last executing test programs: 2m50.540464612s ago: executing program 1 (id=1397): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="0c0002"], 0x24}}, 0x0) (fail_nth: 2) 2m49.238099112s ago: executing program 1 (id=1400): socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_lsm={0x1d, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x2}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x95, 0x0, 0x0, 0x0, 0x9}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1ae}, @ringbuf_query]}, &(0x7f0000000100)='GPL\x00', 0x8, 0xce, &(0x7f0000000140)=""/206, 0x41000, 0xc, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0xb, 0x7f, 0x7f}, 0x10, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000002c0)=[0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000300)=[{0x3, 0x5, 0xc, 0x5}], 0x10, 0x6, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_getattr(r0, &(0x7f0000000000)={0x38}, 0x38, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) r4 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 2m46.987413073s ago: executing program 1 (id=1406): r0 = syz_io_uring_setup(0x23a, 0x0, &(0x7f0000000040)=0x0, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_SEND_PRIO(r2, 0x6b, 0x3, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="188e4206000000000000009500000000ddffffffffffffff00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='ext4_journal_start_reserved\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000780)={0x200004, 0x395e, 0x3, {0x1, @sdr={0x3031334d, 0xdd17}}, 0x6}) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_UNMAP(r5, 0x3b86, 0x0) socket(0x1e, 0x1, 0xffffffff) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000380)={0x28, 0x4, r6, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) socket$kcm(0x10, 0x2, 0x4) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x3, 0x0, 0xe, 0xfffff00c}, {0x30, 0x6, 0x3}, {0x6, 0x0, 0xfd, 0x5}]}, 0x10) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, 0x0, 0x10, 0x70bd28, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x1c}}, 0x4040800) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8b04, &(0x7f0000000340)={'wlan0\x00'}) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4009, 0x40000, @local, 0xd}, 0x1c) 2m46.622544457s ago: executing program 1 (id=1407): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000000740)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000004680)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000002bc0)=[{&(0x7f0000001900)=""/135, 0x87}, {0xfffffffffffffffe, 0x2}], 0x2}}], 0x48}, 0x0) (fail_nth: 2) 2m45.887594656s ago: executing program 1 (id=1412): ioctl$PPPIOCSMRRU(0xffffffffffffffff, 0x4010744d, &(0x7f0000000080)=0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000001010102000000000000000002000000240002800c000280040001003a00000014000180080001cd4bde2a0192000000000000000c001980080002"], 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x0) (fail_nth: 2) 2m43.855591569s ago: executing program 1 (id=1418): syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() set_mempolicy_home_node(&(0x7f0000778000/0x2000)=nil, 0x2000, 0x2, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$ARCH_GET_UNTAG_MASK(0x1e, r0, &(0x7f0000000100), 0x4001) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bb000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @cgroup_sock_addr=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc84, @void, @value}, 0x94) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x30000040}, 0x1) sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) quotactl$Q_SETINFO(0xffffffff80000600, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0xee00, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0x8000, 0x5, 0x7, 0x1, 0x1, 0x2, 0xbf, 0xb8, 0x3, 0xf, 0x5, 0x6}, {0x804, 0x5, 0x1, 0x5, 0x7, 0x2, 0xff, 0x5, 0x9, 0x4, 0x4b, 0x7f, 0x3}, {0x4, 0x6, 0x38, 0x6, 0x84, 0x7, 0x0, 0x50, 0x2, 0x70, 0x3, 0xa, 0x400000000006}], 0xffffffff}) 2m28.75703006s ago: executing program 32 (id=1418): syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() set_mempolicy_home_node(&(0x7f0000778000/0x2000)=nil, 0x2000, 0x2, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$ARCH_GET_UNTAG_MASK(0x1e, r0, &(0x7f0000000100), 0x4001) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bb000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @cgroup_sock_addr=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc84, @void, @value}, 0x94) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x30000040}, 0x1) sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) quotactl$Q_SETINFO(0xffffffff80000600, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0xee00, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0x8000, 0x5, 0x7, 0x1, 0x1, 0x2, 0xbf, 0xb8, 0x3, 0xf, 0x5, 0x6}, {0x804, 0x5, 0x1, 0x5, 0x7, 0x2, 0xff, 0x5, 0x9, 0x4, 0x4b, 0x7f, 0x3}, {0x4, 0x6, 0x38, 0x6, 0x84, 0x7, 0x0, 0x50, 0x2, 0x70, 0x3, 0xa, 0x400000000006}], 0xffffffff}) 2m23.198655027s ago: executing program 3 (id=1481): socket$inet6_dccp(0xa, 0x6, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/diskstats\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000440)=""/244, 0xf4}], 0x1, 0x800, 0xfff) 2m22.192032721s ago: executing program 3 (id=1484): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$sock(r1, &(0x7f0000005080)=[{{&(0x7f0000000a80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, 0x0}}], 0x1, 0x0) r2 = epoll_create1(0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f0000000000)=0xfff) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000001c0)) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 'syz1\x00', 0x0, 0xfffffe40}) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) setsockopt$MRT_ADD_MFC_PROXY(r6, 0x0, 0xd2, &(0x7f0000000200)={@dev={0xac, 0x14, 0x14, 0x1b}, @broadcast, 0x1, "d7c653fdea4bbe25647613cef151e356d49ffd803fd8ca60d10baf518189f8d7", 0xfffffff9, 0xb97e, 0x3, 0x1ff}, 0x3c) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}}) 2m20.389581156s ago: executing program 3 (id=1488): mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) rmdir(&(0x7f0000000380)='./file0/../file0\x00') 2m20.280785208s ago: executing program 3 (id=1489): socket$kcm(0x10, 0x400000002, 0x0) socket$rds(0x15, 