last executing test programs: 31.283487186s ago: executing program 3 (id=3611): sendmsg$key(0xffffffffffffffff, 0x0, 0x44000014) r0 = gettid() sched_setaffinity(r0, 0x8, &(0x7f0000000280)=0x8) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) chdir(0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000003380)) r3 = eventfd2(0x0, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4e23, 0xaf, @rand_addr=' \x01\x00', 0x9}, 0x1c) ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000001c0)={0x0, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f00000016c0)=""/175, 0x0}) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)=0x3) socket$inet_dccp(0x2, 0x6, 0x0) syz_open_dev$video(&(0x7f00000000c0), 0x9, 0x0) r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r5, 0xc0585605, &(0x7f0000000080)={0x1, 0x1, @raw_data=[0x0, 0x800000, 0x100b]}) pselect6(0x40, &(0x7f0000000000)={0xfc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0x0, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000100)={r7}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000200)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, &(0x7f0000000180)={r8, 0x3, r6, 0x6}) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001, 0x2}, 0x8) socket$can_bcm(0x1d, 0x2, 0x2) 28.706143574s ago: executing program 3 (id=3617): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r2, &(0x7f0000000040)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000200)=ANY=[@ANYBLOB="e00000027f0000010000000000000000bad1c6d32a55901aa896c9a9f5f72451d2dbdc56f8f2adb7c00daae5a684b42af7bd1ac324bf9ad74c0f5d8d148fec44720d2d0dbf7f10fe68abfb93210afe5ef495702986dd55c4a595a3b3605d04b670020d758257cb2c"], 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$nl_generic(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="180000001600010a"], 0x18}}, 0x0) 28.2545419s ago: executing program 3 (id=3620): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4038ae7a, &(0x7f00000002c0)) 27.443567356s ago: executing program 3 (id=3622): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000540)={0x5, 0x8000, 0x3}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0xe803}}) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'vlan0\x00', 0x0}) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x2202, 0x0) sendfile(r8, r8, 0x0, 0x1) getsockopt$MRT6(r8, 0x29, 0xd0, &(0x7f00000002c0), &(0x7f0000000380)=0x4) socketpair$unix(0x1, 0x0, 0x0, 0x0) r9 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r10 = add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000140)="c5", 0x1, r9) r11 = add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000200)="4319e2aabc1e4a13e696a7f0d7557242d852f77f9c16bad3035548f5cdb5bc12d17a90b4063934ce295fa65c2323953d5e52a3ff4c543f247e4fb54ca97d0053f1606f9fe21d35d3b25e2c3a713579039c1ea1f53aaeabd7b902297b5fd3dccd0b11db742f0e5a832b3adef3a6eae7952cbf3874ef323373b5d03e736994b6eef1e78e566d8c26a21a5e0896bc5b515603985946e75f93f7bd54adfdb387b992d26814248b9a22e770160dcb9694b89abd64650a00"/192, 0x111, r9) r12 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000480)="03", 0x1, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000000)={r10, r11, r12}, &(0x7f0000000600)=""/14, 0xe, &(0x7f0000000340)={&(0x7f00000004c0)={'crc32c-generic\x00'}}) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f00000004c0)={r7, 0x3, 0x6, @broadcast}, 0x10) 26.131911404s ago: executing program 3 (id=3624): r0 = syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS64(r0, 0xc0884123, &(0x7f0000000080)) syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r2) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r4, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0xfffffd6e}, {&(0x7f0000019740)=""/242}], 0x2, 0x0, 0x0) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x8905, 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='tracefs\x00', 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000000)={0x4}, 0xc) setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @mcast1}}, 0x5c) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d300000000000b86d3486c32da532a22e8e6b08d0d10008000d00ffffffff0800ed00000000ee0800100010400000ca796b5d08000200ffffff7f0800050000fbff7f05001900000000000800120007000000080013005ebb0000e33049e58d405a24e83479a43872ba8943db1cfb6093f77b8b829ce5057662a793c50e4b69fb0236e93323a7cc0694809b055661ee4fac503d63942ca314c74cc6493ad1aabaf4be2e060d62446fa55bde5cda1ec13bf3e1cd3ae9e13ae959236570abddbe39fdd63ea491a7770fb1dc4de3a1fb1966272c9b0c5c51f01799e37f6252c60956ac42ebfca664ba8789c671ed268a77f4b15c758719052c4b1c603a5991637e38d31d3b8e20c5d503f5c31831a408464f25fe05a6f67b4de45a3abe34a872230e270cfd52d9a5a1edb157f7a4995f7e127feccaf50605fc6b353fe1b216c695d8e9c5c1a9f840707f700b2ee730e6bed703ada449e5873d54bbca6e5ebc78c1773997217989ab83edd1887617146d048d84effa8688"], 0x6c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240), 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000000000/0x3000)=nil) socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$NLBL_MGMT_C_VERSION(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r3, 0x800, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x0) sendmsg$NLBL_MGMT_C_ADDDEF(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000400000014000600fc000000000000080002000700000010000500fe8000000000000000000000000000aa08000c0000000000"], 0x4c}}, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x3000}) 24.917630937s ago: executing program 3 (id=3630): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) recvmmsg(r0, &(0x7f00000061c0)=[{{0x0, 0x300, &(0x7f0000000280)=[{&(0x7f0000000180)=""/153, 0x99}], 0x1}}], 0xffffff1f, 0x102, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x61) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303, 0x36}, "b1d65ab71f5ef2fe", "9e8ecc7bb5352776725e1047711330ff2bb17b550800", "dc5d3f00", "46b0dc72b7b1d30e"}, 0x38) getsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000040)=""/148, &(0x7f0000000100)=0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = gettid() r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r4, &(0x7f0000000180)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe) setsockopt$bt_BT_RCVMTU(r4, 0x112, 0xd, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = syz_open_dev$mouse(&(0x7f0000000180), 0x0, 0x0) readv(r5, &(0x7f0000000200)=[{&(0x7f0000000000)=""/58, 0x3a}], 0x1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 11.002208202s ago: executing program 0 (id=3668): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000780)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea6f464160af36514001ac00800020004000200060000000364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 10.672533136s ago: executing program 0 (id=3670): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = dup(r0) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3f, 0x0, "00efffffff00"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000400)=0x9) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xff) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000380)) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000001400), 0xffffffffffffffff) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000002340)={'wlan0\x00'}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x54}}, 0x2004c004) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000500)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="22003300d0000000ffffffffffff0802110000005050505050500000040400fdff000000"], 0x40}}, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x1c, r11, 0x321, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}}, 0x1c}}, 0x0) 9.747600943s ago: executing program 1 (id=3673): getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, 0x0, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_ima(r0, &(0x7f0000000280), &(0x7f00000002c0)=@sha1={0x1, "e4ebe61036fdae166441ac0d466f1b0fb0d7ea05"}, 0x15, 0x2) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f00000001c0)={0x0, 0x5, 0x8, 0x100000000}) sendto$inet(0xffffffffffffffff, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r3}, 0x48) close(r2) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000300)={r4, &(0x7f0000000240), 0x0}, 0x20) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) 9.063776638s ago: executing program 0 (id=3674): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) io_setup(0x800, &(0x7f0000000000)=0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x0, r2, &(0x7f0000000340)='p', 0x300, 0x80fb0f0000000000}]) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$setregs(0xd, r3, 0x0, &(0x7f00000003c0)) ptrace$getregset(0x4205, r3, 0x1, &(0x7f0000002140)={&(0x7f0000000000)=""/52, 0x34}) mq_timedsend(0xffffffffffffffff, 0x0, 0x2000, 0x0, 0x0) setsockopt$llc_int(r0, 0x10c, 0x1, &(0x7f0000000040)=0xffd, 0x4) 8.542353104s ago: executing program 0 (id=3675): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000040), 0xff, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000100), 0x5, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000140)={0x0, 0x3, 0x4, {0x1, @vbi}}) getdents(0xffffffffffffffff, 0x0, 0x0) open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x6c}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) r5 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$binfmt_elf64(r5, &(0x7f0000000140)=ANY=[], 0xfd14) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$TUNSETOFFLOAD(r2, 0x80047441, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="580000000206010100000000000000000000000005000100070000000900020073797a30000000000c00078008001240421e000011000300686173683a69702c706f7274000000000500050002000000050004"], 0x58}}, 0x0) write$binfmt_misc(r6, &(0x7f0000000580)=ANY=[@ANYBLOB='s'], 0xcd) pidfd_getfd(r5, r2, 0x0) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x38, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r8, 0x84, 0x16, &(0x7f0000000300)={0x1, [0x3ff]}, &(0x7f0000000040)=0x6) 8.449269158s ago: executing program 2 (id=3676): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f00000007c0)) socket$packet(0x11, 0x3, 0x300) r3 = dup(r0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0}) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000080)={0x0, r3}) 7.136374736s ago: executing program 0 (id=3677): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$igmp6(0xa, 0x3, 0x2) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000008940)={&(0x7f0000000000), 0xc, &(0x7f0000008780)=[{&(0x7f0000000040)={0x10}, 0x10}], 0x1, &(0x7f0000008900)=[@cred={{0x1c}}], 0x20}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0x46, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x10, 0x3a, 0x0, @remote, @mcast2, {[], @ni={0x8c}}}}}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r6, &(0x7f0000000480), 0x2e9, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRESDEC=r0, @ANYBLOB="00000000000000001c00128009000100626f5c64000000000c0002800600190006"], 0x3c}}, 0x0) r7 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r7, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r8 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r7, 0x1, 0x2, &(0x7f00000002c0)=0xffff, 0x4) bind$inet6(r8, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0xd2, &(0x7f0000000300)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd60000000009c1100fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000e22009c907801000000000000009b92fc056f07d114fe3b41c776904545fb44d8e5dc0e57fdbba583dbc1bf026fba38089afe78e80f44a98eddddbf2b6f237458668eb2461a95cd9a215310bae58679f26df35b2d9306a4a2e1dc85e86f6ba2c77aea3ef00f0ac8f0e3066b25082e39f5fb07fb432ca8f22890e79710a9e5001011496e538064796900f9d98c0072c691ce0000000000000000dac5e7b74191310fa3e2ba99e24397137c719784dd96df6ec021dd95054efba8494a2881f5d89a18cfaee6d72ef3e60bfe0780399d2ae81db70dc3e4c7335f85d0767df713db0ff3b64037d00ebd610a3ecfe24a2d0e88f04485b2c93b4919af101019c827583ae55e0ef5590830ff31b669eabf4c32ba74cf6298f59b449cc137b5b7229dc8"], 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) 5.917361128s ago: executing program 1 (id=3680): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000280)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mknodat$loop(r0, &(0x7f0000000340)='./file1\x00', 0x2000, 0x0) chdir(&(0x7f0000000140)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mount$bind(0x0, &(0x7f0000000240)='./bus\x00', 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r2, 0xc0105303, &(0x7f00000000c0)) 5.420808473s ago: executing program 2 (id=3681): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000540)={0x5, 0x8000, 0x3}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0xe803}}) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'vlan0\x00', 0x0}) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x2202, 0x0) sendfile(r8, r8, 0x0, 0x1) getsockopt$MRT6(r8, 0x29, 0xd0, &(0x7f00000002c0), &(0x7f0000000380)=0x4) socketpair$unix(0x1, 0x0, 0x0, 0x0) r9 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r10 = add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000140)="c5", 0x1, r9) r11 = add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000200)="4319e2aabc1e4a13e696a7f0d7557242d852f77f9c16bad3035548f5cdb5bc12d17a90b4063934ce295fa65c2323953d5e52a3ff4c543f247e4fb54ca97d0053f1606f9fe21d35d3b25e2c3a713579039c1ea1f53aaeabd7b902297b5fd3dccd0b11db742f0e5a832b3adef3a6eae7952cbf3874ef323373b5d03e736994b6eef1e78e566d8c26a21a5e0896bc5b515603985946e75f93f7bd54adfdb387b992d26814248b9a22e770160dcb9694b89abd64650a00"/192, 0x111, r9) r12 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000480)="03", 0x1, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000000)={r10, r11, r12}, &(0x7f0000000600)=""/14, 0xe, &(0x7f0000000340)={&(0x7f00000004c0)={'crc32c-generic\x00'}}) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f00000004c0)={r7, 0x3, 0x6, @broadcast}, 0x10) 4.523900011s ago: executing program 2 (id=3682): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1872360611f2a5176b", @ANYRES32, @ANYBLOB="0000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)=ANY=[@ANYBLOB="80000000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="6100330080000000ffffffffffff08021100000050505050505000000000000000"], 0x80}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0x8040001) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f00000001c0)) r7 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r7, 0x0, 0xc8) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f00000005c0)={0x1, r5}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, &(0x7f0000000080)=""/62, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/73, &(0x7f0000000880)=""/72}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 4.422738597s ago: executing program 1 (id=3683): socket$igmp6(0xa, 0x3, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) ioperm(0x0, 0x7, 0x8) r2 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000080)="010000000037a788a11d180000009282d9c66923c63a4541062101a59ea9cb0b36929302", 0x24, r2) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x10) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xc) madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xd) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmmsg(r5, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f0000002800)=[{&(0x7f0000000300)=""/25, 0x19}, {&(0x7f0000001580)=""/98, 0x62}], 0x2}}], 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r6, 0x0) 3.562030361s ago: executing program 4 (id=3685): syz_emit_vhci(0x0, 0x22) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000a00)) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f630664"], 0xd) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x3, 0xc8, @any, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0x14) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$binfmt_script(r0, &(0x7f0000000780), 0x208e24b) r2 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x89b0, &(0x7f0000000180)={'macvlan1\x00', &(0x7f0000000000)=@ethtool_dump}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') lseek(r3, 0x4, 0x0) ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffc, 0xffffffffffffffe1, 0x0, 0x0, 0x10001, 0xfffffffffffff924], 0x2}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) syz_emit_vhci(&(0x7f00000005c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0xf0}, @l2cap_cid_signaling={{0xec}, [@l2cap_move_chan_cfm={{0x10, 0xc, 0x4}, {0x5, 0x8}}, @l2cap_conn_rsp={{0x3, 0x0, 0x8}, {0x3, 0xc, 0x0, 0x6}}, @l2cap_conf_rsp={{0x5, 0x31, 0x14}, {0x3, 0xc, 0xbc, [@l2cap_conf_rfc={0x4, 0x9, {0x4, 0x0, 0x0, 0x0, 0x2, 0x7800}}, @l2cap_conf_fcs={0x5, 0x1}]}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x3, 0x2}, {0x100}}, @l2cap_conf_req={{0x4, 0x2, 0x51}, {0x9, 0x3ff, [@l2cap_conf_rfc={0x4, 0x9, {0x2, 0x0, 0x5, 0x2, 0xfffa, 0x2}}, @l2cap_conf_rfc={0x4, 0x9, {0x1, 0x7, 0x42, 0x8001, 0x6, 0x4}}, @l2cap_conf_efs={0x6, 0x10, {0x0, 0x2, 0xffff, 0x2, 0x7fff, 0x7ff}}, @l2cap_conf_mtu={0x1, 0x2, 0xe}, @l2cap_conf_ews={0x7, 0x2, 0x1b1b}, @l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_ews={0x7, 0x2, 0x8}, @l2cap_conf_mtu={0x1, 0x2, 0x1}, @l2cap_conf_efs={0x6, 0x10, {0xff, 0x2, 0xf956, 0x0, 0x1, 0x1}}]}}, @l2cap_info_rsp={{0xb, 0x8, 0x59}, {0x4, 0xaae9, "a6aba2538f93b03e6aef22892d9b98385e1df1b3891207edbf1d954e7423ade5b055495719ea413f488160e3c063ef6461cf331038d364cb0d6f9cec069df069488d19df8ebb3ce2079c2e30af76940121e9ec219f"}}, @l2cap_disconn_rsp={{0x7, 0xa0, 0x4}, {0xffff, 0x101}}]}}, 0xf5) socket$inet6(0xa, 0x6, 0x0) ioctl$TUNGETVNETBE(r3, 0x800454df, &(0x7f00000000c0)=0x1) r5 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r5, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) r6 = socket(0x1, 0x2, 0x0) syz_io_uring_setup(0x27f3, &(0x7f0000000340), 0x0, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_perm_addr={0x33}}) 3.175744051s ago: executing program 2 (id=3686): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000040), 0xff, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000100), 0x5, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000140)={0x0, 0x3, 0x4, {0x1, @vbi}}) getdents(0xffffffffffffffff, 0x0, 0x0) open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x6c}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) r5 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$binfmt_elf64(r5, &(0x7f0000000140)=ANY=[], 0xfd14) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$TUNSETOFFLOAD(r2, 0x80047441, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="580000000206010100000000000000000000000005000100070000000900020073797a30000000000c00078008001240421e000011000300686173683a69702c706f7274000000000500050002000000050004"], 0x58}}, 0x0) write$binfmt_misc(r6, &(0x7f0000000580)=ANY=[@ANYBLOB='s'], 0xcd) pidfd_getfd(r5, r2, 0x0) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x38, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r8, 0x84, 0x16, &(0x7f0000000300)={0x1, [0x3ff]}, &(0x7f0000000040)=0x6) 2.955105434s ago: executing program 1 (id=3687): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@loopback, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x32}, 0x0, @in=@dev}}, 0xe8) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x0, 0x0}]}) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1) sendmmsg$inet6(r1, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000080)="88", 0x1}], 0x1}}], 0x1, 0x0) r2 = io_uring_setup(0x5, &(0x7f00000002c0)={0x0, 0x2}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r4, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r5 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r5, 0x0, 0x0) ioctl$PPPOEIOCSFWD(r5, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x0, @dev, 'bridge_slave_1\x00'}}) accept(0xffffffffffffffff, 0x0, 0x0) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) r8 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) readv(r8, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/82, 0x52}], 0x1) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r7, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000340)={0x28, 