last executing test programs: 1m5.680027307s ago: executing program 0 (id=2176): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)=[&(0x7f00000001c0)='\x00'], 0x0) r5 = syz_open_dev$usbfs(0x0, 0x0, 0x0) ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0) socket$igmp(0x2, 0x3, 0x2) 1m4.308208677s ago: executing program 0 (id=2177): socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x5a, &(0x7f0000000100)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2}, 0x10) symlink(&(0x7f0000000880)='.\x00', &(0x7f00000008c0)='./file0\x00') setxattr$system_posix_acl(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='system.posix_acl_access\x00', &(0x7f0000000800)={{}, {}, [{0x10, 0x0, 0xffffffffffffffff}]}, 0x2c, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0) dup3(r3, r1, 0x0) 15.032532499s ago: executing program 1 (id=2292): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/stat\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/90, 0x5a}], 0x1, 0x0, 0x0) 14.917513584s ago: executing program 1 (id=2294): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000140)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=ANY=[@ANYBLOB="88010000", @ANYRES16, @ANYBLOB="010000000000000000001e00000038002f800c0002000000000000000000280003802400038006000100000000000c0004000201aaaaaaaaaaaa0c0004008bd7b84e2d86341908000300", @ANYRES32=r2, @ANYBLOB="34012f8008000100000100000c0002000203aaaaaaaaaaaa94000380080004006a070000440003800c0004000000000000000000080002000000000006000100000000000c0004000202aaaaaaaaaaaa060003000000000006000300a0aa00000600010002000000280003800800020000000000080002000100000008000200020000000c0004006c0741c31fb730b7050002000000000008000100ff0300000c000500ff000000000000000c0002000201aaaaaaaaaaaa08000100020000000c0002000203aaaaaaaaaaaa3c00038008000100000000000c0005000100000008000400040000000800040001000000080001000300000008000100030000002400038014000380080002"], 0x188}}, 0x0) 14.766978668s ago: executing program 1 (id=2296): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x8e}]}}, 0x0, 0x2a}, 0x20) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='vegas\x00', 0x6) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4001, 0x4, @loopback, 0xd}, 0x1c) write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000015000000000400000000000002000000ff00000000000000"], 0x1c}}, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x891c, &(0x7f0000000000)={0x0, {0x2, 0x0, @remote}, {0x2, 0x0, @empty}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009980708b5192100c7980000000109021b00012000ac00090400000107000009090585cf"], 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) setgid(0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e24, 0x200, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x45}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x4, &(0x7f00000006c0)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd8e, 0x10, &(0x7f0000000300)={0x0, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x90) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'}) socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000002100), 0xffffffffffffffff) 14.738712142s ago: executing program 3 (id=2297): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000380)={@local}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@hyper, 0x200}, 0x0, 0x2, 0x7}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket(0x0, 0x0, 0x0) unshare(0x0) r2 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x61) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/fscaps', 0x0, 0x0) io_submit(0x0, 0x0, 0x0) unshare(0x6a040000) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r3 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r3, &(0x7f0000000340)={&(0x7f0000000240)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x28}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000840)=@mangle={'mangle\x00', 0x64, 0x6, 0x560, 0x100, 0x1d8, 0x100, 0x100, 0x2a8, 0x490, 0x490, 0x490, 0x490, 0x490, 0x6, 0x0, {[{{@ipv6={@empty, @loopback, [], [], 'gre0\x00', 'bond0\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@srh={{0x30}}]}, @common=@unspec=@CONNSECMARK={0x28}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3c0}}, {{@ipv6={@mcast2, @private1, [], [], 'pim6reg1\x00', 'vlan1\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@hl={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@remote, @ipv6=@mcast1}}}, {{@ipv6={@private0, @remote, [], [], 'tunl0\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5c0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x20000000000000fc, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000800000000650018110000", @ANYRES64=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000808500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000100)='host1x_channel_submitted\x00'}, 0x10) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) stat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000480)) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000001380)={0x8, &(0x7f0000000740)=[{}, {}, {}, {}, {}, {}, {}, {}]}) 13.752597337s ago: executing program 2 (id=2298): writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000340)="8a226ff432407a7f5fd09590d734f795e12e", 0x12}], 0x2) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x3}, 0x10}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b36, &(0x7f0000000000)={'wlan0\x00'}) 8.609548375s ago: executing program 2 (id=2299): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000180)='./file1/file4\x00', &(0x7f00000001c0), 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0) getpid() socketpair$unix(0x1, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file4/file6\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x10, 0x0) write$binfmt_elf64(r1, &(0x7f0000000680)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x8, 0xb6, 0x2, 0xf49a, 0x2, 0x0, 0x0, 0x10f, 0x40, 0x197, 0x10, 0x0, 0x38, 0x2, 0x1000, 0xf, 0x160}, [{0x70000000, 0x3, 0x9, 0xad9, 0x3, 0xb, 0xfffffffffffffffc, 0x800000000}, {0x60000000, 0x9, 0x0, 0x6, 0x35, 0x7, 0x7, 0xa}], "a60aba22a7f7c22460915ed875bd0747f6cb333d9d653ef45e67a3e5ecd0dc05fc425f56f46b8217fc127d9efc5de88c9603f5afe742cf4576493dcd144dd50c0f7ce92deb8894f29b30e24668a36853b13a02bb2a12bcbe1c9e630d398ae0757de1d9357f4991fa3b53b37c6abc50d8e6560bbfc178cb8b2c6128f402bb24655811afc3430d50f178964562f9ef20e36637243aef3ed322d82b7fc166927bf85cecc840a80f61f324b76bb2832e2c636a0375760af4001ec85436aa99c85b9a9cdac54b4b71c85962439a366729479f61983e88d8", ['\x00', '\x00', '\x00']}, 0x485) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000340)={0x2000}, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(r1, 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x0) 8.136422463s ago: executing program 1 (id=2300): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYRES16=r0], 0x7c}, 0x1, 0x0, 0x0, 0x20000895}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001480)=ANY=[], 0x184}, 0x1, 0x0, 0x0, 0x40000}, 0x20000800) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r3 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="50000000120005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="000000000000000028001280d2b63110fd10404e64f6d7b4d71fa209010100766574651f", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r4], 0x50}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001440)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5], 0x78}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f00000000c0)={0x80000000, 0x1, {0x1, 0x0, 0xde00, 0x1, 0x1}, 0x1}) 7.816122887s ago: executing program 1 (id=2301): r0 = socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_CAPBSET_DROP(0x1c, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket(0x0, 0x0, 0x0) unshare(0x8040080) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={0xffffffffffffffff, r4, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x4e, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f0000000180), 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) io_setup(0x20, &(0x7f0000001140)=0x0) io_submit(r5, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) unshare(0x6a040000) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 7.555717486s ago: executing program 2 (id=2302): socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000002840), 0x2, 0x0) prlimit64(0x0, 0x6, &(0x7f0000000280)={0x7, 0x6}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r4, 0x0, 0xd0, &(0x7f0000000140), 0x4) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x7, '\x00', 0x0, r0, 0x4, 0x0, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xf, 0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b703000000000070850000000500006daea368156eef850e0e00bca900000000000035090100000000009500000000000000b702000000000000739af8ff0000000076090000000000007baaf00007080000f8ffffffbfa400000000000007000008000000182200000000f1df535ac42275c11dcc9d529b4d2489a2b03d9f0239fbb3720c57da6e13f5a1a0ff2517d4ed5a5cefa2648eea55f5b9c477bd63c81d964706d3bd4bd0fa25e5ce8081c8806ef3fd9207bd2805bc17e8d155822739d970bd48653cfb2a1fbb8a015f454360f1ff87af2574724901b613", @ANYRES32=r6, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$UHID_INPUT(r0, &(0x7f0000002880)={0x8, {"018029586a1e122ff50a9c7b6ff6c21e4f8290afe6c2d4c4b556e54f21fc9b14a2cd3968e4ddb4a649933a731f7cb9fd463106bba65ca8d2226e09efe5289db7f8d2193f30a6fb7c5c42230adb942d32d9fcdb3feb178623856ce2b79945851ce02ed568c6e4f3a785a6bcc160dc30609ca9ca22f9c9c85d4cec4240335eceaa64ec3dc37e62d9d2575e9013c9229be1178978f5ab83e2af9202d637bcec71e6b544d4e38705b0df5d2bf2146b1081d8319f214fc30491bbed1629ea0fefd151e1a3a28ae871c2ea87608af8dac9c0a21f8ee9851c351a55059222666b3adca6a9f2bfa564d40b877c02a688f2ced08fa204bd73196c70c8172c6b517dcb90f7f1cc7d895a6776f1cfb352fb78d56d2faad7700c39793474678243f9378b829a27dafc57543a04fde392f9d8efa7e4c2f7f0717c12f8283e3f33a8dbd380846833e2910c710ced7747fe040b1b6b31cc26f2652f5c7ddaa2294efb2c0fcd1a3f9fec65739c00dc0ce403042ea2f6f68179a8b4b77a358843d0536624f177305c1d68c6e9207e0961f42525d1a5b24d0fc7ddc608d86c8346f850ad302485a761fd1fd6cc9be277f1296dc244b38a2f601c658226caab07815a6e6023baf41bd377f0b1148d754d36b72eecdc8915a207e9bea273dbd430b8ee3926f1ea6c705a9f9c50cd8ecf289e82026b2130e60ab1e1b4fa5c502d69ba106de773fde9f1a4528fcc90558831865b01c1501bcdf9acaeb8aeff73021cc05df6413d4f17a2c9619767f79f8e8300fdda4a424c30e07fed4a3b9d3b62f843720b84a51c0b3c7a21e068c8de17e207f0cf56a18276467ecdb3b8af4ba7d80fa4c47489bd72bf334d504bd04d6eadd0acc5c96a22d2ec6ac2309c4c3670c59162c953252b3e0a994fb31199952edcd2d70ac685a1ab74768e24246c46c8512ccffd150bfa426946e2e01df6aed4e8df881b5b89c451b7805dd85ec1e32205fd5d0c255b8a39a7108ff1cd480abd538d28162fc100eb55b77c4213aadd56d39a23f96e1f3b58bf06f4278120d6b5a688177f4cef13864d88e41892fc50707fbaa0593a280da1ccc0f6b5978161000cc7e6028253847ec1234373de8f94e6431f9c84ecd03fec1eda4f5043967036eda320e7ef1c070fbac2574b1c842cbae389931f41b67d29d78972acf09f7146e9744518947673ed9ade7fde5381354fe0fa335c20d46c126e384a4a3c1317c298a7c2f7bfed5f2ba2690abd5c844981e31452efbf01f6a56c1444be87f1863a6ea8235ca142cd0f010289c12f2491be6c1c057fe699062514a7591f3195793340992ad40830762c0f9038471079738976122e83486a56df91576dc34cfbc2bf2fe900613bc85181bb21b844a9477e930123e08e3b203830477320422c3329e6b7c7c048cb13d2896787e4ba2f5a8c59fb9ed9c5af7075bae74aa7bae42edec861a828639dedb23d02e92578db622c6981663547263c479f513913f4876c05e21dfb4d896175e6e1f40899f2c31e6aa1efdbdd46d8d9887769595fa818aa545558668bff41729d87dab83d6c0840ccdb01f9e12d8c91606591ed6d4b6ea80966d53bfcf4ac3ca266bf1cf1f849b0163382f59e04350e0402f4040072b4fc13cd82e0ef9d320c31d6255a5e7f5cc3537e7ee0b3a702be4d098a22e2f28a0d3c74c55deb5c2068104ca4e15a11ce7c3d5142e55d9f5ec6a2365f5ce084175de7215a22d8f7ed6b3d434954870a0f826c875192b3538766075c1a0bd4cade3f765b65d92ea713dccbaca7d69844ae72fc7a1387c5d553c6563bcf4a6801b0de2e753884ba344e73c22d3a4523067cc850e3c5bfb54ebf28275a4d92daf3c1e62080f6aa7d640826279d57cd7c269f64c2d97c40f4bca99dcda6e8e82f1b129ad4112a065a2a36eb5fd6ff4e71f1a4681bd310f9bfc6274f136947d16dd5ed6a40d9a2e8fc6380100f2188d5604bdb038f4d8671bfe8c5eb28c1400e6c348fbae703d7a3dc8d203c1ebec54c4f1df7e1b7f65716003153af35086097064e1ecd0a3df2c4f9471e76ace8e809003673bf5d1c6ef9ba0c318d7a7e85ee2b9725e53ed6f905dc1c8cbdf1459f6a1a3d0961dfcb36ad1297f9e411a9578e120ffb95bddb2f74ef54965475085fa4cc03ee6ffde3776b5814411902df5401f5c9da28a63d133d5bce05caf265cc0891787a2467a4886607039fa5535484a80870023e8880cdc520f01611a9e27b06d6833b407921a3d738b88440576f107710a85ac84b7aa03c89c0cf7b26352dcca25e769ff3cfaf03cc0a9aaba64721a708561f83317c7b385c5db3da8c16536d4949371ad3c240d72f22a0c8b0615b9bcae8b8e0e5ac48d4fb205daccd1cc9da013053fa5bd6dfb4e9b567a9b4871724f467c74b36105de31641a3f03710c19d040f8feba80b37d4f185d97edb3ed555546fdf7d2632576aee6748d3f3399a77e775483b19c0cb9809112a91c0e649a0ddce3a1c2f62ab264a44a32bba3604b60e6ed24f133bbce31cf113e45eff2a429657112ae3c24162c8797c5166a6c1af12c4451779e92270ddb994a80052c1ad8ca8d56245c2c7605ef56edce89ca80cb217f26ec5d9128019a8561d6dc3ed50d0b4c3b19bdffad27e4c9550ecff45a8bcbf1b57425e016611dc8626b7f57f96cd533da4152c536a371a7e5dd8e18c45ae841e7067f63c30871c85da35daa82d600b30579bca6cbd3b3748c765082fd7c26a4c7ab961ec3d90a4bd2b52b505f8f514ca270b85dc3ade20a0c780b4d6891599d0e21e46091da93d90b75a7fe12f73f27acfc44af433387296e9a0641336a130726ecaaca41753b3527194344807ab762f2f3ef063a8262a4e484f853298bdd4b0f2138678ac579ef3d9331ace0b052d3cdd8c0600b52b3a67c0cc46082b780a166e4752bbfb6ff906f7cfec94ec4738aa83ed73eeff8c6a7786eda0bddceb9509b52d7c6fd9f857d97f86402abb1badadaf49f54d01d5affdcc26cd68ba54bf24c094124b53e7bf66973041003b7196e7c194569c5d3417a7798b83fd100e4878a5499d935b6dd6c0d1b25d8994b5b0c3a6f034bc5d219e2d2ebdb1e17fb19b4ba9793fa1a576c0789f36757f407f1c3298f45a9e75fe601fe4608082a8576bb3bef7bb88a84479cc470ea25bdedf351c015f9a7f667b5d181dceadec2a78aa0c4d9204212355d83a474afb00de1e5911581a13809f38b05f208e5e0e4938ff708a051ea44d5d8dd403d067a926ff8520e702706a8fedfb8e2be9f5b8d21b9418e4e9c3daf13b04b943fea29c5d9b57873ca19ebda962b8cdfa316a637b618f73c344b90cf811b7fb386c36419baa26b13917d9a2b91e9c8294b68af63929eefdc0eb06d96af3e9935bcb500ffe1165e90882d57513cd6310cd3df1f013ffb7ad61aab7c77a16c9bfa8cc4d318ab9e4aabd6711fef250dbb2a96d5a693baca71e897f03b4d60577bb9bf2aa01b134744de68974111ff20b10649e7c1e3cff9b7475f6f6c0af528486d7dadf1650fb9410c9ea4a25c0c3c2d7a5289be70a63fda583f89bcb078301384df876db4d36a902a817ffc25d5b9da0a04f7ad2c2486bd4cbb907511144f6dbb2d69456045d02267c10e258836efe5555b7a6f1bfbfcf683e2e0c8e14cd7eb3e9aaca242bc49564dd2fddf71264d2ed59a812d93d8d0dc652e945b6105db529612e7a720ff291bfb2b4a86132225f004bbd9eceff6f5b18c4c09085f9571275b6af8595fc6666cb8ac7ebbb05a55ba960a2d47b870827d4305a3ed1e40cd35be0b9d2de374baa3b9bd599b654e48e4fac488a291c1fc399d83ad6ebf64a2a5b38e9981684e95957687fcd0589850243e1685a6455705834e2f9d4c8f8df58a341a69eb790d2e65c08cb9353f5c7fafe125bd8f0249873395a667da5939784938902b2309dba27a496b7b5f9eca5b030f5ffd9f68ce981527ce7b9a5391dd33dd716cfba52df7b03c825587d4f7264da3c32583cae7011c11d37998b9dfd3a4564f71385d0f4dcd1c8d9ae730a72e59c819697f59dd6d1e2f6e251014ceb9f193855a8f0f7979f65e0656ae5eec1bcd5b8bf3dc3aa0e631cc5d058f6bfc0f763d1b366c5cd848f421a352a1f73f5e63d5eac6857b0907e4bb44ea1ddf7095e9fa7033e3216df906475cf18e8339dd9ce8d4b1d4d3fc7be6e8054e191c70be0c6bbe38a25d442d1fcb0b1dc900992cdbf12c3e0d13f73e71a436e5838f872195e0f32775975bb5a61b7b86ee8955cf025e03296b2b747804707bf930d6abe86a2cb608c62aa084331a16b6570f66f4a2d01e46beddc45d8b0249a6c8bfe64614b22a0008b2a003668dcf0f8d997452e38dc53340bb9ed53f0fabee608d0d4f93bb41c48a8374381daab685d5a4f5fd4df6effdf1de9ce9a5fca64a4b5f60baa3394f871e42b46d879faf6a5af5dea8c3f68b2286b39626b6a1fe8b77b29e49d6eab4c164221ad35df2ca828dc65bd154c1a78a425849dedce7027c43fecf2a8cfe729d0931c45f45c7a9245b441c9f7b847b9dc7cc024a5e24dbb852945e9c63bfd07bd2d40d087712228b613b4270c2c845ab18995305b95bc4137d5e81b07846e9758dc38a63e71e12e2a5ddd541c7901e4aeff629d8f8bbbf68953f569b8d1dfb210cefd61821b1da075e7f2f80d33eb5589a9816da21b6b77565bba21cb83179afaf0d7369d402ff29ff61101a843b37d0456fc83351861b1b9f1b8efe86fde7b0ac5dda04a5cbc8d11dccfcad30b968c0c6d40ab7ddb41290ef1f1d3f35ee220307cd7107230177f5d915aa63ba0336deefecdad995461b49bdecc30276355376d7b4ab466348f776607ee8ebfd9a10488c5b2336e5317c634c5d9a00379442efe741a606fb5a71e9aceb1d28e29667e1f6e6aee28eb3ecc9391a0e0e22f0eefaad3145f8a8647b7a074ea02be7ffb3acb673ca3ed4c417b1f75d4ab8adee0eb1f7f0e257275cbe760abcace586630d6ef086db6f1f3bf830c21673bf3c37c4016c5dff201055ad4debdf0cf37451cfc005096bcd0036ffe313df3d3bfc916757a5eeb526a52cd470760ed87e0dd46f86c3a64be50e0af882a98682b60b7752bd77a1156e4ecd1d09a4e4da915c8a2752dc10c5de8521b4f9b7b9a556d9e6b23eeb77684dc1e47a69904603b00f5424e0e0dc1b0c196cb830b5bf5bbf25e4033f918fe03167645598d3224fb6904b78a4227689ea460f3767f36dce7ca73f5e9acc008330e1abb75208325ae807179244ce743b4c039194cd490da5c062321d8634bb4436823e2e37bf07c2c204be2365ae3367fc9a96eff33ca5887716acc117ced14718219f56a578433e9f8a5568411a41dfcf3e39d90274d9e739e4090006a0b4e62136c8505374deb5ef43a7d59bdd7e984d44ec0e0fd24a6b70a344cd92940211d2df22b2512e664ffff4423c8ff108e46e82794051def7bf50b4e759ed4a4e0a330310fd9e607ed84a4619b232b3917a0e1a0e25a238fb7057af47bb3432a238f7805f291368e74a88858f3f5cc7024189f48959d0254252cbe188f3d3ee5435ef1f1886a791d5d9dfea6dc4589f59c331c7727fe4a46210c6a487fc14f20c7b3fa61ee04524e01aff361000257ed6b850f4f43c9661256190c6292a9a024f8b5e5d7b976de2e3715fc399110d630f84e97c9d77dc24821a49076824fb1a5989cb45921d50621581761126e54d72f2083c49ae02930312536633cd454f92b058cb19b02375ed8202d9d04bfaf6ed5fa774e51391897d72ece8e022a272cd136", 0x1000}}, 0x1006) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) 6.868850351s ago: executing program 3 (id=2303): bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x4, 0xd, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb7030000ed000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) userfaultfd(0x80801) open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0x100, 0x0, 0x0, 0x182, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x5, 0x2}, 0x48) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000740)={@map=r0, 0x7, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_procfs$pagemap(0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) write(r4, &(0x7f00000003c0)="240000001e005f0214ffffffffffff1400490000b8aa232baf000000080008000d000000", 0x24) r5 = socket(0x2a, 0x2, 0x7fff) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000040)={0xfff, 0x0, 0x0, 0xffffffff}, 0x10) r6 = memfd_create(&(0x7f0000000480)='y\x105\xfb\a\x00\x83%:r\xc2\xb5x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\x1b\x00m\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\"\xffj\x01\xd5\xfe\x17aq\xc9\xb7N\x82\xa2\bY\xf0\xf9\xa4\\%\xb0f\xb9\xefR\xe9m+s=\xfa%Wz?\xe3\xc0\x01\x8a\xa9S\xb4\x89\xf4\xf8\x12w7\x8a\xeb\xaf\x14\xa6\x9a\x1b\x9d\x80\xceZ\x7f3yw\xd8\xf6 \xc7\\\x8f\x1a?\xa6O\x15\xe4\xb3\xab\xc8L4_\xa4\xe9\x84Z,~\xfaB\xc9\x97w(\x80\xf9\x86=O>?\x95!\xe6\xd3\x9as\x9c\xd6\t\a\xba\xaf\xc6\x87zM\a\xe9\xe3E~\xbe\xd9\xb9\x8c\xfar\xae\t< 8\x8eIf}+\xa1i\xf6\x14\xe1$\x97\x03\x86\x142\xfahq\x8c\xb3`\xc02\x11\xaf\x80{\xf8\xf6\xde>]\x98?