0x5, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001640)={0x814, 0x33, 0x107, 0x0, 0x0, {0x2, 0x7c}, [@generic="66e5cbee36b8caf65fece481dc2635210c1762e3591c59c1497f8235269577a0daeaeeb100843fedbd620f8689e6893d898a82407733ba37d082f61ad4cc4c02f17b1cf274ddedea3dc73235e45b8b8502f0e8423beec00b5abcd1dcd7cd39afc34c7d968273778820ae581887e730347f8056d51a6ca6ca9e1549a6f637b1e0aad415d44d40d3f03182ba564b062e6dd059b7fc1310d18b1ca767315ff1fbf0ec20e74529aaee3cc84354cb59bbd64bd259c5b70579caca538a6e3877594abf66bdb876cf92bbd44a7c8b3013ff4ecdb2e3695029e460dbcc2ad633d2074f61a4b0096aac213ff6414eb4d6cd5655dcdbdd51eb3c9261ec4ed9b8e3cad96e7a4620ccdd202ba53427487beffd24db4212d2eb17f7e5ca816ef7e01a80ac1b3fcca0f059478369e6921955c786ea7c0be443dd88c5ff79d50e5cd90a20e58c93e4a9e0900bd6eb611bf4fed4d40bedc9b37d5ee068d957068d48bd08e11a4cba98408d0439926cea4bfaecb869bd41bdcdff03a02a9737441286e85233250c082904506936a30440aab0907b982f54ec13b6bb16376485b2df049564b7493df7fe3689bad288422570ab4e1f9e54614c71a493e36219dec6f7dbc51d791ea16d0f9fb81dcb85bbe027a94c675fba5dde5ab19e9597b1c434fb2462ab3b913a4b4a7bb88a038338be49a4b211cb0b16cb93074555c8e3e52d09385b4d283a9e020937092022697e097100daf018c0e2cd7a95e2c6b8975e95566dd30bbc7466761a79de652a4747582a179944934aafdfb369becc6c8d7c4baa6efc99bf86d65087e6134cd496fe25014365763887d5443958e6e5eb8e6a770c936fc84f588753ae7f6c949933d0b7f372c99a2e163c58d1fb24e7219354b669ce30124ee05d1ba8bcb104256a84f5a6220c7238bd629593ab45c89df1dad4c3a1ca6548e53146672fa930f3254fc37911397ac043cf3fe7e779c4a993939ce1418825ecd8042499ef3a1657daa2fe744ff34d05a95320ee6575d289724f59f5704f429e119b07b37085ebd66aa1f5b7b57aaeb26aff0ba40177cb9bd50e5466b0d61103c6fb03ec7a4d6f00b61fad715d03b509ff85705bceee0f9aec34d293df3951496280488a330cb259736ca812e29de60b0b42185983ca07498b231483014a6c4be3ac548fbcd46bedac83be995f45caf01462b22ed8d250df35834cfeb9272f50a6021c650635061191c392bf87826ced2b9a9a259a97637a63b43faed48d4a474a5609f8c2556b6a8a79e6cfbe95b6fdcaeb415f854576039e409351802c2c58c450473f733b509e8852f6c8c1769f7135aee5c3c610110a4b2cdd0b371a1a940cfd687f75ebb356157ddf97cdf9f1e22d95d1249c9065ad8f1eb5845da2277211b27c253ecfac758eb3fa0986ece872f3fdaebe6f86bd505b1d80fa4c1932f7ef61fe422dbb4a54ddfa7f00b4d0746664126ca77f5eaf89de7c1789367b7dd4aa6d951014ecba9455cd5b7ce047990ba641daf929c8a4631ea867cc748dd97845568c93120ecd8a81496cb93512157761af3f5bd5119c4ed3d98df6f5ad6d048e166ce937f9f5ba5e3ef54dd9a93ff032737db247cdee9e6f2619ff92933fe053a1b41304ffc1abc2bcdf5648182095f6290a72b78ec1f9e7d52455cc58553dd41b722872d2190d01c441d6b7f764b42d088a9f255927de09ff5f89388ac5f7f9895d652f5aa944da021f4fd5d14831d165cf63a45c0c46abcbe7adc7e047d140493e8ed5a1b5cf3284c5d790cfdae4d5a746286a076c9d4f62769bd4eb34cea33965de67a07ae29f1e979233c6da75c72e48e5bbf265dde77adbc088dabd4c6a89ab5be196b58a2cdcf1667d84812727cb5bfa85e6762ce4aec2cccc23e5aaa7aef54a7e149f0f04145f1c46233f437751fb8e0bdda9a299d6af1c8f4615db73649bbaa84412526e804aebfaaab66d8aff723bd84693e1ee31d1d5872af3a1707afeb0bef926610a1738fb9d799e4b236bfb38dd0b494cced63fe1a0b56303414ab8c646227c6d7da66f839a96486a9f86494bfbc2b14e904ec3fbfde6470bb74a6d91d52c6ab8a19bbfe70ca477f09293aff8fc93d50df91ab0f3dc1f199387da5e91b80fc797c0929ba6437ede12bd81a8c4d34ba55410c5d64504bd279f351ce6b964baa5f4f0452b3811735c697c89fc2bee78aac50e7c2aceac4e5be7732faebed06f487a5bc612a9ba7abcebe23cad48eb464344a8e1614e09a4f792d9a4f09aca315c04dfdeb848b8b495d8a7566c64d03b64fa2c850eac36781a2fa4759328495532879c18d664ed03ad7aeee00b1b1858cef0cf850a8167777f61da1f0f872792dbe8af4aadb11c203699e34b732779635d440971e4ad8976f1e4a2afff0d46ab96ca963a9074f4b62dc5b381a68dd8e2714f470a9c6430089bd7810c6f8144f07c108c859c9ca53dd77a7f34fcb55ec3cbd9dfbb9b527b4b85cb9247a7b3f7bd3e97c9d970f90bfdb40fbc924d15207a09af6de5e768ff98bbb22e30aa1b96ec58a718519c8d3d697155a8bfbc0c138b99aff450cf63c2d66b55f3daee2c8698bd85c72eccffa0f57f2d4c4393521bddb6f3464274d98a024bfd3420ca82eaa11676c96eb9f21de489cc391fcd5aa137cfac6655798c33ec8339120d34d3054a1d0419c417417210eee15ded5a4e1aaf33190178d95f3eaa5017039a3cedb1cee2facdc1ec8706e89ea62c361a946e9dbfc097711679d401cbdd48d896f23c18726258698e2ad0c9b969359d3d0aebf04d2fa045571fbb0a92a0294e3b4fd2eb35e0d092f6960fe77526d6f44748c7d8d26b415e5a23c798de48f47de5baaf8424d5f118b738cb1a97a8368e8084be40090c6d08ba11ae6f01f65a7558"]}, 0x814}, 0x1, 0x0, 0x0, 0x28000}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x80, &(0x7f0000002680)=ANY=[@ANYBLOB="7175ef74c10276ccef3f612c75737271756f74615f626c08000000000000006c696d69c93d382c005f922cbefaee20ef7998921b8c6cb422c73e68d7e6f1623a59fa7ee4def9712fd32ed10ab1a178b62539665af7ece1944d"]) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$SO_BINDTODEVICE_wg(r2, 0x1, 0x19, &(0x7f0000000080)='wg2\x00', 0x4) sendmmsg(r2, &(0x7f0000002140)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000002900)="f46dd9e7ee3cae8f1b329eab9fbb16b5c9c51a59a4507417244d124db5fd51ded6420cec714a5614ebac6519572e60376ef869c163c3b0879a4b593549613366b445b7cc712b348bccaf142d31e8f800dfa737a713339fac15ddafb3595b44f100a111f2b3d460c1039252", 0x6b}, {&(0x7f0000000300)="b559904c42399ed37e36ec549105ddf5d8e3d7cefdc488171f75c56bdad5e9d8af59e508125323d25dd3586731218bc9607ba37f529720aca3aeb053a761173e597e0c34bb46264cd2afa012a5c7579360b53f5395cbf170a520d5b7f1bd991a2d4dc04a8efadb90439be63ab1c2d3e2270b3c1fa6eccbdc8cc8a548af903607a8a62c08d4bff8ed4099e314b174930b4b11edddf8ddb98c513760a02e19145fb47397d4eff6b6a5f2dfef797930bce31ed818b8a4627daf7e6384f264b2b425432c11b8d8dd5e352f562413e886d56cc3179eef0750a2c99b19dbef6b8beac64eea55b6896391d6bd728e107c9b0a638afaf9559843840a6594143fab3ef5800e62e3bbd9989104d719356de5370b6018d71671aab942d04fb69f81a68b1eee67749fb717f2955b75b542b232ad8c1fce431ae7ae6039fe94ab63cdbe58b1c1ae4196f66549a50ef6adb6f9db7c949e719e8d8dc46287fe1dacff1e9532e1f54f28149c1fc7647e409d5c1f1b831d7fbcc53fc8c6d24a2960ae8f531399b11090b7266ebd528b86f341916a620935863cc787bb1b2274f53e1f6f26219de6dd6260fc99421235e8ec88a6590af07cd80f3c0de22d244017d95893353046a2e718aaa4c8ccd19465a87e422c290bc6e8c5ef41ee678b37b9792056c524da39a9cd841b31424a8917eab053a9e6aef1d75f2542cfe81354eb1e359067cc770b85ccb5dd8c1f9a7e667e6d8fb025a23ddae47415141663d29d289df004a43b2654f1c4ebc9217254227041a1a7f5936648a536fe246a5e1e98c09966006d57a84995272cfced3d5326f27d2b7d4816b2d2e50a546ed2412d7485dd6d6583a76849f702eacfc762350635090090237327b9d