last executing test programs: 12.242466223s ago: executing program 1 (id=4081): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000a80)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) socket$netlink(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socket(0xa, 0x5, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffe24, &(0x7f0000000000)='/proc/3\x00\xff\xff\xffat\x00AE\xf44.\xab%j'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x801, 0x84) socket$kcm(0xa, 0x922000000003, 0x11) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e00)={0x1b, 0x0, 0x0, 0x8000, 0x4, 0x1}, 0x48) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socket$packet(0x11, 0x4000000000002, 0x300) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) socket(0x23, 0x5, 0x0) socket$inet(0x2, 0x80001, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x0, @empty}}}, &(0x7f00000001c0)=0x9c) syz_init_net_socket$netrom(0x6, 0x5, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="4ba2000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r4, @ANYBLOB='\b\x00', @ANYRES8=r1], 0x44}}, 0x0) 12.234847401s ago: executing program 1 (id=4085): openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040), 0x24600, 0x0) ioctl$CAPI_GET_SERIAL(r0, 0xc0044308, &(0x7f0000000080)) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f0000000040)=[{&(0x7f0000000180)="290000002000190f00003fffffffda060200000000e80001dd0000040d001800ea11c21d0005000000", 0x29}], 0x1) bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) accept4(r3, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r3, 0x40089416, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r5 = dup(0xffffffffffffffff) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x1) write$sndseq(r6, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) r7 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x34}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r8}) fanotify_init(0x200, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 10.654426954s ago: executing program 3 (id=4092): connect$can_bcm(0xffffffffffffffff, &(0x7f0000000140), 0x10) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000080), 0x10, &(0x7f0000000440)={&(0x7f0000000d00)=ANY=[@ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="00000040010000000000000000000000005b6048a2e4931133f6d9919fd48557d40798a2be4cc414e02216198977dc3d41ed0880c64c39e5f4059bae641ed151122d22a1adf42bb0920efdf4134e30fd30a89a841af23aaf5aa275bd5408d3ea5f843035456504be9dc4ed8a517a20d1580aa698c97ba67da8d95373e8250122f76f2d847bb2c569ca8d8b8e0ff87bf60db1ce4494929808a7f54911017028611718c4b4a16f2bc936a257406525f87ece05a1ed8020b5dd474ebff5b2710df4a53db2f5cad055601be130df"], 0x80}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x78, 0x78, 0x8, [@union={0x6, 0x6, 0x0, 0x5, 0x0, 0x0, [{0x7, 0x1, 0x5}, {0x4}, {0x2, 0x3, 0x5}, {0x0, 0x0, 0x80000000}, {0x5, 0x1}, {0xe, 0x6b1}]}, @fwd={0xc}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x5, [{0x0, 0x3, 0x6}]}]}, {0x0, [0x61, 0x61, 0x0, 0x1e, 0x2e, 0x61]}}, 0x0, 0x98, 0x0, 0x1, 0x2}, 0x20) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x5b, 0x8a}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001e40)={0x0, &(0x7f0000000440)=""/177, 0x0, &(0x7f0000000280), 0x7f, r0}, 0x38) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0x1e, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000300000000000000ffff0000b7080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000005484fc0c11000000850000000a00000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000", @ANYRES32=0x1, @ANYBLOB="00000000014d00009500000000000000"], &(0x7f0000000800)='syzkaller\x00', 0x9, 0xb2, &(0x7f0000000840)=""/178, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980)=[0x1, 0xffffffffffffffff, r0], &(0x7f00000009c0)=[{0x0, 0x3, 0x0, 0xb}, {0x2, 0x4, 0xe, 0x4}, {0x0, 0x3, 0x0, 0xd}, {0x4, 0x1, 0x5}], 0x10, 0xfffffffe}, 0x90) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$afs(&(0x7f0000000040)=@cell={0x23, 'syz0:', 'syz0', '.backup'}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x1, 0x90, &(0x7f00000001c0)=""/144, 0x40f00, 0x10, '\x00', 0x0, 0x7, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000480)={0x4, 0xf, 0xffffffff, 0x4}, 0x10, 0x0, r1, 0x0, 0x0, &(0x7f0000000b00), 0x10, 0xff8}, 0x90) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r3, 0x0, 0x0) setsockopt$sock_int(r3, 0x1, 0x9, &(0x7f0000000b00), 0x4) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309) mlockall(0x2) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) recvmmsg(r7, &(0x7f00000015c0), 0x0, 0x0, 0x0) socket(0x15, 0x0, 0x10) sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="1800", @ANYRES16=r8, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000340)={r7, r2}) r9 = io_uring_setup(0x0, &(0x7f00000000c0)) io_uring_enter(r9, 0x0, 0x0, 0xf, &(0x7f0000000000), 0x18) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r10) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) 10.420557814s ago: executing program 1 (id=4094): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) syz_emit_ethernet(0xe, &(0x7f0000000000)={@random="434a596143cc", @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, @address_request}}}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x1f4, 0xd50, 0x6558, &(0x7f0000000000)="ff", 0x0, 0x6, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x69) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=',arrier') mount(&(0x7f0000000100)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='hfsplus\x00', 0x0, &(0x7f0000000340)) 10.194717031s ago: executing program 2 (id=4096): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x12) r0 = socket$rds(0x15, 0x5, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat$loop(r1, &(0x7f0000000340)='./file1\x00', 0x0, 0x0) linkat(r1, &(0x7f0000001180)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) unlinkat(r1, &(0x7f0000000200)='./file0\x00', 0x0) unlink(&(0x7f0000000180)='./file1\x00') setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f0000000000)=0x1, 0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) dup(0xffffffffffffffff) r2 = socket(0x25, 0x3, 0x0) ioctl$SIOCX25GSUBSCRIP(r2, 0x89e0, &(0x7f0000000000)={'macvlan1\x00', 0x0, 0x5}) 9.864139151s ago: executing program 1 (id=4098): unshare(0x0) unshare(0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xa}, 0x20) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'virt_wifi0\x00', 0x11}) r0 = socket$kcm(0x10, 0x2, 0x4) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f0000000100)=r2, 0x4) sendmsg$inet(r0, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb98}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000d00)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x458, 0x5014, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xb1}}}}}]}}]}}, &(0x7f00000010c0)={0x0, 0x0, 0x5, &(0x7f0000000140)={0x5, 0xf, 0x5}}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r5, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/34, @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_X86_SETUP_MCE(r6, 0x4008ae9c, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 9.634803994s ago: executing program 3 (id=4100): openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x6, &(0x7f0000003480)=[{&(0x7f0000000040)="1800000072006bcd9e3fe3dc6e080000070900000d020000", 0x18}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58) (async) r2 = syz_open_dev$cec(&(0x7f00000004c0), 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, 0x0}, 0x90) (async) ioctl$CEC_DQEVENT(r2, 0x40046109, &(0x7f0000000240)) (async) close_range(r2, 0xffffffffffffffff, 0x0) r3 = accept$alg(r1, 0x0, 0x0) (async) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) sendmmsg$sock(r3, &(0x7f000000af80)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000002c0)="86", 0xff03}], 0x1}}], 0xfffffdef, 0x0) 9.455018283s ago: executing program 3 (id=4102): r0 = openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000100)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, r0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) mkdir(0x0, 0x0) unshare(0x22020000) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1}, 0x48) r3 = fsmount(r0, 0x1, 0x85) write$P9_RREADDIR(r3, &(0x7f0000000680)={0x49, 0x29, 0x1, {0x8, [{{0x8, 0x0, 0x4}, 0x7, 0x5, 0x7, './file0'}, {{0x10, 0x0, 0x8}, 0x5, 0xff, 0x7, './file0'}]}}, 0x49) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="040e05003b20"], 0x8) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r2, 0x0, &(0x7f0000000a80)=@udp6=r4}, 0x20) r5 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) bind$inet6(r5, &(0x7f0000000280)={0xa, 0x0, 0x0, @empty}, 0x1c) epoll_wait(r0, &(0x7f0000000140)=[{}, {}, {}, {}], 0x4, 0x4) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r2, &(0x7f0000000080), &(0x7f0000001840)=@udp6=r5}, 0x20) ioperm(0x0, 0x3d, 0xd) alarm(0x1) alarm(0x0) dup3(r2, r3, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='rpc_pipefs\x00', 0x0, 0x0) unshare(0x40020000) rmdir(&(0x7f0000000740)='./file0\x00') 8.418165192s ago: executing program 4 (id=4104): bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48) syz_open_dev$dri(&(0x7f00000033c0), 0x0, 0x2380) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000340)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x1000}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9004}, 0x4) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10, &(0x7f0000000240)=0x3e, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) r7 = syz_io_uring_setup(0x728d, &(0x7f00000035c0), &(0x7f0000000100)=0x0, &(0x7f0000000180)=0x0) r10 = socket$inet_sctp(0x2, 0x5, 0x84) syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f0000000300)=@in={0x2, 0x0, @multicast1}}) io_uring_enter(r7, 0x291c, 0x0, 0x0, 0x0, 0x0) 7.035846775s ago: executing program 4 (id=4105): openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040), 0x24600, 0x0) ioctl$CAPI_GET_SERIAL(r0, 0xc0044308, &(0x7f0000000080)) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f0000000040)=[{&(0x7f0000000180)="290000002000190f00003fffffffda060200000000e80001dd0000040d001800ea11c21d0005000000", 0x29}], 0x1) bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) accept4(r4, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r4, 0x40089416, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r6 = dup(0xffffffffffffffff) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x1) write$sndseq(r7, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) r8 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x34}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r9}) r10 = fanotify_init(0x200, 0x0) fanotify_mark(r10, 0x1, 0x4800003e, r2, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 6.318109208s ago: executing program 0 (id=4108): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x8, 0x3, 0x210, 0x0, 0x8, 0xfa04, 0xc0, 0x6c02, 0x178, 0x194, 0x194, 0x178, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'batadv_slave_1\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x98, 0xc0, 0x0, {0x0, 0x74020000}, [@common=@inet=@ecn={{0x28}, {0x10}}]}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'tunl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x270) r2 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r2, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f910, 0x8000, '\x00', @ptr=0x20001100}}) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000000c0)="9c893f9de196128ada1780887af187ed", 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r2, &(0x7f0000000100)="b9", 0x1, 0x4008084, 0x0, 0x0) splice(r2, &(0x7f0000000040)=0x8000000000000000, r2, &(0x7f0000000080)=0x1, 0x100, 0x6) r4 = add_key(&(0x7f0000000180)='rxrpc_s\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)="a67207983791ed3e0d7702cac787fa1827c204561f9325ac6c03a17655118b74ab1d2260845357444218bd3fe2765813af", 0x31, 0xfffffffffffffffc) r5 = socket$caif_stream(0x25, 0x1, 0x2) ioctl$sock_SIOCBRDELBR(r5, 0x89a1, &(0x7f0000000240)='wlan1\x00') keyctl$revoke(0x3, r4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x19) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 6.317374117s ago: executing program 2 (id=4109): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0xa0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x80000000, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0xd, [{@private=0xa010100}, {@private=0xa010101, 0x5}, {@remote}, {@broadcast, 0x80000002}, {@broadcast}, {@empty, 0xfffffb3f}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev, 0x20000}, {@remote, 0x800000}, {@multicast2}, {@private=0xa010101}, {@multicast2}, {@broadcast, 0x52b1}, {@empty}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x67, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@remote, @broadcast, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, &(0x7f0000000440)="0f300fc69f61b458a658a6c1d1667a66b8050000000f015e800f01c166b92c09000066b80980000066ba000000000f30f20f70ed3a640f01c3b802008ec8", 0x42}], 0xaaaaaaaaaaaaca1, 0x78, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r5, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x15}, 0x1c) setsockopt$inet6_mreq(r5, 0x29, 0x4d, 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) mount(&(0x7f0000000480)=@nullb, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000580)='exfat\x00', 0x2020020, &(0x7f0000000540)='\x00') ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000080)) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000100), 0x2c000, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) socket$kcm(0xa, 0x0, 0x87) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f00000003c0)) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000005c0)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {}, 0x2c, {}, 0x2c, {[], [{@obj_type={'obj_type', 0x3d, ']['}}, {@subj_type={'subj_type', 0x3d, '(\x03'}}, {@pcr={'pcr', 0x3d, 0x30}}, {@fowner_gt}]}}) read$FUSE(r3, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write$FUSE_INIT(r7, &(0x7f0000002300)={0x50, 0x0, r8, {0x7, 0x9}}, 0x50) read$FUSE(r7, &(0x7f0000004580)={0x2020}, 0x2020) 5.977220487s ago: executing program 4 (id=4110): connect$can_bcm(0xffffffffffffffff, &(0x7f0000000140), 0x10) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000080), 0x10, &(0x7f0000000440)={&(0x7f0000000d00)=ANY=[@ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="00000040010000000000000000000000005b6048a2e4931133f6d9919fd48557d40798a2be4cc414e02216198977dc3d41ed0880c64c39e5f4059bae641ed151122d22a1adf42bb0920efdf4134e30fd30a89a841af23aaf5aa275bd5408d3ea5f843035456504be9dc4ed8a517a20d1580aa698c97ba67da8d95373e8250122f76f2d847bb2c569ca8d8b8e0ff87bf60db1ce4494929808a7f54911017028611718c4b4a16f2bc936a257406525f87ece05a1ed8020b5dd474ebff5b2710df4a53db2f5cad055601be130df"], 0x80}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x78, 0x78, 0x8, [@union={0x6, 0x6, 0x0, 0x5, 0x0, 0x0, [{0x7, 0x1, 0x5}, {0x4}, {0x2, 0x3, 0x5}, {0x0, 0x0, 0x80000000}, {0x5, 0x1}, {0xe, 0x6b1}]}, @fwd={0xc}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x5, [{0x0, 0x3, 0x6}]}]}, {0x0, [0x61, 0x61, 0x0, 0x1e, 0x2e, 0x61]}}, 0x0, 0x98, 0x0, 0x1, 0x2}, 0x20) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x5b, 0x8a}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001e40)={0x0, &(0x7f0000000440)=""/177, 0x0, &(0x7f0000000280), 0x7f, r0}, 0x38) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0x1e, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000300000000000000ffff0000b7080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000005484fc0c11000000850000000a00000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000", @ANYRES32=0x1, @ANYBLOB="00000000014d00009500000000000000"], &(0x7f0000000800)='syzkaller\x00', 0x9, 0xb2, &(0x7f0000000840)=""/178, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000980)=[0x1, 0xffffffffffffffff, r0], &(0x7f00000009c0)=[{0x0, 0x3, 0x0, 0xb}, {0x2, 0x4, 0xe, 0x4}, {0x0, 0x3, 0x0, 0xd}, {0x4, 0x1, 0x5}], 0x10, 0xfffffffe}, 0x90) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$afs(&(0x7f0000000040)=@cell={0x23, 'syz0:', 'syz0', '.backup'}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x1, 0x90, &(0x7f00000001c0)=""/144, 0x40f00, 0x10, '\x00', 0x0, 0x7, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000480)={0x4, 0xf, 0xffffffff, 0x4}, 0x10, 0x0, r1, 0x0, 0x0, &(0x7f0000000b00), 0x10, 0xff8}, 0x90) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r3, 0x0, 0x0) setsockopt$sock_int(r3, 0x1, 0x9, &(0x7f0000000b00), 0x4) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309) mlockall(0x2) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) recvmmsg(r7, &(0x7f00000015c0), 0x0, 0x0, 0x0) socket(0x15, 0x0, 0x10) sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="1800", @ANYRES16=r8, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000340)={r7, r2}) r9 = io_uring_setup(0x0, &(0x7f00000000c0)) io_uring_enter(r9, 0x0, 0x0, 0xf, &(0x7f0000000000), 0x18) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r10) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) 5.936051651s ago: executing program 0 (id=4111): r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d) mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="ffffffffffffd59185671ca388a825008100000008004500002600002000002f"], 0x3c) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r3, 0x40045402, &(0x7f0000000140)=0x8) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000180)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f00000000c0)={0x0, 0x1ff, 0x0, 0x0, 0xf}) ioctl$SNDRV_TIMER_IOCTL_START(r3, 0x54a0) r4 = epoll_create(0x10000047) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {0x5}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x43}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x54}}, 