000001 RSI: ffffffff8b4cddc0 RDI: ffffffff8bb118a0 [ 1351.098630][ C0] RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff2d39ae0 [ 1351.106762][ C0] R10: ffffffff969cd707 R11: 0000000000000000 R12: 0000000000000000 [ 1351.114724][ C0] R13: 0000000000000000 R14: ffffffff8ddba6a0 R15: 0000000000000000 [ 1351.122698][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 1351.127753][ C0] ? batadv_iv_ogm_schedule_buff+0x75c/0x14d0 [ 1351.133812][ C0] ? __pfx_lock_release+0x10/0x10 [ 1351.138827][ C0] ? __local_bh_enable_ip+0xa4/0x120 [ 1351.144105][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 1351.149314][ C0] ? batadv_tvlv_container_ogm_append+0x3c5/0x510 [ 1351.155725][ C0] ? batadv_tvlv_container_ogm_append+0x3c5/0x510 [ 1351.162131][ C0] batadv_iv_ogm_schedule_buff+0x5ac/0x14d0 [ 1351.168014][ C0] ? batadv_iv_ogm_schedule_buff+0x5a6/0x14d0 [ 1351.174074][ C0] ? __pfx_batadv_iv_ogm_schedule_buff+0x10/0x10 [ 1351.180392][ C0] ? batadv_send_skb_packet+0x56e/0x6b0 [ 1351.185958][ C0] batadv_iv_send_outstanding_bat_ogm_packet+0x31e/0x8d0 [ 1351.192992][ C0] process_one_work+0x9c5/0x1b40 [ 1351.197936][ C0] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10 [ 1351.205494][ C0] ? __pfx_process_one_work+0x10/0x10 [ 1351.210877][ C0] ? assign_work+0x1a0/0x250 [ 1351.215463][ C0] worker_thread+0x6c8/0xf00 [ 1351.220050][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1351.225153][ C0] kthread+0x2c1/0x3a0 [ 1351.229218][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1351.234432][ C0] ? __pfx_kthread+0x10/0x10 [ 1351.239026][ C0] ret_from_fork+0x45/0x80 [ 1351.243459][ C0] ? __pfx_kthread+0x10/0x10 [ 1351.248065][ C0] ret_from_fork_asm+0x1a/0x30 [ 1351.252924][ C0] [ 1351.255930][ C0] rcu: rcu_preempt kthread starved for 9638 jiffies! g118081 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 1351.267110][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1351.277084][ C0] rcu: RCU grace-period kthread stack dump: [ 1351.282956][ C0] task:rcu_preempt state:R running task stack:27680 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 1351.294672][ C0] Call Trace: [ 1351.297938][ C0] [ 1351.300858][ C0] __schedule+0xe37/0x5490 [ 1351.305272][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 1351.310483][ C0] ? __pfx___schedule+0x10/0x10 [ 1351.315348][ C0] ? schedule+0x298/0x350 [ 1351.319676][ C0] ? __pfx_lock_release+0x10/0x10 [ 1351.324697][ C0] ? __pfx___mod_timer+0x10/0x10 [ 1351.329645][ C0] ? lock_acquire+0x1b1/0x560 [ 1351.334348][ C0] ? lockdep_init_map_type+0x16d/0x7d0 [ 1351.339821][ C0] schedule+0xe7/0x350 [ 1351.343891][ C0] schedule_timeout+0x136/0x2a0 [ 1351.348735][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 1351.354102][ C0] ? __pfx_process_timeout+0x10/0x10 [ 1351.359412][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1351.365223][ C0] ? prepare_to_swait_event+0xf0/0x470 [ 1351.370684][ C0] rcu_gp_fqs_loop+0x1eb/0xb00 [ 1351.375444][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 1351.380722][ C0] ? rcu_gp_init+0xc82/0x1630 [ 1351.385430][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1351.390633][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1351.396452][ C0] rcu_gp_kthread+0x271/0x380 [ 1351.401131][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1351.406322][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 1351.411538][ C0] ? __kthread_parkme+0x148/0x220 [ 1351.416557][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1351.421748][ C0] kthread+0x2c1/0x3a0 [ 1351.425820][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1351.431051][ C0] ? __pfx_kthread+0x10/0x10 [ 1351.435637][ C0] ret_from_fork+0x45/0x80 [ 1351.440076][ C0] ? __pfx_kthread+0x10/0x10 [ 1351.444672][ C0] ret_from_fork_asm+0x1a/0x30 [ 1351.449439][ C0] [ 1351.452452][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1351.458759][ C0] Sending NMI from CPU 0 to CPUs 1: [ 1351.463967][ C1] NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt+0x1a/0x20