826f61261a8df83f4050836f5055bccd8a2ce511ceaa4a7fcb915c1749e62118b33367906deff2f34a39439cb79478e0487f486c1416f47a4df3215ed78304792a1b392643483db08c23f9716a40ba925d0869bdd08b483b3bf9244f80428caf354ca4bb598ae202e4dc6f2bc60126e8ff2f816ad607978525d35083ab7e685bbba61140efbd6da4f4a5182c2fa0ea54bf6fa31c69eb846ca0daf0998885a2a5de56d81ef9c49e14ea07ff923cb6374e38e3b72fcc90360f463dac88006f52ceef2749802f34db0d88b79a8e96c8fb3f219c43bef3b4c300c33df59b533fbec544d81b129413b8c4ff20315c61dfe8887fc34db0b4eaae39b77bb33438e7dc43f7147b9bb06bdd7bc3d96c134c8c62d066445048ebb4b539c8e0781210e7395890a3385bcd48ba71c42618f2e77de0d04f603543937b83be381242a10f3897cb255e839536086d41926601153222a9cc2abedf5dceb9c70b65f18b92c9115b8e848408cf3a4fdc747ce6d806fa73ed35ac9b2d6d3a33c5a1b3323c76f64994c6e283115324213a6dea914b98219c2879e401fa161da74f814e70cead4c0b828fbf2e68e2e5a6c14392256b797c28357a6209548e5b854a42744e3c362f5a45b723fd31ee158d9275506b5919f5d43df503a7073d401ae3a538402f27b0b2f89002ac28d7048e3947a292e12224a13d5b2c523756e88c1f53ca2db26a08ff516bb24b7b9db75cad59bdce753119bb6765aa6fc88e8211b9c5ebed8c5264bb7e279f9187a354adddc91d9016da27ebfef8ec3e3f9450cd79508dd2ca4c75e7c803a828a07c62d9b486b238fc4eea03725928ccbb9523cef76b9067cdab67fddcfeacbf8451ca790fcddf0", 0x4da}, {&(0x7f00000001c0)="673324d8d08545d1b3cd76051a2efda88fe68f6652f84b3719ad9d871a2667fae2403a631befb57f193c26f8061f70802e34183c4f01c3562185a34045a2cb6a19e24b45ad0caf5ef60e678b12563190", 0x50}], 0x3}}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)="e1", 0x1}], 0x1}}], 0x2, 0x44080) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') io_setup(0x81, &(0x7f0000000040)=0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010000104000000000101000000000000", @ANYRES32=0x0, @ANYBLOB="0900000000000000200012800e0001006970366772657461700000000c00028008000100", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r8], 0x48}}, 0x0) io_submit(r4, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}]) io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f0000001c40)=[{&(0x7f0000000040)=""/54, 0x36}, {&(0x7f0000000840)=""/142, 0x8e}, {&(0x7f0000000900)=""/136, 0x88}, {&(0x7f00000009c0)=""/122, 0x7a}, {&(0x7f0000000a40)=""/242, 0xf2}, {&(0x7f0000000b40)=""/81, 0x51}, {0x0}, {&(0x7f0000000140)=""/2, 0x2}, {&(0x7f0000001bc0)=""/100, 0x64}], 0x9) read$FUSE(r3, &(0x7f0000003480)={0x2020}, 0x2020) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) fanotify_init(0x40, 0x0) syz_emit_vhci(0x0, 0x0) r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100, 0x3, 0x1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_ACCEPT={0xd, 0x0, 0x3, r9, 0x0, 0x0, 0x0, 0x80800}) 2m18.70520681s ago: executing program 3 (id=1493): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000002c00010026bd70f7fbdbdf250400002804001d00"], 0x18}, 0x1, 0x0, 0x0, 0x404000c}, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001b00)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0xfffffffe}}}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_pedit={0x0, 0x1c, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x0, 0x5, 0x0, 0x1, [{0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE, @TCA_PEDIT_KEY_EX_CMD]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x4}]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x3}]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x3}]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x4}]}]}, @TCA_PEDIT_KEYS_EX={0x0, 0x5, 0x0, 0x1, [{0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x4}]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x3}]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_HTYPE, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x2}]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x2}]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_CMD]}]}, @TCA_PEDIT_PARMS={0x0, 0x2, {{{0x8, 0x4, 0x10000000, 0xb, 0x8}, 0xff, 0x4, [{0x3, 0x9, 0xfff, 0x5, 0x9, 0x10}, {0x1, 0x0, 0x1000, 0x1, 0x9}, {0x1, 0x0, 0x5, 0x9, 0x3, 0x8}, {0x195, 0x0, 0x7, 0x4, 0xfffffff9, 0x61d}, {0x4, 0x8001, 0x80000000, 0x919, 0x4, 0x399}, {0xb79f, 0x4766, 0x8dbb, 0x7, 0x10001, 0x3}]}, [{0x8, 0xe63f, 0x6, 0x0, 0x981e, 0xc}, {0x5, 0x80, 0x3ffc00, 0x3, 0xb, 0x119}, {0x6, 0x2, 0x10001, 0x10, 0x6, 0x1}, {0x8ce, 0x5, 0xfffffffc, 0x6, 0x5, 0x1}, {0x8265, 0xce70d458, 0x398, 0x0, 0x8, 0x31}, {0x60000000, 0x80, 0x7c, 0x0, 0x8, 0x7}, {0x3, 0xb, 0x7, 0x8, 0x9}, {0x1000, 0xb84e, 0xf, 0x7fff, 0x9, 0x40}, {0x8, 0x6, 0x2, 0x1ff, 0x4, 0x7}, {0xffffffff, 0x9, 0x2, 0x2ca, 0x80000000, 0x6}, {0x5, 0x0, 0x1, 0xa6, 0x20, 0x9}, {0x9, 0x200, 0x81, 0x0, 0x2, 0x1300}, {0x7, 0x0, 0x7f, 0x3, 0x3, 0x2}, {0x9, 0x0, 0x5, 0x4, 0x9, 0x7f}, {0x81, 0x8, 0x9, 0x8, 0x23, 0x1}, {0x5, 0x1, 0x74, 0xffff, 0x9, 0x7ff}, {0xc, 0x9, 0x39fa, 0x3, 0x100, 0x2}, {0x5, 0x10000, 0xfffffff2, 0x3, 0x98, 0x4}, {0x2, 0x7bb, 0x2, 0x9, 0x780, 0x78b8}, {0x0, 0x4, 0x200, 0x4, 0xdc4, 0x2}, {0x10001, 0x9, 0x1, 0x9f1a, 0x2}, {0x0, 0xfffffff9, 0x3, 0xa, 0x10001, 0xc}, {0x401, 0x8, 0x4, 0xfe, 0x7fff, 0x8000}, {0x588, 0x7, 0x81, 0x8e, 0x2, 0xd4f4}, {0x9, 0x6, 0x4, 0x8, 0x9, 0x72}, {0x7, 0x80000001, 0xdc0a, 0x10001, 0x8083, 0xf}, {0xb, 0x1000, 0x4, 0x5, 0x8, 0xffffffff}, {0x8dcd, 0x9, 0x1, 0x200, 0x2, 0x9}, {0x5, 0x1, 0x3f88, 0x3, 0x6, 0x2}, {0xb, 0x0, 0x100, 0x400, 0x7}, {0x7fffffff, 0xfffffff8, 0x7, 0x101, 0x400, 0x2}, {0x7, 0x1000, 0x4, 0xb, 0xcc8, 0x200}, {0x80, 0x7ff, 0x1, 0x4, 0x9, 0x8}, {0x9, 0x49, 0xffff, 0x9, 0x7, 0x8}, {0xf, 0x413, 0x3, 0x1ff, 0x6e7, 0x8}, {0x6, 0x0, 0x7, 0xfffffffd, 0x993e, 0x9}, {0x6b3, 0x9, 0x7, 0x9, 0x0, 0x5}, {0xa44, 0x4, 0x2, 0xfffffffd, 0x6, 0x9}, {0x0, 0x9, 0x800, 0x8001, 0x6, 0x8}, {0xe9c, 0x2, 0x7, 0xf9dd, 0x0, 0x4}, {0x2, 0x9, 0xffff, 0x100, 0x60b098a7}, {0x5, 0x6, 0x0, 0x1, 0x3fe00, 0x2930f0ed}, {0x4, 0x2, 0x8, 0x7, 0x7fffffff, 0x7ff}, {0xfffffffc, 0xfffffffb, 0xb4f, 0xffffffff, 0x2, 0x1800}, {0x38ab, 0xb37, 0xe2b, 0xd, 0x3, 0x8fb}, {0x7, 0x6, 0x7, 0x9, 0x9, 0x8}, {0xffff, 0x5, 0x80000000, 0x500000, 0x7ff, 0xfffffff9}, {0x0, 0x5, 0xc, 0x3, 0x5, 0xff}, {0xffffffff, 0xfffffffd, 0xbdf0, 0x6, 0x3889, 0xc}, {0x8, 0x81, 0x7, 0x6, 0x5, 0x10}, {0x6, 0x4, 0x74a, 0x75d}, {0x1, 0x0, 0x5, 0x4, 0x6, 0xfe}, {0x2, 0x0, 0x9, 0xfffffff8, 0x800, 0x7}, {0xd, 0x4c2, 0x3, 0x4, 0x8000, 0x3}, {0x29, 0x8, 0x1, 0x3ff, 0x100, 0x4}, {0x4, 0x0, 