last executing test programs: 2m14.009013942s ago: executing program 4 (id=1707): r0 = syz_usb_connect$cdc_ncm(0x0, 0x81, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109026f0002010000000904000001020d0000052406000105240001000d240f0100000000000000000006241a0000000724140100000008241c0800e8d9000424020f090581030002ff00000904010000"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x7fd, 0x6, 0xa3, 0x3}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000300)={0x14, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 1m50.043032186s ago: executing program 4 (id=1707): r0 = syz_usb_connect$cdc_ncm(0x0, 0x81, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109026f0002010000000904000001020d0000052406000105240001000d240f0100000000000000000006241a0000000724140100000008241c0800e8d9000424020f090581030002ff00000904010000"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x7fd, 0x6, 0xa3, 0x3}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000300)={0x14, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 1m29.699760377s ago: executing program 4 (id=1707): r0 = syz_usb_connect$cdc_ncm(0x0, 0x81, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109026f0002010000000904000001020d0000052406000105240001000d240f0100000000000000000006241a0000000724140100000008241c0800e8d9000424020f090581030002ff00000904010000"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x7fd, 0x6, 0xa3, 0x3}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000300)={0x14, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 56.8713863s ago: executing program 4 (id=1707): r0 = syz_usb_connect$cdc_ncm(0x0, 0x81, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109026f0002010000000904000001020d0000052406000105240001000d240f0100000000000000000006241a0000000724140100000008241c0800e8d9000424020f090581030002ff00000904010000"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x7fd, 0x6, 0xa3, 0x3}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000300)={0x14, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 35.268283366s ago: executing program 4 (id=1707): r0 = syz_usb_connect$cdc_ncm(0x0, 0x81, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109026f0002010000000904000001020d0000052406000105240001000d240f0100000000000000000006241a0000000724140100000008241c0800e8d9000424020f090581030002ff00000904010000"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x7fd, 0x6, 0xa3, 0x3}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000300)={0x14, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 15.021044362s ago: executing program 4 (id=1707): r0 = syz_usb_connect$cdc_ncm(0x0, 0x81, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109026f0002010000000904000001020d0000052406000105240001000d240f0100000000000000000006241a0000000724140100000008241c0800e8d9000424020f090581030002ff00000904010000"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x7fd, 0x6, 0xa3, 0x3}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000300)={0x14, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 10.578264296s ago: executing program 0 (id=2118): mkdir(0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') lchown(&(0x7f0000000240)='./file0\x00', 0x0, 0xee00) 10.088313115s ago: executing program 0 (id=2121): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x3) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x37, 0x8f}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = creat(&(0x7f0000000280)='./file0\x00', 0xc2) write$binfmt_script(r4, &(0x7f00000000c0)={'#! ', './file0'}, 0xb) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newneigh={0x30, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x40, 0xa2}, [@NDA_LLADDR={0xa, 0x2, @remote}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x68}}, 0x0) 9.190522861s ago: executing program 3 (id=2124): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@nfs_export_on}]}) read(r0, 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) write$UHID_INPUT(r2, &(0x7f0000000080)={0xc, {"a2e3ad214fc752f91b25470987f70e06d038e7ff7fc6e5539b3245078b089b3f083868060890e0878f0e1ac6e70a9b3368959b6c9a241b5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31350d095d0936cd3b78130daa61f8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d16993428807789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e17f907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c330600d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f29f768ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a9740600000000f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b303db4d7bec6b6a97dbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) bpf$MAP_CREATE(0x0, &(0x7f0000001c80)=ANY=[@ANYBLOB="1e00000000000000090100000200000000020000", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="000000000400000000000400090000000000000000000000000000000ae83c3e5a143a638cdd25aa83aac8a6a56273990ec08845d65cb7ac33bb82d7"], 0x50) syz_open_dev$sg(&(0x7f0000000100), 0x4e60, 0x10400) socketpair$unix(0x1, 0x5, 0x0, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x12, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) sendfile(r4, r3, 0x0, 0x578410eb) r7 = semget$private(0x0, 0x6, 0x0) semtimedop(r7, &(0x7f0000000040)=[{0x0, 0x9, 0x1000}, {0x6177e32f2e548510, 0x7ff}, {0x0, 0x3ff, 0x1000}], 0x3, 0x0) semctl$IPC_RMID(r7, 0x0, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000010c0), 0x1, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, 0x0, 0x0) syz_usb_connect(0x0, 0x36, 0x0, 0x0) 7.536480772s ago: executing program 2 (id=2127): setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x34000811) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000100)={0x0, 0x9, 0x1, [0xd45d]}, 0xa) 7.379397929s ago: executing program 0 (id=2129): syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) gettid() r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = dup2(r3, r3) accept4$bt_l2cap(r4, 0x0, 0x0, 0x0) 7.287830719s ago: executing program 2 (id=2131): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, 0x0, 0x4040) socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[], 0x26}}, 0x0) ftruncate(0xffffffffffffffff, 0xffff) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000004c0)={{0x7f, 0x45, 0x4c, 0x46, 0xc, 0x4, 0x1, 0x4, 0xe, 0x3, 0x3, 0xff, 0x5e, 0x40, 0x1dd, 0x9, 0xfb67, 0x38, 0x1, 0x0, 0xfc00, 0x81}, [{0x6, 0x81e4, 0x5, 0x3, 0x6, 0x400, 0x9, 0xfffffffffffff9e0}]}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) open(0x0, 0x8e8c0, 0x54) r3 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000080)) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) mount_setattr(0xffffffffffffff9c, 0x0, 0x8000, 0x0, 0x0) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x6}}], 0x30}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00') writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='15', 0x2}], 0x8) syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000240), &(0x7f0000000000)) sendmsg$netlink(r0, 0x0, 0x0) 6.250840613s ago: executing program 0 (id=2133): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, 0x0, 0x4040) socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[], 0x26}}, 0x0) ftruncate(0xffffffffffffffff, 0xffff) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000004c0)={{0x7f, 0x45, 0x4c, 0x46, 0xc, 0x4, 0x1, 0x4, 0xe, 0x3, 0x3, 0xff, 0x5e, 0x40, 0x1dd, 0x9, 0xfb67, 0x38, 0x1, 0x0, 0xfc00, 0x81}, [{0x6, 0x81e4, 0x5, 0x3, 0x6, 0x400, 0x9, 0xfffffffffffff9e0}]}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) open(0x0, 0x8e8c0, 0x54) r3 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000080)) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) mount_setattr(0xffffffffffffff9c, 0x0, 0x8000, 0x0, 0x0) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x6}}], 0x30}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00') writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='15', 0x2}], 0x8) syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000240), &(0x7f0000000000)) sendmsg$netlink(r0, 0x0, 0x0) 5.460926257s ago: executing program 2 (id=2135): open(&(0x7f0000000300)='./bus\x00', 0x169042, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() getrlimit(0x0, &(0x7f0000000000)) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) waitid(0x0, r1, 0x0, 0x8, 0xfffffffffffffffd) waitid(0x1, r1, 0x0, 0x4, 0x0) 5.256081174s ago: executing program 0 (id=2136): r0 = syz_open_dev$radio(&(0x7f0000000740), 0x3, 0x2) ioctl$VIDIOC_S_PRIORITY(r0, 0x40045644, 0x20000000) r1 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x12) fsopen(&(0x7f0000005880)='zonefs\x00', 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r2, 0x29, 0xce, 0x0, 0x0) mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='qnx6\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() r4 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x3) r5 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000032680)=""/102400, 0x19000) setpgid(r5, r3) r7 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x648, 0x480, 0x480, 0x480, 0xf8, 0x248, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [], [], 'macvlan1\x00', 'erspan0\x00'}, 0x0, 0xd0, 0xf8, 0x0, {0x7a00000000000000}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, [], [], 'syzkaller0\x00', 'team_slave_1\x00'}, 0x0, 0x118, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@hbh={{0x48}, {0x8, 0x3, 0x0, [0xfff, 0x94, 0x4, 0x17, 0x6, 0x7ff, 0x0, 0x1, 0x0, 0xc, 0x9, 0x200, 0xda, 0x7, 0x7, 0xffff], 0x9}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff}}}}, {{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], '\x00', 'dummy0\x00'}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @local, @empty, [], [], [], 0x0, 0x2203}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x7, 0x2, 0x1, 0x2}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6a8) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000000)=ANY=[@ANYRES64=r4, @ANYRES32=0x0], 0x18}}, 0x801) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r9, &(0x7f0000001980), 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000700)={'vxcan1\x00'}) unshare(0x22020400) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 5.227039856s ago: executing program 1 (id=2137): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00009d0000000000fffff1480000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0x8, {"d1b3d695ebf1e3f3f8dc14bb7182b7fb6672df0ef699827552823f27b2fe09a4675e977037acd83eac275c94e133f9daa5cb9f6105eb64378a738493908a6a3e466779df631746ea061f940d1c31878b5564c6f08edf60beefa935b1b1f7a958d921824f3b40e84cc8b06b616a96c03abdc765984750dd8126803d726373a630fcf901f0f30ee0d0eb3bca88896d2e8a06e3a271c2e648690d513cc1083caf3b7e05feb094c1f05292c53c8685e423bb3910cfbfeb680b8e28b008912e020de8ebd922db9e634ec5951dc23c496262c811e61304a5109b6b31a087417d2f7a14c0a7950fd3f568a1b856b3b9ee2a458c3c8d55b93e8c6e68647fc4cd7b74da727a24c30456d48d3fd2eec6a871d853e7947893411228678b239d5f6ec0b43c5cbd755cc33eb3b208e2a12dd8d95a94353b954cf6d31cfb7151eb43fdd925bd13d10457d7562b3b0b89576c273154fa2ecd70bae1e4580734ddc11eb56d7e3bbe3c501cf4157fa24422ba06b2bd488a6795635614855a4f31767db029c02b73268845429d177a52b7ade4f12d77849a42b1b357d8aa5d1f912585b1586c50916681b881a08267f1513cc83ec54e0fdc091d0fdd23ec682c7ef36eb2ef27531d5092f43c4e5a77eaf2678371109b90e3147c9fdef304c46a083e849fd904a57af4784345bf395f0132301e69c7434354062459987c4f17f57b14f2ca3b7c53ef60e2488615c9e7de6e92ac83d629f1e98cecbf345e97e62ed9d65eb79414072837f82a73c6fcb4d82b585df17f45139c4c6b3e3a82ffe54cb573e631284962a406e5531e5cbe0fc2742219e51debc030d0c011fb7f380e52fbe54cb520c1e425cce2a305a6d2c84bff11f17d8f382579a2311b5e128e97f4f5c661e1b9b1c6ecf2c52cd38ec05e98fc59d211925db90519f127a748897bb1dd2b317881b7e2c3e0a92a93bbeff14825b0b992ce8af3dbe7ca47a90f80e325e1fa727aefbcf767b52a9f5f1963d4b5f42f5ed01d86e88dda18f78d849e38f81173a5f5d58441c0e00d7d90d201e4955644090c2946323081d81ab408a582c80e836cdf7103f37fd30b23092d3d3f69874150794f1f9f0e2970b107717ed476071f9a3eb2d936dad5650f9ad2c2e5abc4f7999a00f777d0391d0b2f18d7981f0acce09f6eaec0285cf4004d0d776786050c279f1f528fefe0943b0d5ce92c7726f4e7e66192c532aaf484165254c54e25e9abf426f814ccb94475e518ce3a536f9d71603e44748136178ddf9dc641a0d796f43abb1446fc27871222a6aabccfeae79cd0ebb71accd71d48fffe74c4873a349759a9d6b2119050640c7813f72625e7cf6f004dc6b21738e63cbe8f2227489b01243837475ffd1981b3e573b2062b71df889048f90e16205a94a4fef1efa5f664d26d5a1e83719464563b302176bbdbf6627979d899b13a59ba376f96d304d7c2322e80e0fc9ce3e946f69569be5cf5f440a0a33df0a01eadff62e968c7dd8b91abd942bd4a577444039e972cedea4897729ea5726b487c63ca6978d8ca502835a7e2b203c64cb68c7c9d256ce39af7d6621c7242f0d1281a50d643c89b0ad277bd0f537c521f6a28e2ad38839f2484a140092d214bc4e4b73ce1cca765accc8ef0a651e0c1ec755210df8213f613bdc71c831db84ce27ba56ee1b66c30f103cdbabbabe8ea8de919c8370cc6bf6c87e9b81a8efb7ef434550ade405ff63717655fa725c668e43397f9ca568317eea97dbad6fe24392429ec0f73430baf5ffe8372e5494e12003dc8a31d20afce1ad76ee68a501dfe2d9c2820462c784627756ec5ec6d54bf64f8e3693b1a9577ce7652b2ee26e795263c4202aacb4b5eeebbc611c68831170898ab319e9be1793a8280672f1a029d58d5051605832d8231f355c0b8d1d6f34463316b70eb40e64ebd08a6abd532d6d26fbfbabadd8ef424eb712681bc816c6182308cceaabad0baa4102997462d51b72e04faa593e34797be1ea13780fe5a69cf13d0137aecb1328c6bfd9f66793db5edc36088460818023a5de66e130c98e11e8802580e2d9324d8ea2e4d81dd93de12ff6b1dfd5beca9187b0fb02e5ab5c26a196ed91894ce94a978a3a31ca7fd80711234c00bf65aaee2e338cf1cfb4bc0364c93ba3012f596fccf6e29ff162630493dc617e2a7ea02b23118bd3d61ae4f92a8a0333d529e2ef6e46e12b21f6cf74b34a2f85d42dd13d09b8ae93685e4aea8ef27765dd176d0ce43565abf964738632d50308f8a876f9f55eec14e9e7432bd2b404726f9e85d2856cf39916b872d9d1e68db06bf45be11ef36278bd2ceb9bbb6b64f239ceaea182b11cabeac228a0e8293753772975b4c50ea6c549184c6fc32a392d180ce902e30bd47a9ec46d7cc9a7c48eb443cda67334eafa22dc5f3426a6085f42aa310d99c7959b103ddc1fb6e5e4621aa37669c96fa81c9d3fcfd07f5aca3a19c80704b58843dd27a1e997aa6fb3a807e409b22991ff584dd9372d282f1b6d3020a1876fe67568769dec766a52e4a266104f963b68a1912eaa40f491175d3dea21471ec6a4ba6b8bb55e2a59d86e192348ab693558c93d81b039f8e44fff87b753087908b72890e6fa90e9bb7636b810c3175534028a0a9d2978500074a70df5ea55fde86e03ede4dcc105add716dbf6d205dcbed423c8e50cf8011065982707e8dbc10c3de5c0f21f80bfcbe60819a828aa6b02af29afcd6b5ba3640212e57b0ac1adcb380046ff2e959cc133726bf53b2c2e6eee98f1e9d30a908370a6889d293fae20edf23e179ff35b3fc243e13e94f8f81ff1e35da1d6460f1883c0900f165dc76c62d40af1b8b2b02029a3f87e9333e8fec90053b2ce3edad4aba752631b0cc062038856ec2938135320a38beec0444765d6d7a63204afc4f69fe3c77ba85dce392040cf7a6c8b60eb42f722eca4c2cedfc1b7a016d7dbffc13769f7561c9332f36f9a83ad69b75b2c3050befd624136bc95a8e845a30e05b2f71937e77a22d45c16a28b6cf02e0c3c71f2d18ca605890f7431d9f8d9c5eb8fb10afbf5d9b16423afff55bfa481ab5b3ffb7c54e925d589bad14e1f4cfa1fa2434bd53115258e90685b131440f19e78670b1b9df204c70ca74cea2e325a6850c5a5d1fa7b1da18b5287afba5cbcec770131027ce91a4e919356af5b033bbeb6a4c48dafed367ba93cadde2fca773e384fd747b984db12c613282d234e2875da5946cc05679626e4d3439f28204af872a93a6ba630c180054cfdbb334b6d5ec96b8ff6362fddee1f0b61e7d41e1456aaeb01fe6af202273dd14cddff4a3cfacbb58d00fae3a9785723aedf41f07f866f84ef61db5fcebcd4e2c7e86ce486df7a479d90df9ef9a11d220e2f7622197868a7998f4827106e4cfda7c125bde4cf1389afdd02d3c4dc2dc9efbd8f56f42fb3fdca3e44a142e6ccecdd7105f9ad75fb4ac7a2df6d623e8ca24bb848b026b585d90b6c98587a59812a72e84c8ca102032f7500f5f3effd25108531b6ff38083f77a1acb40057dc75bf1b6cbca26dcd520f3838fb48aa168c875448beebc2f794cece7ca64a48492ad2dc6b498b6deb304b3552428b32964ad65a175bb8eaf9b95cc53c073185f5158dc52d7232c0de792921c794e5def26df78b154b26a69d110d4cbe8b2f17fde0026903ce2a1d3cda7b7b0114b8c97e8a11ec4e96a1fa6d146fbe0b942edc9841577751ad70db443216e7428ce82030b06d49a4019507ea001dd38c5123e65f77f4c8402415f700084c6f1527a5f5499e8dcd222da12ed0121aac9c81c5a2949de569f6956b56c5572de5205ad7e4365657708aeabd44d9a64c09b51510941ed4358a916b56b5e9bcaf10e2e6cb3cc67023a5dfe86a88dd73f5f101a6fb7cff7156ea8e0b8cdac7b94a63978665747b7c7504cb113e5dc8fd4d8b8d22112e23c16dd57385b8fb654ae0940f81dbc8e8b175e5e0ac4b19e6524b56c34457523f4d97b08859a6213bcf6f3ecfb714e311579d2d8f8a2f1f37dfaa3b9ea0af347085c496e62886d55d41e59aecabc1aac12a8de088de3558458cb1b33495ffdb8f81b23f0f8ccf27d4b66b2bc3633a55b16b94f6af81f8795ded6c829d835e68258dbe287cff6ef3c155800409ac3f02056ae9ecac5e487c91fb1a4ada1739cd232aeb6bbc6c6aabea959f1b97802b4df9b83cc4abf704f1c65a469fc0801994b9191e3fdd7f719ccf1143ecd9440ec1a130d25500c374cf1e81563e5909f73989c427f4cb9ddd39ac5723d2f3d56bd7aab9511479e50fbc9eb58388b838c95c315859f60ab4ceb44903b4f05aea845fbac61d162e23bc7e814e464d3c580c255a03246e227d4d5d1d05c75c4cb73454774fd2c9777781ae60a3610be2c00ef168c06309da21f7ec714717e326e75ac5b107da0d55d1eb7e7a1c00523136e40ac59406e93a044c209890b20405bfc8861655ebd99ac867b8e1217b973304e93f6b4f30c268d242c6f2770f3417735240d61d08d37393960c14cea24e9f28b42ce207c3edaac67b85571d661b5f92d0a85735072a026e56c7c05a53aabfc65cc38f513f9e622cd25923ed31891ca8a05a552652c24162776b9cdce4c03dfd3a6e39a609127916ba84d76af06b660eff40d807814a126cbcad4bb703b054c9780065901357a9e54bd513bc9aa3d3801cffb298c8e4d0b809986a950d7a156b8e9323e050ae7174d9a62b305f2933f794d2a58da904469cf61ac112f6c8f3482423c5de3a60c504525967bb16f89258447a7dddc53e1b188fb0e9ced2a51548158e871edd4d931ecd50c95ab00fe40d0fdccc4b79f795752e2272e3e785586d01f7d3ae16642330f9937840503b4e47e80a87086cb05c87f18aa6aca2ade4b6a7d2c69ab3ff0bfa78f34dfa598eea50c375577ff85ccbe02ec10208c09ab14f7e602a197416a6d1963b8e2b86170dea2c1e3f2447df105aa62036906fdf1c6b10c5d8134ecfb1b06638b12ce0fe6c7d0f3fc91382a570c1934c7fe1a5da829fcc226bb3734da68d18a742eac2ab40800771b89254cf5ebee7022f5a4c5b23fd24d618c0d896544254c8b9ae71e6ce143d3fd3f6355161f643f827717eb8332b311ea6cd72649213c69271f4f5faae6f1fdeed26e2b445d4b0f10efb33cf315ba475d2d7c3dff2e9dcc8c4aecf2d9fa997c054a4350b715f8d5eaf0fa7ec67e03259dfe0a9ac64e2c23b284a30343c8cb18947b6779debb4ef5a46d95c330b5d4940cafa0246e2447472d1be9fd9853f7c68daa0a819c0f768e30f5e4c9ab5de6b99095e6922610800b751c41cd65a79d584c605e30edf0e8a775cf9c2b91bf719875d7fe6a0b15311a8a745c487526ebbe6e2e0e6b26347bc7af7536b70272099e1479d012d7bec46ea69e60d057d5338235772dd85ac0d44d8f1968582719d5396c2f820b6fc21080aff60d36903d44779fc6b932a08cbadf1a59e7ebfe3f88266d5dd18be781c7b1b5327ece4b7326c0926280794d14ec1124985b55ac4266f756f007e9ca991a9c4bda99f175f5e5b571e9bbca4980c72376dd218d4991e4cbbb0a542b6705af5b89f0e38dbe3fcc2d7e778e4e0495b0d935e2f13237c60a0775782174c924e0e57055dd1ee8b4fc7c72e90282d6f61f56e31a453b5119abe0387b7fe3b289e48323dcf5e20a7b5ab27d48345fe978f2a739b394965336c71b932dc7a163fc8a202c7bd35110103f1a08fca303338b2edb85549f3a94dfa41727196dff2acec4b0a6550e255c0faa5e1513fe9dd0d9aad58e", 0x1000}}, 0x1006) r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) read(r0, &(0x7f0000000240)=""/123, 0x7b) clock_adjtime(0x0, &(0x7f0000000040)={0xd51, 0x7, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000010c0)=ANY=[@ANYBLOB="12010000000000100b060a500000000000010902240001000050000904000201030000000d210000000122f804090581030000040000"], 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="f0000000100013040000000000000000fe880000000000000000000000000001200100000000000000000000000000004e240000000000000000000037000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="000000000000000000000000000000000000000032000000fc0000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000fdffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000002000000000000000000000000000000000000000000000000000000020000000500000000000000"], 