last executing test programs: 1m2.504037426s ago: executing program 0 (id=2285): r0 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000000040), 0x10dd02, 0x0) r1 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, &(0x7f0000000440)={0x2000000000002000, 0x1, 0x56, 0x3}) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SYNC_IOC_FILE_INFO(r2, 0xc0383e04, &(0x7f0000000080)={""/32, 0x0, 0x0, 0x3, 0x0, &(0x7f0000002680)=[{}, {}, {}]}) mq_timedreceive(r1, &(0x7f0000000880)=""/202, 0x8f, 0x200000000004, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) setsockopt$rose(r3, 0x104, 0x1, &(0x7f0000000280), 0x4) munmap(&(0x7f000060f000/0x4000)=nil, 0x4000) readv(r0, &(0x7f00000025c0)=[{&(0x7f00000002c0)=""/4096, 0x1000}, {&(0x7f00000012c0)=""/239, 0xffffffda}, {&(0x7f00000013c0)=""/195, 0xc3}, {&(0x7f0000000100)=""/62, 0x3e}, {&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f00000024c0)=""/251, 0xfb}, {&(0x7f00000001c0)=""/6, 0x6}, {&(0x7f0000000240)=""/56, 0x38}], 0x9) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00000c5000/0x1000)=nil) 59.351574256s ago: executing program 0 (id=2286): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="c00e020030000b02d25a806f8c2d94f90724fc602f1a03", 0x17}], 0x1, 0x0, 0x0, 0x4000}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), 0xffffffffffffffff) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = dup(r2) write$UHID_INPUT(r3, &(0x7f0000000000)={0xfc, {"a2e3ad09ed1a09f91b37090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f383b68090890e0879b0a0ac6e70a9b3361959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b43dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669304e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f137ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a358aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="240000002f933b6abb233ad790c2753cd13ed8f97315107550b29535a156aa5445b7bab8deb826f3b092a889e2c6b5163d744a89f7297bbb0d2a0a10d5e9b779c186b76e51791fa82e1304b873e44c19f286eb6dce8e0978d18c0054dd63c1a21764c2849f489827c88b1871810d1285802633072cda94213645d59d25c8888021768f", @ANYRES16=r1, @ANYBLOB="000127bd7000ffdbdf250500000008003a00faffffff08003b0006000000"], 0x24}, 0x1, 0x0, 0x0, 0x84000}, 0x40880) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x1}) r4 = open$dir(&(0x7f0000000340)='./file0\x00', 0x440203, 0x0) symlinkat(&(0x7f00000001c0)='.\x00', r4, &(0x7f0000000380)='./file0/file0/..\x00') chdir(&(0x7f0000000100)='./file0/file0/..\x00') openat2$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0/file0/..\x00', &(0x7f0000000300)={0x535483, 0x0, 0x8}, 0x18) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140040001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c000280180002800900020073797a320000000008000190fffffffd0900010073799630000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x94}}, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r6, 0xffffffffffffffff, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="180000006a0083130000000000aa065b1b00000800000000"], 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x80) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETVNETBE(r8, 0x400454de, &(0x7f0000000040)) socket$isdn_base(0x22, 0x3, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x2040) openat$vmci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl(r7, 0x8b32, &(0x7f0000000040)) 59.229182726s ago: executing program 0 (id=2360): socket$kcm(0x10, 0x2, 0x0) r0 = io_uring_setup(0x25f3, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x82, 0x257}) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, 0x0, 0x2) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f0000000240)=[0x10000, 0x7], 0x2) r1 = syz_io_uring_setup(0x170d, &(0x7f00000006c0)={0x0, 0x6b74, 0x40, 0x2, 0x24c}, 0x0, 0x0) syz_io_uring_setup(0x7aa2, &(0x7f00000007c0)={0x0, 0x3bd2, 0x2, 0x1, 0xb15, 0x0, r1}, &(0x7f0000000080), 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x0, 0x111, 0x4b4, 0x1c0, 0xd4feffff, 0x290, 0x20a, 0x278, 0x290, 0x278, 0x3, 0x0, {[{{@ipv6={@private0, @empty, [0x0, 0xffffff00], [0xffffff00, 0x0, 0x0, 0xffffffff], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6, 0x8d, 0x0, 0x20}, 0x0, 0x198, 0x1c0, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0xcd, 0x5, 0x2, 0x1}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb00557dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0xa, 0x0, {0x400000000000000}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@loopback, @mcast2, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x3}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x2, 0x300) fsopen(&(0x7f0000000080)='autofs\x00', 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f0000000180)=@file={0x1}, 0x6e) listen(r4, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) connect$unix(r5, &(0x7f0000000000)=@file={0x1}, 0x6e) connect$unix(r5, &(0x7f0000000080)=@file={0x1}, 0x6e) close_range(r3, 0xffffffffffffffff, 0x0) r6 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000200)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r9, @ANYBLOB="00000000000000005c001280110001006272696467655f736c61766500000000440005800500050000000000050020000100000005000800000000000600", @ANYRES32=r7], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmmsg(r6, &(0x7f0000000000), 0x400000000000235, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r10 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) writev(r10, &(0x7f0000000100)=[{&(0x7f0000000180)="a1", 0x1}], 0x1) creat(&(0x7f00000002c0)='./file0\x00', 0x0) 59.056677457s ago: executing program 0 (id=2362): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x0, 0xffff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r1, 0x3, 0xa9, 0x8000c5f) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x2810000, &(0x7f0000000000)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) openat$fb0(0xffffffffffffff9c, 0x0, 0x842, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x1842, 0x136) r3 = syz_open_dev$I2C(&(0x7f0000000040), 0x7f9f, 0x0) r4 = syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r4, 0x0) ptrace$PTRACE_GETSIGMASK(0x420a, r4, 0x8, &(0x7f00000000c0)) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000080)={0x0, 0x0, 0x7, &(0x7f0000000000)={0x22, "e922604a455494c905fd824393fe53e14fcab3d1eb0000000000000000000800"}}) writev(r2, &(0x7f0000000a40)=[{&(0x7f0000001000)="d6", 0xfff5}], 0x20) 58.9547924s ago: executing program 0 (id=2363): socket$kcm(0x10, 0x2, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) (async) socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x8905, &(0x7f0000000040)) (async, rerun: 64) getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x82, &(0x7f0000000000)={'broute\x00', 0x0, 0x0, 0x0, [0x0, 0x9, 0xfffffffffffffffa, 0x8000000000000000, 0x8ec, 0xf240000000]}, &(0x7f00000002c0)=0x78) (async, rerun: 64) getpid() (async) r2 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000300)='memory.oom.group\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000340)=0x9ed, 0x12) (async) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') lseek(r3, 0x2000, 0x0) (async) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r4 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) (async, rerun: 32) r5 = socket$kcm(0x10, 0x2, 0x0) (rerun: 32) sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x8408, &(0x7f0000000680)=[{&(0x7f0000000180)="5c00000014006b03c84e21008bf32c19021800f80200000044000200ac14143705251e6182949a36c23d3b48dfd8cdbf9367b498fa51f60a64c9f4d4938037e786a6d0bdd77f6f60c1504bb9189d9193e9bd1c1b7800000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (async, rerun: 64) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) (async, rerun: 64) ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f0000000080)={0x9, "c1dee5c0fa6ef448a8e13b25e3b31416df0b1efc38d429e301e77aaf818069b54a97ffb365c6c87cbb9be96b75e2adbf89e1850b29d602d2b19323cb3012ad08e9a9f552886069a9fa70afb14e67ed662d43ac7a0e5b87bc233f40ff15fbc62d88b98dae44b7a903f3a7687b2f40089434da93e9321f9b3da0aadad083432d1f56a8fdad507bcf564d2e6acacdfd365e11abd18a31272ded5a2666ab0171e502dd35328b82d75d63392cba8e432ceb44da1bff42bbab04791f09a0622556b3812583034e126cb45062c78b6b00abb947a61018a7adbd3f9f650b84cd6e47fe52851149bf3c445e9a099ebd3f156a8f4fafdb55887162ce59bdb42e07606a108c6634b4697a15cdb99b1cf6fba6994ba0fb44248b27762bf743bada31e00263a439197d5a209e5f7b180d84893cdbc62e1d1cb1ba94ff9461760a8bc0d9a8767e6d7d680b388624a1de8d62bb2a27e67fd591ac7b4d71cabc8d21f85f6b24b8d5a8361d343c77739290e29204a334807a66f914eae3ff55c37a7a7630cf2d569d921ece83e4d33b4b057a561f6cf52867cb7f371c66316dd48bbc2cb65072ccff8b0dbc0a9421e1c841a4e0c42b0dacb5235e8e8c7c01cf45fc1b184ef493538eaff2ca779f181be893d1c605fe9da04099618fb8ca434952c1bb58b785d456eb6635852fb8f5d2c4c4405fe0b7552c03af7b99633d2b2eb903510aba87305bef"}) 57.340970745s ago: executing program 0 (id=2384): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="3800000012000501000000000000000028001a000a0101020000000020000000000000000a010100000000000a000609302189db45d67a93"], 0x38}}, 0x20040810) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0xcf) ioctl$sock_ax25_SIOCDELRT(r1, 0x890c, &(0x7f0000000140)={@default, @null, 0x1, [@null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast]}) syz_io_uring_setup(0x7333, &(0x7f0000000080)={0x0, 0x5b6a, 0x100, 0x0, 0x326}, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300000200000000fbdbdf257f000001000000000000000000000000fe8000000000000000000000000000aafffc0004000000000a00602032000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000c0000000000050000000000000000000000000000004000000000000000fdffffffffffffff02000000000000000000000000000000feffffffffffffff0000000000000000000000000000000017cd00000000000009000000000000400001020300000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x101000, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r4}) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x400, 0x0) sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0xa00c6014}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, 0x0, 0xa10, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x42}}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x880}, 0x4000010) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c633774262eb5ab2c7b9c5cff6ce78185d8c4dc064744e042", 0xffffffffffffffff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56"}) sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0) 57.2913271s ago: executing program 32 (id=2384): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="3800000012000501000000000000000028001a000a0101020000000020000000000000000a010100000000000a000609302189db45d67a93"], 0x38}}, 0x20040810) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0xcf) ioctl$sock_ax25_SIOCDELRT(r1, 0x890c, &(0x7f0000000140)={@default, @null, 0x1, [@null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast]}) syz_io_uring_setup(0x7333, &(0x7f0000000080)={0x0, 0x5b6a, 0x100, 0x0, 0x326}, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300000200000000fbdbdf257f000001000000000000000000000000fe8000000000000000000000000000aafffc0004000000000a00602032000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000c0000000000050000000000000000000000000000004000000000000000fdffffffffffffff02000000000000000000000000000000feffffffffffffff0000000000000000000000000000000017cd00000000000009000000000000400001020300000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x101000, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r4}) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x400, 0x0) sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0xa00c6014}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, 0x0, 0xa10, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x42}}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x880}, 0x4000010) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c633774262eb5ab2c7b9c5cff6ce78185d8c4dc064744e042", 0xffffffffffffffff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56"}) sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0) 2.595901596s ago: executing program 2 (id=3080): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) (async) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000200)={0x2, 0x4e21, @private=0xa0100ff}, 0x10, 0x0, 0x0, &(0x7f0000000480)=[@zcopy_cookie={0x18, 0x114, 0xc, 0x7a2}], 0x18}, 0x40000d0) (async) sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000200)={0x2, 0x4e21, @private=0xa0100ff}, 0x10, 0x0, 0x0, &(0x7f0000000480)=[@zcopy_cookie={0x18, 0x114, 0xc, 0x7a2}], 0x18}, 0x40000d0) socket$packet(0x11, 0x3, 0x300) (async) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x56) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x439, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, 0x49801, 0x49a41}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x2f}]}}}]}, 0x40}}, 0x0) sendto$packet(r1, &(0x7f0000000400)="05d936277c6f5422007f83477ca1b278e3e4018a34e7bfd3de1a00ad6762646c95c716727eb53bcc", 0x28, 0x40880, &(0x7f0000000440)={0x11, 0x86dd, r3, 0x1, 0x4, 0x6, @local}, 0x14) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x100000b, 0x10010, r0, 0x17dbf000) 2.595438114s ago: executing program 2 (id=3081): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = gettid() socket$inet6(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) r1 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2, 0x8000000000000003, {}, 0xfd}, 0x18) sendmsg$nl_route_sched(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=@getchain={0x24, 0x66, 0x400, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xffff, 0x3}, {0xfff1, 0x56e7de01af07971a}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004845}, 0x480c5) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@ipv6_getnetconf={0x14, 0x52, 0x400, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0xffff000000000000, 0x10}, 0x80) 2.457134152s ago: executing program 4 (id=3084): syz_usb_connect(0x0, 0x24, 0x0, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) 1.71643131s ago: executing program 4 (id=3100): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x3}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) landlock_create_ruleset(&(0x7f0000000180)={0x40, 0x4, 0x3}, 0x18, 0x5) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0x44, 0x0, &(0x7f0000000340)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000006380)={0x2020}, 0x2020) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000100)='./file0\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000040), 0x208e24b) ftruncate(r5, 0x3) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x4, 0x43033, 0xffffffffffffffff, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') pread64(r6, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) write$FUSE_INIT(r5, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x2d, 0x3, 0x8000100, 0x7ff, 0x8, 0xfffffffe, 0x7, 0x0, 0x0, 0x10, 0x6}}, 0x50) fcntl$lock(r5, 0x26, &(0x7f0000000380)={0x1, 0x2, 0x5, 0x7}) 1.523384823s ago: executing program 2 (id=3106): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @ipv4={'\x00', '\xff\xff', @empty}}], 0x1c) (async) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @ipv4={'\x00', '\xff\xff', @empty}}], 0x1c) syz_emit_ethernet(0x67, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00', 0x31, 0x3a, 0x1, @private1, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x5dc, {0x6, 0x6, "8896ef", 0x2, 0x2b, 0xff, @private2, @local, [], "80"}}}}}}}, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x7, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6) (async) setsockopt$inet_tcp_int(r1, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, 0x0, 0x0) sendto$inet6(r0, &(0x7f00000004c0)="b0", 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) sendto$inet6(r0, &(0x7f0000000580)="9b", 0x29fff, 0x0, 0x0, 0x0) (async) sendto$inet6(r0, &(0x7f0000000580)="9b", 0x29fff, 0x0, 0x0, 0x0) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000180)={0x0, 0x45, "b75a866a08ff0101b83a74e0bd13eed8279e5408a9c3f2e7004805ca69a905d75799180c1f1e51f087a664044a82b1c741644255695e0110896c10d99c405865e5e092a9fe"}, &(0x7f0000000100)=0x4d) memfd_create(0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r2, 0xffffffffffffffff, 0x100000000000000) (async) close_range(r2, 0xffffffffffffffff, 0x100000000000000) 1.396507601s ago: executing program 2 (id=3109): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40182, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r1, &(0x7f0000000140)={0x0, 0xfffffdb4, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="200000001814010028bd7000000000000800030001200000080001"], 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r2 = socket(0x40000000015, 0x805, 0x0) getsockopt(r2, 0x114, 0x2718, 0x0, &(0x7f00000000c0)) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r3, 0x4008ae48, &(0x7f0000000240)=0x4) 1.390462575s ago: executing program 3 (id=3111): r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x22402) syz_80211_inject_frame(0x0, &(0x7f0000000100)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x101, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0x0, 0x0, 0x1, 0x0, 0x1, 0x8, 0x1}}}, 0x37) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) (async) chdir(&(0x7f0000000140)='./file0\x00') (async) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/resume_offset', 0x102, 0x0) sendfile(r1, r1, 0x0, 0x4) (async) ioctl$FE_SET_PROPERTY(r0, 0x40106f52, &(0x7f0000000040)={0x21, &(0x7f00000000c0)=[{0xb, '\x00', @data=0x4}]}) syz_80211_inject_frame(&(0x7f0000000080)=@device_b, &(0x7f0000000140)=@mgmt_frame=@deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x7fff}, @broadcast, @device_b, @from_mac=@device_b, {0x6, 0x7}}, 0x24, @void}, 0x1a) 1.296413385s ago: executing program 2 (id=3112): syz_emit_ethernet(0x2a, &(0x7f0000002d80)=ANY=[@ANYBLOB="aaaaaaaaaa6b0506040003ffffffffffffab7309fdaaaaaaaaaa41785321db3d1f0f12d11fc6a1a1141dd1a30bae9dde3ba8421b3563e8dea50f3ffd6421e6807e53f63f3d5311cbe6de92ddd550d15a196ca6987ff71c960373d49d492fe2a66ed3fa467437e5f4f6d9e4d81941597767c80a2673c8bf451c3979009d33e425c497b284840500000000000000493e00"/154], 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f00000002c0)={0x27, 0x0, 0xfffffffd, 0x1, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abff005597c8ef039a5be42200", 0x800000000000003c}, 0x60) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0xe625}, {{&(0x7f0000000040), 0x80, &(0x7f0000000200)=[{&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/55, 0x37}, {&(0x7f0000000100)=""/217, 0xd9}, {&(0x7f0000000340)=""/255, 0xff}, {&(0x7f00000019c0)=""/4096, 0x1000}], 0x5, &(0x7f0000000440)=""/132, 0x84}, 0x6}, {{&(0x7f0000000500)=@alg, 0x80, &(0x7f0000000280)=[{&(0x7f0000000580)=""/175, 0xaf}, {&(0x7f0000000640)=""/235, 0xeb}], 0x2, &(0x7f0000000740)=""/238, 0xee}, 0x80}, {{&(0x7f0000000840)=@phonet, 0x80, &(0x7f0000002b00)=[{&(0x7f00000008c0)=""/50, 0x32}, {&(0x7f0000002d00)=""/114, 0x72}, {&(0x7f00000029c0)=""/198, 0xc6}, {&(0x7f0000002ac0)=""/45, 0x2d}], 0x4, &(0x7f0000002b40)=""/134, 0x86}, 0xe11}], 0x4, 0x2160, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x7c499eb379a007f7, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40081271, &(0x7f0000000980)=0x4000) ioctl$BLKRRPART(r1, 0x125f, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000900), 0x2, 0x0) read$FUSE(r2, &(0x7f0000002e40)={0x2020}, 0x2020) 1.295683046s ago: executing program 4 (id=3113): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) mknod$loop(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100, 0x0) r2 = open(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x11) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r2, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x6, 0xfffe}) (async) fcntl$lock(r2, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x6, 0xfffe}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r2, 0xa9525000) link(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async) link(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') close_range(r1, 0xffffffffffffffff, 0x0) mount$9p_virtio(&(0x7f0000000000), &(0x7f00000001c0)='.