0x5, 0x0, 0xf8, 0x1}, {0x6, 0xe9, 0x400, 0x59, 0x40, 0x80000000}, {0x7, 0x0, 0x8, 0x3, 0x8, 0x9}, {0xbad, 0x0, 0x5, 0x8, 0x7f9, 0xffffffc0}, {0x6, 0x0, 0x3, 0x9, 0x2, 0x5}, {0x4, 0xa, 0x8802, 0xc, 0x9, 0x7}, {0xfff, 0x3, 0x4, 0x9, 0x6, 0x57bf}, {0x7, 0x7, 0x1ff, 0xb1, 0x4, 0x1}, {0x8001, 0x5, 0x2, 0x1, 0x1c9, 0x5}, {0x200, 0xb, 0x1, 0x40, 0x4800, 0xea0d}, {0x5, 0x8, 0x8001, 0x7ff, 0x20000, 0xf}, {0x9, 0x1, 0x2, 0x3, 0x4, 0x7f}, {0x0, 0x9, 0xffff, 0xfffffffe, 0x7, 0x2}, {0xc8a, 0x2, 0xffffffff, 0x10000, 0x10001, 0xffff}, {0x0, 0x200, 0x8, 0x8000, 0xb41, 0x4}, {0x2, 0x5, 0x5b1a, 0x401, 0xc, 0x8001}, {0x99, 0x40, 0xa, 0x6, 0xa, 0x15}, {0x6, 0x6ae, 0x0, 0x0, 0x5, 0x2}, {0x6, 0x8eff, 0x4, 0x1, 0xa2, 0x7ff}, {0xfffffff7, 0x10000, 0x2, 0x101, 0x2, 0x3}, {0x8, 0x6, 0x8, 0x6, 0x5f, 0x8}, {0x1a00000, 0x9, 0x2, 0x5, 0x37, 0xffffffff}, {0x8, 0xfffffe00, 0x3, 0x0, 0x9, 0x85}, {0x2, 0x4, 0x80000000, 0xa8, 0x3, 0xc9}, {0x2, 0x3, 0xd, 0x8001, 0x5, 0x5bd}, {0x400, 0x8, 0x0, 0x2, 0x9, 0x4}, {0x9, 0x5, 0xe8f, 0x1, 0xa, 0x7}, {0x4c1, 0x6, 0x387, 0x6, 0x7, 0xb622}, {0x4, 0x82, 0x7fff, 0x2, 0x7, 0xffffeb84}, {0x1, 0x10000, 0x5, 0x6, 0x8}, {0xda18, 0x9, 0x10000, 0x8000, 0x4, 0x3}, {0xcbe, 0x1, 0x63e, 0x4, 0x6, 0x81}, {0x7, 0x10000, 0x7ff, 0x6, 0x7f, 0x8}, {0x489, 0x1, 0xa, 0xb, 0x3, 0x8}, {0x5, 0x8, 0x0, 0x7, 0xffffffff, 0x19}, {0x6, 0xbc3f, 0xffffffff, 0x2, 0x3, 0x4}, {0x8, 0x1f8, 0x401, 0x5, 0x5, 0x7}, {0x28, 0x7, 0xa, 0x5, 0xe, 0x80}, {0x7, 0x1000, 0x2, 0xe4dc, 0x5, 0x5}, {0x2, 0x80, 0x5, 0x0, 0x2, 0x1ff}, {0x7, 0x1ff, 0x3, 0xf2, 0xfffffffd, 0x5}, {0x7, 0x1, 0x2, 0xc, 0x6, 0x8}, {0x1, 0x7, 0x1000, 0x4, 0x86, 0x5}, {0x80000001, 0x5, 0x1ff, 0x30cb, 0x4, 0x9}, {0x800, 0x9, 0x8, 0xffffffff, 0x5, 0x2}, {0x7, 0xf, 0xe5c4, 0x8, 0x3, 0x7}, {0x2, 0x0, 0x0, 0x4, 0x6, 0x9}, {0x3, 0x4, 0x0, 0x3, 0x3, 0x7fff}, {0x2, 0x6abd, 0x3, 0xe6, 0xfffff000, 0x4}, {0x4, 0x4, 0x2, 0x1, 0x2, 0x1}, {0xfff, 0x1, 0x5, 0x100, 0x4, 0x4}, {0x4, 0x7, 0x7, 0x100, 0xffff, 0x101}, {0x400, 0x1, 0xe0, 0x82, 0x401, 0x4ef2}, {0x1, 0x401, 0x2, 0x0, 0x2, 0xf}, {0xc, 0x8, 0x3ff, 0xffff, 0x0, 0x2}, {0x4, 0x9, 0x9, 0x5, 0x0, 0x6}, {0x3, 0x6873932e, 0x1, 0x7, 0x6, 0x9}, {0xb7, 0xe, 0x8, 0x7, 0x40, 0x6}, {0x80000001, 0x7, 0xb, 0x94, 0x401, 0x9}, {0x10000, 0x5, 0xfff, 0x9ff6, 0x3, 0x6}, {0x58d, 0xff, 0x3, 0x8e7, 0x1000, 0x6ddf}, {0x800, 0x7, 0x8, 0x5, 0x1, 0x3ff}, {0xe, 0xbf, 0x1, 0x81, 0x40000, 0x3ff}, {0x5, 0xb, 0x75c, 0x0, 0x81, 0x7ff}, {0x3, 0x1, 0x2, 0x2, 0xfffffffc, 0x10001}, {0x9, 0x9, 0x8, 0x4, 0x5, 0x8001}, {0x2, 0x8, 0x6, 0x1, 0x5}, {0x447b, 0x4, 0x4, 0x6, 0x0, 0xab3}, {0x7, 0x1ff, 0x4, 0x6, 0x2, 0x3}, {0x9, 0x81, 0xd36, 0x2c09b96f, 0x101, 0x200}, {0x800, 0x9, 0x9, 0x5, 0x5, 0xf8}, {0x8001, 0x6, 0x8, 0xfff, 0x3, 0x8bf8}, {0x7, 0x20, 0x9, 0x401, 0x3, 0x7}], [{0x2, 0x1}, {0x1}, {0x3}, {0x3, 0x1}, {0x3}, {0x4}, {0x5, 0x1}, {0x0, 0x1}, {0x5}, {}, {0x2, 0x1}, {0x0, 0x1}, {}, {0x5, 0x1}, {0x2}, {0x5}, {0x7}, {0x0, 0x1}, {0x0, 0x1}, {0x2}, {0x6}, {0x3, 0x1}, {0x3, 0x3}, {0x4}, {0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x2}, {0x1, 0x1}, {0x4}, {0x3, 0x1}, {0x2}, {0x4}, {}, {0x3}, {0x2, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x0, 0x3}, {0x0, 0x1}, {0x5, 0x1}, {}, {0x5}, {0x4, 0x1}, {0x2, 0x1}, {0x2}, {0x2, 0x1}, {0x3}, {0x0, 0x1}, {0x5, 0x1}, {0x5}, {0x7}, {0x0, 0x1}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3}, {0x2}, {0x1, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x3, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x2}, {0x3, 0x1}, {0x5}, {0x5, 0x1}, {0x2, 0x1}, {0x3}, {}, {0x0, 0x1}, {0x3}, {0x2, 0x1}, {0x4}, {0x3}, {0x2, 0x1}, {0x1, 0x1}, {0x1}, {0x2, 0x1}, {0x5}, {0x0, 0x1}, {0x2}, {0x5, 0x1}, {0x3}, {0x0, 0x1}, {0x4, 0x1}, {0x2}, {0x5, 0x1}, {0x3}, {0x5, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x5}, {0x3, 0x1}, {0x1}, {0x1, 0x1}, {}, {0x2}, {}, {0x5, 0x1}, {0x2}, {0x1, 0x1}, {0x4, 0x1}, {0x1}, {0x4}, {0x1, 0x1}, {0x3}, {0x2}, {0x4}, {0x2}, {}, {0x1}, {0x4}, {0x1, 0x1}]}}, @TCA_PEDIT_PARMS_EX={0x0, 0x4, {{{0x5a, 0x81, 0x1, 0x0, 0xfffffff8}, 0x1, 0x8, [{0xf, 0x100, 0xb, 0xffffff7f, 0x9, 0xb}, {0x5, 0x4, 0x101, 0x2, 0x7fffffff, 0x3}, {0x401, 0x2, 0x4, 0x3, 0x5}, {0x800, 0x3ff, 0xd6, 0x360, 0x7, 0x7}, {0x4, 0x8, 0x0, 0x1ff, 0xbb7, 0x5}, {0x2, 0x7ff, 0xffffff80, 0xa, 0xd, 0xab3b}, {0x800, 0x9, 0x8001, 0x6, 0xfff, 0x9ff}]}, [{0x8, 0x1173, 0x7, 0xe461, 0x7fff}, {0x5, 0x1, 0x8, 0xfffffffb, 0x9, 0xfffffff9}, {0x2, 0x3, 0xb, 0x0, 0x0, 0x2}, {0xfffffe01, 0x4, 0x0, 0x6, 0x7, 0x5}, {0x10001, 0x10, 0x80, 0x200, 0xffff, 0x6}, {0x81, 0x6, 0x3, 0x9, 0x2def, 0x7}, {0x8, 0x3, 0x80000001, 0x1, 0x5, 0x7ff}, {0x80, 0x400, 0x95d5, 0x63, 0x6, 0x8001}, {0x7, 0x9, 0x2, 0x925, 0x1, 0x3}, {0x6, 0x4, 0x7, 0xf, 0x4, 0x1}, {0x40, 0x400, 0x5, 0x2, 0x9, 0x1}, {0x821, 0x3, 0x8, 0x6, 0x6, 0x7}, {0x0, 0xff800000, 0x6, 0x9, 0x2, 0x4}, {0x8, 0x7fffffff, 0x7fffffff, 0x5, 0x0, 0x7}, {0xffffea15, 0xffff, 0x1, 0x5, 0x9, 0x6}, {0x7f, 0x0, 0xb89, 0x3427, 0x4, 0x5}, {0x0, 0x6, 0x9, 0x9, 0x10000, 0x4}, {0x8, 0x4, 0x1, 0x9, 0x5, 0x2}, {0x0, 0x2, 0xffff, 0x9, 0x2, 0x7de8}, {0xffff, 0x6, 0x10, 0x2400, 0x9, 0x2}, {0x2ef, 0x5, 0x3, 0xd76b, 0x1, 0x10001}, {0x10001, 0x10, 0x81, 0x8f, 0x7, 0x1ff}, {0x2, 0xffff, 0x0, 0x1, 0x4, 0x10001}, {0x6, 0x99, 0xfffffff8, 0xe00, 0x2, 0x9}, {0x10, 0x0, 0xc, 0x80, 0x9, 0xfe000000}, {0x1, 0x9, 0x3, 0xd, 0x1ff, 0x5}, {0x3, 0x7d9, 0x3, 0x5, 0x3, 0x858d}, {0x0, 0x10, 0x0, 0x2, 0x39}, {0x8, 0x0, 0x0, 0x3, 0xd, 0x2}, {0x2, 0x0, 0x1, 0xe210, 0x2d, 0x4}, {0xc, 0x2, 0x959f, 0x6, 0x1, 0x7}, {0x7fff, 0x9, 0x2, 0x200, 0x8, 0x1}, {0xd, 0xffffd95a, 0x7, 0x7ff, 0x0, 0x1}, {0x7, 0x1, 0xd38, 0x4, 0x0, 0xf}, {0x9b, 0x33e, 0x0, 0x3, 0x5, 0x8}, {0x6, 0x2, 0x4, 0x7, 0x3, 0x8}, {0x3, 0x8, 0x7fff, 0x1, 0x4}, {0x3, 0x1ff, 0x7, 0x9d, 0xffffff81, 0x8858}, {0x9f7b, 0x9, 0x9, 0x1ff, 0x1, 0x2}, {0xef, 0x0, 0x6, 0xfff, 0x9}, {0x6, 0x7fff, 0x6, 0x3, 0x8, 0x9}, {0x2, 0xbad0, 0x4, 0xd, 0x0, 0xf}, {0x3, 0x8, 0xffffffff, 0x4, 0x4}, {0xfffffffc, 0x800, 0xfffffff8, 0x0, 0x2, 0x7}, {0xf, 0xf8a4, 0x2, 0x8, 0x7, 0x9514}, {0xe9, 0x9, 0x1, 0x0, 0x6, 0x800}, {0x4, 0x9, 0x2761, 0x7, 0x1}, {0x5, 0x1, 0x4, 0x3, 0xfffffff9, 0x5}, {0x1, 0x4, 0x101, 0x1, 0xe}, {0xd, 0x60d52f24, 0x7, 0x7fff, 0x81, 0x2d}, {0x8, 0x5b0, 0x80000000, 0x1, 0x8001, 0x9}, {0x3f, 0x7f, 0x8, 0x38000, 0x2, 0x2}, {0x8, 