0x0, r7, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000}) ioctl$IOMMU_HWPT_ALLOC$NONE(r6, 0x3b89, &(0x7f0000000380)={0x28, 0x0, r9, r7, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f00000001c0)=@v1={0x0, @adiantum, 0x0, @desc2}) ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f0000000180)={0x28, 0x0, r9, 0x74, &(0x7f0000000100)=""/116}) close_range(r2, 0xffffffffffffffff, 0x0) 2.610384092s ago: executing program 4 (id=3688): socket(0x0, 0x800000003, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, &(0x7f0000000400)=""/4096) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001580), 0x0, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r2) 2.601456102s ago: executing program 0 (id=3689): getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, 0x0, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_ima(r0, &(0x7f0000000280), &(0x7f00000002c0)=@sha1={0x1, "e4ebe61036fdae166441ac0d466f1b0fb0d7ea05"}, 0x15, 0x2) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f00000001c0)={0x0, 0x5, 0x8, 0x100000000}) sendto$inet(0xffffffffffffffff, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r3}, 0x48) close(r2) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000300)={r4, &(0x7f0000000240), 0x0}, 0x20) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) 2.261072215s ago: executing program 1 (id=3690): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@loopback, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x32}, 0x0, @in=@dev}}, 0xe8) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x0, 0x0}]}) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1) sendmmsg$inet6(r1, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000080)="88", 0x1}], 0x1}}], 0x1, 0x0) r2 = io_uring_setup(0x5, &(0x7f00000002c0)={0x0, 0x2}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r4, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r5 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r5, 0x0, 0x0) ioctl$PPPOEIOCSFWD(r5, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x0, @dev, 'bridge_slave_1\x00'}}) accept(0xffffffffffffffff, 0x0, 0x0) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) r8 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) readv(r8, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/82, 0x52}], 0x1) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r7, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000340)={0x28, 0x0, r7, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000}) ioctl$IOMMU_HWPT_ALLOC$NONE(r6, 0x3b89, &(0x7f0000000380)={0x28, 0x0, r9, r7, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f00000001c0)=@v1={0x0, @adiantum, 0x0, @desc2}) ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f0000000180)={0x28, 0x0, r9, 0x74, &(0x7f0000000100)=""/116}) close_range(r2, 0xffffffffffffffff, 0x0) 2.172984317s ago: executing program 4 (id=3691): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x20000088b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) userfaultfd(0x1) socket$caif_stream(0x25, 0x1, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000080)={'ip6erspan0\x00', @random="201a4847569b"}) socket$tipc(0x1e, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00') read$FUSE(r0, &(0x7f00000082c0)={0x2020}, 0x2020) ioperm(0x7, 0x81, 0x2) futex_waitv(0x0, 0x0, 0x2, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x2004c840}, 0x4000044) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x40000000015, 0x5, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x801) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000000)={0x27}, 0x74) bind$nfc_llcp(r5, &(0x7f0000000280)={0x27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, "d929849825e6573561bd1ca44c226af5160e000000007760760beeab91e81597c80004da0000000200000000d2b6b9c2000000000000000000000000004000", 0x200000000000003}, 0x60) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) syz_memcpy_off$IO_URING_METADATA_FLAGS(r3, 0x0, &(0x7f0000000000), 0x0, 0x4) ioctl$UFFDIO_CONTINUE(r4, 0x8010aa01, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) listen(r2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020}, 0x2020) 2.126542081s ago: executing program 2 (id=3692): mount$fuse(0x0, 0x0, &(0x7f0000000180), 0x800, &(0x7f00000005c0)=ANY=[@ANYBLOB='Xd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC, @ANYBLOB=',@\x00\x00\x00\x00\x00\x00\f=', @ANYRESHEX, @ANYRES16]) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="04300300c9008cba4dffaa0a52c0186ef28359af281f3a6bfde3a6ee0de9ddee0bf7da43aebf706b3329b0a564835713c2de78691734f5b9ada875d8facbcb611c220f4296a197c00dc7780e18d276969228dd91f813fda5cbc6adcfdd40386249f98919c934448632816bbc251be47d7af97966b4a96a6a8b7f211d8e29678fe8216eb9b30f4fa5856c0371b3c31559e07c414833"], 0x6) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c8001e794e4cee84d39856f4752833767be125637ee49dc79a52f2f9465718460cd05feda51bbf4206b5e7325945e5f819bbace34f7d33b43908e14fa05a0f06d9dccb7f0580fe9d42d7bf6530f1a2d22cfd5396c3c67afcdc34613911e96affd46ebd4aa6c60ca02f7648783a10deccc27340c4f24ed37dd6563758d14f732e63a853a4c71c356a6309a485ed"], 0x22) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="89070404", 0x4) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866b2ba0cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x804}, 0x0) ppoll(&(0x7f0000000100)=[{r4}], 0x1, &(0x7f0000000140), 0x0, 0x0) r6 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r8 = io_uring_setup(0x15ae, &(0x7f0000000080)) openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x121301, 0x0) write$dsp(r0, &(0x7f00000003c0)="f9718f6099ae991ae709000c", 0xc) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES8=r6], 0x22) socket$key(0xf, 0x3, 0x2) io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) 1.678953941s ago: executing program 1 (id=3693): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000002090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket(0x1, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt(r3, 0x1, 0x4c, &(0x7f0000000100)="971a4c43", 0x4) connect$unix(r3, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) setsockopt$MRT6_DONE(r1, 0x29, 0xc9, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_ADDRFORM(r7, 0x29, 0x1, &(0x7f0000000040), 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) 1.102285197s ago: executing program 4 (id=3694): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001300)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$sndpcmc(0x0, 0x7fff, 0x180c0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xb403, 0x1}) 637.20048ms ago: executing program 4 (id=3695): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000640)=ANY=[@ANYBLOB="a800000000000080e8dec85a44e0f01cf138ee1fe6e1a2ac1fd2be1c2d88"], 0xa8) syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x0, 0x0) eventfd2(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x4000000000001) preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r5 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r5, 0x7a98, 0x0, 0x0, 0x0, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r3, 0x40086603, &(0x7f0000000040)) write$FUSE_POLL(r2, &(0x7f0000000040)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@posixacl}]}}) 511.300005ms ago: executing program 2 (id=3696): socket$igmp6(0xa, 0x3, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) ioperm(0x0, 0x7, 0x8) r2 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000080)="010000000037a788a11d180000009282d9c66923c63a4541062101a59ea9cb0b36929302", 0x24, r2) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x10) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xc) madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xd) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmmsg(r5, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f0000002800)=[{&(0x7f0000000300)=""/25, 0x19}, {&(0x7f0000001580)=""/98, 0x62}], 0x2}}], 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r6, 0x0) 0s ago: executing program 4 (id=3697): syz_emit_vhci(0x0, 0x22) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000a00)) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f630664"], 0xd) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x3, 0xc8, @any, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0x14) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$binfmt_script(r0, &(0x7f0000000780), 0x208e24b) r2 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x89b0, &(0x7f0000000180)={'macvlan1\x00', &(0x7f0000000000)=@ethtool_dump}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') lseek(r3, 0x4, 0x0) ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffc, 0xffffffffffffffe1, 0x0, 0x0, 0x10001, 0xfffffffffffff924], 0x2}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) syz_emit_vhci(&(0x7f00000005c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0xf0}, @l2cap_cid_signaling={{0xec}, [@l2cap_move_chan_cfm={{0x10, 0xc, 0x4}, {0x5, 0x8}}, @l2cap_conn_rsp={{0x3, 0x0, 0x8}, {0x3, 0xc, 0x0, 0x6}}, @l2cap_conf_rsp={{0x5, 0x31, 0x14}, {0x3, 0xc, 0xbc, [@l2cap_conf_rfc={0x4, 0x9, {0x4, 0x0, 0x0, 0x0, 0x2, 0x7800}}, @l2cap_conf_fcs={0x5, 0x1}]}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x3, 0x2}, {0x100}}, @l2cap_conf_req={{0x4, 0x2, 0x51}, {0x9, 0x3ff, [@l2cap_conf_rfc={0x4, 0x9, {0x2, 0x0, 0x5, 0x2, 0xfffa, 0x2}}, @l2cap_conf_rfc={0x4, 0x9, {0x1, 0x7, 0x42, 0x8001, 0x6, 0x4}}, @l2cap_conf_efs={0x6, 0x10, {0x0, 0x2, 0xffff, 0x2, 0x7fff, 0x7ff}}, @l2cap_conf_mtu={0x1, 0x2, 0xe}, @l2cap_conf_ews={0x7, 0x2, 0x1b1b}, @l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_ews={0x7, 0x2, 0x8}, @l2cap_conf_mtu={0x1, 0x2, 0x1}, @l2cap_conf_efs={0x6, 0x10, {0xff, 0x2, 0xf956, 0x0, 0x1, 0x1}}]}}, @l2cap_info_rsp={{0xb, 0x8, 0x59}, {0x4, 0xaae9, "a6aba2538f93b03e6aef22892d9b98385e1df1b3891207edbf1d954e7423ade5b055495719ea413f488160e3c063ef6461cf331038d364cb0d6f9cec069df069488d19df8ebb3ce2079c2e30af76940121e9ec219f"}}, @l2cap_disconn_rsp={{0x7, 0xa0, 0x4}, {0xffff, 0x101}}]}}, 0xf5) socket$inet6(0xa, 0x6, 0x0) ioctl$TUNGETVNETBE(r3, 0x800454df, &(0x7f00000000c0)=0x1) r5 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r5, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) r6 = socket(0x1, 0x2, 0x0) syz_io_uring_setup(0x27f3, &(0x7f0000000340), 0x0, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_perm_addr={0x33}}) kernel console output (not intermixed with test programs): ddresses unique to avoid problems! [ 2166.375483][T22028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2166.406610][T22028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2166.427163][T22028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2166.457113][T22028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2166.480712][T22028] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2166.621443][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2166.900822][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2166.962380][T22028] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2166.992426][T22028] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2167.008670][T11314] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 2167.027424][T11314] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 2167.068402][T11314] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 2167.103206][T22028] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2167.116485][T22028] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2167.126728][T11314] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 2167.139430][T11314] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 2167.150494][T11314] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 2167.290488][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2167.683538][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2167.818133][T22215] FAULT_INJECTION: forcing a failure. [ 2167.818133][T22215] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2167.878709][T22215] CPU: 0 PID: 22215 Comm: syz.4.3388 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2167.889031][T22215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2167.899141][T22215] Call Trace: [ 2167.902455][T22215] [ 2167.905427][T22215] dump_stack_lvl+0x16c/0x1f0 [ 2167.910171][T22215] should_fail_ex+0x497/0x5b0 [ 2167.914909][T22215] _copy_from_user+0x30/0xf0 [ 2167.919554][T22215] copy_msghdr_from_user+0x99/0x160 [ 2167.924819][T22215] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 2167.930702][T22215] ? __pfx___lock_acquire+0x10/0x10 [ 2167.935981][T22215] ___sys_sendmsg+0xff/0x1e0 [ 2167.940641][T22215] ? __pfx____sys_sendmsg+0x10/0x10 [ 2167.945915][T22215] ? __pfx_lock_release+0x10/0x10 [ 2167.951008][T22215] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 2167.956796][T22215] ? __fget_light+0x173/0x210 [ 2167.961541][T22215] __sys_sendmmsg+0x1a1/0x450 [ 2167.966298][T22215] ? __pfx___sys_sendmmsg+0x10/0x10 [ 2167.971645][T22215] ? vfs_write+0x14d/0x1140 [ 2167.976246][T22215] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 2167.982311][T22215] ? fput+0x32/0x390 [ 2167.986269][T22215] ? ksys_write+0x1ab/0x260 [ 2167.990834][T22215] ? __pfx_ksys_write+0x10/0x10 [ 2167.995844][T22215] __x64_sys_sendmmsg+0x9c/0x100 [ 2168.000849][T22215] ? lockdep_hardirqs_on+0x7c/0x110 [ 2168.006084][T22215] do_syscall_64+0xcd/0x250 [ 2168.010627][T22215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2168.016582][T22215] RIP: 0033:0x7efce7f75bd9 [ 2168.021125][T22215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2168.040774][T22215] RSP: 002b:00007efce8d98048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2168.049217][T22215] RAX: ffffffffffffffda RBX: 00007efce8103f60 RCX: 00007efce7f75bd9 [ 2168.057222][T22215] RDX: 0000000000000001 RSI: 0000000020002c00 RDI: 0000000000000003 [ 2168.065245][T22215] RBP: 00007efce8d980a0 R08: 0000000000000000 R09: 0000000000000000 [ 2168.073245][T22215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2168.081262][T22215] R13: 000000000000000b R14: 00007efce8103f60 R15: 00007fff7fe8a218 [ 2168.089265][T22215] [ 2169.268089][T11314] Bluetooth: hci4: command tx timeout [ 2169.287061][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2169.339755][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2169.970495][T11314] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 2169.999163][T11314] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 2170.081035][T22219] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 2170.098947][T11314] Bluetooth: hci5: ACL packet for unknown connection handle 2505 [ 2170.428107][ T9893] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2170.477092][ T9893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2170.684146][ T12] bridge_slave_1: left allmulticast mode [ 2170.704940][ T12] bridge_slave_1: left promiscuous mode [ 2170.714809][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 2170.751903][ T12] bridge_slave_0: left allmulticast mode [ 2170.770830][ T12] bridge_slave_0: left promiscuous mode [ 2170.810176][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 2171.265977][ T29] audit: type=1400 audit(1720212170.451:2970): avc: denied { mount } for pid=22243 comm="syz.1.3394" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 2171.292041][T22244] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2171.349894][T11314] Bluetooth: hci4: command tx timeout [ 2171.932543][ T29] audit: type=1400 audit(1720212171.111:2971): avc: denied { unmount } for pid=22028 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 2172.175409][T11314] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 2172.448355][T22254] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 2172.462604][T22254] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 2172.537507][T22254] vhci_hcd vhci_hcd.0: Device attached [ 2172.747060][ T1165] vhci_hcd: vhci_device speed not set [ 2172.804179][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2172.837008][ T1165] usb 11-1: new full-speed USB device number 15 using vhci_hcd [ 2172.845601][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2172.878699][ T12] bond0 (unregistering): Released all slaves [ 2172.960522][T22232] sysfs: cannot create duplicate filename '/class/ieee80211/C|+È‚!‡3§rU&6 bÎOo¸ ' 1©|y' [ 2172.970291][T22255] vhci_hcd: connection closed [ 2172.979204][T16693] vhci_hcd: stop threads [ 2172.995649][T22232] CPU: 0 PID: 22232 Comm: syz.3.3391 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2173.005880][T22232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2173.015992][T22232] Call Trace: [ 2173.016706][T16693] vhci_hcd: release socket [ 2173.019330][T22232] [ 2173.019346][T22232] dump_stack_lvl+0x16c/0x1f0 [ 2173.019395][T22232] sysfs_warn_dup+0x7f/0xa0 [ 2173.019447][T22232] sysfs_do_create_link_sd+0x124/0x140 [ 2173.019500][T22232] sysfs_create_link+0x61/0xc0 [ 2173.019561][T22232] device_add+0x62e/0x1a70 [ 2173.019613][T22232] ? __pfx_device_add+0x10/0x10 [ 2173.019662][T22232] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2173.019696][T22232] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 2173.037039][T16693] vhci_hcd: disconnect device [ 2173.041806][T22232] wiphy_register+0x2101/0x2d00 [ 2173.077400][T22232] ? __pfx_wiphy_register+0x10/0x10 [ 2173.082673][T22232] ieee80211_register_hw+0x2683/0x43b0 [ 2173.088221][T22232] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 2173.094104][T22232] ? lockdep_init_map_type+0x16d/0x7d0 [ 2173.099650][T22232] ? __asan_memset+0x23/0x50 [ 2173.104377][T22232] ? __hrtimer_init+0x106/0x2c0 [ 2173.109709][T22232] mac80211_hwsim_new_radio+0x22f6/0x4e50 [ 2173.115567][T22232] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 2173.121692][T22232] ? hwsim_new_radio_nl+0x9b6/0x1240 [ 2173.127037][T22232] ? __asan_memcpy+0x3c/0x60 [ 2173.131677][T22232] hwsim_new_radio_nl+0xaf9/0x1240 [ 2173.136853][T22232] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2173.142460][T22232] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 2173.149912][T22232] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 2173.157348][T22232] genl_family_rcv_msg_doit+0x202/0x2f0 [ 2173.162952][T22232] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 2173.169074][T22232] ? ns_capable+0xd7/0x110 [ 2173.173528][T22232] genl_rcv_msg+0x565/0x800 [ 2173.178199][T22232] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2173.183287][T22232] ? __pfx___lock_acquire+0x10/0x10 [ 2173.189060][T22232] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2173.194662][T22232] netlink_rcv_skb+0x16b/0x440 [ 2173.199484][T22232] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2173.204567][T22232] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2173.209908][T22232] ? down_read+0xc9/0x330 [ 2173.214290][T22232] ? __pfx_down_read+0x10/0x10 [ 2173.219107][T22232] ? netlink_deliver_tap+0x1ae/0xd90 [ 2173.224457][T22232] genl_rcv+0x28/0x40 [ 2173.228485][T22232] netlink_unicast+0x542/0x820 [ 2173.233333][T22232] ? __pfx_netlink_unicast+0x10/0x10 [ 2173.238669][T22232] netlink_sendmsg+0x8b8/0xd70 [ 2173.243471][T22232] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2173.248795][T22232] ? __import_iovec+0x1fd/0x6e0 [ 2173.253675][T22232] ____sys_sendmsg+0xab5/0xc90 [ 2173.258466][T22232] ? copy_msghdr_from_user+0x10b/0x160 [ 2173.263966][T22232] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2173.269289][T22232] ? __pfx___futex_wait+0x10/0x10 [ 2173.274382][T22232] ? __pfx___lock_acquire+0x10/0x10 [ 2173.279645][T22232] ___sys_sendmsg+0x135/0x1e0 [ 2173.284367][T22232] ? __pfx____sys_sendmsg+0x10/0x10 [ 2173.289706][T22232] ? __fget_light+0x173/0x210 [ 2173.294417][T22232] __sys_sendmsg+0x117/0x1f0 [ 2173.299046][T22232] ? __pfx___sys_sendmsg+0x10/0x10 [ 2173.304205][T22232] ? __x64_sys_futex+0x1e1/0x4c0 [ 2173.309189][T22232] do_syscall_64+0xcd/0x250 [ 2173.313731][T22232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2173.319664][T22232] RIP: 0033:0x7f5b24b75bd9 [ 2173.324107][T22232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2173.343827][T22232] RSP: 