0xf0}}, 0x0) r2 = socket(0x2, 0x80805, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r3, 0x0) syz_emit_ethernet(0xa6, &(0x7f0000000000)={@local, @random="c4bc9cac9686", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x70, 0x6, 0x0, @private2, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x1c, 0xe2, 0xcf, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @timestamp={0x3, 0xa, 0x0, 0x4}, @exp_fastopen={0xfe, 0x7, 0xf989, "7511e9"}, @sack={0x5, 0x6, [0xa1be]}, @eol, @window={0x3, 0x3}, @exp_fastopen={0xfe, 0xa, 0xf989, "d463e2c4e2da"}, @exp_smc={0xfe, 0x6}, @mss={0x2, 0x4}, @exp_fastopen={0xfe, 0x4}, @timestamp={0x8, 0xa, 0x1, 0x2}, @md5sig={0x13, 0x12, "10fc4c99cc12b763e5e01292dd6f6ff6"}]}}}}}}}}, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000001080)='./file0\x00', &(0x7f0000001100)={0x34040, 0x10, 0x1}, 0x18) sendmmsg$inet(r2, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000001040)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x1}], 0x1}}], 0x2, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) r4 = socket(0x10, 0x3, 0x0) sendto$inet6(r4, &(0x7f0000000000)="7800000018002507b9409b14ffff00030202be04020506056403040c5c0009003f0020010a0000000d0085a168216b46d32345653600648d27000b000a00080049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160008000800000000000000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock2(&(0x7f0000293000/0x4000)=nil, 0x4000, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x800) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r5, 0xc02c5341, &(0x7f0000000040)) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYBLOB="00ffee0000eeffffff"], 0x48) syz_genetlink_get_family_id$nl80211(&(0x7f0000001140), r2) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x2c, '\x00', 0x0, @cgroup_skb=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 4.444249064s ago: executing program 0 (id=2138): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x75, 0x1c, 0x1, 0x10, 0xfe6, 0x9800, 0xd19a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x29, 0x2, 0x2, 0xb4, 0x8c, 0xbb, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000001b80)={{0x12, 0x1, 0x0, 0xd5, 0x7, 0xdf, 0x8, 0x10c4, 0x8244, 0xdc00, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3}}]}}]}}, 0x0) munmap(&(0x7f0000799000/0x3000)=nil, 0x3000) mmap(&(0x7f000079b000/0x1000)=nil, 0x1000, 0x0, 0x4100032, 0xffffffffffffffff, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f00000044c0)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="080180f6e0d1d1ab8c416fe58f0ba04c6184bfee30c02eee531aaf6863c3d26acfa4bd9642dd253611ac70abc646701468ffd246856be5d489c3fc4c13f57efe754874247e7ef2dd452318d21394a73d357cb39e2e0bf86cbda979626fa6250d2970b45634c6934caddfef8c44a91c103294948c43795240adb04587010448183e8c348da07ecdcbceca37d34a732cc59ec11c411b592c195e3aec9d9d639a8cb5ed9cb37fdb34662c1e3c3ffbc9877ccad30fc0", @ANYRESOCT=r0], 0x0}) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x40, 0x13, 0x6, @multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="60000000020601036c0000000e77000000000000050005000a000000050001000600000205000400000000000900020073797a320000000013000300686173683a6e65742c6966616365000014000780080006400000000008000840"], 0x60}}, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/sem\x00', 0x0, 0x0) pread64(r4, &(0x7f0000000080)=""/79, 0x4f, 0x7f) syz_usb_control_io$uac1(r1, 0x0, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0xf84}, 0x1c) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00ed6a", 0xb, 0x2c, 0x0, @remote, @local, {[], {{0x2c00, 0x3, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) poll(&(0x7f0000000080)=[{r3, 0xa020}], 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) read$proc_mixer(r6, &(0x7f0000000200)=""/182, 0xb6) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48}) 4.278578723s ago: executing program 2 (id=2139): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x141, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f00000002c0)) prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@fwd={0x2, 0x0, 0x0, 0x7, 0x2e}]}, {0x0, [0x0]}}, 0x0, 0x27, 0x0, 0x1, 0x800, 0x0, @void, @value}, 0x28) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) bpf$MAP_CREATE(0x0, 0x0, 0x48) getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x4800) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cpuinfo\x00', 0x0, 0x0) pread64(r7, &(0x7f00000000c0)=""/83, 0x4da, 0x0) syz_clone3(&(0x7f0000006180)={0x100000000, 0x0, 0x0, 0x0, {0x7}, 0x0, 0x0, 0x0, 0x0}, 0x58) connect$unix(r2, &(0x7f0000000400)=@abs, 0x6e) 3.475826314s ago: executing program 2 (id=2140): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x3) socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = creat(&(0x7f0000000280)='./file0\x00', 0xc2) write$binfmt_script(r4, &(0x7f00000000c0)={'#! ', './file0'}, 0xb) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newneigh={0x30, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x40, 0xa2}, [@NDA_LLADDR={0xa, 0x2, @remote}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x68}}, 0x0) 2.931614223s ago: executing program 1 (id=2141): open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) mount$afs(&(0x7f0000000240)=ANY=[@ANYBLOB='#slz'], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="64796e2c007d1725e9fd97f0d615e70ee8f61a0834ae5af8ce5e255262380f6e72199a9e3ec3a940bc76ff27e5a63719de58e539f481285c05e0af4fb9640800000030fe493ea998e84476f5f865d674ffea41d74aa57668f4ce0647481a51f0fc8cbcea7a200621400586db660338a4085cd78d0175b106dbb4d3bb87820bdd423192c1a7ecf850ae1892ea2e200da363b81c4451c0c8bf5fc5460ed7d8260ebcbe7cfc395874370c201e2cb0a3573c8ac9c7a7350bd7e9a961498b42f02e4f2e72498522b4844258d1a4615b7e5b748b29c20a04f87dce5711a07233f52ef2f566f3b56de1ae61b31d043d9a4d3bddd751223a9dda"]) 2.850134389s ago: executing program 1 (id=2142): r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x44, r0, 0x400, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x253e}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x8}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40012}, 0x4) r1 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) unshare(0x20000400) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socket(0x200000000000011, 0x2, 0x0) r4 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) sched_setscheduler(r4, 0x6, &(0x7f00000003c0)=0x7fffffff) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'vlan0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r5, 0x0, 0x11203}, [@IFLA_LINKINFO={0x3, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x10) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) mq_timedreceive(r1, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0) 2.776835282s ago: executing program 3 (id=2143): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x0, 0x18c, 0x203, 0x0, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x7fffffe, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0xffffffff}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r5, &(0x7f0000000100)={{0x3, @default, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null]}, 0x48) ioctl$SIOCAX25DELFWD(r5, 0x89eb, &(0x7f0000000040)={@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}) close(r5) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) read$FUSE(r6, &(0x7f0000001d40)={0x2020}, 0x2020) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r8}, 0x8) ioctl$SIOCSIFHWADDR(r7, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) socket$xdp(0x2c, 0x3, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8001, &(0x7f0000000000)=0x6, 0x8, 0x0) 2.5306581s ago: executing program 1 (id=2144): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000200000c5"]) 1.742736772s ago: executing program 3 (id=2145): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000140)={0x6, 0x17ffd, 0xffffbf8b, 0x3, 0x29, "635d509d2718c014df1a4569ec44cf1dd88567", 0x7, 0xed}) 1.666522542s ago: executing program 1 (id=2146): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) lsetxattr$trusted_overlay_origin(&(0x7f0000000180)='./file1\x00', &(0x7f0000000040), &(0x7f0000000280), 0x2, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) 1.658804405s ago: executing program 3 (id=2147): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') lchown(&(0x7f0000000240)='./file0\x00', 0x0, 0xee00) 1.440919128s ago: executing program 3 (id=2148): r0 = syz_open_dev$radio(&(0x7f0000000740), 0x3, 0x2) ioctl$VIDIOC_S_PRIORITY(r0, 0x40045644, 0x20000000) r1 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x12) fsopen(&(0x7f0000005880)='zonefs\x00', 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r2, 0x29, 0xce, 0x0, 0x0) mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='qnx6\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() r4 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x3) r5 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000032680)=""/102400, 0x19000) setpgid(r5, r3) r7 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x648, 0x480, 0x480, 0x480, 0xf8, 0x248, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [], [], 'macvlan1\x00', 'erspan0\x00'}, 0x0, 0xd0, 0xf8, 0x0, {0x7a00000000000000}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, [], [], 'syzkaller0\x00', 'team_slave_1\x00'}, 0x0, 0x118, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@hbh={{0x48}, {0x8, 0x3, 0x0, [0xfff, 0x94, 0x4, 0x17, 0x6, 0x7ff, 0x0, 0x1, 0x0, 0xc, 0x9, 0x200, 0xda, 0x7, 0x7, 0xffff], 0x9}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff}}}}, {{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], '\x00', 'dummy0\x00'}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @local, @empty, [], [], [], 0x0, 0x2203}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x7, 0x2, 0x1, 0x2}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6a8) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000000)=ANY=[@ANYRES64=r4, @ANYRES32=0x0], 0x18}}, 0x801) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r9, &(0x7f0000001980), 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000700)={'vxcan1\x00'}) unshare(0x22020400) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 1.375174294s ago: executing program 1 (id=2149): fchdir(0xffffffffffffffff) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680)) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='sysv\x00', 0x1005b, 0x0) socket$igmp(0x2, 0x3, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) inotify_add_watch(0xffffffffffffffff, 0x0, 0x40000c0) r0 = timerfd_create(0x0, 0x0) epoll_create1(0x0) timerfd_settime(r0, 0x3, &(0x7f0000000440), 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_freezer_state(r1, &(0x7f0000000140), 0x2, 0x0) r3 = fsopen(&(0x7f0000000080)='pvfs2\x00', 0x1) fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f00000000c0)='async\x00', 0x0, 0x0) sendfile(r2, r2, 0x0, 0x9) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_OPENQRY(r4, 0x5600, &(0x7f0000000100)) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a64000000060a0b04000000000000000002000000380080340001800b0001006e756d67656e00002400028008000140000000140800034000000000080004400000000708000240ffffffff0900010073797a30154fa9291245c8e220531417f30000000009000200c82b05214bb9957e78b32b30f54473"], 0x8c}}, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x400000, 0x171101) dup(r6) socket$alg(0x26, 0x5, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_udp(0x2, 0x2, 0x0) pselect6(0x40, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000000680)={0x7ff}, 0x0, 0x0) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0xb, 0x8000000, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x3}) 508.613847ms ago: executing program 3 (id=2150): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x75, 0x1c, 0x1, 0x10, 0xfe6, 0x9800, 0xd19a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x29, 0x2, 0x2, 0xb4, 0x8c, 0xbb, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000001b80)={{0x12, 0x1, 0x0, 0xd5, 0x7, 0xdf, 0x8, 0x10c4, 0x8244, 0xdc00, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3}}]}}]}}, 0x0) munmap(&(0x7f0000799000/0x3000)=nil, 0x3000) mmap(&(0x7f000079b000/0x1000)=nil, 0x1000, 0x0, 0x4100032, 0xffffffffffffffff, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f00000044c0)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="080180f6e0d1d1ab8c416fe58f0ba04c6184bfee30c02eee531aaf6863c3d26acfa4bd9642dd253611ac70abc646701468ffd246856be5d489c3fc4c13f57efe754874247e7ef2dd452318d21394a73d357cb39e2e0bf86cbda979626fa6250d2970b45634c6934caddfef8c44a91c103294948c43795240adb04587010448183e8c348da07ecdcbceca37d34a732cc59ec11c411b592c195e3aec9d9d639a8cb5ed9cb37fdb34662c1e3c3ffbc9877ccad30fc0", @ANYRESOCT=r0], 0x0}) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x40, 0x13, 0x6, @multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="60000000020601036c0000000e77000000000000050005000a000000050001000600000205000400000000000900020073797a320000000013000300686173683a6e65742c6966616365000014000780080006400000000008000840"], 0x60}}, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/sem\x00', 0x0, 0x0) pread64(r4, &(0x7f0000000080)=""/79, 0x4f, 0x7f) syz_usb_control_io$uac1(r1, 0x0, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0xf84}, 0x1c) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00ed6a", 0xb, 0x2c, 0x0, @remote, @local, {[], {{0x2c00, 0x3, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) poll(&(0x7f0000000080)=[{r3, 0xa020}], 0x1, 0x1) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r7 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) read$proc_mixer(r7, &(0x7f0000000200)=""/182, 0xb6) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48}) 0s ago: executing program 2 (id=2151): syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) gettid() r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = dup2(r3, r3) accept4$bt_l2cap(r4, 0x0, 0x0, 0x0) socket$inet(0x2, 0x4, 0x9) r5 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0xa0cb, 0x10100}, &(0x7f0000000000), &(0x7f00000001c0)=0x0) syz_open_dev$vcsa(&(0x7f0000000040), 0x6, 0xe000) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000480)=@IORING_OP_LINKAT={0x27, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, {0x0, r7}}) io_uring_enter(r5, 0x82ded, 0x0, 0x0, 0x0, 0x5ee5da97e0afaeeb) r8 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmmsg$inet(r8, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1}}], 0xfdef, 0x0) kernel console output (not intermixed with test programs): n: entered promiscuous mode [ 538.304051][T12111] veth1_vlan: entered promiscuous mode [ 538.320787][T12111] veth0_macvtap: entered promiscuous mode [ 538.328834][T12111] veth1_macvtap: entered promiscuous mode [ 538.344019][T12111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 538.354663][T12111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.365433][T12111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 538.369365][T12310] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1746'. [ 538.385538][T12111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.395774][T12111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 538.408272][T12111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.427177][T12111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 538.438331][T12111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.479595][T12111] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 538.554697][ T46] usb 4-1: new full-speed USB device number 62 using dummy_hcd [ 538.559306][T12111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.574799][T12111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.586549][T12111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.598753][T12111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.609362][T12111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.620612][T12111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.633546][T12111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.644618][T12111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.662006][T12111] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 538.721551][T12111] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.730924][T12111] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.744315][T12111] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.750341][ T46] usb 4-1: config index 0 descriptor too short (expected 63186, got 210) [ 538.753102][T12111] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.761892][T12113] Bluetooth: hci2: command tx timeout [ 538.804487][ T46] usb 4-1: config 0 has an invalid interface number: 106 but max is 0 [ 538.813074][ T46] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 538.823837][ T46] usb 4-1: config 0 has no interface number 0 [ 538.830264][ T46] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 538.842756][ T46] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 255, setting to 64 [ 538.853965][ T46] usb 4-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 538.872844][ T46] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 538.882868][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.959824][ T46] usb 4-1: config 0 descriptor?? [ 538.962558][T12306] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 539.796873][ T46] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 539.941718][ T7486] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.001629][ T7486] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 540.044148][ T46] usb 4-1: USB disconnect, device number 62 [ 540.049111][ T11] usb 4-1: Failed to submit usb control message: -71 [ 540.094794][ T11] usb 4-1: unable to send the bmi data to the device: -71 [ 540.122355][ T11] usb 4-1: unable to get target info from device [ 540.131123][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.143152][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 540.146157][ T11] usb 4-1: could not get target info (-71) [ 540.153136][T12332] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1752'. [ 540.175148][ T29] audit: type=1400 audit(1732696193.272:837): avc: denied { mounton } for pid=12111 comm="syz-executor" path="/root/syzkaller.mfK0T7/syz-tmp" dev="sda1" ino=1950 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 540.201600][ T11] usb 4-1: could not probe fw (-71) [ 540.225305][ T29] audit: type=1400 audit(1732696193.272:838): avc: denied { mounton } for pid=12111 comm="syz-executor" path="/root/syzkaller.mfK0T7/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=39022 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 540.258545][ T29] audit: type=1400 audit(1732696193.322:839): avc: denied { mounton } for pid=12111 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=2724 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 540.332437][ T29] audit: type=1400 audit(1732696193.322:840): avc: denied { mounton } for pid=12111 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 