0x0) io_setup(0x3, &(0x7f0000000040)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000400)={{{@in6=@ipv4, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@private1}}, &(0x7f00000005c0)=0xe8) sendmsg$nl_netfilter(r5, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000540)={&(0x7f0000000740)=ANY=[@ANYBLOB="100200000f05010226bd7000fedbdf2505000009daa933f9f391263a9301cdbb608a4f9726abefe09830d8e97a5ee14e8bb30a7dcb5552aa5ffc91e2ae06611717c0374d5fe620204db399e7473d5ddaef418aee30c85f097e84dab038fa4fd9cb69c3181255b946f255fe95490d59e0cee0b2ff44f240e119a557a21df96766c28e286f42c068c647193c6b13c1fb115acbd5f61177f5c107f0af1dbb4f24afba836aba67d05e909d666d0e1f254b3b6aa3ec51e06b77147b105887e4e906f5aed8f9a5748942ac5aa7c3bcf3126a7877a0f2d49dbc81b54a5d15ff13972151f4971515f5c9d5150bba77a139e1d28fe422f8cb6f1f8be4dd2f991fabc88affb3b6179425f499c58974013f62a3b7b078a57f41e90e699e124a87273b55cc05b658b2b74b300596f584c7222482a9f5abae579e8973eb070f195a7b00991f2b17fef4c0d5d40c6e6f14d8d523c626ae99d3ac3e7b22cd9a7a91ebcbf14caf407a50a058690c1ecbeb45d4e02e6ac09a729acfbb7d485a2f88ccc1e223d405ec9f9643afd02490f3ce253a45832eed782ad16e08a36fef99dcc7ed5dd57c079a1a92e74829251983ff8050d720eb9257134258b443f284eb6400c408448977532d3d33b30d5326ad6f9e95089837b6fb0204aa43c6e4d605667729d8d49d45bdbd1b60ee7e8b95f2d7b7232367d379f3aad2ffddc7613440baf4c61eb11b863189228402572108005200", @ANYRES32=r6, @ANYBLOB="0100"], 0x210}, 0x1, 0x0, 0x0, 0x400c080}, 0x2400c041) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) r9 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, &(0x7f00000002c0)=0x1c, 0x800) bind$inet6(r9, &(0x7f0000000380)={0xa, 0x4e23, 0x3ff, @mcast2, 0xae82}, 0x1c) sendmsg$NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="1a2f6eed45a08307b0f72b82ef3ec65bb272de363e2357e9d3", @ANYRES16=0x0, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r8, @ANYBLOB="08009e0000280000"], 0x24}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000340)) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f00000042c0)={0x5, 0x10000, 0xffffff79, 0x0, 0x2}) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) ioctl$FIONCLEX(r0, 0x5450) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x3ff}}, './file2\x00'}) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) 5.821612185s ago: executing program 3 (id=4112): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000959800001801000020a0702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b7030000000000008500000073000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6_udplite(0xa, 0x2, 0x88) r0 = memfd_create(&(0x7f0000000300), 0x0) fallocate(r0, 0x0, 0x0, 0xffff) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000180), 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ftruncate(r0, 0x4) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000280)=ANY=[@ANYBLOB="000a06000000b1bad858db018ffe0a000000000000000000100000000000000000000000000000000500000000000000000000000000000000010720000000000602000200000000080000000000000000000000f6"], 0x60) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0x0, 0x9, 0x1}, 0x48) r1 = socket(0x1e, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000a40)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) connect$tipc(r1, &(0x7f0000000040)=@id, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000008007b8af8ff00000000bfa200000000000007020000f8ffffffb703000007ec0000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(rfc4543(gcm_base(ctr(aes-aesni),ghash-generic)))\x00'}, 0x58) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 5.439403798s ago: executing program 3 (id=4113): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) sysfs$1(0x1, &(0x7f0000000100)='/dev/hwrng\x00') r2 = socket(0x25, 0x5, 0x0) getsockopt$sock_buf(r2, 0x1, 0x3b, 0x0, &(0x7f0000000140)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000002060102000000000000000000000000050001000700000005000400bd7f22ae4984bdadbe54ba91ea9981000000000c00078008001200000000000900020073797a31000000000500050072052d0fd4f057374cd0083fcb"], 0x5c}}, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r4, 0x29, 0x4, &(0x7f0000000040)=0x9, 0x4) sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0xe) recvmmsg(r4, &(0x7f00000016c0)=[{{0x0, 0x23, 0x0, 0x5f, &(0x7f00000000c0)=""/23, 0x17}, 0x7}], 0x1, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1}) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f00000003c0)={0x0, 0x1c00000}) dup(0xffffffffffffffff) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r5, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r5, 0x5001, 0x0) ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045003, &(0x7f0000000300)) socket$packet(0x11, 0x0, 0x300) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, 0x0) 5.295204419s ago: executing program 4 (id=4114): setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0xfff, 0x0, 0x3a, 0x87a, 0x0, 0x40000000}, 0x1c) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x14, 0x4, 0x8, 0x5}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r1, &(0x7f0000000000), 0x0}, 0x20) lseek(0xffffffffffffffff, 0x0, 0x0) pipe2(&(0x7f0000000100), 0x80080) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000180)=[{0x6, 0xfc, 0x0, 0x5a65}]}) fremovexattr(0xffffffffffffffff, 0x0) mlock2(&(0x7f0000006000/0x2000)=nil, 0x2000, 0x1) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) landlock_create_ruleset(0xfffffffffffffffc, 0x6c, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x80, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x54, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0x1a66}, @TCA_TBF_PRATE64={0xc, 0x5, 0x4f922dbb32345c75}, @TCA_TBF_PBURST={0x8, 0x7, 0x1e58}, @TCA_TBF_PARMS={0x28, 0x1, {{0xfa, 0x0, 0x7, 0x0, 0x0, 0x7fffffff}, {0x4, 0x0, 0x9, 0xdf, 0x6, 0x5e98000}, 0x7, 0x80}}, @TCA_TBF_RATE64={0xc, 0x4, 0x875daa00b316f1f}]}}]}, 0x80}}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000200000000000000000a000000000000000001000005000000000000000001000000000000000000"], &(0x7f0000000f40)=""/4087, 0x3e, 0xff7, 0x2}, 0x20) connect$inet6(0xffffffffffffffff, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0c000310"], 0xf) getdents(0xffffffffffffffff, 0x0, 0x0) inotify_init() openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0) sendmsg$NFQNL_MSG_VERDICT(r5, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) 5.012577765s ago: executing program 2 (id=4115): bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48) syz_open_dev$dri(&(0x7f00000033c0), 0x0, 0x2380) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000340)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x1000}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9004}, 0x4) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10, &(0x7f0000000240)=0x3e, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) r7 = syz_io_uring_setup(0x728d, &(0x7f00000035c0), &(0x7f0000000100)=0x0, &(0x7f0000000180)=0x0) r10 = socket$inet_sctp(0x2, 0x5, 0x84) syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f0000000300)=@in={0x2, 0x0, @multicast1}}) io_uring_enter(r7, 0x291c, 0x0, 0x0, 0x0, 0x0) 4.957401151s ago: executing program 0 (id=4116): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000040)={'wlan1\x00', 0x100}) r1 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000000)={'geneve1\x00', 0x7ffe}) 1.56963617s ago: executing program 2 (id=4117): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x10, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x0, 0x10) chdir(0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='qnx4\x00', 0x0, 0x0) 1.490208701s ago: executing program 1 (id=4118): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)={0x28, 0x5, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) r5 = syz_open_dev$vbi(&(0x7f00000003c0), 0x1, 0x2) clock_gettime(0x0, &(0x7f0000000400)={0x0, 0x0}) ioctl$VIDIOC_QUERYBUF_DMABUF(r5, 0xc0585609, &(0x7f00000004c0)={0x0, 0xa, 0x4, 0x0, 0x8, {r6, r7/1000+60000}, {0x2, 0x2, 0xe, 0x7f, 0x7, 0xff, "0b98d4b0"}, 0x1, 0x4, {}, 0x3}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) readv(r3, &(0x7f0000000480)=[{&(0x7f0000000180)=""/19, 0x13}], 0x2) ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='pstore\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000300)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file1'}, 0x3a}], [], 0x2f}) 1.454134874s ago: executing program 4 (id=4119): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18ddffffffffffffff0000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0xb}, {0x65, 0x0, 0x6}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x2, 0xa, 0x9}, {0x7, 0x0, 0x3, 0x9}, {}, {}, {0x15}}], {{0x5, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, &(0x7f0000000240)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r6, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) sendto$netrom(r6, 0x0, 0x2, 0x0, &(0x7f0000000000)={{0x6, @rose}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48) ioctl$CAPI_CLR_FLAGS(0xffffffffffffffff, 0x80044325, &(0x7f00000000c0)=0x1) mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$qrtr(0x2a, 0x2, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020006000000020073797a310000000008000000000000000900010008797a30000000000800034000000001140000001100010000000000000000000000000a"], 0x64}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x68, &(0x7f0000000000)={&(0x7f0000001940)=ANY=[@ANYBLOB="140000001000010000000000e80000000000000a50000000120a09110000000000000000020000000900020073797a3100000000080004400000000f0900010073797a30000000000800034000000001"], 0x64}}, 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000040)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @loopback}}}, 0x48) 1.452788812s ago: executing program 3 (id=4120): openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040), 0x24600, 0x0) ioctl$CAPI_GET_SERIAL(r0, 0xc0044308, &(0x7f0000000080)) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f0000000040)=[{&(0x7f0000000180)="290000002000190f00003fffffffda060200000000e80001dd0000040d001800ea11c21d0005000000", 0x29}], 0x1) bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) accept4(r4, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r4, 0x40089416, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r6 = dup(0xffffffffffffffff) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x1) write$sndseq(r7, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) r8 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x34}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r9}) r10 = fanotify_init(0x200, 0x0) fanotify_mark(r10, 0x1, 0x4800003e, r2, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 1.358276449s ago: executing program 0 (id=4121): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x10, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='qnx4\x00', 0x0, 0x0) 1.294803048s ago: executing program 2 (id=4122): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x10, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x0, 0x10) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='qnx4\x00', 0x0, 0x0) 1.115091262s ago: executing program 0 (id=4123): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="10000000ff3300001036b30ca559b3074540689a904bd1c591887ef20000"], 0x10}, 0x0) 204.69962ms ago: executing program 2 (id=4124): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000db03000000000000009500000000000000"], 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0xec5, &(0x7f00000008c0), &(0x7f0000000080)=0x0, &(0x7f00000002c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r1, 0x0, 0x10a5, 0x3, &(0x7f0000000040)={[0x1]}, 0x8) io_uring_enter(r1, 0x47fa, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r1, 0xde5, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) capset(0x0, &(0x7f0000000040)) clock_adjtime(0x0, &(0x7f0000000680)={0x19b1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x10000, 0xe5, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4b}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000005fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000005a80)={0x288, 0x0, 0x0, [{{}, {0x0, 0x0, 0x3, 0x0, ':#\x8e'}}, {{}, {0x0, 0x0, 0x4, 0x0, 'GPL\x00'}}, {}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00, 0x0, 0x10000}}, {0x0, 0x0, 0x5, 0x0, '::-\'&'}}]}, 0x0, 0x0}) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r4, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200]}, 0x45c) io_setup(0x6, &(0x7f00000005c0)=0x0) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r6, &(0x7f0000000000), 0x8) listen(r6, 0x0) io_submit(r5, 0x1, &(0x7f0000000640)=[&(0x7f0000000600)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}]) readv(r4, &(0x7f0000000080)=[{&(0x7f0000000580)=""/104, 0x68}], 0x1) socket$nl_generic(0x10, 0x3, 0x10) 105.999752ms ago: executing program 0 (id=4125): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x8031, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000080)=""/152) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='blkio.bfq.sectors\x00', 0x275a, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r3 = openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ipvlan0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="540000001000090400"/20, @ANYRES32=r6, @ANYBLOB="001c00000000000034001280110001006272696467655f736c617665000000001c00058005000900000000000500200000000000050008002923d7bb96a49fb063ca528e3024c9d5500fff5a277109fb404029d0796882b6d5877f247b6fa468aa36e5ca488fb91f9c27c7d527f997917cf5f464d0d1f88166d08ae1e32b1b13e245b4415b4b59ed04fc5700362ee028eb4aca8dbddde174b418e61c1abfb06eb986d4"], 0x54}}, 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000400), 0x40, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB="2c726f6f746d6f64653d303030303030303030303030ec0e36dce0a42a30303030303130303000000c05", @ANYRES8=r4, @ANYBLOB=',group_id=', @ANYRESHEX=r3, @ANYRESHEX=r4]) r8 = socket$inet6(0xa, 0x1, 0xf) bind$inet6(r8, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r9 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r9, 0x1, 0x2, &(0x7f0000000240)=0x9, 0x4) setsockopt$sock_int(r8, 0x1, 0x2, &(0x7f00000002c0)=0xffff, 0x4) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0xe22, 0x4, @dev={0xfe, 0x80, '\x00', 0x2c}}, 0xd) r10 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r10, &(0x7f0000000180)=[{&(0x7f0000000700)="580000001500add427323b472545b45602117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISASSOCIATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="1162f8831f05000000000000000000000000000000002800000008000300", @ANYRES32=r12, @ANYBLOB="0c00990003000000310000000a00060050505050505000000600360000000000"], 0x3c}}, 0x0) sendmsg$NL80211_CMD_GET_POWER_SAVE(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r11, @ANYBLOB="00002cbd7000fbdbdf253e0000000c009900030000fd2a0000005586078dbff2441d31fd85c196049cc0c34ae53d6c9de850cdb59504f340773b0f67fef990e8f19c848f6fd57e9662efd09b5ec858ef5cd25eb9b14d2133905275763a71356e35c46ab5fd2f05297be83e"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x20040880) write$UHID_CREATE2(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="3426bd18beb7619ac6589d86da68efc69500430e6cd578dd0abb5efaae67f3dcd5a2eb6ff91a9b3c63483059d9c085af022b3baae1673ea3ffb541453440b11cedb8020b560096ec30aeba17113a0fca681f596eb44bb8a38c9f8ff6b99d2bf25914d33daa07e96c7c2620ccab6171408b179cd0a93224879222b8d1f051dbd289c59d2349efcafb2156396b24"], 0x1f7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0xffffd000) setitimer(0x0, &(0x7f0000000000), 0x0) 62.725338ms ago: executing program 4 (id=4126): r0 = getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) (async, rerun: 32) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, 0x0, 0x15) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000dc0)='svcrdma_sq_post_err\x00', r6}, 0x10) (async) r7 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f00000006c0)=@nat={'nat\x00', 0x2, 0x5, 0x690, 0xf0, 0x298, 0xffffffff, 0xf0, 0x0, 0x5c0, 0x5c0, 0xffffffff, 0x5c0, 0x5c0, 0x5, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], 'dvmrp0\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv4=@loopback, @ipv4=@multicast1, @gre_key, @gre_key}}}, {{@ipv6={@dev, @loopback, [], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0x160, 0x1a8, 0x0, {}, [@common=@unspec=@conntrack1={{0xb8}, {{@ipv4=@remote, [], @ipv4=@multicast2, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x19, @ipv6=@mcast2, @ipv6=@loopback, @icmp_id, @gre_key}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @gre_key, @gre_key}}}, {{@uncond, 0x0, 0x210, 0x238, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @empty}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @empty, @private1, @private0, @dev, @local, @mcast1, @ipv4={'\x00', '\xff\xff', @multicast2}, @mcast2, @private1, @private1, @local, @dev]}}, @common=@srh={{0x30}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6f0) (async, rerun: 64) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) (rerun: 64) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000e00)=ANY=[@ANYRES64=r2], 0xb0) (async) mount$9p_fd(0x20000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) (async) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r8, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, 0x1c) ioctl$BTRFS_IOC_BALANCE_V2(r3, 0xc4009420, &(0x7f00000002c0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402, @struct, 0x4, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffff]}, {0x10000, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, @usage=0x10001, 0x0, 0x0, [0x0, 0x0, 0xc4]}, {0x0, @struct={0x4, 0x40}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @usage, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1]}}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000280), 0xfea7) (async, rerun: 32) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, 0x0, &(0x7f00000001c0)) (async, rerun: 32) prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x0) (async) accept4$x25(0xffffffffffffffff, 0x0, 0x0, 0x80800) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32) socket$inet_dccp(0x2, 0x6, 0x0) (async, rerun: 32) r9 = getpid() process_vm_readv(r9, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async, rerun: 64) move_pages(r9, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0) (rerun: 64) 0s ago: executing program 1 (id=4127): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000019640)=@newtaction={0x18, 0x30, 0x20, 0x1, 0x0, {}, [{0x4}]}, 0x18}}, 0x4000000) mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3, 0x0, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0x18ffc}, {0x0}], 0x2, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x3, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, r1}, 0x90) syz_emit_vhci(0x0, 