002b:00007f5b245ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2173.352272][T22232] RAX: ffffffffffffffda RBX: 00007f5b24d04038 RCX: 00007f5b24b75bd9 [ 2173.360266][T22232] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 2173.368258][T22232] RBP: 00007f5b24be4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 2173.376272][T22232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2173.384260][T22232] R13: 000000000000006e R14: 00007f5b24d04038 R15: 00007ffef3b72978 [ 2173.392258][T22232] [ 2173.395416][ C0] vkms_vblank_simulate: vblank timer overrun [ 2173.437039][T11314] Bluetooth: hci4: command tx timeout [ 2173.655203][T22261] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3396'. [ 2173.665298][T22250] netlink: 'syz.1.3395': attribute type 5 has an invalid length. [ 2174.426447][T22273] netlink: 'syz.1.3397': attribute type 4 has an invalid length. [ 2175.019134][T22274] netlink: 'syz.1.3397': attribute type 4 has an invalid length. [ 2175.589849][T11314] Bluetooth: hci4: command tx timeout [ 2175.889463][T22209] chnl_net:caif_netlink_parms(): no params data found [ 2176.634805][ T12] hsr_slave_0: left promiscuous mode [ 2176.680588][ T12] hsr_slave_1: left promiscuous mode [ 2176.715444][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2176.771694][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2176.822321][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2176.850993][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2177.145262][ T12] veth0_macvtap: left promiscuous mode [ 2177.176952][ T12] veth1_vlan: left promiscuous mode [ 2177.192710][T22299] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 2177.210190][ T12] veth0_vlan: left promiscuous mode [ 2177.526324][T11314] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 2178.017188][ T1165] vhci_hcd: vhci_device speed not set [ 2178.729245][T11314] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 2178.753421][T11314] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260 [ 2179.357120][T11314] Bluetooth: hci3: command 0x0406 tx timeout [ 2179.381388][T22326] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 2179.387946][T22326] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 2179.453280][T22326] vhci_hcd vhci_hcd.0: Device attached [ 2179.627673][T10675] vhci_hcd: vhci_device speed not set [ 2179.727227][T10675] usb 17-1: new full-speed USB device number 6 using vhci_hcd [ 2179.765084][ T12] team0 (unregistering): Port device team_slave_1 removed [ 2179.883952][T22327] vhci_hcd: connection reset by peer [ 2179.890598][ T5653] vhci_hcd: stop threads [ 2179.894868][ T5653] vhci_hcd: release socket [ 2179.909648][ T5653] vhci_hcd: disconnect device [ 2179.984705][ T12] team0 (unregistering): Port device team_slave_0 removed [ 2181.254377][T22316] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 2181.267835][T22322] netlink: 'syz.4.3407': attribute type 5 has an invalid length. [ 2181.302520][T22316] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 2181.416063][T22319] sysfs: cannot create duplicate filename '/class/ieee80211/C|+È‚!‡3§rU&6 bÎOo¸ ' 1©|y' [ 2181.660560][T22319] CPU: 1 PID: 22319 Comm: syz.2.3406 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2181.670863][T22319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2181.680959][T22319] Call Trace: [ 2181.684258][T22319] [ 2181.687206][T22319] dump_stack_lvl+0x16c/0x1f0 [ 2181.692004][T22319] sysfs_warn_dup+0x7f/0xa0 [ 2181.696555][T22319] sysfs_do_create_link_sd+0x124/0x140 [ 2181.702068][T22319] sysfs_create_link+0x61/0xc0 [ 2181.706882][T22319] device_add+0x62e/0x1a70 [ 2181.711359][T22319] ? __pfx_device_add+0x10/0x10 [ 2181.716257][T22319] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2181.722175][T22319] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 2181.728197][T22319] wiphy_register+0x2101/0x2d00 [ 2181.733078][T22319] ? __pfx_wiphy_register+0x10/0x10 [ 2181.738402][T22319] ieee80211_register_hw+0x2683/0x43b0 [ 2181.743987][T22319] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 2181.749832][T22319] ? lockdep_init_map_type+0x16d/0x7d0 [ 2181.755336][T22319] ? __asan_memset+0x23/0x50 [ 2181.759970][T22319] ? __hrtimer_init+0x106/0x2c0 [ 2181.764852][T22319] mac80211_hwsim_new_radio+0x22f6/0x4e50 [ 2181.770618][T22319] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 2181.776727][T22319] ? hwsim_new_radio_nl+0x9b6/0x1240 [ 2181.782052][T22319] ? __asan_memcpy+0x3c/0x60 [ 2181.786684][T22319] hwsim_new_radio_nl+0xaf9/0x1240 [ 2181.791841][T22319] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2181.797444][T22319] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 2181.804881][T22319] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 2181.812304][T22319] genl_family_rcv_msg_doit+0x202/0x2f0 [ 2181.817902][T22319] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 2181.824020][T22319] ? ns_capable+0xd7/0x110 [ 2181.828467][T22319] genl_rcv_msg+0x565/0x800 [ 2181.833015][T22319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2181.838080][T22319] ? __pfx___lock_acquire+0x10/0x10 [ 2181.843324][T22319] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2181.848917][T22319] netlink_rcv_skb+0x16b/0x440 [ 2181.853721][T22319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2181.858790][T22319] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2181.864116][T22319] ? down_read+0xc9/0x330 [ 2181.868485][T22319] ? __pfx_down_read+0x10/0x10 [ 2181.873287][T22319] ? netlink_deliver_tap+0x1ae/0xd90 [ 2181.878609][T22319] genl_rcv+0x28/0x40 [ 2181.882633][T22319] netlink_unicast+0x542/0x820 [ 2181.887440][T22319] ? __pfx_netlink_unicast+0x10/0x10 [ 2181.892764][T22319] netlink_sendmsg+0x8b8/0xd70 [ 2181.897574][T22319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2181.902910][T22319] ? __import_iovec+0x1fd/0x6e0 [ 2181.907806][T22319] ____sys_sendmsg+0xab5/0xc90 [ 2181.912617][T22319] ? copy_msghdr_from_user+0x10b/0x160 [ 2181.918118][T22319] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2181.923434][T22319] ? __pfx___futex_wait+0x10/0x10 [ 2181.928481][T22319] ? __pfx___lock_acquire+0x10/0x10 [ 2181.933721][T22319] ? try_to_wake_up+0xc08/0x13e0 [ 2181.938696][T22319] ___sys_sendmsg+0x135/0x1e0 [ 2181.943422][T22319] ? __pfx____sys_sendmsg+0x10/0x10 [ 2181.948667][T22319] ? __fget_light+0x173/0x210 [ 2181.953384][T22319] __sys_sendmsg+0x117/0x1f0 [ 2181.958013][T22319] ? __pfx___sys_sendmsg+0x10/0x10 [ 2181.963163][T22319] ? __x64_sys_futex+0x1e1/0x4c0 [ 2181.968144][T22319] do_syscall_64+0xcd/0x250 [ 2181.972682][T22319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2181.978624][T22319] RIP: 0033:0x7f9cc3775bd9 [ 2181.983061][T22319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2182.002699][T22319] RSP: 002b:00007f9cc44bb048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2182.011146][T22319] RAX: ffffffffffffffda RBX: 00007f9cc3904038 RCX: 00007f9cc3775bd9 [ 2182.019146][T22319] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 2182.027142][T22319] RBP: 00007f9cc37e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 2182.035136][T22319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2182.043128][T22319] R13: 000000000000006e R14: 00007f9cc3904038 R15: 00007ffe19b3da08 [ 2182.051127][T22319] [ 2183.736468][T22209] bridge0: port 1(bridge_slave_0) entered blocking state [ 2183.792856][T22209] bridge0: port 1(bridge_slave_0) entered disabled state [ 2183.921391][T22209] bridge_slave_0: entered allmulticast mode [ 2183.930736][T22209] bridge_slave_0: entered promiscuous mode [ 2183.951612][T22209] bridge0: port 2(bridge_slave_1) entered blocking state [ 2183.959306][T22209] bridge0: port 2(bridge_slave_1) entered disabled state [ 2183.966615][T22209] bridge_slave_1: entered allmulticast mode [ 2183.984841][T22209] bridge_slave_1: entered promiscuous mode [ 2184.192319][T22355] rdma_op ffff88805e8dd9f0 conn xmit_rdma 0000000000000000 [ 2184.275155][T22209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2184.326368][T22209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2185.190266][T22372] netlink: 'syz.1.3414': attribute type 4 has an invalid length. [ 2185.257131][T10675] vhci_hcd: vhci_device speed not set [ 2185.453160][T22209] team0: Port device team_slave_0 added [ 2185.989590][T22376] netlink: 'syz.1.3414': attribute type 4 has an invalid length. [ 2186.157238][T22209] team0: Port device team_slave_1 added [ 2186.324202][T22382] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 2186.391416][T22209] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2186.405867][T22209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2186.479652][T22209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2186.539927][T22209] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2186.563253][T22209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2186.589223][ C0] vkms_vblank_simulate: vblank timer overrun [ 2186.645073][T22209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2187.139950][T11314] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 2187.151483][T22209] hsr_slave_0: entered promiscuous mode [ 2187.200286][T22209] hsr_slave_1: entered promiscuous mode [ 2187.245194][T22209] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2187.276985][T22209] Cannot create hsr debugfs directory [ 2187.285967][T22398] netlink: 'syz.1.3419': attribute type 5 has an invalid length. [ 2187.617903][T22398] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 2187.624451][T22398] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 2187.697568][T22398] vhci_hcd vhci_hcd.0: Device attached [ 2187.899763][T10675] vhci_hcd: vhci_device speed not set [ 2187.968059][T22405] vhci_hcd: connection closed [ 2187.968670][ T9893] vhci_hcd: stop threads [ 2188.006918][T10675] usb 11-1: new full-speed USB device number 16 using vhci_hcd [ 2188.018069][ T9893] vhci_hcd: release socket [ 2188.040893][ T9893] vhci_hcd: disconnect device [ 2189.023054][T11314] Bluetooth: hci5: unexpected event 0x2f length: 763 > 260 [ 2190.963282][T22428] FAULT_INJECTION: forcing a failure. [ 2190.963282][T22428] name failslab, interval 1, probability 0, space 0, times 0 [ 2190.984657][T22428] CPU: 1 PID: 22428 Comm: syz.2.3424 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2190.994835][T22428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2191.004926][T22428] Call Trace: [ 2191.008232][T22428] [ 2191.011180][T22428] dump_stack_lvl+0x16c/0x1f0 [ 2191.015898][T22428] should_fail_ex+0x497/0x5b0 [ 2191.020614][T22428] should_failslab+0x9/0x20 [ 2191.025164][T22428] __kmalloc_node_noprof+0xd5/0x440 [ 2191.030393][T22428] ? seq_read_iter+0xde/0x12c0 [ 2191.035274][T22428] ? kvmalloc_node_noprof+0x9d/0x1a0 [ 2191.040592][T22428] kvmalloc_node_noprof+0x9d/0x1a0 [ 2191.045727][T22428] traverse.part.0.constprop.0+0x392/0x640 [ 2191.051550][T22428] ? __pfx___lock_acquire+0x10/0x10 [ 2191.056779][T22428] ? __pfx_mark_lock+0x10/0x10 [ 2191.061590][T22428] seq_read_iter+0x93a/0x12c0 [ 2191.066279][T22428] ? hlock_class+0x4e/0x130 [ 2191.070803][T22428] seq_read+0x390/0x4d0 [ 2191.074971][T22428] ? __pfx_seq_read+0x10/0x10 [ 2191.079664][T22428] ? __pfx___might_resched+0x10/0x10 [ 2191.084991][T22428] ? selinux_file_permission+0x125/0x590 [ 2191.090661][T22428] ? __pfx_seq_read+0x10/0x10 [ 2191.095353][T22428] proc_reg_read+0x243/0x340 [ 2191.099961][T22428] ? __pfx_proc_reg_read+0x10/0x10 [ 2191.105089][T22428] vfs_readv+0x6cb/0x8a0 [ 2191.109352][T22428] ? find_held_lock+0x2d/0x110 [ 2191.114145][T22428] ? __pfx_vfs_readv+0x10/0x10 [ 2191.118983][T22428] ? find_held_lock+0x2d/0x110 [ 2191.123780][T22428] ? __pfx_lock_release+0x10/0x10 [ 2191.128838][T22428] ? __x64_sys_preadv+0x22b/0x310 [ 2191.133885][T22428] __x64_sys_preadv+0x22b/0x310 [ 2191.138762][T22428] ? __pfx___x64_sys_preadv+0x10/0x10 [ 2191.144172][T22428] do_syscall_64+0xcd/0x250 [ 2191.148737][T22428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2191.154660][T22428] RIP: 0033:0x7f9cc3775bd9 [ 2191.159087][T22428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2191.178739][T22428] RSP: 002b:00007f9cc44dc048 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2191.187179][T22428] RAX: ffffffffffffffda RBX: 00007f9cc3903f60 RCX: 00007f9cc3775bd9 [ 2191.195192][T22428] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004 [ 2191.203202][T22428] RBP: 00007f9cc44dc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2191.211196][T22428] R10: 0000000000800000 R11: 0000000000000246 R12: 0000000000000001 [ 2191.219177][T22428] R13: 000000000000000b R14: 00007f9cc3903f60 R15: 00007ffe19b3da08 [ 2191.227181][T22428] [ 2192.133092][T22422] sysfs: cannot create duplicate filename '/class/ieee80211/C|+È‚!‡3§rU&6 bÎOo¸ ' 1©|y' [ 2192.148419][T22422] CPU: 0 PID: 22422 Comm: syz.4.3422 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2192.158680][T22422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2192.168767][T22422] Call Trace: [ 2192.172069][T22422] [ 2192.175010][T22422] dump_stack_lvl+0x16c/0x1f0 [ 2192.179800][T22422] sysfs_warn_dup+0x7f/0xa0 [ 2192.184356][T22422] sysfs_do_create_link_sd+0x124/0x140 [ 2192.189868][T22422] sysfs_create_link+0x61/0xc0 [ 2192.194688][T22422] device_add+0x62e/0x1a70 [ 2192.199158][T22422] ? __pfx_device_add+0x10/0x10 [ 2192.204068][T22422] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2192.210000][T22422] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 2192.216027][T22422] wiphy_register+0x2101/0x2d00 [ 2192.220900][T22422] ? __pfx_wiphy_register+0x10/0x10 [ 2192.226152][T22422] ? ieee80211_register_hw+0x2407/0x43b0 [ 2192.231914][T22422] ieee80211_register_hw+0x2683/0x43b0 [ 2192.237400][T22422] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 2192.243234][T22422] ? lockdep_init_map_type+0x16d/0x7d0 [ 2192.248727][T22422] ? __asan_memset+0x23/0x50 [ 2192.253354][T22422] ? __hrtimer_init+0x106/0x2c0 [ 2192.258224][T22422] mac80211_hwsim_new_radio+0x22f6/0x4e50 [ 2192.263998][T22422] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 2192.270091][T22422] ? hwsim_new_radio_nl+0x9b6/0x1240 [ 2192.275421][T22422] ? __asan_memcpy+0x3c/0x60 [ 2192.280043][T22422] hwsim_new_radio_nl+0xaf9/0x1240 [ 2192.285184][T22422] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2192.290759][T22422] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 2192.298169][T22422] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 2192.305593][T22422] genl_family_rcv_msg_doit+0x202/0x2f0 [ 2192.311172][T22422] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 2192.317275][T22422] ? ns_capable+0xd7/0x110 [ 2192.321710][T22422] genl_rcv_msg+0x565/0x800 [ 2192.326256][T22422] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2192.331311][T22422] ? __pfx___lock_acquire+0x10/0x10 [ 2192.336546][T22422] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2192.342226][T22422] netlink_rcv_skb+0x16b/0x440 [ 2192.347066][T22422] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2192.352182][T22422] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2192.357552][T22422] ? down_read+0xc9/0x330 [ 2192.361955][T22422] ? __pfx_down_read+0x10/0x10 [ 2192.366802][T22422] ? netlink_deliver_tap+0x1ae/0xd90 [ 2192.372163][T22422] genl_rcv+0x28/0x40 [ 2192.376220][T22422] netlink_unicast+0x542/0x820 [ 2192.381029][T22422] ? __pfx_netlink_unicast+0x10/0x10 [ 2192.386360][T22422] netlink_sendmsg+0x8b8/0xd70 [ 2192.391160][T22422] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2192.396496][T22422] ? __import_iovec+0x1fd/0x6e0 [ 2192.401396][T22422] ____sys_sendmsg+0xab5/0xc90 [ 2192.406241][T22422] ? copy_msghdr_from_user+0x10b/0x160 [ 2192.411769][T22422] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2192.417141][T22422] ? __pfx___futex_wait+0x10/0x10 [ 2192.422238][T22422] ? __pfx___lock_acquire+0x10/0x10 [ 2192.427512][T22422] ? try_to_wake_up+0xc08/0x13e0 [ 2192.432530][T22422] ___sys_sendmsg+0x135/0x1e0 [ 2192.437279][T22422] ? __pfx____sys_sendmsg+0x10/0x10 [ 2192.442562][T22422] ? __fget_light+0x173/0x210 [ 2192.447311][T22422] __sys_sendmsg+0x117/0x1f0 [ 2192.452007][T22422] ? __pfx___sys_sendmsg+0x10/0x10 [ 2192.457194][T22422] ? __x64_sys_futex+0x1e1/0x4c0 [ 2192.462214][T22422] do_syscall_64+0xcd/0x250 [ 2192.466783][T22422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2192.472771][T22422] RIP: 0033:0x7efce7f75bd9 [ 2192.477238][T22422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2192.496923][T22422] RSP: 002b:00007efce8d77048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2192.505399][T22422] RAX: ffffffffffffffda RBX: 00007efce8104038 RCX: 00007efce7f75bd9 [ 2192.513438][T22422] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 2192.521463][T22422] RBP: 00007efce7fe4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 2192.529487][T22422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2192.537508][T22422] R13: 000000000000006e R14: 00007efce8104038 R15: 00007fff7fe8a218 [ 2192.545582][T22422] [ 2193.078016][T22461] netlink: 'syz.2.3429': attribute type 4 has an invalid length. [ 2193.108214][T10675] vhci_hcd: vhci_device speed not set [ 2193.229289][T22466] netlink: 'syz.2.3429': attribute type 4 has an invalid length. [ 2193.621486][T11314] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 2193.712736][T22465] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 2193.721455][T22465] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 2194.527905][T22209] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 2194.558908][T22209] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 2194.594541][T22209] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 2194.637731][T22209] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 2195.187221][T11314] Bluetooth: hci3: command 0x0406 tx timeout [ 2195.368211][T22485] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3436'. [ 2195.493381][T22209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2195.950274][T22209] 8021q: adding VLAN 0 to HW filter on device team0 [ 2196.413342][ T5135] bridge0: port 1(bridge_slave_0) entered blocking state [ 2196.420661][ T5135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2196.469365][ T5135] bridge0: port 2(bridge_slave_1) entered blocking state [ 2196.476626][ T5135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2197.081161][T11314] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 2197.141820][T11314] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260 [ 2197.242232][T22209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2197.593127][T22209] veth0_vlan: entered promiscuous mode [ 2197.653823][T22526] netlink: 'syz.3.3443': attribute type 4 has an invalid length. [ 2197.751963][T22522] sysfs: cannot create duplicate filename '/class/ieee80211/C|+È‚!