\x00', &(0x7f0000000080), 0x4, &(0x7f00000000c0)={'trans=virtio,', {[{@cache_fscache}, {@cachetag={'cachetag', 0x3d, '\xd8\x8b\x13\x9ff3/\xb8\xe5xC \x05~\vYJS\xf9FQn\xa8\xfe\xb4\xe0\x9d\x9fd\xe4\x92'}}]}}) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0xfffd}, [@IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}]}, 0x5c}}, 0x804) (async) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0xfffd}, [@IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}]}, 0x5c}}, 0x804) 1.235687568s ago: executing program 2 (id=3115): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) (async) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000080), 0x1) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) (async) syz_usb_control_io$hid(r1, 0x0, 0x0) r2 = syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000880)={0x2020, 0x0, 0x0, 0x0}, 0x2020) quotactl_fd$Q_GETFMT(r0, 0xffffffff80000401, r3, &(0x7f0000000380)) (async) quotactl_fd$Q_GETFMT(r0, 0xffffffff80000401, r3, &(0x7f0000000380)) rt_sigqueueinfo(r2, 0x13, &(0x7f0000000000)={0x24, 0xfe81, 0xffffffff}) tkill(r2, 0x12) waitid(0x0, 0x0, 0x0, 0x8100000e, &(0x7f00000002c0)) syz_usb_control_io$hid(r1, &(0x7f0000000840)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f000000540b4550182195f51584b3"], 0x0}, 0x0) (async) syz_usb_control_io$hid(r1, &(0x7f0000000840)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f000000540b4550182195f51584b3"], 0x0}, 0x0) syz_usb_connect$printer(0x2, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xfd, 0x0, 0x5b}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x110, 0x6, 0x4, 0x3, 0x8, 0xd1}, 0x33, &(0x7f0000000140)={0x5, 0xf, 0x33, 0x3, [@ssp_cap={0x20, 0x10, 0xa, 0x3, 0x5, 0x4, 0xff00, 0x2, [0xc000, 0x0, 0xff0000, 0xcf, 0xc0]}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0xc, 0x0, 0x87cd, 0x82}, @ptm_cap={0x3}]}, 0x2, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4c0a}}, {0xec, &(0x7f00000001c0)=ANY=[@ANYBLOB="ec0364c750f19688a8198d10dd1fe177a759d4e7e7bd855317650728e741a880b497b35be8aeaffecbe66fef8032891e2cd63437740ae796b295370f66e1c341cd25ba52a2494cfb8e7cb63830989ca87cd71d636549c03673c4fefb4267729187cd7d63662a35378b67a308b6be000000000000f1b4f8ea5e6cfe4c6d54adf95e2676a3da573a6a675592897cbfbb4f5e15fa019a23afc24847603bf29504fe045940718856fea48df9f36a463fc7caa737bc5aff2f9562ca3f106101127fa4bf13c8d9b66ff85748c2d44216945d62085f7fc815625fe0945f22a241c12c5bb7338c413b6dbd9caf2ce8fe"]}]}) syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000440)={0x18, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x20, 0x1, 0x1, "dc"}, 0x0}) r4 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x1c, r6, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x4}, @ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x1c}}, 0x80) (async) sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x1c, r6, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x4}, @ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x1c}}, 0x80) getdents64(0xffffffffffffffff, 0xfffffffffffffffe, 0x29) (async) getdents64(0xffffffffffffffff, 0xfffffffffffffffe, 0x29) ioctl$HIDIOCGREPORT(r4, 0x400c4807, &(0x7f0000000040)={0x3, 0x100, 0x7}) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@link_local, @dev, @val={@void}, {@generic={0x4305, "7bfc728d395f0345a11fa9b814528a468478c5d4d6d5d1c6"}}}, 0x0) (async) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@link_local, @dev, @val={@void}, {@generic={0x4305, "7bfc728d395f0345a11fa9b814528a468478c5d4d6d5d1c6"}}}, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r7, 0x84, 0xc, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x9, 0x10}, 0xc) (async) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x9, 0x10}, 0xc) r8 = syz_open_dev$loop(&(0x7f00000000c0), 0x6, 0x2400) fsetxattr$trusted_overlay_redirect(r8, &(0x7f0000000100), 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f00000000c0)="1f", 0xffc0, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.143486909s ago: executing program 1 (id=3118): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000640)={0x0, 0x0}, 0x10) (async, rerun: 64) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x75, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x9c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) (rerun: 64) 1.026077891s ago: executing program 1 (id=3119): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000100)=0x32) read(r0, &(0x7f00000019c0)=""/4093, 0xffd) 926.091414ms ago: executing program 1 (id=3120): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async) alarm(0x709abc910000) alarm(0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x610003d5) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) (async) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f00000001c0), 0x8, &(0x7f00000002c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) (async) chdir(&(0x7f00000003c0)='./bus\x00') (async) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x143042, 0x80) ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000140)) (async, rerun: 64) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 64) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000580)={'veth1_to_bond\x00', 0x0}) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r4 = syz_open_dev$video4linux(&(0x7f0000000400), 0x7, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r4, 0xc0085666, &(0x7f0000000080)={0x2, 0x4}) (async) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r4, 0xc0305616, &(0x7f0000000180)={0x0, {0x4, 0x4}}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r1, r3, 0x25, 0x6}, 0x14) (async, rerun: 64) lsetxattr$security_capability(&(0x7f0000000280)='./file2\x00', &(0x7f0000000300), &(0x7f0000000380)=@v3={0x3000000, [{0x7, 0x4}, {0x7, 0x7f}]}, 0x18, 0x0) (rerun: 64) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfe}], 0x1, 0x5405, 0x0, 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000080)='squashfs\x00', 0x208000, 0x0) 923.466115ms ago: executing program 1 (id=3121): r0 = socket$inet6(0xa, 0x3, 0x7) getsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000000c0)=""/19, &(0x7f0000000100)=0x13) (async, rerun: 32) r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1) (rerun: 32) fsmount(r1, 0x1, 0x9) (async) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty, 0x7f}, 0x1c) (async) r2 = userfaultfd(0x1000) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) (async) ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f0000000040)=0x7, 0x4) 923.361743ms ago: executing program 4 (id=3122): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={0x44, r1, 0x5, 0x0, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0xf9}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_SCAN_SSIDS={0x14, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}, {0x4}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x5}, 0x0) 864.046176ms ago: executing program 1 (id=3123): r0 = socket$inet_tcp(0x2, 0x1, 0x0) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') preadv(r2, &(0x7f0000000840)=[{&(0x7f00000001c0)=""/168, 0xa8}], 0x1, 0x180, 0x0) r3 = memfd_create(&(0x7f0000000540)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?$^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xce\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x14M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5', 0x6) fallocate(r3, 0x0, 0x0, 0x400001) (async) fcntl$addseals(r3, 0x409, 0x9) lseek(r3, 0x0, 0x1) write$RDMA_USER_CM_CMD_NOTIFY(r2, &(0x7f00000000c0)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0xd}}, 0x10) (async) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r1, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) (async) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) (async) r4 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040), 0x501202, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r1, r4, 0x2e, 0x0, @val=@netfilter={0x6, 0x0, 0x9}}, 0x20) 816.027919ms ago: executing program 3 (id=3124): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x84}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x84}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x28, r1, 0x5, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}]]}, 0x28}, 0x1, 0x0, 0x0, 0x40048}, 0x40) 815.251572ms ago: executing program 3 (id=3125): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x40, 0x5, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) (async) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x40, 0x5, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x7) (async) ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x7) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@ccm_128={{}, "b39625e03be22ead", "8da0640c9e8f6b81143f1a1a6d81ee2b", "3b0e7088", "19a4216dfdbf6602"}, 0x28) r1 = signalfd(r0, &(0x7f0000000180)={[0x7]}, 0x8) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x14, 0xa, 0xa, 0x101}, 0x14}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWFLOWTABLE={0x4c, 0x16, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HOOK={0x24, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'bond_slave_1\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x20, 0x16, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x58, 0x18, 0xa, 0x801, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWOBJ={0x5c, 0x12, 0xa, 0xe01, 0x0, 0x0, {0x0, 0x0, 0xa}, @NFT_OBJECT_CT_TIMEOUT=@NFTA_OBJ_DATA={0x48, 0x4, 0x0, 0x1, [@NFTA_CT_TIMEOUT_L4PROTO={0x5, 0x2, 0x1}, @NFTA_CT_TIMEOUT_L4PROTO={0x5, 0x2, 0x1}, @NFTA_CT_TIMEOUT_DATA={0x14, 0x3, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_CLOSE={0x8, 0x8, 0x1, 0x0, 0xe0}, @CTA_TIMEOUT_TCP_CLOSE_WAIT={0x8, 0x5, 0x1, 0x0, 0x6}]}, @NFTA_CT_TIMEOUT_L3PROTO={0x6, 0x1, 0x1, 0x0, 0x8864}, @NFTA_CT_TIMEOUT_L4PROTO={0x5, 0x2, 0x88}, @NFTA_CT_TIMEOUT_L3PROTO={0x6, 0x1, 0x1, 0x0, 0x88a2}, @NFTA_CT_TIMEOUT_L3PROTO={0x6, 0x1, 0x1, 0x0, 0x60d8}]}}, @NFT_MSG_DELRULE={0x14, 0x8, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0xa}}, @NFT_MSG_DELSET={0x34, 0xb, 0xa, 0xa00, 0x0, 0x0, {0x0, 0x0, 0x9}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1c}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x80}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xc0}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x190}, 0x1, 0x0, 0x0, 0x800}, 0x20040081) (async) sendmsg$NFT_BATCH(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWFLOWTABLE={0x4c, 0x16, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HOOK={0x24, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'bond_slave_1\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x20, 0x16, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x58, 0x18, 0xa, 0x801, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWOBJ={0x5c, 0x12, 0xa, 0xe01, 0x0, 0x0, {0x0, 0x0, 0xa}, @NFT_OBJECT_CT_TIMEOUT=@NFTA_OBJ_DATA={0x48, 0x4, 0x0, 0x1, [@NFTA_CT_TIMEOUT_L4PROTO={0x5, 0x2, 0x1}, @NFTA_CT_TIMEOUT_L4PROTO={0x5, 0x2, 0x1}, @NFTA_CT_TIMEOUT_DATA={0x14, 0x3, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_CLOSE={0x8, 0x8, 0x1, 0x0, 0xe0}, @CTA_TIMEOUT_TCP_CLOSE_WAIT={0x8, 0x5, 0x1, 0x0, 0x6}]}, @NFTA_CT_TIMEOUT_L3PROTO={0x6, 0x1, 0x1, 0x0, 0x8864}, @NFTA_CT_TIMEOUT_L4PROTO={0x5, 0x2, 0x88}, @NFTA_CT_TIMEOUT_L3PROTO={0x6, 0x1, 0x1, 0x0, 0x88a2}, @NFTA_CT_TIMEOUT_L3PROTO={0x6, 0x1, 0x1, 0x0, 0x60d8}]}}, @NFT_MSG_DELRULE={0x14, 0x8, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0xa}}, @NFT_MSG_DELSET={0x34, 0xb, 0xa, 0xa00, 0x0, 0x0, {0x0, 0x0, 0x9}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1c}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x80}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xc0}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x190}, 0x1, 0x0, 0x0, 0x800}, 0x20040081) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0xfffff34, 0x0, [{0xf88e470f, 0xed}]}) (async) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0xfffff34, 0x0, [{0xf88e470f, 0xed}]}) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r5, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r1) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)) syz_clone(0x2180, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r6 = syz_clone(0x2180, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(r6, &(0x7f0000000040)='syscall\x00') (async) r7 = syz_open_procfs(r6, &(0x7f0000000040)='syscall\x00') accept4$netrom(r7, 0x0, &(0x7f0000000200), 0x80800) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$lock(r8, 0x6, &(0x7f0000000080)={0x0, 0x2, 0x6, 0x8, r6}) (async) fcntl$lock(r8, 0x6, &(0x7f0000000080)={0x0, 0x2, 0x6, 0x8, r6}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 705.353107ms ago: executing program 3 (id=3126): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001500)=@raw={'raw\x00', 0x8, 0x3, 0xb30, 0x0, 0x43, 0xa0, 0x0, 0x98, 0xa98, 0x178, 0x178, 0xa98, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1a0, 0x1e8, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x3, {0x100010001}}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x1346, 0x7fff, 0x0, '\x00', {0x7ff}}}}, {{@uncond, 0x0, 0x888, 0x8b0, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0xb}]}}, @common=@unspec=@u32={{0x7e0}, {[{[{0x9}, {0x3}, {0x1, 0x1}, {0x0, 0x3}, {0x4, 0x2}, {0xb1d}, {0x3}, {0x8}, {0x2, 0x3}, {0x3}, {0x103}], [{0xe8f3, 0x5}, {0x1d, 0x6}, {0x4, 0x8}, {0x0, 0x4}, {0x4, 0xc3e}, {0x1, 0x100}, {0x6, 0x7}, {0x3, 0x3}, {0xf2, 0x3}, {0x3ff, 0x7}, {0x10, 0x3}], 0x6, 0x6}, {[{0x80, 0x3}, {0x2}, {0x6, 0x1}, {0x355cbac3, 0x2}, {0x0, 0x2}, {0x0, 0x2}, {0x7}, {0xe7, 0x2}, {0x3, 0x3}, {0x5598e8fe, 0x2}, {0x6, 0x1}], [{0x9, 0x9097}, {0x7, 0x9}, {0x7, 0xa}, {0x6, 0x8}, {0x20080, 0x5}, {0x13, 0xc0000000}, {0x40, 0x8}, {0x9, 0x6}, {0x4, 0x2}, {0x6, 0x7fffffff}, {0x7fffffff, 0x400}], 0x7}, {[{0x84, 0x2}, {}, {0x0, 0x2}, {0xffffffff, 0x1}, {}, {0x7, 0x1}, {0x5, 0x2}, {0x8, 0x3}, {0x2, 0x3}, {0x8, 0x1}, {0x7, 0x1}], [{0x9, 0x5}, {0x80, 0x32}, {0x0, 0xfffffff7}, {0xff, 0x1}, {0x7, 0x6}, {0xdb9, 0xff4}, {0x6, 0x3ff}, {0x3, 0x6}, {0x5, 0x10}, {0x9, 0x6}, {0x10000, 0x2}], 0x4, 0xa}, {[{0x3, 0x2}, {0xa, 0x1}, {0x6, 0x1}, {0x10, 0x3}, {0x2, 0x2}, {0x2, 0x2}, {0x3, 0x1}, {0x2, 0x3}, {0x3, 0x1}, {0x2, 0x2}, {0x477d, 0x1}], [{0x4, 0xffffffff}, {0x200, 0x6}, {0x4be1, 0x4044}, {0x1}, {0x5, 0xc}, {0x3, 0x4}, {0x2, 0x4}, {0x800, 0x8000}, {0x8, 0x800}, {0x7, 0x2}, {0xe, 0x8000}], 0x4, 0xb}, {[{0x7, 0x3}, {0xd, 0x3}, {0x5}, {0x61}, {0x9}, {}, {0x2}, {0x1}, {0x0, 0x2}, {0x9, 0x3}, {0x5, 0x3}], [{0x58d, 0x3ff}, {0x0, 0x7f}, {0x6}, {0xfc9b, 0x80000001}, {0x101, 0x7}, {0x7, 0x1}, {0x7, 0x8001}, {0x2, 0x1}, {0x2, 0x2}, {0x9, 0x3}, {0x7, 0x10000}], 0x1}, {[{0x2}, {0x9}, {0x8, 0x1}, {0x2, 0x3}, {0x71, 0x3}, {0x0, 0x2}, {0xe, 0x2}, {0x6, 0x2}, {0x5}, {0x3000000, 0x3}, {0x6, 0x1}], [{0x9, 0x3}, {0x5, 0x7fffffff}, {0xffff, 0x4}, {0x0, 0x7}, {0x8, 0xb502}, {0x1ff, 0x86}, {0x6, 0xffffffff}, {0x3, 0x4}, {0x5, 0x6}, {0xf, 0xf93}, {0x5, 0x4}], 0x3, 0x3}, {[{0x7, 0x1}, {0x3, 0x1}, {0x45d7}, {0xfff, 0x3}, {0xc4f, 0x3}, {0x0, 0x2}, {0x400, 0x1}, {0x2, 0x1}, {0x4, 0x2}, {0xfffffffd}, {0x2}], [{0x3, 0x6}, {0xed, 0xd}, {0x80, 0xb81d}, {0x2ca, 0x80000000}, {0x8, 0xff}, {0x7, 0xc8}, {0x8, 0x6}, {0x4, 0x1}, {0x2, 0x6}, {0xfc, 0x6}, {0xd, 0x138c}], 0x6}, {[{0x4, 0x1}, {0x800}, {0x9, 0x2}, {0xf0000000, 0x2}, {0x6, 0x3}, {0x3, 0x2}, {0x8, 0x2}, {}, {0x9}, {0x400, 0x2}, {0x8, 0x3}], [{0x7, 0xfffffffd}, {0x2}, {0x2, 0x2}, {0x8f, 0x6}, {0x7, 0x5}, {0x8, 0x7}, {0xb, 0x82c6}, {0xb1b}, {0xbd5c, 0xffff}, {0x1, 0x9b8d}, {0xec, 0x5}], 0x2, 0x6}, {[{0x8}, {0x0, 0x1}, {0xac000000}, {0x6, 0x2}, {0x2d8, 0x3}, {0x7e3ea4bc}, {0x8, 0x1}, {0x4f, 0x3}, {0x4, 0x2}, {0xfffffff7}, {0x3, 0x2}], [{0x5, 0x42}, {0x76a74689, 0x4}, {0x1}, {0x8000, 0x7}, {0x400, 0xdd}, {0xfff, 0x8}, {0x76b, 0xfffffffe}, {0xa6d00, 0xfffffff7}, {0x10001, 0xfc8d}, {0x0, 0x10001}, {0x4, 0x3}], 0x1, 0x9}, {[{0x8, 0x1}, {0x3, 0x3}, {0x18, 0x3}, {0x3ff, 0x3}, {0x7fffffff}, {0x8, 0x2}, {0x1}, {0x8, 0x3}, {0xf1b6}, {0x80, 0x3}, {0x4, 0x2}], [{0x2, 0x4}, {0x3, 0xf}, {0x9, 0x6}, {0x7f, 0x8}, {0xffffffff, 0x273e1899}, {0x4, 0x1}, {0x6, 0x3}, {0x1, 0xb7}, {0x8, 0x3}, {0x3, 0x1}, {0x7ff, 0x63}], 0xb, 0x3}, {[{0x1, 0x2}, {0x6, 0x3}, {0xffff, 0x1}, {0x1}, {0x4, 0x3}, {0x4, 0x3}, {0xaa7}, {0x100, 0x3}, {0x2}, {0xfffffff7, 0xb90af65875a5dc08}, {0x4, 0x3}], [{0x3}, {0x8001, 0x7}, {0x10000, 0x7524}, {0x73d, 0x4}, {0x0, 0x280000}, {0x3, 0x3af}, {0x5, 0x2}, {0x101, 0xbf}, {0x10000, 0x6}, {0x3, 0x800}], 0x8, 0x5}], 0x3}}]}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x8}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0xb90) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000000)={'ip6tnl0\x00', 0x0, 0x29, 0x8, 0x45, 0x5, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, 0x80, 0x0, 0x10000}}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000140)={'erspan0\x00', &(0x7f00000000c0)={'syztnl1\x00', r2, 0x700, 0x8000, 0xf, 0x192c, {{0xf, 0x4, 0x2, 0x9, 0x3c, 0x65, 0x0, 0x4, 0x2f, 0x0, @empty, @private=0xa010100, {[@end, @timestamp={0x44, 0x8, 0x25, 0x0, 0x8, [0x0]}, @timestamp_prespec={0x44, 0x1c, 0x20, 0x3, 0x8, [{@remote, 0x1}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1ff}, {@empty, 0x200}]}]}}}}}) 705.133531ms ago: executing program 4 (id=3127): open_by_handle_at(0xffffffffffffff9c, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x9, &(0x7f00000002c0)=@framed={{}, [@jmp={0x6, 0x0, 0xc, 0x0, 0x0, 0x1, 0x25}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit, @cb_func={0x18, 0x0, 0x4, 0x0, 0x2}, @exit]}, &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x807}, 0x94) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0xa, r1, 0x0, r2}) syz_io_uring_setup(0xd3a, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r3 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000040)=@sack_info={0x0, 0x8, 0x1ff}, 0xc) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) 655.398954ms ago: executing program 3 (id=3128): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x1c, 0x15, 0x1, 0x70bd26, 0x25dfdbff, {0x5}, [@typed={0x8, 0x1, 0x0, 0x0, @u32=0xf}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48080}, 0x40010) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x50, r1, 0x200, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xc0da, 0x1a}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x8004}, 0x1001) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) socket(0x2, 0x8, 0xfffffffe) ioctl$KVM_RUN(r5, 0xae80, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r7, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc53}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) ioctl$KVM_INTERRUPT(r8, 0x4004ae86, &(0x7f0000000240)=0x4) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) r10 = socket$l2tp(0x2, 0x2, 0x73) sendto$l2tp(r10, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004840)={0x3c, r12, 0x731, 0x0, 0x0, {0x38}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73}}}]}, 0x3c}, 0x1, 0x2}, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a4c0000000e0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d103"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) 654.854768ms ago: executing program 4 (id=3129): mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x840) unshare(0x2c020400) write$nci(r0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="6105097f030000060006ff030008"], 0x13) mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4003, &(0x7f0000000c00)=0xc, 0x6, 0x2) 595.760128ms ago: executing program 3 (id=3130): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0xfffffffe}) ioctl(r0, 0x8b22, &(0x7f0000000040)) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="a4010000", @ANYRES16=r1, @ANYBLOB="04002abd7000fedbdf2505000000400002800800030002000000060002004e20000008000600060000000800040005000000140001007f000001000000000000000000000000060002004e200000300003801400060000000000000000000000ffff7f0000010800030000000000060007004e210000060004000000000048000380060007004e230000060007004e200000060004000100000008000500e00000020800030002000000060004000500000014000600ff01000000000000000000000000000150000380060007004e220000060007004e2400001400020070696d7265673100000000000000000014000600fc01000000000000000000000000000114000600fc01000000000000000000000000000014000380080001000000000008000500ac1414bb080006000900000044000180080005000400000014000300fe8000000000000000000000000000bb14000300ac1414bb000000000000000000000000080008000300000008000500040000002000038008000500ac1414bb14000600fe8000000000000000000000000000bb08000d00aab20000a9a78ed848a04758db368c15667020c942954b37f951fa5c65597c2e85"], 0x1a4}, 0x1, 0x0, 0x0, 0x2000019}, 0x8000) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000007c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-256\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x800) recvmsg$can_j1939(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/154, 0x9a}, {&(0x7f0000000300)=""/138, 0x8a}], 0x2, &(0x7f0000000680)=""/8, 0x8}, 0x40) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0xfad}}, './file0\x00'}) ioctl$FBIOPUTCMAP(r4, 0x4605, &(0x7f0000000180)={0x81, 0x0, &(0x7f0000000040), &(0x7f0000000080)=[0x1c, 0x9b8, 0x7, 0x8, 0xb, 0x3f9, 0x3ff], &(0x7f0000000100)=[0x3, 0x2b, 0x4259], &(0x7f0000000140)=[0xfff7, 0xa, 0x3, 0x6, 0x101]}) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r3) 0s ago: executing program 1 (id=3131): r0 = socket$packet(0x11, 0x3, 0x300) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') read$qrtrtun(r1, &(0x7f00000004c0)=""/57, 0x39) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = dup(r0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'geneve1\x00'}) set_mempolicy(0x8006, &(0x7f0000000040), 0x7) userfaultfd(0x40002) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x7000004, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'geneve0\x00'}) kernel console output (not intermixed with test programs): [ T7881] hsr_slave_0: left promiscuous mode [ 206.291717][ T7881] hsr_slave_1: left promiscuous mode [ 206.294741][ T7881] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 206.297787][ T7881] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 206.339108][ T7881] pimreg3 (unregistering): left allmulticast mode [ 206.506465][ T34] lo speed is unknown, defaulting to 1000 [ 206.508430][ T34] syz2: Port: 1 Link DOWN [ 206.639170][T13058] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.679846][T13058] veth0_vlan: entered promiscuous mode [ 206.685132][T13058] veth1_vlan: entered promiscuous mode [ 206.707083][T13058] veth0_macvtap: entered promiscuous mode [ 206.713938][T13058] veth1_macvtap: entered promiscuous mode [ 206.726793][T13058] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 206.738556][T13058] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 206.746953][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.755883][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.772718][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.778206][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.815842][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.818871][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.858634][ T7849] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.865943][ T7849] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.876608][ T40] audit: type=1400 audit(1772387143.947:853): avc: denied { mounton } for pid=13058 comm="syz-executor" path="/syzkaller.pUyttI/syz-tmp" dev="sda1" ino=2038 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 206.972279][T13237] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2023'. [ 207.105073][T13249] netlink: 'syz.2.2068': attribute type 4 has an invalid length. [ 207.108496][T13249] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2068'. [ 207.115160][T13249] `: renamed from bond0 (while UP) [ 207.371627][T13268] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2076'. [ 207.374900][T13268] netem: invalid attributes len -22 [ 207.376703][T13268] netem: change failed [ 207.436752][T13270] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 207.447974][T13270] i2c i2c-1: DVB: adapter 0 frontend 0 frequency 50999997 out of range (51000000..2150000000) [ 207.535164][T13276] netlink: 'syz.2.2081': attribute type 5 has an invalid length. [ 207.643916][T13285] FAULT_INJECTION: forcing a failure. [ 207.643916][T13285] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 207.648250][T13285] CPU: 0 UID: 0 PID: 13285 Comm: syz.1.2084 Tainted: G L syzkaller #0 PREEMPT(full) [ 207.648269][T13285] Tainted: [L]=SOFTLOCKUP [ 207.648272][T13285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 207.648279][T13285] Call Trace: [ 207.648284][T13285] [ 207.648288][T13285] dump_stack_lvl+0x100/0x190 [ 207.648318][T13285] should_fail_ex.cold+0x5/0xa [ 207.648332][T13285] _copy_from_user+0x2e/0xd0 [ 207.648353][T13285] copy_msghdr_from_user+0x9f/0x4f0 [ 207.648374][T13285] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 207.648396][T13285] ___sys_sendmsg+0x106/0x1e0 [ 207.648412][T13285] ? __pfx____sys_sendmsg+0x10/0x10 [ 207.648442][T13285] __sys_sendmsg+0x170/0x220 [ 207.648454][T13285] ? __pfx___sys_sendmsg+0x10/0x10 [ 207.648474][T13285] do_syscall_64+0x106/0xf80 [ 207.648485][T13285] ? clear_bhb_loop+0x40/0x90 [ 207.648499][T13285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.648510][T13285] RIP: 0033:0x7ff41379c799 [ 207.648520][T13285] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 207.648530][T13285] RSP: 002b:00007ff41465a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 207.648541][T13285] RAX: ffffffffffffffda RBX: 00007ff413a15fa0 RCX: 00007ff41379c799 [ 207.648548][T13285] RDX: 0000000000000080 RSI: 0000200000000100 RDI: 0000000000000005 [ 207.648554][T13285] RBP: 00007ff41465a090 R08: 0000000000000000 R09: 0000000000000000 [ 207.648560][T13285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.648566][T13285] R13: 00007ff413a16038 R14: 00007ff413a15fa0 R15: 00007ffceab8fab8 [ 207.648580][T13285] [ 207.717715][ T5934] Bluetooth: hci4: command tx timeout [ 208.038346][T13338] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=13338 comm=syz.1.2102 [ 208.043264][T13338] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=13338 comm=syz.1.2102 [ 208.053336][T13338] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54 sclass=netlink_route_socket pid=13338 comm=syz.1.2102 [ 208.104819][T13343] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13343 comm=syz.1.2104 [ 208.148482][T13352] xt_l2tp: v2 sid > 0xffff: 4294967294 [ 208.150452][ T8922] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 208.153507][T13352] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2107'. [ 208.312105][ T8922] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 208.315445][ T8922] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 208.318599][ T8922] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 208.325972][ T8922] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 208.329136][ T8922] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.331967][ T8922] usb 7-1: Product: syz [ 208.333431][ T8922] usb 7-1: Manufacturer: syz [ 208.335077][ T8922] usb 7-1: SerialNumber: syz [ 208.342157][ T8922] hub 7-1:1.0: bad descriptor, ignoring hub [ 208.344690][ T8922] hub 7-1:1.0: probe with driver hub failed with error -5 [ 208.433904][T13360] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2109'. [ 208.441085][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 208.441097][ T40] audit: type=1326 audit(1772387145.517:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13359 comm="syz.0.2109" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efcc359c799 code=0x0 [ 208.545027][ T8922] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 208.743560][ T40] audit: type=1400 audit(1772387145.817:856): avc: denied { read write } for pid=13315 comm="syz.2.2096" name="lp0" dev="devtmpfs" ino=3251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 208.752404][ T40] audit: type=1400 audit(1772387145.817:857): avc: denied { open } for pid=13315 comm="syz.2.2096" path="/dev/usb/lp0" dev="devtmpfs" ino=3251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 208.797509][T13376] netlink: 328 bytes leftover after parsing attributes in process `syz.0.2113'. [ 208.810895][ T40] audit: type=1400 audit(1772387145.887:858): avc: denied { getopt } for pid=13377 comm="syz.3.2114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 208.982384][T13352] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 209.163928][T13414] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2126'. [ 209.168199][T13414] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2126'. [ 209.178086][T13414] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2126'. [ 209.183398][T13414] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2126'. [ 209.281644][ T40] audit: type=1400 audit(1772387146.357:859): avc: denied { write } for pid=13423 comm="syz.1.2129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 209.299539][ T40] audit: type=1400 audit(1772387146.367:860): avc: denied { create } for pid=13423 comm="syz.1.2129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 209.357779][T13431] ip6gre1: entered promiscuous mode [ 209.360322][T13431] ip6gre1: entered allmulticast mode [ 209.368772][T13427] netlink: 'syz.0.2128': attribute type 39 has an invalid length. [ 209.476949][ T6107] usb 7-1: USB disconnect, device number 12 [ 209.483611][ T6107] usblp0: removed [ 209.631243][ T6107] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 209.663060][T13443] tipc: Enabled bearer , priority 0 [ 209.730458][ T5934] Bluetooth: hci4: command tx timeout [ 209.793085][ T6107] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 209.796969][ T6107] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 209.804373][ T6107] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 209.807990][ T6107] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.811380][ T6107] usb 7-1: Product: syz [ 209.813204][ T6107] usb 7-1: Manufacturer: syz [ 209.815265][ T6107] usb 7-1: SerialNumber: syz [ 209.822731][ T6107] hub 7-1:1.0: bad descriptor, ignoring hub [ 209.825683][ T6107] hub 7-1:1.0: probe with driver hub failed with error -5 [ 210.006579][T13452] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 210.012604][T13452] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 210.042010][T13316] can0: slcan on ttynull. [ 210.082420][T13454] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 210.107322][ T40] audit: type=1400 audit(1772387147.177:861): avc: denied { unmount } for pid=5923 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 210.131691][T13315] can0 (unregistered): slcan off ttynull. [ 210.141892][ T6107] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 210.170859][ T6107] usb 7-1: USB disconnect, device number 13 [ 210.177723][ T6107] usblp0: removed [ 210.236193][T13466] overlayfs: failed to clone upperpath [ 210.682467][ T8921] tipc: Node number set to 3173399897 [ 210.763228][T13495] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 210.925240][T13505] netlink: 'syz.0.2156': attribute type 2 has an invalid length. [ 211.016334][T13508] overlayfs: failed to clone lowerpath [ 211.030622][ T6107] usb 7-1: new low-speed USB device number 14 using dummy_hcd [ 211.170538][ T6107] usb 7-1: device descriptor read/64, error -71 [ 211.211880][T13527] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 211.211880][T13527] The task syz.3.2162 (13527) triggered the difference, watch for misbehavior. [ 211.420491][ T6107] usb 7-1: new low-speed USB device number 15 using dummy_hcd [ 211.560461][ T6107] usb 7-1: device descriptor read/64, error -71 [ 211.680489][ T6107] usb usb7-port1: attempt power cycle [ 211.811377][ T5285] Bluetooth: hci4: command tx timeout [ 212.021260][ T6107] usb 7-1: new low-speed USB device number 16 using dummy_hcd [ 212.051137][ T6107] usb 7-1: device descriptor read/8, error -71 [ 212.290720][ T6107] usb 7-1: new low-speed USB device number 17 using dummy_hcd [ 212.311242][ T6107] usb 7-1: device descriptor read/8, error -71 [ 212.355992][T13598] __nla_validate_parse: 37 callbacks suppressed [ 212.356004][T13598] netlink: 240 bytes leftover after parsing attributes in process `syz.0.2185'. [ 212.420827][ T6107] usb usb7-port1: unable to enumerate USB device [ 212.468923][T13602] 8021q: adding VLAN 0 to HW filter on device bond1 [ 212.476619][T13602] 8021q: adding VLAN 0 to HW filter on device bond2 [ 212.480014][T13602] 8021q: adding VLAN 0 to HW filter on device bond3 [ 212.483256][T13602] bond4: left promiscuous mode [ 212.486302][T13602] 8021q: adding VLAN 0 to HW filter on device bond5 [ 212.494829][T13602] 8021q: adding VLAN 0 to HW filter on device bond6 [ 212.498534][T13602] vlan2: left promiscuous mode [ 212.503623][T13602] bond7: left promiscuous mode [ 212.507549][T13602] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.511921][T13602] A link change request failed with some changes committed already. Interface pimreg may have been left with an inconsistent configuration, please check. [ 212.519743][ T7877] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 212.523617][ T7877] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 212.528083][ T7882] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 212.532352][ T7882] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 212.535852][ T7877] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 212.536951][T13602] IPv6: NLM_F_CREATE should be specified when creating new route [ 212.539763][ T7877] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 212.550671][ T8906] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 212.560913][ T8906] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 212.850767][ T5285] Bluetooth: hci3: command 0x1003 tx timeout [ 212.850787][ T5934] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 212.930777][ T5979] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 212.965501][T13628] tmpfs: Unknown parameter '5 4ԅm}Ly5+N/' [ 213.012550][T13617] /dev/nullb0: Can't lookup blockdev [ 213.024825][T13632] netlink: 'syz.3.2198': attribute type 39 has an invalid length. [ 213.025710][T13619] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2194'. [ 213.036532][T13619] : entered promiscuous mode [ 213.101654][ T40] audit: type=1400 audit(1772387150.177:862): avc: denied { read } for pid=13637 comm="syz.1.2200" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 213.126144][T13645] ip6t_srh: unknown srh match flags 4000 [ 213.126631][T13646] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2202'. [ 213.148649][T13650] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 213.159471][T13654] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 213.162416][T13654] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 213.181720][T13654] vhci_hcd vhci_hcd.0: Device attached [ 213.194674][T13655] vhci_hcd: connection closed [ 213.196259][ T13] vhci_hcd vhci_hcd.1: stop threads [ 213.199866][ T13] vhci_hcd vhci_hcd.1: release socket [ 213.203723][ T13] vhci_hcd vhci_hcd.1: disconnect device [ 213.433376][T13664] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2207'. [ 213.478832][T13666] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2208'. [ 213.485135][T13666] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2208'. [ 213.493345][T13666] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2208'. [ 213.493578][ T13] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.496858][T13666] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2208'. [ 213.500087][ T13] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.500122][ T13] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.509222][ T13] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.867519][T13691] "syz.1.2215" (13691) uses obsolete ecb(arc4) skcipher [ 213.953420][ T7882] nci: nci_rsp_packet: unsupported rsp opcode 0xf12 [ 214.017982][ T40] audit: type=1326 audit(1772911439.088:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13679 comm="syz.0.2211" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efcc359c799 code=0x0 [ 214.701274][T13686] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 214.771942][T13711] xt_hashlimit: size too large, truncated to 1048576 [ 214.960632][T13724] netlink: 124 bytes leftover after parsing attributes in process `syz.1.2224'. [ 214.966821][T13724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2224'. [ 215.052184][ T40] audit: type=1400 audit(1772911440.086:864): avc: granted { setsecparam } for pid=13732 comm="syz.2.2228" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 215.111824][ T40] audit: type=1400 audit(1772911440.144:865): avc: denied { listen } for pid=13739 comm="syz.1.2231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 215.112014][T13740] IPVS: set_ctl: invalid protocol: 2 172.20.20.170:20004 [ 215.381182][T13779] netlink: 'syz.1.2243': attribute type 2 has an invalid length. [ 215.385506][T13779] netlink: 'syz.1.2243': attribute type 1 has an invalid length. [ 215.388438][T13779] netlink: 'syz.1.2243': attribute type 1 has an invalid length. [ 215.393506][T13779] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 215.416014][ T40] audit: type=1400 audit(1772911440.435:866): avc: denied { accept } for pid=13781 comm="syz.2.2244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 215.883704][T13785] netlink: 'syz.2.2245': attribute type 4 has an invalid length. [ 216.187579][T13802] ptrace attach of "/syz-executor exec"[13804] was attempted by "/syz-executor exec"[13802] [ 216.306210][T13820] netlink: 'syz.0.2257': attribute type 10 has an invalid length. [ 216.610569][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 216.637986][T13837] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 216.648963][ T8921] IPVS: starting estimator thread 0... [ 216.744341][T13838] IPVS: using max 44 ests per chain, 105600 per kthread [ 217.176301][ T40] audit: type=1400 audit(1772911442.156:867): avc: denied { node_bind } for pid=13864 comm="syz.2.2269" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 217.177858][T13867] program syz.2.2269 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 217.191796][T13867] netlink: 'syz.2.2269': attribute type 63 has an invalid length. [ 217.194349][T13867] gretap0: entered allmulticast mode [ 217.196600][T13867] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 217.233984][T13872] syzkaller0: entered promiscuous mode [ 217.235856][T13872] syzkaller0: entered allmulticast mode [ 217.609007][T13890] __nla_validate_parse: 8 callbacks suppressed [ 217.609023][T13890] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2274'. [ 217.665789][T13887] ptrace attach of "/syz-executor exec"[5931] was attempted by " [ 217.773507][T13898] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2279'. [ 