\x10\xfd\xc1\x8c\xa6ct\x0f\xfc\xca]\xce\xf7\xf7 r|\xe2b', 0x3) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) socket(0x2, 0x80805, 0x0) 6.819825759s ago: executing program 4 (id=2304): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) unshare(0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, 0x0, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x400000) r2 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000000)=0x639) r3 = memfd_create(&(0x7f0000000140)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xac \xe8\xb6\xdf\x16J\xab\xecC\xe2{\xfd\x8a\xb4\x8e\x9c\xfb\xf6\xe9\xd8]B6)\x9f\x9cR\xae\x12G\xd8\xa4y\xef\x02?\xf2\xe7}\ra\x97F', 0x0) r4 = dup(r3) r5 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_setup(0xa94, &(0x7f0000000300)={0x0, 0x0, 0x0, 0xfffffffc}, &(0x7f00000000c0)=0x0, &(0x7f0000000640)) syz_io_uring_submit(r7, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r5, 0xb15, 0x0, 0x0, 0x0, 0x0) write$cgroup_pid(r4, &(0x7f0000000040)=0xffffffffffffffff, 0x5e) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r3, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0x5008, 0x0) readv(r2, &(0x7f0000000040)=[{0x0}], 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000001980)={{0x2000, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) 6.607067255s ago: executing program 0 (id=2198): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000001c0)={0x0, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000180)={0x0, 0x1, 0x6, @multicast}, 0x10) 5.752787652s ago: executing program 3 (id=2305): r0 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000140)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=ANY=[@ANYBLOB="88010000", @ANYRES16=r0, @ANYBLOB="010000000000000000001e00000038002f800c0002000000000000000000280003802400038006000100000000000c0004000201aaaaaaaaaaaa0c0004008bd7b84e2d86341908000300", @ANYRES32=r3, @ANYBLOB="34012f8008000100000100000c0002000203aaaaaaaaaaaa94000380080004006a070000440003800c0004000000000000000000080002000000000006000100000000000c0004000202aaaaaaaaaaaa060003000000000006000300a0aa00000600010002000000280003800800020000000000080002000100000008000200020000000c0004006c0741c31fb730b7050002000000000008000100ff0300000c000500ff000000000000000c0002000201aaaaaaaaaaaa08000100020000000c0002000203aaaaaaaaaaaa3c00038008000100000000000c0005000100000008000400040000000800040001000000080001000300000008000100030000002400038014000380080002"], 0x188}}, 0x0) 5.401174292s ago: executing program 4 (id=2306): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="600000000206050000000000000000000000000012000300686173683a6e65742c706f72740000000900020073797a3200000000050004000000000005"], 0x60}}, 0x0) 5.306634785s ago: executing program 3 (id=2307): r0 = syz_open_dev$admmidi(&(0x7f00000000c0), 0x5840, 0x201) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, &(0x7f0000000000)={0x1}) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e8500000007000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000100)='(\'-\x00', &(0x7f00000001c0)=']\x00', 0x0) pwritev(0xffffffffffffffff, &(0x7f0000001440)=[{&(0x7f00000002c0)='t', 0x1}], 0x1, 0x0, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mmap$binder(&(0x7f0000694000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x5) syz_open_pts(r7, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r8, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000001080)=ANY=[@ANYBLOB="140000000104010100000000000000318bf4d35d"], 0x14}}, 0x0) write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}], 0x38) ioctl$SG_GET_PACK_ID(r1, 0x227c, 0x0) syz_emit_ethernet(0xaa, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd603019bb00742b00fc020000000000000000000000000000fe8000000000000000000000000000aa2c0000000000000000005b4100000000000000000064907802000000000000000000000082f63de64f6ce2ee11028289aefdb3449391a823213e6332516748a7949bb108402fa83bf71aa23d391b8fa99e9816af2d040876a663a86d97f46b9665cc18492b00"/170], 0x0) 5.199943565s ago: executing program 0 (id=2308): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) capset(0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, 0x0, 0x800000}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$unix(0x1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x400) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, 0x0, 0x0) sendmsg$802154_dgram(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x2a, &(0x7f0000000140), 0x4) syz_genetlink_get_family_id$wireguard(0x0, r2) recvmmsg(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0xd, 0x20000}, 0x20) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYRESDEC], 0xd) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x0}, 0x20) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r3, 0x40186f40, 0x20000502) 5.137566773s ago: executing program 4 (id=2309): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) memfd_create(&(0x7f0000000440)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+ \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz\x03\x00\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92 \x00*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\f\xc9\xc5H\x0f;\xd3\xe2\at\x9bJ\xe6\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xee\xdc\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)\xdeA\x1ed\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97\xf6\xb8\xebN\xe2\x18\x04[\xabW}\xb1\xffo\xae~=\x9dd\x9f\x92\xd2[\xb8\xb6\x1a\x02c\xa1\xd1H\xb7@\x06\x96s\xef\xee\x92\xfaC\x15+\x84%h1O\xe2\xb8\xd3\x19R\x00\f\n\x1cpEn\xad\xa7IRf\xc65\x15<}\xb8\x05\xe4\xb7\x9e\xf3\xda\xdavzB\xf8qj\x9e\xe4\xbd\x05\xcfx\xb5\x12\t\xe0\xf2\'f\xf4+\xb3\xdeA6\x10O\xdd\x9c\xf7B', 0x7) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[], 0x7) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000040341a02080000000000010902"], 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ptype\x00') preadv(r0, &(0x7f0000000340)=[{&(0x7f0000000380)=""/214, 0xd6}], 0x1, 0x49, 0x0) 4.247136891s ago: executing program 3 (id=2310): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x12, r1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$l2tp6(0xa, 0x2, 0x73) r3 = syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r3, 0x4054561e, &(0x7f0000001440)={0x8, "0db13fdd21410e296957cc50e913e2dd3e86b9dde0a2d27f86aed9ebc72c63d5"}) pwritev2(r2, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r4, 0x40015b19, &(0x7f0000000040)) 3.190916826s ago: executing program 2 (id=2311): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000180)='./file1/file4\x00', &(0x7f00000001c0), 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0) getpid() socketpair$unix(0x1, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file4/file6\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x10, 0x0) write$binfmt_elf64(r1, &(0x7f0000000680)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x8, 0xb6, 0x2, 0xf49a, 0x2, 0x0, 0x0, 0x10f, 0x40, 0x197, 0x10, 0x0, 0x38, 0x2, 0x1000, 0xf, 0x160}, [{0x70000000, 0x3, 0x9, 0xad9, 0x3, 0xb, 0xfffffffffffffffc, 0x800000000}, {0x60000000, 0x9, 0x0, 0x6, 0x35, 0x7, 0x7, 0xa}], "a60aba22a7f7c22460915ed875bd0747f6cb333d9d653ef45e67a3e5ecd0dc05fc425f56f46b8217fc127d9efc5de88c9603f5afe742cf4576493dcd144dd50c0f7ce92deb8894f29b30e24668a36853b13a02bb2a12bcbe1c9e630d398ae0757de1d9357f4991fa3b53b37c6abc50d8e6560bbfc178cb8b2c6128f402bb24655811afc3430d50f178964562f9ef20e36637243aef3ed322d82b7fc166927bf85cecc840a80f61f324b76bb2832e2c636a0375760af4001ec85436aa99c85b9a9cdac54b4b71c85962439a366729479f61983e88d8", ['\x00', '\x00', '\x00']}, 0x485) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000340)={0x2000}, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(r1, 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x0) 3.076373907s ago: executing program 0 (id=2312): pipe(0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r4, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000d00)='/proc/sysvipc/msg\x00', 0x0, 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00') r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$KVM_GET_MSRS(r8, 0xc0189436, &(0x7f0000000100)) read$FUSE(r7, &(0x7f0000004180)={0x2020}, 0x2020) r9 = socket$inet(0xa, 0x801, 0x84) connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r9, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close_range(r6, 0xffffffffffffffff, 0x0) write$binfmt_misc(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="3100030007"], 0xd) 1.990127836s ago: executing program 0 (id=2313): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) userfaultfd(0x801) sched_setaffinity(0x0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_ethernet(0x172, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0) syz_clone(0x0, &(0x7f0000003480)="9ad40eea234be618d96ba6fa055140724d4d887509d013a4516c6a9e7bbea8599faaffbf7565c3aecaa475073b658bd51341a687eef356648f78af117219f4708973ee1d566a4782b381e8c0a871f443e32c98927ac54a6938e457da72e46d979a47e00420f8e6beb5b41dabfc3abcd67f9be14274d2c854e5a242ff5714fb48", 0x80, 0x0, 0x0, &(0x7f00000003c0)="b7474f3d0d10ebe9ac72180e6f767b1013d20b230d931a74a470af548a2ef9490bd66b0db6f3c92eb419c135eab8402e219749a6a33b58f39cfc511d936c98692f17217c8fa1e6d5") process_vm_readv(0x0, 0x0, 0x0, &(0x7f00000027c0)=[{0x0}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000002580)=""/165, 0xa5}, {&(0x7f0000002640)=""/85, 0x55}], 0x4, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={0xd8, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0x3}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_SRC={0x48, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @remote}, @CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00'}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast1}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast2}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0x14, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}]}]}, 0xd8}}, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r4, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10) r5 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180), 0x10) sendmsg$tipc(r5, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r5, 0x10f, 0x81, &(0x7f0000000000), 0x4) r6 = dup3(r4, r5, 0x0) sendmsg$tipc(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) setsockopt$TIPC_GROUP_LEAVE(r6, 0x10f, 0x88) socket$tipc(0x1e, 0x5, 0x0) 1.945250702s ago: executing program 2 (id=2314): r0 = socket$kcm(0x10, 0x0, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f00000000c0)='GPL\x00'}, 0x90) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="25003300d0000000080211000001080211000000505050505050000003"], 0x44}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x0, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="61155000000000006113500000000000bfa000000000000007000000ee0016055e03010000000000250500000000000069163e0000000000bf07000000000000260507000fff0720670600003f000000140300000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x90) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb0104000000230000000034000000340000000200000000000000000000030000000003000000020000000000000000000000000000010500000020000000000000000000000b0200000000004ddb343951aee12290c170942ecee9cf2b33f4fca8937c1f49451a128fadd5ac9a98778aa057885750153235ae70ab446681f758d9559ca5e5b44f910d2883dee7c4692472b85f948e8d8f3caac1e9ba9c84187858974dfa657f7d1988b6d4af0b6a6b944a2ab860e99839d420c6d121352337ebf19d0762a2b7b9c1273a6cbf44396e9fb158909e86a8587d6d92f4fab2c4cc7731ce06863c0313a4"], 0x0, 0x4e}, 0x20) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r4, &(0x7f0000000080)={@val={0x1c}, @val={0x0, 0x1}, @mpls={[], @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @local}}}}}, 0x3e) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0x0, 0x60000000, 0x0, 0xfffffffffffffce7, 0x0, 0x0}, 0x50) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000500), &(0x7f0000000540)=0xe) bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) socket(0x10, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x7c, 0x10, 0x421, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x0, 0x61}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0xffffffffffffffb2, 0x4, 0x4}, @IFLA_GRE_OKEY={0x8}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e21}, @IFLA_GRE_ERSPAN_DIR={0x5, 0x17, 0x1}, @IFLA_GRE_ENCAP_DPORT={0x6}]}}}, @IFLA_LINK={0x8}, @IFLA_EXT_MASK={0x0, 0x1d, 0x1}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x7c}}, 0x0) write$binfmt_misc(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="4900030007"], 0xd) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000700)=@framed={{}, [@exit, @call={0x85, 0x0, 0x0, 0x5a}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0x78, 0x30, 0xb, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ZONE={0x6}, @TCA_CT_LABELS={0x14, 0x7, "4614c334e344ae535af2f0a70ddeb37f"}]}, {0x4}, {0xffffffffffffff48}, {0xc}}}]}]}, 0x78}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r2, 0x200, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x5, 0x1}}}}, [@NL80211_ATTR_MAC={0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040801}, 0x8805) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$smc(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$SMC_PNETID_GET(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x14, r10, 0x403}, 0x14}}, 0x0) 1.397943574s ago: executing program 4 (id=2315): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x4, 0xd, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb7030000ed000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) userfaultfd(0x80801) open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0x100, 0x0, 0x0, 0x182, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x5, 0x2}, 0x48) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000740)={@map=r1, 0x7, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_procfs$pagemap(0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) write(r5, &(0x7f00000003c0)="240000001e005f0214ffffffffffff1400490000b8aa232baf000000080008000d000000", 0x24) r6 = socket(0x2a, 0x2, 0x7fff) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0xfff, 0x0, 0x0, 0xffffffff}, 0x10) r7 = memfd_create(&(0x7f0000000480)='y\x105\xfb\a\x00\x83%:r\xc2\xb5x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\x1b\x00m\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\"\xffj\x01\xd5\xfe\x17aq\xc9\xb7N\x82\xa2\bY\xf0\xf9\xa4\\%\xb0f\xb9\xefR\xe9m+s=\xfa%Wz?\xe3\xc0\x01\x8a\xa9S\xb4\x89\xf4\xf8\x12w7\x8a\xeb\xaf\x14\xa6\x9a\x1b\x9d\x80\xceZ\x7f3yw\xd8\xf6 \xc7\\\x8f\x1a?\xa6O\x15\xe4\xb3\xab\xc8L4_\xa4\xe9\x84Z,~\xfaB\xc9\x97w(\x80\xf9\x86=O>?\x95!\xe6\xd3\x9as\x9c\xd6\t\a\xba\xaf\xc6\x87zM\a\xe9\xe3E~\xbe\xd9\xb9\x8c\xfar\xae\t< 8\x8eIf}+\xa1i\xf6\x14\xe1$\x97\x03\x86\x142\xfahq\x8c\xb3`\xc02\x11\xaf\x80{\xf8\xf6\xde>]\x98?\x10\xfd\xc1\x8c\xa6ct\x0f\xfc\xca]\xce\xf7\xf7 r|\xe2b', 0x3) ftruncate(r7, 0xffff) fcntl$addseals(r7, 0x409, 0x7) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) socket(0x2, 0x80805, 0x0) 1.335369533s ago: executing program 1 (id=2316): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, 0x0}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @mcast2={0xff, 0x5}}}}, 0x48) mkdir(0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) mknod$loop(0x0, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000440)={0x12, 0x10, 0xfa00, {&(0x7f0000000300), r5, r0}}, 0x18) 318.496098ms ago: executing program 4 (id=2317): r0 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000140)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=ANY=[@ANYBLOB="88010000", @ANYRES16=r0, @ANYBLOB="010000000000000000001e00000038002f800c0002000000000000000000280003802400038006000100000000000c0004000201aaaaaaaaaaaa0c0004008bd7b84e2d86341908000300", @ANYRES32=r3, @ANYBLOB="34012f8008000100000100000c0002000203aaaaaaaaaaaa94000380080004006a070000440003800c0004000000000000000000080002000000000006000100000000000c0004000202aaaaaaaaaaaa060003000000000006000300a0aa00000600010002000000280003800800020000000000080002000100000008000200020000000c0004006c0741c31fb730b7050002000000000008000100ff0300000c000500ff000000000000000c0002000201aaaaaaaaaaaa08000100020000000c0002000203aaaaaaaaaaaa3c00038008000100000000000c0005000100000008000400040000000800040001000000080001000300000008000100030000002400038014000380080002"], 0x188}}, 0x0) 104.997828ms ago: executing program 2 (id=2318): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00', 0x0}) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f00000001c0)={r0, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000180)={r0, 0x1, 0x6, @multicast}, 0x10) 47.860145ms ago: executing program 4 (id=2319): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="600000000206050000000000000000000000000012000300686173683a6e65742c706f72740000000900020073797a3200000000050004000000000005"], 0x60}}, 0x0) 0s ago: executing program 3 (id=2320): r0 = syz_open_dev$admmidi(&(0x7f00000000c0), 0x5840, 0x201) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, &(0x7f0000000000)={0x1}) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e8500000007000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000100)='(\'-\x00', &(0x7f00000001c0)=']\x00', 0x0) pwritev(0xffffffffffffffff, &(0x7f0000001440)=[{&(0x7f00000002c0)='t', 0x1}], 0x1, 0x0, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mmap$binder(&(0x7f0000694000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x5) syz_open_pts(r7, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r8, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000001080)=ANY=[@ANYBLOB="140000000104010100000000000000318bf4d35d"], 0x14}}, 0x0) write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}], 0x38) ioctl$SG_GET_PACK_ID(r1, 0x227c, 0x0) syz_emit_ethernet(0xaa, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd603019bb00742b00fc020000000000000000000000000000fe8000000000000000000000000000aa2c0000000000000000005b4100000000000000000064907802000000000000000000000082f63de64f6ce2ee11028289aefdb3449391a823213e6332516748a7949bb108402fa83bf71aa23d391b8fa99e9816af2d040876a663a86d97f46b9665cc18492b00"/170], 0x0) kernel console output (not intermixed with test programs): e 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 916.438636][ T1271] bridge_slave_1: left promiscuous mode [ 916.457737][ T1271] bridge0: port 2(bridge_slave_1) entered disabled state [ 916.496076][ T1271] bridge_slave_0: left allmulticast mode [ 916.507345][T13515] netlink: 'syz.1.1815': attribute type 1 has an invalid length. [ 916.512712][ T1271] bridge_slave_0: left promiscuous mode [ 916.525051][T13515] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1815'. [ 916.551630][ T9] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 916.568979][ T1271] bridge0: port 1(bridge_slave_0) entered disabled state [ 916.619544][ T9] usb 5-1: string descriptor 0 read error: -22 [ 916.639055][ T9] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 916.669682][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 916.701864][ T9] adutux 5-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 917.443621][ T9] usb 5-1: USB disconnect, device number 13 [ 917.791233][T10465] Bluetooth: hci3: command tx timeout [ 918.138728][ T5133] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 918.308671][ T5133] usb 1-1: device descriptor read/64, error -71 [ 918.741333][ T5133] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 919.069176][ T1271] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 919.079146][ T5133] usb 1-1: device descriptor read/64, error -71 [ 919.089007][ T29] audit: type=1400 audit(1720866784.133:463): avc: denied { bind } for pid=13546 comm="syz.4.1819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 919.101922][T13547] FAULT_INJECTION: forcing a failure. [ 919.101922][T13547] name failslab, interval 1, probability 0, space 0, times 0 [ 919.139305][ T29] audit: type=1400 audit(1720866784.133:464): avc: denied { setopt } for pid=13546 comm="syz.4.1819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 919.145715][T13547] CPU: 1 PID: 13547 Comm: syz.4.1819 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 919.170067][T13547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 919.180137][T13547] Call Trace: [ 919.183408][T13547] [ 919.186326][T13547] dump_stack_lvl+0x16c/0x1f0 [ 919.190997][T13547] should_fail_ex+0x497/0x5b0 [ 919.195670][T13547] should_failslab+0x9/0x20 [ 919.200171][T13547] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 919.205537][T13547] ? skb_clone+0x190/0x3f0 [ 919.209954][T13547] skb_clone+0x190/0x3f0 [ 919.214194][T13547] netlink_deliver_tap+0xab3/0xd90 [ 919.219324][T13547] netlink_unicast+0x604/0x820 [ 919.224083][T13547] ? __pfx_netlink_unicast+0x10/0x10 [ 919.229363][T13547] netlink_sendmsg+0x8b8/0xd70 [ 919.234123][T13547] ? __pfx_netlink_sendmsg+0x10/0x10 [ 919.240128][T13547] ? __import_iovec+0x1fd/0x6e0 [ 919.244986][T13547] ____sys_sendmsg+0xab5/0xc90 [ 919.249766][T13547] ? copy_msghdr_from_user+0x10b/0x160 [ 919.255234][T13547] ? __pfx_____sys_sendmsg+0x10/0x10 [ 919.260516][T13547] ? find_held_lock+0x2d/0x110 [ 919.265276][T13547] ? __pfx___lock_acquire+0x10/0x10 [ 919.270483][T13547] ___sys_sendmsg+0x135/0x1e0 [ 919.275167][T13547] ? __pfx____sys_sendmsg+0x10/0x10 [ 919.280368][T13547] ? ksys_write+0x21c/0x260 [ 919.284879][T13547] ? __fget_light+0x173/0x210 [ 919.289562][T13547] __sys_sendmsg+0x117/0x1f0 [ 919.294159][T13547] ? __pfx___sys_sendmsg+0x10/0x10 [ 919.299276][T13547] do_syscall_64+0xcd/0x250 [ 919.303791][T13547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 919.309711][T13547] RIP: 0033:0x7f886fb75bd9 [ 919.314115][T13547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 919.333987][T13547] RSP: 002b:00007f8870913048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 919.342408][T13547] RAX: ffffffffffffffda RBX: 00007f886fd03f60 RCX: 00007f886fb75bd9 [ 919.350507][T13547] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 919.358478][T13547] RBP: 00007f88709130a0 R08: 0000000000000000 R09: 0000000000000000 [ 919.366463][T13547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 919.374429][T13547] R13: 000000000000000b R14: 00007f886fd03f60 R15: 00007ffde0448c58 [ 919.382409][T13547] [ 919.409456][T13547] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1819'. [ 919.415844][ T5133] usb usb1-port1: attempt power cycle [ 919.449724][ T1271] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 919.481177][ T1271] bond0 (unregistering): Released all slaves [ 919.868826][T10465] Bluetooth: hci3: command tx timeout [ 919.879171][ T5133] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 920.043471][ T5133] usb 1-1: device descriptor read/8, error -71 [ 920.345673][ T5133] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 920.510217][ T5133] usb 1-1: device descriptor read/8, error -71 [ 920.646165][ T5133] usb usb1-port1: unable to enumerate USB device [ 921.577455][T13447] bridge0: port 1(bridge_slave_0) entered blocking state [ 921.587727][T13447] bridge0: port 1(bridge_slave_0) entered disabled state [ 921.658152][T13576] loop7: detected capacity change from 0 to 1036 [ 922.568944][T13447] bridge_slave_0: entered allmulticast mode [ 922.637631][T13447] bridge_slave_0: entered promiscuous mode [ 922.672064][T13447] bridge0: port 2(bridge_slave_1) entered blocking state [ 922.706941][T13447] bridge0: port 2(bridge_slave_1) entered disabled state [ 922.727200][T13447] bridge_slave_1: entered allmulticast mode [ 922.758769][T13447] bridge_slave_1: entered promiscuous mode [ 922.964072][T13573] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1824'. [ 923.062497][T13590] syz.1.1828: attempt to access beyond end of device [ 923.062497][T13590] nbd1: rw=0, sector=6, nr_sectors = 2 limit=0 [ 923.075728][T13590] ADFS-fs (nbd1): error: unable to read block 3, try 0 [ 924.953567][T13604] netlink: 'syz.3.1831': attribute type 1 has an invalid length. [ 924.993052][T13604] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1831'. [ 925.403233][T13605] batadv0: entered promiscuous mode [ 925.461692][ T1271] hsr_slave_0: left promiscuous mode [ 925.504513][ T1271] hsr_slave_1: left promiscuous mode [ 925.551834][ T1271] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 925.574331][ T1271] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 925.639927][ T1271] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 925.684996][ T1271] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 925.816073][ T1271] veth1_macvtap: left promiscuous mode [ 925.844491][ T1271] veth0_macvtap: left promiscuous mode [ 925.869658][ T1271] veth1_vlan: left promiscuous mode [ 925.893797][ T1271] veth0_vlan: left promiscuous mode [ 926.140104][ T1271] infiniband syz1: set down [ 928.071583][T13636] xt_CONNSECMARK: invalid mode: 0 [ 928.987676][T13646] ubi: mtd0 is already attached to ubi0 [ 929.574798][ T6347] smc: removing ib device syz1 [ 929.977989][T13655] netlink: 'syz.0.1841': attribute type 1 has an invalid length. [ 929.998878][T13655] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1841'. [ 930.362885][ T1271] team0 (unregistering): Port device team_slave_1 removed [ 930.483259][ T1271] team0 (unregistering): Port device team_slave_0 removed [ 931.362601][T13447] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 931.379175][ T9] infiniband syz1: ib_query_port failed (-19) [ 931.430537][T13638] netlink: 'syz.3.1837': attribute type 10 has an invalid length. [ 931.443618][T13638] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1837'. [ 931.637292][T13447] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 932.058161][T13447] team0: Port device team_slave_0 added [ 932.127133][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.256100][T13447] team0: Port device team_slave_1 added [ 933.012269][T13447] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 933.059029][T13447] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 933.137815][T13447] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 933.180713][T13447] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 933.187757][T13447] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 933.300589][T13447] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 933.858875][T13682] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1845'. [ 934.085406][T13447] hsr_slave_0: entered promiscuous mode [ 934.128089][T13447] hsr_slave_1: entered promiscuous mode [ 936.998304][ T29] audit: type=1400 audit(1720866802.033:465): avc: denied { read } for pid=13717 comm="syz.4.1851" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 937.065510][ T29] audit: type=1400 audit(1720866802.033:466): avc: denied { open } for pid=13717 comm="syz.4.1851" path="/47/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 937.136019][T13722] block device autoloading is deprecated and will be removed. [ 937.142483][T13447] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 937.213144][T13447] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 937.305507][T13447] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 937.397749][T13447] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 937.904749][T13447] 8021q: adding VLAN 0 to HW filter on device bond0 [ 938.045729][T13447] 8021q: adding VLAN 0 to HW filter on device team0 [ 938.095358][ T5086] bridge0: port 1(bridge_slave_0) entered blocking state [ 938.102782][ T5086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 938.187425][ T5086] bridge0: port 2(bridge_slave_1) entered blocking state [ 938.194621][ T5086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 938.242114][ T29] audit: type=1326 audit(1720866803.283:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13737 comm="syz.1.1854" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9a8fb75bd9 code=0x0 [ 939.027606][T13447] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 939.665472][T13447] veth0_vlan: entered promiscuous mode [ 939.938856][T13447] veth1_vlan: entered promiscuous mode [ 940.325103][T13447] veth0_macvtap: entered promiscuous mode [ 940.372820][T13447] veth1_macvtap: entered promiscuous mode [ 940.474576][T13447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 940.538564][T13447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.591783][T13447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 940.647630][T13447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.699360][T13447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 940.763851][T13447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.779253][T13447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 940.813858][T13447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.890403][T13447] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 940.943431][T13447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 940.999251][T13447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 941.034097][T13447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 941.088791][T13447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 941.125047][T13447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 941.163400][T13447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 941.202549][T13447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 941.258613][T13447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 941.300485][T13447] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 941.383749][T13447] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 941.466827][T13447] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 941.516974][T13447] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 941.559277][T13447] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 943.306542][T13810] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 943.441277][ T6347] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 943.461458][ T6347] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 943.600824][T13810] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1864'. [ 943.615044][T13810] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 943.616030][T12858] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 943.698685][T12858] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 946.006330][T13836] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1866'. [ 946.204382][T13836] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1866'. [ 946.306685][T13848] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1866'. [ 946.316642][T13848] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1866'. [ 947.818941][T13861] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1872'. [ 947.905346][ T5080] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 947.916632][ T5080] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 947.929641][ T5080] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 947.955730][ T5080] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 947.968063][ T5080] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 948.000950][ T5080] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 948.249181][T13868] TCP: MD5 Hash not found for 172.20.20.187.0->172.20.20.170.20002 [P] L3 index 0 [ 949.116730][T13884] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1876'. [ 949.192367][T13862] chnl_net:caif_netlink_parms(): no params data found [ 949.648279][ T29] audit: type=1400 audit(1720866814.683:468): avc: denied { map } for pid=13894 comm="syz.1.1878" path="socket:[46819]" dev="sockfs" ino=46819 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 950.004093][T13862] bridge0: port 1(bridge_slave_0) entered blocking state [ 950.034904][T13862] bridge0: port 1(bridge_slave_0) entered disabled state [ 950.079178][T13862] bridge_slave_0: entered allmulticast mode [ 950.112892][ T5080] Bluetooth: hci5: command tx timeout [ 950.133597][T13862] bridge_slave_0: entered promiscuous mode [ 950.220057][T13862] bridge0: port 2(bridge_slave_1) entered blocking state [ 950.277852][T13862] bridge0: port 2(bridge_slave_1) entered disabled state [ 950.311553][T13862] bridge_slave_1: entered allmulticast mode [ 950.361057][T13862] bridge_slave_1: entered promiscuous mode [ 950.724449][T13862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 950.778226][T13862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 951.259764][T13862] team0: Port device team_slave_0 added [ 951.384523][T13862] team0: Port device team_slave_1 added [ 951.708748][T13931] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1880'. [ 951.717809][T13931] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1880'. [ 951.817162][T13862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 951.860362][T13862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 951.947697][T13862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 951.975967][T13862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 951.993318][T13862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 952.115489][T13862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 952.188890][ T5080] Bluetooth: hci5: command tx timeout [ 952.197566][T13925] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1880'. [ 952.256374][T13925] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1880'. [ 953.070667][T13862] hsr_slave_0: entered promiscuous mode [ 953.126436][T13862] hsr_slave_1: entered promiscuous mode [ 953.337729][T13862] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 953.355734][T13862] Cannot create hsr debugfs directory [ 953.447406][T13958] syz.2.1887: attempt to access beyond end of device [ 953.447406][T13958] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0 [ 953.460543][T13958] ADFS-fs (nbd2): error: unable to read block 3, try 0 [ 954.181708][T13948] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1886'. [ 954.226094][T13948] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1886'. [ 954.252569][ T29] audit: type=1400 audit(1720866819.283:469): avc: denied { ioctl } for pid=13962 comm="syz.2.1888" path="socket:[46978]" dev="sockfs" ino=46978 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 954.279036][ T5080] Bluetooth: hci5: command tx timeout [ 954.412405][T13954] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1886'. [ 954.453728][T13954] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1886'. [ 955.318348][T13862] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 955.824202][T13862] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.011643][ T29] audit: type=1400 audit(1720866821.053:470): avc: denied { accept } for pid=13984 comm="syz.3.1891" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 956.032490][T13862] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.111408][T13988] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1892'. [ 956.310323][T13862] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.350268][ T5080] Bluetooth: hci5: command tx timeout [ 956.491706][ T5080] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 957.754519][T13862] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 957.849253][T13862] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 957.916173][T13862] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 958.033334][T13862] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 958.473745][T14007] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1898'. [ 958.576006][T14007] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1898'. [ 958.698582][T14012] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1898'. [ 958.726975][T14012] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1898'. [ 960.058433][T13862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 960.133704][T13862] 8021q: adding VLAN 0 to HW filter on device team0 [ 960.275620][ T5086] bridge0: port 1(bridge_slave_0) entered blocking state [ 960.282963][ T5086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 960.543066][ T5086] bridge0: port 2(bridge_slave_1) entered blocking state [ 960.550496][ T5086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 961.375257][T14043] netlink: 'syz.4.1904': attribute type 4 has an invalid length. [ 961.447398][T14043] netlink: 128124 bytes leftover after parsing attributes in process `syz.4.1904'. [ 961.713975][T14055] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 961.836052][T13862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 962.223650][T13862] veth0_vlan: entered promiscuous mode [ 962.325385][T13862] veth1_vlan: entered promiscuous mode [ 962.491681][T13862] veth0_macvtap: entered promiscuous mode [ 962.591875][T13862] veth1_macvtap: entered promiscuous mode [ 962.677850][T13862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 962.729984][T13862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 962.758993][T13862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 962.786321][T13862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 962.816907][T13862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 962.854871][T13862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 962.880122][T13862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 962.912174][T13862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 962.955418][T13862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 962.984111][T13862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.034065][T13862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 963.082717][T13862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 963.124173][T13862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.158770][T13862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 963.290037][T13862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.398998][T13862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 964.004161][T13862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 964.037240][T13862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 964.074493][T13862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 964.117263][T13862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 964.148194][T13862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 964.187481][T13862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 964.301454][T13862] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.350046][T13862] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.378762][T13862] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.412316][T13862] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.460870][T14072] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 925 (only 8 groups) [ 964.739377][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 