‡3§rU&6 bÎOo¸ ' 1©|y' [ 2197.797589][T22522] CPU: 1 PID: 22522 Comm: syz.2.3442 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2197.807819][T22522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2197.817922][T22522] Call Trace: [ 2197.821239][T22522] [ 2197.824200][T22522] dump_stack_lvl+0x16c/0x1f0 [ 2197.828938][T22522] sysfs_warn_dup+0x7f/0xa0 [ 2197.833525][T22522] sysfs_do_create_link_sd+0x124/0x140 [ 2197.839034][T22522] sysfs_create_link+0x61/0xc0 [ 2197.843851][T22522] device_add+0x62e/0x1a70 [ 2197.848316][T22522] ? __pfx_device_add+0x10/0x10 [ 2197.853226][T22522] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2197.859152][T22522] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 2197.865184][T22522] wiphy_register+0x2101/0x2d00 [ 2197.870420][T22522] ? __pfx_wiphy_register+0x10/0x10 [ 2197.875664][T22522] ieee80211_register_hw+0x2683/0x43b0 [ 2197.881180][T22522] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 2197.887030][T22522] ? lockdep_init_map_type+0x16d/0x7d0 [ 2197.892534][T22522] ? __asan_memset+0x23/0x50 [ 2197.897161][T22522] ? __hrtimer_init+0x106/0x2c0 [ 2197.902044][T22522] mac80211_hwsim_new_radio+0x22f6/0x4e50 [ 2197.907810][T22522] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 2197.913913][T22522] ? hwsim_new_radio_nl+0x9b6/0x1240 [ 2197.919243][T22522] ? __asan_memcpy+0x3c/0x60 [ 2197.923870][T22522] hwsim_new_radio_nl+0xaf9/0x1240 [ 2197.929026][T22522] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2197.934615][T22522] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 2197.942030][T22522] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 2197.949447][T22522] genl_family_rcv_msg_doit+0x202/0x2f0 [ 2197.955037][T22522] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 2197.961152][T22522] ? ns_capable+0xd7/0x110 [ 2197.965602][T22522] genl_rcv_msg+0x565/0x800 [ 2197.970150][T22522] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2197.975228][T22522] ? __pfx___lock_acquire+0x10/0x10 [ 2197.980669][T22522] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2197.986261][T22522] netlink_rcv_skb+0x16b/0x440 [ 2197.991065][T22522] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2197.996134][T22522] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2198.001463][T22522] ? down_read+0xc9/0x330 [ 2198.005825][T22522] ? __pfx_down_read+0x10/0x10 [ 2198.010628][T22522] ? rcu_is_watching+0x12/0xc0 [ 2198.015416][T22522] genl_rcv+0x28/0x40 [ 2198.019437][T22522] netlink_unicast+0x542/0x820 [ 2198.024238][T22522] ? __pfx_netlink_unicast+0x10/0x10 [ 2198.029561][T22522] netlink_sendmsg+0x8b8/0xd70 [ 2198.034361][T22522] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2198.039678][T22522] ? __import_iovec+0x1fd/0x6e0 [ 2198.044567][T22522] ____sys_sendmsg+0xab5/0xc90 [ 2198.049378][T22522] ? copy_msghdr_from_user+0x10b/0x160 [ 2198.054873][T22522] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2198.060185][T22522] ? __pfx___futex_wait+0x10/0x10 [ 2198.065234][T22522] ? __pfx___lock_acquire+0x10/0x10 [ 2198.070475][T22522] ___sys_sendmsg+0x135/0x1e0 [ 2198.075188][T22522] ? __pfx____sys_sendmsg+0x10/0x10 [ 2198.080436][T22522] ? __fget_light+0x173/0x210 [ 2198.085150][T22522] __sys_sendmsg+0x117/0x1f0 [ 2198.089779][T22522] ? __pfx___sys_sendmsg+0x10/0x10 [ 2198.094934][T22522] ? __x64_sys_futex+0x1e1/0x4c0 [ 2198.099917][T22522] do_syscall_64+0xcd/0x250 [ 2198.104462][T22522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2198.110399][T22522] RIP: 0033:0x7f9cc3775bd9 [ 2198.114832][T22522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2198.134465][T22522] RSP: 002b:00007f9cc44bb048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2198.142936][T22522] RAX: ffffffffffffffda RBX: 00007f9cc3904038 RCX: 00007f9cc3775bd9 [ 2198.150956][T22522] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 2198.158956][T22522] RBP: 00007f9cc37e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 2198.166973][T22522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2198.175049][T22522] R13: 000000000000006e R14: 00007f9cc3904038 R15: 00007ffe19b3da08 [ 2198.183050][T22522] [ 2198.186256][ C1] vkms_vblank_simulate: vblank timer overrun [ 2198.262837][T22209] veth1_vlan: entered promiscuous mode [ 2198.435066][T22529] netlink: 'syz.3.3443': attribute type 4 has an invalid length. [ 2198.516090][T11314] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 2198.863905][T22209] veth0_macvtap: entered promiscuous mode [ 2198.961459][T22209] veth1_macvtap: entered promiscuous mode [ 2199.098969][T22209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2199.147203][T22209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.187451][T22209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2199.216056][T22209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.279730][T22209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2199.337030][T22209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.365458][T22209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2199.405930][T22209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.450456][T22209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2199.505822][T22209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.568661][T22209] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2199.610477][T22209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2199.660335][T22209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.706932][T22209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2199.747395][T22209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.795274][T22209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2199.824795][T22209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.876740][T22209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2199.926985][T22209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.971676][T22209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2200.008311][T22209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2200.057646][T22209] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2200.140466][T22209] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2200.194242][T22209] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2200.247074][T22209] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2200.307511][T22209] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2200.976259][T16693] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2200.996015][T16693] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2201.169862][T16693] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2201.214961][T16693] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2206.469137][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2206.583474][T22584] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2206.641814][T22594] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3451'. [ 2206.794031][T22600] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3455'. [ 2207.047274][T22603] raw_sendmsg: syz.1.3456 forgot to set AF_INET. Fix it! [ 2207.055646][T11314] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 2207.075798][T11314] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 2207.078856][T22603] FAULT_INJECTION: forcing a failure. [ 2207.078856][T22603] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2207.151375][T22609] FAULT_INJECTION: forcing a failure. [ 2207.151375][T22609] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2207.155845][T22603] CPU: 1 PID: 22603 Comm: syz.1.3456 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2207.174690][T22603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2207.184795][T22603] Call Trace: [ 2207.188113][T22603] [ 2207.191085][T22603] dump_stack_lvl+0x16c/0x1f0 [ 2207.195830][T22603] should_fail_ex+0x497/0x5b0 [ 2207.200564][T22603] _copy_from_user+0x30/0xf0 [ 2207.205210][T22603] copy_msghdr_from_user+0x99/0x160 [ 2207.210486][T22603] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 2207.216362][T22603] ? find_held_lock+0x2d/0x110 [ 2207.221186][T22603] ___sys_recvmsg+0xdc/0x1a0 [ 2207.225836][T22603] ? __pfx____sys_recvmsg+0x10/0x10 [ 2207.231105][T22603] ? __fget_light+0x173/0x210 [ 2207.235852][T22603] do_recvmmsg+0x2ba/0x750 [ 2207.240340][T22603] ? __pfx_do_recvmmsg+0x10/0x10 [ 2207.245337][T22603] ? vfs_write+0x14d/0x1140 [ 2207.249901][T22603] ? __mutex_unlock_slowpath+0x164/0x650 [ 2207.255596][T22603] __x64_sys_recvmmsg+0x239/0x290 [ 2207.260669][T22603] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 2207.266259][T22603] do_syscall_64+0xcd/0x250 [ 2207.270799][T22603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2207.276742][T22603] RIP: 0033:0x7f8fd7175bd9 [ 2207.281179][T22603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2207.301251][T22603] RSP: 002b:00007f8fd8027048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 2207.309725][T22603] RAX: ffffffffffffffda RBX: 00007f8fd7303f60 RCX: 00007f8fd7175bd9 [ 2207.317719][T22603] RDX: 0000000000000001 RSI: 0000000020002800 RDI: 0000000000000003 [ 2207.325718][T22603] RBP: 00007f8fd80270a0 R08: 0000000000000000 R09: 0000000000000000 [ 2207.333703][T22603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2207.341691][T22603] R13: 000000000000000b R14: 00007f8fd7303f60 R15: 00007fff82b38ee8 [ 2207.349683][T22603] [ 2207.352924][T22609] CPU: 0 PID: 22609 Comm: syz.4.3459 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2207.363119][T22609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2207.373187][T22609] Call Trace: [ 2207.376472][T22609] [ 2207.379413][T22609] dump_stack_lvl+0x16c/0x1f0 [ 2207.384109][T22609] should_fail_ex+0x497/0x5b0 [ 2207.388818][T22609] _copy_to_user+0x30/0xc0 [ 2207.393352][T22609] simple_read_from_buffer+0xd0/0x160 [ 2207.398810][T22609] proc_fail_nth_read+0x1b0/0x290 [ 2207.403864][T22609] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2207.409454][T22609] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2207.415032][T22609] vfs_read+0x1d4/0xbd0 [ 2207.419218][T22609] ? __pfx_vfs_read+0x10/0x10 [ 2207.423918][T22609] ? irqentry_exit+0x3b/0x90 [ 2207.428533][T22609] ? lockdep_hardirqs_on+0x7c/0x110 [ 2207.433772][T22609] ? __fget_light+0x173/0x210 [ 2207.438471][T22609] ? do_fcntl+0x114/0x1380 [ 2207.442900][T22609] ? __pfx_do_fcntl+0x10/0x10 [ 2207.447589][T22609] ? __fget_light+0x173/0x210 [ 2207.452283][T22609] ksys_read+0x12f/0x260 [ 2207.456548][T22609] ? __pfx_ksys_read+0x10/0x10 [ 2207.461337][T22609] do_syscall_64+0xcd/0x250 [ 2207.465862][T22609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2207.471803][T22609] RIP: 0033:0x7efce7f746bc [ 2207.476225][T22609] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 2207.495848][T22609] RSP: 002b:00007efce8d98040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2207.504278][T22609] RAX: ffffffffffffffda RBX: 00007efce8103f60 RCX: 00007efce7f746bc [ 2207.512258][T22609] RDX: 000000000000000f RSI: 00007efce8d980b0 RDI: 0000000000000004 [ 2207.520236][T22609] RBP: 00007efce8d980a0 R08: 0000000000000000 R09: 0000000000000000 [ 2207.528213][T22609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2207.536213][T22609] R13: 000000000000000b R14: 00007efce8103f60 R15: 00007fff7fe8a218 [ 2207.544200][T22609] [ 2210.751454][T22645] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2211.056409][T22650] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3467'. [ 2211.486246][T22657] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3469'. [ 2212.714920][T22675] FAULT_INJECTION: forcing a failure. [ 2212.714920][T22675] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2212.730625][T22668] FAULT_INJECTION: forcing a failure. [ 2212.730625][T22668] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2212.747775][T22668] CPU: 1 PID: 22668 Comm: syz.0.3472 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2212.757995][T22668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2212.768072][T22668] Call Trace: [ 2212.771394][T22668] [ 2212.774341][T22668] dump_stack_lvl+0x16c/0x1f0 [ 2212.779055][T22668] should_fail_ex+0x497/0x5b0 [ 2212.783766][T22668] _copy_from_user+0x30/0xf0 [ 2212.788381][T22668] sctp_getsockopt_paddr_thresholds.constprop.0+0xc5/0x4f0 [ 2212.795615][T22668] ? __pfx_sctp_getsockopt_paddr_thresholds.constprop.0+0x10/0x10 [ 2212.803452][T22668] ? mark_held_locks+0x9f/0xe0 [ 2212.808253][T22668] ? sctp_getsockopt+0x2e4/0x74a0 [ 2212.813304][T22668] ? __local_bh_enable_ip+0xa4/0x120 [ 2212.818616][T22668] sctp_getsockopt+0x21f7/0x74a0 [ 2212.823590][T22668] ? avc_has_perm_noaudit+0x119/0x3a0 [ 2212.829010][T22668] ? __pfx_lock_release+0x10/0x10 [ 2212.834087][T22668] ? __pfx_mark_lock+0x10/0x10 [ 2212.838887][T22668] ? __lock_acquire+0xc5d/0x3b30 [ 2212.843866][T22668] ? __pfx_sctp_getsockopt+0x10/0x10 [ 2212.849180][T22668] ? avc_has_perm_noaudit+0x143/0x3a0 [ 2212.854581][T22668] ? avc_has_perm+0x11b/0x1c0 [ 2212.859378][T22668] ? __pfx_avc_has_perm+0x10/0x10 [ 2212.864428][T22668] ? __lock_acquire+0xc5d/0x3b30 [ 2212.869407][T22668] ? sock_has_perm+0x25a/0x2f0 [ 2212.874206][T22668] ? __pfx_sock_has_perm+0x10/0x10 [ 2212.879356][T22668] ? find_held_lock+0x2d/0x110 [ 2212.884153][T22668] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 2212.890103][T22668] ? do_sock_getsockopt+0x2e5/0x760 [ 2212.895339][T22668] do_sock_getsockopt+0x2e5/0x760 [ 2212.900414][T22668] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 2212.905999][T22668] ? __fget_files+0x256/0x400 [ 2212.910714][T22668] ? __fget_light+0x173/0x210 [ 2212.915423][T22668] __sys_getsockopt+0x1a1/0x270 [ 2212.920305][T22668] ? __pfx___sys_getsockopt+0x10/0x10 [ 2212.925727][T22668] ? fput+0x32/0x390 [ 2212.929746][T22668] ? ksys_write+0x1ab/0x260 [ 2212.934290][T22668] ? __pfx_ksys_write+0x10/0x10 [ 2212.939175][T22668] __x64_sys_getsockopt+0xbd/0x160 [ 2212.944321][T22668] ? do_syscall_64+0x91/0x250 [ 2212.949031][T22668] ? lockdep_hardirqs_on+0x7c/0x110 [ 2212.954267][T22668] do_syscall_64+0xcd/0x250 [ 2212.958831][T22668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2212.964771][T22668] RIP: 0033:0x7f7740775bd9 [ 2212.969214][T22668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2212.988938][T22668] RSP: 002b:00007f77414a9048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 2212.997379][T22668] RAX: ffffffffffffffda RBX: 00007f7740904038 RCX: 00007f7740775bd9 [ 2213.005367][T22668] RDX: 0000000000000025 RSI: 0000000000000084 RDI: 0000000000000004 [ 2213.013376][T22668] RBP: 00007f77414a90a0 R08: 0000000020000340 R09: 0000000000000000 [ 2213.021389][T22668] R10: 00000000200003c0 R11: 0000000000000246 R12: 0000000000000001 [ 2213.029398][T22668] R13: 000000000000006e R14: 00007f7740904038 R15: 00007ffc0dbba918 [ 2213.037407][T22668] [ 2213.040514][ C1] vkms_vblank_simulate: vblank timer overrun [ 2213.049093][T22675] CPU: 1 PID: 22675 Comm: syz.3.3474 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2213.059302][T22675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2213.069390][T22675] Call Trace: [ 2213.072701][T22675] [ 2213.075657][T22675] dump_stack_lvl+0x16c/0x1f0 [ 2213.080414][T22675] should_fail_ex+0x497/0x5b0 [ 2213.085147][T22675] _copy_from_user+0x30/0xf0 [ 2213.089785][T22675] do_ipv6_setsockopt+0x97d/0x47b0 [ 2213.094943][T22675] ? find_held_lock+0x2d/0x110 [ 2213.099768][T22675] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 2213.105360][T22675] ? __pfx_lock_release+0x10/0x10 [ 2213.110448][T22675] ? __pfx_mark_lock+0x10/0x10 [ 2213.115533][T22675] ? __lock_acquire+0xc5d/0x3b30 [ 2213.120575][T22675] ? avc_has_perm_noaudit+0x143/0x3a0 [ 2213.126030][T22675] ? avc_has_perm+0x11b/0x1c0 [ 2213.130765][T22675] ? __pfx_avc_has_perm+0x10/0x10 [ 2213.135837][T22675] ? __lock_acquire+0xc5d/0x3b30 [ 2213.140810][T22675] ? sock_has_perm+0x25a/0x2f0 [ 2213.145640][T22675] ? __pfx_sock_has_perm+0x10/0x10 [ 2213.150791][T22675] ? ipv6_setsockopt+0xe3/0x1a0 [ 2213.155690][T22675] ipv6_setsockopt+0xe3/0x1a0 [ 2213.160523][T22675] rawv6_setsockopt+0xd7/0x680 [ 2213.165319][T22675] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 2213.170721][T22675] ? selinux_socket_setsockopt+0x6a/0x80 [ 2213.176376][T22675] ? sock_common_setsockopt+0x2e/0xf0 [ 2213.181771][T22675] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 2213.187689][T22675] do_sock_setsockopt+0x222/0x480 [ 2213.192753][T22675] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 2213.198332][T22675] ? __fget_light+0x173/0x210 [ 2213.203029][T22675] __sys_setsockopt+0x1a4/0x270 [ 2213.207898][T22675] ? __pfx___sys_setsockopt+0x10/0x10 [ 2213.213299][T22675] ? fput+0x32/0x390 [ 2213.217216][T22675] ? ksys_write+0x1ab/0x260 [ 2213.221740][T22675] ? __pfx_ksys_write+0x10/0x10 [ 2213.226618][T22675] __x64_sys_setsockopt+0xbd/0x160 [ 2213.231776][T22675] ? do_syscall_64+0x91/0x250 [ 2213.236504][T22675] ? lockdep_hardirqs_on+0x7c/0x110 [ 2213.241920][T22675] do_syscall_64+0xcd/0x250 [ 2213.246448][T22675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2213.252382][T22675] RIP: 0033:0x7f5b24b75bd9 [ 2213.256805][T22675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2213.276443][T22675] RSP: 002b:00007f5b25867048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2213.284869][T22675] RAX: ffffffffffffffda RBX: 00007f5b24d03f60 RCX: 00007f5b24b75bd9 [ 2213.292852][T22675] RDX: 0000000000000023 RSI: 0000000000000029 RDI: 0000000000000003 [ 2213.300923][T22675] RBP: 00007f5b258670a0 R08: 00000000000000a8 R09: 0000000000000000 [ 2213.308909][T22675] R10: 0000000020001840 R11: 0000000000000246 R12: 0000000000000001 [ 2213.316902][T22675] R13: 000000000000000b R14: 00007f5b24d03f60 R15: 00007ffef3b72978 [ 2213.324934][T22675] [ 2213.328004][ C1] vkms_vblank_simulate: vblank timer overrun [ 2213.593507][T21457] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 2213.671932][T21457] Bluetooth: hci0: unexpected event 0x2f length: 763 > 260 [ 2214.278237][ T29] audit: type=1400 audit(1720212213.461:2972): avc: denied { listen } for pid=22679 comm="syz.3.3478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 2214.369030][T22691] debugfs: Directory 'C|+È‚!‡3§rU&6 bÎOo¸ ' 1©|y' with parent 'ieee80211' already present! [ 2214.399763][T21457] Bluetooth: hci5: command 0x0406 tx timeout [ 2214.689656][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2214.825132][T22695] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2215.135275][T11314] Bluetooth: hci2: unexpected event for opcode 0x040d [ 2215.391191][T22703] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3482'. [ 2215.849642][ T29] audit: type=1400 audit(1720212215.041:2973): avc: denied { bind } for pid=22713 comm="syz.2.3483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 2215.869216][ C1] vkms_vblank_simulate: vblank timer overrun [ 2215.881740][T22714] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2216.432145][T11314] Bluetooth: hci2: unexpected event 0x04 length: 11 > 10 [ 2216.432190][T11314] Bluetooth: unknown link type 5 [ 2216.444471][T11314] Bluetooth: hci2: connection err: -111 [ 2216.967166][ T29] audit: type=1326 audit(1720212216.151:2974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22735 comm="syz.1.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2216.990680][ C1] vkms_vblank_simulate: vblank timer overrun [ 2217.105922][ T5135] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 2217.136194][ T29] audit: type=1326 audit(1720212216.161:2975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22735 comm="syz.1.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2217.222310][ T29] audit: type=1326 audit(1720212216.161:2976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22735 comm="syz.1.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2217.304660][ T29] audit: type=1326 audit(1720212216.161:2977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22735 comm="syz.1.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2217.337045][ T5135] usb 5-1: Using ep0 maxpacket: 8 [ 2217.358344][T16551] usb 3-1: new low-speed USB device number 17 using dummy_hcd [ 2217.372729][ T5135] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2217.383599][ T5135] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 2217.395336][ T5135] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 2217.412614][ T29] audit: type=1326 audit(1720212216.161:2978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22735 comm="syz.1.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2217.436286][ C1] vkms_vblank_simulate: vblank timer overrun [ 2217.453316][ T5135] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 2217.490359][ T5135] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 2217.499874][ T29] audit: type=1326 audit(1720212216.161:2979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22735 comm="syz.1.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2217.523383][ C1] vkms_vblank_simulate: vblank timer overrun [ 2217.531233][ T5135] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2217.540539][T16551] usb 3-1: device descriptor read/64, error -71 [ 2217.559740][ T29] audit: type=1326 audit(1720212216.161:2980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22735 comm="syz.1.