0xd) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') syz_emit_vhci(&(0x7f0000000300)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x6e}, "be9e68e6a43db4df3048e5bcb825b1de53572638c7b360fa7592b411722aa1463bd45ac702ddaaf7af3d77d84c800e28e1e9bc52c40b30955187fe87a600b5ac2f13691c5a249932f5c23a1aea341915ff2be85635646f4769c1b10c5acdc666beaf415d627a99af44aa45b1f3d0"}, 0x72) setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00]) read$FUSE(r2, &(0x7f0000003680)={0x2020}, 0x2020) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) creat(&(0x7f0000000040)='./file0/file1\x00', 0x0) unlink(&(0x7f0000000440)='./file0/file1/file0\x00') socket(0x1, 0x802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000300)) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000000)=""/5, 0x5}], 0x1, 0x2f, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) kernel console output (not intermixed with test programs): :1.1: probe with driver cdc_mbim failed with error -71 [ 609.092140][ T5146] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 609.110431][ T5146] usb 3-1: USB disconnect, device number 15 [ 609.271439][ T29] audit: type=1400 audit(1719975434.605:670): avc: denied { mount } for pid=14199 comm="syz.1.3037" name="/" dev="rpc_pipefs" ino=49104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 609.308307][ T29] audit: type=1400 audit(1719975434.635:671): avc: denied { watch } for pid=14199 comm="syz.1.3037" path="/185/file0" dev="rpc_pipefs" ino=49104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=dir permissive=1 [ 609.336402][ T29] audit: type=1400 audit(1719975434.665:672): avc: denied { unmount } for pid=14199 comm="syz.1.3037" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 609.919461][ T5094] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 610.116178][ T5094] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 610.137284][ T5094] usb 3-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 610.165686][ T5094] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 610.189242][ T5094] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 610.208608][ T5094] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.351490][ T5094] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 610.496329][T14033] udevd[14033]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 610.555819][ T5146] usb 3-1: USB disconnect, device number 16 [ 611.036620][ T29] audit: type=1400 audit(1719975436.355:673): avc: denied { getopt } for pid=14233 comm="syz.3.3050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 611.657480][T14258] Can't find a SQUASHFS superblock on nullb0 [ 612.149953][ T5164] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 612.359442][ T5164] usb 4-1: Using ep0 maxpacket: 8 [ 612.380272][ T5164] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 612.391388][ T5164] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 612.412527][ T5164] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 612.437739][ T5164] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 612.466463][ T5164] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 612.516209][ T5164] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 612.544445][ T5164] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.806879][ T5164] usb 4-1: GET_CAPABILITIES returned 0 [ 612.820545][ T5164] usbtmc 4-1:16.0: can't read capabilities [ 613.024880][ T5164] usb 4-1: USB disconnect, device number 11 [ 613.119288][ T5170] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 613.319408][ T5170] usb 1-1: Using ep0 maxpacket: 16 [ 613.333333][ T5170] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 613.369691][ T5170] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 613.389332][ T5170] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 613.407840][ T5170] usb 1-1: SerialNumber: syz [ 613.438599][ T5170] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 613.459272][ T5170] cdc_acm 1-1:1.0: This needs exactly 3 endpoints [ 613.461600][T14285] trusted_key: encrypted_key: keyword 'neÂ]5wÁ°ã"+Ã_ w' not recognized [ 613.465747][ T5170] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -22 [ 613.608536][T14289] Can't find a SQUASHFS superblock on nullb0 [ 615.160291][T14315] tipc: Started in network mode [ 615.165570][T14315] tipc: Node identity 2007ff, cluster identity 4711 [ 615.173078][T14315] tipc: Node number set to 2099199 [ 615.275840][ T29] audit: type=1400 audit(1719975440.605:674): avc: denied { name_bind } for pid=14319 comm="syz.3.3085" path="socket:[49390]" dev="sockfs" ino=49390 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 615.830387][ T5170] usb 1-1: USB disconnect, device number 21 [ 616.980798][T14354] tmpfs: Bad value for 'mpol' [ 617.592083][T14326] syz.1.3087 (14326): drop_caches: 2 [ 617.759555][ T29] audit: type=1326 audit(1719975443.095:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14380 comm="syz.2.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c29375b99 code=0x7ffc0000 [ 617.864568][ T29] audit: type=1326 audit(1719975443.125:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14380 comm="syz.2.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c29375b99 code=0x7ffc0000 [ 617.979403][ T29] audit: type=1326 audit(1719975443.125:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14380 comm="syz.2.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f6c29375b99 code=0x7ffc0000 [ 617.989542][T14388] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3113'. [ 618.078922][ T29] audit: type=1326 audit(1719975443.125:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14380 comm="syz.2.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c29375b99 code=0x7ffc0000 [ 618.119655][T14396] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3113'. [ 619.680469][ T5095] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 619.696579][ T5095] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 619.706216][ T5095] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 619.729702][ T5095] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 619.746148][ T5095] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 619.753942][ T5095] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 619.778868][ T5085] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 619.789178][ T5085] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 619.796716][ T5085] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 619.806349][ T5085] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 619.824426][ T5085] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 619.843777][ T5085] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 619.973159][ T4215] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.162359][ T4215] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.343992][ T4215] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.506307][ T29] audit: type=1400 audit(1719975445.835:679): avc: denied { setattr } for pid=14445 comm="syz.4.3136" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 620.656468][ T4215] team0: Port device netdevsim0 removed [ 620.685113][ T4215] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.685519][T14415] syz.2.3122 (14415): drop_caches: 2 [ 621.321736][ T5087] IPVS: starting estimator thread 0... [ 621.449580][T14469] IPVS: using max 16 ests per chain, 38400 per kthread [ 621.682480][ T4215] bridge_slave_1: left allmulticast mode [ 621.709363][ T4215] bridge_slave_1: left promiscuous mode [ 621.722997][ T4215] bridge0: port 2(bridge_slave_1) entered disabled state [ 621.743775][ T4215] bridge_slave_0: left allmulticast mode [ 621.753852][ T4215] bridge_slave_0: left promiscuous mode [ 621.778200][ T4215] bridge0: port 1(bridge_slave_0) entered disabled state [ 621.868448][ T4215] batman_adv: batadv0: Interface deactivated: bridge0 [ 621.900829][ T5095] Bluetooth: hci3: command tx timeout [ 622.893292][T14498] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3154'. [ 623.740246][ T4215] batman_adv: batadv0: Removing interface: bridge0 [ 623.987430][ T5095] Bluetooth: hci3: command tx timeout [ 624.495548][ T4215] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 624.548194][ T4215] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 624.584270][ T4215] bond0 (unregistering): Released all slaves [ 624.601957][ T29] audit: type=1326 audit(1719975449.935:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14513 comm="syz.3.3160" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87db775b99 code=0x0 [ 624.634306][T14431] chnl_net:caif_netlink_parms(): no params data found [ 624.648179][T14493] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3154'. [ 624.873924][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.881060][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.163679][T14528] x_tables: eb_tables: quota.0 match: invalid size 24 (kernel) != (user) 0 [ 625.381993][T14431] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.416223][T14431] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.452958][T14431] bridge_slave_0: entered allmulticast mode [ 625.488069][T14431] bridge_slave_0: entered promiscuous mode [ 625.620180][ T4215] hsr_slave_0: left promiscuous mode [ 625.659064][ T4215] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 625.705439][ T4215] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.557746][ T5095] Bluetooth: hci3: command tx timeout [ 626.564702][ T4215] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 626.603907][ T4215] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.765225][ T4215] veth1_macvtap: left promiscuous mode [ 626.799338][ T4215] veth0_macvtap: left promiscuous mode [ 626.821602][ T4215] veth1_vlan: left promiscuous mode [ 626.839356][ T4215] veth0_vlan: left promiscuous mode [ 628.620097][ T5095] Bluetooth: hci3: command tx timeout [ 628.902051][ T4215] team0 (unregistering): Port device team_slave_1 removed [ 628.958998][ T4215] team0 (unregistering): Port device team_slave_0 removed [ 629.479442][T14431] bridge0: port 2(bridge_slave_1) entered blocking state [ 629.486783][T14431] bridge0: port 2(bridge_slave_1) entered disabled state [ 629.509443][T14431] bridge_slave_1: entered allmulticast mode [ 629.517050][T14431] bridge_slave_1: entered promiscuous mode [ 629.610591][T14586] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3181'. [ 630.142076][T14431] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 630.285006][T14431] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 630.579686][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 630.735995][T14431] team0: Port device team_slave_0 added [ 630.804246][T14431] team0: Port device team_slave_1 added [ 631.015546][T14431] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 631.035710][T14431] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 631.139419][T14431] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 631.239564][T14431] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 631.257654][T14431] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 631.351724][T14431] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 631.373089][T14616] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 631.381226][T14616] IPv6: NLM_F_CREATE should be set when creating new route [ 631.466873][ T4215] IPVS: stop unused estimator thread 0... [ 631.618079][T14622] netlink: 320 bytes leftover after parsing attributes in process `syz.1.3188'. [ 631.727853][T14431] hsr_slave_0: entered promiscuous mode [ 631.731331][T14431] hsr_slave_1: entered promiscuous mode [ 631.734276][T14431] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 631.734346][T14431] Cannot create hsr debugfs directory [ 631.806565][T14622] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 632.019006][ T29] audit: type=1400 audit(1719975457.345:681): avc: denied { map } for pid=14627 comm="syz.2.3190" path="socket:[49960]" dev="sockfs" ino=49960 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 633.531039][ T5085] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 633.545313][ T5085] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 633.553771][ T5085] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 633.562231][ T5085] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 634.255468][ T5085] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 634.264924][ T5085] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 634.655163][ T4215] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.864448][ T4215] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.068237][ T4215] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.235228][ T4215] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.446364][T14431] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 635.524831][T14431] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 635.539897][T14431] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 635.669739][T14431] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 635.781684][ T4215] bridge_slave_1: left allmulticast mode [ 635.787381][ T4215] bridge_slave_1: left promiscuous mode [ 635.799996][ T4215] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.820576][ T4215] bridge_slave_0: left allmulticast mode [ 635.826264][ T4215] bridge_slave_0: left promiscuous mode [ 635.841684][ T4215] bridge0: port 1(bridge_slave_0) entered disabled state [ 636.382658][ T5095] Bluetooth: hci2: command tx timeout [ 636.415979][ T4215] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 636.428530][ T4215] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 636.441154][ T4215] bond0 (unregistering): (slave team1): Releasing backup interface [ 636.455290][ T4215] bond0 (unregistering): Released all slaves [ 636.474935][ T4215] bond1 (unregistering): Released all slaves [ 636.495636][ T4215] bond2 (unregistering): Released all slaves [ 636.628496][T14651] chnl_net:caif_netlink_parms(): no params data found [ 636.863929][T14651] bridge0: port 1(bridge_slave_0) entered blocking state [ 636.871289][T14651] bridge0: port 1(bridge_slave_0) entered disabled state [ 636.878569][T14651] bridge_slave_0: entered allmulticast mode [ 636.888656][T14651] bridge_slave_0: entered promiscuous mode [ 636.901849][T14651] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.909020][T14651] bridge0: port 2(bridge_slave_1) entered disabled state [ 636.919372][T14651] bridge_slave_1: entered allmulticast mode [ 636.927207][T14651] bridge_slave_1: entered promiscuous mode [ 637.006033][T14651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 637.074788][ T4215] hsr_slave_0: left promiscuous mode [ 637.091519][ T4215] hsr_slave_1: left promiscuous mode [ 637.097894][ T4215] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 637.105762][ T4215] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 637.127027][ T4215] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 637.147609][ T4215] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 637.201969][ T4215] veth1_macvtap: left promiscuous mode [ 637.207576][ T4215] veth0_macvtap: left promiscuous mode [ 637.225977][ T4215] veth1_vlan: left promiscuous mode [ 637.231700][ T4215] veth0_vlan: left promiscuous mode [ 638.459286][ T5095] Bluetooth: hci2: command tx timeout [ 638.720487][ T4215] team0 (unregistering): Port device team_slave_1 removed [ 639.405644][T14651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 639.525179][T14651] team0: Port device team_slave_0 added [ 639.541226][T14651] team0: Port device team_slave_1 added [ 639.614709][T14651] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 639.621857][T14651] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 639.647971][T14651] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 639.671023][T14431] 8021q: adding VLAN 0 to HW filter on device bond0 [ 639.679107][T14651] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 639.689207][T14651] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 639.718713][T14651] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 639.825981][T14651] hsr_slave_0: entered promiscuous mode [ 639.840664][T14651] hsr_slave_1: entered promiscuous mode [ 639.849513][T14651] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 639.857092][T14651] Cannot create hsr debugfs directory [ 639.951357][T14431] 8021q: adding VLAN 0 to HW filter on device team0 [ 640.040083][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 640.047332][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 640.088025][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 640.095275][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 640.201050][ T4215] IPVS: stop unused estimator thread 0... [ 640.539916][ T5095] Bluetooth: hci2: command tx timeout [ 640.828936][T14431] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 640.967201][ T29] audit: type=1326 audit(1719975466.295:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14750 comm="syz.1.3198" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x0 [ 641.025994][T14431] veth0_vlan: entered promiscuous mode [ 641.092705][T14431] veth1_vlan: entered promiscuous mode [ 641.283483][T14431] veth0_macvtap: entered promiscuous mode [ 641.336294][T14431] veth1_macvtap: entered promiscuous mode [ 641.444343][T14651] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 641.516566][T14651] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 641.559654][T14651] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 641.630129][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.659209][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.669096][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.711187][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.739364][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.759206][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.769042][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.792484][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.805021][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.835929][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.862614][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.879206][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.897160][T14431] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 641.921064][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.979415][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 