0xffffffff, 0x2, 0xfffffff7, 0x3, 0x3}, {0x5dd, 0x3, 0xf8, 0x4, 0x7, 0x2}, {0x8, 0xfffffff8, 0x2, 0x5, 0x0, 0x7}, {0x4, 0x8001, 0xfffffff8, 0x1ff, 0xcbc, 0x2}, {0xff, 0x961a4438, 0x9, 0xf827, 0xe3, 0x7}, {0x7, 0x5, 0x6, 0x8, 0x8, 0x7}, {0xffffffff, 0x8c5c, 0x4, 0x1, 0x1ff, 0x80000001}, {0xffffffff, 0xfffffffd, 0x400, 0x3, 0x3}, {0x6, 0x200000, 0xa000000, 0x1d0, 0xf, 0x10001}, {0xfffffffb, 0x3, 0x7, 0x0, 0xf2af8b2c, 0xbc8}, {0x7, 0xfffffc40, 0x8, 0x4, 0x9}, {0x5, 0x7, 0xfe, 0x3, 0x8, 0x43}, {0xffffffb9, 0x9, 0x3, 0xecc8, 0x101, 0x8}, {0x8001, 0x9, 0xfffffffd, 0x3dc00000, 0x9b, 0x8}, {0x21, 0x0, 0xccf, 0x2, 0x3, 0x9}, {0x7, 0x0, 0x2, 0x1, 0xffffffff, 0x800}, {0xb5c, 0xbc60, 0x0, 0x7, 0x298a, 0x1}, {0x7, 0xffffffff, 0x5, 0x8, 0xd9, 0x2}, {0x55a, 0x5, 0xffffffff, 0x80, 0x5, 0x2}, {0xfff, 0x3, 0x13f, 0xdf, 0x4, 0x3}, {0x10, 0x4, 0x101, 0xe, 0x6, 0x8}, {0x8, 0x7f, 0x30000000, 0xfffffff9, 0x9165, 0x705}, {0x5e9, 0x0, 0xcf4, 0xd4c5, 0x3, 0x1}, {0x10, 0x5, 0xfff, 0x8, 0x238d, 0x5}, {0x9, 0x3, 0xd, 0x7, 0x9, 0x7}, {0x2c3, 0x0, 0xd0, 0x1ff, 0x800, 0x6}, {0x1, 0x6, 0x0, 0x4, 0xbd9c, 0x81}, {0x7ff, 0x9385, 0x10, 0xa, 0xa, 0xb1}, {0x2, 0x1, 0x9, 0x7fff, 0x0, 0x8}, {0x5, 0x5, 0x9, 0x2, 0xffff8001, 0x1}, {0x9, 0xea6, 0x4, 0xe, 0x3c5d619e, 0x9}, {0x6, 0x7ff, 0x4aecc50a, 0x4, 0x1, 0xb}, {0x0, 0x4, 0x0, 0xe, 0x5, 0x80000001}, {0x401, 0x606, 0xa, 0xfffffffa, 0xffff, 0x9}, {0xefcc, 0xbc, 0x9, 0x53, 0x2, 0x2}, {0x40, 0x3ff, 0x1, 0xe, 0xc0d, 0x7fffffff}, {0x3, 0xf62, 0x197d, 0x3, 0x1ff, 0x8}, {0x3, 0x2, 0xfffffffe, 0x8, 0x5bd, 0x3}, {0x7fff, 0x4, 0xc8c1, 0x1, 0xc, 0xb}, {0xd, 0x2, 0x1, 0x6, 0x8, 0x7}, {0x7, 0x5, 0x4, 0xffffffaa, 0x7, 0x3}, {0x3, 0x7, 0x3, 0x4, 0x6, 0xd}, {0x7, 0x8c, 0xa9, 0x7, 0xca03, 0xad8}, {0x7, 0x0, 0x561, 0xc4c, 0xb, 0xffff}, {0x9, 0x7, 0xb31, 0x400, 0xaa104ac, 0xfffffead}, {0x0, 0xffffffff, 0x2, 0x0, 0xffffb098, 0x9}, {0x7ff, 0x7, 0x0, 0x4, 0x5, 0xe}, {0x80, 0x2, 0x6, 0x1, 0x1, 0x1}, {0x9, 0x4, 0xf9, 0xf2f9, 0x0, 0x8}, {0x5f, 0x5, 0xe2, 0x2, 0x8, 0x8}, {0x7, 0x7, 0x7fffffff, 0xfffffffd, 0x50, 0x57}, {0x7, 0x1, 0x3e, 0x7, 0x6, 0x1}, {0x5, 0x4, 0x4, 0x3, 0x0, 0xf6}, {0x7, 0x4, 0x1, 0x80, 0x2, 0x9}, {0x3, 0x5, 0x0, 0xd4f4, 0x0, 0x8000}, {0xed8, 0x6, 0x3db, 0x936, 0x5, 0x4}, {0x2, 0xa, 0x6, 0x1000, 0x4, 0x9}, {0xb3b1, 0x4, 0xc19e, 0x2, 0x800, 0x5}, {0x7, 0xff, 0x4800, 0x2, 0xe, 0x868f}, {0x1ba7dc62, 0x0, 0x5, 0x177, 0x9, 0x2}, {0x8, 0x3, 0x8001, 0x7fff, 0x6, 0x3ff}, {0x200, 0x3, 0xa1d, 0x9, 0x2, 0x3}, {0xf, 0x2, 0x3, 0xf, 0x28}, {0x10001, 0x5, 0x800, 0x28148490, 0x1, 0xc}, {0x8, 0xb0f, 0xff, 0x3, 0xaa1a, 0x40}, {0x8, 0xe5, 0x180000, 0x5, 0x3aa, 0x5}, {0x8143, 0x4, 0xfffffff7, 0xe, 0xa, 0x3}, {0x4, 0x1, 0x8, 0x789, 0x7, 0x3}, {0x4, 0xff, 0x0, 0xe895, 0x4, 0x80000001}, {0x5, 0x457, 0xffffff01, 0x2, 0x7fff, 0x7}, {0x9, 0x4, 0x81, 0x8, 0x9, 0x3}, {0x0, 0x8, 0x0, 0x5, 0x8, 0x7}, {0x4, 0x748, 0x5, 0x6, 0x8f5, 0x6}, {0x9, 0x400, 0xffffffff, 0x6, 0x6, 0x8}, {0x7, 0x5, 0x5, 0x5, 0x7, 0x4}, {0x5, 0x80000001, 0xfff, 0x101, 0x0, 0x10}], [{}, {0x0, 0x1}, {0x2}, {}, {0x5}, {0x3, 0x1}, {0x2}, {0x3}, {0x2, 0x1}, {0x5}, {0x3, 0x1}, {0x5, 0x1}, {0x5}, {0x5}, {0x0, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x1}, {0x1}, {0x2}, {0x3}, {0x2}, {0x3}, {0x2}, {0x3, 0x1}, {0x3, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x2}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x5}, {0x4, 0x1}, {0x1}, {0x2}, {0x3, 0x1}, {0x3}, {0x2, 0x1}, {0x1, 0x1}, {0x1}, {0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x4}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1}, {0x5}, {0x2}, {0x4}, {0x5}, {0x3, 0x1}, {0x3}, {0x1}, {0x5, 0x1}, {}, {0x1, 0x1}, {0x2, 0x1}, {0x2}, {0x0, 0x1}, {}, {}, {0x0, 0x1}, {}, {0x3}, {0x1}, {0x2}, {0x1}, {0x5}, {0x0, 0x1}, {0x3}, {0x5, 0x1}, {0x3, 0x1}, {}, {0x4, 0x93dfb68f7a2fcd8}, {0x3, 0x1}, {0x3}, {0x5}, {0x3, 0x1}, {0x2, 0x1}, {}, {0x5, 0x1}, {0x1}, {0x5}, {0x1, 0x1}, {}, {}, {0x0, 0x1}, {0x2}, {0x4}, {0x2}, {0x2, 0x1}, {}, {0x2, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x1}, {}, {0x1, 0x1}, {0x2, 0x1}, {0x2}, {}, {0x2}, {0x5}, {0x2}, {0x2, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x3}, {0x3}, {0x2, 0x1}, {0x0, 0x1}, {0x5}, {0x4}]}}, @TCA_PEDIT_KEYS_EX={0x0, 0x5, 0x0, 0x1, [{0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x7}]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_CMD]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}]}, {0x0, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD, @TCA_PEDIT_KEY_EX_CMD={0x0, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_HTYPE={0x0, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_HTYPE]}]}]}, {0x0, 0x6, "13d3220be8778f1a178f74fffec65d399ea198ca8865eae8708f4a0e775a995c20d0c26b53856ae1fc9dd118af2af802acec4866ad550ddb00b4ba5595a8db8fbdef72b28e273f15819bfa4df4d9d9eba3f907cb1f69c747db6d76e68245a38610fee18f15eca637951dee64b60b1b75fc7ae7262c0e38cc9ef7c111285b170e7261a13e4359ae319a43e2dd2eacb3a7803d91759d6ccb1b98ee1910978230e619c33e18385859693f56be28d4eb0e75bb35a88e3c"}, {0x0, 0x7, {0x1, 0x1}}, {0x0, 0x8, {0x3, 0x2}}}}]}]}, 0xffffffffffffffd2}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) pipe(0x0) write$eventfd(0xffffffffffffffff, &(0x7f0000000240), 0xffffff14) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r4 = userfaultfd(0x801) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x2e, 0x0, @void}, 0x10) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) mprotect(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x5) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f0000000580)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000", @ANYBLOB="6197cf2d0ba620d3ee76f009341d3596ea82937abfe40bfedd13e8ff05787ca9ef15fae6ad8d44098c685cc5a1d1e3c93b125e869b3d14f1bec0be6edb7f7d4cfd9c7ffca5f1396a9eb58dfb669c2221698062bc4f3c679b652d"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xfa5e152fa96efa35, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r6 = socket$l2tp6(0xa, 0x2, 0x73) bind$inet6(r6, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1, {}, {0x4}, {0x3}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0x5}) 2m16.787642981s ago: executing program 3 (id=1498): bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$inet6(0xa, 