964.779722][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 964.894065][ T1271] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 964.928747][ T1271] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 965.013263][T14079] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 965.115557][T14079] CIFS mount error: No usable UNC path provided in device string! [ 965.115557][T14079] [ 965.156769][T14079] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 966.681060][ T29] audit: type=1400 audit(1720866831.723:471): avc: denied { read } for pid=14101 comm="syz.1.1919" name="nullb0" dev="devtmpfs" ino=681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 966.761351][T14103] netlink: 'syz.1.1919': attribute type 2 has an invalid length. [ 966.778625][ T29] audit: type=1400 audit(1720866831.723:472): avc: denied { open } for pid=14101 comm="syz.1.1919" path="/dev/nullb0" dev="devtmpfs" ino=681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 966.859821][ T29] audit: type=1400 audit(1720866831.863:473): avc: denied { ioctl } for pid=14101 comm="syz.1.1919" path="ipc:[4026534079]" dev="nsfs" ino=4026534079 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 968.590377][T14112] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1921'. [ 968.612039][T14112] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1921'. [ 968.673356][T14115] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1921'. [ 968.727286][T14115] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1921'. [ 970.016846][ T29] audit: type=1400 audit(1720866835.043:474): avc: denied { getopt } for pid=14123 comm="syz.4.1925" lport=55272 faddr=::ffff:172.30.0.5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 975.015021][T14176] xt_CONNSECMARK: invalid mode: 0 [ 983.749020][T14218] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1945'. [ 984.888584][T10465] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 984.900935][T10465] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 984.913607][T10465] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 984.924917][T10465] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 984.933517][T10465] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 984.949116][T10465] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 985.228386][ T7407] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 985.465203][ T7407] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 985.613259][ T7407] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 986.036109][ T7407] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 986.836613][T14232] chnl_net:caif_netlink_parms(): no params data found [ 987.010261][T10465] Bluetooth: hci2: command tx timeout [ 987.172077][ T7407] bridge_slave_1: left allmulticast mode [ 987.177746][ T7407] bridge_slave_1: left promiscuous mode [ 987.188840][ T7407] bridge0: port 2(bridge_slave_1) entered disabled state [ 987.480574][ T7407] bridge_slave_0: left allmulticast mode [ 987.628638][ T7407] bridge_slave_0: left promiscuous mode [ 987.634551][ T7407] bridge0: port 1(bridge_slave_0) entered disabled state [ 989.078845][T10465] Bluetooth: hci2: command tx timeout [ 989.641746][ T7407] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 989.771323][ T7407] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 989.809094][ T7407] bond0 (unregistering): Released all slaves [ 990.024534][T14279] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1957'. [ 990.058634][T14279] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1957'. [ 990.110727][T14282] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1957'. [ 990.489349][T14282] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1957'. [ 991.148664][T10465] Bluetooth: hci2: command tx timeout [ 992.087419][T14232] bridge0: port 1(bridge_slave_0) entered blocking state [ 992.097814][T14232] bridge0: port 1(bridge_slave_0) entered disabled state [ 992.126976][T14232] bridge_slave_0: entered allmulticast mode [ 992.135527][T14232] bridge_slave_0: entered promiscuous mode [ 992.231363][T14319] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1963'. [ 992.276079][T14232] bridge0: port 2(bridge_slave_1) entered blocking state [ 992.308809][T14232] bridge0: port 2(bridge_slave_1) entered disabled state [ 992.338326][T14232] bridge_slave_1: entered allmulticast mode [ 992.347572][T14232] bridge_slave_1: entered promiscuous mode [ 992.625304][ T7407] hsr_slave_0: left promiscuous mode [ 992.650190][ T7407] hsr_slave_1: left promiscuous mode [ 993.102860][ T7407] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 993.161104][ T7407] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 993.228668][T10465] Bluetooth: hci2: command tx timeout [ 993.476291][ T7407] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 993.508664][ T7407] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 993.556308][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.598696][ T7407] veth1_macvtap: left promiscuous mode [ 993.632287][ T7407] veth0_macvtap: left promiscuous mode [ 993.658918][ T7407] veth1_vlan: left promiscuous mode [ 993.664316][ T7407] veth0_vlan: left promiscuous mode [ 993.683255][T14328] ubi: mtd0 is already attached to ubi0 [ 993.918171][ T5080] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 993.931607][ T5080] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 993.942139][ T5080] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 993.952418][ T5080] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 993.965995][ T5080] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 993.974295][ T5080] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 995.321793][ T7407] team0 (unregistering): Port device team_slave_1 removed [ 995.472987][ T7407] team0 (unregistering): Port device team_slave_0 removed [ 996.035102][T10465] Bluetooth: hci1: command tx timeout [ 996.816836][T14232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 996.857114][T14232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 996.960825][T14334] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1968'. [ 997.042833][T14334] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1968'. [ 997.194393][T14336] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1968'. [ 997.219017][T14336] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1968'. [ 997.960521][T14232] team0: Port device team_slave_0 added [ 997.993367][T14232] team0: Port device team_slave_1 added [ 998.021600][T14361] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1970'. [ 998.047954][T14361] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1970'. [ 998.074727][T14357] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1970'. [ 998.102893][T14357] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1970'. [ 998.112331][T10465] Bluetooth: hci1: command tx timeout [ 998.469598][T14232] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 998.476563][T14232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 998.527888][T14232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 998.571320][T14232] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 998.580025][T14232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 998.651108][T14232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 999.198067][T14232] hsr_slave_0: entered promiscuous mode [ 999.231296][T14232] hsr_slave_1: entered promiscuous mode [ 999.249605][T14387] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 999.270865][T14232] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 999.297904][T14232] Cannot create hsr debugfs directory [ 1000.197205][T10465] Bluetooth: hci1: command tx timeout [ 1000.252931][ T7407] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1000.881796][ T7407] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.258374][T14412] overlayfs: conflicting lowerdir path [ 1002.268783][T10465] Bluetooth: hci1: command tx timeout [ 1002.886065][ T7407] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.301502][ T7407] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.342996][T14418] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1980'. [ 1003.363486][T14418] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1980'. [ 1003.415475][T14421] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1980'. [ 1003.439561][T14421] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1980'. [ 1004.420670][T14335] chnl_net:caif_netlink_parms(): no params data found [ 1004.874737][ T7407] bridge_slave_1: left allmulticast mode [ 1004.892773][ T7407] bridge_slave_1: left promiscuous mode [ 1004.925208][ T7407] bridge0: port 2(bridge_slave_1) entered disabled state [ 1004.967434][ T7407] bridge_slave_0: left allmulticast mode [ 1004.973628][ T7407] bridge_slave_0: left promiscuous mode [ 1005.023929][ T7407] bridge0: port 1(bridge_slave_0) entered disabled state [ 1006.388131][ T7407] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1006.471162][ T7407] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1006.523547][ T7407] bond0 (unregistering): Released all slaves [ 1006.724409][ T7407] IPVS: stopping master sync thread 11781 ... [ 1007.565842][T14335] bridge0: port 1(bridge_slave_0) entered blocking state [ 1007.704588][T14335] bridge0: port 1(bridge_slave_0) entered disabled state [ 1008.459567][T14335] bridge_slave_0: entered allmulticast mode [ 1008.498218][T14335] bridge_slave_0: entered promiscuous mode [ 1008.822054][T14335] bridge0: port 2(bridge_slave_1) entered blocking state [ 1008.849312][T14335] bridge0: port 2(bridge_slave_1) entered disabled state [ 1008.876939][T14335] bridge_slave_1: entered allmulticast mode [ 1008.892559][T14335] bridge_slave_1: entered promiscuous mode [ 1009.073803][ T7407] hsr_slave_0: left promiscuous mode [ 1009.103681][ T7407] hsr_slave_1: left promiscuous mode [ 1009.171700][ T7407] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1009.212705][ T7407] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1009.241355][ T7407] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1009.269767][ T7407] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1009.381963][ T7407] veth1_macvtap: left promiscuous mode [ 1009.408344][ T7407] veth0_macvtap: left promiscuous mode [ 1009.424954][ T7407] veth1_vlan: left promiscuous mode [ 1009.439077][ T7407] veth0_vlan: left promiscuous mode [ 1009.641352][T14477] FAULT_INJECTION: forcing a failure. [ 1009.641352][T14477] name failslab, interval 1, probability 0, space 0, times 0 [ 1009.715232][ T29] audit: type=1400 audit(1720866874.723:475): avc: denied { mount } for pid=14471 comm="syz.0.1989" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 1009.752240][T14477] CPU: 1 PID: 14477 Comm: syz.0.1989 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 1009.762457][T14477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1009.772524][T14477] Call Trace: [ 1009.775800][T14477] [ 1009.778735][T14477] dump_stack_lvl+0x16c/0x1f0 [ 1009.783428][T14477] should_fail_ex+0x497/0x5b0 [ 1009.788110][T14477] should_failslab+0x9/0x20 [ 1009.792626][T14477] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 1009.798001][T14477] ? security_file_alloc+0x41/0x260 [ 1009.803205][T14477] security_file_alloc+0x41/0x260 [ 1009.808232][T14477] init_file+0x99/0x260 [ 1009.812396][T14477] alloc_empty_file+0x91/0x1e0 [ 1009.817163][T14477] path_openat+0xe0/0x2e50 [ 1009.821586][T14477] ? hlock_class+0x4e/0x130 [ 1009.826099][T14477] ? __lock_acquire+0x14f4/0x3b30 [ 1009.831147][T14477] ? __pfx_path_openat+0x10/0x10 [ 1009.836094][T14477] ? __pfx___lock_acquire+0x10/0x10 [ 1009.841298][T14477] ? find_held_lock+0x2d/0x110 [ 1009.846071][T14477] do_filp_open+0x1dc/0x430 [ 1009.850588][T14477] ? __pfx_do_filp_open+0x10/0x10 [ 1009.855620][T14477] ? find_held_lock+0x2d/0x110 [ 1009.860676][T14477] ? _raw_spin_unlock+0x28/0x50 [ 1009.865537][T14477] ? alloc_fd+0x2d7/0x6c0 [ 1009.869881][T14477] do_sys_openat2+0x17a/0x1e0 [ 1009.874570][T14477] ? __pfx_do_sys_openat2+0x10/0x10 [ 1009.879774][T14477] ? __pfx___schedule+0x10/0x10 [ 1009.884629][T14477] __x64_sys_openat+0x175/0x210 [ 1009.889482][T14477] ? __pfx___x64_sys_openat+0x10/0x10 [ 1009.894858][T14477] do_syscall_64+0xcd/0x250 [ 1009.899372][T14477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1009.905280][T14477] RIP: 0033:0x7f317cb75bd9 [ 1009.909693][T14477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1009.929310][T14477] RSP: 002b:00007f317c5de048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1009.937725][T14477] RAX: ffffffffffffffda RBX: 00007f317cd04038 RCX: 00007f317cb75bd9 [ 1009.945694][T14477] RDX: 0000000000202000 RSI: 0000000020000140 RDI: ffffffffffffff9c [ 1009.953669][T14477] RBP: 00007f317c5de0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1009.961641][T14477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1009.969610][T14477] R13: 000000000000006e R14: 00007f317cd04038 R15: 00007ffe93fe8a08 [ 1009.977583][T14477] [ 1010.709427][ T29] audit: type=1400 audit(1720866875.753:476): avc: denied { unmount } for pid=13862 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 1012.097810][ T7407] team0 (unregistering): Port device team_slave_1 removed [ 1012.173368][ T7407] team0 (unregistering): Port device team_slave_0 removed [ 1013.593177][T14481] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1991'. [ 1013.608880][T14481] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1991'. [ 1013.659844][T14484] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1991'. [ 1013.678639][T14484] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1991'. [ 1013.726825][T14335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1013.781038][T14335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1014.032563][T14232] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1014.089416][T14232] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1014.143903][T14335] team0: Port device team_slave_0 added [ 1014.168004][T14232] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1014.175331][T10465] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 1014.252294][T14335] team0: Port device team_slave_1 added [ 1014.291017][T14232] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1014.483143][T10465] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 1014.650213][T14335] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1014.686993][T14335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1014.783058][T14335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1014.868849][T14335] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1014.888656][T14335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1014.959654][T14516] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1998'. [ 1014.978744][T14335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1015.001296][T14516] openvswitch: netlink: Tunnel attr 11525 out of range max 16 [ 1015.274245][T14335] hsr_slave_0: entered promiscuous mode [ 1015.306452][T14335] hsr_slave_1: entered promiscuous mode [ 1015.323027][T14335] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1015.350980][T14335] Cannot create hsr debugfs directory [ 1015.390150][T14524] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1998'. [ 1015.904699][T14232] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1015.986571][T14232] 8021q: adding VLAN 0 to HW filter on device team0 [ 1016.066961][ T29] audit: type=1400 audit(1720866881.103:477): avc: denied { mount } for pid=14537 comm="syz.2.2001" name="/" dev="configfs" ino=1245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 1016.101903][T14542] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1016.137338][T14073] bridge0: port 1(bridge_slave_0) entered blocking state [ 1016.144625][T14073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1016.239833][ T29] audit: type=1400 audit(1720866881.273:478): avc: denied { read } for pid=14537 comm="syz.2.2001" name="/" dev="configfs" ino=1245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1016.261874][ C1] vkms_vblank_simulate: vblank timer overrun [ 1016.308624][ T5132] bridge0: port 2(bridge_slave_1) entered blocking state [ 1016.315903][ T5132] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1016.316332][ T29] audit: type=1400 audit(1720866881.353:479): avc: denied { open } for pid=14537 comm="syz.2.2001" path="/" dev="configfs" ino=1245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1017.045839][ T29] audit: type=1400 audit(1720866882.083:480): avc: denied { unmount } for pid=12224 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 1017.392016][T14335] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1017.489442][T14335] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1017.528030][T14335] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1017.567614][T14335] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1017.612771][T14232] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1017.890032][T14563] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1018.010014][T14335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1018.097007][T14335] 8021q: adding VLAN 0 to HW filter on device team0 [ 1018.208425][T14073] bridge0: port 1(bridge_slave_0) entered blocking state [ 1018.215695][T14073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1018.249890][ T8] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 1018.290412][T14073] bridge0: port 2(bridge_slave_1) entered blocking state [ 1018.297621][T14073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1018.447074][T14335] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1018.460691][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 1018.479078][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1018.504411][ T29] audit: type=1400 audit(1720866883.543:481): avc: denied { unmount } for pid=13447 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 1018.518632][ T8] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1018.554323][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1018.565582][ T8] usb 2-1: config 0 descriptor?? [ 1018.792752][T14232] veth0_vlan: entered promiscuous mode [ 1018.863048][T14232] veth1_vlan: entered promiscuous mode [ 1019.032749][T14232] veth0_macvtap: entered promiscuous mode [ 1019.066752][T14232] veth1_macvtap: entered promiscuous mode [ 1019.142499][T14232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1019.183363][T14232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1019.208926][T14232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1019.234365][T14232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1019.261901][T14232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1019.285344][T14232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1019.316262][T14232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1019.342847][T14232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1019.382907][ T8] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1019.419386][T14232] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1019.458111][T14232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1019.480210][ T8] usb 2-1: USB disconnect, device number 16 [ 1019.499566][ T8] iowarrior 