642.001311][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 642.034491][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 642.054668][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 642.088629][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 642.120520][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 642.169539][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 642.203307][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 642.235696][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 642.270652][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 642.297431][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 642.314260][T14431] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 642.323932][T14651] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 642.368641][T14773] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3203'. [ 642.619685][T14431] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 642.640522][ T5095] Bluetooth: hci2: command tx timeout [ 642.749947][T14431] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 642.882067][T14431] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 642.931398][T14431] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 643.436617][T14795] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3211'. [ 643.460085][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 643.491157][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 643.659704][T14795] team0: entered promiscuous mode [ 643.664792][T14795] team_slave_0: entered promiscuous mode [ 643.683007][T14795] team_slave_1: entered promiscuous mode [ 643.712190][ T4215] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 643.724641][T14800] team_slave_0: entered allmulticast mode [ 643.740349][ T4215] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 643.798096][T14800] team0: Port device team_slave_0 removed [ 643.843849][T14651] 8021q: adding VLAN 0 to HW filter on device bond0 [ 643.917953][T14794] team0: left promiscuous mode [ 643.941642][T14794] team_slave_1: left promiscuous mode [ 643.980361][T14651] 8021q: adding VLAN 0 to HW filter on device team0 [ 644.034682][ T5087] bridge0: port 1(bridge_slave_0) entered blocking state [ 644.041852][ T5087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 644.151563][ T5087] bridge0: port 2(bridge_slave_1) entered blocking state [ 644.158725][ T5087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 645.700333][T14826] netlink: 'syz.0.3220': attribute type 4 has an invalid length. [ 645.823644][T14651] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 648.349699][T14847] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 648.349825][T14847] IPv6: NLM_F_CREATE should be set when creating new route [ 648.648077][T14651] veth0_vlan: entered promiscuous mode [ 648.690452][T14651] veth1_vlan: entered promiscuous mode [ 648.801134][T14651] veth0_macvtap: entered promiscuous mode [ 648.967164][T14651] veth1_macvtap: entered promiscuous mode [ 648.998907][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 649.082205][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 649.092346][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 649.103378][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 649.113516][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 649.125304][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 649.135747][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 649.776715][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 649.814022][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 649.852964][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 649.920373][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 649.947007][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 649.976231][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 649.987437][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.022414][T14651] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 650.105142][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.129306][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.149194][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.169188][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.179023][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.209004][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.229198][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.249200][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.259032][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.282501][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.299346][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.321715][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.343648][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.354387][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.366699][T14651] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 650.396011][T14651] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 650.417546][T14651] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 650.426483][T14651] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 650.449200][T14651] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 650.623206][ T1037] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 650.642864][ T1037] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 650.752167][ T1062] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 650.779867][ T1062] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 651.061277][T14878] UBIFS error (pid: 14878): cannot open "./file0", error -22 [ 651.079231][ T29] audit: type=1400 audit(1719975476.385:683): avc: denied { mounton } for pid=14876 comm="syz.1.3235" path="/228/file0" dev="tmpfs" ino=1211 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 651.113381][T14880] netlink: 'syz.3.3234': attribute type 2 has an invalid length. [ 651.349360][T14892] netlink: 'syz.3.3241': attribute type 21 has an invalid length. [ 653.971160][ T5085] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 653.988037][ T5085] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 654.004212][ T5085] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 654.014583][ T5085] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 654.033343][ T5085] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 654.043597][ T5085] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 654.339900][ T29] audit: type=1400 audit(1719975479.665:684): avc: denied { setattr } for pid=14948 comm="syz.3.3264" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 654.427380][ T29] audit: type=1400 audit(1719975479.705:685): avc: denied { write } for pid=14948 comm="syz.3.3264" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 654.521924][ T29] audit: type=1400 audit(1719975479.705:686): avc: denied { open } for pid=14948 comm="syz.3.3264" path="/221/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 654.789810][T14963] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3270'. [ 655.139475][T14976] syz.4.3274 (14976): /proc/14975/oom_adj is deprecated, please use /proc/14975/oom_score_adj instead. [ 655.205140][T14941] chnl_net:caif_netlink_parms(): no params data found [ 655.521569][ T5138] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 655.529330][ T5094] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 655.758755][ T5094] usb 2-1: config 36 has too many interfaces: 248, using maximum allowed: 32 [ 655.808773][ T5094] usb 2-1: config 36 has 1 interface, different from the descriptor's value: 248 [ 655.836968][ T5138] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 655.859560][ T5094] usb 2-1: config 36 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 655.877927][ T5138] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 655.901650][T14941] bridge0: port 1(bridge_slave_0) entered blocking state [ 655.910727][ T5094] usb 2-1: config 36 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 655.930916][ T5138] usb 1-1: Product: syz [ 655.935120][ T5138] usb 1-1: Manufacturer: syz [ 655.961588][T14941] bridge0: port 1(bridge_slave_0) entered disabled state [ 655.964918][T14994] ALSA: mixer_oss: invalid OSS volume '' [ 655.968868][T14941] bridge_slave_0: entered allmulticast mode [ 655.982009][ T5138] usb 1-1: SerialNumber: syz [ 656.013707][ T5138] usb 1-1: config 0 descriptor?? [ 656.029499][ T5094] usb 2-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 656.038532][ T5094] usb 2-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 656.081664][ T5094] usb 2-1: Manufacturer: syz [ 656.092309][T14941] bridge_slave_0: entered promiscuous mode [ 656.109295][ T5094] usb 2-1: SerialNumber: syz [ 656.117683][T14941] bridge0: port 2(bridge_slave_1) entered blocking state [ 656.143282][ T5085] Bluetooth: hci7: command tx timeout [ 656.159398][T14941] bridge0: port 2(bridge_slave_1) entered disabled state [ 656.166786][T14941] bridge_slave_1: entered allmulticast mode [ 656.270979][T14941] bridge_slave_1: entered promiscuous mode [ 656.344819][ T29] audit: type=1400 audit(1719975481.675:687): avc: denied { setattr } for pid=14999 comm="syz.3.3281" name="UDPLITEv6" dev="sockfs" ino=53534 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 656.481190][ T5094] yealink 2-1:36.0: invalid payload size 0, expected 16 [ 656.554957][ T5094] input: Yealink usb-p1k as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:36.0/input/input26 [ 656.652732][ C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 656.659950][ C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 656.666874][ C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 656.673791][ C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 656.680709][ C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 656.687620][ C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 656.694534][ C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 656.701463][ C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 656.708227][ C1] yealink 2-1:36.0: urb_ctl_callback - usb_submit_urb failed -90 [ 656.744998][ T5094] usb 2-1: USB disconnect, device number 19 [ 656.958246][T14941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 657.002166][T14941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 657.045271][ T25] usb 1-1: USB disconnect, device number 22 [ 657.544176][ T1044] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.344427][ T5085] Bluetooth: hci7: command tx timeout [ 658.400199][T14941] team0: Port device team_slave_0 added [ 658.449967][T14941] team0: Port device team_slave_1 added [ 658.673307][ T1044] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.821334][T14941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 658.839246][T14941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 658.907651][T14941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 658.976149][ T1044] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.010518][T14941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 659.026355][T14941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 659.070608][T14941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 659.161914][ T1044] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.459912][T14941] hsr_slave_0: entered promiscuous mode [ 659.563902][T14941] hsr_slave_1: entered promiscuous mode [ 659.691688][T14941] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 659.708806][T14941] Cannot create hsr debugfs directory [ 660.421406][ T5085] Bluetooth: hci7: command tx timeout [ 660.449640][ T29] audit: type=1400 audit(1719975485.785:688): avc: denied { write } for pid=15041 comm="syz.1.3295" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 660.622996][T15054] befs: (nullb0): No write support. Marking filesystem read-only [ 660.645277][T15054] befs: (nullb0): invalid magic header [ 660.831758][ T29] audit: type=1400 audit(1719975486.165:689): avc: denied { read } for pid=15057 comm="syz.1.3300" name="usbmon0" dev="devtmpfs" ino=704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 660.934644][ T29] audit: type=1400 audit(1719975486.165:690): avc: denied { open } for pid=15057 comm="syz.1.3300" path="/dev/usbmon0" dev="devtmpfs" ino=704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 661.059813][ T29] audit: type=1400 audit(1719975486.225:691): avc: denied { ioctl } for pid=15057 comm="syz.1.3300" path="/dev/usbmon0" dev="devtmpfs" ino=704 ioctlcmd=0x9201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 661.275391][ T1044] bridge_slave_1: left allmulticast mode [ 661.309078][ T1044] bridge_slave_1: left promiscuous mode [ 661.337802][ T1044] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.431206][ T1044] bridge_slave_0: left allmulticast mode [ 661.458033][ T1044] bridge_slave_0: left promiscuous mode [ 661.564511][ T1044] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.759355][ T8] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 661.977417][ T8] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 661.999095][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.019278][ T8] usb 1-1: Product: syz [ 662.042161][ T8] usb 1-1: Manufacturer: syz [ 662.055036][ T8] usb 1-1: SerialNumber: syz [ 662.127276][ T8] usb 1-1: config 0 descriptor?? [ 662.459459][ T5085] Bluetooth: hci7: command tx timeout [ 662.983117][T15107] binder: 15104:15107 ioctl 8912 20000540 returned -22 [ 662.992467][T15107] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3315'. [ 663.038053][ T5146] usb 1-1: USB disconnect, device number 23 [ 663.247029][ T1044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 663.267316][ T1044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 663.286015][ T1044] bond0 (unregistering): (slave team1): Releasing backup interface [ 663.302929][ T1044] bond0 (unregistering): Released all slaves [ 663.326132][ T1044] bond1 (unregistering): Released all slaves [ 663.353576][T15099] netlink: 2016 bytes leftover after parsing attributes in process `syz.1.3312'. [ 663.386660][T15099] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3312'. [ 663.530009][ T1044] IPVS: stopping master sync thread 12893 ... [ 664.276059][ T1044] hsr_slave_0: left promiscuous mode [ 664.357448][ T1044] hsr_slave_1: left promiscuous mode [ 664.401282][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 664.526440][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 664.610696][ T35] Bluetooth: hci6: Frame reassembly failed (-84) [ 666.022005][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 666.055860][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 666.198483][ T1044] veth1_macvtap: left promiscuous mode [ 666.233122][ T1044] veth0_macvtap: left promiscuous mode [ 666.252036][ T1044] veth1_vlan: left promiscuous mode [ 666.265424][ T1044] veth0_vlan: left promiscuous mode [ 666.546910][ T5085] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 667.619577][ T5097] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 667.798464][ T1044] team0 (unregistering): Port device team_slave_1 removed [ 667.855099][ T1044] team0 (unregistering): Port device team_slave_0 removed [ 667.855239][ T5097] usb 4-1: config 0 has an invalid interface number: 32 but max is 0 [ 667.870907][ T5097] usb 4-1: config 0 has no interface number 0 [ 667.877043][ T5097] usb 4-1: too many endpoints for config 0 interface 32 altsetting 32: 32, using maximum allowed: 30 [ 667.893493][ T5097] usb 4-1: config 0 interface 32 altsetting 32 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 667.906999][ T5097] usb 4-1: config 0 interface 32 has no altsetting 0 [ 667.918180][ T5097] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 667.927450][ T5097] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 667.935619][ T5097] usb 4-1: Product: syz [ 667.940011][ T5097] usb 4-1: Manufacturer: syz [ 667.944645][ T5097] usb 4-1: SerialNumber: syz [ 667.967814][ T5097] usb 4-1: config 0 descriptor?? [ 668.831117][ T5097] usb 4-1: USB disconnect, device number 12 [ 669.164588][T15177] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3337'. [ 669.241452][T14740] udevd[14740]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.32/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 669.664839][T14941] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 670.531989][ T29] audit: type=1400 audit(1719975495.265:692): avc: denied { module_load } for pid=15188 comm="syz.1.3341" path="/sys/kernel/fscaps" dev="sysfs" ino=1361 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1 [ 670.684604][T14941] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 670.978746][T14941] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 671.034675][T14941] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 671.500325][T14941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 671.507156][T15222] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=15222 comm=syz.3.3349 [ 671.595791][T14941] 8021q: adding VLAN 0 to HW filter on device team0 [ 671.633185][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state [ 671.640451][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 672.017323][ T5170] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.024608][ T5170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 672.190597][T15231] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3351'. [ 672.200264][T15231] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3351'. [ 673.208180][ T29] audit: type=1326 audit(1719975498.535:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15239 comm="syz.3.3355" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87db775b99 code=0x0 [ 673.738018][T15249] netlink: 'syz.4.3354': attribute type 4 has an invalid length. [ 674.553539][T14941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 674.746462][T14941] veth0_vlan: entered promiscuous mode [ 674.771840][T14941] veth1_vlan: entered promiscuous mode [ 674.883530][T14941] veth0_macvtap: entered promiscuous mode [ 674.905589][T14941] veth1_macvtap: entered promiscuous mode [ 674.991232][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 675.097915][ T29] audit: type=1326 audit(1719975500.425:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15273 comm="syz.3.3367" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87db775b99 code=0x0 [ 675.142945][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 