540.831046][T12340] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 1, id = 0 [ 540.841144][T12339] IPVS: stopping master sync thread 12340 ... [ 540.892142][ T29] audit: type=1400 audit(1732696193.982:841): avc: denied { read } for pid=12343 comm="syz.1.1756" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 540.918721][ T29] audit: type=1400 audit(1732696193.982:842): avc: denied { open } for pid=12343 comm="syz.1.1756" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 540.944243][T12342] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1755'. [ 540.948261][ T29] audit: type=1400 audit(1732696193.992:843): avc: denied { write } for pid=12343 comm="syz.1.1756" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 541.404428][ T5914] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 541.460426][T12353] block device autoloading is deprecated and will be removed. [ 541.614609][ T5914] usb 4-1: Using ep0 maxpacket: 8 [ 542.241676][T12361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1761'. [ 542.315153][ T5914] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 542.328722][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 542.346334][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 542.405545][ T5914] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 542.419753][ T5914] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 542.447816][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.665268][T12367] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 542.681706][T12367] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 542.692092][T12367] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 542.741535][ T29] audit: type=1400 audit(1732696195.842:844): avc: denied { ioctl } for pid=12368 comm="syz.1.1765" path="socket:[38832]" dev="sockfs" ino=38832 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 542.768205][T12370] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1764'. [ 542.790353][T12370] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 542.799623][T12370] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 542.808471][T12370] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 542.817455][T12370] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 542.829903][T12370] vxlan0: entered promiscuous mode [ 542.841929][T12373] iommufd_mock iommufd_mock3: Adding to iommu group 3 [ 542.846024][ T5914] usb 4-1: GET_CAPABILITIES returned 0 [ 542.850303][T12372] IPVS: stopping master sync thread 12374 ... [ 542.854188][ T5914] usbtmc 4-1:16.0: can't read capabilities [ 542.860423][T12374] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 1, id = 0 [ 542.920485][ T29] audit: type=1400 audit(1732696196.022:845): avc: denied { ioctl } for pid=12375 comm="syz.1.1767" path="socket:[38855]" dev="sockfs" ino=38855 ioctlcmd=0x7202 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 542.954387][ T5885] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 543.059846][ T5914] usb 4-1: USB disconnect, device number 63 [ 543.115809][ T5885] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 543.127560][ T5885] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 543.140908][ T5885] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 543.151667][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.169912][ T5885] usb 3-1: config 0 descriptor?? [ 543.189648][ T5885] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 543.789569][ T29] audit: type=1400 audit(1732696196.472:846): avc: denied { recv } for pid=12377 comm="syz.1.1768" saddr=10.128.0.169 src=30006 daddr=10.128.1.102 dest=35192 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 543.825647][ T29] audit: type=1400 audit(1732696196.482:847): avc: denied { egress } for pid=52 comm="kworker/u8:3" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1 [ 543.954844][ T29] audit: type=1400 audit(1732696196.482:848): avc: denied { sendto } for pid=52 comm="kworker/u8:3" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1 [ 544.002580][ T189] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.245770][ T189] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.361480][ T29] audit: type=1326 audit(1732696197.432:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12382 comm="syz.0.1769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5991d80809 code=0x7ffc0000 [ 544.729841][ T29] audit: type=1326 audit(1732696197.432:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12382 comm="syz.0.1769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5991d80809 code=0x7ffc0000 [ 544.846760][ T189] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.857895][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 544.868683][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 544.883763][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 545.040855][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 545.057625][ T5837] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 545.065694][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 545.263103][ T189] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.020042][ T29] audit: type=1400 audit(1732696198.472:851): avc: denied { write } for pid=12406 comm="syz.0.1774" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 546.093546][ T5887] usb 3-1: USB disconnect, device number 50 [ 546.738292][T12425] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 1, id = 0 [ 546.780178][ T189] bridge_slave_1: left allmulticast mode [ 546.789387][T12427] IPVS: stopping master sync thread 12425 ... [ 546.846237][T12416] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1775'. [ 546.862376][T12428] overlayfs: failed to resolve './file0': -2 [ 546.880915][ T189] bridge_slave_1: left promiscuous mode [ 546.887967][ T189] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.927746][ T189] bridge_slave_0: left allmulticast mode [ 546.933475][ T189] bridge_slave_0: left promiscuous mode [ 546.949210][ T189] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.246156][T12113] Bluetooth: hci2: command tx timeout [ 548.164777][T12449] FAULT_INJECTION: forcing a failure. [ 548.164777][T12449] name failslab, interval 1, probability 0, space 0, times 0 [ 548.178122][T12449] CPU: 1 UID: 0 PID: 12449 Comm: syz.0.1783 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 548.188568][T12449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 548.198623][T12449] Call Trace: [ 548.201878][T12449] [ 548.204785][T12449] dump_stack_lvl+0x16c/0x1f0 [ 548.209448][T12449] should_fail_ex+0x497/0x5b0 [ 548.214106][T12449] ? fs_reclaim_acquire+0xae/0x150 [ 548.219193][T12449] should_failslab+0xc2/0x120 [ 548.223855][T12449] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 548.229569][T12449] ? __d_alloc+0x31/0xaa0 [ 548.233926][T12449] __d_alloc+0x31/0xaa0 [ 548.238102][T12449] ? __raw_spin_lock_init+0x3a/0x110 [ 548.243384][T12449] d_alloc_pseudo+0x1c/0xc0 [ 548.247868][T12449] alloc_file_pseudo+0xdc/0x210 [ 548.252698][T12449] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 548.258150][T12449] ioctx_alloc+0x596/0x1fc0 [ 548.262638][T12449] ? __might_fault+0x13b/0x190 [ 548.267383][T12449] ? __pfx_lock_release+0x10/0x10 [ 548.272385][T12449] ? trace_lock_acquire+0x146/0x1e0 [ 548.277565][T12449] ? __pfx_ioctx_alloc+0x10/0x10 [ 548.282482][T12449] ? lock_acquire+0x2f/0xb0 [ 548.286965][T12449] ? __might_fault+0xe3/0x190 [ 548.291716][T12449] __x64_sys_io_setup+0xc9/0x210 [ 548.296635][T12449] do_syscall_64+0xcd/0x250 [ 548.301119][T12449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.307005][T12449] RIP: 0033:0x7f5991d80809 [ 548.311398][T12449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.330996][T12449] RSP: 002b:00007f5992b89058 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 548.339391][T12449] RAX: ffffffffffffffda RBX: 00007f5991f46160 RCX: 00007f5991d80809 [ 548.347516][T12449] RDX: 0000000000000000 RSI: 0000000020000680 RDI: 0000000000002004 [ 548.355476][T12449] RBP: 00007f5992b890a0 R08: 0000000000000000 R09: 0000000000000000 [ 548.363441][T12449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 548.371391][T12449] R13: 0000000000000000 R14: 00007f5991f46160 R15: 00007fff08d67678 [ 548.379361][T12449] [ 549.258546][ T189] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 549.270070][ T189] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 549.283902][ T189] bond0 (unregistering): Released all slaves [ 549.324730][T12113] Bluetooth: hci2: command tx timeout [ 549.655035][T12467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 549.673817][T12467] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 550.132117][T12477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 550.352120][T12401] chnl_net:caif_netlink_parms(): no params data found [ 550.386192][T12477] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 550.573610][T12490] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1789'. [ 550.621171][T12489] IPVS: stopping master sync thread 12275 ... [ 550.649372][ T189] hsr_slave_0: left promiscuous mode [ 550.663201][ T189] hsr_slave_1: left promiscuous mode [ 550.671644][ T189] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 550.695281][ T189] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 550.713357][ T189] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 550.730661][ T189] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 550.759953][ T189] veth1_macvtap: left promiscuous mode [ 550.773583][ T189] veth0_macvtap: left promiscuous mode [ 550.779926][ T189] veth1_vlan: left promiscuous mode [ 550.791100][ T189] veth0_vlan: left promiscuous mode [ 550.872424][T12496] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1791'. [ 551.434796][T12113] Bluetooth: hci2: command tx timeout [ 552.957985][ T189] team0 (unregistering): Port device team_slave_1 removed [ 553.137272][ T189] team0 (unregistering): Port device team_slave_0 removed [ 553.477632][T12531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1802'. [ 553.505300][T12113] Bluetooth: hci2: command tx timeout [ 553.875959][T12534] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 553.891914][T12534] qnx6: wrong signature (magic) in superblock #1. [ 553.900711][T12534] qnx6: unable to read the first superblock [ 554.579030][T12401] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.590646][T12401] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.612208][T12401] bridge_slave_0: entered allmulticast mode [ 554.620485][T12401] bridge_slave_0: entered promiscuous mode [ 554.788977][T12525] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 554.846647][T12401] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.888130][T12401] bridge0: port 2(bridge_slave_1) entered disabled state [ 554.895994][T12401] bridge_slave_1: entered allmulticast mode [ 554.902798][T12401] bridge_slave_1: entered promiscuous mode [ 555.017730][T12401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 555.029510][T12401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 555.124626][T12401] team0: Port device team_slave_0 added [ 555.132500][T12401] team0: Port device team_slave_1 added [ 555.793057][T12558] xt_cgroup: invalid path, errno=-2 [ 555.950431][T12556] bridge: RTM_NEWNEIGH with invalid ether address [ 555.975782][T12401] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 556.006605][T12401] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 556.097909][T12401] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 556.254662][T12401] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 556.288939][T12401] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 556.416590][T12401] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 556.428054][T12571] Invalid ELF header type: 10328 != 1 [ 556.584193][T12401] hsr_slave_0: entered promiscuous mode [ 556.591235][T12401] hsr_slave_1: entered promiscuous mode [ 556.600420][T12401] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 556.608607][T12401] Cannot create hsr debugfs directory [ 556.616757][T12578] devpts: called with bogus options [ 556.714437][ T5885] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 556.875071][ T5885] usb 4-1: Using ep0 maxpacket: 16 [ 556.898405][ T5885] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 556.919410][ T5885] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 556.935924][ T5885] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 556.946195][ T5885] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 556.960924][ T5885] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 556.978655][ T5885] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 556.994750][ T5885] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 557.009421][T12588] overlayfs: failed to resolve './file1': -2 [ 557.030937][ T5885] usb 4-1: Manufacturer: syz [ 557.039261][ T5885] usb 4-1: config 0 descriptor?? [ 557.059014][ T29] audit: type=1400 audit(1732696210.152:852): avc: denied { sys_chroot } for pid=12589 comm="dhcpcd" capability=18 scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1 [ 557.080574][ T29] audit: type=1400 audit(1732696210.152:853): avc: denied { setgid } for pid=12589 comm="dhcpcd" capability=6 scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1 [ 557.101640][ T29] audit: type=1400 audit(1732696210.152:854): avc: denied { setrlimit } for pid=12589 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1 [ 557.118160][T12591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 557.149239][T12591] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 557.414775][ T5885] rc_core: IR keymap rc-hauppauge not found [ 557.428323][ T5885] Registered IR keymap rc-empty [ 557.448266][ T5885] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 557.461707][T12401] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 558.185464][ T5885] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 558.435423][ T5885] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 558.448032][ T5885] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input29 [ 558.522313][ T5885] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 558.538487][T12401] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 558.583602][T12401] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 558.594575][ T5885] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 558.621280][ T5885] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 558.635340][T12401] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 558.654385][ T5885] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 558.682840][ T5885] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 558.814244][T12613] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 558.821207][ T5885] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 558.868710][T12401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 558.887243][T12401] 8021q: adding VLAN 0 to HW filter on device team0 [ 558.930482][T12401] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 558.941091][T12401] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 558.960288][ T5885] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 558.968159][ T3418] bridge0: port 1(bridge_slave_0) entered blocking state [ 558.975268][ T3418] bridge0: port 1(bridge_slave_0) entered forwarding state [ 558.985504][ T5885] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 559.004452][ T5885] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 559.025867][ T5885] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 559.057233][ T3418] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.064383][ T3418] bridge0: port 2(bridge_slave_1) entered forwarding state [ 559.087210][ T5885] mceusb 4-1:0.0: Registered with mce emulator interface version 1 [ 559.120168][ T5885] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 559.159972][ T5885] usb 4-1: USB disconnect, device number 64 [ 559.616216][ T29] audit: type=1400 audit(1732696212.622:855): avc: denied { ioctl } for pid=12627 comm="syz.2.1821" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 560.322047][T12401] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 560.384377][ T5887] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 560.481555][ T29] audit: type=1400 audit(1732696213.542:856): avc: denied { read } for pid=12644 comm="syz.3.1823" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 560.504954][ T29] audit: type=1400 audit(1732696213.542:857): avc: denied { open } for pid=12644 comm="syz.3.1823" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 560.519056][T12652] overlay: ./file0 is not a directory [ 560.528797][ T29] audit: type=1400 audit(1732696213.542:858): avc: denied { ioctl } for pid=12644 comm="syz.3.1823" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 560.556165][ T5887] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 560.600112][ T5887] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 560.719359][T12661] bridge: RTM_NEWNEIGH with invalid ether address [ 561.417331][ T5887] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 561.426512][ T5887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.800698][ T5887] usb 1-1: config 0 descriptor?? [ 561.828326][ T5887] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 562.538300][T12401] veth0_vlan: entered promiscuous mode [ 562.555238][T12401] veth1_vlan: entered promiscuous mode [ 562.579419][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.586241][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.628065][T12679] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1826'. [ 562.639205][T12401] veth0_macvtap: entered promiscuous mode [ 562.680831][T12401] veth1_macvtap: entered promiscuous mode [ 562.751761][T12401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 562.794398][T12401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.837927][T12401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 562.884331][T12401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.911506][T12401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 562.942473][T12401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.979919][T12401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 563.033325][T12401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 563.059099][T12401] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 563.104428][T12401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 563.144291][T12401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 563.185826][T12401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 563.211685][T12401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 563.257136][T12401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 563.298176][T12401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 563.336534][T12401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 563.372829][T12401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 563.417100][T12401] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 563.466683][T12401] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.488621][T12401] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.583220][T12712] xt_cgroup: invalid path, errno=-2 [ 564.204410][T12401] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 564.213151][T12401] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 564.551844][T12720] xt_cgroup: invalid path, errno=-2 [ 565.216616][ T7486] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.243570][ T1908] usb 1-1: USB disconnect, device number 51 [ 565.300854][T12730] FAULT_INJECTION: forcing a failure. [ 565.300854][T12730] name failslab, interval 1, probability 0, space 0, times 0 [ 565.313805][T12730] CPU: 0 UID: 0 PID: 12730 Comm: syz.0.1831 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 565.314513][ T29] audit: type=1400 audit(1732696218.422:859): avc: denied { unmount } for pid=5833 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 565.324212][T12730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 565.354433][T12730] Call Trace: [ 565.357723][T12730] [ 565.360677][T12730] dump_stack_lvl+0x16c/0x1f0 [ 565.365360][T12730] should_fail_ex+0x497/0x5b0 [ 565.370041][T12730] ? fs_reclaim_acquire+0xae/0x150 [ 565.375146][T12730] should_failslab+0xc2/0x120 [ 565.379811][T12730] __kmalloc_noprof+0xcb/0x510 [ 565.384572][T12730] tomoyo_encode2+0x100/0x3e0 [ 565.389254][T12730] tomoyo_encode+0x29/0x50 [ 565.393664][T12730] tomoyo_realpath_from_path+0x19d/0x720 [ 565.399286][T12730] ? tomoyo_path_number_perm+0x235/0x590 [ 565.404923][T12730] tomoyo_path_number_perm+0x248/0x590 [ 565.410366][T12730] ? tomoyo_path_number_perm+0x235/0x590 [ 565.415985][T12730] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 565.421967][T12730] ? __pfx_lock_release+0x10/0x10 [ 565.426980][T12730] ? trace_lock_acquire+0x146/0x1e0 [ 565.432168][T12730] ? lock_acquire+0x2f/0xb0 [ 565.436657][T12730] ? __fget_files+0x40/0x3a0 [ 565.441233][T12730] ? __fget_files+0x206/0x3a0 [ 565.445896][T12730] security_file_ioctl+0x9b/0x240 [ 565.450909][T12730] __x64_sys_ioctl+0xb7/0x200 [ 565.455577][T12730] do_syscall_64+0xcd/0x250 [ 565.460070][T12730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.466124][T12730] RIP: 0033:0x7f5991d80809 [ 565.470537][T12730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 565.490129][T12730] RSP: 002b:00007f5992bcb058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 565.498527][T12730] RAX: ffffffffffffffda RBX: 00007f5991f45fa0 RCX: 00007f5991d80809 [ 565.506482][T12730] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000004 [ 565.514438][T12730] RBP: 00007f5992bcb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 565.522414][T12730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 565.530392][T12730] R13: 0000000000000000 R14: 00007f5991f45fa0 R15: 00007fff08d67678 [ 565.538372][T12730] [ 565.607563][T12730] ERROR: Out of memory at tomoyo_realpath_from_path. [ 565.631263][ T7486] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.805512][ T189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.813371][ T189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 567.353185][T12738] SELinux: Context system_u:object_r:insmod_exec_t:s0 is not valid (left unmapped). [ 567.374410][ T29] audit: type=1400 audit(1732696220.452:860): avc: denied { relabelfrom } for pid=12735 comm="syz.2.1833" name="RAWv6" dev="sockfs" ino=41181 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 567.399808][ T29] audit: type=1400 audit(1732696220.482:861): avc: denied { relabelto } for pid=12735 comm="syz.2.1833" name="RAWv6" dev="sockfs" ino=41181 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=rawip_socket permissive=1 trawcon="system_u:object_r:insmod_exec_t:s0" [ 567.437218][T12763] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 567.732798][T12780] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1836'. [ 567.938538][T12784] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1839'. [ 568.346132][T12532] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.547101][T12532] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.786931][T12797] syz.2.1844 (12797): /proc/12790/oom_adj is deprecated, please use /proc/12790/oom_score_adj instead. [ 569.016368][T12532] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.186998][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 569.207877][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 569.218465][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 569.235213][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 569.241063][T12532] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.255993][ T5837] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 569.273035][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 569.287391][T12803] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 569.563943][T12848] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 569.732845][T12532] bridge_slave_1: left allmulticast mode [ 569.742568][T12532] bridge_slave_1: left promiscuous mode [ 569.761275][T12532] bridge0: port 2(bridge_slave_1) entered disabled state [ 569.790221][T12532] bridge_slave_0: left allmulticast mode [ 569.919871][T12871] Invalid ELF header type: 10328 != 1 [ 570.121851][T12532] bridge_slave_0: left promiscuous mode [ 570.132550][T12532] bridge0: port 1(bridge_slave_0) entered disabled state [ 571.960528][ T5837] Bluetooth: hci2: command tx timeout [ 572.137947][T12902] kvm: emulating exchange as write [ 572.631525][T12913] Invalid ELF header type: 10328 != 1 [ 573.265773][T12532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 573.293392][T12532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 573.311545][T12532] bond0 (unregistering): Released all slaves [ 573.319631][T12928] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1860'. [ 573.364386][T12928] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1860'. [ 573.741894][T13018] FAULT_INJECTION: forcing a failure. [ 573.741894][T13018] name failslab, interval 1, probability 0, space 0, times 0 [ 573.754593][T13018] CPU: 1 UID: 0 PID: 13018 Comm: syz.3.1862 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 573.765007][T13018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 573.775058][T13018] Call Trace: [ 573.778351][T13018] [ 573.781308][T13018] dump_stack_lvl+0x16c/0x1f0 [ 573.786008][T13018] should_fail_ex+0x497/0x5b0 [ 573.790701][T13018] should_failslab+0xc2/0x120 [ 573.795394][T13018] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 573.800773][T13018] ? skb_clone+0x190/0x3f0 [ 573.805200][T13018] skb_clone+0x190/0x3f0 [ 573.809444][T13018] netlink_deliver_tap+0xabd/0xd30 [ 573.814580][T13018] netlink_unicast+0x5e1/0x7f0 [ 573.819355][T13018] ? __pfx_netlink_unicast+0x10/0x10 [ 573.824651][T13018] netlink_sendmsg+0x8b8/0xd70 [ 573.829426][T13018] ? __pfx_netlink_sendmsg+0x10/0x10 [ 573.834732][T13018] ____sys_sendmsg+0xaaf/0xc90 [ 573.839501][T13018] ? copy_msghdr_from_user+0x10b/0x160 [ 573.844956][T13018] ? __pfx_____sys_sendmsg+0x10/0x10 [ 573.850259][T13018] ___sys_sendmsg+0x135/0x1e0 [ 573.855030][T13018] ? __pfx____sys_sendmsg+0x10/0x10 [ 573.860240][T13018] ? __pfx_lock_release+0x10/0x10 [ 573.865263][T13018] ? trace_lock_acquire+0x146/0x1e0 [ 573.870499][T13018] ? __fget_files+0x206/0x3a0 [ 573.875180][T13018] __sys_sendmsg+0x16e/0x220 [ 573.879774][T13018] ? __pfx___sys_sendmsg+0x10/0x10 [ 573.884899][T13018] do_syscall_64+0xcd/0x250 [ 573.889407][T13018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.895303][T13018] RIP: 0033:0x7f7241780809 [ 573.899716][T13018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 573.919324][T13018] RSP: 002b:00007f72424a1058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 573.927741][T13018] RAX: ffffffffffffffda RBX: 00007f7241946160 RCX: 00007f7241780809 [ 573.935713][T13018] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000008 [ 573.943678][T13018] RBP: 00007f72424a10a0 R08: 0000000000000000 R09: 0000000000000000 [ 573.951637][T13018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 573.959583][T13018] R13: 0000000000000000 R14: 00007f7241946160 R15: 00007ffc2c2e5a98 [ 573.967548][T13018] [ 573.970554][ C1] vkms_vblank_simulate: vblank timer overrun [ 574.014607][ T5837] Bluetooth: hci2: command tx timeout [ 574.232364][T12805] chnl_net:caif_netlink_parms(): no params data found [ 574.324440][ T5887] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 574.352570][T12532] hsr_slave_0: left promiscuous mode [ 574.361235][T12532] hsr_slave_1: left promiscuous mode [ 574.376182][T12532] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 574.393831][T12532] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 574.409245][T12532] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 574.425329][T12532] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 574.481850][T12532] veth1_macvtap: left promiscuous mode [ 574.489999][ T5887] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=51.d4 [ 574.499887][T12532] veth0_macvtap: left promiscuous mode [ 574.514054][T12532] veth1_vlan: left promiscuous mode [ 574.519450][ T5887] usb 3-1: New USB device strings: Mfr=231, Product=37, SerialNumber=191 [ 574.530889][T12532] veth0_vlan: left promiscuous mode [ 574.547078][ T5887] usb 3-1: Product: syz [ 574.551720][ T5887] usb 3-1: Manufacturer: syz [ 574.557948][ T5887] usb 3-1: SerialNumber: syz [ 574.565648][ T5887] usb 3-1: config 0 descriptor?? [ 574.674702][T13069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 574.714663][T13069] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 574.967743][ T5918] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 574.986543][ T5887] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 575.028614][T12532] team0 (unregistering): Port device team_slave_1 removed [ 575.073432][T12532] team0 (unregistering): Port device team_slave_0 removed [ 575.129770][ T5918] usb 1-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 575.139159][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 575.148332][ T5918] usb 1-1: Product: syz [ 575.152645][ T5918] usb 1-1: Manufacturer: syz [ 575.157330][ T5918] usb 1-1: SerialNumber: syz [ 575.166552][ T5918] usb 1-1: config 0 descriptor?? [ 575.189732][ T5887] gs_usb 3-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 575.202246][ T5887] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22 [ 575.461636][T13081] Unsupported ieee802154 address type: 0 [ 575.461651][ T29] audit: type=1400 audit(1732696228.562:862): avc: denied { bind } for pid=13024 comm="syz.2.1863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 575.675534][T12805] bridge0: port 1(bridge_slave_0) entered blocking state [ 575.683454][T12805] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.698481][T12805] bridge_slave_0: entered allmulticast mode [ 575.707990][T12805] bridge_slave_0: entered promiscuous mode [ 575.725421][T12805] bridge0: port 2(bridge_slave_1) entered blocking state [ 575.734424][T12805] bridge0: port 2(bridge_slave_1) entered disabled state [ 575.741699][T12805] bridge_slave_1: entered allmulticast mode [ 575.749982][T12805] bridge_slave_1: entered promiscuous mode [ 575.783622][T12805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 575.796850][T12805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 575.799278][ T29] audit: type=1400 audit(1732696228.902:863): avc: denied { read } for pid=13072 comm="syz.0.1870" name="/" dev="configfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 575.839486][ T29] audit: type=1400 audit(1732696228.902:864): avc: denied { open } for pid=13072 comm="syz.0.1870" path="/383/file0" dev="configfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 575.863595][ T29] audit: type=1400 audit(1732696228.912:865): avc: denied { mounton } for pid=13072 comm="syz.0.1870" path="/383/file0" dev="configfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 575.893970][T12805] team0: Port device team_slave_0 added [ 575.910127][T12805] team0: Port device team_slave_1 added [ 575.942323][T12805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 575.949608][T12805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 575.976784][T12805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 575.990180][T12805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 576.002511][T12805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 576.045781][T12805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 576.095577][ T5837] Bluetooth: hci2: command tx timeout [ 576.131810][T12805] hsr_slave_0: entered promiscuous mode [ 576.146268][T12805] hsr_slave_1: entered promiscuous mode [ 576.163573][T12805] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 576.179833][T12805] Cannot create hsr debugfs directory [ 576.749387][ T5918] usb 1-1: f81604_read: reg: 200f failed: -EPROTO [ 576.761119][ T5918] usb 1-1: USB disconnect, device number 52 [ 576.818648][T13273] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 576.832397][ T5918] usb 1-1: f81604_read: reg: 100f failed: -ENODEV [ 576.917717][T13323] netlink: 'syz.3.1873': attribute type 11 has an invalid length. [ 576.926725][ T5918] usb 1-1: f81604_read: reg: 200f failed: -ENODEV [ 576.931935][T13323] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1873'. [ 576.970101][ T29] audit: type=1400 audit(1732696230.072:866): avc: denied { ioctl } for pid=13318 comm="syz.3.1873" path="socket:[41699]" dev="sockfs" ino=41699 ioctlcmd=0x7436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 576.989665][T13323] program syz.3.1873 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 577.098404][ T25] usb 3-1: USB disconnect, device number 51 [ 577.244697][ T29] audit: type=1400 audit(1732696230.342:867): avc: denied { read } for pid=13367 comm="syz.3.1877" name="btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 577.736793][T13407] Invalid ELF header type: 10328 != 1 [ 577.958143][T13408] Invalid ELF header type: 10328 != 1 [ 578.157856][T13422] xt_nat: multiple ranges no longer supported [ 578.204177][ T5837] Bluetooth: hci2: command tx timeout [ 578.832534][ T29] audit: type=1400 audit(1732696231.432:868): avc: denied { execute } for pid=13420 comm="syz.0.1881" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 578.856969][ C0] vkms_vblank_simulate: vblank timer overrun [ 579.066149][T12805] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 579.076007][T12805] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 579.084020][T12805] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 579.122293][ T29] audit: type=1400 audit(1732696232.222:869): avc: denied { connect } for pid=13445 comm="syz.0.1883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 579.148509][T12805] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 579.555042][T12805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 579.952536][T13468] xt_cgroup: invalid path, errno=-2 [ 580.298041][T12805] 8021q: adding VLAN 0 to HW filter on device team0 [ 580.353485][ T3472] bridge0: port 1(bridge_slave_0) entered blocking state [ 580.360622][ T3472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 580.407826][ T3472] bridge0: port 2(bridge_slave_1) entered blocking state [ 580.415066][ T3472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 580.740903][T13485] xt_cgroup: invalid path, errno=-2 [ 581.710106][T12805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 582.815341][T13521] xt_cgroup: invalid path, errno=-2 [ 583.344980][ T1908] usb 3-1: new full-speed USB device number 52 using dummy_hcd [ 583.506489][ T1908] usb 3-1: config 4 has an invalid interface number: 231 but max is 0 [ 583.546888][T12805] veth0_vlan: entered promiscuous mode [ 583.558116][ T1908] usb 3-1: config 4 has no interface number 0 [ 583.604039][ T1908] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 583.607282][T12805] veth1_vlan: entered promiscuous mode [ 583.627801][ T1908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 583.653962][ T1908] usb 3-1: Product: syz [ 583.688571][ T1908] usb 3-1: Manufacturer: syz [ 583.696303][T12805] veth0_macvtap: entered promiscuous mode [ 583.706109][ T1908] usb 3-1: SerialNumber: syz [ 583.722579][ T1908] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 583.732396][T13533] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1894'. [ 583.733876][T12805] veth1_macvtap: entered promiscuous mode [ 583.801288][T12805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 583.844322][T12805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 583.854172][T12805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 583.880245][T12805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 583.895937][T12805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 583.942497][T12805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 583.964344][T12805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 583.992598][T12805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.003466][T12805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 584.031985][T12805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.079249][T12805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.094107][T12805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.132879][T12805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.146795][ T1908] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 584.157448][T12805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.174391][ T1908] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 584.204338][T12805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.260955][T12805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.298430][T12805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.323236][T12805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 584.365304][T12805] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.453104][T13572] xt_cgroup: invalid path, errno=-2 [ 584.475041][T12805] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.680216][T12805] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.837267][T12805] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.222291][ T3418] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 585.241569][ T29] audit: type=1400 audit(1732696238.342:870): avc: denied { name_bind } for pid=13588 comm="syz.1.1900" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 585.255182][T13587] sctp: [Deprecated]: syz.0.1899 (pid 13587) Use of struct sctp_assoc_value in delayed_ack socket option. [ 585.255182][T13587] Use struct sctp_sack_info instead [ 585.283413][ T3418] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 585.286889][ T29] audit: type=1400 audit(1732696238.362:871): avc: denied { setattr } for pid=13575 comm="syz.3.1898" name="task" dev="proc" ino=42524 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 585.440573][T12532] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 585.462107][T12532] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 586.384612][ T1908] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 586.440038][ T5884] usb 3-1: USB disconnect, device number 52 [ 586.657844][ T1908] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 586.668950][ T1908] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 586.682519][ T1908] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 