0x800000000000002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b00000"], &(0x7f00000001c0)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, 0x0, &(0x7f0000000240)) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r4, &(0x7f0000000000), 0x0) socket(0x2c, 0x6, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 2m1.489195807s ago: executing program 33 (id=1498): bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$inet6(0xa, 0x800000000000002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b00000"], &(0x7f00000001c0)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, 0x0, &(0x7f0000000240)) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r4, &(0x7f0000000000), 0x0) socket(0x2c, 0x6, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 1m32.971755767s ago: executing program 6 (id=1627): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESOCT], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$pptp(0x18, 0x1, 0x2) socket$inet_udp(0x2, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}, 0xa) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000e9f000/0x4000)=nil, 0x4000, 0xb635773f07ebbeec, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ipvlan1\x00', 0x0}) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) 1m19.443686891s ago: executing program 6 (id=1627): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESOCT], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$pptp(0x18, 0x1, 0x2) socket$inet_udp(0x2, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}, 0xa) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000e9f000/0x4000)=nil, 0x4000, 0xb635773f07ebbeec, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ipvlan1\x00', 0x0}) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) 1m2.193299293s ago: executing program 6 (id=1627): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESOCT], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$pptp(0x18, 0x1, 0x2) socket$inet_udp(0x2, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}, 0xa) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000e9f000/0x4000)=nil, 0x4000, 0xb635773f07ebbeec, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ipvlan1\x00', 0x0}) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) 49.103462417s ago: executing program 2 (id=1760): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000002c00010026bd70f7fbdbdf250400002804001d00"], 0x18}, 0x1, 0x0, 0x0, 0x404000c}, 0x40000) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0x18, 0x30, 0x1, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="040300000d0a01080000000000000000020000010900020073797a3100000000a00203"], 0x304}, 0x1, 0x0, 0x0, 0x20042040}, 0x4004880) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000080)={r5}) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000280)={r5}) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {0x0, 0x3}, {0x0, 0x0, 0xfffffffd}, {0xe, 0x3}, {0x3}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x200, 0x1, 0xc}) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r7 = fanotify_init(0x202, 0x0) fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0) r8 = dup2(r7, r6) read$FUSE(r8, &(0x7f0000005ac0)={0x2020}, 0x2020) (fail_nth: 2) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) 47.246312257s ago: executing program 6 (id=1627): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESOCT], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$pptp(0x18, 0x1, 0x2) socket$inet_udp(0x2, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}, 0xa) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000e9f000/0x4000)=nil, 0x4000, 0xb635773f07ebbeec, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ipvlan1\x00', 0x0}) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) 47.230941406s ago: executing program 2 (id=1762): openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000002c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000180)={0x980000, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0, 0x0}) iopl(0x3) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x200000c, 0x30, r1, 0x4ee7000) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYRES16=r0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES16=r0, @ANYBLOB="00000000010000000000000000000000ce7ffe681c735b5719cfc914234834162f4d55e5827a4fa9d907b30dee5f9af3dc029871384dcbed5f13a5464083101fd2055f2c4271f73e269eef4e7cc3151d"], 0x80}}, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x6}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f00000001c0)={'wg1\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x1, 0x10, 0x0, {0x0, 0x0, 0x0, r5, 0x20001}, [@IFLA_MTU={0x8, 0x4, 0xa}, @IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x40) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='affs\x00', 0x8000, 0x0) timer_create(0x0, 0x0, 0x0) io_setup(0x10000, &(0x7f00000001c0)) 45.693388341s ago: executing program 2 (id=1766): socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_lsm={0x1d, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x2}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x95, 0x0, 0x0, 0x0, 0x9}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1ae}, @ringbuf_query]}, &(0x7f0000000100)='GPL\x00', 0x8, 0xce, &(0x7f0000000140)=""/206, 0x41000, 0xc, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0xb, 0x7f, 0x7f}, 0x10, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000002c0)=[0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000300)=[{0x3, 0x5, 0xc, 0x5}], 0x10, 0x6, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_getattr(r0, &(0x7f0000000000)={0x38}, 0x38, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) r4 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r5 = socket$unix(0x1, 0x5, 0x0) bind$unix(r5, &(0x7f0000000140)=@abs={0x1}, 0x6e) socket$unix(0x1, 0x1, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) bind$unix(r6, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) rmdir(&(0x7f0000000380)='./file0/../file0\x00') open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 44.326948083s ago: executing program 2 (id=1768): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x3) r2 = dup(r1) ioctl$KDGKBLED(r2, 0x4b64, &(0x7f0000000380)) r3 = socket$inet_smc(0x2b, 0x1, 0x0) r4 = accept$inet(r3, &(0x7f0000000240), &(0x7f0000000200)=0xfffffd89) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) r5 = open_tree(r2, &(0x7f0000000640)='\x00', 0x80900) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) fcntl$dupfd(r0, 0x0, r4) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) socket$can_j1939(0x1d, 0x2, 0x7) prlimit64(0x0, 0x5, &(0x7f0000000080)={0x8000000082b2, 0x8b}, 0x0) timer_settime(0x0, 0x1, 0x0, 0x0) flock(0xffffffffffffffff, 0x2) flock(0xffffffffffffffff, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) syz_open_procfs(0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x18}}, 0x0) io_setup(0x30, &(0x7f0000000600)) socket$inet(0x2, 0x1, 0x0) 42.763833254s ago: executing program 2 (id=1773): getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) statx(0xffffffffffffffff, &(0x7f0000008b40)='\x00', 0x3000, 0x200, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{}, 'syz0\x00', 0x52}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0xf0f020}) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f00000000c0)={0x5, 0x2}) syz_open_dev$evdev(&(0x7f0000000080), 0x72, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) 41.979272733s ago: executing program 2 (id=1777): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESOCT], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$pptp(0x18, 0x1, 0x2) socket$inet_udp(0x2, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r4, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}, 0xa) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000e9f000/0x4000)=nil, 0x4000, 0xb635773f07ebbeec, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ipvlan1\x00', 0x0}) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) 40.570911873s ago: executing program 34 (id=1777): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESOCT], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$pptp(0x18, 0x1, 0x2) socket$inet_udp(0x2, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r4, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}, 0xa) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000e9f000/0x4000)=nil, 0x4000, 0xb635773f07ebbeec, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ipvlan1\x00', 0x0}) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) 26.783715038s ago: executing program 6 (id=1627): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESOCT], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$pptp(0x18, 0x1, 0x2) socket$inet_udp(0x2, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}, 0xa) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000e9f000/0x4000)=nil, 0x4000, 0xb635773f07ebbeec, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ipvlan1\x00', 0x0}) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) 12.76357655s ago: executing program 6 (id=1627): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESOCT], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$pptp(0x18, 0x1, 0x2) socket$inet_udp(0x2, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}, 0xa) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000e9f000/0x4000)=nil, 0x4000, 0xb635773f07ebbeec, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ipvlan1\x00', 0x0}) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) 7.567767112s ago: executing program 5 (id=1870): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) fsopen(&(0x7f0000000400)='9p\x00', 0x1) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f00000004c0), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r2, 0x0) ioctl$SNDCTL_FM_4OP_ENABLE(r2, 0x4004510f, &(0x7f00000001c0)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) cachestat(r2, &(0x7f0000000040), &(0x7f0000000080), 0x0) 7.567273946s ago: executing program 0 (id=1871): r0 = socket$can_bcm(0x1d, 0x2, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001a00), 0x0, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) accept(r0, 0x0, 0x0) 6.736831091s ago: executing program 7 (id=1872): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) connect$vsock_stream(r1, &(0x7f0000001640)={0x28, 0x0, 0xffffffff, @local}, 0x10) listen(r1, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f00000014c0), 0x40280, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000002500)=""/4096}, {&(0x7f0000003500)=""/4096}], 0x0, &(0x7f0000000340)=""/21, 0x15}, 0x9}, {{&(0x7f0000000500)=@qipcrtr, 0x7a, &(0x7f0000000d40)=[{&(0x7f00000003c0)=""/114, 0x72}, {&(0x7f0000000680)=""/79, 0x4f}, {&(0x7f0000001500)=""/4086, 0xff6}, {&(0x7f0000000700)=""/125, 0x7d}, {&(0x7f0000000880)=""/241, 0xf1}, {&(0x7f0000000100)=""/55, 0x37}, {&(0x7f0000000e00)=""/194, 0xc2}, {&(0x7f0000000a00)=""/232, 0xe8}, {&(0x7f0000000b00)=""/215, 0xd7}, {&(0x7f0000000c00)=""/95, 0x5f}, {&(0x7f0000000cc0)=""/96, 0x60}], 0xb}, 0x2}], 0x2, 0x1, &(0x7f0000001480)={0x77359400}) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') pselect6(0x40, &(0x7f0000000000)={0x3, 0x203, 0x8000000000000000, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x10000000}, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r5, 0xc008aeba, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r2}, 0x8) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @empty}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000c80)='|', 0x1, 0xbcff, 0x0, 0x0) r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f00000001c0)) ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000040)=0xc) ioctl$SNDCTL_DSP_POST(r6, 0x5008, 0x0) 6.488896393s ago: executing program 0 (id=1873): openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newchain={0x24, 0x64, 0x200, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x8, 0x9}, {0x8, 0x7}, {0xe, 0xfff1}}}, 0x24}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x4000000) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newtaction={0x64, 0x30, 0x9e54f29ff072a93b, 0x0, 0x25dfdbfc, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x2}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect$printer(0x6, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x10, &(0x7f00000001c0)=ANY=[]}) r2 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_buf(r2, 0x107, 0x15, 0x0, &(0x7f0000000080)) epoll_create(0x8) mkdirat(0xffffffffffffff9c, 0x0, 0x0) pipe2$9p(&(0x7f0000000240), 0x0) r3 = dup(r1) r4 