675.181323][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 675.232280][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 675.262536][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 675.316245][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 675.332295][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 675.369827][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 675.521716][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 675.734499][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.095647][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.146598][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.197124][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.214885][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.246458][T14941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 676.295708][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.338584][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.370447][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.383519][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.394645][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.419336][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.449516][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.476049][T15286] evm: overlay not supported [ 676.476468][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.507790][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.532946][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.554983][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.588687][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.616489][T14941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.643678][T14941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.661520][T14941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 676.740657][T14941] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 676.773211][T14941] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 676.808648][T14941] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 676.838258][T14941] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 677.885673][ T1044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 677.914807][ T1044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 678.631370][ T1053] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 678.710269][ T1053] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 681.405760][T15376] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3399'. [ 682.155399][T15393] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3405'. [ 682.164778][T15393] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3405'. [ 684.212508][ T29] audit: type=1400 audit(1719975509.535:695): avc: denied { module_load } for pid=15416 comm="syz.3.3413" path="/260/bus" dev="tmpfs" ino=1406 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 684.213139][T15417] Invalid ELF header magic: != ELF [ 684.645272][ T1044] Bluetooth: hci6: Frame reassembly failed (-84) [ 684.676744][T15427] Bluetooth: hci6: Frame reassembly failed (-84) [ 686.306291][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.314285][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.319299][ T8] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 686.519338][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 686.527661][ T8] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 686.541633][ T8] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 686.551990][ T8] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 686.561932][ T8] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 686.578479][ T8] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 686.594158][ T8] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 686.605964][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.699488][ T5095] Bluetooth: hci6: command 0x1003 tx timeout [ 686.707135][ T5085] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 686.780058][ T1148] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 686.815289][ T29] audit: type=1400 audit(1719975512.145:696): avc: denied { create } for pid=15502 comm="syz.0.3449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 686.821544][T15503] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3449'. [ 686.890358][ T29] audit: type=1400 audit(1719975512.145:697): avc: denied { write } for pid=15502 comm="syz.0.3449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 686.910934][ T8] usb 3-1: usb_control_msg returned -32 [ 686.916565][ T8] usbtmc 3-1:16.0: can't read capabilities [ 686.940433][ T29] audit: type=1400 audit(1719975512.145:698): avc: denied { nlmsg_write } for pid=15502 comm="syz.0.3449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 686.991527][ T1148] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 687.003717][ T1148] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 687.017463][ T29] audit: type=1400 audit(1719975512.185:699): avc: denied { execmem } for pid=15504 comm="syz.1.3450" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 687.029183][ T1148] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 687.078181][ T1148] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 687.118233][ T1148] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.142091][ T1148] usb 4-1: config 0 descriptor?? [ 687.148085][T15495] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 687.297407][T15513] usbtmc 3-1:16.0: usb_bulk_msg returned -71 [ 687.523326][ T25] usb 3-1: USB disconnect, device number 17 [ 687.581695][ T1148] plantronics 0003:047F:FFFF.000E: unknown main item tag 0xd [ 687.612327][ T1148] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving [ 687.639999][ T1148] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 687.847703][ T25] usb 4-1: USB disconnect, device number 13 [ 688.860978][ T5085] Bluetooth: hci7: Controller not accepting commands anymore: ncmd = 0 [ 688.873053][ T5085] Bluetooth: hci7: Injecting HCI hardware error event [ 688.883772][ T5095] Bluetooth: hci7: hardware error 0x00 [ 689.799706][T15569] input: syz1 as /devices/virtual/input/input28 [ 689.990206][ T25] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 690.241558][ T25] usb 1-1: config 36 has too many interfaces: 248, using maximum allowed: 32 [ 690.329314][ T25] usb 1-1: config 36 has 1 interface, different from the descriptor's value: 248 [ 690.368078][ T25] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 690.459086][ T25] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 690.659036][ T25] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 690.748091][ T25] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 690.939403][ T5095] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 690.960658][ T25] usb 1-1: Manufacturer: syz [ 690.965307][ T25] usb 1-1: SerialNumber: syz [ 691.283906][ T25] yealink 1-1:36.0: invalid payload size 0, expected 16 [ 691.306067][ T25] input: Yealink usb-p1k as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:36.0/input/input29 [ 691.334530][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 691.341559][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 691.348548][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 691.355523][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 691.362494][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 691.369474][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 691.376457][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 691.383403][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 691.390155][ C1] yealink 1-1:36.0: urb_ctl_callback - usb_submit_urb failed -90 [ 691.433866][ T25] usb 1-1: USB disconnect, device number 24 [ 691.819574][ T5095] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 691.830214][ T5095] Bluetooth: hci3: Injecting HCI hardware error event [ 691.839961][ T5095] Bluetooth: hci3: hardware error 0x00 [ 692.584949][T15636] overlayfs: failed to resolve './file1': -2 [ 692.918453][T15632] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3504'. [ 693.713544][ T29] audit: type=1400 audit(1719975519.045:700): avc: denied { ioctl } for pid=15660 comm="syz.3.3517" path="socket:[56223]" dev="sockfs" ino=56223 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 693.723035][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 693.796073][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.818317][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 693.854057][T15668] ieee802154 phy0 wpan0: encryption failed: -22 [ 693.861471][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.912030][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 693.958434][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.974734][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 693.988329][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.989269][ T5095] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 694.010969][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.021494][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.038053][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.048677][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.059042][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.069623][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.079817][T15664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.090374][T15664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.365042][ T29] audit: type=1326 audit(1719975519.685:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15678 comm="syz.1.3524" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x0 [ 695.601732][T15708] Mount JFS Failure: -22 [ 696.099938][ T25] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 696.302734][ T25] usb 1-1: config 36 has too many interfaces: 248, using maximum allowed: 32 [ 696.379905][ T25] usb 1-1: config 36 has 1 interface, different from the descriptor's value: 248 [ 696.426324][ T25] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 696.471814][ T25] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 696.504012][ T25] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 696.518923][ T25] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 696.527389][ T25] usb 1-1: Manufacturer: syz [ 696.533228][ T25] usb 1-1: SerialNumber: syz [ 696.831394][ T25] yealink 1-1:36.0: invalid payload size 0, expected 16 [ 696.863617][ T25] input: Yealink usb-p1k as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:36.0/input/input30 [ 696.891919][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 696.898940][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 696.905930][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 696.912971][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 696.919952][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 696.926881][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 696.933850][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 696.940765][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 696.947513][ C1] yealink 1-1:36.0: urb_ctl_callback - usb_submit_urb failed -90 [ 697.005635][ T25] usb 1-1: USB disconnect, device number 25 [ 698.519351][T15757] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 698.759499][ T25] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 698.959300][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 698.989274][ T25] usb 2-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config [ 699.013661][ T25] usb 2-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 699.059248][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 699.095999][ T25] usb 2-1: config 0 descriptor?? [ 699.122706][ T25] usb 2-1: bad CDC descriptors [ 699.434336][ T5094] usb 2-1: USB disconnect, device number 20 [ 700.980522][ T29] audit: type=1400 audit(1719975526.305:702): avc: denied { relabelfrom } for pid=15832 comm="syz.1.3587" name="NETLINK" dev="sockfs" ino=57724 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 701.039364][ T5095] block nbd2: Receive control failed (result -32) [ 701.051737][T15831] block nbd2: shutting down sockets [ 701.094040][ T29] audit: type=1400 audit(1719975526.315:703): avc: denied { relabelto } for pid=15832 comm="syz.1.3587" name="NETLINK" dev="sockfs" ino=57724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1 [ 701.499537][ T5165] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 701.711881][ T5165] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 701.733201][ T5165] usb 2-1: New USB device found, idVendor=0403, idProduct=fc0d, bcdDevice=eb.04 [ 701.759314][ T5165] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.809406][ T5165] usb 2-1: config 0 descriptor?? [ 701.818174][ T5165] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 701.850078][ T5165] ftdi_sio ttyUSB0: unknown device type: 0xeb04 [ 702.028537][ T5165] usb 2-1: USB disconnect, device number 21 [ 702.060929][ T5165] ftdi_sio 2-1:0.0: device disconnected [ 702.587691][T15883] netlink: 14601 bytes leftover after parsing attributes in process `syz.0.3608'. [ 702.639400][ T5165] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 702.855833][ T5165] usb 4-1: Using ep0 maxpacket: 32 [ 702.876941][ T5165] usb 4-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config [ 702.907929][ T5165] usb 4-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 702.942194][ T5165] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 702.955132][ T29] audit: type=1400 audit(1719975528.275:704): avc: denied { setattr } for pid=15892 comm="syz.0.3613" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 703.012442][ T5165] usb 4-1: config 0 descriptor?? [ 703.027325][ T5165] usb 4-1: bad CDC descriptors [ 703.131631][T15902] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 703.194848][T15905] Cannot find add_set index 0 as target [ 703.349052][ T5165] usb 4-1: USB disconnect, device number 14 [ 704.146727][T15934] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 704.353017][ T29] audit: type=1400 audit(1719975529.685:705): avc: denied { getopt } for pid=15938 comm="syz.0.3631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 704.481082][ T29] audit: type=1400 audit(1719975529.815:706): avc: denied { read } for pid=15942 comm="syz.0.3633" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 704.527917][ T29] audit: type=1400 audit(1719975529.815:707): avc: denied { open } for pid=15942 comm="syz.0.3633" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 704.896747][ T29] audit: type=1400 audit(1719975530.225:708): avc: denied { getattr } for pid=15949 comm="syz.3.3635" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 706.434644][T16004] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 706.550623][T16008] fuse: Bad value for 'fd' [ 706.859560][T16019] netlink: 'syz.4.3661': attribute type 11 has an invalid length. [ 707.268286][ T29] audit: type=1326 audit(1719975532.585:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16027 comm="syz.4.3663" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce74575b99 code=0x0 [ 709.229261][ T5097] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 709.309742][T16089] netlink: 'syz.2.3686': attribute type 11 has an invalid length. [ 709.446881][ T5097] usb 4-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=26.ea [ 709.473704][ T5097] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 709.538296][ T5097] usb 4-1: config 0 descriptor?? [ 709.563783][ T5097] usb 4-1: Invalid firmware size=18. [ 709.748827][T16097] netlink: 'syz.0.3690': attribute type 3 has an invalid length. [ 709.777465][T16097] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3690'. [ 709.798306][ T5097] usb 4-1: USB disconnect, device number 15 [ 709.808960][T16097] netlink: 'syz.0.3690': attribute type 4 has an invalid length. [ 709.886679][T16097] netlink: 'syz.0.3690': attribute type 4 has an invalid length. [ 711.753165][T16149] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3709'. [ 711.762438][T16149] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3709'. [ 712.010518][T16157] netlink: 'syz.4.3714': attribute type 3 has an invalid length. [ 712.032182][ T5097] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 712.040790][T16157] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3714'. [ 712.077180][T16157] netlink: 'syz.4.3714': attribute type 4 has an invalid length. [ 712.090774][T16157] netlink: 'syz.4.3714': attribute type 4 has an invalid length. [ 712.245089][ T5097] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 712.284790][ T5097] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 712.328350][ T29] audit: type=1400 audit(1719975537.655:710): avc: denied { bind } for pid=16168 comm="syz.0.3717" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 712.360995][ T5097] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 712.397429][ T5097] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 712.423978][ T5097] usb 4-1: Manufacturer: syz [ 712.447701][ T5097] usb 4-1: config 0 descriptor?? [ 712.479459][ T5097] igorplugusb 4-1:0.0: incorrect number of endpoints [ 712.495877][T16172] fuse: Bad value for 'fd' [ 712.681963][T16146] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 712.709102][T16146] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 712.769755][T16146] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 712.795738][T16146] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 712.861271][ T5138] usb 4-1: USB disconnect, device number 16 [ 716.022322][ T1062] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 716.255854][ T1062] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 716.629223][ T1062] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 716.887443][ T1062] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 716.926254][ T5085] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 716.940112][ T5085] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 716.949915][ T5085] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 716.959433][ T5085] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 716.967470][ T5085] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 716.975259][ T5085] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 717.488094][ T1062] bridge_slave_1: left allmulticast mode [ 717.509271][ T1062] bridge_slave_1: left promiscuous mode [ 717.515165][ T1062] bridge0: port 2(bridge_slave_1) entered disabled state [ 717.603417][ T1062] bridge_slave_0: left allmulticast mode [ 717.620194][ T1062] bridge_slave_0: left promiscuous mode [ 717.630821][ T1062] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.019814][ T5085] Bluetooth: hci3: command tx timeout [ 719.458203][ T1062] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 719.475261][ T1062] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 719.486816][ T1062] bond0 (unregistering): Released all slaves [ 719.502262][T16293] chnl_net:caif_netlink_parms(): no params data found [ 719.639231][ T29] audit: type=1400 audit(1719975544.965:711): avc: denied { getopt } for pid=16342 comm="syz.1.3781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 720.522390][ T8] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 720.765251][ T8] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 720.940445][ T8] usb 3-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 721.002266][ T8] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 721.086075][ T8] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 721.099375][ T5085] Bluetooth: hci3: command tx timeout [ 721.159436][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 721.370931][ T8] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 721.473609][T15006] udevd[15006]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 721.510763][ T1062] hsr_slave_0: left promiscuous mode [ 721.517096][ T1062] hsr_slave_1: left promiscuous mode [ 721.541427][ T1062] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 721.548883][ T1062] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 721.597501][ T5165] usb 3-1: USB disconnect, device number 18 [ 721.621506][ T1062] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 721.628963][ T1062] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 721.720518][ T1062] veth1_macvtap: left promiscuous mode [ 721.726117][ T1062] veth0_macvtap: left promiscuous mode [ 721.745989][ T1062] veth1_vlan: left promiscuous mode [ 721.760219][ T1062] veth0_vlan: left promiscuous mode [ 722.576265][ T29] audit: type=1326 audit(1719975547.905:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291af75b99 code=0x7ffc0000 [ 722.650846][ T29] audit: type=1326 audit(1719975547.935:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291af75b99 code=0x7ffc0000 [ 722.749320][ T29] audit: type=1326 audit(1719975547.935:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f291af75b99 code=0x7ffc0000 [ 722.829318][ T29] audit: type=1326 audit(1719975547.935:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291af75b99 code=0x7ffc0000 [ 722.895050][ T29] audit: type=1326 audit(1719975547.935:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291af75b99 code=0x7ffc0000 [ 722.959345][ T29] audit: type=1326 audit(1719975547.945:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f291af75b99 code=0x7ffc0000 [ 722.993126][ T29] audit: type=1326 audit(1719975547.945:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291af75b99 code=0x7ffc0000 [ 723.027422][ T29] audit: type=1326 audit(1719975547.945:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f291af75b99 code=0x7ffc0000 [ 723.069318][ T29] audit: type=1326 audit(1719975547.945:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16388 comm="syz.2.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291af75b99 code=0x7ffc0000 [ 723.189304][ T5085] Bluetooth: hci3: command tx timeout [ 723.368422][T16409] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3796'. [ 723.416095][ T1062] team0 (unregistering): Port device team_slave_1 removed [ 723.499913][T16413] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3796'. [ 723.559125][T16413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3796'. [ 723.571221][ T1062] team0 (unregistering): Port device team_slave_0 removed [ 724.225526][T16293] bridge0: port 1(bridge_slave_0) entered blocking state [ 724.233132][T16293] bridge0: port 1(bridge_slave_0) entered disabled state [ 724.240742][T16293] bridge_slave_0: entered allmulticast mode [ 724.248871][T16293] bridge_slave_0: entered promiscuous mode [ 724.286220][T16387] netlink: 2088 bytes leftover after parsing attributes in process `syz.4.3790'. [ 724.413985][T16293] bridge0: port 2(bridge_slave_1) entered blocking state [ 724.429439][T16293] bridge0: port 2(bridge_slave_1) entered disabled state [ 724.449468][T16293] bridge_slave_1: entered allmulticast mode [ 724.467322][T16293] bridge_slave_1: entered promiscuous mode [ 724.649295][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 724.649314][ T29] audit: type=1400 audit(1719975549.965:729): avc: denied { getopt } for pid=16430 comm="syz.3.3801" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 724.761197][T16293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 724.793314][ T29] audit: type=1326 audit(1719975550.125:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16437 comm="syz.3.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87db775b99 code=0x7ffc0000 [ 724.834593][T16432] bond0: entered promiscuous mode [ 724.859314][T16432] bond_slave_0: entered promiscuous mode [ 724.870502][ T29] audit: type=1326 audit(1719975550.125:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16437 comm="syz.3.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87db775b99 code=0x7ffc0000 [ 724.906554][T16432] bond_slave_1: entered promiscuous mode [ 724.918652][ T29] audit: type=1326 audit(1719975550.135:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16437 comm="syz.3.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f87db775b99 code=0x7ffc0000 [ 724.985769][T16293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 725.007551][ T29] audit: type=1326 audit(1719975550.135:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16437 comm="syz.3.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87db775b99 code=0x7ffc0000 [ 725.252271][T16293] team0: Port device team_slave_0 added [ 725.270801][ T5085] Bluetooth: hci3: command tx timeout [ 725.314702][T16293] team0: Port device team_slave_1 added [ 726.043577][T16293] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 726.096938][T16293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 726.203931][T16293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 726.260094][T16293] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 726.287410][T16293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 726.339047][T16293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 726.447446][T16472] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3813'. [ 726.679379][T16479] input: syz1 as /devices/virtual/input/input31 [ 726.713935][T16293] hsr_slave_0: entered promiscuous mode [ 726.754547][T16293] hsr_slave_1: entered promiscuous mode [ 726.767938][T16293] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 726.780704][T16293] Cannot create hsr debugfs directory [ 726.828350][T16480] bond0: entered promiscuous mode [ 726.851585][T16480] bond_slave_0: entered promiscuous mode [ 726.892585][T16480] bond_slave_1: entered promiscuous mode [ 727.378076][ T29] audit: type=1326 audit(1719975552.705:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16504 comm="syz.1.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 727.484581][ T29] audit: type=1326 audit(1719975552.705:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16504 comm="syz.1.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 727.573658][ T29] audit: type=1326 audit(1719975552.735:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16504 comm="syz.1.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 727.674130][ T29] audit: type=1326 audit(1719975552.735:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16504 comm="syz.1.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 727.770056][ T29] audit: type=1326 audit(1719975552.735:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16504 comm="syz.1.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 728.213788][T16521] bond0: entered promiscuous mode [ 728.218913][T16521] bond_slave_0: entered promiscuous mode [ 728.250871][T16521] bond_slave_1: entered promiscuous mode [ 728.300741][T16521] team1: entered promiscuous mode [ 729.492425][T16293] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 729.533768][T16293] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 729.541336][T16567] kernel profiling enabled (shift: 3) [ 729.611590][T16293] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 729.663766][T16293] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 730.006640][T16293] 8021q: adding VLAN 0 to HW filter on device bond0 [ 730.073488][T16293] 8021q: adding VLAN 0 to HW filter on device team0 [ 730.111640][ T5165] bridge0: port 1(bridge_slave_0) entered blocking state [ 730.118892][ T5165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 730.181841][ T5165] bridge0: port 2(bridge_slave_1) entered blocking state [ 730.189112][ T5165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 730.356546][T16293] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 730.944116][T16293] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 731.137297][T16293] veth0_vlan: entered promiscuous mode [ 731.237364][T16293] veth1_vlan: entered promiscuous mode [ 731.962860][T16293] veth0_macvtap: entered promiscuous mode [ 732.056652][T16293] veth1_macvtap: entered promiscuous mode [ 732.182070][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 732.194116][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.203995][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 732.265049][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.309343][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 732.332492][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.384122][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 732.406351][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.429423][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 732.459703][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.479956][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 732.505914][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.522372][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 732.541836][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.591287][T16293] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 732.643451][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 732.667098][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.716433][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 732.737641][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.757920][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 732.779689][ T29] kauditd_printk_skb: 59 callbacks suppressed [ 732.779706][ T29] audit: type=1400 audit(1719975558.105:798): avc: denied { setopt } for pid=16627 comm="syz.1.3857" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 732.819367][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.850969][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 732.883122][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.910600][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 732.929209][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.939089][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 732.975223][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 732.991934][T16293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 733.012654][T16293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.041507][T16293] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 733.065119][T16293] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 733.094671][T16293] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 733.135026][T16293] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 733.184803][T16293] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 733.867033][T16642] bond0: entered promiscuous mode [ 733.914127][T16642] bond_slave_0: entered promiscuous mode [ 733.951017][T16642] bond_slave_1: entered promiscuous mode [ 734.310950][T16654] netlink: 320 bytes leftover after parsing attributes in process `syz.1.3863'. [ 734.421276][ T1044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 734.429135][ T1044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 734.592069][ T1044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 734.631684][ T1044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 735.040802][T16670] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3865'. [ 735.106907][T16670] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3865'. [ 735.609582][ T5097] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 735.776115][T16670] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3865'. [ 736.047066][ T5097] usb 2-1: Using ep0 maxpacket: 8 [ 736.080374][ T5097] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 736.119294][ T5097] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 736.169212][ T5097] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 736.239736][ T5097] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 736.260303][ T5097] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 736.294440][ T5097] usb 2-1: config 0 descriptor?? [ 737.771629][ T29] audit: type=1400 audit(1719975563.085:799): avc: denied { setopt } for pid=16729 comm="syz.3.3880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 737.776234][ T5097] usbhid 2-1:0.0: can't add hid device: -71 [ 737.922093][ T5097] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 737.943753][ T5097] usb 2-1: USB disconnect, device number 22 [ 739.939506][ T5138] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 740.378961][ T5138] usb 3-1: Using ep0 maxpacket: 8 [ 740.420308][ T5138] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 740.449793][ T5138] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 740.467100][ T5138] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 740.491553][ T5138] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 740.519316][ T5138] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 740.571088][ T5138] usb 3-1: config 0 descriptor?? [ 740.911980][T16808] smc: net device ip6_vti0 applied user defined pnetid SYZ0 [ 742.197990][ T5138] usbhid 3-1:0.0: can't add hid device: -71 [ 742.482764][ T5138] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 742.545970][ T5138] usb 3-1: USB disconnect, device number 19 [ 743.252171][T16855] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 744.111935][T16872] binder: 16871:16872 ioctl c0306201 20000380 returned -14 [ 744.132144][T16876] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3927'. [ 744.299812][ T5085] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 744.308777][ T5085] Bluetooth: hci3: Injecting HCI hardware error event [ 744.319625][ T5085] Bluetooth: hci3: hardware error 0x00 [ 744.741400][T16894] FAULT_INJECTION: forcing a failure. [ 744.741400][T16894] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 744.786343][T16894] CPU: 0 PID: 16894 Comm: syz.3.3935 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 744.796554][T16894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 744.806636][T16894] Call Trace: [ 744.809933][T16894] [ 744.812878][T16894] dump_stack_lvl+0x16c/0x1f0 [ 744.817581][T16894] should_fail_ex+0x497/0x5b0 [ 744.822287][T16894] _copy_from_iter+0x2a1/0x1140 [ 744.827169][T16894] ? __pfx__copy_from_iter+0x10/0x10 [ 744.832481][T16894] ? tun_build_skb.constprop.0+0x198/0x1250 [ 744.838407][T16894] ? __pfx_lock_release+0x10/0x10 [ 744.843462][T16894] ? mark_lock+0xb5/0xc60 [ 744.847828][T16894] copy_page_from_iter+0xa5/0x120 [ 744.852880][T16894] tun_build_skb.constprop.0+0x274/0x1250 [ 744.858632][T16894] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 744.864799][T16894] ? hlock_class+0x4e/0x130 [ 744.869321][T16894] ? __lock_acquire+0xc5d/0x3b30 [ 744.874276][T16894] tun_get_user+0x888/0x3c30 [ 744.878894][T16894] ? __pfx_tun_get_user+0x10/0x10 [ 744.883939][T16894] ? find_held_lock+0x2d/0x110 [ 744.888713][T16894] ? __pfx_lock_release+0x10/0x10 [ 744.893752][T16894] tun_chr_write_iter+0xe8/0x210 [ 744.898703][T16894] vfs_write+0x6b6/0x1140 [ 744.903053][T16894] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 744.908614][T16894] ? __pfx_vfs_write+0x10/0x10 [ 744.913389][T16894] ? __fget_files+0x256/0x400 [ 744.918072][T16894] ? __fget_light+0x173/0x210 [ 744.922765][T16894] ksys_write+0x12f/0x260 [ 744.927099][T16894] ? __pfx_ksys_write+0x10/0x10 [ 744.931956][T16894] do_syscall_64+0xcd/0x250 [ 744.936475][T16894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 744.942386][T16894] RIP: 0033:0x7f87db77471f [ 744.946811][T16894] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 744.966421][T16894] RSP: 002b:00007f87dc53d010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 744.974837][T16894] RAX: ffffffffffffffda RBX: 00007f87db903f60 RCX: 00007f87db77471f [ 744.982804][T16894] RDX: 000000000000009e RSI: 0000000020000180 RDI: 00000000000000c8 [ 744.990774][T16894] RBP: 00007f87dc53d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 744.998741][T16894] R10: 000000000000009e R11: 0000000000000293 R12: 0000000000000001 [ 745.006711][T16894] R13: 000000000000000b R14: 00007f87db903f60 R15: 00007ffea6dbbe88 [ 745.014685][T16894] [ 745.059289][ T29] audit: type=1326 audit(1719975570.355:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 745.066893][T16899] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 745.150921][ T29] audit: type=1326 audit(1719975570.475:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 745.247778][ T29] audit: type=1326 audit(1719975570.475:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 745.343580][ T29] audit: type=1326 audit(1719975570.475:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 745.409390][T16904] raw_sendmsg: syz.3.3939 forgot to set AF_INET. Fix it! [ 745.470415][ T29] audit: type=1326 audit(1719975570.475:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 745.516425][ T29] audit: type=1326 audit(1719975570.475:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 745.594572][ T29] audit: type=1326 audit(1719975570.485:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 745.734845][ T29] audit: type=1326 