586.785888][ T1908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.658336][T13576] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 587.668914][ T1908] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 587.696761][T13636] xt_cgroup: invalid path, errno=-2 [ 587.984199][ T1908] usb 4-1: USB disconnect, device number 65 [ 588.004698][T13661] wireguard0: entered promiscuous mode [ 588.010234][T13661] wireguard0: entered allmulticast mode [ 588.592602][ T3472] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.006723][ T3472] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.132190][ T3472] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.236767][ T3472] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.493884][ T3472] bridge_slave_1: left allmulticast mode [ 589.724630][ T3472] bridge_slave_1: left promiscuous mode [ 589.731182][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.799743][T13733] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1908'. [ 590.075271][ T29] audit: type=1400 audit(1732696242.732:872): avc: denied { ioctl } for pid=13724 comm="syz.2.1908" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d04 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 590.104382][ T29] audit: type=1400 audit(1732696243.172:873): avc: denied { validate_trans } for pid=13724 comm="syz.2.1908" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 590.818078][T13739] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 590.829114][T13739] qnx6: wrong signature (magic) in superblock #1. [ 590.837693][T13739] qnx6: unable to read the first superblock [ 591.845903][T13753] random: crng reseeded on system resumption [ 591.942061][ T3472] bridge_slave_0: left allmulticast mode [ 591.953013][ T3472] bridge_slave_0: left promiscuous mode [ 591.960465][T12113] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 591.960534][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.001448][T12113] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 592.011949][T12113] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 592.019800][T12113] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 592.028451][T12113] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 592.035991][T12113] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 592.115058][T13748] could not allocate digest TFM handle sha224-ni [ 592.510749][T13767] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 592.830558][T13767] qnx6: wrong signature (magic) in superblock #1. [ 593.244344][T13767] qnx6: unable to read the first superblock [ 593.461629][ T3472] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 593.476652][ T3472] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 593.487338][ T3472] bond0 (unregistering): Released all slaves [ 593.519266][T13734] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 594.170261][T12113] Bluetooth: hci2: command tx timeout [ 594.715974][T13750] chnl_net:caif_netlink_parms(): no params data found [ 595.996015][T13970] xt_cgroup: invalid path, errno=-2 [ 596.073455][T13971] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1920'. [ 596.284409][T12113] Bluetooth: hci2: command tx timeout [ 596.363341][ T3472] hsr_slave_0: left promiscuous mode [ 596.458276][ T29] audit: type=1400 audit(1732696249.562:874): avc: denied { connect } for pid=13965 comm="syz.1.1920" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 596.494941][ T3472] hsr_slave_1: left promiscuous mode [ 596.524063][ T3472] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 596.543769][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 596.571176][ T3472] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 596.654521][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 596.705953][ T3472] veth1_macvtap: left promiscuous mode [ 596.721564][ T29] audit: type=1400 audit(1732696249.822:875): avc: denied { getopt } for pid=13974 comm="syz.0.1919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 596.724118][ T3472] veth0_macvtap: left promiscuous mode [ 596.784604][ T3472] veth1_vlan: left promiscuous mode [ 596.790984][ T3472] veth0_vlan: left promiscuous mode [ 596.793972][ T29] audit: type=1400 audit(1732696249.852:876): avc: denied { ioctl } for pid=13974 comm="syz.0.1919" path="socket:[42904]" dev="sockfs" ino=42904 ioctlcmd=0x89f1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 597.170051][T13990] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 597.204635][T13990] qnx6: wrong signature (magic) in superblock #1. [ 597.211152][T13990] qnx6: unable to read the first superblock [ 598.070477][ T3472] team0 (unregistering): Port device team_slave_1 removed [ 598.121338][ T3472] team0 (unregistering): Port device team_slave_0 removed [ 598.338459][T12113] Bluetooth: hci2: command tx timeout [ 598.480374][T13750] bridge0: port 1(bridge_slave_0) entered blocking state [ 598.487828][T13750] bridge0: port 1(bridge_slave_0) entered disabled state [ 598.495616][T13750] bridge_slave_0: entered allmulticast mode [ 598.502404][T13750] bridge_slave_0: entered promiscuous mode [ 598.545868][T13750] bridge0: port 2(bridge_slave_1) entered blocking state [ 598.553160][T13750] bridge0: port 2(bridge_slave_1) entered disabled state [ 598.580535][T13750] bridge_slave_1: entered allmulticast mode [ 598.589029][T13750] bridge_slave_1: entered promiscuous mode [ 598.596712][T13996] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1926'. [ 598.769250][T13750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 598.806709][T13750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 598.913335][T14025] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1929'. [ 599.077579][T13750] team0: Port device team_slave_0 added [ 599.115168][T13750] team0: Port device team_slave_1 added [ 599.419335][T13750] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 599.435974][T13750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 599.488110][T13750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 599.520458][T13750] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 599.552352][T13750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 599.644603][T13750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 599.811500][T13750] hsr_slave_0: entered promiscuous mode [ 599.866215][T13750] hsr_slave_1: entered promiscuous mode [ 599.923695][T13750] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 599.947719][T13750] Cannot create hsr debugfs directory [ 600.877977][T12113] Bluetooth: hci2: command tx timeout [ 600.940694][T14174] bridge: RTM_NEWNEIGH with invalid ether address [ 601.518071][T14196] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 601.615053][T14196] qnx6: wrong signature (magic) in superblock #1. [ 601.621533][T14196] qnx6: unable to read the first superblock [ 604.437893][ T29] audit: type=1400 audit(1732696257.522:877): avc: denied { setopt } for pid=14229 comm="syz.2.1941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 605.114557][T14272] program syz.2.1943 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 606.242291][T14343] xt_cgroup: invalid path, errno=-2 [ 609.337169][T14386] Invalid ELF header magic: != ELF [ 609.787382][T13750] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 609.827929][T13750] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 610.179099][T13750] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 610.804068][T14414] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1954'. [ 611.051687][T13750] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 611.737988][T13750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 611.751069][T13750] 8021q: adding VLAN 0 to HW filter on device team0 [ 611.798372][T13750] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 611.808934][T13750] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 612.346207][ T189] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.353471][ T189] bridge0: port 1(bridge_slave_0) entered forwarding state [ 612.361496][ T29] audit: type=1400 audit(1732696265.032:878): avc: denied { ioctl } for pid=14416 comm="syz.0.1955" path="socket:[45260]" dev="sockfs" ino=45260 ioctlcmd=0x8b32 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 612.386185][ C1] vkms_vblank_simulate: vblank timer overrun [ 612.403601][ T189] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.410748][ T189] bridge0: port 2(bridge_slave_1) entered forwarding state [ 614.154003][T13750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 614.178168][T14448] netlink: 'syz.1.1959': attribute type 10 has an invalid length. [ 614.304118][T14448] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 614.328811][T14448] team0: Port device batadv0 added [ 614.423552][T13750] veth0_vlan: entered promiscuous mode [ 614.438467][T13750] veth1_vlan: entered promiscuous mode [ 614.457485][T13750] veth0_macvtap: entered promiscuous mode [ 614.470310][T13750] veth1_macvtap: entered promiscuous mode [ 614.564833][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 614.642075][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 614.688873][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 614.704298][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 614.714168][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 614.725484][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 614.735680][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 614.746220][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 614.759467][T13750] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 614.788486][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 614.799152][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 614.837531][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 614.864660][T14477] overlayfs: failed to resolve './file1': -2 [ 614.870756][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 614.904854][T14475] xt_cgroup: invalid path, errno=-2 [ 614.940871][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 615.003636][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.109887][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 615.244320][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.291131][T13750] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 615.325958][T13750] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.343744][T13750] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.381874][T13750] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.747846][T13750] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.964101][T14500] FAULT_INJECTION: forcing a failure. [ 616.964101][T14500] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 616.977421][T14500] CPU: 1 UID: 0 PID: 14500 Comm: syz.0.1966 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 616.987834][T14500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 616.997885][T14500] Call Trace: [ 617.001145][T14500] [ 617.004061][T14500] dump_stack_lvl+0x16c/0x1f0 [ 617.008729][T14500] should_fail_ex+0x497/0x5b0 [ 617.013493][T14500] _copy_from_user+0x2e/0xd0 [ 617.018155][T14500] do_replace+0x436/0x500 [ 617.022467][T14500] ? irqentry_exit_to_user_mode+0x230/0x280 [ 617.028348][T14500] ? __pfx_do_replace+0x10/0x10 [ 617.033191][T14500] ? bpf_lsm_capable+0x9/0x10 [ 617.037848][T14500] ? security_capable+0x7e/0x260 [ 617.042774][T14500] do_ebt_set_ctl+0x470/0x580 [ 617.047441][T14500] ? irqentry_exit+0x3b/0x90 [ 617.052020][T14500] ? __pfx_do_ebt_set_ctl+0x10/0x10 [ 617.057205][T14500] ? nf_sockopt_find.constprop.0+0x9e/0x290 [ 617.063102][T14500] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 617.069068][T14500] nf_setsockopt+0x8a/0xf0 [ 617.073471][T14500] ip_setsockopt+0xcb/0xf0 [ 617.077880][T14500] tcp_setsockopt+0xa4/0x100 [ 617.082460][T14500] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 617.088338][T14500] do_sock_setsockopt+0x222/0x480 [ 617.093358][T14500] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 617.098891][T14500] ? lock_acquire+0x2f/0xb0 [ 617.103388][T14500] __sys_setsockopt+0x1a0/0x230 [ 617.108232][T14500] __x64_sys_setsockopt+0xbd/0x160 [ 617.113330][T14500] ? __x64_sys_setsockopt+0x4/0x160 [ 617.118519][T14500] do_syscall_64+0xcd/0x250 [ 617.123013][T14500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.128902][T14500] RIP: 0033:0x7f5991d80809 [ 617.133309][T14500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 617.152917][T14500] RSP: 002b:00007f5992b89058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 617.161330][T14500] RAX: ffffffffffffffda RBX: 00007f5991f46160 RCX: 00007f5991d80809 [ 617.169285][T14500] RDX: 0000000000000080 RSI: 0a00000000000000 RDI: 0000000000000009 [ 617.177239][T14500] RBP: 00007f5992b890a0 R08: 0000000000000a08 R09: 0000000000000000 [ 617.185192][T14500] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000001 [ 617.193147][T14500] R13: 0000000000000000 R14: 00007f5991f46160 R15: 00007fff08d67678 [ 617.201109][T14500] [ 617.393646][ T29] audit: type=1400 audit(1732696270.492:879): avc: denied { create } for pid=14503 comm="syz.3.1967" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 617.510029][ T29] audit: type=1400 audit(1732696270.542:880): avc: denied { create } for pid=14503 comm="syz.3.1967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 618.298040][T14510] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1967'. [ 618.400473][ T29] audit: type=1400 audit(1732696271.502:881): avc: denied { connect } for pid=14541 comm="syz.0.1971" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 618.490708][T12532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 618.497219][ T29] audit: type=1400 audit(1732696271.592:882): avc: denied { write } for pid=14541 comm="syz.0.1971" path="socket:[44495]" dev="sockfs" ino=44495 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 618.564409][T12532] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 618.719679][ T29] audit: type=1326 audit(1732696271.822:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14560 comm="syz.2.1972" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fce09380809 code=0x0 [ 618.779981][ T189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 618.788538][ T189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 618.821403][T14577] Invalid ELF header type: 10328 != 1 [ 619.324012][T14604] overlayfs: failed to resolve './file1': -2 [ 619.528742][T14609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 619.583197][T14609] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 619.656473][T14609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 619.719283][T14609] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 619.956688][ T1908] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 620.114330][ T1908] usb 1-1: Using ep0 maxpacket: 16 [ 620.129852][ T1908] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 620.144287][ T1908] usb 1-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 620.169924][ T1908] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 620.207721][ T1908] usb 1-1: config 0 descriptor?? [ 620.591743][T14614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 620.624774][T14614] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 620.693761][T14624] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 620.935929][T14639] fuse: Unknown parameter '0x0000000000000004' [ 621.184996][T14631] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 621.204836][T14631] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 621.240663][T12532] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.343913][T12532] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.413858][T12532] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.466867][T14631] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 621.479608][T14631] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 621.498775][T12532] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.643728][T12532] bridge_slave_1: left allmulticast mode [ 621.650850][T12532] bridge_slave_1: left promiscuous mode [ 621.657029][T12532] bridge0: port 2(bridge_slave_1) entered disabled state [ 621.667010][T12532] bridge_slave_0: left allmulticast mode [ 621.672674][T12532] bridge_slave_0: left promiscuous mode [ 621.697533][ T1908] apple 0003:05AC:024B.0021: unknown main item tag 0x6 [ 621.705408][ T1908] apple 0003:05AC:024B.0021: unknown main item tag 0xe [ 621.712340][ T1908] apple 0003:05AC:024B.0021: bogus close delimiter [ 621.716037][T12532] bridge0: port 1(bridge_slave_0) entered disabled state [ 621.734311][ T1908] apple 0003:05AC:024B.0021: item 0 0 2 10 parsing failed [ 621.741642][T14665] FAULT_INJECTION: forcing a failure. [ 621.741642][T14665] name failslab, interval 1, probability 0, space 0, times 0 [ 621.759863][T14667] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 621.769167][T14665] CPU: 1 UID: 0 PID: 14665 Comm: syz.2.1982 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 621.777389][ T1908] apple 0003:05AC:024B.0021: parse failed [ 621.780605][T14665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 621.780620][T14665] Call Trace: [ 621.780626][T14665] [ 621.780633][T14665] dump_stack_lvl+0x16c/0x1f0 [ 621.804422][ T1908] apple 0003:05AC:024B.0021: probe with driver apple failed with error -22 [ 621.807358][T14665] should_fail_ex+0x497/0x5b0 [ 621.820642][T14665] ? fs_reclaim_acquire+0xae/0x150 [ 621.825744][T14665] should_failslab+0xc2/0x120 [ 621.830411][T14665] __kmalloc_noprof+0xcb/0x510 [ 621.835162][T14665] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 621.840785][T14665] tomoyo_realpath_from_path+0xb9/0x720 [ 621.846320][T14665] ? tomoyo_path_number_perm+0x235/0x590 [ 621.851948][T14665] ? tomoyo_path_number_perm+0x235/0x590 [ 621.857571][T14665] tomoyo_path_number_perm+0x248/0x590 [ 621.863020][T14665] ? tomoyo_path_number_perm+0x235/0x590 [ 621.868643][T14665] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 621.874645][T14665] ? __pfx_lock_release+0x10/0x10 [ 621.879655][T14665] ? trace_lock_acquire+0x146/0x1e0 [ 621.884844][T14665] ? lock_acquire+0x2f/0xb0 [ 621.889336][T14665] ? __fget_files+0x40/0x3a0 [ 621.893914][T14665] ? __fget_files+0x206/0x3a0 [ 621.898578][T14665] security_file_ioctl+0x9b/0x240 [ 621.903591][T14665] __x64_sys_ioctl+0xb7/0x200 [ 621.908259][T14665] do_syscall_64+0xcd/0x250 [ 621.912753][T14665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.918635][T14665] RIP: 0033:0x7fce09380809 [ 621.923032][T14665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.942712][T14665] RSP: 002b:00007fce0a243058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 621.951110][T14665] RAX: ffffffffffffffda RBX: 00007fce09545fa0 RCX: 00007fce09380809 [ 621.959068][T14665] RDX: 0000000020000000 RSI: 0000000040045644 RDI: 0000000000000003 [ 621.967022][T14665] RBP: 00007fce0a2430a0 R08: 0000000000000000 R09: 0000000000000000 [ 621.974978][T14665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 621.982934][T14665] R13: 0000000000000000 R14: 00007fce09545fa0 R15: 00007ffd11506f48 [ 621.990900][T14665] [ 622.015364][T14667] qnx6: wrong signature (magic) in superblock #1. [ 622.021836][T14667] qnx6: unable to read the first superblock [ 622.545680][T14665] ERROR: Out of memory at tomoyo_realpath_from_path. [ 622.705156][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 622.724423][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 622.735614][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 622.766647][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 622.780449][ T5837] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 622.788153][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 624.017187][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.024053][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.495000][ T8] usb 1-1: USB disconnect, device number 53 [ 624.905255][T12113] Bluetooth: hci2: command tx timeout [ 625.152260][T12532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 625.167689][T12532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 625.185130][T12532] bond0 (unregistering): Released all slaves [ 626.348044][T14675] chnl_net:caif_netlink_parms(): no params data found [ 626.635857][ T29] audit: type=1400 audit(1732696279.742:884): avc: denied { ioctl } for pid=14757 comm="syz.0.1992" path="socket:[44899]" dev="sockfs" ino=44899 ioctlcmd=0x8940 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 626.677524][T14675] bridge0: port 1(bridge_slave_0) entered blocking state [ 626.689450][T14675] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.708956][T14675] bridge_slave_0: entered allmulticast mode [ 626.733900][T14675] bridge_slave_0: entered promiscuous mode [ 626.771996][T12532] hsr_slave_0: left promiscuous mode [ 626.779619][T12532] hsr_slave_1: left promiscuous mode [ 626.790524][T12532] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 626.802121][T12532] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.815711][T12532] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 626.825148][T12532] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.867090][T12532] veth1_macvtap: left promiscuous mode [ 626.873497][T12532] veth0_macvtap: left promiscuous mode [ 626.882638][T12532] veth1_vlan: left promiscuous mode [ 626.889018][T12532] veth0_vlan: left promiscuous mode [ 626.974384][T12113] Bluetooth: hci2: command tx timeout [ 627.917528][T12532] team0 (unregistering): Port device team_slave_1 removed [ 627.947128][T14925] 9pnet_virtio: no channels available for device [ 627.962718][T14925] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2000'. [ 627.972528][T14925] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2000'. [ 627.989793][T12532] team0 (unregistering): Port device team_slave_0 removed [ 628.028773][T14926] 9pnet_virtio: no channels available for device [ 628.296924][T14675] bridge0: port 2(bridge_slave_1) entered blocking state [ 628.304139][T14675] bridge0: port 2(bridge_slave_1) entered disabled state [ 628.311519][T14675] bridge_slave_1: entered allmulticast mode [ 628.320291][T14675] bridge_slave_1: entered promiscuous mode [ 628.443067][T14675] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 628.460287][T14958] FAULT_INJECTION: forcing a failure. [ 628.460287][T14958] name failslab, interval 1, probability 0, space 0, times 0 [ 628.473653][T14958] CPU: 1 UID: 0 PID: 14958 Comm: syz.0.2002 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 628.480021][T14675] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 628.484063][T14958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 628.503151][T14958] Call Trace: [ 628.506432][T14958] [ 628.509386][T14958] dump_stack_lvl+0x16c/0x1f0 [ 628.514072][T14958] should_fail_ex+0x497/0x5b0 [ 628.518771][T14958] should_failslab+0xc2/0x120 [ 628.523467][T14958] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 628.529813][T14958] ? sidtab_sid2str_get+0x17a/0x680 [ 628.535030][T14958] kmemdup_noprof+0x29/0x60 [ 628.539544][T14958] sidtab_sid2str_get+0x17a/0x680 [ 628.544589][T14958] sidtab_entry_to_string+0x33/0x110 [ 628.549889][T14958] security_sid_to_context_core+0x35c/0x640 [ 628.555803][T14958] avc_audit_post_callback+0x10b/0x8c0 [ 628.561279][T14958] ? audit_log_format+0xe9/0x130 [ 628.566237][T14958] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 628.572242][T14958] ? skb_put+0x138/0x1b0 [ 628.576502][T14958] ? audit_log_n_string+0x251/0x540 [ 628.581723][T14958] ? audit_log_n_untrustedstring+0xf2/0x100 [ 628.587636][T14958] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 628.593629][T14958] common_lsm_audit+0x33f/0x2250 [ 628.598587][T14958] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 628.604586][T14958] ? __pfx_common_lsm_audit+0x10/0x10 [ 628.609973][T14958] ? __pfx_lock_release+0x10/0x10 [ 628.615006][T14958] ? __pfx_avc_node_free+0x10/0x10 [ 628.620140][T14958] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 628.625961][T14958] ? lockdep_hardirqs_on+0x7c/0x110 [ 628.631179][T14958] ? slow_avc_audit+0x17d/0x210 [ 628.636049][T14958] slow_avc_audit+0x17d/0x210 [ 628.640748][T14958] ? __pfx_slow_avc_audit+0x10/0x10 [ 628.645980][T14958] ? avc_denied+0x138/0x180 [ 628.650512][T14958] ? avc_has_perm_noaudit+0x2f8/0x3a0 [ 628.655907][T14958] avc_has_perm+0x18d/0x1c0 [ 628.660449][T14958] ? __pfx_avc_has_perm+0x10/0x10 [ 628.665589][T14958] sel_write_checkreqprot+0x152/0x410 [ 628.670971][T14958] ? __pfx_sel_write_checkreqprot+0x10/0x10 [ 628.676879][T14958] ? trace_lock_acquire+0x146/0x1e0 [ 628.682098][T14958] ? ksys_write+0x12b/0x250 [ 628.686623][T14958] ? __pfx_sel_write_checkreqprot+0x10/0x10 [ 628.692531][T14958] vfs_write+0x24c/0x1150 [ 628.696874][T14958] ? __fget_files+0x1fc/0x3a0 [ 628.701564][T14958] ? __pfx___mutex_lock+0x10/0x10 [ 628.706603][T14958] ? __pfx_vfs_write+0x10/0x10 [ 628.711388][T14958] ? __fget_files+0x206/0x3a0 [ 628.716084][T14958] ksys_write+0x12b/0x250 [ 628.720435][T14958] ? __pfx_ksys_write+0x10/0x10 [ 628.725305][T14958] do_syscall_64+0xcd/0x250 [ 628.729831][T14958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.735739][T14958] RIP: 0033:0x7f5991d80809 [ 628.740160][T14958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 628.759816][T14958] RSP: 002b:00007f5992bcb058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 628.768238][T14958] RAX: ffffffffffffffda RBX: 00007f5991f45fa0 RCX: 00007f5991d80809 [ 628.776202][T14958] RDX: 0000000000000012 RSI: 0000000020000a40 RDI: 0000000000000003 [ 628.784167][T14958] RBP: 00007f5992bcb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 628.792131][T14958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 628.800096][T14958] R13: 0000000000000000 R14: 00007f5991f45fa0 R15: 00007fff08d67678 [ 628.808061][T14958] [ 628.831760][ T29] audit: type=1400 audit(1732696281.562:885): avc: denied { setcheckreqprot } for pid=14957 comm="syz.0.2002" ssid=146 tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 629.070117][T12113] Bluetooth: hci2: command tx timeout [ 629.228042][T14675] team0: Port device team_slave_0 added [ 629.259080][T14675] team0: Port device team_slave_1 added [ 629.561126][T14675] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 629.574774][ T29] audit: type=1326 audit(1732696282.642:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15034 comm="syz.1.2008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddf3180809 code=0x7ffc0000 [ 629.633712][T14675] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 629.723699][ T29] audit: type=1326 audit(1732696282.642:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15034 comm="syz.1.2008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddf3180809 code=0x7ffc0000 [ 629.845489][T14675] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 629.865298][T14675] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 629.872278][T14675] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 629.898229][T14675] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 629.898655][ T29] audit: type=1326 audit(1732696282.722:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15034 comm="syz.1.2008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fddf3180809 code=0x7ffc0000 [ 629.953646][ T29] audit: type=1326 audit(1732696282.722:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15034 comm="syz.1.2008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddf3180809 code=0x7ffc0000 [ 629.977309][ T29] audit: type=1326 audit(1732696282.722:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15034 comm="syz.1.2008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fddf3180809 code=0x7ffc0000 [ 630.001066][ T29] audit: type=1326 audit(1732696282.722:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15034 comm="syz.1.2008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddf3180809 code=0x7ffc0000 [ 630.051070][ T29] audit: type=1326 audit(1732696282.722:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15034 comm="syz.1.2008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fddf3180809 code=0x7ffc0000 [ 630.075237][ T29] audit: type=1326 audit(1732696282.722:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15034 comm="syz.1.2008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddf3180809 code=0x7ffc0000 [ 630.690159][T14675] hsr_slave_0: entered promiscuous mode [ 630.794935][T14675] hsr_slave_1: entered promiscuous mode [ 630.828341][T14675] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 630.868169][T14675] Cannot create hsr debugfs directory [ 631.178387][T12113] Bluetooth: hci2: command tx timeout [ 632.101937][T15178] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 632.615579][T15200] ieee802154 phy0 wpan0: encryption failed: -22 [ 633.259181][T15178] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.983384][T15178] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.218113][T15220] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 635.140110][T15178] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.222483][T14675] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 635.308601][T14675] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 635.321948][T14675] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 635.666816][T15279] overlayfs: failed to resolve './file0': -2 [ 635.865432][T15178] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.912920][T15178] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.962422][T15178] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.004389][T15178] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.047145][T14675] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 636.131174][T14675] 8021q: adding VLAN 0 to HW filter on device bond0 [ 636.345609][T14675] 8021q: adding VLAN 0 to HW filter on device team0 [ 636.358174][ T3418] bridge0: port 1(bridge_slave_0) entered blocking state [ 636.365290][ T3418] bridge0: port 1(bridge_slave_0) entered forwarding state [ 636.559349][T15306] ieee802154 phy0 wpan0: encryption failed: -22 [ 636.745014][T13574] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 636.753121][ T5914] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 636.945847][ T46] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 636.955558][ T3418] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.962668][ T3418] bridge0: port 2(bridge_slave_1) entered forwarding state [ 637.015870][T13574] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 637.028392][T13574] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 637.044359][ T5914] usb 1-1: Using ep0 maxpacket: 8 [ 637.052722][ T5914] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 637.066867][T14675] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 637.081362][T13574] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 637.098496][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.114385][ T5914] usb 1-1: Product: syz [ 637.118575][ T5914] usb 1-1: Manufacturer: syz [ 637.123182][ T5914] usb 1-1: SerialNumber: syz [ 637.131201][T13574] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.142882][T15311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 637.146069][T15296] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 637.160043][ T5914] usb 1-1: config 0 descriptor?? [ 637.165073][ T46] usb 4-1: config 0 has an invalid interface number: 66 but max is 0 [ 637.165101][ T46] usb 4-1: config 0 has no interface number 0 [ 637.168986][T15311] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 637.180962][T13574] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 637.187944][ T46] usb 4-1: New USB device found, idVendor=0bdb, idProduct=7c70, bcdDevice=8b.1a [ 637.205834][ T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.238364][ T46] usb 4-1: Product: syz [ 637.242941][ T46] usb 4-1: Manufacturer: syz [ 637.256860][ T46] usb 4-1: SerialNumber: syz [ 637.270329][ T46] usb 4-1: config 0 descriptor?? [ 637.303683][T14675] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 637.314685][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 637.314701][ T29] audit: type=1400 audit(1732696290.422:901): avc: denied { setattr } for pid=15310 comm="syz.1.2026" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 637.426041][ T1908] usb 3-1: USB disconnect, device number 53 [ 637.502473][ T5914] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 637.510165][ T46] cdc_mbim 4-1:0.66: CDC Union missing and no IAD found [ 637.522652][ T46] cdc_mbim 4-1:0.66: bind() failure [ 637.539877][ T46] usb 4-1: USB disconnect, device number 66 [ 637.722843][T14675] veth0_vlan: entered promiscuous mode [ 637.743351][T14675] veth1_vlan: entered promiscuous mode [ 637.780380][T14675] veth0_macvtap: entered promiscuous mode [ 637.798634][T14675] veth1_macvtap: entered promiscuous mode [ 637.820131][T14675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.851144][T14675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.873019][T14675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.892547][T14675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.912658][T14675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.933529][T14675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.946858][T14675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.957755][T14675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.976398][T14675] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 637.996708][T14675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.024380][T14675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.044552][T14675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.064290][T14675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.100247][T14675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.131544][T14675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.161900][T14675] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.195616][T14675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.216534][T14675] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 638.271496][T14675] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.308708][T14675] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.354424][T14675] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.383522][T14675] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.128906][T12532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 639.153822][T12532] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 639.331688][T12532] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 639.341832][T12532] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 639.537578][T15416] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 639.830984][ T5914] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 639.942455][T15424] Invalid ELF header type: 10328 != 1 [ 639.966917][ T25] usb 1-1: USB disconnect, device number 54 [ 640.013767][ T29] audit: type=1400 audit(1732696293.112:902): avc: denied { read } for pid=15434 comm="syz.0.2033" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 640.153347][ T29] audit: type=1400 audit(1732696293.112:903): avc: denied { getopt } for pid=15434 comm="syz.0.2033" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 641.433119][T15480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 641.466255][T15480] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 641.500432][T15480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 641.515211][T15480] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 641.735691][T15493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 641.808508][T15493] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 642.121933][T15480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 642.132599][T15480] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 642.274372][ T1908] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 642.362248][T15521] afs: Bad value for 'source' [ 642.503517][ T1908] usb 4-1: Using ep0 maxpacket: 16 [ 642.510614][ T1908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 642.522353][ T1908] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 642.531799][ T1908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.542212][ T1908] usb 4-1: config 0 descriptor?? [ 642.873377][ T7486] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 642.930063][T15499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 643.109031][T15499] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 643.238281][ T7486] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.413689][ T7486] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.482210][ T7486] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.593453][ T7486] bridge_slave_1: left allmulticast mode [ 643.600041][T15533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 643.609211][ T7486] bridge_slave_1: left promiscuous mode [ 643.616963][T15533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 643.624917][ T7486] bridge0: port 2(bridge_slave_1) entered disabled state [ 643.635747][ T7486] bridge_slave_0: left allmulticast mode [ 643.641645][ T7486] bridge_slave_0: left promiscuous mode [ 643.647413][ T7486] bridge0: port 1(bridge_slave_0) entered disabled state [ 643.862293][T15533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 643.886887][T15533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 643.958872][ T7486] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 643.969200][ T7486] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 643.979478][ T7486] bond0 (unregistering): Released all slaves [ 644.136560][ T1908] apple 0003:05AC:024B.0022: unknown main item tag 0x6 [ 644.165146][ T1908] apple 0003:05AC:024B.0022: unknown main item tag 0xe [ 644.190952][ T1908] apple 0003:05AC:024B.0022: bogus close delimiter [ 644.201813][ T1908] apple 0003:05AC:024B.0022: item 0 0 2 10 parsing failed [ 644.227681][ T1908] apple 0003:05AC:024B.0022: parse failed [ 644.243770][ T1908] apple 0003:05AC:024B.0022: probe with driver apple failed with error -22 [ 644.552276][ T7486] hsr_slave_0: left promiscuous mode [ 644.592399][ T7486] hsr_slave_1: left promiscuous mode [ 644.593296][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 644.611128][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 644.614824][T15587] ieee802154 phy0 wpan0: encryption failed: -22 [ 