217.836185][T13910] netlink: 'syz.3.2283': attribute type 3 has an invalid length. [ 217.838841][T13910] netlink: 'syz.3.2283': attribute type 1 has an invalid length. [ 217.841334][T13910] netlink: 228 bytes leftover after parsing attributes in process `syz.3.2283'. [ 217.850075][T13914] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2284'. [ 217.930320][ T40] audit: type=1400 audit(1772911442.887:868): avc: denied { mounton } for pid=13922 comm="syz.2.2288" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 217.945384][ T5285] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 217.951207][ T5285] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 217.954835][ T5285] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 217.961851][ T5285] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 217.965529][ T5285] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 218.018662][T13933] JFS: discard option not supported on device [ 218.021857][T13933] Mount JFS Failure: -5 [ 218.083346][ T40] audit: type=1400 audit(1772911443.043:869): avc: denied { listen } for pid=13939 comm="syz.3.2294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 218.128296][T13925] chnl_net:caif_netlink_parms(): no params data found [ 218.200138][T13925] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.204094][T13925] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.206685][T13925] bridge_slave_0: entered allmulticast mode [ 218.209474][T13925] bridge_slave_0: entered promiscuous mode [ 218.212876][T13925] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.215283][T13925] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.217717][T13925] bridge_slave_1: entered allmulticast mode [ 218.220482][T13925] bridge_slave_1: entered promiscuous mode [ 218.235801][T13925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.240374][T13925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.257032][T13925] team0: Port device team_slave_0 added [ 218.260428][T13925] team0: Port device team_slave_1 added [ 218.274764][T13925] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.277093][T13925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 218.285659][T13925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.290169][T13925] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.292782][T13925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 218.301217][T13925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.327042][T13925] hsr_slave_0: entered promiscuous mode [ 218.329853][T13925] hsr_slave_1: entered promiscuous mode [ 218.332083][T13925] debugfs: 'hsr0' already exists in 'hsr' [ 218.334025][T13925] Cannot create hsr debugfs directory [ 218.336766][T13953] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2297'. [ 218.359385][T13953] netlink: 7 bytes leftover after parsing attributes in process `syz.2.2297'. [ 218.387713][ T7849] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 218.391276][ T7849] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.514658][ T7849] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 218.520874][ T7849] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.563101][T13961] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 218.583741][T13969] netlink: 868 bytes leftover after parsing attributes in process `syz.2.2302'. [ 218.613666][ T7849] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 218.617887][ T7849] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.624043][ T40] audit: type=1326 audit(1772911443.570:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13972 comm="syz.2.2303" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f38c939c799 code=0x0 [ 218.632274][T13961] netlink: 596 bytes leftover after parsing attributes in process `syz.1.2300'. [ 218.669862][ T40] audit: type=1400 audit(1772911443.609:871): avc: denied { mount } for pid=13974 comm="syz.1.2304" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 218.678801][T13977] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 218.704219][ T7849] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 218.708461][ T7849] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.723628][ T40] audit: type=1326 audit(1772911443.657:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13978 comm="syz.1.2305" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff41379c799 code=0x0 [ 219.053453][T14004] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2312'. [ 219.460870][ T7849] bond0 (unregistering): Released all slaves [ 219.467776][ T7849] bond1 (unregistering): Released all slaves [ 219.479148][ T7849] bond2 (unregistering): Released all slaves [ 219.494229][ T7849] bond3 (unregistering): Released all slaves [ 219.515114][ T7849] bond4 (unregistering): Released all slaves [ 219.526822][ T7849] bond5 (unregistering): Released all slaves [ 219.534681][ T7849] bond6 (unregistering): Released all slaves [ 219.543020][ T7849] bond7 (unregistering): Released all slaves [ 219.662231][T14019] netlink: 'syz.3.2316': attribute type 3 has an invalid length. [ 219.680133][ T7849] tipc: Left network mode [ 220.057253][ T5934] Bluetooth: hci3: command tx timeout [ 220.184264][T13925] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 220.229624][T14089] openvswitch: netlink: ct_state flags 0000ee00 unsupported [ 220.235290][T13925] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 220.239781][T13925] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 220.244078][T13925] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 220.325257][ T7849] hsr_slave_0: left promiscuous mode [ 220.327769][ T7849] hsr_slave_1: left promiscuous mode [ 220.342465][ T7849] veth1_macvtap: left promiscuous mode [ 220.344569][ T7849] veth1_vlan: left promiscuous mode [ 220.346377][ T7849] veth0_vlan: left promiscuous mode [ 220.407158][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 220.407171][ T40] audit: type=1400 audit(1772911445.309:874): avc: denied { accept } for pid=14109 comm="syz.1.2338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 220.492725][T14115] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.2339'. [ 220.609278][T13925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.612570][T14118] 9p: Bad value for 'dfltgid' [ 220.617252][T14118] 9p: Bad value for 'dfltgid' [ 220.619725][T13925] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.627017][ T7883] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.629363][ T7883] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.650503][ T7883] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.652939][ T7883] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.663664][T13925] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 220.667053][T13925] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 220.752449][T14134] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 220.758791][T14134] Error validating options; rc = [-22] [ 220.776337][T13925] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.798430][T14147] netlink: 'syz.2.2346': attribute type 2 has an invalid length. [ 220.799683][T13925] veth0_vlan: entered promiscuous mode [ 220.803989][ T40] audit: type=1400 audit(1772911445.701:875): avc: denied { getattr } for pid=14144 comm="syz.2.2346" path="socket:[53928]" dev="sockfs" ino=53928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 220.815022][T13925] veth1_vlan: entered promiscuous mode [ 220.830061][T13925] veth0_macvtap: entered promiscuous mode [ 220.841625][T13925] veth1_macvtap: entered promiscuous mode [ 220.849587][T13925] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.858843][T13925] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.867354][ T216] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.870285][ T216] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.876584][ T216] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.876854][ T7849] IPVS: stop unused estimator thread 0... [ 220.879589][ T216] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.941493][T14160] virtio-fs: tag not found [ 220.942322][ T7882] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.949231][ T7882] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.962465][ T7881] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.965688][ T7881] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.036924][T14172] fuse: Bad value for 'fd' [ 221.140050][T14185] xt_cluster: you have exceeded the maximum number of cluster nodes (205 > 32) [ 221.238480][T14192] netlink: 'syz.0.2360': attribute type 12 has an invalid length. [ 221.339523][T14195] i2c i2c-1: Invalid block write size 34 [ 221.797600][T14208] program syz.3.2366 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 221.923083][T14223] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.925987][T14223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.936476][ T40] audit: type=1400 audit(1772911446.808:876): avc: denied { create } for pid=14224 comm="syz.2.2371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 222.144574][T14238] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 222.151039][ T7881] Bluetooth: hci2: Frame reassembly failed (-84) [ 222.746146][T14243] netlink: 'syz.1.2376': attribute type 13 has an invalid length. [ 222.835368][T14252] __nla_validate_parse: 4 callbacks suppressed [ 222.835384][T14252] netlink: 212304 bytes leftover after parsing attributes in process `syz.1.2379'. [ 222.842401][T14252] openvswitch: netlink: Message has 6 unknown bytes. [ 222.855747][ T7883] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.155136][ T5925] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 223.162440][ T5925] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 223.167544][ T5925] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 223.171260][ T5925] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 223.177362][ T5925] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 223.211524][T14274] cgroup2: Unknown parameter 'euid' [ 223.299624][T14272] chnl_net:caif_netlink_parms(): no params data found [ 223.353420][T14272] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.355869][T14272] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.358325][T14272] bridge_slave_0: entered allmulticast mode [ 223.361220][T14272] bridge_slave_0: entered promiscuous mode [ 223.366320][T14272] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.368710][T14272] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.371121][T14272] bridge_slave_1: entered allmulticast mode [ 223.373781][T14272] bridge_slave_1: entered promiscuous mode [ 223.395565][T14272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 223.400304][T14272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 223.428149][T14272] team0: Port device team_slave_0 added [ 223.432960][T14272] team0: Port device team_slave_1 added [ 223.447889][T14298] netlink: 184 bytes leftover after parsing attributes in process `syz.1.2390'. [ 223.451313][T14298] xt_socket: unknown flags 0xd0 [ 223.465969][T14272] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 223.468717][T14272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 223.474814][ T40] audit: type=1400 audit(1772911448.319:877): avc: denied { map } for pid=14299 comm="syz.1.2391" path="socket:[54190]" dev="sockfs" ino=54190 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 223.491008][T14272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 223.498323][T14272] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 223.500612][T14272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 223.501288][T14302] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 223.509488][T14272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 223.520631][T14302] CIFS mount error: No usable UNC path provided in device string! [ 223.520631][T14302] [ 223.535898][T14302] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 223.542164][T14272] hsr_slave_0: entered promiscuous mode [ 223.545469][T14272] hsr_slave_1: entered promiscuous mode [ 223.547554][T14272] debugfs: 'hsr0' already exists in 'hsr' [ 223.549432][T14272] Cannot create hsr debugfs directory [ 223.617140][ T40] audit: type=1400 audit(1772911448.457:878): avc: denied { read } for pid=14301 comm="syz.1.2392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 223.643125][T14272] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 223.649950][T14272] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 223.653892][T14272] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 223.658663][T14272] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 223.682337][T14272] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.684705][T14272] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.687275][T14272] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.689632][T14272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.721015][T14272] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.730938][ T7882] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.734715][ T7882] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.748289][T14272] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.763644][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.766632][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.780660][ T7877] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.783355][ T7877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.938947][T14272] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.995023][T14336] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2397'. [ 224.116443][T14272] veth0_vlan: entered promiscuous mode [ 224.121173][T14272] veth1_vlan: entered promiscuous mode [ 224.136829][T14272] veth0_macvtap: entered promiscuous mode [ 224.141796][T14272] veth1_macvtap: entered promiscuous mode [ 224.153830][T14272] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.165816][T14272] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.173619][ T7881] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.177220][ T7881] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.180712][ T7881] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.183676][ T7881] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.216735][ T5934] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 224.222317][ T7877] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.235804][ T7877] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.260311][ T7881] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.262883][ T7881] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.418587][T14355] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2400'. [ 224.424991][T14355] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2400'. [ 224.468016][ T7883] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.519568][T14364] Bluetooth: hci0: invalid len left 7, exp >= 101 [ 224.548550][ T7883] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.559395][T14366] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2405'. [ 224.572736][T14366] team0: Port device team_slave_0 removed [ 224.633739][ T7883] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.711522][T14377] netlink: 'syz.3.2408': attribute type 1 has an invalid length. [ 224.726818][T14377] 8021q: adding VLAN 0 to HW filter on device bond8 [ 224.827739][ T7883] bridge_slave_1: left allmulticast mode [ 224.830388][ T7883] bridge_slave_1: left promiscuous mode [ 224.832896][ T7883] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.841687][ T7883] bridge_slave_0: left allmulticast mode [ 224.843613][ T7883] bridge_slave_0: left promiscuous mode [ 224.846524][ T7883] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.016029][T14401] binder: BINDER_SET_CONTEXT_MGR already set [ 225.024226][T14401] binder: 14399:14401 ioctl 4018620d 200000000100 returned -16 [ 225.027960][ T7883] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 225.033822][ T7883] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 225.038293][ T7883] bond0 (unregistering): Released all slaves [ 225.243354][T14400] binder: 14399:14400 ioctl c0306201 0 returned -14 [ 225.272870][ T5934] Bluetooth: hci3: command tx timeout [ 225.358487][ T7883] hsr_slave_0: left promiscuous mode [ 225.364731][ T7883] hsr_slave_1: left promiscuous mode [ 225.367514][ T7883] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 225.370485][ T7883] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 225.375199][ T7883] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 225.378285][ T7883] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 225.388498][ T7883] veth1_macvtap: left promiscuous mode [ 225.390741][ T7883] veth0_macvtap: left promiscuous mode [ 225.392994][ T7883] veth1_vlan: left promiscuous mode [ 225.396636][ T7883] veth0_vlan: left promiscuous mode [ 225.626951][ T7883] team0 (unregistering): Port device team_slave_1 removed [ 225.637791][ T7883] team0 (unregistering): Port device team_slave_0 removed [ 225.742019][ T40] audit: type=1326 audit(1772911450.552:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14420 comm="syz.4.2418" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f680e59c799 code=0x0 [ 225.798583][ T40] audit: type=1326 audit(1772911450.601:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14420 comm="syz.4.2418" exe="/syz-executor" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7f680e59c799 code=0x0 [ 225.919156][T14438] overlayfs: failed to clone lowerpath [ 226.180357][ T40] audit: type=1400 audit(1772911450.975:881): avc: denied { audit_read } for pid=14451 comm="syz.1.2422" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 226.220423][T14459] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 226.233393][T14463] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2424'. [ 226.740817][T14457] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 226.759969][T14472] tmpfs: Bad value for 'mpol' [ 226.914495][T14482] xt_hashlimit: size too large, truncated to 1048576 [ 227.056419][T14502] dlm: Unknown command passed to DLM device : 33 [ 227.056419][T14502] [ 227.062502][T14502] netlink: 'syz.3.2433': attribute type 1 has an invalid length. [ 227.073897][T14502] 8021q: adding VLAN 0 to HW filter on device bond9 [ 227.086946][T14502] netlink: 'syz.3.2433': attribute type 50 has an invalid length. [ 227.089529][T14502] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2433'. [ 227.101343][T14502] bond9: (slave gretap2): making interface the new active one [ 227.105412][T14502] bond9: (slave gretap2): Enslaving as an active interface with an up link [ 227.119436][T14502] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=14502 comm=syz.3.2433 [ 227.255208][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1 [ 227.258144][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1 [ 227.261056][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1 [ 227.264231][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1 [ 227.267474][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #0 [ 