audit(1719975570.485:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 745.809539][ T29] audit: type=1326 audit(1719975570.485:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x7ffc0000 [ 745.875417][ T29] audit: type=1326 audit(1719975570.485:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16896 comm="syz.1.3937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7faaecf745d0 code=0x7ffc0000 [ 746.089385][T16934] binder: 16927:16934 ioctl 40046210 0 returned -14 [ 746.383824][T16946] FAULT_INJECTION: forcing a failure. [ 746.383824][T16946] name failslab, interval 1, probability 0, space 0, times 1 [ 746.416498][T16946] CPU: 1 PID: 16946 Comm: syz.2.3949 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 746.426664][T16946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 746.436719][T16946] Call Trace: [ 746.440000][T16946] [ 746.442936][T16946] dump_stack_lvl+0x16c/0x1f0 [ 746.447610][T16946] should_fail_ex+0x497/0x5b0 [ 746.452280][T16946] should_failslab+0x9/0x20 [ 746.456779][T16946] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 746.460325][ T5085] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 746.462150][T16946] ? __build_skb+0x3f/0x90 [ 746.462187][T16946] __build_skb+0x3f/0x90 [ 746.477246][T16946] build_skb+0x22/0x280 [ 746.481434][T16946] __tun_build_skb+0x2c/0x340 [ 746.486141][T16946] tun_build_skb.constprop.0+0x7df/0x1250 [ 746.491855][T16946] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 746.498012][T16946] ? hlock_class+0x4e/0x130 [ 746.502529][T16946] ? __lock_acquire+0xc5d/0x3b30 [ 746.507462][T16946] tun_get_user+0x888/0x3c30 [ 746.512052][T16946] ? __pfx_tun_get_user+0x10/0x10 [ 746.517068][T16946] ? find_held_lock+0x2d/0x110 [ 746.521834][T16946] ? __pfx_lock_release+0x10/0x10 [ 746.526862][T16946] tun_chr_write_iter+0xe8/0x210 [ 746.531796][T16946] vfs_write+0x6b6/0x1140 [ 746.536130][T16946] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 746.541703][T16946] ? __pfx_vfs_write+0x10/0x10 [ 746.546479][T16946] ? __fget_files+0x256/0x400 [ 746.551153][T16946] ? __fget_light+0x173/0x210 [ 746.555819][T16946] ksys_write+0x12f/0x260 [ 746.560155][T16946] ? __pfx_ksys_write+0x10/0x10 [ 746.565013][T16946] do_syscall_64+0xcd/0x250 [ 746.569520][T16946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.575420][T16946] RIP: 0033:0x7f291af7471f [ 746.579829][T16946] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 746.599432][T16946] RSP: 002b:00007f291be06010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 746.607843][T16946] RAX: ffffffffffffffda RBX: 00007f291b103f60 RCX: 00007f291af7471f [ 746.615812][T16946] RDX: 000000000000009e RSI: 0000000020000180 RDI: 00000000000000c8 [ 746.623787][T16946] RBP: 00007f291be060a0 R08: 0000000000000000 R09: 0000000000000000 [ 746.631761][T16946] R10: 000000000000009e R11: 0000000000000293 R12: 0000000000000001 [ 746.639729][T16946] R13: 000000000000000b R14: 00007f291b103f60 R15: 00007ffd19798918 [ 746.647699][T16946] [ 746.892805][T16954] Cannot find set identified by id 0 to match [ 747.413456][ T5085] Bluetooth: hci2: link tx timeout [ 747.421519][ T5085] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 747.742292][T16971] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 747.755739][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.764583][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.069330][ T5138] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 748.255260][T16992] FAULT_INJECTION: forcing a failure. [ 748.255260][T16992] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 748.289726][ T5138] usb 3-1: Using ep0 maxpacket: 8 [ 748.299099][T16992] CPU: 1 PID: 16992 Comm: syz.1.3963 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 748.309300][T16992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 748.319370][T16992] Call Trace: [ 748.322662][T16992] [ 748.325606][T16992] dump_stack_lvl+0x16c/0x1f0 [ 748.330321][T16992] should_fail_ex+0x497/0x5b0 [ 748.335015][T16992] _copy_to_user+0x30/0xc0 [ 748.339424][T16992] simple_read_from_buffer+0xd0/0x160 [ 748.344792][T16992] proc_fail_nth_read+0x1b0/0x290 [ 748.349810][T16992] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 748.355347][T16992] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 748.360883][T16992] vfs_read+0x1d4/0xbd0 [ 748.365042][T16992] ? __fdget_pos+0xeb/0x180 [ 748.369560][T16992] ? __pfx_vfs_read+0x10/0x10 [ 748.374253][T16992] ? __pfx___mutex_lock+0x10/0x10 [ 748.379272][T16992] ? __fget_files+0x256/0x400 [ 748.383963][T16992] ksys_read+0x12f/0x260 [ 748.388194][T16992] ? __pfx_ksys_read+0x10/0x10 [ 748.392949][T16992] do_syscall_64+0xcd/0x250 [ 748.397443][T16992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.403342][T16992] RIP: 0033:0x7faaecf7467c [ 748.407773][T16992] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 748.427389][T16992] RSP: 002b:00007faaedd61040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 748.435785][T16992] RAX: ffffffffffffffda RBX: 00007faaed103f60 RCX: 00007faaecf7467c [ 748.443739][T16992] RDX: 000000000000000f RSI: 00007faaedd610b0 RDI: 0000000000000003 [ 748.451713][T16992] RBP: 00007faaedd610a0 R08: 0000000000000000 R09: 0000000000000000 [ 748.459670][T16992] R10: 000000000000009e R11: 0000000000000246 R12: 0000000000000001 [ 748.467633][T16992] R13: 000000000000000b R14: 00007faaed103f60 R15: 00007ffc93469b68 [ 748.475614][T16992] [ 748.499860][ T5138] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 748.510380][ T5138] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 748.519559][ T5138] usb 3-1: config 1 has no interface number 1 [ 748.536147][ T5138] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 749.107256][T17002] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.3964'. [ 749.195250][ T5138] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 749.203366][ T5138] usb 3-1: Product: syz [ 749.207553][ T5138] usb 3-1: Manufacturer: syz [ 749.212217][ T5138] usb 3-1: SerialNumber: syz [ 749.416799][T17012] Cannot find set identified by id 0 to match [ 749.473109][T16971] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 749.511306][ T5095] Bluetooth: hci2: command 0x0406 tx timeout [ 749.558705][T16971] trusted_key: syz.2.3957 sent an empty control message without MSG_MORE. [ 749.650407][T17024] unknown channel width for channel at 909000KHz? [ 749.656934][T17024] unknown channel width for channel at 909000KHz? [ 749.677709][T17024] unknown channel width for channel at 909000KHz? [ 749.685290][T17021] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3969'. [ 750.046236][T17032] binder: 17026:17032 ioctl 8912 20000540 returned -22 [ 750.149451][T17032] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3972'. [ 750.887616][ T5138] usb 3-1: USB disconnect, device number 20 [ 751.132949][T17057] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3979'. [ 751.154632][T15006] udevd[15006]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 751.299285][ T29] kauditd_printk_skb: 54 callbacks suppressed [ 751.299304][ T29] audit: type=1804 audit(1719975576.625:864): pid=17047 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.3977" name="/newroot/364/bus/cgroup.controllers" dev="overlay" ino=1955 res=1 errno=0 [ 751.379247][ T29] audit: type=1326 audit(1719975576.685:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17051 comm="syz.1.3979" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faaecf75b99 code=0x0 [ 751.649308][ T1148] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 751.843849][ T1148] usb 3-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=26.ea [ 751.868852][ T1148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 751.909657][ T29] audit: type=1400 audit(1719975577.215:866): avc: denied { write } for pid=17065 comm="syz.3.3982" name="pfkey" dev="proc" ino=4026534754 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 751.940736][ T1148] usb 3-1: config 0 descriptor?? [ 751.946582][T17068] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3983'. [ 751.975240][ T1148] usb 3-1: Invalid firmware size=18. [ 752.169278][T17071] binder: 17070:17071 ioctl c0306201 20000380 returned -14 [ 752.545291][ T1148] usb 3-1: USB disconnect, device number 21 [ 752.848809][ T29] audit: type=1400 audit(1719975578.175:867): avc: denied { create } for pid=17083 comm="syz.3.3986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 752.903874][T17091] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3986'. [ 752.929661][ T29] audit: type=1400 audit(1719975578.235:868): avc: denied { connect } for pid=17083 comm="syz.3.3986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 753.067562][ T29] audit: type=1400 audit(1719975578.395:869): avc: denied { setopt } for pid=17095 comm="syz.4.3989" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 753.099658][T17098] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3989'. [ 753.108627][ T29] audit: type=1400 audit(1719975578.425:870): avc: denied { nlmsg_read } for pid=17095 comm="syz.4.3989" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 753.129663][T17096] binder: 17092:17096 ioctl 8912 20000540 returned -22 [ 753.151942][T17096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3988'. [ 753.348121][ T29] audit: type=1400 audit(1719975578.675:871): avc: denied { mounton } for pid=17100 comm="syz.0.3990" path="/21/file1/file0" dev="autofs" ino=63903 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 753.393540][ T29] audit: type=1400 audit(1719975578.715:872): avc: denied { read } for pid=17100 comm="syz.0.3990" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 753.471687][ T29] audit: type=1400 audit(1719975578.715:873): avc: denied { open } for pid=17100 comm="syz.0.3990" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 755.154311][T17136] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3995'. [ 756.934481][T17158] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4005'. [ 756.980749][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 756.980767][ T29] audit: type=1400 audit(1719975582.315:877): avc: denied { append } for pid=17159 comm="syz.1.4006" name="nvram" dev="devtmpfs" ino=625 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 757.333669][ T29] audit: type=1400 audit(1719975582.665:878): avc: denied { write } for pid=17167 comm="syz.3.4009" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 757.475096][T17171] netlink: 'syz.3.4010': attribute type 62 has an invalid length. [ 757.882960][ T29] audit: type=1400 audit(1719975583.215:879): avc: denied { bind } for pid=17176 comm="syz.2.4011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 757.918549][ T29] audit: type=1400 audit(1719975583.245:880): avc: denied { listen } for pid=17176 comm="syz.2.4011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 757.977182][T17177] bond1: entered promiscuous mode [ 758.006591][T17177] bond1: entered allmulticast mode [ 758.019875][T17177] 8021q: adding VLAN 0 to HW filter on device bond1 [ 758.287254][T17187] input: syz1 as /devices/virtual/input/input33 [ 758.914733][ T29] audit: type=1804 audit(1719975584.245:881): pid=17192 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.4015" name="/newroot/149/bus/cgroup.controllers" dev="overlay" ino=808 res=1 errno=0 [ 759.294477][T17202] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4017'. [ 759.462465][ T29] audit: type=1326 audit(1719975584.795:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17207 comm="syz.4.4020" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce74575b99 code=0x0 [ 759.909485][T17213] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4021'. [ 760.078288][T17218] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4022'. [ 760.659152][ C1] Adjusting tsc more than 11% (8578408 vs 8464029) [ 760.973293][T17229] binder: 17228:17229 ioctl 8912 20000540 returned -22 [ 761.026892][T17229] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4024'. [ 761.193628][T17240] input: syz1 as /devices/virtual/input/input34 [ 761.654755][ T5087] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 761.840898][ T5087] usb 3-1: Using ep0 maxpacket: 16 [ 761.849281][ T5087] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 761.870978][ T5087] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 761.901151][ T5087] usb 3-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 761.940957][ T5087] usb 3-1: New USB device found, idVendor=0525, idProduct=9ea1, bcdDevice= 0.40 [ 761.950597][ T5087] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.967001][ T5087] usb 3-1: Product: syz [ 761.972000][ T5087] usb 3-1: Manufacturer: syz [ 761.982997][ T5087] usb 3-1: SerialNumber: syz [ 762.022342][ T5087] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 762.052265][ T5087] cdc_ncm 3-1:1.0: bind() failure [ 762.291105][ T5138] usb 3-1: USB disconnect, device number 22 [ 762.533246][T17266] misc userio: Can't change port type on an already running userio instance [ 762.592181][T17269] misc userio: Begin command sent, but we're already running [ 762.817837][ T5138] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 763.040723][ T5138] usb 3-1: Using ep0 maxpacket: 32 [ 763.047477][ T5138] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 763.063815][ T5138] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 763.092105][ T5138] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 763.103852][ T5138] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 763.118993][ T5138] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 763.129377][ T5138] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 763.145237][ T5138] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 763.155258][ T5138] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 763.163284][ T5138] usb 3-1: Product: syz [ 763.167589][ T5138] usb 3-1: Manufacturer: syz [ 763.173267][ T5138] usb 3-1: SerialNumber: syz [ 764.727454][ T5138] cdc_ncm 3-1:1.0: bind() failure [ 764.768613][ T5138] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 764.791989][ T5138] cdc_ncm 3-1:1.1: bind() failure [ 764.839852][ T29] audit: type=1400 audit(1719975590.579:883): avc: denied { setopt } for pid=17288 comm="syz.4.4041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 764.888807][ T5138] usb 3-1: USB disconnect, device number 23 [ 765.041297][T17292] Bluetooth: MGMT ver 1.22 [ 765.476795][ T5095] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 765.488402][ T5095] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 765.497291][ T5095] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 765.525062][ T5095] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 765.535626][ T5095] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 765.543519][ T5095] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 765.870889][ T1062] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 765.922582][T17313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 765.977898][T17313] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 766.142585][ T1062] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.325875][ T1062] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.524149][ T1062] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.669256][ T5095] Bluetooth: hci3: command tx timeout [ 768.259762][ T29] audit: type=1400 audit(1719975594.023:884): avc: denied { getopt } for pid=17362 comm="syz.3.4058" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 768.369433][T17302] chnl_net:caif_netlink_parms(): no params data found [ 768.493839][ T1062] bridge_slave_1: left allmulticast mode [ 768.529012][ T1062] bridge_slave_1: left promiscuous mode [ 768.558042][ T1062] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.595914][ T1062] bridge_slave_0: left allmulticast mode [ 768.606490][T17369] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17369 comm=syz.3.4058 [ 768.618081][ T1062] bridge_slave_0: left promiscuous mode [ 768.657573][ T1062] bridge0: port 1(bridge_slave_0) entered disabled state [ 769.882092][ T1062] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 769.894798][ T1062] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 769.906495][ T1062] bond0 (unregistering): Released all slaves [ 769.923660][ T5095] Bluetooth: hci3: command tx timeout [ 769.961521][T17369] (unnamed net_device) (uninitialized): (slave team_slave_0): Device is not bonding slave [ 769.986996][T17369] (unnamed net_device) (uninitialized): option active_slave: invalid value (team_slave_0) [ 770.454837][T17399] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4061'. [ 770.620359][T17302] bridge0: port 1(bridge_slave_0) entered blocking state [ 770.638467][T17302] bridge0: port 1(bridge_slave_0) entered disabled state [ 770.666711][T17302] bridge_slave_0: entered allmulticast mode [ 770.697799][T17302] bridge_slave_0: entered promiscuous mode [ 770.757040][T17409] xt_hashlimit: size too large, truncated to 1048576 [ 770.785392][ T1062] hsr_slave_0: left promiscuous mode [ 770.808722][T17409] xt_hashlimit: Unknown mode mask 312, kernel too old? [ 770.809420][ T1062] hsr_slave_1: left promiscuous mode [ 770.858719][ T1062] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 770.903066][ T1062] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 770.934911][ T1062] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 770.947594][ T1062] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 771.116852][ T1062] veth1_macvtap: left promiscuous mode [ 771.174467][ T1062] veth0_macvtap: left promiscuous mode [ 771.206109][ T1062] veth1_vlan: left promiscuous mode [ 771.233205][ T1062] veth0_vlan: left promiscuous mode [ 771.529071][T17429] input: syz1 as /devices/virtual/input/input38 [ 771.804894][T17435] sctp: [Deprecated]: syz.4.4069 (pid 17435) Use of int in max_burst socket option deprecated. [ 771.804894][T17435] Use struct sctp_assoc_value instead [ 772.177347][ T5095] Bluetooth: hci3: command tx timeout [ 773.008003][ T1062] team0 (unregistering): Port device team_slave_1 removed [ 773.060961][ T1062] team0 (unregistering): Port device team_slave_0 removed [ 773.099818][ T5164] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 773.320001][ T5164] usb 4-1: Using ep0 maxpacket: 32 [ 773.333826][ T5164] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 773.342491][ T5164] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 