644.628441][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 644.646717][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 644.664534][ T7486] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 644.671976][ T7486] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 644.685907][ T5837] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 644.696292][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 644.703855][ T7486] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 644.712413][ T7486] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 644.775523][ T7486] veth1_macvtap: left promiscuous mode [ 644.812599][ T7486] veth0_macvtap: left promiscuous mode [ 644.847145][ T7486] veth1_vlan: left promiscuous mode [ 644.873013][ T7486] veth0_vlan: left promiscuous mode [ 645.045707][T15607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2042'. [ 645.429244][ T969] usb 4-1: USB disconnect, device number 67 [ 645.895316][ T7486] team0 (unregistering): Port device team_slave_1 removed [ 645.938087][ T7486] team0 (unregistering): Port device team_slave_0 removed [ 647.133463][ T5837] Bluetooth: hci2: command tx timeout [ 648.084354][T15583] chnl_net:caif_netlink_parms(): no params data found [ 648.306531][ T29] audit: type=1400 audit(1732696301.402:904): avc: denied { setopt } for pid=15781 comm="syz.1.2055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 648.425853][T15583] bridge0: port 1(bridge_slave_0) entered blocking state [ 648.433079][T15583] bridge0: port 1(bridge_slave_0) entered disabled state [ 648.453571][T15583] bridge_slave_0: entered allmulticast mode [ 648.464632][T15583] bridge_slave_0: entered promiscuous mode [ 648.506886][T15583] bridge0: port 2(bridge_slave_1) entered blocking state [ 648.515515][T15818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 648.532344][T15583] bridge0: port 2(bridge_slave_1) entered disabled state [ 648.544435][T15583] bridge_slave_1: entered allmulticast mode [ 648.561396][T15583] bridge_slave_1: entered promiscuous mode [ 648.568287][T15818] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 648.667453][T15583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 648.914251][T15856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 648.942420][T15583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 649.214723][T12113] Bluetooth: hci2: command tx timeout [ 649.305650][T15856] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 649.390145][T15583] team0: Port device team_slave_0 added [ 649.403992][T15583] team0: Port device team_slave_1 added [ 649.586782][T15583] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 649.630483][T15583] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 649.738436][T15583] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 649.864668][T15583] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 649.923313][T15583] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 650.018381][T15583] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 650.067407][T15583] hsr_slave_0: entered promiscuous mode [ 650.073666][T15583] hsr_slave_1: entered promiscuous mode [ 650.094829][T15583] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 650.102455][T15583] Cannot create hsr debugfs directory [ 651.025516][ T29] audit: type=1400 audit(1732696304.002:905): avc: denied { recv } for pid=0 comm="swapper/0" saddr=10.128.0.169 src=42898 daddr=10.128.1.102 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 651.122593][T15978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2063'. [ 651.153902][ T1908] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 651.207229][ T29] audit: type=1400 audit(1732696304.312:906): avc: denied { write } for pid=16037 comm="syz.0.2065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 651.258236][ T29] audit: type=1400 audit(1732696304.362:907): avc: denied { ioctl } for pid=16037 comm="syz.0.2065" path="socket:[47821]" dev="sockfs" ino=47821 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 651.261299][T16061] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 651.295153][T12113] Bluetooth: hci2: command tx timeout [ 651.334349][ T1908] usb 4-1: Using ep0 maxpacket: 32 [ 651.351893][ T1908] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 651.370319][ T1908] usb 4-1: config 0 has no interface number 0 [ 651.501779][T16061] qnx6: wrong signature (magic) in superblock #1. [ 651.510488][T16061] qnx6: unable to read the first superblock [ 652.340649][ T1908] usb 4-1: config 0 interface 188 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 652.351769][ T1908] usb 4-1: config 0 interface 188 altsetting 0 has an endpoint descriptor with address 0xBD, changing to 0x8D [ 652.369946][ T1908] usb 4-1: config 0 interface 188 altsetting 0 endpoint 0x8D has an invalid bInterval 129, changing to 11 [ 652.513111][ T1908] usb 4-1: config 0 interface 188 altsetting 0 endpoint 0x8D has invalid maxpacket 10062, setting to 1024 [ 652.542546][ T1908] usb 4-1: config 0 interface 188 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 652.562508][ T1908] usb 4-1: New USB device found, idVendor=2c7c, idProduct=6002, bcdDevice=42.9b [ 652.579716][ T1908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 652.596510][ T1908] usb 4-1: Product: syz [ 652.604971][ T1908] usb 4-1: Manufacturer: syz [ 652.613847][ T1908] usb 4-1: SerialNumber: syz [ 652.628691][ T1908] usb 4-1: config 0 descriptor?? [ 652.746887][ T1908] usb 4-1: can't set config #0, error -71 [ 652.764441][ T1908] usb 4-1: USB disconnect, device number 68 [ 652.957145][T15583] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 652.986099][T15583] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 653.062788][T15583] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 653.127621][T15583] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 653.396184][T12113] Bluetooth: hci2: command tx timeout [ 653.421031][T15583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 654.054967][T15583] 8021q: adding VLAN 0 to HW filter on device team0 [ 654.361953][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 654.369168][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 654.404017][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 654.411172][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 655.041487][T16175] Invalid ELF header type: 10328 != 1 [ 655.383816][T16167] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2076'. [ 655.627163][T15583] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 656.027037][ T29] audit: type=1400 audit(1732696309.132:908): avc: denied { map } for pid=16202 comm="syz.1.2080" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 656.303334][T15583] veth0_vlan: entered promiscuous mode [ 656.319649][ T29] audit: type=1400 audit(1732696309.162:909): avc: denied { execute } for pid=16202 comm="syz.1.2080" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 656.378566][ T29] audit: type=1400 audit(1732696309.172:910): avc: denied { read } for pid=16186 comm="syz.0.2077" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 656.382896][T15583] veth1_vlan: entered promiscuous mode [ 656.534478][T15583] veth0_macvtap: entered promiscuous mode [ 656.552409][T15583] veth1_macvtap: entered promiscuous mode [ 656.615980][T15583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 656.664281][T15583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 656.674364][T15583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 656.714592][T15583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 656.741591][T15583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 656.752231][T15583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 656.762137][T15583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 656.772727][T15583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 656.784120][T15583] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 656.794429][T15583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 656.804964][T15583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 656.815093][T15583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 656.817777][T16227] FAULT_INJECTION: forcing a failure. [ 656.817777][T16227] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 656.825730][T15583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 656.848796][T15583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 656.859486][T15583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 656.870746][T15583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 656.881368][T15583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 656.892454][T15583] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 656.909806][T16227] CPU: 0 UID: 0 PID: 16227 Comm: syz.3.2083 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 656.920250][T16227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 656.930332][T16227] Call Trace: [ 656.933616][T16227] [ 656.936551][T16227] dump_stack_lvl+0x16c/0x1f0 [ 656.940395][T16229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 656.941225][T16227] should_fail_ex+0x497/0x5b0 [ 656.954233][T16227] _copy_from_user+0x2e/0xd0 [ 656.958837][T16227] snd_seq_oss_write+0x398/0x7b0 [ 656.958972][T16229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 656.963773][T16227] ? __pfx_snd_seq_oss_write+0x10/0x10 [ 656.976919][T16227] ? inode_security+0x101/0x130 [ 656.981805][T16227] ? __pfx_odev_write+0x10/0x10 [ 656.986679][T16227] odev_write+0x51/0xa0 [ 656.990861][T16227] vfs_write+0x24c/0x1150 [ 656.992449][T15583] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 656.995195][T16227] ? __fget_files+0x1fc/0x3a0 [ 656.995221][T16227] ? __pfx_lock_release+0x10/0x10 [ 656.995239][T16227] ? __pfx_vfs_write+0x10/0x10 [ 656.995258][T16227] ? lock_acquire+0x2f/0xb0 [ 657.004110][T15583] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 657.008553][T16227] ? __fget_files+0x40/0x3a0 [ 657.008579][T16227] ? __fget_files+0x206/0x3a0 [ 657.008603][T16227] ksys_write+0x12b/0x250 [ 657.013636][T15583] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 657.018335][T16227] ? __pfx_ksys_write+0x10/0x10 [ 657.018367][T16227] do_syscall_64+0xcd/0x250 [ 657.018392][T16227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.018414][T16227] RIP: 0033:0x7f7241780809 [ 657.018429][T16227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 657.018446][T16227] RSP: 002b:00007f72424e3058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 657.018464][T16227] RAX: ffffffffffffffda RBX: 00007f7241945fa0 RCX: 00007f7241780809 [ 657.018476][T16227] RDX: 0000000000000230 RSI: 0000000020000340 RDI: 0000000000000003 [ 657.018487][T16227] RBP: 00007f72424e30a0 R08: 0000000000000000 R09: 0000000000000000 [ 657.018498][T16227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 657.018508][T16227] R13: 0000000000000000 R14: 00007f7241945fa0 R15: 00007ffc2c2e5a98 [ 657.018530][T16227] [ 657.184269][T15583] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 657.703665][ T3418] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 657.716246][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 657.730132][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 657.754682][ T3418] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 657.985554][T16276] xt_cgroup: invalid path, errno=-2 [ 660.016792][T16303] ieee802154 phy0 wpan0: encryption failed: -22 [ 660.877915][ T29] audit: type=1400 audit(1732696313.942:911): avc: denied { watch watch_reads } for pid=16313 comm="syz.3.2094" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="hugetlbfs" ino=48587 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 661.654590][T16343] FAULT_INJECTION: forcing a failure. [ 661.654590][T16343] name failslab, interval 1, probability 0, space 0, times 0 [ 661.667295][T16343] CPU: 0 UID: 0 PID: 16343 Comm: syz.0.2099 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 661.677708][T16343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 661.687745][T16343] Call Trace: [ 661.691006][T16343] [ 661.693922][T16343] dump_stack_lvl+0x16c/0x1f0 [ 661.698595][T16343] should_fail_ex+0x497/0x5b0 [ 661.703264][T16343] should_failslab+0xc2/0x120 [ 661.707928][T16343] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 661.713289][T16343] ? __pfx___lock_acquire+0x10/0x10 [ 661.718490][T16343] ? dst_alloc+0x99/0x1a0 [ 661.722822][T16343] dst_alloc+0x99/0x1a0 [ 661.726977][T16343] rt_dst_alloc+0x35/0x3a0 [ 661.731405][T16343] ip_route_input_rcu.part.0+0x5d6/0xd80 [ 661.737038][T16343] ? rcu_is_watching+0x12/0xc0 [ 661.741791][T16343] ? __pfx_ip_route_input_rcu.part.0+0x10/0x10 [ 661.747934][T16343] ? lock_acquire+0x2f/0xb0 [ 661.752420][T16343] ? ip_route_input_noref+0xb6/0x2e0 [ 661.757694][T16343] ip_route_input_noref+0x1c3/0x2e0 [ 661.762881][T16343] ? __pfx_ip_route_input_noref+0x10/0x10 [ 661.768595][T16343] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 661.774210][T16343] ? sock_wfree+0x11c/0x880 [ 661.778714][T16343] ip_rcv_finish_core.constprop.0+0x46f/0x2290 [ 661.784880][T16343] ip_rcv+0x1c0/0x5d0 [ 661.788847][T16343] ? __pfx_ip_rcv+0x10/0x10 [ 661.793337][T16343] __netif_receive_skb_one_core+0x199/0x1e0 [ 661.799221][T16343] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 661.805626][T16343] ? rcu_is_watching+0x12/0xc0 [ 661.810378][T16343] ? ktime_get_with_offset+0x273/0x3a0 [ 661.815822][T16343] ? lockdep_hardirqs_on+0x7c/0x110 [ 661.821006][T16343] ? netif_receive_skb+0x109/0x7b0 [ 661.826118][T16343] __netif_receive_skb+0x1d/0x160 [ 661.831131][T16343] netif_receive_skb+0x13f/0x7b0 [ 661.836057][T16343] ? __pfx_netif_receive_skb+0x10/0x10 [ 661.841504][T16343] ? __pfx___lock_acquire+0x10/0x10 [ 661.846689][T16343] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 661.852834][T16343] tun_rx_batched.isra.0+0x3eb/0x730 [ 661.858110][T16343] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 661.863905][T16343] ? tun_get_user+0x13e6/0x3e40 [ 661.868741][T16343] ? lock_acquire+0x2f/0xb0 [ 661.873232][T16343] ? tun_get_user+0x13e6/0x3e40 [ 661.878076][T16343] tun_get_user+0x2a16/0x3e40 [ 661.882749][T16343] ? __pfx_tun_get_user+0x10/0x10 [ 661.887761][T16343] ? find_held_lock+0x2d/0x110 [ 661.892518][T16343] ? __pfx_lock_release+0x10/0x10 [ 661.897536][T16343] tun_chr_write_iter+0xdc/0x210 [ 661.902488][T16343] vfs_write+0x5ae/0x1150 [ 661.906803][T16343] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 661.912336][T16343] ? __pfx_vfs_write+0x10/0x10 [ 661.917088][T16343] ? __fget_files+0x40/0x3a0 [ 661.921673][T16343] ksys_write+0x12b/0x250 [ 661.925987][T16343] ? __pfx_ksys_write+0x10/0x10 [ 661.930839][T16343] do_syscall_64+0xcd/0x250 [ 661.935334][T16343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.941217][T16343] RIP: 0033:0x7f5991d7f2bf [ 661.945615][T16343] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 8e 02 00 48 [ 661.965216][T16343] RSP: 002b:00007f5992bcb020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 661.973616][T16343] RAX: ffffffffffffffda RBX: 00007f5991f45fa0 RCX: 00007f5991d7f2bf [ 661.981572][T16343] RDX: 0000000000000036 RSI: 0000000020001800 RDI: 00000000000000c8 [ 661.989529][T16343] RBP: 00007f5992bcb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 661.997483][T16343] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000001 [ 662.005436][T16343] R13: 0000000000000000 R14: 00007f5991f45fa0 R15: 00007fff08d67678 [ 662.013399][T16343] [ 662.141890][T16354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 662.162527][T16354] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 662.436398][T16369] xt_cgroup: invalid path, errno=-2 [ 663.337840][ T7486] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.416402][ T7486] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.474855][ T7486] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.485808][ T8] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 663.538401][ T7486] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.635657][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 663.642786][ T7486] bridge_slave_1: left allmulticast mode [ 663.651970][ T7486] bridge_slave_1: left promiscuous mode [ 663.659470][ T7486] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.670439][ T8] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 663.681317][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.692496][ T7486] bridge_slave_0: left allmulticast mode [ 663.698570][ T8] usb 4-1: Product: syz [ 663.702822][ T8] usb 4-1: Manufacturer: syz [ 663.707821][ T7486] bridge_slave_0: left promiscuous mode [ 663.713537][ T8] usb 4-1: SerialNumber: syz [ 663.713620][ T7486] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.732950][ T8] usb 4-1: config 0 descriptor?? [ 663.943944][ T8] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 664.204841][ T7486] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 664.265472][ T7486] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 664.617486][ T7486] bond0 (unregistering): Released all slaves [ 664.640062][T16434] bridge: RTM_NEWNEIGH with invalid ether address [ 664.876655][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 664.901936][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 665.064731][T16450] ieee802154 phy0 wpan0: encryption failed: -22 [ 665.111754][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 665.122518][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 665.132639][ T5837] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 665.143394][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 665.195554][ T29] audit: type=1400 audit(1732696318.302:912): avc: denied { setopt } for pid=16376 comm="syz.3.2105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 665.469977][ T8] gspca_sunplus: reg_w_riv err -71 [ 665.475268][ T8] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 665.500315][ T8] usb 4-1: USB disconnect, device number 69 [ 666.324136][ T29] audit: type=1400 audit(1732696319.412:913): avc: denied { read } for pid=16477 comm="syz.1.2112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 666.547589][ T7486] hsr_slave_0: left promiscuous mode [ 666.553361][ T7486] hsr_slave_1: left promiscuous mode [ 667.149742][T16517] hfs: unable to load iocharset "io#harset" [ 667.409733][T12113] Bluetooth: hci2: command tx timeout [ 667.599485][ T7486] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 667.608631][ T7486] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 667.679831][T16541] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2119'. [ 667.704116][ T7486] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 667.728295][ T7486] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 667.807200][ T7486] veth1_macvtap: left promiscuous mode [ 667.812865][ T7486] veth0_macvtap: left promiscuous mode [ 667.820697][ T7486] veth1_vlan: left promiscuous mode [ 667.826247][ T7486] veth0_vlan: left promiscuous mode [ 669.049541][ T29] audit: type=1400 audit(1732696322.152:914): avc: denied { getopt } for pid=16564 comm="syz.1.2125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 669.081579][T16565] fuse: Bad value for 'fd' [ 669.786052][T12113] Bluetooth: hci2: command tx timeout [ 669.851183][ T7486] team0 (unregistering): Port device team_slave_1 removed [ 669.898859][ T7486] team0 (unregistering): Port device team_slave_0 removed [ 670.266665][T16533] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 671.677823][T16443] chnl_net:caif_netlink_parms(): no params data found [ 671.854324][ T5837] Bluetooth: hci2: command tx timeout [ 672.531747][T16716] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2134'. [ 672.562446][T16443] bridge0: port 1(bridge_slave_0) entered blocking state [ 672.617471][T16443] bridge0: port 1(bridge_slave_0) entered disabled state [ 672.629325][T16443] bridge_slave_0: entered allmulticast mode [ 672.640819][T16443] bridge_slave_0: entered promiscuous mode [ 672.656685][T16443] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.664812][T16443] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.676000][T16756] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 672.676906][T16443] bridge_slave_1: entered allmulticast mode [ 672.692870][T16756] qnx6: wrong signature (magic) in superblock #1. [ 672.695215][T16443] bridge_slave_1: entered promiscuous mode [ 672.703413][T16756] qnx6: unable to read the first superblock [ 672.939606][T16763] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 673.396666][T16763] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 673.460994][T16443] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 673.503926][T16759] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 673.525450][T16443] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 673.762702][T16443] team0: Port device team_slave_0 added [ 673.774800][T16443] team0: Port device team_slave_1 added [ 674.021681][ T5837] Bluetooth: hci2: command tx timeout [ 674.243289][T16443] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 674.271610][T16443] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 674.407207][T16443] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 674.446560][T16443] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 674.463771][T16443] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 674.521219][T16443] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 674.728436][T16887] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 674.742393][T16443] hsr_slave_0: entered promiscuous mode [ 674.779781][T16443] hsr_slave_1: entered promiscuous mode [ 674.823859][T16443] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 674.834302][T16443] Cannot create hsr debugfs directory [ 674.934460][ T1908] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 675.008758][T16930] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2142'. [ 675.063599][T16930] netlink: 'syz.1.2142': attribute type 10 has an invalid length. [ 675.078603][T16930] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.094501][ T1908] usb 1-1: Using ep0 maxpacket: 16 [ 675.116960][ T1908] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 675.142686][ T1908] usb 1-1: config 0 has no interface number 0 [ 675.294660][ T1908] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 675.850102][ T1908] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 675.860322][ T1908] usb 1-1: config 0 interface 41 has no altsetting 0 [ 675.875437][ T1908] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 675.893265][ T1908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 675.913056][ T1908] usb 1-1: Product: syz [ 675.918762][ T1908] usb 1-1: Manufacturer: syz [ 675.923485][ T1908] usb 1-1: SerialNumber: syz [ 675.942671][ T1908] usb 1-1: config 0 descriptor?? [ 675.954138][T16891] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 675.964590][T16891] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 676.235780][T16891] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 676.290198][T16891] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 676.335633][T16999] overlayfs: missing 'lowerdir' [ 676.360509][T16891] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 676.374038][T16891] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 676.535176][T17029] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 676.574696][T17029] qnx6: wrong signature (magic) in superblock #1. [ 676.581082][T17041] syz.1.2149: attempt to access beyond end of device [ 676.581082][T17041] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0 [ 676.591935][T17029] qnx6: unable to read the first superblock [ 677.303355][T17041] syz.1.2149: attempt to access beyond end of device [ 677.303355][T17041] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 677.325607][ T1908] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -32 [ 677.355625][T17041] syz.1.2149: attempt to access beyond end of device [ 677.355625][T17041] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 677.374878][T17041] syz.1.2149: attempt to access beyond end of device [ 677.374878][T17041] nbd1: rw=0, sector=18, nr_sectors = 2 limit=0 [ 677.421149][T17041] syz.1.2149: attempt to access beyond end of device [ 677.421149][T17041] nbd1: rw=0, sector=30, nr_sectors = 2 limit=0 [ 677.452581][T17041] syz.1.2149: attempt to access beyond end of device [ 677.452581][T17041] nbd1: rw=0, sector=36, nr_sectors = 2 limit=0 [ 677.515735][T16443] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 677.553465][T17041] VFS: unable to find oldfs superblock on device nbd1 [ 677.595188][T16443] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 677.613872][T16443] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 677.639878][T16443] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 677.798539][T16443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 677.834610][ T1908] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 677.848155][T16443] 8021q: adding VLAN 0 to HW filter on device team0 [ 677.882768][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.889945][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 677.915453][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 677.922597][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 677.963024][T16443] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 678.012929][T16443] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 678.024540][ T1908] usb 4-1: Using ep0 maxpacket: 16 [ 678.072171][T17076] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 678.080026][ T1908] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 678.094475][ T1908] usb 4-1: config 0 has no interface number 0 [ 678.281372][T17084] ieee802154 phy0 wpan0: encryption failed: -22 [ 678.687119][ T1908] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 678.700741][ T1908] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 678.710752][ T1908] usb 4-1: config 0 interface 41 has no altsetting 0 [ 678.720439][ T1908] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 678.730001][ T1908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 678.763082][T17041] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2149'. [ 678.801097][ T1908] usb 4-1: Product: syz [ 678.805597][ T1908] usb 4-1: Manufacturer: syz [ 678.810363][ T1908] usb 4-1: SerialNumber: syz [ 783.924188][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 783.931171][ C1] rcu: 0-...!: (1 GPs behind) idle=11ec/1/0x4000000000000000 softirq=66721/66723 fqs=0 [ 783.941976][ C1] rcu: (detected by 1, t=10505 jiffies, g=57065, q=843 ncpus=2) [ 783.949700][ C1] Sending NMI from CPU 1 to CPUs 0: [ 783.949726][ C0] NMI backtrace for cpu 0 [ 783.949735][ C0] CPU: 0 UID: 0 PID: 5844 Comm: syz-executor Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 783.949757][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 783.949765][ C0] RIP: 0010:kasan_check_range+0x57/0x1a0 [ 783.949790][ C0] Code: f8 0f 83 b3 00 00 00 4c 8d 54 37 ff 48 89 fd 48 b8 00 00 00 00 00 fc ff df 4d 89 d1 48 c1 ed 03 49 c1 e9 03 48 01 c5 49 01 c1 <48> 89 e8 49 8d 59 01 48 89 da 48 29 ea 48 83 fa 10 0f 8e 8d 00 00 [ 783.949804][ C0] RSP: 0018:ffffc90000007ac0 EFLAGS: 00000086 [ 783.949816][ C0] RAX: dffffc0000000000 RBX: 000000000000006c RCX: ffffffff816a831e [ 783.949827][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff96e83cc8 [ 783.949836][ C0] RBP: fffffbfff2dd0799 R08: 0000000000000000 R09: fffffbfff2dd0799 [ 783.949845][ C0] R10: ffffffff96e83ccf R11: 0000000000000001 R12: ffffed10060e15e3 [ 783.949855][ C0] R13: ffff88803070a440 R14: 0000000000000002 R15: 0000000000000000 [ 783.949864][ C0] FS: 00005555880d8500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 783.949879][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 783.949889][ C0] CR2: 00007ffd11505f78 CR3: 0000000033e18000 CR4: 00000000003526f0 [ 783.949899][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 783.949908][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 783.949917][ C0] Call Trace: [ 783.949923][ C0] [ 783.949930][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 783.949946][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 783.949961][ C0] ? nmi_handle+0x1a7/0x5c0 [ 783.949977][ C0] ? kasan_check_range+0x57/0x1a0 [ 783.949996][ C0] ? default_do_nmi+0x6a/0x160 [ 783.950009][ C0] ? exc_nmi+0x170/0x1e0 [ 783.950022][ C0] ? end_repeat_nmi+0xf/0x53 [ 783.950042][ C0] ? hlock_class+0x4e/0x130 [ 783.950061][ C0] ? kasan_check_range+0x57/0x1a0 [ 783.950080][ C0] ? kasan_check_range+0x57/0x1a0 [ 783.950098][ C0] ? kasan_check_range+0x57/0x1a0 [ 783.950116][ C0] [ 783.950121][ C0] [ 783.950126][ C0] hlock_class+0x4e/0x130 [ 783.950144][ C0] __lock_acquire+0x623/0x3c40 [ 783.950160][ C0] ? lockdep_hardirqs_on_prepare+0x392/0x420 [ 783.950177][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 783.950192][ C0] ? lock_acquire.part.0+0x11b/0x380 [ 783.950208][ C0] lock_acquire.part.0+0x11b/0x380 [ 783.950223][ C0] ? debug_object_deactivate+0x13b/0x370 [ 783.950240][ C0] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 783.950255][ C0] ? rcu_is_watching+0x12/0xc0 [ 783.950274][ C0] ? trace_lock_acquire+0x146/0x1e0 [ 783.950291][ C0] ? debug_object_activate+0x149/0x4a0 [ 783.950306][ C0] ? debug_object_deactivate+0x13b/0x370 [ 783.950322][ C0] ? lock_acquire+0x2f/0xb0 [ 783.950336][ C0] ? debug_object_deactivate+0x13b/0x370 [ 783.950352][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 783.950367][ C0] ? debug_object_deactivate+0x13b/0x370 [ 783.950382][ C0] debug_object_deactivate+0x13b/0x370 [ 783.950399][ C0] ? __pfx_debug_object_deactivate+0x10/0x10 [ 783.950415][ C0] ? __pfx_advance_sched+0x10/0x10 [ 783.950430][ C0] ? timerqueue_add+0x1c2/0x330 [ 783.950450][ C0] ? __pfx_advance_sched+0x10/0x10 [ 783.950464][ C0] __hrtimer_run_queues+0x47c/0xae0 [ 783.950483][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 783.950520][ C0] ? read_tsc+0x9/0x20 [ 783.950540][ C0] hrtimer_interrupt+0x392/0x8e0 [ 783.950562][ C0] __sysvec_apic_timer_interrupt+0x10f/0x400 [ 783.950579][ C0] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 783.950596][ C0] [ 783.950601][ C0] [ 783.950605][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 783.950623][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x66/0x70 [ 783.950641][ C0] Code: 82 f8 15 00 00 83 f8 02 75 20 48 8b 8a 00 16 00 00 8b 92 fc 15 00 00 48 8b 01 48 83 c0 01 48 39 d0 73 07 48 89 01 48 89 34 c1 cc cc cc cc 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 [ 783.950653][ C0] RSP: 0018:ffffc90003fcfdf0 EFLAGS: 00000293 [ 783.950664][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff20c0d89 [ 783.950673][ C0] RDX: ffff88803070a440 RSI: ffffffff82082485 RDI: ffffffff8bd1e140 [ 783.950682][ C0] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000001 [ 783.950690][ C0] R10: ffffffff9060ae97 R11: 0000000000000000 R12: 0000000000000000 [ 783.950698][ C0] R13: 0000000000000000 R14: ffff888060c39518 R15: 0000000000000000 [ 783.950709][ C0] ? do_unlinkat+0x165/0x760 [ 783.950724][ C0] do_unlinkat+0x165/0x760 [ 783.950738][ C0] ? __virt_addr_valid+0x5e/0x590 [ 783.950760][ C0] ? __pfx_do_unlinkat+0x10/0x10 [ 783.950774][ C0] ? __check_object_size+0x488/0x710 [ 783.950792][ C0] ? getname_flags.part.0+0x1c5/0x550 [ 783.950811][ C0] __x64_sys_unlink+0xc5/0x110 [ 783.950825][ C0] do_syscall_64+0xcd/0x250 [ 783.950842][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 783.950858][ C0] RIP: 0033:0x7fce0937fdb7 [ 783.950870][ C0] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 783.950882][ C0] RSP: 002b:00007ffd115061d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 783.950894][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fce0937fdb7 [ 783.950903][ C0] RDX: 00007ffd11506200 RSI: 00007ffd11506290 RDI: 00007ffd11506290 [ 783.950911][ C0] RBP: 00007ffd11506290 R08: 0000000000000000 R09: 0000000000000000 [ 783.950919][ C0] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd11507310 [ 783.950928][ C0] R13: 00007fce093f37dc R14: 00000000000a57da R15: 00007ffd11507350 [ 783.950941][ C0] [ 783.951720][ C1] rcu: rcu_preempt kthread starved for 10505 jiffies! g57065 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 784.512606][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 784.522594][ C1] rcu: RCU grace-period kthread stack dump: [ 784.528481][ C1] task:rcu_preempt state:R running task stack:27600 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 784.540231][ C1] Call Trace: [ 784.543502][ C1] [ 784.546433][ C1] __schedule+0xe58/0x5ad0 [ 784.550853][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 784.556064][ C1] ? __pfx___schedule+0x10/0x10 [ 784.560916][ C1] ? schedule+0x298/0x350 [ 784.565239][ C1] ? __pfx_lock_release+0x10/0x10 [ 784.570263][ C1] ? lock_acquire+0x2f/0xb0 [ 784.574761][ C1] ? schedule+0x1fd/0x350 [ 784.579088][ C1] schedule+0xe7/0x350 [ 784.583158][ C1] schedule_timeout+0x124/0x280 [ 784.588003][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 784.593387][ C1] ? __pfx_process_timeout+0x10/0x10 [ 784.598701][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 784.604519][ C1] ? prepare_to_swait_event+0xf3/0x470 [ 784.609992][ C1] rcu_gp_fqs_loop+0x1eb/0xb00 [ 784.614758][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 784.620043][ C1] ? rcu_gp_init+0xc82/0x1630 [ 784.624719][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 784.629937][ C1] rcu_gp_kthread+0x271/0x380 [ 784.634616][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 784.639812][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 784.645009][ C1] ? __kthread_parkme+0x148/0x220 [ 784.650035][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 784.655233][ C1] kthread+0x2c1/0x3a0 [ 784.659302][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 784.664589][ C1] ? __pfx_kthread+0x10/0x10 [ 784.669178][ C1] ret_from_fork+0x45/0x80 [ 784.673591][ C1] ? __pfx_kthread+0x10/0x10 [ 784.678179][ C1] ret_from_fork_asm+0x1a/0x30 [ 784.682956][ C1] [ 784.685969][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 784.692280][ C1] CPU: 1 UID: 0 PID: 3418 Comm: kworker/u8:7 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 784.702770][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 784.712819][ C1] Workqueue: events_unbound toggle_allocation_gate [ 784.719324][ C1] RIP: 0010:smp_call_function_many_cond+0x45d/0x1300 [ 784.726105][ C1] Code: 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 2a 17 0c 00 f3 90 41 0f b6 04 24 <40> 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31 ff 83 e0 01 41 [ 784.745737][ C1] RSP: 0018:ffffc9000bd27998 EFLAGS: 00000293 [ 784.751810][ C1] RAX: 0000000000000000 RBX: ffff8880b86469c0 RCX: ffffffff8182b59c [ 784.759774][ C1] RDX: ffff888032470000 RSI: ffffffff8182b576 RDI: 0000000000000005 [ 784.767738][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 784.775708][ C1] R10: 0000000000000001 R11: 0000000000000006 R12: ffffed10170c8d39 [ 784.783672][ C1] R13: 0000000000000001 R14: ffff8880b86469c8 R15: ffff8880b873fe40 [ 784.791634][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 784.800563][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 784.807143][ C1] CR2: 00007ffcd3aa8e88 CR3: 000000000df7e000 CR4: 00000000003526f0 [ 784.815112][ C1] Call Trace: [ 784.818387][ C1] [ 784.821224][ C1] ? rcu_check_gp_kthread_starvation+0x31b/0x450 [ 784.827558][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 784.832758][ C1] ? rcu_sched_clock_irq+0x247a/0x3310 [ 784.838224][ C1] ? timekeeping_advance+0x70a/0xa60 [ 784.843505][ C1] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 784.849144][ C1] ? __asan_memcpy+0x3c/0x60 [ 784.853740][ C1] ? rcu_is_watching+0x12/0xc0 [ 784.858505][ C1] ? update_process_times+0x178/0x2d0 [ 784.863878][ C1] ? __pfx_update_process_times+0x10/0x10 [ 784.869599][ C1] ? update_wall_time+0x1c/0x40 [ 784.874446][ C1] ? tick_nohz_handler+0x376/0x530 [ 784.879565][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 784.885022][ C1] ? __hrtimer_run_queues+0x5fb/0xae0 [ 784.890401][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 784.896116][ C1] ? read_tsc+0x9/0x20 [ 784.900192][ C1] ? hrtimer_interrupt+0x392/0x8e0 [ 784.905311][ C1] ? __sysvec_apic_timer_interrupt+0x10f/0x400 [ 784.911462][ C1] ? sysvec_apic_timer_interrupt+0x9f/0xc0 [ 784.917266][ C1] [ 784.920188][ C1] [ 784.923114][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 784.929272][ C1] ? smp_call_function_many_cond+0x47c/0x1300 [ 784.935339][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 784.941406][ C1] ? smp_call_function_many_cond+0x45d/0x1300 [ 784.947474][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 784.953540][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 784.958571][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 784.963598][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 784.968713][ C1] text_poke_bp_batch+0x22b/0x760 [ 784.973740][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 784.979374][ C1] ? __jump_label_patch+0x1db/0x400 [ 784.984578][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 784.990825][ C1] text_poke_finish+0x30/0x40 [ 784.995505][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 785.001484][ C1] jump_label_update+0x1d7/0x400 [ 785.006424][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 785.012324][ C1] static_key_enable+0x1a/0x20 [ 785.017086][ C1] toggle_allocation_gate+0xfc/0x260 [ 785.022369][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 785.028258][ C1] ? trace_lock_acquire+0x146/0x1e0 [ 785.033460][ C1] ? process_one_work+0x921/0x1ba0 [ 785.038570][ C1] ? lock_acquire+0x2f/0xb0 [ 785.043067][ C1] ? process_one_work+0x921/0x1ba0 [ 785.048177][ C1] process_one_work+0x9c5/0x1ba0 [ 785.053120][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 785.058834][ C1] ? __pfx_process_one_work+0x10/0x10 [ 785.064205][ C1] ? rcu_is_watching+0x12/0xc0 [ 785.068974][ C1] ? assign_work+0x1a0/0x250 [ 785.073561][ C1] worker_thread+0x6c8/0xf00 [ 785.078161][ C1] ? __pfx_worker_thread+0x10/0x10 [ 785.083266][ C1] kthread+0x2c1/0x3a0 [ 785.087331][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 785.092525][ C1] ? __pfx_kthread+0x10/0x10 [ 785.097115][ C1] ret_from_fork+0x45/0x80 [ 785.101528][ C1] ? __pfx_kthread+0x10/0x10 [ 785.106119][ C1] ret_from_fork_asm+0x1a/0x30 [ 785.110900][ C1]