227.270292][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.274465][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.278643][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.285957][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.289100][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.292418][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.296551][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.300596][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.304688][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.308324][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.311362][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.314967][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.318595][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.321612][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.325087][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.328305][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.331939][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.337464][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.340737][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.346093][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.350159][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.353865][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.358954][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.359527][T14534] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2442'. [ 227.362650][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.368929][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.372186][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.375942][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.378962][T14521] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.2439' sets config #1344 [ 227.393854][ T5934] Bluetooth: hci3: command tx timeout [ 227.396032][T14533] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2442'. [ 227.416648][ T40] audit: type=1400 audit(1772911452.197:882): avc: denied { watch watch_reads } for pid=14540 comm="syz.3.2443" path="pipe:[7222]" dev="pipefs" ino=7222 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 227.434106][ T40] audit: type=1400 audit(1772911452.197:883): avc: denied { relabelfrom } for pid=14540 comm="syz.3.2443" name="" dev="pipefs" ino=55047 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 227.547112][ T5285] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 227.554129][ T5285] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 227.558507][ T5285] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 227.562945][ T5285] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 227.570059][ T5285] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 227.683821][T14562] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57 sclass=netlink_route_socket pid=14562 comm=syz.1.2449 [ 227.756465][T14550] chnl_net:caif_netlink_parms(): no params data found [ 227.759052][T14568] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048) [ 227.793034][ T40] audit: type=1400 audit(1772911452.572:884): avc: denied { execute_no_trans } for pid=14571 comm="syz.1.2452" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CE1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F522C8103EC95C85174CBFCF91DF4DF3025E542A202864656C6574656429 dev="hugetlbfs" ino=56536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 227.838431][T14550] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.841052][T14550] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.843719][T14550] bridge_slave_0: entered allmulticast mode [ 227.846634][T14550] bridge_slave_0: entered promiscuous mode [ 227.850291][T14550] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.852686][T14550] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.855469][T14550] bridge_slave_1: entered allmulticast mode [ 227.858203][T14550] bridge_slave_1: entered promiscuous mode [ 227.877037][T14550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.882661][T14550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.902717][T14550] team0: Port device team_slave_0 added [ 227.907266][T14550] team0: Port device team_slave_1 added [ 227.922806][T14550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 227.925207][T14550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 227.934103][T14550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 227.938853][T14550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 227.941411][T14550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 227.950144][T14550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 227.981785][T14550] hsr_slave_0: entered promiscuous mode [ 227.984523][T14550] hsr_slave_1: entered promiscuous mode [ 227.987609][T14550] debugfs: 'hsr0' already exists in 'hsr' [ 227.989858][T14550] Cannot create hsr debugfs directory [ 228.085295][T14550] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 228.088804][T14550] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.148871][T14583] openvswitch: netlink: Multiple metadata blocks provided [ 228.164648][T14550] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 228.168875][T14550] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.231190][T14550] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 228.235501][T14550] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.314099][T14550] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 228.318770][T14550] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.449183][T14550] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 228.453430][T14550] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 228.459377][T14550] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 228.464828][T14550] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 228.506789][T14550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 228.521791][T14550] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.527301][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.529810][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.540028][ T7882] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.542596][ T7882] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.699863][T14550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 228.730591][T14550] veth0_vlan: entered promiscuous mode [ 228.735424][T14550] veth1_vlan: entered promiscuous mode [ 228.749506][T14550] veth0_macvtap: entered promiscuous mode [ 228.754092][T14550] veth1_macvtap: entered promiscuous mode [ 228.762385][T14550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 228.769304][T14550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 228.778528][ T7849] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.781480][ T7849] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.785632][ T7849] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.791161][ T7849] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.820439][ T7849] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.825547][ T7849] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.839702][ T7883] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.842319][ T7883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.979888][T14635] __nla_validate_parse: 3 callbacks suppressed [ 228.979900][T14635] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.2468'. [ 229.012788][T14626] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2465'. [ 229.272302][T14656] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2473'. [ 229.491176][ T5285] Bluetooth: hci3: command tx timeout [ 229.554874][T14671] binder: BINDER_SET_CONTEXT_MGR bad uid 60928 != 0 [ 229.557565][T14671] binder: 14670:14671 ioctl 4018620d 200000000240 returned -1 [ 229.561888][T14671] binder: BINDER_SET_CONTEXT_MGR bad uid 60928 != 0 [ 229.564537][T14671] binder: 14670:14671 ioctl 4018620d 200000000100 returned -1 [ 229.592663][ T40] audit: type=1400 audit(1772911454.349:885): avc: denied { mounton } for pid=14672 comm="syz.1.2480" path="/571/file0" dev="tmpfs" ino=3013 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 229.592750][T14674] 9p: Bad value for 'wfdno' [ 229.653168][ T5285] Bluetooth: hci2: command tx timeout [ 230.279448][T14691] IPVS: sync thread started: state = MASTER, mcast_ifn = dummy0, syncid = 2, id = 0 [ 230.315433][T14694] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2487'. [ 230.327340][T14694] 8021q: adding VLAN 0 to HW filter on device bond4 [ 230.331633][T14693] netlink: 207952 bytes leftover after parsing attributes in process `syz.1.2487'. [ 230.368913][ T5285] Bluetooth: hci4: unexpected event 0x14 length: 10 > 6 [ 230.427076][T14712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2493'. [ 230.463542][T14715] misc userio: Begin command sent, but we're already running [ 230.778477][T14739] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2500'. [ 230.802070][T14739] pimreg: entered allmulticast mode [ 230.813188][T14739] pimreg: left allmulticast mode [ 230.881514][T14747] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2501'. [ 230.968143][T14757] syzkaller1: entered promiscuous mode [ 230.970638][T14757] syzkaller1: entered allmulticast mode [ 231.595585][ T5934] Bluetooth: hci3: command tx timeout [ 231.704565][T14788] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2514'. [ 231.708129][T14788] netlink: 'syz.1.2514': attribute type 30 has an invalid length. [ 231.717400][ T7877] netdevsim netdevsim1 netdevsim0: set [0, 1] type 1 family 0 port 8472 - 0 [ 231.720004][T14788] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2514'. [ 231.720854][ T7877] netdevsim netdevsim1 netdevsim1: set [0, 1] type 1 family 0 port 8472 - 0 [ 231.724228][T14788] netlink: 'syz.1.2514': attribute type 30 has an invalid length. [ 231.727857][ T7877] netdevsim netdevsim1 netdevsim2: set [0, 1] type 1 family 0 port 8472 - 0 [ 231.727879][ T7877] netdevsim netdevsim1 netdevsim3: set [0, 1] type 1 family 0 port 8472 - 0 [ 231.756171][ T5934] Bluetooth: hci2: command tx timeout [ 233.030153][T14859] Can't find a SQUASHFS superblock on nullb0 [ 233.035381][T14847] netlink: 'syz.1.2531': attribute type 1 has an invalid length. [ 233.049302][ T5934] Bluetooth: hci0: command 0x1003 tx timeout [ 233.050816][ T5285] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 233.102242][ T40] audit: type=1400 audit(1772911457.822:886): avc: denied { append } for pid=14866 comm="syz.3.2537" name="usbmon3" dev="devtmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 233.137232][T14874] tmpfs: Unknown parameter 'mply 31Et' [ 233.186108][T14880] netlink: 'syz.3.2541': attribute type 30 has an invalid length. [ 233.274731][T14894] overlayfs: failed to clone upperpath [ 233.367101][T14897] pim6reg1: entered promiscuous mode [ 233.369399][T14897] pim6reg1: entered allmulticast mode [ 233.748170][T14931] dlm: Unknown command passed to DLM device : 33 [ 233.748170][T14931] [ 233.758626][T14931] netlink: 'syz.2.2555': attribute type 1 has an invalid length. [ 233.765037][T14934] program syz.3.2556 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 233.778716][T14931] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.793900][T14931] netlink: 'syz.2.2555': attribute type 50 has an invalid length. [ 233.803930][T14931] bond0: (slave gretap1): making interface the new active one [ 233.807249][T14931] bond0: (slave gretap1): Enslaving as an active interface with an up link [ 233.816690][ T1114] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0 [ 233.822239][ T1114] ata1.00: irq_stat 0x40000000 [ 233.824990][T14931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=14931 comm=syz.2.2555 [ 233.826395][ T1114] ata1.00: failed command: ZAC MANAGEMENT OUT [ 233.833433][ T1114] ata1.00: cmd 9f/01:00:00:00:00/00:00:00:00:00/40 tag 5 [ 233.833433][ T1114] res 41/04:00:00:00:00/00:00:00:00:00/40 Emask 0x1 (device error) [ 233.841098][ T1114] ata1.00: status: { DRDY ERR } [ 233.843332][ T1114] ata1.00: error: { ABRT } [ 233.845507][ T1114] ata1.00: device reported invalid CHS sector 0 [ 233.866904][ T5285] Bluetooth: hci2: command tx timeout [ 233.905735][ T40] audit: type=1400 audit(1772911458.604:887): avc: denied { append } for pid=14936 comm="syz.2.2557" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 233.913791][ T40] audit: type=1400 audit(1772911458.604:888): avc: denied { setattr } for pid=14936 comm="syz.2.2557" name="CAN_RAW" dev="sockfs" ino=57252 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 233.952238][ T40] audit: type=1400 audit(1772911458.664:889): avc: denied { listen } for pid=14940 comm="syz.2.2559" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 233.975723][T14943] bridge_slave_1: left allmulticast mode [ 233.982408][T14943] bridge_slave_1: left promiscuous mode [ 233.985118][T14943] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.991155][T14943] bridge_slave_0: left allmulticast mode [ 233.993687][T14943] bridge_slave_0: left promiscuous mode [ 233.996326][T14943] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.089059][T14947] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 234.153769][T14957] __nla_validate_parse: 6 callbacks suppressed [ 234.153784][T14957] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2564'. [ 234.159122][T14957] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2564'. [ 234.169090][ T40] audit: type=1400 audit(1772911458.872:890): avc: denied { read } for pid=14960 comm="syz.1.2566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 234.229389][ T40] audit: type=1400 audit(1772911458.931:891): avc: denied { load_policy } for pid=14965 comm="syz.2.2569" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 234.229439][T14966] SELinux: truncated policydb string identifier [ 234.238370][T14966] SELinux: failed to load policy [ 234.286840][T14974] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 234.301277][T14972] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 234.321147][ T5934] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 234.325429][ T5934] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 234.334249][ T5934] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 234.334723][T14981] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 234.344316][ T5934] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 234.347966][ T5934] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 234.368611][T14983] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 234.502609][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 234.513314][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 234.516416][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 234.519098][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 234.522087][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 234.584116][T15005] misc userio: The device must be registered before sending interrupts [ 234.587619][T15006] misc userio: The device must be registered before sending interrupts [ 234.590630][T15007] misc userio: The device must be registered before sending interrupts [ 234.595887][T15007] misc userio: The device must be registered before sending interrupts [ 234.598585][T15007] misc userio: The device must be registered before sending interrupts [ 234.676687][T15012] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 234.909116][ C3] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 234.984936][T14975] chnl_net:caif_netlink_parms(): no params data found [ 235.208866][T15037] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.212080][T15037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.234678][T15041] netlink: 'syz.3.2593': attribute type 9 has an invalid length. [ 235.310839][T14975] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.313296][T14975] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.325719][T14975] bridge_slave_0: entered allmulticast mode [ 235.331401][T14975] bridge_slave_0: entered promiscuous mode [ 235.334518][T14975] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.336958][T14975] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.339383][T14975] bridge_slave_1: entered allmulticast mode [ 235.355280][T14975] bridge_slave_1: entered promiscuous mode [ 235.374144][T14975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 235.378810][T14975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 235.394037][T14975] team0: Port device team_slave_0 added [ 235.397196][T14975] team0: Port device team_slave_1 added [ 235.411862][T14975] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 235.414201][T14975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 235.422917][T14975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 235.435378][T14975] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 235.437743][T14975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 235.447931][T14975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 235.484280][T14975] hsr_slave_0: entered promiscuous mode [ 235.486750][T14975] hsr_slave_1: entered promiscuous mode [ 235.489349][T14975] debugfs: 'hsr0' already exists in 'hsr' [ 235.491898][T14975] Cannot create hsr debugfs directory [ 235.617742][T14975] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 235.624459][T14975] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0 [ 235.627881][T14975] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.755934][T14975] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 235.760101][T14975] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0 [ 235.767607][T14975] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.824694][T15090] MPI: mpi too large (124808 bits) [ 235.826859][T15090] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2607'. [ 235.865886][T15097] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2609'. [ 235.948795][T14975] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 235.953320][T14975] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0 [ 235.957249][ T5934] Bluetooth: hci2: command tx timeout [ 235.959672][T14975] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.967333][ T40] audit: type=1400 audit(1772911460.657:892): avc: denied { mount } for pid=15102 comm="syz.2.2611" name="/" dev="configfs" ino=72 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 235.984646][T15104] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2610'. [ 235.995667][ T40] audit: type=1400 audit(1772911460.686:893): avc: denied { create } for pid=15101 comm="syz.4.2610" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 236.014993][ T40] audit: type=1400 audit(1772911460.696:894): avc: denied { shutdown } for pid=15113 comm="syz.3.2613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 236.023699][T15120] wg1: entered promiscuous mode [ 236.025762][T15120] wg1: entered allmulticast mode [ 236.030163][T15119] hfs: can't find a HFS filesystem on dev sr0 [ 236.070667][T14975] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 236.075132][T14975] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0 [ 236.082332][T14975] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.094577][ T40] audit: type=1400 audit(1772911460.776:895): avc: denied { create } for pid=15127 comm="syz.4.2617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 236.205125][ T5934] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 236.210537][ T5934] Bluetooth: hci4: Injecting HCI hardware error event [ 236.216897][ T5934] Bluetooth: hci4: hardware error 0x00 [ 236.276908][T15136] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2619'. [ 236.309278][T14975] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 236.314628][T14975] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 236.319157][T14975] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 236.323401][T14975] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 236.382390][T14975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.390610][T14975] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.396269][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.398676][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.410450][ T7884] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.412795][ T7884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.438479][ T5285] Bluetooth: hci0: command tx timeout [ 236.533600][T14975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.567404][T15164] netlink: 45 bytes leftover after parsing attributes in process `syz.2.2624'. [ 236.567756][T14975] veth0_vlan: entered promiscuous mode [ 236.578428][T14975] veth1_vlan: entered promiscuous mode [ 236.609351][T14975] veth0_macvtap: entered promiscuous mode [ 236.630232][T14975] veth1_macvtap: entered promiscuous mode [ 236.642083][T14975] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 236.646640][T14975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 236.676727][ T7838] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.679834][ T7838] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.685059][T15179] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 236.689896][T15179] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 236.695510][ T7838] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.701026][ T7838] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.749950][ T7850] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.752673][ T7850] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.773024][T15183] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2626'. [ 236.773597][ T7850] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.778991][ T7850] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.780436][T15183] bridge0: entered promiscuous mode [ 236.785960][T15183] macsec1: entered allmulticast mode [ 236.788406][T15183] bridge0: entered allmulticast mode [ 236.792263][T15183] bridge0: port 3(macsec1) entered blocking state [ 236.794590][T15183] bridge0: port 3(macsec1) entered disabled state [ 236.798653][T15183] bridge0: left allmulticast mode [ 236.800389][T15183] bridge0: left promiscuous mode [ 236.937053][T15192] xt_l2tp: v2 sid > 0xffff: 4294967294 [ 237.414499][T15230] binder: 15229:15230 ioctl c0306201 2000000001c0 returned -22 [ 237.563386][T15238] random: crng reseeded on system resumption [ 237.601367][T15244] hpfs: Bad magic ... probably not HPFS [ 237.605694][T15244] hpfs: Bad magic ... probably not HPFS [ 237.639953][T15247] netlink: 'syz.4.2641': attribute type 1 has an invalid length. [ 237.654197][T15247] 8021q: adding VLAN 0 to HW filter on device bond2 [ 237.663802][T15247] bond2: (slave geneve2): making interface the new active one [ 237.668270][T15247] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 237.960839][T15281] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 237.966805][T15279] fuse: Unknown parameter 'nd' [ 238.024961][T15290] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1793 sclass=netlink_route_socket pid=15290 comm=syz.4.2649 [ 238.045661][T15297] Invalid source name [ 238.047448][T15297] UBIFS error (pid: 15297): cannot open "./file0", error -22 [ 238.138504][T15297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2654'. [ 238.199750][T15306] Invalid source name [ 238.201354][T15306] UBIFS error (pid: 15306): cannot open "./file0", error -22 [ 238.270529][T15311] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2660'. [ 238.306489][ T5934] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 238.533890][ T5934] Bluetooth: hci0: command tx timeout [ 238.647493][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 238.647508][ T40] audit: type=1400 audit(1772911463.317:903): avc: denied { ioctl } for pid=15327 comm="syz.3.2665" path="socket:[62094]" dev="sockfs" ino=62094 ioctlcmd=0x48f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 238.659413][ T40] audit: type=1400 audit(1772911463.317:904): avc: denied { bind } for pid=15327 comm="syz.3.2665" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 238.853860][T15337] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96 [ 239.439731][T15375] openvswitch: netlink: Duplicate or invalid key (type 0). [ 239.442880][T15375] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 239.568237][T15377] kvm: kvm [15376]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0xc1) = 0xfffffc18 [ 239.572260][T15377] kvm: kvm [15376]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0xc2) = 0xfffffc18 [ 239.590273][T15377] kvm: kvm [15376]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x11e) = 0xfffffc18 [ 239.609405][T15377] kvm: kvm [15376]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x186) = 0xfffffc18 [ 239.612825][T15377] kvm: kvm [15376]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x187) = 0xfffffc18 [ 239.927432][T15383] __nla_validate_parse: 2 callbacks suppressed [ 239.927444][T15383] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2678'. [ 239.934033][ T7868] bond0: (slave bond_slave_0): interface is now down [ 239.938810][ T7868] bond0: (slave bond_slave_1): interface is now down [ 239.950852][ T7868] bond0: now running without any active interface! [ 239.965060][T15385] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2679'. [ 240.019308][T15387] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 240.021729][T15387] overlayfs: failed to set xattr on upper [ 240.024080][T15387] overlayfs: ...falling back to redirect_dir=nofollow. [ 240.026466][T15387] overlayfs: ...falling back to index=off. [ 240.028448][T15387] overlayfs: ...falling back to uuid=null. [ 240.034156][T15387] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 240.191623][T15395] tmpfs: Bad value for 'mpol' [ 240.259816][T15404] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2686'. [ 240.307058][T15407] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2687'. [ 240.311634][T15407] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2687'. [ 240.362201][T15413] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2689'. [ 240.404395][T15416] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2690'. [ 240.444558][T15419] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0. [ 240.452628][T15419] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0. [ 240.627146][ T5934] Bluetooth: hci0: command tx timeout [ 240.631190][T15423] kvm: MONITOR instruction emulated as NOP! [ 241.208907][T15453] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 241.212673][T15453] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 241.216281][T15453] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 241.220039][T15453] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 241.398320][T15462] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15462 comm=syz.4.2702 [ 241.410910][T15462] netlink: 'syz.4.2702': attribute type 1 has an invalid length. [ 241.450770][T15462] bond3: (slave bridge1): making interface the new active one [ 241.454303][T15462] bond3: (slave bridge1): Enslaving as an active interface with an up link [ 241.459466][T15462] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2702'. [ 241.463172][T15462] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55 sclass=netlink_route_socket pid=15462 comm=syz.4.2702 [ 241.517341][ T40] audit: type=1400 audit(1772911466.169:905): avc: denied { listen } for pid=15464 comm="syz.4.2703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 241.556290][ T40] audit: type=1400 audit(1772911466.209:906): avc: denied { listen } for pid=15464 comm="syz.4.2703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 241.658628][T15473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2706'. [ 241.677066][T15475] trusted_key: encrypted_key: keyword 'efault' not recognized [ 241.725104][T15478] 9p: Bad value for 'rfdno' [ 242.005954][ T24] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 242.063411][T15482] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2710'. [ 242.071359][T15482] block nbd0: not configured, cannot reconfigure [ 242.155981][ T24] usb 9-1: Using ep0 maxpacket: 32 [ 242.168962][ T24] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 242.172691][ T24] usb 9-1: config 0 has no interface number 0 [ 242.177897][ T24] usb 9-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 242.182001][ T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.188816][ T24] usb 9-1: Product: syz [ 242.190796][ T24] usb 9-1: Manufacturer: syz [ 242.192999][ T24] usb 9-1: SerialNumber: syz [ 242.198474][ T24] usb 9-1: config 0 descriptor?? [ 242.204829][ T24] usb 9-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 242.210104][ T24] usb 9-1: selecting invalid altsetting 1 [ 242.212619][ T24] usb 9-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 242.219337][ T24] usb 9-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 242.223780][ T24] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 242.227657][ T24] usb 9-1: media controller created [ 242.240074][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 242.718458][ T5934] Bluetooth: hci0: command tx timeout [ 242.960849][ T40] audit: type=1400 audit(1772911467.612:907): avc: denied { write } for pid=15458 comm="syz.3.2701" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 243.090502][T15499] Cannot find add_set index 0 as target [ 243.361951][ T24] usb 9-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 243.372951][ T24] zl10353_read_register: readreg error (reg=127, ret==-110) [ 243.396470][T15480] usb 9-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 243.412493][ T24] usb 9-1: USB disconnect, device number 2 [ 243.762657][T15531] netlink: 'syz.1.2725': attribute type 12 has an invalid length. [ 243.767336][T15532] loop5: detected capacity change from 0 to 7 [ 243.829341][ T40] audit: type=1400 audit(1772911468.467:908): avc: denied { unlink } for pid=15530 comm="syz.1.2725" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 243.895632][T12323] Dev loop5: unable to read RDB block 7 [ 243.904140][ C3] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2 [ 243.908398][ C3] buffer_io_error: 9 callbacks suppressed [ 243.908413][ C3] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 243.917606][T12323] loop5: unable to read partition table [ 243.920231][T12323] loop5: partition table beyond EOD, truncated [ 243.944643][ T53] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 243.994193][T15542] 9pnet_virtio: no channels available for device syz [ 244.105458][ T53] usb 7-1: Using ep0 maxpacket: 32 [ 244.115467][T15532] Dev loop5: unable to read RDB block 7 [ 244.117335][T15532] loop5: unable to read partition table [ 244.120349][T15532] loop5: partition table beyond EOD, truncated [ 244.126482][T15532] loop_reread_partitions: partition scan of loop5 (Wý* %4FLQk݊5) failed (rc=-5) [ 244.128710][ T53] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 244.136379][ T53] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 244.141548][ T53] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 244.147479][ T53] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 244.154703][ T53] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 244.158890][ T53] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.162470][ T53] usb 7-1: Product: syz [ 244.164413][ T53] usb 7-1: Manufacturer: syz [ 244.173957][ T53] usb 7-1: SerialNumber: syz [ 244.199868][ C1] imon 7-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 244.207907][ T53] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/input/input22 [ 244.429067][T15562] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15562 comm=syz.4.2735 [ 244.440521][T15562] erspan0: entered promiscuous mode [ 244.443023][T15562] gretap0: entered promiscuous mode [ 244.445079][T15562] debugfs: 'hsr1' already exists in 'hsr' [ 244.457091][T15562] Cannot create hsr debugfs directory [ 244.467116][ T53] imon 7-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 244.470947][ T53] (id 0x00) [ 244.537613][ T53] rc_core: IR keymap rc-imon-pad not found [ 244.540825][ T53] Registered IR keymap rc-empty [ 244.543952][ T53] imon 7-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 244.548036][T15562] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15562 comm=syz.4.2735 [ 244.551628][ T53] imon 7-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 244.684761][ T53] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0 [ 244.693773][ T53] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0/input23 [ 244.700024][ T40] audit: type=1400 audit(1772911469.343:909): avc: denied { map } for pid=15575 comm="syz.4.2740" path="/dev/loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 244.728622][ T53] imon 7-1:155.0: iMON device (15c2:ffdc, intf0) on usb<7:18> initialized [ 244.857978][T15526] SELinux: policydb magic number 0xdc0200f does not match expected magic number 0xf97cff8c [ 244.862944][T15526] SELinux: failed to load policy [ 245.222670][T15617] __nla_validate_parse: 12 callbacks suppressed [ 245.222687][T15617] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2754'. [ 245.231158][T15617] netlink: 228 bytes leftover after parsing attributes in process `syz.1.2754'. [ 245.308529][T15624] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 245.343374][T15627] random: crng reseeded on system resumption [ 245.601384][ T40] audit: type=1400 audit(1772911470.229:910): avc: denied { accept } for pid=15640 comm="syz.1.2762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 245.708860][ T40] audit: type=1400 audit(1772911470.339:911): avc: denied { read } for pid=15645 comm="syz.1.2764" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 245.772422][T15657] overlayfs: failed to resolve './cgroup': -2 [ 245.926839][T15661] kvm: emulating exchange as write [ 245.930834][ T40] audit: type=1400 audit(1772911470.558:912): avc: denied { append } for pid=15658 comm="syz.4.2767" name="fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 246.039281][ T40] audit: type=1400 audit(1772911470.667:913): avc: denied { setopt } for pid=15666 comm="syz.1.2768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 246.169610][T15672] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 246.173196][T15672] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 246.319605][ T40] audit: type=1400 audit(1772911470.946:914): avc: denied { ioctl } for pid=15684 comm="syz.1.2774" path="socket:[60342]" dev="sockfs" ino=60342 ioctlcmd=0x5828 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 246.397505][T15688] kvm: pic: non byte read [ 246.400320][T15688] kvm: pic: non byte read [ 246.403615][T15688] kvm: pic: non byte read [ 246.407414][T15688] kvm: pic: non byte read [ 246.410383][T15688] kvm: pic: level sensitive irq not supported [ 246.410697][T15688] kvm: pic: non byte read [ 246.416312][T15688] kvm: pic: non byte read [ 246.419251][T15688] kvm: pic: non byte read [ 246.422199][T15688] kvm: pic: non byte read [ 246.425157][T15688] kvm: pic: non byte read [ 246.428232][T15688] kvm: pic: non byte read [ 246.432273][T15688] kvm: pic: single mode not supported [ 246.432282][T15688] kvm: pic: level sensitive irq not supported [ 246.435923][T15688] kvm: pic: single mode not supported [ 246.439475][T15688] kvm: pic: single mode not supported [ 246.443043][ T40] audit: type=1326 audit(1772911471.066:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15687 comm="syz.1.2775" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc059b9c799 code=0x0 [ 246.568806][T15680] [U]  [ 246.699438][T15526] imon:send_packet: task interrupted [ 246.701367][T15526] imon:send_packet: packet tx failed (-512) [ 246.703505][T15526] imon:vfd_write: send packet #0 failed [ 246.778304][ T8906] usb 7-1: USB disconnect, device number 18 [ 247.208996][ T8906] usb 7-1: new full-speed USB device number 19 using dummy_hcd [ 247.373834][ T8906] usb 7-1: not running at top speed; connect to a high speed hub [ 247.378350][ T8906] usb 7-1: config 1 interface 0 altsetting 8 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 247.383514][ T8906] usb 7-1: config 1 interface 0 altsetting 8 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 247.388317][ T8906] usb 7-1: config 1 interface 0 has no altsetting 0 [ 247.393854][ T8906] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 247.397614][ T8906] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.401250][ T8906] usb 7-1: Product:   [ 247.403114][ T8906] usb 7-1: Manufacturer:  [ 247.405167][ T8906] usb 7-1: SerialNumber: ဌ [ 247.411231][T15702] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 247.828255][ T8906] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22 [ 247.837696][ T8906] usb 7-1: USB disconnect, device number 19 [ 248.383140][T15726] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2787'. [ 248.411253][T15726] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2787'. [ 248.501312][ T40] audit: type=1400 audit(1772911473.118:916): avc: denied { map } for pid=15727 comm="syz.1.2788" path="/proc/132/stat" dev="proc" ino=61429 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 248.501607][T15728] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2788'. [ 248.508864][ T40] audit: type=1400 audit(1772911473.118:917): avc: denied { execute } for pid=15727 comm="syz.1.2788" path="/proc/132/stat" dev="proc" ino=61429 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 249.213882][T15746] team0: Device vlan2 is already an upper device of the team interface [ 249.260081][T15748] 9pnet_fd: Insufficient options for proto=fd [ 249.267730][T15748] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 249.279030][ T40] audit: type=1400 audit(1772911473.895:918): avc: denied { read write } for pid=15751 comm="syz.2.2795" name="file0" dev="tmpfs" ino=926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 249.289318][ T40] audit: type=1400 audit(1772911473.895:919): avc: denied { open } for pid=15751 comm="syz.2.2795" path="/174/file0" dev="tmpfs" ino=926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 249.337808][T15759] overlay: ./file0 is not a directory [ 249.530682][T15782] 9p: Bad value for 'rfdno' [ 249.788267][ T6107] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 249.949003][ T6107] usb 9-1: Using ep0 maxpacket: 8 [ 249.952044][ T6107] usb 9-1: config 0 has an invalid interface number: 55 but max is 0 [ 249.954663][ T6107] usb 9-1: config 0 has no interface number 0 [ 249.958419][ T6107] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 249.962439][ T6107] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 249.966199][ T6107] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 249.970370][ T6107] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 249.974530][ T6107] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 249.977421][ T6107] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.981548][ T6107] usb 9-1: config 0 descriptor?? [ 249.989339][ T6107] ldusb 9-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 249.995857][T15793] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 250.177754][T15800] dummy0: entered allmulticast mode [ 250.195222][ T40] audit: type=1800 audit(1772911474.812:920): pid=15784 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.2803" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 250.227481][T15802] MINIX-fs: blocksize too small for device [ 250.264653][T15806] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2812'. [ 250.273718][T15806] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 250.277886][T15806] gretap1: entered promiscuous mode [ 250.280021][T15806] gretap1: entered allmulticast mode [ 250.383760][T15811] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2813'. [ 250.532352][T15813] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2814'. [ 250.537651][T15813] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=69 sclass=netlink_route_socket pid=15813 comm=syz.1.2814 [ 250.613909][ T40] audit: type=1400 audit(1772911475.231:921): avc: denied { connect } for pid=15819 