2-1:0.0: I/O-Warror #0 now disconnected [ 1019.508314][T14232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1019.550194][T14232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1019.577095][T14232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1019.587513][T14232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1019.613531][T14232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1019.631326][ T29] audit: type=1400 audit(1720866884.673:482): avc: denied { write } for pid=14613 comm="syz.2.2013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1019.654943][T14232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1019.695425][T14232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1019.732351][T14232] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1019.827243][T14232] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1019.849797][T14232] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1019.879662][T14232] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1019.888413][T14232] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1020.007578][T14335] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1020.029445][ T8] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 1020.072375][ T29] audit: type=1400 audit(1720866885.113:483): avc: denied { setopt } for pid=14620 comm="syz.2.2015" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 1020.091941][ C1] vkms_vblank_simulate: vblank timer overrun [ 1020.225053][ T8] usb 2-1: New USB device found, idVendor=14b2, idProduct=3302, bcdDevice=1b.fe [ 1020.240363][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1020.278973][ T8] usb 2-1: config 0 descriptor?? [ 1020.320345][ T8] r8712u: register rtl8712_netdev_ops to netdev_ops [ 1020.327333][ T8] usb 2-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 1020.430872][T14335] veth0_vlan: entered promiscuous mode [ 1020.490474][ T8] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed [ 1020.514704][ T8] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 1020.519565][T14335] veth1_vlan: entered promiscuous mode [ 1020.550320][ T8] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 1020.561997][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1020.599556][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1020.623186][ T8] usb 2-1: USB disconnect, device number 17 [ 1020.761182][T14335] veth0_macvtap: entered promiscuous mode [ 1020.789717][T12858] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1020.808067][T12858] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1020.992325][T14335] veth1_macvtap: entered promiscuous mode [ 1021.172879][T14335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1021.205426][T14335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.241563][T14335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1021.273274][T14335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.308717][T14335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1021.341411][T14335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.395869][T14335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1021.440759][ T29] audit: type=1400 audit(1720866886.483:484): avc: denied { create } for pid=14645 comm="syz.4.1948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 1021.465617][T14335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.495967][T14335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1021.538423][T14335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.571425][T14335] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1021.640444][T14335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1021.686960][T14335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.723507][T14335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1021.764099][T14335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.798844][T14335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1021.864946][T14335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.906155][T14335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1021.944152][T14335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.975598][T14335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1022.000366][T14335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1022.061728][T14335] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1022.140476][T14335] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1022.178892][T14335] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1022.210761][T14335] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1022.263841][T14664] netlink: 'syz.2.2019': attribute type 1 has an invalid length. [ 1022.268995][T14335] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1022.300830][T14664] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2019'. [ 1022.637833][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1022.660261][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1022.808187][ T7406] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1022.842881][ T7406] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1022.889467][ T5128] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 1022.960686][T14683] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2024'. [ 1023.094207][ T5128] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1023.118621][ T5128] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1023.314189][ T5128] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1023.670464][ T5128] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1023.681691][ T5128] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1023.742016][ T5128] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1023.754805][ T5128] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1023.763188][ T5128] usb 3-1: Product: syz [ 1023.768274][ T5128] usb 3-1: Manufacturer: syz [ 1023.929962][ T5128] cdc_wdm 3-1:1.0: skipping garbage [ 1023.935215][ T5128] cdc_wdm 3-1:1.0: skipping garbage [ 1023.971415][ T5128] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 1023.977364][ T5128] cdc_wdm 3-1:1.0: Unknown control protocol [ 1024.286507][ T5134] usb 3-1: USB disconnect, device number 4 [ 1024.443421][T14707] ubi: mtd0 is already attached to ubi0 [ 1025.419414][ T29] audit: type=1400 audit(1720866890.463:485): avc: denied { write } for pid=14710 comm="syz.3.2029" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 1025.549328][ T29] audit: type=1400 audit(1720866890.463:486): avc: denied { read } for pid=14710 comm="syz.3.2029" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 1025.782828][T14730] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2035'. [ 1026.284206][T14750] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2042'. [ 1026.540454][T14755] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2043'. [ 1027.554137][T14779] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1027.679759][ T5080] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1027.691407][ T5080] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1027.702373][ T5080] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1027.715485][ T5080] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1027.747620][ T5080] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1027.756578][ T5080] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1028.107966][T14789] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2050'. [ 1028.149877][T14789] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2050'. [ 1028.191264][T14787] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2050'. [ 1028.228778][T14787] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2050'. [ 1028.613837][ T29] audit: type=1400 audit(1720866893.653:487): avc: denied { accept } for pid=14800 comm="syz.2.2053" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 1028.723294][ T29] audit: type=1400 audit(1720866893.763:488): avc: denied { nlmsg_write } for pid=14800 comm="syz.2.2053" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 1028.752419][ T2470] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1028.858809][ T5133] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 1029.078819][ T5133] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1029.098660][ T5133] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1029.138753][ T5133] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1029.183377][ T5133] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1029.215952][ T5133] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1029.262061][ T5133] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1029.289527][ T5133] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1029.297571][ T5133] usb 5-1: Product: syz [ 1029.320595][ T5133] usb 5-1: Manufacturer: syz [ 1029.345892][ T5133] cdc_wdm 5-1:1.0: skipping garbage [ 1029.358121][ T5133] cdc_wdm 5-1:1.0: skipping garbage [ 1029.380743][ T5133] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 1029.402493][ T5133] cdc_wdm 5-1:1.0: Unknown control protocol [ 1029.742441][ T5133] usb 5-1: USB disconnect, device number 14 [ 1029.869099][T10465] Bluetooth: hci6: command tx timeout [ 1030.749015][T10465] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 1030.761640][T10465] Bluetooth: hci3: Injecting HCI hardware error event [ 1030.772406][T10465] Bluetooth: hci3: hardware error 0x00 [ 1031.298612][ T5133] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 1031.546329][ T5133] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1031.699391][ T5133] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1031.874376][ T5133] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1031.952474][ T5080] Bluetooth: hci6: command tx timeout [ 1031.959733][ T5133] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1031.986935][ T5133] usb 2-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 1032.006855][ T5133] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1032.029391][ T5133] usb 2-1: config 0 descriptor?? [ 1032.273409][ T5133] usb 2-1: USB disconnect, device number 18 [ 1032.828969][T10465] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1033.389349][ T2470] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1033.468281][T14846] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2062'. [ 1033.518679][T14846] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2062'. [ 1033.541077][T14847] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2062'. [ 1033.566184][T14847] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2062'. [ 1033.724276][ T2470] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1033.989243][ T2470] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1034.029810][T10465] Bluetooth: hci6: command tx timeout [ 1034.438939][ T8] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 1034.654970][ T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1034.678700][T14781] chnl_net:caif_netlink_parms(): no params data found [ 1034.689733][ T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1034.721729][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1034.733005][ T2470] bridge_slave_1: left allmulticast mode [ 1034.740807][ T2470] bridge_slave_1: left promiscuous mode [ 1034.746630][ T2470] bridge0: port 2(bridge_slave_1) entered disabled state [ 1034.748817][ T8] usb 2-1: Product: syz [ 1034.768357][ T8] usb 2-1: Manufacturer: syz [ 1034.779154][ T8] usb 2-1: SerialNumber: syz [ 1034.797431][ T2470] bridge_slave_0: left allmulticast mode [ 1034.808551][ T2470] bridge_slave_0: left promiscuous mode [ 1034.828473][ T2470] bridge0: port 1(bridge_slave_0) entered disabled state [ 1035.820305][ T8] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 1035.837538][ T8] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 1035.855323][ T8] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 1036.061941][ T8] cdc_ncm 2-1:1.0: setting tx_max = 184 [ 1036.111778][T10465] Bluetooth: hci6: command tx timeout [ 1036.163671][ T2470] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1036.227862][ T2470] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1036.293356][ T2470] bond0 (unregistering): Released all slaves [ 1036.438326][T14880] netlink: 'syz.4.2071': attribute type 1 has an invalid length. [ 1036.449060][ T8] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 1036.465628][T14880] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2071'. [ 1036.513872][ T8] usb 2-1: USB disconnect, device number 19 [ 1036.525942][ T8] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 1037.108158][T14781] bridge0: port 1(bridge_slave_0) entered blocking state [ 1037.137748][T14781] bridge0: port 1(bridge_slave_0) entered disabled state [ 1037.169934][T14781] bridge_slave_0: entered allmulticast mode [ 1037.177822][T14781] bridge_slave_0: entered promiscuous mode [ 1037.187644][T14781] bridge0: port 2(bridge_slave_1) entered blocking state [ 1037.194928][T14781] bridge0: port 2(bridge_slave_1) entered disabled state [ 1037.202994][T14781] bridge_slave_1: entered allmulticast mode [ 1037.211163][T14781] bridge_slave_1: entered promiscuous mode [ 1037.278655][ T5133] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 1037.471499][ T2470] hsr_slave_0: left promiscuous mode [ 1037.487940][ T2470] hsr_slave_1: left promiscuous mode [ 1037.493490][ T5133] usb 2-1: Using ep0 maxpacket: 8 [ 1037.524006][ T5133] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1037.557408][ T5133] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1037.599333][ T2470] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1037.606987][ T5133] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1037.631447][ T2470] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1037.649709][ T2470] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1037.657164][ T2470] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1037.661133][ T5133] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1037.698704][ T5133] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1037.725891][ T2470] veth1_macvtap: left promiscuous mode [ 1037.725922][ T5133] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1037.741047][ T2470] veth0_macvtap: left promiscuous mode [ 1037.757119][ T2470] veth1_vlan: left promiscuous mode [ 1037.762860][ T2470] veth0_vlan: left promiscuous mode [ 1037.786369][ T5133] hub 2-1:1.0: bad descriptor, ignoring hub [ 1037.796561][ T5133] hub 2-1:1.0: probe with driver hub failed with error -5 [ 1037.812216][ T5133] cdc_wdm 2-1:1.0: skipping garbage [ 1037.824320][ T5133] cdc_wdm 2-1:1.0: skipping garbage [ 1037.844830][ T5133] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 1037.857827][ T5133] cdc_wdm 2-1:1.0: Unknown control protocol [ 1037.989547][ T5132] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 1038.214532][ T5132] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1038.238564][ T5132] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1038.277346][ T5132] usb 5-1: Product: syz [ 1038.282006][ T5132] usb 5-1: Manufacturer: syz [ 1038.286743][ T5132] usb 5-1: SerialNumber: syz [ 1038.313076][ T5132] usb 5-1: config 0 descriptor?? [ 1038.324005][ T5132] ch341 5-1:0.0: ch341-uart converter detected [ 1038.330452][ T5128] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 1038.514098][T14073] usb 2-1: USB disconnect, device number 20 [ 1038.528607][ T5128] usb 3-1: Using ep0 maxpacket: 8 [ 1038.569283][ T5128] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1038.588581][ T5128] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1038.618112][ T5128] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1038.627902][ T5128] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1038.649021][ T5128] hub 3-1:1.0: bad descriptor, ignoring hub [ 1038.654975][ T5128] hub 3-1:1.0: probe with driver hub failed with error -5 [ 1038.734451][T14909] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1038.749528][T14909] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1038.809049][ T5132] usb 5-1: failed to send control message: -71 [ 1038.815327][ T5132] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 1038.845007][ T5132] usb 5-1: USB disconnect, device number 15 [ 1038.900023][ T5132] ch341 5-1:0.0: device disconnected [ 1038.978974][ T9] usb 3-1: USB disconnect, device number 5 [ 1039.131739][ T29] audit: type=1400 audit(1720866904.173:489): avc: denied { read } for pid=14913 comm="syz.1.2082" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 1039.163255][T14914] netlink: 'syz.1.2082': attribute type 1 has an invalid length. [ 1039.178650][T14914] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.2082'. [ 1039.740048][ T2470] team0 (unregistering): Port device team_slave_1 removed [ 1039.891932][ T2470] team0 (unregistering): Port device team_slave_0 removed [ 1040.598948][ T5128] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 1040.812562][ T5128] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1040.856911][ T5128] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1040.876546][ T5128] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1040.896848][ T5128] usb 2-1: Product: syz [ 1040.906992][ T5128] usb 2-1: Manufacturer: syz [ 1040.927316][ T5128] usb 2-1: SerialNumber: syz [ 1041.862620][T14781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1041.961761][T14781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1042.067835][ T5128] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 1042.085687][ T5128] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 1042.110827][ T5128] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 1042.166160][T14781] team0: Port device team_slave_0 added [ 1042.204917][T14781] team0: Port device team_slave_1 added [ 1042.259231][T14945] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1042.273758][ T5128] cdc_ncm 2-1:1.0: setting tx_max = 184 [ 1042.484744][T14781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1042.498679][ T5128] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 1042.536806][T14781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1042.583994][ T5128] usb 2-1: USB disconnect, device number 21 [ 1042.597479][ T5128] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 1042.616335][T14781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1042.659813][T14781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1042.666793][T14781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1042.750353][T14781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1043.067067][T14781] hsr_slave_0: entered promiscuous mode [ 1043.089129][T14781] hsr_slave_1: entered promiscuous mode [ 1043.109324][T14781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1043.117015][T14781] Cannot create hsr debugfs directory [ 1043.371714][T14961] netlink: 'syz.1.2095': attribute type 1 has an invalid length. [ 1043.409812][T14961] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.2095'. [ 1044.289921][T14976] tap0: tun_chr_ioctl cmd 2147767517 [ 1044.402842][T14781] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1044.928895][ T29] audit: type=1326 audit(1720866909.913:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14978 comm="syz.1.2102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a8fb75bd9 