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2217.589108][ T5135] hub 5-1:1.0: bad descriptor, ignoring hub [ 2217.601326][ T5135] hub 5-1:1.0: probe with driver hub failed with error -5 [ 2217.613824][ T5135] cdc_wdm 5-1:1.0: skipping garbage [ 2217.619946][ T5135] cdc_wdm 5-1:1.0: skipping garbage [ 2217.627075][ T29] audit: type=1326 audit(1720212216.161:2981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22735 comm="syz.1.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2217.670392][ T5135] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 2217.676539][ T5135] cdc_wdm 5-1:1.0: Unknown control protocol [ 2217.816357][T22731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2217.825035][T16551] usb 3-1: new low-speed USB device number 18 using dummy_hcd [ 2217.857402][T22731] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2218.038864][T16551] usb 3-1: device descriptor read/64, error -71 [ 2218.332393][T16551] usb usb3-port1: attempt power cycle [ 2218.827023][T16551] usb 3-1: new low-speed USB device number 19 using dummy_hcd [ 2218.973662][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2218.994751][T22748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2219.257244][T16551] usb 3-1: device descriptor read/8, error -71 [ 2219.257309][T11314] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 2219.272761][T11314] Bluetooth: hci2: Injecting HCI hardware error event [ 2219.291412][T11314] Bluetooth: hci2: hardware error 0x00 [ 2219.304212][T22752] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2219.401604][T22748] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2219.568296][T22731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2219.571790][T22757] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3494'. [ 2219.597579][T22731] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2219.787980][T18659] usb 5-1: USB disconnect, device number 8 [ 2219.907401][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 2219.907427][ T29] audit: type=1400 audit(1720212219.091:3005): avc: denied { watch } for pid=22766 comm="syz.1.3497" path="/27/file0" dev="tmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 2219.936115][ C1] vkms_vblank_simulate: vblank timer overrun [ 2219.964263][T22767] FAULT_INJECTION: forcing a failure. [ 2219.964263][T22767] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2220.007018][T22767] CPU: 1 PID: 22767 Comm: syz.1.3497 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2220.017260][T22767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2220.027419][T22767] Call Trace: [ 2220.030724][T22767] [ 2220.033666][T22767] dump_stack_lvl+0x16c/0x1f0 [ 2220.038368][T22767] should_fail_ex+0x497/0x5b0 [ 2220.043063][T22767] _copy_to_user+0x30/0xc0 [ 2220.047513][T22767] inotify_read+0x356/0x8c0 [ 2220.052037][T22767] ? __pfx_inotify_read+0x10/0x10 [ 2220.057079][T22767] ? __pfx_woken_wake_function+0x10/0x10 [ 2220.062736][T22767] ? __pfx_inotify_read+0x10/0x10 [ 2220.067804][T22767] vfs_readv+0x6cb/0x8a0 [ 2220.072116][T22767] ? __pfx_vfs_readv+0x10/0x10 [ 2220.076930][T22767] ? __fget_files+0x24c/0x400 [ 2220.081640][T22767] ? do_readv+0x137/0x370 [ 2220.085993][T22767] do_readv+0x137/0x370 [ 2220.090181][T22767] ? __pfx_do_readv+0x10/0x10 [ 2220.094903][T22767] do_syscall_64+0xcd/0x250 [ 2220.099479][T22767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2220.105405][T22767] RIP: 0033:0x7f8fd7175bd9 [ 2220.109831][T22767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2220.129462][T22767] RSP: 002b:00007f8fd8027048 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 2220.137908][T22767] RAX: ffffffffffffffda RBX: 00007f8fd7303f60 RCX: 00007f8fd7175bd9 [ 2220.145889][T22767] RDX: 0000000000000002 RSI: 0000000020000100 RDI: 0000000000000004 [ 2220.153879][T22767] RBP: 00007f8fd80270a0 R08: 0000000000000000 R09: 0000000000000000 [ 2220.161878][T22767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2220.169958][T22767] R13: 000000000000000b R14: 00007f8fd7303f60 R15: 00007fff82b38ee8 [ 2220.177969][T22767] [ 2220.181144][ C1] vkms_vblank_simulate: vblank timer overrun [ 2220.208612][T22765] 9pnet_fd: Insufficient options for proto=fd [ 2220.552091][T21457] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 2220.577740][T21457] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 2221.407506][T11314] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 2222.054854][T22777] sysfs: cannot create duplicate filename '/class/ieee80211/C|+È‚!‡3§rU&6 bÎOo¸ ' 1©|y' [ 2222.079459][ T29] audit: type=1326 audit(1720212221.251:3006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22783 comm="syz.4.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2222.133345][T22777] CPU: 0 PID: 22777 Comm: syz.3.3499 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2222.143674][T22777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2222.153782][T22777] Call Trace: [ 2222.157096][T22777] [ 2222.160054][T22777] dump_stack_lvl+0x16c/0x1f0 [ 2222.164792][T22777] sysfs_warn_dup+0x7f/0xa0 [ 2222.169323][T22777] sysfs_do_create_link_sd+0x124/0x140 [ 2222.174842][T22777] sysfs_create_link+0x61/0xc0 [ 2222.179657][T22777] device_add+0x62e/0x1a70 [ 2222.184104][T22777] ? __pfx_device_add+0x10/0x10 [ 2222.188986][T22777] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2222.194896][T22777] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 2222.200950][T22777] wiphy_register+0x2101/0x2d00 [ 2222.205824][T22777] ? __pfx_wiphy_register+0x10/0x10 [ 2222.211047][T22777] ieee80211_register_hw+0x2683/0x43b0 [ 2222.216541][T22777] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 2222.222372][T22777] ? __hrtimer_init+0x63/0x2c0 [ 2222.227160][T22777] ? __asan_memset+0x23/0x50 [ 2222.231788][T22777] ? __hrtimer_init+0x106/0x2c0 [ 2222.236673][T22777] mac80211_hwsim_new_radio+0x22f6/0x4e50 [ 2222.242425][T22777] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 2222.248519][T22777] ? hwsim_new_radio_nl+0x9b6/0x1240 [ 2222.253828][T22777] ? __asan_memcpy+0x3c/0x60 [ 2222.258443][T22777] hwsim_new_radio_nl+0xaf9/0x1240 [ 2222.263590][T22777] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2222.269168][T22777] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 2222.276567][T22777] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 2222.283977][T22777] genl_family_rcv_msg_doit+0x202/0x2f0 [ 2222.289589][T22777] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 2222.295692][T22777] ? ns_capable+0xd7/0x110 [ 2222.300127][T22777] genl_rcv_msg+0x565/0x800 [ 2222.304659][T22777] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2222.309731][T22777] ? __pfx___lock_acquire+0x10/0x10 [ 2222.314957][T22777] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2222.320532][T22777] netlink_rcv_skb+0x16b/0x440 [ 2222.325322][T22777] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2222.330376][T22777] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2222.335688][T22777] ? down_read+0xc9/0x330 [ 2222.340054][T22777] ? __pfx_down_read+0x10/0x10 [ 2222.344842][T22777] ? rcu_is_watching+0x12/0xc0 [ 2222.349647][T22777] genl_rcv+0x28/0x40 [ 2222.353659][T22777] netlink_unicast+0x542/0x820 [ 2222.358451][T22777] ? __pfx_netlink_unicast+0x10/0x10 [ 2222.363770][T22777] netlink_sendmsg+0x8b8/0xd70 [ 2222.368593][T22777] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2222.373913][T22777] ? __import_iovec+0x1fd/0x6e0 [ 2222.378793][T22777] ____sys_sendmsg+0xab5/0xc90 [ 2222.383599][T22777] ? copy_msghdr_from_user+0x10b/0x160 [ 2222.389089][T22777] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2222.394398][T22777] ? __pfx___lock_acquire+0x10/0x10 [ 2222.399622][T22777] ? try_to_wake_up+0xc08/0x13e0 [ 2222.404582][T22777] ___sys_sendmsg+0x135/0x1e0 [ 2222.409290][T22777] ? __pfx____sys_sendmsg+0x10/0x10 [ 2222.414520][T22777] ? __pfx_futex_wake+0x10/0x10 [ 2222.419405][T22777] ? __fget_light+0x173/0x210 [ 2222.424102][T22777] __sys_sendmsg+0x117/0x1f0 [ 2222.428716][T22777] ? __pfx___sys_sendmsg+0x10/0x10 [ 2222.433853][T22777] ? __x64_sys_futex+0x1e1/0x4c0 [ 2222.438822][T22777] do_syscall_64+0xcd/0x250 [ 2222.443353][T22777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2222.449298][T22777] RIP: 0033:0x7f5b24b75bd9 [ 2222.453768][T22777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2222.473420][T22777] RSP: 002b:00007f5b245ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2222.481855][T22777] RAX: ffffffffffffffda RBX: 00007f5b24d04038 RCX: 00007f5b24b75bd9 [ 2222.489845][T22777] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 2222.497831][T22777] RBP: 00007f5b24be4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 2222.505814][T22777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2222.513807][T22777] R13: 000000000000006e R14: 00007f5b24d04038 R15: 00007ffef3b72978 [ 2222.521823][T22777] [ 2222.537125][ T29] audit: type=1326 audit(1720212221.271:3007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22783 comm="syz.4.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2222.624157][ T29] audit: type=1326 audit(1720212221.271:3008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22783 comm="syz.4.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2222.735615][ T29] audit: type=1326 audit(1720212221.271:3009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22783 comm="syz.4.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2222.881209][ T29] audit: type=1326 audit(1720212221.301:3010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22783 comm="syz.4.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2222.904878][ C1] vkms_vblank_simulate: vblank timer overrun [ 2223.102936][ T29] audit: type=1326 audit(1720212221.301:3011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22783 comm="syz.4.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2223.239035][ T29] audit: type=1326 audit(1720212221.301:3012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22783 comm="syz.4.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2223.340339][ T29] audit: type=1326 audit(1720212221.301:3013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22783 comm="syz.4.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2223.375902][ T29] audit: type=1326 audit(1720212221.301:3014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22783 comm="syz.4.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2223.648377][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2223.697884][T22803] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2224.290486][T22820] FAULT_INJECTION: forcing a failure. [ 2224.290486][T22820] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2224.363174][T22820] CPU: 1 PID: 22820 Comm: syz.0.3510 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2224.373412][T22820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2224.383508][T22820] Call Trace: [ 2224.386833][T22820] [ 2224.389807][T22820] dump_stack_lvl+0x16c/0x1f0 [ 2224.394566][T22820] should_fail_ex+0x497/0x5b0 [ 2224.399306][T22820] _copy_to_user+0x30/0xc0 [ 2224.403788][T22820] simple_read_from_buffer+0xd0/0x160 [ 2224.409267][T22820] proc_fail_nth_read+0x1b0/0x290 [ 2224.414357][T22820] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2224.419973][T22820] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2224.425588][T22820] vfs_read+0x1d4/0xbd0 [ 2224.429846][T22820] ? __fdget_pos+0xeb/0x180 [ 2224.434417][T22820] ? __pfx_vfs_read+0x10/0x10 [ 2224.439151][T22820] ? __pfx___mutex_lock+0x10/0x10 [ 2224.444248][T22820] ? __fget_files+0x256/0x400 [ 2224.448990][T22820] ksys_read+0x12f/0x260 [ 2224.453293][T22820] ? __pfx_ksys_read+0x10/0x10 [ 2224.458127][T22820] do_syscall_64+0xcd/0x250 [ 2224.462714][T22820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2224.468775][T22820] RIP: 0033:0x7f77407746bc [ 2224.473236][T22820] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 2224.492912][T22820] RSP: 002b:00007f77414ca040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2224.501396][T22820] RAX: ffffffffffffffda RBX: 00007f7740903f60 RCX: 00007f77407746bc [ 2224.509414][T22820] RDX: 000000000000000f RSI: 00007f77414ca0b0 RDI: 0000000000000003 [ 2224.517434][T22820] RBP: 00007f77414ca0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2224.525462][T22820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2224.533469][T22820] R13: 000000000000000b R14: 00007f7740903f60 R15: 00007ffc0dbba918 [ 2224.541476][T22820] [ 2224.544675][ C1] vkms_vblank_simulate: vblank timer overrun [ 2224.558288][T22818] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3509'. [ 2224.707155][ T1165] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 2224.806943][T10675] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 2224.925502][ T1165] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 2224.935826][ T1165] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 2224.972923][ T1165] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 2224.991075][ T1165] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 2225.014209][T10675] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 2225.023313][T10675] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 2225.039497][ T1165] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 2225.061444][T10675] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 2225.097468][T10675] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 2225.127126][ T1165] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 2225.136240][ T1165] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 2225.146900][T10675] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 2225.171928][ T1165] usb 5-1: Product: syz [ 2225.176183][ T1165] usb 5-1: Manufacturer: syz [ 2225.189941][T10675] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 2225.210387][ T1165] cdc_wdm 5-1:1.0: skipping garbage [ 2225.222960][T10675] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 2225.234432][ T1165] cdc_wdm 5-1:1.0: skipping garbage [ 2225.240854][T10675] usb 2-1: Product: syz [ 2225.254994][T10675] usb 2-1: Manufacturer: syz [ 2225.261693][ T1165] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 2225.287854][ T1165] cdc_wdm 5-1:1.0: Unknown control protocol [ 2225.304663][T10675] cdc_wdm 2-1:1.0: skipping garbage [ 2225.315037][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2225.325174][T10675] cdc_wdm 2-1:1.0: skipping garbage [ 2225.341485][T10675] cdc_wdm 2-1:1.0: cdc-wdm1: USB WDM device [ 2225.357501][T10675] cdc_wdm 2-1:1.0: Unknown control protocol [ 2225.416562][T10675] usb 5-1: USB disconnect, device number 9 [ 2225.512736][ T51] usb 2-1: USB disconnect, device number 21 [ 2225.688247][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2225.773814][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2225.800239][T22836] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2226.995706][T22843] vivid-004: kernel_thread() failed [ 2227.035178][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2227.337639][T11314] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 2227.448659][T21457] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2227.481902][T21457] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2227.491797][T21457] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2227.494564][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2227.544255][T21457] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2227.592545][T21457] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 2227.604445][T21457] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2227.674655][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 2227.681272][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 2227.984112][T22855] debugfs: Directory 'C|+È‚!‡3§rU&6 bÎOo¸ ' 1©|y' with parent 'ieee80211' already present! [ 2228.845559][T22875] FAULT_INJECTION: forcing a failure. [ 2228.845559][T22875] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2228.869977][T22875] CPU: 1 PID: 22875 Comm: syz.2.3525 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2228.880210][T22875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2228.890324][T22875] Call Trace: [ 2228.893621][T22875] [ 2228.896570][T22875] dump_stack_lvl+0x16c/0x1f0 [ 2228.901293][T22875] should_fail_ex+0x497/0x5b0 [ 2228.906005][T22875] _copy_from_user+0x30/0xf0 [ 2228.910624][T22875] __do_sys_kcmp+0x85d/0xdd0 [ 2228.915250][T22875] ? __pfx___do_sys_kcmp+0x10/0x10 [ 2228.920398][T22875] do_syscall_64+0xcd/0x250 [ 2228.924938][T22875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2228.930874][T22875] RIP: 0033:0x7f9cc3775bd9 [ 2228.935309][T22875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2228.954944][T22875] RSP: 002b:00007f9cc449a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000138 [ 2228.963401][T22875] RAX: ffffffffffffffda RBX: 00007f9cc3904110 RCX: 00007f9cc3775bd9 [ 2228.971403][T22875] RDX: 0000000000000007 RSI: 000000000000019c RDI: 000000000000019e [ 2228.979397][T22875] RBP: 00007f9cc449a0a0 R08: 0000000020000040 R09: 0000000000000000 [ 2228.987400][T22875] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 2228.995421][T22875] R13: 000000000000006e R14: 00007f9cc3904110 R15: 00007ffe19b3da08 [ 2229.003435][T22875] [ 2229.361157][ T12] bridge_slave_1: left allmulticast mode [ 2229.383822][ T12] bridge_slave_1: left promiscuous mode [ 2229.417383][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 2229.478458][ T12] bridge_slave_0: left allmulticast mode [ 2229.487170][ T12] bridge_slave_0: left promiscuous mode [ 2229.508561][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 2229.677158][T21457] Bluetooth: hci3: command tx timeout [ 2231.056167][T22883] 9pnet_fd: Insufficient options for proto=fd [ 2231.169919][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2231.280439][T22894] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2231.344930][ T29] kauditd_printk_skb: 48 callbacks suppressed [ 2231.344951][ T29] audit: type=1326 audit(1720212230.501:3063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22884 comm="syz.4.3528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2231.467695][ T29] audit: type=1326 audit(1720212230.511:3064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22884 comm="syz.4.3528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2231.640677][ T29] audit: type=1326 audit(1720212230.571:3065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22884 comm="syz.4.3528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2231.720386][ T29] audit: type=1326 audit(1720212230.571:3066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22884 comm="syz.4.3528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2231.752086][T21457] Bluetooth: hci3: command tx timeout [ 2231.811725][ T29] audit: type=1326 audit(1720212230.571:3067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22884 comm="syz.4.3528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2231.918401][ T29] audit: type=1326 audit(1720212230.571:3068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22884 comm="syz.4.3528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2231.959331][ T29] audit: type=1326 audit(1720212230.571:3069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22884 comm="syz.4.3528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2232.067617][ T29] audit: type=1326 audit(1720212230.571:3070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22884 comm="syz.4.3528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2232.123214][ T29] audit: type=1326 audit(1720212230.571:3071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22884 comm="syz.4.3528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2232.265196][ T29] audit: type=1326 audit(1720212230.591:3072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22884 comm="syz.4.3528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce7f75bd9 code=0x7ffc0000 [ 2232.371843][T22910] FAULT_INJECTION: forcing a failure. [ 2232.371843][T22910] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2232.392721][T22910] CPU: 1 PID: 22910 Comm: syz.2.3533 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2232.402955][T22910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2232.413059][T22910] Call Trace: [ 2232.416377][T22910] [ 2232.419342][T22910] dump_stack_lvl+0x16c/0x1f0 [ 2232.424078][T22910] should_fail_ex+0x497/0x5b0 [ 2232.428778][T22910] _copy_from_user+0x30/0xf0 [ 2232.433385][T22910] move_addr_to_kernel+0x68/0x160 [ 2232.438428][T22910] __sys_sendto+0x169/0x4e0 [ 2232.442960][T22910] ? __pfx___sys_sendto+0x10/0x10 [ 2232.448041][T22910] ? ksys_write+0x1ab/0x260 [ 2232.452586][T22910] ? __pfx_ksys_write+0x10/0x10 [ 2232.457476][T22910] __x64_sys_sendto+0xe0/0x1c0 [ 2232.462277][T22910] ? do_syscall_64+0x91/0x250 [ 2232.466990][T22910] ? lockdep_hardirqs_on+0x7c/0x110 [ 2232.472220][T22910] do_syscall_64+0xcd/0x250 [ 2232.476765][T22910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2232.482706][T22910] RIP: 0033:0x7f9cc3775bd9 [ 2232.487150][T22910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2232.506805][T22910] RSP: 002b:00007f9cc44dc048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 2232.515269][T22910] RAX: ffffffffffffffda RBX: 00007f9cc3903f60 RCX: 00007f9cc3775bd9 [ 2232.523263][T22910] RDX: 0000000000000001 RSI: 0000000020000300 RDI: 0000000000000003 [ 2232.531260][T22910] RBP: 00007f9cc44dc0a0 R08: 0000000020000380 R09: 0000000000000010 [ 2232.539257][T22910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2232.547253][T22910] R13: 000000000000000b R14: 00007f9cc3903f60 R15: 00007ffe19b3da08 [ 2232.555339][T22910] [ 2232.558492][ C1] vkms_vblank_simulate: vblank timer overrun [ 2233.469903][T22920] vivid-000: kernel_thread() failed [ 2233.810636][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2233.827130][T21457] Bluetooth: hci3: command tx timeout [ 2233.833825][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2233.846357][ T12] bond0 (unregistering): Released all slaves [ 2233.868932][ T12] bond1 (unregistering): Released all slaves [ 2235.564139][T21457] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 2235.607455][T21457] Bluetooth: hci0: unexpected event 0x2f length: 763 > 260 [ 2235.920753][T21457] Bluetooth: hci3: command tx timeout [ 2236.179450][T22852] chnl_net:caif_netlink_parms(): no params data found [ 2237.578014][T22942] sysfs: cannot create duplicate filename '/class/ieee80211/C|+È‚!