comm="syz.1.2817" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 250.683958][T15818] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 250.686313][T15818] overlayfs: failed to set xattr on upper [ 250.688236][T15818] overlayfs: ...falling back to redirect_dir=nofollow. [ 250.690605][T15818] overlayfs: ...falling back to index=off. [ 250.693095][T15818] overlayfs: ...falling back to uuid=null. [ 250.695239][T15818] overlayfs: ...falling back to xino=off. [ 250.726306][T15825] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2819'. [ 251.133491][T15841] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2823'. [ 252.278323][ T5972] usb 9-1: USB disconnect, device number 3 [ 252.286390][ T5972] ldusb 9-1:0.55: LD USB Device #0 now disconnected [ 252.627610][T15853] syzkaller0: entered promiscuous mode [ 252.629853][T15853] syzkaller0: entered allmulticast mode [ 252.638142][ T40] audit: type=1326 audit(1772911477.235:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15852 comm="syz.1.2828" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc059b9c799 code=0x7bff0000 [ 252.762361][T15856] netlink: 'syz.2.2829': attribute type 1 has an invalid length. [ 252.765394][T15856] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2829'. [ 252.769400][T15856] netlink: 658 bytes leftover after parsing attributes in process `syz.2.2829'. [ 252.773066][T15856] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2829'. [ 253.266495][T15870] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2832'. [ 253.292050][T15870] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2832'. [ 253.344508][T15872] bridge: RTM_NEWNEIGH with invalid state 0x4 [ 253.394129][T15872] workqueue: name exceeds WQ_NAME_LEN. Truncating to: πFVluc6NԹ;1 [ 254.060468][ T6107] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 254.230569][ T6107] usb 9-1: Using ep0 maxpacket: 8 [ 254.235788][ T6107] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 254.240908][ T6107] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 254.246017][ T6107] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 254.250334][ T6107] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 254.256228][ T6107] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 254.260769][ T6107] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.474757][ T6107] usb 9-1: GET_CAPABILITIES returned 0 [ 254.477224][ T6107] usbtmc 9-1:16.0: can't read capabilities [ 254.565217][T15935] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method [ 254.678139][T15897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 254.685031][T15897] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 254.872549][ T24] usb 9-1: USB disconnect, device number 4 [ 255.248046][T15965] __vm_enough_memory: pid: 15965, comm: syz.4.2859, bytes: 4503599627366400 not enough memory for the allocation [ 255.462391][T15978] fuse: Unknown parameter 'dK9' [ 255.624208][ T8906] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 255.786682][ T8906] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 255.790639][ T8906] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 255.791165][T15984] IPVS: Scheduler module ip_vs_sip not found [ 255.795661][ T8906] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 255.801908][ T8906] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 255.806993][ T8906] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 255.813972][ T8906] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 255.818026][ T8906] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 255.821628][ T8906] usb 9-1: Product: syz [ 255.823690][ T8906] usb 9-1: Manufacturer: syz [ 255.832324][ T8906] cdc_wdm 9-1:1.0: skipping garbage [ 255.834562][ T8906] cdc_wdm 9-1:1.0: skipping garbage [ 255.838279][ T8906] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 255.840347][ T8906] cdc_wdm 9-1:1.0: Unknown control protocol [ 256.089652][T15997] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15997 comm=syz.3.2871 [ 256.096209][ C3] wdm_int_callback: 238 callbacks suppressed [ 256.096228][ C3] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 256.096295][ T29] usb 9-1: USB disconnect, device number 5 [ 256.099067][ C3] wdm_int_callback: 238 callbacks suppressed [ 256.099081][ C3] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 256.109405][ C3] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 256.155687][T16000] netlink: 'syz.2.2872': attribute type 5 has an invalid length. [ 256.183905][ T40] audit: type=1400 audit(1772911480.776:923): avc: denied { cmd } for pid=16002 comm="syz.3.2873" path="socket:[63331]" dev="sockfs" ino=63331 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 256.231530][T16001] IPVS: set_ctl: invalid protocol: 43 172.20.20.23:20004 [ 256.293197][ T8906] IPVS: starting estimator thread 0... [ 256.299337][T16014] __nla_validate_parse: 5 callbacks suppressed [ 256.299347][T16014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2876'. [ 256.304473][T16014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2876'. [ 256.313580][ T40] audit: type=1400 audit(1772911480.906:924): avc: denied { listen } for pid=15971 comm="syz.4.2862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 256.326774][ T40] audit: type=1400 audit(1772911480.926:925): avc: denied { create } for pid=15971 comm="syz.4.2862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 256.352237][ T40] audit: type=1400 audit(1772911480.946:926): avc: denied { create } for pid=16019 comm="syz.2.2877" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 256.359929][ T40] audit: type=1400 audit(1772911480.966:927): avc: denied { write } for pid=16019 comm="syz.2.2877" name="file0" dev="tmpfs" ino=1045 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 256.368660][ T40] audit: type=1400 audit(1772911480.966:928): avc: denied { open } for pid=16019 comm="syz.2.2877" path="/197/file0" dev="tmpfs" ino=1045 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 256.379564][ T40] audit: type=1400 audit(1772911480.966:929): avc: denied { ioctl } for pid=16019 comm="syz.2.2877" path="/197/file0" dev="tmpfs" ino=1045 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 256.395577][T16015] IPVS: using max 42 ests per chain, 100800 per kthread [ 256.426025][T16023] netlink: 'syz.2.2877': attribute type 10 has an invalid length. [ 256.432203][T16023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 256.439101][T16023] `: (slave batadv0): Enslaving as an active interface with an up link [ 256.463985][ T40] audit: type=1400 audit(1772911481.056:930): avc: denied { unlink } for pid=13058 comm="syz-executor" name="file0" dev="tmpfs" ino=1045 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 256.488815][T16035] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2880'. [ 256.491622][T16037] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2881'. [ 256.495321][T16035] futex_wake_op: syz.2.2880 tries to shift op by -1; fix this program [ 256.495877][T16037] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2881'. [ 256.501844][T16037] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2881'. [ 256.504843][T16037] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2881'. [ 256.536765][T16040] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 256.586760][T16048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=62854 sclass=netlink_route_socket pid=16048 comm=syz.1.2884 [ 256.623440][T16050] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048) [ 256.750942][T16062] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=16062 comm=syz.1.2889 [ 256.756093][T16062] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2563 sclass=netlink_route_socket pid=16062 comm=syz.1.2889 [ 256.830399][T16072] Cannot find add_set index 1 as target [ 256.858906][T16074] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2892'. [ 257.054448][ T40] audit: type=1400 audit(1772911481.644:931): avc: denied { getopt } for pid=16091 comm="syz.4.2899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 257.063287][ T40] audit: type=1400 audit(1772911481.644:932): avc: denied { connect } for pid=16091 comm="syz.4.2899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 257.110661][T16102] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2901'. [ 257.136773][T16106] netlink: 'syz.1.2902': attribute type 33 has an invalid length. [ 257.141092][T16106] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2902'. [ 257.193709][T16113] netlink: 'syz.4.2906': attribute type 89 has an invalid length. [ 257.431817][T16120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 257.438722][T16120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 257.524993][T16122] batman_adv: batadv0: Adding interface: gretap2 [ 257.530924][T16122] batman_adv: batadv0: Interface activated: gretap2 [ 257.581623][T16125] "syz.2.2910" (16125) uses obsolete ecb(arc4) skcipher [ 257.641529][T16125] netlink: 'syz.2.2910': attribute type 1 has an invalid length. [ 257.683814][T16128] MTD: Couldn't look up '/dev/sg0': -15 [ 257.686368][T16128] /dev/sg0: Can't lookup blockdev [ 257.693880][T16128] netlink: 'syz.2.2911': attribute type 4 has an invalid length. [ 258.059540][T16148] netlink: 'syz.4.2916': attribute type 30 has an invalid length. [ 258.074089][ T7846] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 258.081666][ T7846] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 258.085976][T16148] netlink: 'syz.4.2916': attribute type 30 has an invalid length. [ 258.090982][ T7846] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 258.110155][ T7846] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 258.303293][T16174] team0: mtu less than device minimum [ 258.358731][T16164] futex_wake_op: syz.3.2921 tries to shift op by 32; fix this program [ 259.123958][T16187] xt_policy: output policy not valid in PREROUTING and INPUT [ 260.857303][T16139] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 260.946288][T16199] bridge_slave_0: default FDB implementation only supports local addresses [ 261.258763][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.261493][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.844627][T16257] SELinux: Context system_u:object_r:dlm_control_device_t:s0 is not valid (left unmapped). [ 261.849756][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 261.849766][ T40] audit: type=1400 audit(1772911486.436:935): avc: denied { relabelto } for pid=16256 comm="syz.3.2942" name="93" dev="tmpfs" ino=508 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:dlm_control_device_t:s0" [ 261.862517][T16257] EXT4-fs (nbd3): unable to read superblock [ 261.865002][ T40] audit: type=1400 audit(1772911486.446:936): avc: denied { associate } for pid=16256 comm="syz.3.2942" name="93" dev="tmpfs" ino=508 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:dlm_control_device_t:s0" [ 261.992348][ T40] audit: type=1400 audit(1772911486.576:937): avc: denied { remove_name } for pid=14550 comm="syz-executor" name="binderfs" dev="tmpfs" ino=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:dlm_control_device_t:s0" [ 262.016664][ T40] audit: type=1400 audit(1772911486.576:938): avc: denied { rmdir } for pid=14550 comm="syz-executor" name="93" dev="tmpfs" ino=508 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:dlm_control_device_t:s0" [ 262.270333][T16268] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16268 comm=syz.2.2945 [ 262.347442][T16269] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16269 comm=syz.2.2945 [ 264.496878][T16239] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 264.589878][ T40] audit: type=1400 audit(1772911489.182:939): avc: denied { map } for pid=16286 comm="syz.1.2951" path="/dev/zero" dev="devtmpfs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 264.664368][T16292] ptrace attach of "/syz-executor exec"[16295] was attempted by "/syz-executor exec"[16292] [ 264.824757][ T40] audit: type=1400 audit(1772911489.412:940): avc: denied { accept } for pid=16309 comm="syz.1.2957" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 265.139892][T16331] __nla_validate_parse: 3 callbacks suppressed [ 265.139907][T16331] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2961'. [ 265.726442][T16352] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2965'. [ 265.766564][T16352] bond2: entered promiscuous mode [ 265.768447][T16352] 8021q: adding VLAN 0 to HW filter on device bond2 [ 265.787920][T16353] 8021q: adding VLAN 0 to HW filter on device bond2 [ 265.792682][T16353] bond2: (slave sit1): The slave device specified does not support setting the MAC address [ 265.797852][T16353] bond2: (slave sit1): Error -95 calling set_mac_address [ 265.915791][T16361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2968'. [ 265.918721][T16361] netlink: 'syz.3.2968': attribute type 30 has an invalid length. [ 265.927876][T16361] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16361 comm=syz.3.2968 [ 265.928468][ T7855] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 265.941775][ T7855] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 265.947874][ T7855] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 265.950850][T16361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2968'. [ 265.951924][ T7855] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 265.960939][T16361] netlink: 'syz.3.2968': attribute type 30 has an invalid length. [ 265.976452][ T40] audit: type=1400 audit(1772911490.560:941): avc: denied { mount } for pid=16363 comm="syz.2.2969" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 265.988289][ T40] audit: type=1400 audit(1772911490.560:942): avc: denied { unmount } for pid=16363 comm="syz.2.2969" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 265.991103][T16364] xt_hashlimit: Unknown mode mask 84, kernel too old? [ 266.003868][T16364] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2969'. [ 266.007575][T16364] 9p: Bad value for 'rfdno' [ 266.063906][T16370] syzkaller1: entered promiscuous mode [ 266.065865][T16370] syzkaller1: entered allmulticast mode [ 266.959045][T16378] nft_compat: unsupported protocol 0 [ 267.870646][ T40] audit: type=1326 audit(1772911492.448:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16383 comm="syz.3.2976" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc79a79c799 code=0x0 [ 267.901494][T16322] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 268.009249][T16391] sg_read: process 332 (syz.1.2978) changed security contexts after opening file descriptor, this is not allowed. [ 268.015790][T16392] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16392 comm=syz.1.2978 [ 268.015792][T16391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16391 comm=syz.1.2978 [ 268.020078][T16392] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16392 comm=syz.1.2978 [ 268.031805][T16391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16391 comm=syz.1.2978 [ 268.055423][T16407] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2982'. [ 268.156912][T16416] openvswitch: netlink: Unexpected mask (mask=40040, allowed=10048) [ 268.160805][T16416] netlink: 'syz.2.2985': attribute type 10 has an invalid length. [ 268.849932][T16435] tmpfs: Bad value for 'mpol' [ 269.673787][T16459] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 269.729908][T16461] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16461 comm=syz.3.2998 [ 269.729975][T16462] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16462 comm=syz.3.2998 #! ./file0/file0 [ 270.569442][T16480] sctp: [Deprecated]: syz.1.3003 (pid 16480) Use of struct sctp_assoc_value in delayed_ack socket option. [ 270.569442][T16480] Use struct sctp_sack_info instead [ 271.226452][T16420] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 271.275754][T16486] fuse: Unknown parameter 'f' [ 271.316502][ T40] audit: type=1400 audit(1772911495.895:944): avc: denied { bind } for pid=16491 comm="syz.3.3009" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 271.335888][T16496] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3010'. [ 271.338901][T16496] netlink: 'syz.2.3010': attribute type 30 has an invalid length. [ 271.341459][T16496] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3010'. [ 271.347403][T16496] netlink: 'syz.2.3010': attribute type 89 has an invalid length. [ 271.350274][T16496] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3010'. [ 271.396641][T16496] ipt_rpfilter: unknown options [ 271.400036][T16496] Bluetooth: MGMT ver 1.23 [ 271.696504][ T5979] usb 7-1: new low-speed USB device number 20 using dummy_hcd [ 271.867767][ T5979] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 271.870500][ T5979] usb 7-1: config 0 has no interface number 0 [ 271.872608][ T5979] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 271.876128][ T5979] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 271.880254][ T5979] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 271.883945][ T5979] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 271.887825][ T5979] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 271.891313][ T5979] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 271.895528][ T5979] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 271.899057][ T5979] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.903610][ T5979] usb 7-1: config 0 descriptor?? [ 271.905787][T16507] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 271.908866][T16507] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 271.913809][ T5979] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 272.116822][T16507] ldusb 7-1:0.55: Write buffer overflow, 1 bytes dropped [ 272.124308][ T5979] usb 7-1: USB disconnect, device number 20 [ 272.131015][ T5979] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 272.460940][T16521] tipc: Can't bind to reserved service type 2 [ 272.915044][T16513] vlan2: entered allmulticast mode [ 272.918418][T16513] bond0: entered allmulticast mode [ 272.920777][T16513] bond_slave_0: entered allmulticast mode [ 272.923361][T16513] bond_slave_1: entered allmulticast mode [ 273.116100][ T29] usb 9-1: new low-speed USB device number 6 using dummy_hcd [ 273.193769][T16561] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3029'. [ 273.203219][T16561] usb usb8: usbfs: process 16561 (syz.2.3029) did not claim interface 0 before use [ 273.218140][ T5972] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 273.269832][ T29] usb 9-1: config index 0 descriptor too short (expected 1307, got 27) [ 273.274108][ T29] usb 9-1: config 0 has an invalid interface number: 0 but max is -1 [ 273.277831][ T29] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 273.280765][ T29] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 273.284857][ T29] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 273.293947][ T29] usb 9-1: language id specifier not provided by device, defaulting to English [ 273.307106][ T29] usb 9-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 273.312989][ T29] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.328295][ T29] usb 9-1: Manufacturer: 牢 [ 273.333109][ T29] usb 9-1: config 0 descriptor?? [ 273.337364][ T29] hub 9-1:0.0: bad descriptor, ignoring hub [ 273.341183][ T29] hub 9-1:0.0: probe with driver hub failed with error -5 [ 273.345663][ T29] input: 牢 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/input/input25 [ 273.369247][ T5972] usb 6-1: config index 0 descriptor too short (expected 45, got 36) [ 273.372540][ T5972] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 273.376898][ T5972] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 273.381813][ T5972] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 273.386589][ T5972] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 273.391324][ T5972] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 273.395117][ T5972] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.415473][ T5972] usb 6-1: config 0 descriptor?? [ 273.418956][T16542] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 273.474370][ T40] audit: type=1400 audit(1772911498.053:945): avc: denied { write } for pid=16581 comm="syz.3.3037" path="socket:[68150]" dev="sockfs" ino=68150 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 273.608717][T16531] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3019'. [ 273.626148][T16531] netlink: 880 bytes leftover after parsing attributes in process `syz.4.3019'. [ 273.632573][T16531] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3019'. [ 273.636231][T16531] netlink: 'syz.4.3019': attribute type 6 has an invalid length. [ 273.638955][T16531] netlink: 'syz.4.3019': attribute type 5 has an invalid length. [ 273.641552][T16531] netlink: 'syz.4.3019': attribute type 4 has an invalid length. [ 273.650568][ T8922] usb 9-1: USB disconnect, device number 6 [ 273.695010][T16595] program syz.2.3040 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 273.700571][ T40] audit: type=1326 audit(1772911498.283:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16594 comm="syz.2.3040" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38c939c799 code=0x7ffc0000 [ 273.710762][ T40] audit: type=1326 audit(1772911498.283:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16594 comm="syz.2.3040" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38c939c799 code=0x7ffc0000 [ 273.720818][ T40] audit: type=1326 audit(1772911498.283:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16594 comm="syz.2.3040" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f38c935cfce code=0x7ffc0000 [ 273.729837][ T40] audit: type=1326 audit(1772911498.283:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16594 comm="syz.2.3040" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38c939c799 code=0x7ffc0000 [ 273.739926][ T40] audit: type=1326 audit(1772911498.283:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16594 comm="syz.2.3040" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38c939c799 code=0x7ffc0000 [ 273.750247][ T40] audit: type=1326 audit(1772911498.283:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16594 comm="syz.2.3040" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f38c939c799 code=0x7ffc0000 [ 273.761098][ T40] audit: type=1326 audit(1772911498.283:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16594 comm="syz.2.3040" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38c939c799 code=0x7ffc0000 [ 273.771215][ T40] audit: type=1326 audit(1772911498.283:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16594 comm="syz.2.3040" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38c939c799 code=0x7ffc0000 [ 273.839911][ T5972] plantronics 0003:047F:FFFF.0005: reserved main item tag 0xd [ 273.847572][ T5972] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 273.894972][T16602] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3043'. [ 273.976259][T16608] dns_resolver: Unsupported server list version (0) [ 274.111110][ T40] audit: type=1400 audit(1772911498.693:954): avc: denied { setopt } for pid=16616 comm="syz.2.3047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 274.120807][T16542] mkiss: ax0: crc mode is auto. [ 274.212449][ T8922] usb 6-1: USB disconnect, device number 27 [ 274.471752][T16640] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3054'. [ 274.507821][T16640] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3054'. [ 274.631843][T16651] block nbd4: NBD_DISCONNECT [ 274.634971][T16651] xt_l2tp: invalid flags combination: 8 [ 274.777936][T16659] fuse: Unknown parameter 'rڍ"Zw1000000000000' [ 274.877625][T16674] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=272 sclass=netlink_route_socket pid=16674 comm=syz.3.3062 [ 275.068382][T16688] netlink: 'syz.2.3066': attribute type 1 has an invalid length. [ 275.072087][T16688] netlink: 'syz.2.3066': attribute type 2 has an invalid length. [ 275.273244][T16636] ceph: No mds server is up or the cluster is laggy [ 275.276741][T16642] ceph: No mds server is up or the cluster is laggy [ 275.369449][ T6010] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 275.530446][ T6010] usb 7-1: config index 0 descriptor too short (expected 45, got 36) [ 275.533152][ T6010] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 275.537243][ T6010] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 275.543193][ T6010] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 275.548082][ T6010] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 275.554219][ T6010] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 275.557336][ T6010] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.563410][ T6010] usb 7-1: config 0 descriptor?? [ 275.565560][T16692] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 275.789545][ T5972] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 275.949505][ T5972] usb 6-1: Using ep0 maxpacket: 8 [ 275.953637][ T5972] usb 6-1: config index 0 descriptor too short (expected 9, got 0) [ 275.956434][ T5972] usb 6-1: can't read configurations, error -22 [ 275.976655][ T6010] plantronics 0003:047F:FFFF.0006: reserved main item tag 0xd [ 275.984992][ T6010] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 276.089841][ T5972] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 276.239691][ T5972] usb 6-1: Using ep0 maxpacket: 8 [ 276.245004][ T5972] usb 6-1: config index 0 descriptor too short (expected 9, got 0) [ 276.248545][ T5972] usb 6-1: can't read configurations, error -22 [ 276.251813][ T5972] usb usb6-port1: attempt power cycle [ 276.254355][ T6010] usb 7-1: USB disconnect, device number 21 [ 276.529136][T16726] binder: 16723:16726 ioctl c0c89425 0 returned -22 [ 276.593650][ T5972] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 276.610658][ T5972] usb 6-1: Using ep0 maxpacket: 8 [ 276.616131][ T5972] usb 6-1: config index 0 descriptor too short (expected 9, got 0) [ 276.619933][ T5972] usb 6-1: can't read configurations, error -22 [ 276.641033][ T5934] Bluetooth: hci0: command tx timeout [ 276.682807][T16732] __nla_validate_parse: 2 callbacks suppressed [ 276.682825][T16732] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3076'. [ 276.749913][ T5972] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 276.771413][ T5972] usb 6-1: Using ep0 maxpacket: 8 [ 276.781246][ T5972] usb 6-1: config index 0 descriptor too short (expected 9, got 0) [ 276.784882][ T5972] usb 6-1: can't read configurations, error -22 [ 276.787964][ T5972] usb usb6-port1: unable to enumerate USB device [ 277.764421][T16747] IPv6: sit1: Disabled Multicast RS [ 278.230308][T16764] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3088'. [ 278.237438][T16764] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3088'. [ 278.316121][T16769] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=42671 sclass=netlink_route_socket pid=16769 comm=syz.3.3090 [ 278.321325][T16770] program syz.3.3090 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 278.321385][T16769] program syz.3.3090 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 278.324513][T16770] ata1.00: invalid transfer count 0 [ 278.551614][T16793] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 278.552140][T16798] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3096'. [ 278.617606][T16804] netlink: 'syz.3.3099': attribute type 63 has an invalid length. [ 278.621296][T16804] netlink: 5 bytes leftover after parsing attributes in process `syz.3.3099'. [ 278.625151][T16804] gretap0: entered allmulticast mode [ 278.627893][T16804] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 278.774190][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 278.774210][ T40] audit: type=1800 audit(1772911503.340:959): pid=16798 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.1.3096" name="/newroot/124/file0" dev="tmpfs" ino=675 res=0 errno=0 [ 278.810870][T16815] Process accounting resumed [ 278.847186][ T40] audit: type=1400 audit(1772911503.420:960): avc: denied { node_bind } for pid=16821 comm="syz.2.3106" saddr=::ffff:0.0.0.0 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 278.861492][ T40] audit: type=1400 audit(1772911503.430:961): avc: denied { lock } for pid=16805 comm="syz.4.3100" path="/161/file0/cpuset.memory_pressure_enabled" dev="9p" ino=72614249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 278.873578][ T40] audit: type=1400 audit(1772911503.440:962): avc: denied { create } for pid=16818 comm="syz.1.3104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 278.882507][ T40] audit: type=1400 audit(1772911503.440:963): avc: denied { recv } for pid=44 comm="kcompactd0" saddr=10.0.2.2 src=43778 daddr=10.0.2.15 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 278.890919][ T40] audit: type=1400 audit(1772911503.440:964): avc: denied { connect } for pid=16818 comm="syz.1.3104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 278.897598][ T40] audit: type=1400 audit(1772911503.440:965): avc: denied { create } for pid=16818 comm="syz.1.3104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 278.906556][ T40] audit: type=1400 audit(1772911503.440:966): avc: denied { write } for pid=16818 comm="syz.1.3104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 278.913462][ T40] audit: type=1400 audit(1772911503.440:967): avc: denied { read } for pid=16818 comm="syz.1.3104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 278.920442][ T40] audit: type=1400 audit(1772911503.470:968): avc: denied { egress } for pid=39 comm="kworker/2:1" saddr=fe80::a8aa:aaff:feaa:aa1c daddr=ff02::16 netif=wpan1 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1 [ 279.009023][T16843] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 279.082300][T16848] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 279.095407][T16850] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 279.106132][T16852] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 279.351369][ T39] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 279.524955][ T39] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.529320][ T39] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.532643][ T39] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 279.536804][ T39] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 279.539675][ T39] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.545742][ T39] usb 7-1: config 0 descriptor?? [ 279.654525][T16894] xt_connbytes: Forcing CT accounting to be enabled [ 279.707630][T16899] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3128'. [ 279.710888][T16899] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3128'. [ 279.781649][ T39] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 279.966052][T16855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 279.969109][T16855] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 280.399710][ T39] usb 7-1: USB disconnect, device number 22 [ 280.556828][T16901] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 283.387094][ T7855] ------------[ cut here ]------------ [ 283.389593][ T7855] wlan1: Dropped data frame as no usable bitrate found while scanning and associated. Target station: 08:02:11:00:00:00 on 5 GHz band [ 283.393998][ T7855] WARNING: net/mac80211/tx.c:753 at ieee80211_tx_h_rate_ctrl+0x12bb/0x1a20, CPU#2: kworker/u32:33/7855 [ 283.398763][ T7855] Modules linked in: [ 283.401107][ T7855] CPU: 2 UID: 0 PID: 7855 Comm: kworker/u32:33 Tainted: G L syzkaller #0 PREEMPT(full) [ 283.406026][ T7855] Tainted: [L]=SOFTLOCKUP [ 283.407955][ T7855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 283.412357][ T7855] Workqueue: events_unbound cfg80211_wiphy_work [ 283.415237][ T7855] RIP: 0010:ieee80211_tx_h_rate_ctrl+0x12cb/0x1a20 [ 283.418074][ T7855] Code: 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 e9 05 00 00 48 8d 3d d5 cc dc 05 48 8b 75 68 89 d9 4c 89 e2 48 81 c6 48 0a 00 00 <67> 48 0f b9 3a bb 01 00 00 00 e9 2a f8 ff ff e8 b1 20 fb f6 e8 cc [ 283.426306][ T7855] RSP: 0018:ffffc900256875d8 EFLAGS: 00010282 [ 283.428930][ T7855] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: 0000000000000005 [ 283.432426][ T7855] RDX: ffff888029e6bac4 RSI: ffff888026859808 RDI: ffffffff90ea4ac0 [ 283.435969][ T7855] RBP: ffffc90025687850 R08: 0000000000000005 R09: 0000000000000000 [ 283.439398][ T7855] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888029e6bac4 [ 283.442794][ T7855] R13: ffffc900256878c0 R14: 0000000000000000 R15: 0000000000000001 [ 283.446170][ T7855] FS: 0000000000000000(0000) GS:ffff8880d6544000(0000) knlGS:0000000000000000 [ 283.450094][ T7855] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 283.453126][ T7855] CR2: 000000110c2c2ed2 CR3: 000000000e598000 CR4: 0000000000352ef0 [ 283.456277][ T7855] DR0: 0000000040000005 DR1: 0000000100000000 DR2: 0000000000000898 [ 283.459500][ T7855] DR3: 0000000000000006 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 283.462729][ T7855] Call Trace: [ 283.464289][ T7855] [ 283.465632][ T7855] ? kmem_cache_alloc_node_noprof+0x2a9/0x6f0 [ 283.468320][ T7855] ? kmalloc_reserve+0x148/0x350 [ 283.470584][ T7855] ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10 [ 283.473359][ T7855] ? sta_info_hash_lookup+0x259/0x660 [ 283.475692][ T7855] invoke_tx_handlers_late+0xfb4/0x2750 [ 283.478181][ T7855] ? ieee80211_queue_skb+0x3ae/0x1fc0 [ 283.480366][ T7855] ? ieee80211_txq_may_transmit+0x730/0xfd0 [ 283.483036][ T7855] ? invoke_tx_handlers_early+0x65d/0x27d0 [ 283.485496][ T7855] ieee80211_tx+0x304/0x460 [ 283.487554][ T7855] ? __pfx_ieee80211_tx+0x10/0x10 [ 283.489751][ T7855] ? ieee80211_skb_resize+0x119/0x670 [ 283.492228][ T7855] ? ieee80211_set_qos_hdr+0x2c1/0x3f0 [ 283.494821][ T7855] ieee80211_xmit+0x30f/0x3e0 [ 283.496952][ T7855] __ieee80211_tx_skb_tid_band+0x2c2/0x720 [ 283.499338][ T7855] ieee80211_scan_state_send_probe+0x33d/0xac0 [ 283.501283][ T7855] ieee80211_scan_work+0x750/0x1ff0 [ 283.503066][ T7855] ? __queue_work+0x445/0x1150 [ 283.504687][ T7855] ? __pfx_ieee80211_scan_work+0x10/0x10 [ 283.506507][ T7855] ? rcu_is_watching+0x12/0xc0 [ 283.508102][ T7855] cfg80211_wiphy_work+0x446/0x5c0 [ 283.509776][ T7855] process_one_work+0x9d7/0x1920 [ 283.511407][ T7855] ? __pfx_process_one_work+0x10/0x10 [ 283.513209][ T7855] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 283.515132][ T7855] worker_thread+0x5da/0xe40 [ 283.516651][ T7855] ? kthread+0x13a/0x450 [ 283.518101][ T7855] ? __pfx_worker_thread+0x10/0x10 [ 283.519732][ T7855] kthread+0x370/0x450 [ 283.521062][ T7855] ? __pfx_kthread+0x10/0x10 [ 283.522586][ T7855] ret_from_fork+0x754/0xd80 [ 283.524215][ T7855] ? __pfx_ret_from_fork+0x10/0x10 [ 283.525914][ T7855] ? __switch_to+0x7b4/0x1120 [ 283.527485][ T7855] ? __pfx_kthread+0x10/0x10 [ 283.529010][ T7855] ret_from_fork_asm+0x1a/0x30 [ 283.530595][ T7855] [ 283.531691][ T7855] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 283.534047][ T7855] CPU: 2 UID: 0 PID: 7855 Comm: kworker/u32:33 Tainted: G L syzkaller #0 PREEMPT(full) [ 283.537669][ T7855] Tainted: [L]=SOFTLOCKUP [ 283.539100][ T7855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 283.542333][ T7855] Workqueue: events_unbound cfg80211_wiphy_work [ 283.544391][ T7855] Call Trace: [ 283.545498][ T7855] [ 283.546480][ T7855] dump_stack_lvl+0x100/0x190 [ 283.548054][ T7855] vpanic+0x552/0x970 [ 283.549372][ T7855] ? __pfx_vpanic+0x10/0x10 [ 283.550882][ T7855] panic+0xd1/0xe0 [ 283.552125][ T7855] ? __pfx_panic+0x10/0x10 [ 283.553592][ T7855] ? check_panic_on_warn+0x1f/0x90 [ 283.555285][ T7855] check_panic_on_warn.cold+0x19/0x34 [ 283.557039][ T7855] ? ieee80211_tx_h_rate_ctrl+0x12bb/0x1a20 [ 283.558985][ T7855] __warn.cold+0x191/0x348 [ 283.560455][ T7855] __report_bug+0x296/0x3d0 [ 283.561930][ T7855] ? ieee80211_tx_h_rate_ctrl+0x12bb/0x1a20 [ 283.563861][ T7855] ? __pfx___report_bug+0x10/0x10 [ 283.565515][ T7855] ? kasan_save_stack+0x3f/0x50 [ 283.567128][ T7855] ? kasan_save_stack+0x30/0x50 [ 283.568724][ T7855] ? ieee80211_scan_work+0x750/0x1ff0 [ 283.570473][ T7855] ? cfg80211_wiphy_work+0x446/0x5c0 [ 283.572189][ T7855] ? process_one_work+0x9d7/0x1920 [ 283.574126][ T7855] ? worker_thread+0x5da/0xe40 [ 283.576084][ T7855] ? kthread+0x370/0x450 [ 283.577485][ T7855] ? ret_from_fork+0x754/0xd80 [ 283.579109][ T7855] ? ret_from_fork_asm+0x1a/0x30 [ 283.580733][ T7855] report_bug_entry+0xe1/0x290 [ 283.582302][ T7855] ? ieee80211_tx_h_rate_ctrl+0x12cb/0x1a20 [ 283.584247][ T7855] handle_bug+0x1c9/0x2a0 [ 283.585699][ T7855] exc_invalid_op+0x17/0x50 [ 283.587206][ T7855] asm_exc_invalid_op+0x1a/0x20 [ 283.588801][ T7855] RIP: 0010:ieee80211_tx_h_rate_ctrl+0x12cb/0x1a20 [ 283.590913][ T7855] Code: 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 e9 05 00 00 48 8d 3d d5 cc dc 05 48 8b 75 68 89 d9 4c 89 e2 48 81 c6 48 0a 00 00 <67> 48 0f b9 3a bb 01 00 00 00 e9 2a f8 ff ff e8 b1 20 fb f6 e8 cc [ 283.597314][ T7855] RSP: 0018:ffffc900256875d8 EFLAGS: 00010282 [ 283.599329][ T7855] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: 0000000000000005 [ 283.601882][ T7855] RDX: ffff888029e6bac4 RSI: ffff888026859808 RDI: ffffffff90ea4ac0 [ 283.604400][ T7855] RBP: ffffc90025687850 R08: 0000000000000005 R09: 0000000000000000 [ 283.606983][ T7855] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888029e6bac4 [ 283.609468][ T7855] R13: ffffc900256878c0 R14: 0000000000000000 R15: 0000000000000001 [ 283.612030][ T7855] ? ieee80211_tx_h_rate_ctrl+0x1297/0x1a20 [ 283.613960][ T7855] ? kmem_cache_alloc_node_noprof+0x2a9/0x6f0 [ 283.615911][ T7855] ? kmalloc_reserve+0x148/0x350 [ 283.617498][ T7855] ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10 [ 283.619440][ T7855] ? sta_info_hash_lookup+0x259/0x660 [ 283.621183][ T7855] invoke_tx_handlers_late+0xfb4/0x2750 [ 283.622953][ T7855] ? ieee80211_queue_skb+0x3ae/0x1fc0 [ 283.624613][ T7855] ? ieee80211_txq_may_transmit+0x730/0xfd0 [ 283.626450][ T7855] ? invoke_tx_handlers_early+0x65d/0x27d0 [ 283.628276][ T7855] ieee80211_tx+0x304/0x460 [ 283.629736][ T7855] ? __pfx_ieee80211_tx+0x10/0x10 [ 283.631423][ T7855] ? ieee80211_skb_resize+0x119/0x670 [ 283.633175][ T7855] ? ieee80211_set_qos_hdr+0x2c1/0x3f0 [ 283.634946][ T7855] ieee80211_xmit+0x30f/0x3e0 [ 283.636409][ T7855] __ieee80211_tx_skb_tid_band+0x2c2/0x720 [ 283.638210][ T7855] ieee80211_scan_state_send_probe+0x33d/0xac0 [ 283.640171][ T7855] ieee80211_scan_work+0x750/0x1ff0 [ 283.641890][ T7855] ? __queue_work+0x445/0x1150 [ 283.643441][ T7855] ? __pfx_ieee80211_scan_work+0x10/0x10 [ 283.645288][ T7855] ? rcu_is_watching+0x12/0xc0 [ 283.646857][ T7855] cfg80211_wiphy_work+0x446/0x5c0 [ 283.648525][ T7855] process_one_work+0x9d7/0x1920 [ 283.650168][ T7855] ? __pfx_process_one_work+0x10/0x10 [ 283.651946][ T7855] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 283.653791][ T7855] worker_thread+0x5da/0xe40 [ 283.655353][ T7855] ? kthread+0x13a/0x450 [ 283.656744][ T7855] ? __pfx_worker_thread+0x10/0x10 [ 283.658426][ T7855] kthread+0x370/0x450 [ 283.659798][ T7855] ? __pfx_kthread+0x10/0x10 [ 283.661314][ T7855] ret_from_fork+0x754/0xd80 [ 283.662854][ T7855] ? __pfx_ret_from_fork+0x10/0x10 [ 283.664546][ T7855] ? __switch_to+0x7b4/0x1120 [ 283.666094][ T7855] ? __pfx_kthread+0x10/0x10 [ 283.667627][ T7855] ret_from_fork_asm+0x1a/0x30 [ 283.669228][ T7855] [ 283.671023][ T7855] Kernel Offset: disabled [ 283.672812][ T7855] Rebooting in 86400 seconds..