code=0x7ffc0000 [ 1045.240270][ T29] audit: type=1326 audit(1720866909.923:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14978 comm="syz.1.2102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a8fb75bd9 code=0x7ffc0000 [ 1045.266932][T14781] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1045.328714][T14981] veth0_vlan: entered allmulticast mode [ 1045.464361][T14982] veth0_vlan: left promiscuous mode [ 1045.472488][T14982] veth0_vlan: entered promiscuous mode [ 1045.612581][T14781] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1045.637394][T14781] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1045.853640][T14998] netlink: 'syz.4.2108': attribute type 13 has an invalid length. [ 1046.155113][T14781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1046.296890][T14781] 8021q: adding VLAN 0 to HW filter on device team0 [ 1046.308712][ T29] audit: type=1400 audit(1720866911.343:492): avc: denied { read } for pid=15007 comm="syz.0.2112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 1046.411139][T14073] bridge0: port 1(bridge_slave_0) entered blocking state [ 1046.418333][T14073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1046.451367][T14073] bridge0: port 2(bridge_slave_1) entered blocking state [ 1046.458626][T14073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1046.586926][T14781] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1047.296465][T15021] veth0_vlan: entered allmulticast mode [ 1048.548263][T15024] affs: Unrecognized mount option "ß" or missing value [ 1048.557408][T15024] affs: Error parsing options [ 1048.619423][ T29] audit: type=1326 audit(1720866913.633:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15015 comm="syz.0.2116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317cb75bd9 code=0x7ffc0000 [ 1048.848927][ T29] audit: type=1326 audit(1720866913.633:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15015 comm="syz.0.2116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317cb75bd9 code=0x7ffc0000 [ 1048.981508][T15026] veth0_vlan: left promiscuous mode [ 1048.989701][T15026] veth0_vlan: entered promiscuous mode [ 1049.258811][T15034] usb usb8: usbfs: process 15034 (syz.4.2119) did not claim interface 0 before use [ 1049.416408][T14781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1050.086119][T14781] veth0_vlan: entered promiscuous mode [ 1050.139593][T14781] veth1_vlan: entered promiscuous mode [ 1050.309850][T14781] veth0_macvtap: entered promiscuous mode [ 1050.352487][T14781] veth1_macvtap: entered promiscuous mode [ 1050.443967][T15055] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1050.480572][T14073] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 1050.495525][T14781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1050.558757][T14781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1050.590921][T14781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1050.799141][T14781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1050.809637][T14781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1050.821808][T14781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1050.822413][T14073] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1050.884900][T14781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1050.907141][T14781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1050.910325][T14073] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1050.918951][T14781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1054.156157][ T5128] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 1054.245809][T14781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1054.273302][T14073] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1054.339976][T14781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1054.341538][T14073] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1054.394050][T14781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1054.404683][T14073] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1054.418272][T14073] usb 2-1: string descriptor 0 read error: -71 [ 1054.434118][T14073] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1054.478968][T14073] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1054.509834][T14781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1054.550419][T14073] usb 2-1: can't set config #1, error -71 [ 1054.556399][T14781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1054.600852][T14073] usb 2-1: USB disconnect, device number 22 [ 1054.612467][T14781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1054.644462][T14781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1054.698991][T14781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1054.734840][T14781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1054.987665][T14781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.157553][T15073] affs: Unrecognized mount option "ß" or missing value [ 1055.167701][T15073] affs: Error parsing options [ 1055.384944][T14781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1055.404115][T14781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.836639][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.971510][T14781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1056.141556][T14781] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.173658][T14781] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.219901][T14781] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.249940][T14781] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.589231][T14073] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 1056.742182][ T5080] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1056.758670][ T5080] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1056.768076][ T5080] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1056.798637][T14073] usb 1-1: Using ep0 maxpacket: 8 [ 1056.850192][ T5080] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1056.850567][T14073] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1056.883333][ T5080] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1056.906798][ T5080] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1056.914391][T14073] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1056.926497][T14073] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1056.998866][T14073] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1057.017176][T14073] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1057.027059][T14073] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1057.113697][T12858] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1057.131183][T12858] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1058.328834][T14073] usb 1-1: usb_control_msg returned -32 [ 1058.338736][T14073] usbtmc 1-1:16.0: can't read capabilities [ 1058.394825][ T2470] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1058.627926][ T2470] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1058.699435][ T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 1058.730127][T12858] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1058.743754][T12858] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1058.826882][ T2470] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1058.920913][ T9] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1058.949835][ T9] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1058.993426][T10465] Bluetooth: hci1: command tx timeout [ 1059.012670][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1059.046627][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1059.111702][ T2470] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1059.122175][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1059.170108][ T9] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1059.208645][ T9] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1059.245685][ T9] usb 3-1: Product: syz [ 1059.257019][ T9] usb 3-1: Manufacturer: syz [ 1059.274155][ T9] cdc_wdm 3-1:1.0: skipping garbage [ 1059.303309][ T9] cdc_wdm 3-1:1.0: skipping garbage [ 1059.323781][ T9] cdc_wdm 3-1:1.0: cdc-wdm1: USB WDM device [ 1059.338909][ T9] cdc_wdm 3-1:1.0: Unknown control protocol [ 1059.486626][ T5128] usb 3-1: USB disconnect, device number 6 [ 1059.662434][T15083] chnl_net:caif_netlink_parms(): no params data found [ 1060.498976][T15117] bridge0: port 3(gretap0) entered blocking state [ 1060.506184][T15117] bridge0: port 3(gretap0) entered disabled state [ 1060.516430][T15117] gretap0: entered allmulticast mode [ 1060.523996][T15117] gretap0: entered promiscuous mode [ 1060.530773][T15117] bridge0: port 3(gretap0) entered blocking state [ 1060.537836][T15117] bridge0: port 3(gretap0) entered forwarding state [ 1060.593753][ T2470] bridge_slave_1: left allmulticast mode [ 1060.638893][ T2470] bridge_slave_1: left promiscuous mode [ 1060.644902][ T2470] bridge0: port 2(bridge_slave_1) entered disabled state [ 1060.699221][ T2470] bridge_slave_0: left allmulticast mode [ 1060.722721][ T2470] bridge_slave_0: left promiscuous mode [ 1060.729510][ T2470] bridge0: port 1(bridge_slave_0) entered disabled state [ 1061.078040][T10465] Bluetooth: hci1: command tx timeout [ 1061.480064][ T5193] usb 1-1: USB disconnect, device number 19 [ 1063.148798][ T2470] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1063.151447][T10465] Bluetooth: hci1: command tx timeout [ 1063.184210][ T2470] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1063.212975][ T2470] bond0 (unregistering): Released all slaves [ 1063.339376][T15120] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.2145'. [ 1063.359599][T15140] netlink: 'syz.4.2150': attribute type 10 has an invalid length. [ 1063.445343][T15140] team0: Device veth1_macvtap failed to register rx_handler [ 1063.561457][T15147] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2151'. [ 1063.620777][T15147] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2151'. [ 1063.648430][T15148] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2151'. [ 1063.691089][T15148] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2151'. [ 1063.978635][ T9] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 1064.179163][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 1064.203897][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1064.238610][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1064.247568][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1064.280897][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1064.308671][ T9] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1064.317762][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1064.344162][T15083] bridge0: port 1(bridge_slave_0) entered blocking state [ 1064.345562][ T9] hub 5-1:1.0: bad descriptor, ignoring hub [ 1064.357855][T15083] bridge0: port 1(bridge_slave_0) entered disabled state [ 1064.368354][T15083] bridge_slave_0: entered allmulticast mode [ 1064.379143][T15083] bridge_slave_0: entered promiscuous mode [ 1064.400244][T15083] bridge0: port 2(bridge_slave_1) entered blocking state [ 1064.401633][ T9] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1064.431436][T15083] bridge0: port 2(bridge_slave_1) entered disabled state [ 1064.440156][ T9] cdc_wdm 5-1:1.0: skipping garbage [ 1064.458653][ T9] cdc_wdm 5-1:1.0: skipping garbage [ 1064.474793][T15083] bridge_slave_1: entered allmulticast mode [ 1064.475820][ T9] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 1064.497362][T15083] bridge_slave_1: entered promiscuous mode [ 1064.521036][ T9] cdc_wdm 5-1:1.0: Unknown control protocol [ 1064.585392][ T9] usb 5-1: USB disconnect, device number 17 [ 1064.596970][ T2470] hsr_slave_0: left promiscuous mode [ 1064.646880][ T2470] hsr_slave_1: left promiscuous mode [ 1064.676999][ T2470] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1064.695675][ T2470] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1064.699259][T15177] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2161'. [ 1064.725594][ T2470] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1064.743448][ T2470] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1064.820220][ T2470] veth1_macvtap: left promiscuous mode [ 1064.848890][ T2470] veth0_macvtap: left promiscuous mode [ 1064.858878][ T2470] veth1_vlan: left promiscuous mode [ 1064.864295][ T2470] veth0_vlan: left promiscuous mode [ 1065.235146][T10465] Bluetooth: hci1: command tx timeout [ 1067.155980][ T2470] team0 (unregistering): Port device team_slave_1 removed [ 1067.316035][ T2470] team0 (unregistering): Port device team_slave_0 removed [ 1069.132145][T15083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1069.180632][T15083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1069.451463][T15083] team0: Port device team_slave_0 added [ 1069.577532][T15213] input: syz1 as /devices/virtual/input/input32 [ 1069.650295][T15203] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2168'. [ 1069.670964][T15203] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2168'. [ 1069.724410][T15083] team0: Port device team_slave_1 added [ 1071.453268][T15203] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2168'. [ 1071.498655][T15203] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2168'. [ 1071.585907][T15083] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1071.609034][ T29] audit: type=1400 audit(1720866936.653:495): avc: denied { unmount } for pid=13862 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 1071.618566][T15083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1071.748665][T15083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1071.784010][T15083] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1071.799852][T15083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1071.878734][T15083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1071.902473][T15221] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2172'. [ 1072.123445][T15083] hsr_slave_0: entered promiscuous mode [ 1072.129188][ T5133] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 1072.169395][T15083] hsr_slave_1: entered promiscuous mode [ 1072.208974][T15083] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1072.228749][T15083] Cannot create hsr debugfs directory [ 1072.349560][ T5133] usb 3-1: Using ep0 maxpacket: 8 [ 1072.361277][ T5133] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1072.397881][ T5133] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1072.429629][ T5133] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1072.471979][ T5133] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1072.530009][ T5133] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1072.568743][ T5133] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1072.608463][ T5133] hub 3-1:1.0: bad descriptor, ignoring hub [ 1072.624574][ T5133] hub 3-1:1.0: probe with driver hub failed with error -5 [ 1072.656335][ T5133] cdc_wdm 3-1:1.0: skipping garbage [ 1072.673759][ T5133] cdc_wdm 3-1:1.0: skipping garbage [ 1072.696204][ T5133] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 1072.978587][ T5133] cdc_wdm 3-1:1.0: Unknown control protocol [ 1073.019730][ T5133] usb 3-1: USB disconnect, device number 7 [ 1073.389348][T10465] Bluetooth: hci5: command 0x0406 tx timeout [ 1076.401634][T15083] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1076.489848][T15083] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1076.546661][T15083] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1076.622173][T15083] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1077.082053][T15083] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1077.193630][T15083] 8021q: adding VLAN 0 to HW filter on device team0 [ 1077.255049][T15063] bridge0: port 1(bridge_slave_0) entered blocking state [ 1077.262400][T15063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1077.329484][T15063] bridge0: port 2(bridge_slave_1) entered blocking state [ 1077.336614][T15063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1077.503910][T15259] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1078.121815][T15083] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1078.142544][ T5080] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1078.158691][ T5080] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1078.177377][ T5080] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1078.194342][ T5080] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1078.202946][ T5080] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1078.210558][ T5080] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1078.399055][ T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 1078.508059][T15083] veth0_vlan: entered promiscuous mode [ 1078.557329][T15083] veth1_vlan: entered promiscuous mode [ 1078.610040][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 1078.633180][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1078.670038][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1078.713590][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1078.798790][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1079.434577][ T9] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1079.444699][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1079.470972][ T9] hub 3-1:1.0: bad descriptor, ignoring hub [ 1079.476997][ T9] hub 3-1:1.0: probe with driver hub failed with error -5 [ 1079.504341][ T9] cdc_wdm 3-1:1.0: skipping garbage [ 1079.514377][ T9] cdc_wdm 3-1:1.0: skipping garbage [ 1079.533330][ T9] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 1079.549455][ T9] cdc_wdm 3-1:1.0: Unknown control protocol [ 1079.565832][ T79] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.609928][T15083] veth0_macvtap: entered promiscuous mode [ 1079.632941][T15083] veth1_macvtap: entered promiscuous mode [ 1079.689305][T15083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1079.700317][T15083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1079.711074][T15083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1079.722255][T15083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1079.732865][T15083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1079.744453][T15083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1079.780097][T15083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1079.792441][ T5128] usb 3-1: USB disconnect, device number 8 [ 1079.810063][T15083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1079.834287][T15083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1079.856651][T15083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1079.886284][T15083] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1080.090486][T15280] ubi: mtd0 is already attached to ubi0 [ 1080.270521][T10465] Bluetooth: hci4: command tx timeout [ 1080.795238][ T79] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1080.837850][T15083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1080.857132][T15083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1080.867191][T15083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1080.957184][T15083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1080.975882][T15083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1081.001230][T15083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1081.024722][T15083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1081.038804][T15083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1081.055834][T15083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1081.066763][T15083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1081.086910][T15083] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1082.090439][ T79] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1082.144625][T15083] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1082.154366][T15083] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1082.163328][T15083] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1082.172208][T15083] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1082.351321][T10465] Bluetooth: hci4: command tx timeout [ 1082.497568][ T79] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1082.603596][T15268] chnl_net:caif_netlink_parms(): no params data found [ 1084.204071][T15307] ubi: mtd0 is already attached to ubi0 [ 1084.429910][T10465] Bluetooth: hci4: command tx timeout [ 1085.249966][ T5080] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1085.263446][ T5080] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1085.272296][ T5080] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1085.310469][ T5080] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1085.320035][ T5080] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1085.327378][ T5080] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1085.348809][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1085.359261][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1085.754191][T15268] bridge0: port 1(bridge_slave_0) entered blocking state [ 1085.762697][T15268] bridge0: port 1(bridge_slave_0) entered disabled state [ 1085.763963][ T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 1085.770647][T15268] bridge_slave_0: entered allmulticast mode [ 1086.070546][ T9] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1086.138386][T15268] bridge_slave_0: entered promiscuous mode [ 1086.172701][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1086.269146][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1086.328715][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1086.373766][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1086.405233][ T9] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1086.418610][ T9] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1086.438240][ T9] usb 3-1: Product: syz [ 1086.448983][ T9] usb 3-1: Manufacturer: syz [ 1086.459602][ T9] cdc_wdm 3-1:1.0: skipping garbage [ 1086.475026][ T9] cdc_wdm 3-1:1.0: skipping garbage [ 1086.480597][T15268] bridge0: port 2(bridge_slave_1) entered blocking state [ 1086.490375][ T9] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 1086.496311][ T9] cdc_wdm 3-1:1.0: Unknown control protocol [ 1086.502602][T15268] bridge0: port 2(bridge_slave_1) entered disabled state [ 1086.510994][ T5080] Bluetooth: hci4: command tx timeout [ 1086.538973][T15268] bridge_slave_1: entered allmulticast mode [ 1086.551503][T15268] bridge_slave_1: entered promiscuous mode [ 1086.746260][T10772] usb 3-1: USB disconnect, device number 9 [ 1086.787788][T15268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1086.851712][ T79] bridge_slave_1: left allmulticast mode [ 1086.857399][ T79] bridge_slave_1: left promiscuous mode [ 1086.879271][ T79] bridge0: port 2(bridge_slave_1) entered disabled state [ 1086.903831][ T79] bridge_slave_0: left allmulticast mode [ 1086.916832][ T79] bridge_slave_0: left promiscuous mode [ 1086.923279][ T79] bridge0: port 1(bridge_slave_0) entered disabled state [ 1087.389360][ T5080] Bluetooth: hci2: command tx timeout [ 1087.733134][T15337] ubi: mtd0 is already attached to ubi0 [ 1089.496206][ T5080] Bluetooth: hci2: command tx timeout [ 1089.689271][ T79] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1090.397414][ T79] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1090.462035][ T79] bond0 (unregistering): Released all slaves [ 1090.542765][T15268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1090.675648][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1090.688704][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1091.049112][T15268] team0: Port device team_slave_0 added [ 1091.214917][T15268] team0: Port device team_slave_1 added [ 1091.477180][T15268] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1091.498047][T15268] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1091.538281][T15268] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1091.552225][ T5080] Bluetooth: hci2: command tx timeout [ 1091.598640][T15353] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2213'. [ 1091.615905][T15353] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2213'. [ 1091.697800][T15357] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2213'. [ 1091.706967][T15357] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2213'. [ 1091.720773][T15356] netlink: 67 bytes leftover after parsing attributes in process `syz.1.2131'. [ 1091.740640][T15356] IPv6: NLM_F_CREATE should be specified when creating new route [ 1091.772901][T15356] IPv6: Can't replace route, no match found [ 1091.799052][T15268] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1091.808609][ T5086] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 1091.826440][T15268] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1091.876155][T15268] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1092.017027][ T5086] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1092.039138][ T5086] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1092.096979][ T5086] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1092.119837][ T5086] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1092.146809][ T5086] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1092.276407][T15369] ubi: mtd0 is already attached to ubi0 [ 1092.987241][ T5086] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1093.033214][ T5086] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1093.064274][ T5086] usb 3-1: Product: syz [ 1093.080210][ T79] hsr_slave_0: left promiscuous mode [ 1093.089453][ T5086] usb 3-1: Manufacturer: syz [ 1093.103471][ T79] hsr_slave_1: left promiscuous mode [ 1093.130935][ T5086] cdc_wdm 3-1:1.0: skipping garbage [ 1093.136261][ T5086] cdc_wdm 3-1:1.0: skipping garbage [ 1093.142193][ T79] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1093.159222][ T79] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1093.166662][ T5086] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 1093.186143][ T79] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1093.198682][ T5086] cdc_wdm 3-1:1.0: Unknown control protocol [ 1093.211101][ T79] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1093.424066][ T79] veth0_macvtap: left promiscuous mode [ 1093.467387][ T79] veth1_vlan: left promiscuous mode [ 1093.479457][T15062] usb 3-1: USB disconnect, device number 10 [ 1093.510351][ T79] veth0_vlan: left promiscuous mode [ 1093.628800][ T5080] Bluetooth: hci2: command tx timeout [ 1096.168465][T15394] fuse: Bad value for 'fd' [ 1096.219413][ T79] team0 (unregistering): Port device team_slave_1 removed [ 1096.525917][ T79] team0 (unregistering): Port device team_slave_0 removed [ 1098.196265][T15268] hsr_slave_0: entered promiscuous mode [ 1098.221477][T15268] hsr_slave_1: entered promiscuous mode [ 1098.228281][T15268] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1098.236250][T15268] Cannot create hsr debugfs directory [ 1098.969973][T15317] chnl_net:caif_netlink_parms(): no params data found [ 1099.918587][ T5134] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1100.309723][ T5134] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1100.923656][ T5134] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1100.938594][ T5134] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1100.947638][ T5134] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1100.959922][ T5134] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1100.999309][ T5134] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1101.013118][ T5134] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1101.022705][ T5134] usb 4-1: Product: syz [ 1101.026976][ T5134] usb 4-1: Manufacturer: syz [ 1101.036071][T15317] bridge0: port 1(bridge_slave_0) entered blocking state [ 1101.040507][ T5134] cdc_wdm 4-1:1.0: skipping garbage [ 1101.062327][ T5134] cdc_wdm 4-1:1.0: skipping garbage [ 1101.073733][T15317] bridge0: port 1(bridge_slave_0) entered disabled state [ 1101.099900][T15317] bridge_slave_0: entered allmulticast mode [ 1101.120520][T15317] bridge_slave_0: entered promiscuous mode [ 1101.120726][ T5134] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 1101.240693][ T5134] cdc_wdm 4-1:1.0: Unknown control protocol [ 1101.328999][T15062] usb 4-1: USB disconnect, device number 16 [ 1101.387861][ T79] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1101.527831][T15317] bridge0: port 2(bridge_slave_1) entered blocking state [ 1101.539114][T15317] bridge0: port 2(bridge_slave_1) entered disabled state [ 1101.556756][T15317] bridge_slave_1: entered allmulticast mode [ 1101.591123][T15317] bridge_slave_1: entered promiscuous mode [ 1101.751708][ T79] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1102.074760][T15443] fuse: Invalid rootmode [ 1102.097739][ T79] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1103.159648][ T79] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1103.234382][T15317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1103.290281][T15317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1103.360530][T15452] netlink: 'syz.3.2239': attribute type 1 has an invalid length. [ 1103.368303][T15452] netlink: 161700 bytes leftover after parsing attributes in process `syz.3.2239'. [ 1103.589684][T15317] team0: Port device team_slave_0 added [ 1103.649307][T15317] team0: Port device team_slave_1 added [ 1103.770990][T15317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1103.788842][T15317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1103.854550][T15317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1103.879601][T15460] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2243'. [ 1103.898677][T15460] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2243'. [ 1103.938918][T15463] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2243'. [ 1103.968317][T15463] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2243'. [ 1103.978674][T15062] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 1103.989238][T15317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1103.996209][T15317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1104.066552][T15317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1104.210925][T15062] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1104.220324][T15062] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1104.244077][T15062] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1104.280452][T15062] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 14129, setting to 64 [ 1104.357690][T15062] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1104.377469][T15062] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1104.407881][T15062] usb 3-1: Product: syz [ 1104.423594][T15062] usb 3-1: Manufacturer: syz [ 1104.451070][T15062] cdc_wdm 3-1:1.0: skipping garbage [ 1104.456323][T15062] cdc_wdm 3-1:1.0: skipping garbage [ 1104.479257][T15317] hsr_slave_0: entered promiscuous mode [ 1104.485048][T15062] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1104.500918][T15317] hsr_slave_1: entered promiscuous mode [ 1104.529408][T15317] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1104.551203][T15317] Cannot create hsr debugfs directory [ 1104.575469][ T79] bridge_slave_1: left allmulticast mode [ 1104.588597][ T79] bridge_slave_1: left promiscuous mode [ 1104.599231][ T79] bridge0: port 2(bridge_slave_1) entered disabled state [ 1104.629451][ T79] bridge_slave_0: left allmulticast mode [ 1104.635211][ T79] bridge_slave_0: left promiscuous mode [ 1104.654410][ T79] bridge0: port 1(bridge_slave_0) entered disabled state [ 1104.675503][T15062] usb 3-1: USB disconnect, device number 11 [ 1104.875178][T15468] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1104.913627][T15468] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1105.459374][T15477] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2249'. [ 1105.690508][T15484] fuse: Bad value for 'fd' [ 1106.907951][ T79] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1106.941684][ T79] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1106.989328][ T79] bond0 (unregistering): Released all slaves [ 1107.073923][T15268] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1107.220651][T15268] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1107.415026][T15268] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1107.464902][T15268] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1107.838897][T15507] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2254'. [ 1107.847915][T15507] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2254'. [ 1107.877113][T15510] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2254'. [ 1107.902235][T15510] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2254'. [ 1107.971674][ T79] hsr_slave_0: left promiscuous mode [ 1107.978113][ T79] hsr_slave_1: left promiscuous mode [ 1107.997096][ T79] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1108.018208][ T5086] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1108.044328][ T79] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1108.060615][ T79] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1108.078322][ T79] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1108.168417][ T79] veth1_macvtap: left promiscuous mode [ 1108.189526][ T79] veth0_macvtap: left promiscuous mode [ 1108.197785][ T79] veth1_vlan: left promiscuous mode [ 1108.209888][ T79] veth0_vlan: left promiscuous mode [ 1108.226222][ T5086] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1108.245953][ T5086] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1108.259840][ T5086] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1108.280124][ T5086] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 14129, setting to 64 [ 1108.326364][ T5086] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1108.348436][ T5086] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1108.356612][ T5086] usb 2-1: Product: syz [ 1108.368614][ T5086] usb 2-1: Manufacturer: syz [ 1108.385323][ T5086] cdc_wdm 2-1:1.0: skipping garbage [ 1108.393823][ T5086] cdc_wdm 2-1:1.0: skipping garbage [ 1108.407384][ T5086] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1108.636850][ T5086] usb 2-1: USB disconnect, device number 23 [ 1108.733268][T15521] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2259'. [ 1108.749476][ T5080] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 1108.760547][ T5080] Bluetooth: hci6: Injecting HCI hardware error event [ 1108.769814][T10465] Bluetooth: hci6: hardware error 0x00 [ 1108.883236][T15518] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1108.956317][T15518] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1110.909561][T10465] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 1111.652868][ T79] team0 (unregistering): Port device team_slave_1 removed [ 1111.845083][ T79] team0 (unregistering): Port device team_slave_0 removed [ 1113.418688][ T5134] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1113.633097][ T5134] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1113.648616][ T5134] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1113.718593][ T5134] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1113.739822][ T5134] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 14129, setting to 64 [ 1113.740250][T15556] netlink: 'syz.2.2271': attribute type 1 has an invalid length. [ 1113.773563][ T5134] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1113.776404][T15268] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1113.789953][ T5134] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1113.808366][ T5134] usb 4-1: Product: syz [ 1113.810445][T15556] netlink: 161700 bytes leftover after parsing attributes in process `syz.2.2271'. [ 1113.815984][ T5134] usb 4-1: Manufacturer: syz [ 1113.860537][ T5134] cdc_wdm 4-1:1.0: skipping garbage [ 1113.871186][ T5086] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1113.891660][ T5134] cdc_wdm 4-1:1.0: skipping garbage [ 1113.903492][ T5134] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1114.003787][T15268] 8021q: adding VLAN 0 to HW filter on device team0 [ 1114.164802][T14073] usb 4-1: USB disconnect, device number 17 [ 1114.227013][ T5128] bridge0: port 1(bridge_slave_0) entered blocking state [ 1114.234268][ T5128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1114.303071][ T5086] usb 2-1: Using ep0 maxpacket: 8 [ 1114.312754][ T5086] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 1114.321342][ T5128] bridge0: port 2(bridge_slave_1) entered blocking state [ 1114.325234][ T5086] usb 2-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 1114.331024][ T5128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1114.340235][ T5086] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1114.431312][T15560] syz.2.2272: attempt to access beyond end of device [ 1114.431312][T15560] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0 [ 1114.444897][T15560] ADFS-fs (nbd2): error: unable to read block 3, try 0 [ 1115.015659][T15268] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1115.123910][ T5086] usb 2-1: string descriptor 0 read error: -71 [ 1115.140042][ T5086] hub 2-1:32.0: USB hub found [ 1115.154008][ T5086] hub 2-1:32.0: config failed, can't read hub descriptor (err -22) [ 1115.341206][ T5086] usb 2-1: USB disconnect, device number 24 [ 1115.351936][T15317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1115.383033][T15317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1115.459557][T15317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1115.507015][T15317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1116.436826][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.789051][T15268] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1117.187595][T15317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1117.222315][T15586] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2279'. [ 1117.252095][T15586] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2279'. [ 1117.358346][T15589] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2279'. [ 1117.407683][T15589] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2279'. [ 1117.466654][T15317] 8021q: adding VLAN 0 to HW filter on device team0 [ 1117.673258][T10772] bridge0: port 1(bridge_slave_0) entered blocking state [ 1117.680492][T10772] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1117.772291][T10772] bridge0: port 2(bridge_slave_1) entered blocking state [ 1117.779552][T10772] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1117.971530][T15598] netlink: 'syz.2.2280': attribute type 1 has an invalid length. [ 1118.060315][T15598] netlink: 161700 bytes leftover after parsing attributes in process `syz.2.2280'. [ 1118.282351][T15268] veth0_vlan: entered promiscuous mode [ 1118.317001][T15268] veth1_vlan: entered promiscuous mode [ 1118.632589][T15268] veth0_macvtap: entered promiscuous mode [ 1118.836299][T15268] veth1_macvtap: entered promiscuous mode [ 1119.419464][T15268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1119.448700][T15268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.479089][T15268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1119.512978][T15268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.551794][T15268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1119.672765][T15268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.684441][T15268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1119.695529][T15268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.742506][T15268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1120.702612][T15317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1120.742390][T15268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1120.763350][T15268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1120.804925][T15268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1120.848583][T15268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1120.879241][T15268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1120.918642][T15268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1120.960350][T15268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1120.971936][T15268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1121.022606][T15268] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1121.071947][T15627] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1121.080431][T15268] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1121.118586][T15268] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1121.163116][T15268] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1121.188645][T15268] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1121.749820][T14073] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 1121.967475][T14073] usb 3-1: Using ep0 maxpacket: 8 [ 1121.982877][T14073] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1121.997236][T15317] veth0_vlan: entered promiscuous mode [ 1122.081825][T14073] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1122.105085][T14073] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1122.145954][T14073] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1122.185391][T14073] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1122.214502][T15317] veth1_vlan: entered promiscuous mode [ 1122.233248][T14073] hub 3-1:1.0: bad descriptor, ignoring hub [ 1122.272557][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1122.304331][T14073] hub 3-1:1.0: probe with driver hub failed with error -5 [ 1122.337190][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1122.367816][T14073] cdc_wdm 3-1:1.0: skipping garbage [ 1122.389112][T14073] cdc_wdm 3-1:1.0: skipping garbage [ 1122.407740][T14073] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1122.485148][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1122.513541][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1122.627858][T15317] veth0_macvtap: entered promiscuous mode [ 1122.768362][T10772] usb 3-1: USB disconnect, device number 12 [ 1122.914690][T15640] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2184'. [ 1122.926491][T15317] veth1_macvtap: entered promiscuous mode [ 1122.944246][T15642] netlink: 'syz.3.2290': attribute type 1 has an invalid length. [ 1122.986895][T15642] netlink: 161700 bytes leftover after parsing attributes in process `syz.3.2290'. [ 1123.123941][T15317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1123.145357][T15317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1123.178723][T15317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1123.208559][T15317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1123.219974][T15317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1123.276935][T15650] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2293'. [ 1123.278584][T15317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1123.339979][T15317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1123.411052][T15317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1123.624565][T15317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.366280][T15317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.660003][T15317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1124.981487][T15668] xt_CONNSECMARK: invalid mode: 0 [ 1125.091554][ T5086] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1129.512559][T15317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1129.630086][T15317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.668871][T15317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1129.705795][T15317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.739917][T15317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1129.812350][T15317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.849941][T15317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1129.864007][T15317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.889535][T15317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1129.911840][T15317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.952562][T15317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1130.063407][T15317] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.079509][T15317] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.103537][T15317] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.124395][T15317] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.161592][T15673] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2300'. [ 1130.830031][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1130.837856][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1131.025416][ T6347] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1131.078576][ T6347] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1132.909122][T15697] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2306'. [ 1134.073391][T15706] ubi: mtd0 is already attached to ubi0 [ 1134.309298][T10772] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 1134.973366][T10772] usb 5-1: config index 0 descriptor too short (expected 25970, got 36) [ 1134.993521][T10772] usb 5-1: config 116 has too many interfaces: 99, using maximum allowed: 32 [ 1135.048680][T10772] usb 5-1: config 116 has an invalid descriptor of length 0, skipping remainder of the config [ 1135.108688][ T5193] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1135.115174][T10772] usb 5-1: config 116 has 0 interfaces, different from the descriptor's value: 99 [ 1135.158827][T10772] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 1135.186359][T10772] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1135.338749][ T5193] usb 4-1: Using ep0 maxpacket: 8 [ 1135.352818][ T5193] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1136.168605][ T5193] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1136.202772][ T5193] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1136.223418][ T5128] usb 5-1: USB disconnect, device number 18 [ 1136.235313][ T5193] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1136.282227][ T5193] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1136.308650][ T5193] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1136.538795][ T5193] usb 4-1: usb_control_msg returned -32 [ 1136.544434][ T5193] usbtmc 4-1:16.0: can't read capabilities [ 1136.772845][T15718] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2314'. [ 1136.815017][T15718] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2314'. [ 1137.007908][T15722] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2314'. [ 1137.817710][T15722] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2314'. [ 1137.870063][ T5193] usb 4-1: USB disconnect, device number 18 [ 1138.172670][T15736] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2319'. [ 1138.189135][ T30] INFO: task syz.0.1849:13711 blocked for more than 184 seconds. [ 1138.207892][ T30] Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 1138.224829][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1138.260089][ T30] task:syz.0.1849 state:D stack:28032 pid:13711 tgid:13709 ppid:9684 flags:0x00004004 [ 1138.293201][ T30] Call Trace: [ 1138.304444][ T30] [ 1138.312473][ T30] __schedule+0xf15/0x5d00 [ 1138.327072][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1138.342943][ T30] ? preempt_schedule_notrace+0x62/0xe0 [ 1138.357553][ T30] ? __pfx___schedule+0x10/0x10 [ 1138.368836][ T30] ? schedule+0x298/0x350 [ 1138.377857][ T30] ? __pfx_lock_release+0x10/0x10 [ 1138.392441][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1138.420032][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1138.468338][ T30] schedule+0xe7/0x350 [ 1138.477921][ T30] schedule_preempt_disabled+0x13/0x30 [ 1138.493796][ T30] __mutex_lock+0x5b8/0x9c0 [ 1138.513530][ T30] ? __do_sys_io_uring_register+0x1a4/0x2240 [ 1138.538664][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1138.567402][ T30] ? do_user_addr_fault+0x64e/0xe50 [ 1138.583329][ T30] ? reacquire_held_locks+0x20b/0x4c0 [ 1138.613123][ T30] ? __fget_files+0x256/0x400 [ 1138.628224][ T30] ? __do_sys_io_uring_register+0x1a4/0x2240 [ 1138.637181][ T30] __do_sys_io_uring_register+0x1a4/0x2240 [ 1138.653481][ T30] ? __pfx___do_sys_io_uring_register+0x10/0x10 [ 1138.663607][ T30] do_syscall_64+0xcd/0x250 [ 1139.283353][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1139.309307][ T30] RIP: 0033:0x7fa54ef75bd9 [ 1139.313757][ T30] RSP: 002b:00007fa54e9df048 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 1139.333535][ T30] RAX: ffffffffffffffda RBX: 00007fa54f104038 RCX: 00007fa54ef75bd9 [ 1139.346472][ T30] RDX: 0000000020000100 RSI: 0000000000000018 RDI: 0000000000000004 [ 1139.360515][ T30] RBP: 00007fa54efe4e60 R08: 0000000000000000 R09: 0000000000000000 [ 1139.391304][ T30] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1139.408626][ T30] R13: 000000000000006e R14: 00007fa54f104038 R15: 00007ffe84403778 [ 1139.426964][ T30] [ 1139.435827][ T30] [ 1139.435827][ T30] Showing all locks held in the system: [ 1139.454815][ T30] 1 lock held by khungtaskd/30: [ 1139.468042][ T30] #0: ffffffff8dbb1620 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 1139.718666][ T30] 2 locks held by kworker/u8:3/51: [ 1139.725273][ T30] 2 locks held by getty/4839: [ 1139.734450][ T30] #0: ffff88802c8500a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1139.760853][ T30] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc8/0x1490 [ 1139.788568][ T30] 1 lock held by syz.0.1849/13710: [ 1139.798781][ T30] 1 lock held by syz.0.1849/13711: [ 1139.824463][ T30] #0: ffff88807a2c80a8 (&ctx->uring_lock){+.+.}-{3:3}, at: __do_sys_io_uring_register+0x1a4/0x2240 [ 1139.848231][ T30] [ 1139.853186][ T30] ============================================= [ 1139.853186][ T30] [ 1139.869801][ T30] NMI backtrace for cpu 0 [ 1139.874169][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 1139.884079][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1139.894131][ T30] Call Trace: [ 1139.897591][ T30] [ 1139.900541][ T30] dump_stack_lvl+0x116/0x1f0 [ 1139.905227][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 1139.910179][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1139.916160][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1139.922148][ T30] watchdog+0xf86/0x1240 [ 1139.926422][ T30] ? __pfx_watchdog+0x10/0x10 [ 1139.931109][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1139.936323][ T30] ? __kthread_parkme+0x148/0x220 [ 1139.941356][ T30] ? __pfx_watchdog+0x10/0x10 [ 1139.946054][ T30] kthread+0x2c1/0x3a0 [ 1139.950129][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1139.955327][ T30] ? __pfx_kthread+0x10/0x10 [ 1139.959921][ T30] ret_from_fork+0x45/0x80 [ 1139.964344][ T30] ? __pfx_kthread+0x10/0x10 [ 1139.968941][ T30] ret_from_fork_asm+0x1a/0x30 [ 1139.973802][ T30] [ 1139.978086][ T30] Sending NMI from CPU 0 to CPUs 1: [ 1139.984161][ C1] NMI backtrace for cpu 1 [ 1139.984175][ C1] CPU: 1 PID: 15730 Comm: syz.1.2316 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 1139.984202][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1139.984216][ C1] RIP: 0010:__rcu_read_unlock+0x10e/0x580 [ 1139.984253][ C1] Code: 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 75 01 00 00 8b 83 44 04 00 00 <3d> ff ff ff 3f 0f 87 49 01 00 00 5b 5d 41 5c 41 5d 41 5e c3 cc cc [ 1139.984276][ C1] RSP: 0018:ffffc90003637330 EFLAGS: 00000046 [ 1139.984296][ C1] RAX: 0000000000000000 RBX: ffff888027d35a00 RCX: ffffc900036372e0 [ 1139.984314][ C1] RDX: 0000000000000000 RSI: ffffffff8b2cb200 RDI: ffff888027d35e44 [ 1139.984330][ C1] RBP: ffff888027d35a00 R08: 0000000000000000 R09: fffffbfff1fc90da [ 1139.984346][ C1] R10: ffffffff8fe486d7 R11: 0000000000000002 R12: ffff888027d35a00 [ 1139.984363][ C1] R13: 00000000ffffffff R14: 000000000003d90c R15: ffffea00016bfcd8 [ 1139.984379][ C1] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 1139.984403][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1139.984420][ C1] CR2: 0000000020020000 CR3: 000000000d97a000 CR4: 00000000003506f0 [ 1139.984436][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1139.984452][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1139.984467][ C1] Call Trace: [ 1139.984476][ C1] [ 1139.984484][ C1] ? show_regs+0x8c/0xa0 [ 1139.984517][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 1139.984554][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1139.984586][ C1] ? nmi_handle+0x1a9/0x5c0 [ 1139.984622][ C1] ? __rcu_read_unlock+0x10e/0x580 [ 1139.984656][ C1] ? default_do_nmi+0x6a/0x160 [ 1139.984681][ C1] ? exc_nmi+0x170/0x1e0 [ 1139.984703][ C1] ? end_repeat_nmi+0xf/0x53 [ 1139.984731][ C1] ? __rcu_read_unlock+0x10e/0x580 [ 1139.984760][ C1] ? __rcu_read_unlock+0x10e/0x580 [ 1139.984789][ C1] ? __rcu_read_unlock+0x10e/0x580 [ 1139.984818][ C1] [ 1139.984826][ C1] [ 1139.984834][ C1] filemap_unaccount_folio+0x1a4/0x870 [ 1139.984867][ C1] __filemap_remove_folio+0x115/0x750 [ 1139.984903][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1139.984938][ C1] ? __pfx___filemap_remove_folio+0x10/0x10 [ 1139.984976][ C1] ? do_raw_spin_lock+0x12d/0x2c0 [ 1139.985000][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1139.985028][ C1] filemap_remove_folio+0xc8/0x210 [ 1139.985064][ C1] truncate_inode_folio+0x49/0x70 [ 1139.985089][ C1] shmem_undo_range+0x378/0x1160 [ 1139.985121][ C1] ? __pfx_shmem_undo_range+0x10/0x10 [ 1139.985150][ C1] ? mt_destroy_walk+0xbb0/0xfe0 [ 1139.985183][ C1] ? hlock_class+0x4e/0x130 [ 1139.985210][ C1] ? mark_lock+0xb5/0xc60 [ 1139.985241][ C1] ? stack_access_ok+0xf9/0x270 [ 1139.985275][ C1] ? __module_address+0x55/0x3c0 [ 1139.985297][ C1] ? __pfx_mark_lock+0x10/0x10 [ 1139.985338][ C1] ? percpu_counter_add_batch+0x112/0x1f0 [ 1139.985365][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 1139.985396][ C1] ? percpu_counter_add_batch+0x132/0x1f0 [ 1139.985424][ C1] shmem_evict_inode+0x3a3/0xbb0 [ 1139.985453][ C1] ? find_held_lock+0x2d/0x110 [ 1139.985481][ C1] ? __pfx_shmem_evict_inode+0x10/0x10 [ 1139.985510][ C1] ? evict+0x2b7/0x6c0 [ 1139.985543][ C1] ? __pfx_lock_release+0x10/0x10 [ 1139.985577][ C1] ? __pfx_wake_bit_function+0x10/0x10 [ 1139.985614][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1139.985646][ C1] ? __pfx_shmem_evict_inode+0x10/0x10 [ 1139.985674][ C1] evict+0x2ed/0x6c0 [ 1139.985710][ C1] iput.part.0+0x5a8/0x7f0 [ 1139.985744][ C1] ? __pfx_generic_delete_inode+0x10/0x10 [ 1139.985776][ C1] iput+0x5c/0x80 [ 1139.985810][ C1] dentry_unlink_inode+0x29c/0x480 [ 1139.985834][ C1] __dentry_kill+0x1d0/0x600 [ 1139.985859][ C1] dput.part.0+0x4b1/0x9b0 [ 1139.985884][ C1] dput+0x1f/0x30 [ 1139.985908][ C1] __fput+0x54e/0xbb0 [ 1139.985934][ C1] task_work_run+0x14e/0x250 [ 1139.985956][ C1] ? __pfx_task_work_run+0x10/0x10 [ 1139.985979][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 1139.986005][ C1] do_exit+0xa9b/0x2ba0 [ 1139.986039][ C1] ? get_signal+0x8f2/0x2710 [ 1139.986066][ C1] ? __pfx_do_exit+0x10/0x10 [ 1139.986101][ C1] do_group_exit+0xd3/0x2a0 [ 1139.986135][ C1] get_signal+0x2616/0x2710 [ 1139.986163][ C1] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1139.986196][ C1] ? __pfx_unix_dgram_connect+0x10/0x10 [ 1139.986230][ C1] ? __pfx_get_signal+0x10/0x10 [ 1139.986259][ C1] ? __pfx_do_futex+0x10/0x10 [ 1139.986289][ C1] ? fput+0x32/0x390 [ 1139.986313][ C1] arch_do_signal_or_restart+0x90/0x7e0 [ 1139.986342][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1139.986376][ C1] syscall_exit_to_user_mode+0x14a/0x2a0 [ 1139.986411][ C1] do_syscall_64+0xda/0x250 [ 1139.986443][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1139.986483][ C1] RIP: 0033:0x7f78a7f75bd9 [ 1139.986500][ C1] Code: Unable to access opcode bytes at 0x7f78a7f75baf. [ 1139.986511][ C1] RSP: 002b:00007f78a8cfe048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1139.986533][ C1] RAX: 000000000000000b RBX: 00007f78a8103f60 RCX: 00007f78a7f75bd9 [ 1139.986549][ C1] RDX: 0000000000000651 RSI: 0000000020000000 RDI: 0000000000000005 [ 1139.986565][ C1] RBP: 00007f78a7fe4e60 R08: 0000000000000000 R09: 0000000000000000 [ 1139.986580][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1139.986595][ C1] R13: 000000000000000b R14: 00007f78a8103f60 R15: 00007ffe404ea318 [ 1139.986615][ C1] [ 1140.556963][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1140.563832][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 1140.573706][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1140.583748][ T30] Call Trace: [ 1140.587029][ T30] [ 1140.589959][ T30] dump_stack_lvl+0x3d/0x1f0 [ 1140.594549][ T30] panic+0x6f5/0x7a0 [ 1140.598436][ T30] ? __pfx_panic+0x10/0x10 [ 1140.602845][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1140.608202][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1140.614171][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1140.619549][ T30] ? watchdog+0xd3d/0x1240 [ 1140.623980][ T30] ? watchdog+0xd30/0x1240 [ 1140.628390][ T30] watchdog+0xd4e/0x1240 [ 1140.632631][ T30] ? __pfx_watchdog+0x10/0x10 [ 1140.637293][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1140.642483][ T30] ? __kthread_parkme+0x148/0x220 [ 1140.647497][ T30] ? __pfx_watchdog+0x10/0x10 [ 1140.652250][ T30] kthread+0x2c1/0x3a0 [ 1140.656305][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1140.661494][ T30] ? __pfx_kthread+0x10/0x10 [ 1140.668172][ T30] ret_from_fork+0x45/0x80 [ 1140.672597][ T30] ? __pfx_kthread+0x10/0x10 [ 1140.677184][ T30] ret_from_fork_asm+0x1a/0x30 [ 1140.681946][ T30] [ 1140.685192][ T30] Kernel Offset: disabled [ 1140.689507][ T30] Rebooting in 86400 seconds..