‡3§rU&6 bÎOo¸ ' 1©|y' [ 2237.596871][T22942] CPU: 0 PID: 22942 Comm: syz.1.3539 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2237.607102][T22942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2237.617376][T22942] Call Trace: [ 2237.620686][T22942] [ 2237.623635][T22942] dump_stack_lvl+0x16c/0x1f0 [ 2237.628341][T22942] sysfs_warn_dup+0x7f/0xa0 [ 2237.632877][T22942] sysfs_do_create_link_sd+0x124/0x140 [ 2237.638375][T22942] sysfs_create_link+0x61/0xc0 [ 2237.643280][T22942] device_add+0x62e/0x1a70 [ 2237.647735][T22942] ? __pfx_device_add+0x10/0x10 [ 2237.652619][T22942] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2237.658546][T22942] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 2237.664554][T22942] wiphy_register+0x2101/0x2d00 [ 2237.669427][T22942] ? __pfx_wiphy_register+0x10/0x10 [ 2237.674646][T22942] ieee80211_register_hw+0x2683/0x43b0 [ 2237.680152][T22942] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 2237.686116][T22942] ? lockdep_init_map_type+0x16d/0x7d0 [ 2237.691607][T22942] ? __asan_memset+0x23/0x50 [ 2237.696216][T22942] ? __hrtimer_init+0x106/0x2c0 [ 2237.701084][T22942] mac80211_hwsim_new_radio+0x22f6/0x4e50 [ 2237.706855][T22942] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 2237.713010][T22942] ? hwsim_new_radio_nl+0x9b6/0x1240 [ 2237.718408][T22942] ? __asan_memcpy+0x3c/0x60 [ 2237.723035][T22942] hwsim_new_radio_nl+0xaf9/0x1240 [ 2237.728173][T22942] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2237.733745][T22942] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 2237.741145][T22942] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 2237.748548][T22942] genl_family_rcv_msg_doit+0x202/0x2f0 [ 2237.754121][T22942] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 2237.760237][T22942] ? ns_capable+0xd7/0x110 [ 2237.764686][T22942] genl_rcv_msg+0x565/0x800 [ 2237.769259][T22942] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2237.774338][T22942] ? __pfx___lock_acquire+0x10/0x10 [ 2237.779577][T22942] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2237.785162][T22942] netlink_rcv_skb+0x16b/0x440 [ 2237.789960][T22942] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2237.795018][T22942] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2237.800336][T22942] ? down_read+0xc9/0x330 [ 2237.804692][T22942] ? __pfx_down_read+0x10/0x10 [ 2237.809505][T22942] ? netlink_deliver_tap+0x1ae/0xd90 [ 2237.814868][T22942] genl_rcv+0x28/0x40 [ 2237.818881][T22942] netlink_unicast+0x542/0x820 [ 2237.823672][T22942] ? __pfx_netlink_unicast+0x10/0x10 [ 2237.829002][T22942] netlink_sendmsg+0x8b8/0xd70 [ 2237.833791][T22942] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2237.839102][T22942] ? __import_iovec+0x1fd/0x6e0 [ 2237.843988][T22942] ____sys_sendmsg+0xab5/0xc90 [ 2237.848768][T22942] ? copy_msghdr_from_user+0x10b/0x160 [ 2237.854251][T22942] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2237.859553][T22942] ? __pfx___futex_wait+0x10/0x10 [ 2237.864613][T22942] ? __pfx___lock_acquire+0x10/0x10 [ 2237.869841][T22942] ? try_to_wake_up+0xc08/0x13e0 [ 2237.874819][T22942] ___sys_sendmsg+0x135/0x1e0 [ 2237.879522][T22942] ? __pfx____sys_sendmsg+0x10/0x10 [ 2237.884762][T22942] ? __fget_light+0x173/0x210 [ 2237.889485][T22942] __sys_sendmsg+0x117/0x1f0 [ 2237.894104][T22942] ? __pfx___sys_sendmsg+0x10/0x10 [ 2237.899240][T22942] ? __x64_sys_futex+0x1e1/0x4c0 [ 2237.904222][T22942] do_syscall_64+0xcd/0x250 [ 2237.908777][T22942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2237.914744][T22942] RIP: 0033:0x7f8fd7175bd9 [ 2237.919198][T22942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2237.939041][T22942] RSP: 002b:00007f8fd8006048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2237.947604][T22942] RAX: ffffffffffffffda RBX: 00007f8fd7304038 RCX: 00007f8fd7175bd9 [ 2237.955619][T22942] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 2237.963609][T22942] RBP: 00007f8fd71e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 2237.971605][T22942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2237.979590][T22942] R13: 000000000000006e R14: 00007f8fd7304038 R15: 00007fff82b38ee8 [ 2237.987585][T22942] [ 2238.132334][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2238.159764][T22951] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2238.538016][ T12] hsr_slave_0: left promiscuous mode [ 2238.579597][ T12] hsr_slave_1: left promiscuous mode [ 2238.714603][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2238.722384][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2239.131634][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2239.201570][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2239.427174][T21457] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 2239.437845][T21457] Bluetooth: hci4: Injecting HCI hardware error event [ 2239.451424][T11314] Bluetooth: hci4: hardware error 0x00 [ 2239.511752][ T12] veth1_macvtap: left promiscuous mode [ 2239.540416][ T12] veth0_macvtap: left promiscuous mode [ 2239.546153][ T12] veth1_vlan: left promiscuous mode [ 2239.578929][ T12] veth0_vlan: left promiscuous mode [ 2240.280836][ T29] kauditd_printk_skb: 17 callbacks suppressed [ 2240.280861][ T29] audit: type=1326 audit(1720212239.471:3090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22969 comm="syz.1.3546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2240.360771][ T29] audit: type=1326 audit(1720212239.521:3091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22969 comm="syz.1.3546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2240.415499][ T29] audit: type=1326 audit(1720212239.521:3092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22969 comm="syz.1.3546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2240.445990][ T29] audit: type=1326 audit(1720212239.521:3093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22969 comm="syz.1.3546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2240.520101][ T29] audit: type=1326 audit(1720212239.531:3094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22969 comm="syz.1.3546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2240.551852][ T29] audit: type=1326 audit(1720212239.531:3095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22969 comm="syz.1.3546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2240.577174][ T29] audit: type=1326 audit(1720212239.531:3096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22969 comm="syz.1.3546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2240.629594][ T29] audit: type=1326 audit(1720212239.531:3097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22969 comm="syz.1.3546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2240.670528][ T29] audit: type=1326 audit(1720212239.531:3098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22969 comm="syz.1.3546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2240.766559][ T29] audit: type=1326 audit(1720212239.531:3099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22969 comm="syz.1.3546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2241.516596][T11314] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 2241.586150][T22978] FAULT_INJECTION: forcing a failure. [ 2241.586150][T22978] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2241.611174][T22978] CPU: 1 PID: 22978 Comm: syz.4.3548 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2241.621418][T22978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2241.631516][T22978] Call Trace: [ 2241.634862][T22978] [ 2241.637820][T22978] dump_stack_lvl+0x16c/0x1f0 [ 2241.642544][T22978] should_fail_ex+0x497/0x5b0 [ 2241.647272][T22978] _copy_from_user+0x30/0xf0 [ 2241.651880][T22978] copy_msghdr_from_user+0x99/0x160 [ 2241.657101][T22978] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 2241.662929][T22978] ? find_held_lock+0x2d/0x110 [ 2241.667726][T22978] ? __pfx___lock_acquire+0x10/0x10 [ 2241.672985][T22978] ___sys_sendmsg+0xff/0x1e0 [ 2241.677647][T22978] ? __pfx____sys_sendmsg+0x10/0x10 [ 2241.682869][T22978] ? ksys_write+0x21c/0x260 [ 2241.687399][T22978] ? __fget_light+0x173/0x210 [ 2241.692096][T22978] __sys_sendmsg+0x117/0x1f0 [ 2241.696723][T22978] ? __pfx___sys_sendmsg+0x10/0x10 [ 2241.701881][T22978] do_syscall_64+0xcd/0x250 [ 2241.706436][T22978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2241.712379][T22978] RIP: 0033:0x7efce7f75bd9 [ 2241.716834][T22978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2241.736495][T22978] RSP: 002b:00007efce8d98048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2241.744928][T22978] RAX: ffffffffffffffda RBX: 00007efce8103f60 RCX: 00007efce7f75bd9 [ 2241.752927][T22978] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 2241.760913][T22978] RBP: 00007efce8d980a0 R08: 0000000000000000 R09: 0000000000000000 [ 2241.769071][T22978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2241.777052][T22978] R13: 000000000000000b R14: 00007efce8103f60 R15: 00007fff7fe8a218 [ 2241.785057][T22978] [ 2241.895227][ T12] team0 (unregistering): Port device team_slave_1 removed [ 2242.053123][ T12] team0 (unregistering): Port device team_slave_0 removed [ 2242.915356][T22953] sysfs: cannot create duplicate filename '/class/ieee80211/C|+È‚!‡3§rU&6 bÎOo¸ ' 1©|y' [ 2242.926603][T22953] CPU: 0 PID: 22953 Comm: syz.2.3542 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2242.936811][T22953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2242.946901][T22953] Call Trace: [ 2242.950189][T22953] [ 2242.953131][T22953] dump_stack_lvl+0x16c/0x1f0 [ 2242.957835][T22953] sysfs_warn_dup+0x7f/0xa0 [ 2242.962372][T22953] sysfs_do_create_link_sd+0x124/0x140 [ 2242.967865][T22953] sysfs_create_link+0x61/0xc0 [ 2242.972686][T22953] device_add+0x62e/0x1a70 [ 2242.977170][T22953] ? __pfx_device_add+0x10/0x10 [ 2242.982116][T22953] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2242.988083][T22953] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 2242.994132][T22953] wiphy_register+0x2101/0x2d00 [ 2242.999026][T22953] ? __pfx_wiphy_register+0x10/0x10 [ 2243.004262][T22953] ieee80211_register_hw+0x2683/0x43b0 [ 2243.009773][T22953] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 2243.015607][T22953] ? lockdep_init_map_type+0x16d/0x7d0 [ 2243.021104][T22953] ? __asan_memset+0x23/0x50 [ 2243.025717][T22953] ? __hrtimer_init+0x106/0x2c0 [ 2243.030606][T22953] mac80211_hwsim_new_radio+0x22f6/0x4e50 [ 2243.036407][T22953] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 2243.042539][T22953] ? hwsim_new_radio_nl+0x9b6/0x1240 [ 2243.047858][T22953] ? __asan_memcpy+0x3c/0x60 [ 2243.052489][T22953] hwsim_new_radio_nl+0xaf9/0x1240 [ 2243.057636][T22953] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2243.063300][T22953] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 2243.070721][T22953] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 2243.078144][T22953] genl_family_rcv_msg_doit+0x202/0x2f0 [ 2243.083769][T22953] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 2243.089887][T22953] ? ns_capable+0xd7/0x110 [ 2243.094321][T22953] genl_rcv_msg+0x565/0x800 [ 2243.098859][T22953] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2243.103926][T22953] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 2243.109500][T22953] ? netlink_rcv_skb+0xcb/0x440 [ 2243.114373][T22953] netlink_rcv_skb+0x16b/0x440 [ 2243.119182][T22953] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2243.124250][T22953] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2243.129584][T22953] ? down_read+0xc9/0x330 [ 2243.133982][T22953] ? __pfx_down_read+0x10/0x10 [ 2243.138827][T22953] ? netlink_deliver_tap+0x1ae/0xd90 [ 2243.144173][T22953] genl_rcv+0x28/0x40 [ 2243.148223][T22953] netlink_unicast+0x542/0x820 [ 2243.153039][T22953] ? __pfx_netlink_unicast+0x10/0x10 [ 2243.158351][T22953] netlink_sendmsg+0x8b8/0xd70 [ 2243.163161][T22953] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2243.168496][T22953] ____sys_sendmsg+0xab5/0xc90 [ 2243.173277][T22953] ? copy_msghdr_from_user+0x10b/0x160 [ 2243.178775][T22953] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2243.184123][T22953] ? __pfx___futex_wait+0x10/0x10 [ 2243.189168][T22953] ? __pfx___lock_acquire+0x10/0x10 [ 2243.194403][T22953] ? try_to_wake_up+0xc08/0x13e0 [ 2243.199373][T22953] ___sys_sendmsg+0x135/0x1e0 [ 2243.204098][T22953] ? __pfx____sys_sendmsg+0x10/0x10 [ 2243.209347][T22953] ? __fget_light+0x173/0x210 [ 2243.214061][T22953] __sys_sendmsg+0x117/0x1f0 [ 2243.218681][T22953] ? __pfx___sys_sendmsg+0x10/0x10 [ 2243.223817][T22953] ? __x64_sys_futex+0x1e1/0x4c0 [ 2243.228804][T22953] do_syscall_64+0xcd/0x250 [ 2243.233362][T22953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2243.239317][T22953] RIP: 0033:0x7f9cc3775bd9 [ 2243.243785][T22953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2243.263428][T22953] RSP: 002b:00007f9cc44bb048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2243.271858][T22953] RAX: ffffffffffffffda RBX: 00007f9cc3904038 RCX: 00007f9cc3775bd9 [ 2243.279867][T22953] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 2243.287889][T22953] RBP: 00007f9cc37e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 2243.295896][T22953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2243.303898][T22953] R13: 000000000000006e R14: 00007f9cc3904038 R15: 00007ffe19b3da08 [ 2243.311915][T22953] [ 2243.707469][T22852] bridge0: port 1(bridge_slave_0) entered blocking state [ 2243.733355][T22852] bridge0: port 1(bridge_slave_0) entered disabled state [ 2243.797162][T22852] bridge_slave_0: entered allmulticast mode [ 2243.898786][T22852] bridge_slave_0: entered promiscuous mode [ 2243.972558][T22852] bridge0: port 2(bridge_slave_1) entered blocking state [ 2243.992525][T22852] bridge0: port 2(bridge_slave_1) entered disabled state [ 2244.000607][ T1165] hid-generic 0000:0000:0000.0006: item fetching failed at offset 0/2 [ 2244.014209][T22852] bridge_slave_1: entered allmulticast mode [ 2244.028250][ T1165] hid-generic 0000:0000:0000.0006: probe with driver hid-generic failed with error -22 [ 2244.046364][T22852] bridge_slave_1: entered promiscuous mode [ 2244.193570][T22993] 9pnet_fd: Insufficient options for proto=fd [ 2244.207433][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2244.222168][T23001] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3552'. [ 2244.246417][T23001] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3552'. [ 2244.263581][T22852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2244.275703][T22999] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2244.308843][T22852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2244.600376][T22852] team0: Port device team_slave_0 added [ 2244.645739][T22852] team0: Port device team_slave_1 added [ 2244.831393][T22852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2244.899854][T22852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2244.929008][T22852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2244.970536][T22852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2245.000338][T22852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2245.028997][T22852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2245.304175][T22852] hsr_slave_0: entered promiscuous mode [ 2245.330217][T22852] hsr_slave_1: entered promiscuous mode [ 2245.357389][T22852] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2245.373176][T22852] Cannot create hsr debugfs directory [ 2246.169128][ T29] kauditd_printk_skb: 25 callbacks suppressed [ 2246.169152][ T29] audit: type=1326 audit(1720212245.361:3125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23024 comm="syz.1.3559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2246.247446][ T29] audit: type=1326 audit(1720212245.391:3126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23024 comm="syz.1.3559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2246.270947][ C1] vkms_vblank_simulate: vblank timer overrun [ 2247.948778][T22852] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2248.005448][T22852] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2248.132245][T22852] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2248.170647][T23051] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3566'. [ 2248.228785][T22852] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2248.246197][T23051] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3566'. [ 2248.410808][T23053] netlink: 'syz.0.3567': attribute type 4 has an invalid length. [ 2248.493272][T23056] netlink: 'syz.0.3567': attribute type 4 has an invalid length. [ 2249.152159][T22852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2249.224415][ T29] audit: type=1400 audit(1720212248.411:3127): avc: denied { ioctl } for pid=23065 comm="syz.0.3571" path="socket:[117026]" dev="sockfs" ino=117026 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 2249.249434][ C1] vkms_vblank_simulate: vblank timer overrun [ 2249.310569][T22852] 8021q: adding VLAN 0 to HW filter on device team0 [ 2249.430715][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state [ 2249.438046][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2249.542179][ T1165] bridge0: port 2(bridge_slave_1) entered blocking state [ 2249.549543][ T1165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2249.819679][T23075] SELinux: Context is not valid (left unmapped). [ 2250.118766][ T29] audit: type=1400 audit(1720212249.311:3128): avc: denied { relabelto } for pid=23074 comm="syz.0.3574" name="file0" dev="overlay" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="" [ 2251.266970][ T29] audit: type=1400 audit(1720212250.431:3129): avc: denied { associate } for pid=23074 comm="syz.0.3574" name="#196" dev="tmpfs" ino=196 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="" [ 2251.569597][T23098] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 2251.767353][ T29] audit: type=1326 audit(1720212250.921:3130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23086 comm="syz.1.3577" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x0 [ 2252.690032][ T29] audit: type=1400 audit(1720212251.861:3131): avc: denied { unlink } for pid=22209 comm="syz-executor" name="file0" dev="tmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="" [ 2252.696380][T23100] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3579'. [ 2252.785678][T23100] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3579'. [ 2252.820272][T23106] netlink: 'syz.1.3580': attribute type 4 has an invalid length. [ 2253.231567][T23107] netlink: 'syz.1.3580': attribute type 4 has an invalid length. [ 2254.347316][T22852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2254.574585][T22852] veth0_vlan: entered promiscuous mode [ 2254.715437][T22852] veth1_vlan: entered promiscuous mode [ 2254.867828][T22852] veth0_macvtap: entered promiscuous mode [ 2254.901271][T22852] veth1_macvtap: entered promiscuous mode [ 2255.044306][T22852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2255.095581][T22852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2255.172686][T22852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2255.241585][T22852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2255.274068][T23131] XFS (nullb0): Invalid superblock magic number [ 2255.282749][T22852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2255.362424][T22852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2255.387485][T22852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2255.405174][T22852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2255.416896][T22852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2255.432960][T22852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2255.480010][T22852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2255.592762][T22852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2255.624293][T22852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2255.670060][T22852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2255.736919][T22852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2255.776880][T22852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2255.811498][T22852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2256.057232][T22852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2256.296899][T22852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2256.418266][T22852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2256.617411][T22852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2256.931223][T22852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2256.945852][T22852] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2257.006146][T22852] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2257.044643][T22852] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2257.073408][T22852] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2257.174054][T23150] ALSA: mixer_oss: invalid OSS volume 'u' [ 2257.247357][T23153] netlink: 'syz.0.3591': attribute type 4 has an invalid length. [ 2257.308525][T23151] netlink: 'syz.0.3591': attribute type 4 has an invalid length. [ 2257.485015][T23155] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3592'. [ 2257.677495][T23159] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3592'. [ 2257.709974][T20638] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2257.730138][T20638] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2257.916453][T20638] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2257.948311][T20638] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2258.328162][T23171] FAULT_INJECTION: forcing a failure. [ 2258.328162][T23171] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2258.369895][T23171] CPU: 0 PID: 23171 Comm: syz.3.3518 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2258.380137][T23171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2258.390584][T23171] Call Trace: [ 2258.393899][T23171] [ 2258.396858][T23171] dump_stack_lvl+0x16c/0x1f0 [ 2258.401590][T23171] should_fail_ex+0x497/0x5b0 [ 2258.406323][T23171] _copy_to_user+0x30/0xc0 [ 2258.410783][T23171] simple_read_from_buffer+0xd0/0x160 [ 2258.416211][T23171] proc_fail_nth_read+0x1b0/0x290 [ 2258.421287][T23171] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2258.426882][T23171] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2258.432468][T23171] vfs_read+0x1d4/0xbd0 [ 2258.436679][T23171] ? __fdget_pos+0xeb/0x180 [ 2258.441248][T23171] ? __pfx_vfs_read+0x10/0x10 [ 2258.445958][T23171] ? __pfx___mutex_lock+0x10/0x10 [ 2258.451016][T23171] ? __fget_files+0x256/0x400 [ 2258.455729][T23171] ksys_read+0x12f/0x260 [ 2258.460009][T23171] ? __pfx_ksys_read+0x10/0x10 [ 2258.464815][T23171] do_syscall_64+0xcd/0x250 [ 2258.469359][T23171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2258.475409][T23171] RIP: 0033:0x7fd463d746bc [ 2258.479852][T23171] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 2258.499578][T23171] RSP: 002b:00007fd464b39040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2258.508025][T23171] RAX: ffffffffffffffda RBX: 00007fd463f03f60 RCX: 00007fd463d746bc [ 2258.516019][T23171] RDX: 000000000000000f RSI: 00007fd464b390b0 RDI: 0000000000000004 [ 2258.524031][T23171] RBP: 00007fd464b390a0 R08: 0000000000000000 R09: 0000000000000000 [ 2258.532038][T23171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2258.540038][T23171] R13: 000000000000000b R14: 00007fd463f03f60 R15: 00007ffe52870598 [ 2258.548042][T23171] [ 2260.349003][T23183] netlink: 'syz.0.3599': attribute type 4 has an invalid length. [ 2260.487169][T23187] netlink: 'syz.0.3599': attribute type 4 has an invalid length. [ 2260.619774][T23191] FAULT_INJECTION: forcing a failure. [ 2260.619774][T23191] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2260.639704][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2260.926944][T23191] CPU: 0 PID: 23191 Comm: syz.1.3602 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2260.937180][T23191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2260.947279][T23191] Call Trace: [ 2260.950628][T23191] [ 2260.953597][T23191] dump_stack_lvl+0x16c/0x1f0 [ 2260.958336][T23191] should_fail_ex+0x497/0x5b0 [ 2260.963071][T23191] _copy_from_user+0x30/0xf0 [ 2260.967718][T23191] copy_msghdr_from_user+0x99/0x160 [ 2260.972985][T23191] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 2260.978875][T23191] ? find_held_lock+0x2d/0x110 [ 2260.983674][T23191] ? __pfx___lock_acquire+0x10/0x10 [ 2260.988916][T23191] ___sys_sendmsg+0xff/0x1e0 [ 2260.993553][T23191] ? __pfx____sys_sendmsg+0x10/0x10 [ 2260.998795][T23191] ? ksys_write+0x21c/0x260 [ 2261.003343][T23191] ? __fget_light+0x173/0x210 [ 2261.008057][T23191] __sys_sendmsg+0x117/0x1f0 [ 2261.012684][T23191] ? __pfx___sys_sendmsg+0x10/0x10 [ 2261.017843][T23191] do_syscall_64+0xcd/0x250 [ 2261.022384][T23191] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2261.028321][T23191] RIP: 0033:0x7f8fd7175bd9 [ 2261.032757][T23191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2261.052402][T23191] RSP: 002b:00007f8fd8027048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2261.060851][T23191] RAX: ffffffffffffffda RBX: 00007f8fd7303f60 RCX: 00007f8fd7175bd9 [ 2261.068879][T23191] RDX: 0000000000000000 RSI: 0000000020001300 RDI: 0000000000000003 [ 2261.076878][T23191] RBP: 00007f8fd80270a0 R08: 0000000000000000 R09: 0000000000000000 [ 2261.084871][T23191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2261.092863][T23191] R13: 000000000000000b R14: 00007f8fd7303f60 R15: 00007fff82b38ee8 [ 2261.100861][T23191] [ 2261.128500][T23181] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2261.413974][T23200] netlink: 'syz.1.3604': attribute type 4 has an invalid length. [ 2261.537411][T23201] netlink: 'syz.1.3604': attribute type 4 has an invalid length. [ 2262.023336][T23213] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3607'. [ 2262.105974][T23213] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3607'. [ 2263.026138][T23226] xt_NFQUEUE: number of total queues is 0 [ 2265.413422][T23251] netlink: 'syz.3.3617': attribute type 4 has an invalid length. [ 2265.536442][T23252] netlink: 'syz.3.3617': attribute type 4 has an invalid length. [ 2266.115621][T23259] netlink: 'syz.4.3619': attribute type 4 has an invalid length. [ 2266.311239][T23262] netlink: 'syz.4.3619': attribute type 4 has an invalid length. [ 2268.340383][T23286] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3624'. [ 2268.405642][T23284] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3624'. [ 2268.520890][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2268.789777][T23285] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2268.893203][T23291] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 2268.913852][T23291] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 2271.186803][ T29] audit: type=1400 audit(1720212270.361:3132): avc: denied { watch } for pid=23317 comm="syz.2.3634" path="/142/net_prio.prioidx" dev="tmpfs" ino=784 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 2271.321278][ T29] audit: type=1400 audit(1720212270.371:3133): avc: denied { watch_sb } for pid=23317 comm="syz.2.3634" path="/142/net_prio.prioidx" dev="tmpfs" ino=784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 2271.810458][T23323] netlink: 'syz.2.3635': attribute type 4 has an invalid length. [ 2271.915204][T23324] netlink: 'syz.2.3635': attribute type 4 has an invalid length. [ 2274.165831][T23339] FAULT_INJECTION: forcing a failure. [ 2274.165831][T23339] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2274.231339][T23339] CPU: 1 PID: 23339 Comm: syz.0.3640 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2274.241545][T23339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2274.251629][T23339] Call Trace: [ 2274.254917][T23339] [ 2274.257862][T23339] dump_stack_lvl+0x16c/0x1f0 [ 2274.262571][T23339] should_fail_ex+0x497/0x5b0 [ 2274.267294][T23339] _copy_from_user+0x30/0xf0 [ 2274.271903][T23339] __sys_bpf+0x21c/0x49a0 [ 2274.276242][T23339] ? ksys_write+0x21c/0x260 [ 2274.280781][T23339] ? reacquire_held_locks+0x4c0/0x4c0 [ 2274.286184][T23339] ? __pfx___sys_bpf+0x10/0x10 [ 2274.290962][T23339] ? vfs_write+0x14d/0x1140 [ 2274.295506][T23339] ? __mutex_unlock_slowpath+0x164/0x650 [ 2274.301163][T23339] ? fput+0x32/0x390 [ 2274.305163][T23339] ? ksys_write+0x1ab/0x260 [ 2274.309686][T23339] ? __pfx_ksys_write+0x10/0x10 [ 2274.314594][T23339] __x64_sys_bpf+0x78/0xc0 [ 2274.319113][T23339] ? lockdep_hardirqs_on+0x7c/0x110 [ 2274.324338][T23339] do_syscall_64+0xcd/0x250 [ 2274.328901][T23339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2274.334934][T23339] RIP: 0033:0x7f7740775bd9 [ 2274.339379][T23339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2274.359040][T23339] RSP: 002b:00007f77414ca048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 2274.367492][T23339] RAX: ffffffffffffffda RBX: 00007f7740903f60 RCX: 00007f7740775bd9 [ 2274.375614][T23339] RDX: 0000000000000080 RSI: 00000000200001c0 RDI: 0000000000000005 [ 2274.383606][T23339] RBP: 00007f77414ca0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2274.391788][T23339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2274.399862][T23339] R13: 000000000000000b R14: 00007f7740903f60 R15: 00007ffc0dbba918 [ 2274.408257][T23339] [ 2276.238378][T23359] FAULT_INJECTION: forcing a failure. [ 2276.238378][T23359] name failslab, interval 1, probability 0, space 0, times 0 [ 2276.276985][T23359] CPU: 1 PID: 23359 Comm: syz.2.3645 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2276.287225][T23359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2276.297360][T23359] Call Trace: [ 2276.300683][T23359] [ 2276.303737][T23359] dump_stack_lvl+0x16c/0x1f0 [ 2276.308481][T23359] should_fail_ex+0x497/0x5b0 [ 2276.313252][T23359] should_failslab+0x9/0x20 [ 2276.317831][T23359] __kmalloc_noprof+0xcf/0x410 [ 2276.322669][T23359] ? __pfx_lock_acquire+0x10/0x10 [ 2276.327770][T23359] tomoyo_realpath_from_path+0xb9/0x720 [ 2276.329645][T23353] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 2276.333353][T23359] ? tomoyo_profile+0x47/0x60 [ 2276.346524][T23359] tomoyo_path_number_perm+0x245/0x590 [ 2276.352018][T23359] ? tomoyo_path_number_perm+0x232/0x590 [ 2276.357682][T23359] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 2276.363705][T23359] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 2276.369714][T23359] ? __fget_files+0x256/0x400 [ 2276.374427][T23359] security_file_ioctl+0x75/0xc0 [ 2276.379487][T23359] __x64_sys_ioctl+0xbb/0x220 [ 2276.384198][T23359] do_syscall_64+0xcd/0x250 [ 2276.388748][T23359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2276.394684][T23359] RIP: 0033:0x7f9cc3775bd9 [ 2276.399127][T23359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2276.418763][T23359] RSP: 002b:00007f9cc44dc048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2276.427252][T23359] RAX: ffffffffffffffda RBX: 00007f9cc3903f60 RCX: 00007f9cc3775bd9 [ 2276.435339][T23359] RDX: 00000000200010c0 RSI: 0000000080045503 RDI: 0000000000000003 [ 2276.443414][T23359] RBP: 00007f9cc44dc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2276.451401][T23359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2276.459480][T23359] R13: 000000000000000b R14: 00007f9cc3903f60 R15: 00007ffe19b3da08 [ 2276.467473][T23359] [ 2276.475945][T23353] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 2276.866925][T23359] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2278.581381][T23377] FAULT_INJECTION: forcing a failure. [ 2278.581381][T23377] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2278.681722][T23377] CPU: 0 PID: 23377 Comm: syz.4.3650 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2278.692142][T23377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2278.702261][T23377] Call Trace: [ 2278.705581][T23377] [ 2278.708549][T23377] dump_stack_lvl+0x16c/0x1f0 [ 2278.713285][T23377] should_fail_ex+0x497/0x5b0 [ 2278.718029][T23377] _copy_from_user+0x30/0xf0 [ 2278.722675][T23377] copy_msghdr_from_user+0x99/0x160 [ 2278.727944][T23377] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 2278.733820][T23377] ? find_held_lock+0x2d/0x110 [ 2278.738646][T23377] ? __pfx___lock_acquire+0x10/0x10 [ 2278.743918][T23377] ___sys_sendmsg+0xff/0x1e0 [ 2278.748575][T23377] ? __pfx____sys_sendmsg+0x10/0x10 [ 2278.753843][T23377] ? ksys_write+0x21c/0x260 [ 2278.758508][T23377] ? __fget_light+0x173/0x210 [ 2278.763338][T23377] __sys_sendmsg+0x117/0x1f0 [ 2278.767994][T23377] ? __pfx___sys_sendmsg+0x10/0x10 [ 2278.773182][T23377] do_syscall_64+0xcd/0x250 [ 2278.777761][T23377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2278.783730][T23377] RIP: 0033:0x7efce7f75bd9 [ 2278.788190][T23377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2278.807866][T23377] RSP: 002b:00007efce8d98048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2278.816336][T23377] RAX: ffffffffffffffda RBX: 00007efce8103f60 RCX: 00007efce7f75bd9 [ 2278.824358][T23377] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 2278.832378][T23377] RBP: 00007efce8d980a0 R08: 0000000000000000 R09: 0000000000000000 [ 2278.840400][T23377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2278.848417][T23377] R13: 000000000000000b R14: 00007efce8103f60 R15: 00007fff7fe8a218 [ 2278.856621][T23377] [ 2280.239455][T23401] overlayfs: failed to resolve './file0': -2 [ 2280.484151][T21457] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 2280.497502][T21457] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 2280.512871][T21457] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 2280.524576][T21457] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 2280.533650][T21457] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 2280.541790][T21457] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 2281.118835][T11314] Bluetooth: hci5: ACL packet for unknown connection handle 200 [ 2281.302547][T23413] netdevsim netdevsim4: Direct firmware load for ng failed with error -2 [ 2281.316502][T23413] netdevsim netdevsim4: Falling back to sysfs fallback for: ng [ 2282.451482][T23402] chnl_net:caif_netlink_parms(): no params data found [ 2282.627414][T11314] Bluetooth: hci6: command tx timeout [ 2282.792712][ T29] audit: type=1400 audit(1720212281.951:3134): avc: denied { mount } for pid=23428 comm="syz.0.3666" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 2282.842660][T23429] CUSE: DEVNAME unspecified [ 2282.993051][ T29] audit: type=1400 audit(1720212282.181:3135): avc: denied { unmount } for pid=22209 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 2283.027032][T11314] Bluetooth: hci5: command 0x0406 tx timeout [ 2283.230913][ T29] audit: type=1326 audit(1720212282.411:3136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23432 comm="syz.1.3667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2283.817570][ T29] audit: type=1326 audit(1720212282.421:3137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23432 comm="syz.1.3667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2283.843756][ T29] audit: type=1326 audit(1720212282.421:3138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23432 comm="syz.1.3667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2283.904582][ T29] audit: type=1326 audit(1720212282.421:3139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23432 comm="syz.1.3667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2283.941676][ T29] audit: type=1326 audit(1720212282.421:3140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23432 comm="syz.1.3667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2283.977172][ T29] audit: type=1326 audit(1720212282.421:3141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23432 comm="syz.1.3667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2284.123912][T23402] bridge0: port 1(bridge_slave_0) entered blocking state [ 2284.157492][T23402] bridge0: port 1(bridge_slave_0) entered disabled state [ 2284.164780][ T29] audit: type=1326 audit(1720212282.421:3142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23432 comm="syz.1.3667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2284.243125][T23402] bridge_slave_0: entered allmulticast mode [ 2284.273324][ T29] audit: type=1326 audit(1720212282.421:3143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23432 comm="syz.1.3667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fd7175bd9 code=0x7ffc0000 [ 2284.292353][T23402] bridge_slave_0: entered promiscuous mode [ 2284.370767][T23402] bridge0: port 2(bridge_slave_1) entered blocking state [ 2284.421689][T23402] bridge0: port 2(bridge_slave_1) entered disabled state [ 2284.467773][T23402] bridge_slave_1: entered allmulticast mode [ 2284.520916][T23402] bridge_slave_1: entered promiscuous mode [ 2284.712140][T11314] Bluetooth: hci6: command tx timeout [ 2284.916736][T23402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2284.948929][T23458] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 2284.958700][T23458] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 2284.995144][T23402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2284.997784][T23453] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 2285.605810][T23402] team0: Port device team_slave_0 added [ 2285.656566][T23402] team0: Port device team_slave_1 added [ 2285.909045][T23402] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2285.970702][T23402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2286.155419][T23402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2286.324602][T23402] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2286.385560][T23402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2286.571579][T23402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2286.797293][T11314] Bluetooth: hci6: command tx timeout [ 2287.694906][T23402] hsr_slave_0: entered promiscuous mode [ 2287.739121][T23402] hsr_slave_1: entered promiscuous mode [ 2287.774475][T23402] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2287.784006][T23402] Cannot create hsr debugfs directory [ 2288.325063][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 2288.325097][ T29] audit: type=1400 audit(1720212287.511:3164): avc: denied { bind } for pid=23482 comm="syz.4.3679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 2288.519235][ T9893] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2288.867155][T11314] Bluetooth: hci6: command tx timeout [ 2288.971699][ T9893] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2289.152550][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 2289.160254][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 2289.336968][ T9893] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2289.629632][ T29] audit: type=1326 audit(1720212288.771:3165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23491 comm="syz.2.3682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc3775bd9 code=0x7ffc0000 [ 2289.680900][ T9893] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2289.748189][ T29] audit: type=1326 audit(1720212288.821:3166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23491 comm="syz.2.3682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9cc3775bd9 code=0x7ffc0000 [ 2289.857086][ T29] audit: type=1326 audit(1720212288.821:3167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23491 comm="syz.2.3682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc3775bd9 code=0x7ffc0000 [ 2289.927250][ T29] audit: type=1326 audit(1720212288.821:3168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23491 comm="syz.2.3682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc3775bd9 code=0x7ffc0000 [ 2290.057162][ T29] audit: type=1326 audit(1720212288.821:3169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23491 comm="syz.2.3682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9cc3775bd9 code=0x7ffc0000 [ 2290.217013][ T29] audit: type=1326 audit(1720212288.821:3170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23491 comm="syz.2.3682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc3775bd9 code=0x7ffc0000 [ 2290.320104][ T29] audit: type=1326 audit(1720212288.821:3171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23491 comm="syz.2.3682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc3775bd9 code=0x7ffc0000 [ 2290.411778][ T29] audit: type=1326 audit(1720212288.831:3172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23491 comm="syz.2.3682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9cc3775bd9 code=0x7ffc0000 [ 2290.507022][ T29] audit: type=1326 audit(1720212288.831:3173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23491 comm="syz.2.3682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc3775bd9 code=0x7ffc0000 [ 2290.608492][T11314] Bluetooth: hci5: ACL packet for unknown connection handle 200 [ 2290.655590][T23504] netdevsim netdevsim4: Direct firmware load for ng failed with error -2 [ 2290.670569][T23504] netdevsim netdevsim4: Falling back to sysfs fallback for: ng [ 2290.694662][ T9893] bridge_slave_1: left allmulticast mode [ 2290.731931][ T9893] bridge_slave_1: left promiscuous mode [ 2290.760916][ T9893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2290.810562][ T9893] bridge_slave_0: left allmulticast mode [ 2290.832298][ T9893] bridge_slave_0: left promiscuous mode [ 2290.848986][ T9893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2291.523969][T23509] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2292.104767][T23519] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2292.627134][T11314] Bluetooth: hci5: command 0x0406 tx timeout [ 2293.137136][ T9893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2293.198569][ T9893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2293.244262][ T9893] bond0 (unregistering): Released all slaves [ 2294.048959][ C1] [ 2294.051336][ C1] ================================ [ 2294.056453][ C1] WARNING: inconsistent lock state [ 2294.061608][ C1] 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 Not tainted [ 2294.068816][ C1] -------------------------------- [ 2294.074103][ C1] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. [ 2294.080957][ C1] syz.2.3696/23539 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 2294.087390][ C1] ffff8880b9338a80 (lock#12){?.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x7f/0x790 [ 2294.097809][ C1] {HARDIRQ-ON-W} state was registered at: [ 2294.103528][ C1] lock_acquire+0x1b1/0x560 [ 2294.108153][ C1] __mmap_lock_do_trace_acquire_returned+0x97/0x790 [ 2294.114858][ C1] copy_process+0x8c5a/0x8f10 [ 2294.119647][ C1] kernel_clone+0xfd/0x980 [ 2294.124261][ C1] __do_sys_clone+0xba/0x100 [ 2294.129061][ C1] do_syscall_64+0xcd/0x250 [ 2294.133705][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2294.139798][ C1] irq event stamp: 14234 [ 2294.144048][ C1] hardirqs last enabled at (14233): [] do_syscall_64+0x91/0x250 [ 2294.153371][ C1] hardirqs last disabled at (14234): [] sysvec_call_function_single+0xe/0xb0 [ 2294.163744][ C1] softirqs last enabled at (14228): [] __fpu_restore_sig+0x62f/0x1430 [ 2294.173603][ C1] softirqs last disabled at (14226): [] __fpu_restore_sig+0x2e1/0x1430 [ 2294.183467][ C1] [ 2294.183467][ C1] other info that might help us debug this: [ 2294.191551][ C1] Possible unsafe locking scenario: [ 2294.191551][ C1] [ 2294.199016][ C1] CPU0 [ 2294.202303][ C1] ---- [ 2294.205615][ C1] lock(lock#12); [ 2294.209363][ C1] [ 2294.212909][ C1] lock(lock#12); [ 2294.216832][ C1] [ 2294.216832][ C1] *** DEADLOCK *** [ 2294.216832][ C1] [ 2294.225025][ C1] 2 locks held by syz.2.3696/23539: [ 2294.230246][ C1] #0: ffff88807d36f398 (&mm->mmap_lock){++++}-{3:3}, at: do_madvise+0x1ea/0x7a0 [ 2294.239875][ C1] #1: ffffffff8dbb1620 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1c2/0x590 [ 2294.249427][ C1] [ 2294.249427][ C1] stack backtrace: [ 2294.255322][ C1] CPU: 1 PID: 23539 Comm: syz.2.3696 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 2294.265576][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2294.275645][ C1] Call Trace: [ 2294.279014][ C1] [ 2294.281869][ C1] dump_stack_lvl+0x116/0x1f0 [ 2294.287286][ C1] mark_lock+0x923/0xc60 [ 2294.291587][ C1] ? hlock_class+0x4e/0x130 [ 2294.296143][ C1] ? __pfx_mark_lock+0x10/0x10 [ 2294.300966][ C1] ? __pfx_mark_lock+0x10/0x10 [ 2294.305781][ C1] ? hlock_class+0x4e/0x130 [ 2294.310312][ C1] ? __lock_acquire+0x14f4/0x3b30 [ 2294.315375][ C1] __lock_acquire+0x1359/0x3b30 [ 2294.320269][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 2294.325494][ C1] ? find_held_lock+0x2d/0x110 [ 2294.330299][ C1] lock_acquire+0x1b1/0x560 [ 2294.334939][ C1] ? __mmap_lock_do_trace_acquire_returned+0x7f/0x790 [ 2294.341743][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 2294.346804][ C1] ? kvm_guest_state+0xfa/0x160 [ 2294.351692][ C1] ? perf_callchain_user+0x7ec/0xa20 [ 2294.357215][ C1] ? get_callchain_entry+0x1e3/0x3f0 [ 2294.363264][ C1] ? down_read_trylock+0x34a/0x3f0 [ 2294.368402][ C1] __mmap_lock_do_trace_acquire_returned+0x97/0x790 [ 2294.375058][ C1] ? __mmap_lock_do_trace_acquire_returned+0x7f/0x790 [ 2294.381957][ C1] ? __pfx_get_perf_callchain+0x10/0x10 [ 2294.387538][ C1] stack_map_get_build_id_offset+0x5d9/0x7c0 [ 2294.393547][ C1] ? __lock_acquire+0x14f4/0x3b30 [ 2294.398619][ C1] __bpf_get_stack+0x6bf/0x700 [ 2294.403405][ C1] ? __pfx___bpf_get_stack+0x10/0x10 [ 2294.408725][ C1] bpf_get_stack_raw_tp+0x124/0x160 [ 2294.413958][ C1] ? __pfx_bpf_get_stack_raw_tp+0x10/0x10 [ 2294.419743][ C1] ___bpf_prog_run+0x3e51/0xabd0 [ 2294.424706][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 2294.429765][ C1] __bpf_prog_run32+0xc1/0x100 [ 2294.434575][ C1] ? __pfx___bpf_prog_run32+0x10/0x10 [ 2294.439975][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 2294.445045][ C1] ? __pfx___cant_migrate+0x10/0x10 [ 2294.450270][ C1] bpf_trace_run2+0x231/0x590 [ 2294.454976][ C1] ? __pfx_bpf_trace_run2+0x10/0x10 [ 2294.460204][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 2294.465443][ C1] ? sched_clock+0x38/0x60 [ 2294.469885][ C1] ? sched_clock_cpu+0x6d/0x4d0 [ 2294.474767][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 2294.479984][ C1] __bpf_trace_tlb_flush+0xd2/0x110 [ 2294.485317][ C1] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 2294.491173][ C1] ? flush_tlb_func+0x3d2/0x600 [ 2294.496055][ C1] trace_tlb_flush+0xf3/0x170 [ 2294.500777][ C1] __flush_smp_call_function_queue+0x27a/0x8c0 [ 2294.506959][ C1] __sysvec_call_function_single+0x8c/0x410 [ 2294.512986][ C1] sysvec_call_function_single+0x90/0xb0 [ 2294.518664][ C1] [ 2294.521607][ C1] [ 2294.524549][ C1] asm_sysvec_call_function_single+0x1a/0x20 [ 2294.530585][ C1] RIP: 0010:__kasan_check_read+0x8/0x20 [ 2294.536176][ C1] Code: 60 48 c7 c7 20 00 27 8d 5b 5d 41 5c e9 81 a7 84 ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <89> f6 31 d2 e9 2f f1 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f [ 2294.555837][ C1] RSP: 0018:ffffc900033c7c10 EFLAGS: 00000246 [ 2294.561928][ C1] RAX: ffff8880b9200000 RBX: ffff88807d36f328 RCX: ffffffff816a66fd [ 2294.569936][ C1] RDX: ffffed100fa6de67 RSI: 0000000000000008 RDI: ffff88807d36f330 [ 2294.577937][ C1] RBP: ffff88807d36f330 R08: 0000000000000000 R09: ffffed100fa6de66 [ 2294.585945][ C1] R10: ffff88807d36f337 R11: 0000000000000000 R12: ffff888016393c00 [ 2294.593936][ C1] R13: ffffed10043c1b40 R14: dffffc0000000000 R15: ffff888016393c00 [ 2294.601942][ C1] ? rwsem_spin_on_owner+0x13d/0x2a0 [ 2294.607265][ C1] rwsem_spin_on_owner+0x13d/0x2a0 [ 2294.612403][ C1] __down_write_common+0x303/0x13f0 [ 2294.617631][ C1] ? __pfx___down_write_common+0x10/0x10 [ 2294.623315][ C1] ? __pfx___might_resched+0x10/0x10 [ 2294.628646][ C1] down_write_killable+0x4b/0x70 [ 2294.633853][ C1] ? do_madvise+0x1ea/0x7a0 [ 2294.638388][ C1] do_madvise+0x1ea/0x7a0 [ 2294.642835][ C1] ? __pfx_do_madvise+0x10/0x10 [ 2294.647718][ C1] ? __do_sys_rt_sigreturn+0x167/0x230 [ 2294.653217][ C1] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 2294.659089][ C1] __x64_sys_madvise+0xa9/0x110 [ 2294.664215][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 2294.669726][ C1] do_syscall_64+0xcd/0x250 [ 2294.674294][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2294.680246][ C1] RIP: 0033:0x7f9cc3775bd9 [ 2294.685321][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2294.705338][ C1] RSP: 002b:00007f9cc44dc048 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 2294.713812][ C1] RAX: ffffffffffffffda RBX: 00007f9cc3903f60 RCX: 00007f9cc3775bd9 [ 2294.721838][ C1] RDX: 000000000000000d RSI: 0000000000002000 RDI: 0000000020ffd000 [ 2294.730197][ C1] RBP: 00007f9cc37e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 2294.738198][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2294.746184][ C1] R13: 000000000000000b R14: 00007f9cc3903f60 R15: 00007ffe19b3da08 [ 2294.754266][ C1] SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 2294.985199][T21457] Bluetooth: hci5: ACL packet for unknown connection handle 200 [ 2295.486903][ T9893] hsr_slave_0: left promiscuous mode [ 2295.556947][ T9893] hsr_slave_1: left promiscuous mode [ 2295.782590][ T9893] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2295.796972][ T9893] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2295.839600][ T9893] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2295.852161][ T9893] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2295.907546][ T9893] veth1_macvtap: left promiscuous mode [ 2295.913263][ T9893] veth0_macvtap: left promiscuous mode [ 2295.941941][ T9893] veth1_vlan: left promiscuous mode [ 2295.957359][ T9893] veth0_vlan: left promiscuous mode [ 2296.361904][ T9893] team0 (unregistering): Port device team_slave_1 removed [ 2296.385839][ T9893] team0 (unregistering): Port device team_slave_0 removed [ 2297.589485][ T9893] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2297.628355][ T9893] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2297.677113][ T9893] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2297.737628][ T9893] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2297.850767][ T9893] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2297.905371][ T9893] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2297.958547][ T9893] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2297.999019][ T9893] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2298.106062][ T9893] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2298.167648][ T9893] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2298.215794][ T9893] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2298.308415][ T9893] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2298.416671][ T9893] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2298.475598][ T9893] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2298.539588][ T9893] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2298.606444][ T9893] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2298.711775][ T9893] bridge_slave_1: left allmulticast mode [ 2298.717990][ T9893] bridge_slave_1: left promiscuous mode [ 2298.723766][ T9893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2298.733004][ T9893] bridge_slave_0: left allmulticast mode [ 2298.740195][ T9893] bridge_slave_0: left promiscuous mode [ 2298.746017][ T9893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2298.757701][ T9893] bridge_slave_1: left allmulticast mode [ 2298.763450][ T9893] bridge_slave_1: left promiscuous mode [ 2298.770046][ T9893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2298.779521][ T9893] bridge_slave_0: left allmulticast mode [ 2298.785182][ T9893] bridge_slave_0: left promiscuous mode [ 2298.792821][ T9893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2298.803647][ T9893] bridge_slave_1: left allmulticast mode [ 2298.810603][ T9893] bridge_slave_1: left promiscuous mode [ 2298.816383][ T9893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2298.826610][ T9893] bridge_slave_0: left allmulticast mode [ 2298.832424][ T9893] bridge_slave_0: left promiscuous mode [ 2298.840198][ T9893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2298.852335][ T9893] bridge_slave_1: left allmulticast mode [ 2298.858277][ T9893] bridge_slave_1: left promiscuous mode [ 2298.864041][ T9893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2298.874174][ T9893] bridge_slave_0: left allmulticast mode [ 2298.880310][ T9893] bridge_slave_0: left promiscuous mode [ 2298.886073][ T9893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2298.898927][ T9893] bridge_slave_1: left allmulticast mode [ 2298.904619][ T9893] bridge_slave_1: left promiscuous mode [ 2298.910510][ T9893] bridge0: port 2(bridge_slave_1) entered disabled state [ 2298.921670][ T9893] bridge_slave_0: left allmulticast mode [ 2298.928665][ T9893] bridge_slave_0: left promiscuous mode [ 2298.934461][ T9893] bridge0: port 1(bridge_slave_0) entered disabled state [ 2299.793570][ T9893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2299.804442][ T9893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2299.814973][ T9893] bond0 (unregistering): Released all slaves [ 2299.837131][ T9893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2299.850514][ T9893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2299.861128][ T9893] bond0 (unregistering): Released all slaves [ 2299.878935][ T9893] bond1 (unregistering): Released all slaves [ 2299.900975][ T9893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2299.915315][ T9893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2299.926945][ T9893] bond0 (unregistering): Released all slaves [ 2299.946964][ T9893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2299.959668][ T9893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2299.976235][ T9893] bond0 (unregistering): Released all slaves [ 2299.998902][ T9893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2300.011500][ T9893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2300.022216][ T9893] bond0 (unregistering): Released all slaves [ 2301.042393][ T9893] hsr_slave_0: left promiscuous mode [ 2301.048581][ T9893] hsr_slave_1: left promiscuous mode [ 2301.054694][ T9893] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2301.063348][ T9893] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2301.075809][ T9893] hsr_slave_0: left promiscuous mode [ 2301.082855][ T9893] hsr_slave_1: left promiscuous mode [ 2301.088988][ T9893] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2301.096602][ T9893] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2301.106252][ T9893] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2301.113847][ T9893] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2301.127746][ T9893] hsr_slave_0: left promiscuous mode [ 2301.133828][ T9893] hsr_slave_1: left promiscuous mode [ 2301.140368][ T9893] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2301.147976][ T9893] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2301.156013][ T9893] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2301.164692][ T9893] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2301.179005][ T9893] hsr_slave_0: left promiscuous mode [ 2301.185285][ T9893] hsr_slave_1: left promiscuous mode [ 2301.191833][ T9893] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2301.201346][ T9893] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2301.209491][ T9893] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2301.217178][ T9893] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2301.229312][ T9893] hsr_slave_0: left promiscuous mode [ 2301.235405][ T9893] hsr_slave_1: left promiscuous mode [ 2301.243000][ T9893] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2301.250776][ T9893] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2301.259034][ T9893] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2301.266521][ T9893] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2301.283510][ T9893] veth1_macvtap: left promiscuous mode [ 2301.289124][ T9893] veth0_macvtap: left promiscuous mode [ 2301.294783][ T9893] veth1_vlan: left promiscuous mode [ 2301.300381][ T9893] veth0_vlan: left promiscuous mode [ 2301.308870][ T9893] veth1_macvtap: left promiscuous mode [ 2301.314493][ T9893] veth0_macvtap: left promiscuous mode [ 2301.320446][ T9893] veth1_vlan: left promiscuous mode [ 2301.325960][ T9893] veth0_vlan: left promiscuous mode [ 2301.332787][ T9893] veth1_macvtap: left promiscuous mode [ 2301.338444][ T9893] veth0_macvtap: left promiscuous mode [ 2301.344118][ T9893] veth1_vlan: left promiscuous mode [ 2301.349984][ T9893] veth0_vlan: left promiscuous mode [ 2301.357123][ T9893] veth1_macvtap: left promiscuous mode [ 2301.362701][ T9893] veth0_macvtap: left promiscuous mode [ 2301.368666][ T9893] veth1_vlan: left promiscuous mode [ 2301.374017][ T9893] veth0_vlan: left promiscuous mode [ 2301.965856][ T9893] team0 (unregistering): Port device team_slave_1 removed [ 2301.985993][ T9893] team0 (unregistering): Port device team_slave_0 removed [ 2302.392485][ T9893] team0 (unregistering): Port device team_slave_1 removed [ 2302.440590][ T9893] team0 (unregistering): Port device team_slave_0 removed [ 2302.825593][ T9893] team0 (unregistering): Port device team_slave_1 removed [ 2302.843788][ T9893] team0 (unregistering): Port device team_slave_0 removed [ 2303.245090][ T9893] team0 (unregistering): Port device team_slave_1 removed [ 2303.272393][ T9893] team0 (unregistering): Port device team_slave_0 removed [ 2303.709464][ T9893] team0 (unregistering): Port device team_slave_1 removed [ 2303.752194][ T9893] team0 (unregistering): Port device team_slave_0 removed