773.353959][ T5164] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 773.368060][ T5164] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 773.377749][ T5164] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 773.388777][ T5164] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 773.411346][ T5164] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 773.420450][ T5164] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 773.437047][ T5164] usb 4-1: config 0 descriptor?? [ 773.702206][ T5164] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 773.724661][ T5164] usb 4-1: USB disconnect, device number 17 [ 773.740470][ T5164] usblp0: removed [ 773.812586][T17302] bridge0: port 2(bridge_slave_1) entered blocking state [ 773.819958][T17302] bridge0: port 2(bridge_slave_1) entered disabled state [ 773.828258][T17302] bridge_slave_1: entered allmulticast mode [ 773.836268][T17302] bridge_slave_1: entered promiscuous mode [ 774.073522][T17302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 774.283364][T17302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 774.325182][ T5164] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 774.434720][ T5095] Bluetooth: hci3: command tx timeout [ 775.143592][T17302] team0: Port device team_slave_0 added [ 775.187808][ T5164] usb 4-1: Using ep0 maxpacket: 32 [ 775.204048][ T5164] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 775.226045][ T5164] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 775.449002][ T5164] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 775.449867][ T5164] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 775.466686][T17302] team0: Port device team_slave_1 added [ 775.468449][ T5164] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 775.485089][ T5164] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 775.487785][ T5164] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 775.526758][ T5164] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 775.590648][ T5164] usb 4-1: config 0 descriptor?? [ 776.154600][ T5164] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 18 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 776.277819][ T5164] usb 4-1: USB disconnect, device number 18 [ 776.305704][ T5164] usblp0: removed [ 776.399792][T17302] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 776.421825][T17302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 776.502439][T17491] input: syz1 as /devices/virtual/input/input39 [ 776.546544][T17302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 776.641094][T17302] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 776.648571][T17302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 776.724768][T17302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 776.998307][T17302] hsr_slave_0: entered promiscuous mode [ 777.044283][T17302] hsr_slave_1: entered promiscuous mode [ 777.080051][T17302] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 777.121961][T17302] Cannot create hsr debugfs directory [ 778.583493][T17302] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 778.649727][T17302] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 778.699212][T17302] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 778.719879][T17302] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 779.105639][T17302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 779.170660][T17302] 8021q: adding VLAN 0 to HW filter on device team0 [ 779.233111][ T5087] bridge0: port 1(bridge_slave_0) entered blocking state [ 779.240238][ T5087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 779.280753][ T5087] bridge0: port 2(bridge_slave_1) entered blocking state [ 779.288075][ T5087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 779.861101][T17302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 780.100235][T17302] veth0_vlan: entered promiscuous mode [ 780.158303][T17302] veth1_vlan: entered promiscuous mode [ 780.279684][T17302] veth0_macvtap: entered promiscuous mode [ 780.306323][T17302] veth1_macvtap: entered promiscuous mode [ 780.353496][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.380888][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.399438][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.409917][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.433302][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.453520][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.463388][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.489808][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.507660][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.518131][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.540883][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.561892][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.572294][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.595546][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.623675][T17302] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 780.642973][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.668202][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.690511][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.701675][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.727687][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.740626][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.762997][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.774015][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.797951][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.808659][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.830460][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.841219][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.865154][T17302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.875604][T17302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.906059][T17302] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 780.955204][T17302] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.969048][T17302] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.984396][T17302] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.993130][T17302] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.157050][ T4215] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 781.177164][ T4215] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 781.221382][ T1062] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 781.232655][ T1062] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 807.019862][T17616] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4084'. [ 808.548004][T17629] veth0_vlan: left promiscuous mode [ 808.882370][T17654] input: syz1 as /devices/virtual/input/input40 [ 809.129600][T17660] hfsplus: unable to parse mount options [ 809.696056][T17680] xt_l2tp: v2 tid > 0xffff: 262144 [ 809.815956][ T1148] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 809.935659][T17690] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.4101'. [ 809.945187][T17690] openvswitch: netlink: Message has 3074 unknown bytes. [ 810.778549][ T1148] usb 2-1: Using ep0 maxpacket: 32 [ 810.788591][ T29] audit: type=1400 audit(1719975632.475:885): avc: denied { name_bind } for pid=17687 comm="syz.0.4101" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 810.838896][ T1148] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 810.988754][ T29] audit: type=1400 audit(1719975632.531:886): avc: denied { name_connect } for pid=17687 comm="syz.0.4101" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 811.010876][ C1] vkms_vblank_simulate: vblank timer overrun [ 811.021799][ T29] audit: type=1400 audit(1719975633.306:887): avc: denied { write } for pid=17693 comm="syz.4.4104" name="card0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 811.044737][ C1] vkms_vblank_simulate: vblank timer overrun [ 811.072060][ T1148] usb 2-1: New USB device found, idVendor=0458, idProduct=5014, bcdDevice= 0.40 [ 811.331236][ T1148] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 811.349782][ T1148] usb 2-1: Product: syz [ 811.354809][ T5095] Bluetooth: hci3: command tx timeout [ 811.417585][ T1148] usb 2-1: Manufacturer: syz [ 811.730267][ T1148] usb 2-1: SerialNumber: syz [ 812.177918][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 812.184414][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 812.233907][ T1148] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 812.345109][ T29] audit: type=1400 audit(1719975634.709:888): avc: denied { create } for pid=17663 comm="syz.2.4096" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 812.572587][T17710] input: syz1 as /devices/virtual/input/input41 [ 813.101122][T17716] xt_TCPMSS: Only works on TCP SYN packets [ 813.196718][ T29] audit: type=1400 audit(1719975635.503:889): avc: denied { ioctl } for pid=17715 comm="syz.0.4108" path="socket:[67059]" dev="sockfs" ino=67059 ioctlcmd=0x89a1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 813.660589][T17724] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4111'. [ 813.737898][ T29] audit: type=1400 audit(1719975635.992:890): avc: denied { nnp_transition } for pid=17723 comm="syz.0.4111" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1 [ 813.788188][ T29] audit: type=1400 audit(1719975636.020:891): avc: denied { transition } for pid=17723 comm="syz.0.4111" path="/9/file2" dev="tmpfs" ino=66 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 813.834035][ T5165] usb 2-1: USB disconnect, device number 23 [ 813.880339][ T29] audit: type=1400 audit(1719975636.020:892): avc: denied { entrypoint } for pid=17723 comm="syz.0.4111" path="/9/file2" dev="tmpfs" ino=66 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 813.938480][ T29] audit: type=1400 audit(1719975636.020:893): avc: denied { noatsecure } for pid=17723 comm="syz.0.4111" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 814.066926][ T29] audit: type=1400 audit(1719975636.297:894): avc: denied { getopt } for pid=17734 comm="syz.3.4113" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 814.106508][T17736] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4113'. [ 814.235572][T17739] sch_tbf: burst 7768 is lower than device lo mtu (11337746) ! [ 814.507233][ T5095] Bluetooth: hci2: unexpected event for opcode 0x1003 [ 817.883759][T17752] qnx4: no qnx4 filesystem (no root dir). [ 817.976899][T17760] qnx4: no qnx4 filesystem (no root dir). [ 818.003518][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 818.003536][ T29] audit: type=1400 audit(1719975639.933:897): avc: denied { mount } for pid=17753 comm="syz.1.4118" name="/" dev="pstore" ino=3096 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 818.031936][ C1] vkms_vblank_simulate: vblank timer overrun [ 818.160976][T17764] qnx4: no qnx4 filesystem (no root dir). [ 818.396140][T17769] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4119'. [ 818.957299][ T5095] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 818.967794][ T5095] Bluetooth: hci2: Injecting HCI hardware error event [ 818.982768][ T5085] Bluetooth: hci2: hardware error 0x00 [ 818.982775][ T29] audit: type=1400 audit(1719975640.229:898): avc: denied { connect } for pid=17755 comm="syz.4.4119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 818.988288][ T29] audit: type=1400 audit(1719975640.293:899): avc: denied { write } for pid=17755 comm="syz.4.4119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 819.220234][ T29] audit: type=1400 audit(1719975641.050:900): avc: denied { unmount } for pid=11428 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 819.221827][ T5085] ------------[ cut here ]------------ [ 819.246949][ T5085] ida_free called for id=8192 which is not allocated. [ 819.258136][ T5085] WARNING: CPU: 1 PID: 5085 at lib/idr.c:525 ida_free+0x1fb/0x2f0 [ 819.266468][ T5085] Modules linked in: [ 819.271032][ T5085] CPU: 1 PID: 5085 Comm: kworker/u9:2 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 819.281840][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 819.292506][ T5085] Workqueue: hci2 hci_error_reset [ 819.297671][ T5085] RIP: 0010:ida_free+0x1fb/0x2f0 [ 819.302648][ T5085] Code: bb f6 41 83 fe 3e 76 73 e8 f2 fa bb f6 48 8b 7c 24 28 4c 89 ee e8 c5 0c 19 00 90 48 c7 c7 e0 2b 81 8c 89 ee e8 96 15 7e f6 90 <0f> 0b 90 90 e8 cc fa bb f6 48 b8 00 00 00 00 00 fc ff df 48 01 c3 [ 819.322382][ T5085] RSP: 0018:ffffc9000320fa38 EFLAGS: 00010286 [ 819.328493][ T5085] RAX: 0000000000000000 RBX: 1ffff92000641f48 RCX: ffffffff81500069 [ 819.336456][ T5085] RDX: ffff8880698c8000 RSI: ffffffff81500076 RDI: 0000000000000001 [ 819.344677][ T5085] RBP: 0000000000002000 R08: 0000000000000001 R09: 0000000000000000 [ 819.352739][ T5085] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 819.361165][ T5085] R13: 0000000000000293 R14: 0000000000000000 R15: 0000000000000000 [ 819.369127][ T5085] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 819.378322][ T5085] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 819.384961][ T5085] CR2: 00007fce752356b8 CR3: 0000000029c46000 CR4: 00000000003506f0 [ 819.392995][ T5085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 819.400972][ T5085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 819.408956][ T5085] Call Trace: [ 819.412224][ T5085] [ 819.415197][ T5085] ? show_regs+0x8c/0xa0 [ 819.419439][ T5085] ? __warn+0xe5/0x3c0 [ 819.423507][ T5085] ? preempt_schedule_notrace+0x62/0xe0 [ 819.429094][ T5085] ? ida_free+0x1fb/0x2f0 [ 819.433433][ T5085] ? report_bug+0x3c0/0x580 [ 819.437950][ T5085] ? handle_bug+0x3d/0x70 [ 819.442274][ T5085] ? exc_invalid_op+0x17/0x50 [ 819.446989][ T5085] ? asm_exc_invalid_op+0x1a/0x20 [ 819.452036][ T5085] ? __warn_printk+0x199/0x350 [ 819.456820][ T5085] ? __warn_printk+0x1a6/0x350 [ 819.461578][ T5085] ? ida_free+0x1fb/0x2f0 [ 819.465903][ T5085] ? ida_free+0x1fa/0x2f0 [ 819.470659][ T5085] ? __pfx_ida_free+0x10/0x10 [ 819.475334][ T5085] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 819.480866][ T5085] hci_conn_del+0x768/0xdb0 [ 819.485392][ T5085] hci_conn_hash_flush+0x18f/0x260 [ 819.490545][ T5085] hci_dev_close_sync+0x591/0x1100 [ 819.495690][ T5085] ? __pfx_bt_err+0x10/0x10 [ 819.500252][ T5085] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 819.505808][ T5085] ? __pfx_lock_acquire+0x10/0x10 [ 819.510923][ T5085] ? __pfx_lock_release+0x10/0x10 [ 819.515967][ T5085] hci_dev_do_close+0x2e/0x90 [ 819.520637][ T5085] hci_error_reset+0xbf/0x320 [ 819.525348][ T5085] process_one_work+0x9c5/0x1b40 [ 819.530307][ T5085] ? __pfx_lock_acquire+0x10/0x10 [ 819.535349][ T5085] ? __pfx_process_one_work+0x10/0x10 [ 819.540769][ T5085] ? assign_work+0x1a0/0x250 [ 819.545426][ T5085] worker_thread+0x6c8/0xf30 [ 819.550007][ T5085] ? __pfx_worker_thread+0x10/0x10 [ 819.555168][ T5085] kthread+0x2c1/0x3a0 [ 819.559238][ T5085] ? _raw_spin_unlock_irq+0x23/0x50 [ 819.564472][ T5085] ? __pfx_kthread+0x10/0x10 [ 819.569093][ T5085] ret_from_fork+0x45/0x80 [ 819.573512][ T5085] ? __pfx_kthread+0x10/0x10 [ 819.578507][ T5085] ret_from_fork_asm+0x1a/0x30 [ 819.583277][ T5085] [ 819.586542][ T5085] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 819.593813][ T5085] CPU: 1 PID: 5085 Comm: kworker/u9:2 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 819.604062][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 819.614109][ T5085] Workqueue: hci2 hci_error_reset [ 819.619142][ T5085] Call Trace: [ 819.622415][ T5085] [ 819.625333][ T5085] dump_stack_lvl+0x3d/0x1f0 [ 819.629912][ T5085] panic+0x6f5/0x7a0 [ 819.633817][ T5085] ? __pfx_panic+0x10/0x10 [ 819.638225][ T5085] ? show_trace_log_lvl+0x363/0x500 [ 819.643420][ T5085] ? check_panic_on_warn+0x1f/0xb0 [ 819.648524][ T5085] ? ida_free+0x1fb/0x2f0 [ 819.652838][ T5085] check_panic_on_warn+0xab/0xb0 [ 819.657769][ T5085] __warn+0xf1/0x3c0 [ 819.661656][ T5085] ? preempt_schedule_notrace+0x62/0xe0 [ 819.667187][ T5085] ? ida_free+0x1fb/0x2f0 [ 819.671501][ T5085] report_bug+0x3c0/0x580 [ 819.675817][ T5085] handle_bug+0x3d/0x70 [ 819.679961][ T5085] exc_invalid_op+0x17/0x50 [ 819.684457][ T5085] asm_exc_invalid_op+0x1a/0x20 [ 819.689305][ T5085] RIP: 0010:ida_free+0x1fb/0x2f0 [ 819.694231][ T5085] Code: bb f6 41 83 fe 3e 76 73 e8 f2 fa bb f6 48 8b 7c 24 28 4c 89 ee e8 c5 0c 19 00 90 48 c7 c7 e0 2b 81 8c 89 ee e8 96 15 7e f6 90 <0f> 0b 90 90 e8 cc fa bb f6 48 b8 00 00 00 00 00 fc ff df 48 01 c3 [ 819.713825][ T5085] RSP: 0018:ffffc9000320fa38 EFLAGS: 00010286 [ 819.719878][ T5085] RAX: 0000000000000000 RBX: 1ffff92000641f48 RCX: ffffffff81500069 [ 819.727834][ T5085] RDX: ffff8880698c8000 RSI: ffffffff81500076 RDI: 0000000000000001 [ 819.735790][ T5085] RBP: 0000000000002000 R08: 0000000000000001 R09: 0000000000000000 [ 819.743744][ T5085] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 819.751732][ T5085] R13: 0000000000000293 R14: 0000000000000000 R15: 0000000000000000 [ 819.759700][ T5085] ? __warn_printk+0x199/0x350 [ 819.764466][ T5085] ? __warn_printk+0x1a6/0x350 [ 819.769226][ T5085] ? ida_free+0x1fa/0x2f0 [ 819.773544][ T5085] ? __pfx_ida_free+0x10/0x10 [ 819.778206][ T5085] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 819.783486][ T5085] hci_conn_del+0x768/0xdb0 [ 819.788010][ T5085] hci_conn_hash_flush+0x18f/0x260 [ 819.793113][ T5085] hci_dev_close_sync+0x591/0x1100 [ 819.798217][ T5085] ? __pfx_bt_err+0x10/0x10 [ 819.802711][ T5085] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 819.808253][ T5085] ? __pfx_lock_acquire+0x10/0x10 [ 819.813271][ T5085] ? __pfx_lock_release+0x10/0x10 [ 819.818299][ T5085] hci_dev_do_close+0x2e/0x90 [ 819.823015][ T5085] hci_error_reset+0xbf/0x320 [ 819.827695][ T5085] process_one_work+0x9c5/0x1b40 [ 819.832629][ T5085] ? __pfx_lock_acquire+0x10/0x10 [ 819.837650][ T5085] ? __pfx_process_one_work+0x10/0x10 [ 819.843011][ T5085] ? assign_work+0x1a0/0x250 [ 819.847601][ T5085] worker_thread+0x6c8/0xf30 [ 819.852179][ T5085] ? __pfx_worker_thread+0x10/0x10 [ 819.857276][ T5085] kthread+0x2c1/0x3a0 [ 819.861337][ T5085] ? _raw_spin_unlock_irq+0x23/0x50 [ 819.866524][ T5085] ? __pfx_kthread+0x10/0x10 [ 819.871104][ T5085] ret_from_fork+0x45/0x80 [ 819.875512][ T5085] ? __pfx_kthread+0x10/0x10 [ 819.880093][ T5085] ret_from_fork_asm+0x1a/0x30 [ 819.884848][ T5085] [ 819.888091][ T5085] Kernel Offset: disabled [ 819.892542][ T5085] Rebooting in 86400 seconds..