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r4, 0x0) write$P9_RLERRORu(r3, &(0x7f0000000200)=ANY=[], 0x53) 6.449672771s ago: executing program 5 (id=1874): r0 = syz_usbip_server_init(0x4) r1 = socket$tipc(0x1e, 0x2, 0x0) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000000)={0x0, 0x7fffffffffffffff, 0x0, [0x8, 0x0, 0x1c, 0xd1], [0x5, 0x6, 0x9ca, 0x2, 0x80000001, 0xb690, 0x5, 0x7, 0x100, 0x4, 0x4, 0x3, 0x800, 0x0, 0x4, 0x0, 0x1000, 0x401, 0xe, 0x0, 0x8, 0x5, 0x5, 0xa2db, 0x9, 0x7, 0x5, 0x800, 0x7, 0x5, 0x2, 0x400, 0x0, 0x3, 0x3, 0xffffffffffffffff, 0x800, 0x6, 0x354649b9, 0x5, 0x8, 0x1, 0x6, 0x2, 0x1, 0x46d, 0x8000000000000000, 0x3, 0x8, 0x7, 0xfff, 0x6, 0x101, 0x2, 0xf4c6, 0x7fffffff, 0x9, 0xffffffff00000000, 0x6, 0x8, 0x4, 0x8, 0x6, 0x1, 0x7, 0xfffffffffffffffa, 0x0, 0x8, 0x1, 0x7fffffffffffffff, 0xd1d5, 0x3, 0x5, 0x7fffffffffffffff, 0x1, 0x6, 0x101, 0x78d, 0x10, 0x8, 0x5, 0xffffffffffffffff, 0x8b, 0x0, 0xaf6, 0xa, 0x10001, 0x9, 0x2, 0xfffffffffffffffe, 0x8000000000000001, 0x4, 0x1, 0x40, 0x5, 0x1, 0x6, 0x10, 0x2e541edf, 0x5, 0x1ff, 0x5e, 0x1ff, 0x5, 0x9, 0x100000001, 0x9, 0x0, 0x5, 0x7ff, 0x4, 0x40, 0x5, 0x8, 0x6, 0x4, 0x2, 0xfffffffffffffff9, 0x9, 0x40, 0x1]}) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000440)={{r1}, {@val={r2}, @max}}) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000640)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x3, 0x0, @void, @value, @void, @value}, 0x50) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000006c0)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000700)={{0x1, 0x1, 0x18, r1, {0x3}}, './file0\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x4, &(0x7f0000000480)=@raw=[@cb_func={0x18, 0x1, 0x4, 0x0, 0x2}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x804}], &(0x7f00000004c0)='GPL\x00', 0x0, 0xa7, &(0x7f0000000500)=""/167, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x4, 0x8, 0x2, 0xe}, 0x10, 0x0, 0x0, 0xa, &(0x7f0000000740)=[r0, 0x1, r3, r4, r5], &(0x7f0000000780)=[{0x4, 0x5, 0x0, 0x7}, {0x3, 0x5, 0x9, 0x3}, {0x3, 0x4, 0x4, 0x6}, {0x0, 0x4, 0x9, 0xb}, {0x2, 0x1, 0xd}, {0x2, 0x4, 0x5}, {0x4, 0x2, 0x8}, {0x5, 0x3, 0x9, 0x8}, {0x2, 0x5, 0xd, 0x4}, {0x2, 0x2, 0x7, 0xb}], 0x10, 0xcee, @void, @value}, 0x94) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r4, 0xe, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000000900)=""/28, 0x1c}, {&(0x7f0000000940)=""/168, 0xa8}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/47, 0x2f}, {&(0x7f0000001a40)=""/54, 0x36}, {&(0x7f0000001a80)=""/147, 0x93}], &(0x7f0000001bc0)=[0xc, 0xec90], 0x6}, 0x20) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r4, 0x18, &(0x7f0000001c40)={0x2, r3, 0x0, {0x8, 0x401}, 0xe9}, 0x1) r6 = getpid() sched_setscheduler(r6, 0x5, &(0x7f0000001c80)=0xfffffff8) setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000001cc0)={@empty, @multicast2, 0x1, "9d5e6643f87ffd51a89ba26e683535f356a9014179d4d580a0f56a5becf7245d", 0x3, 0x3, 0x1, 0x55}, 0x3c) eventfd(0x4) write$UHID_CREATE2(r5, &(0x7f0000001d00)={0xb, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0x35, 0x8b4, 0x178, 0x7, 0x7, 0x0, "57d7b073da86406226109e4e8f7fb76c2987c75e4a63051c659f465078987637761e8fca89e3d2bc2090969761ccdaeb7ba1d47d97"}}, 0x14d) openat$fb0(0xffffffffffffff9c, &(0x7f0000001e80), 0x20200, 0x0) setsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f0000001ec0), 0x4) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000001f00), 0x4) accept$inet(r5, &(0x7f0000001f40)={0x2, 0x0, @remote}, &(0x7f0000001f80)=0x10) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r4, 0x8040942d, &(0x7f0000001fc0)) r8 = openat$incfs(r4, &(0x7f0000002000)='.log\x00', 0x200040, 0x88) setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000002040)={0x1, 0x8, 0xf3, 0xe7, @vifc_lcl_addr=@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) eventfd(0x4) setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f0000002080), 0x4) process_mrelease(r4, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002100)={&(0x7f00000020c0)='cachefiles_ondemand_cread\x00', r5}, 0x18) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r5, 0x6, 0x21, &(0x7f0000002140)="29a08838fbbbed741a280fc9a9af9138", 0x10) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r5, 0x84, 0xf, &(0x7f0000002180)={0x0, @in={{0x2, 0x4e21, @local}}, 0x7f, 0x7, 0x26c, 0x4, 0x3}, &(0x7f0000002240)=0x98) setsockopt$inet_sctp_SCTP_CONTEXT(r5, 0x84, 0x11, &(0x7f0000002280)={r9, 0x304b}, 0x8) 5.196980174s ago: executing program 7 (id=1875): socket$inet6_dccp(0xa, 0x6, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/diskstats\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000440)=""/244, 0xf4}], 0x1, 0x800, 0xfff) 4.740594478s ago: executing program 4 (id=1876): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/17, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x17) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, 0x0, &(0x7f0000000540)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000400)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000001580)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) read(r4, 0x0, 0x0) r5 = syz_open_dev$vivid(&(0x7f0000000180), 0x3, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f00000001c0)={0x3, 0xa07, 0x2}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000940d000000000000000000000000000000009f1dcf"], 0x50) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b000004000000007468f74996836d8c05e05864b00a3cd43889f03bff95194aa5696c99d06e4dad66fcbfa8cf", @ANYRES32=0x0, @ANYBLOB="00e62a2f7b0000c25c65e9988a57c2000000", @ANYRES32=0x0, @ANYRES32], 0x50) setxattr$incfs_metadata(&(0x7f0000000800)='./file0\x00', &(0x7f00000004c0), &(0x7f0000000880)="26cff58056ac", 0x6, 0x1) removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00') r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/oss_mixer\x00', 0x1, 0x0) prlimit64(r0, 0x0, &(0x7f0000000000)={0x6, 0x2}, &(0x7f00000003c0)) write$proc_mixer(r6, &(0x7f00000000c0)=ANY=[@ANYBLOB="524144494f0a434420274d6963204374707475726520537769746368272030303030303030303030303030303030303030300a494741494e0a545245424c45202743442043617074757265205377697463682720303030b0303030103030303030303030303030300a524144494f0a53504541"], 0xd3) syz_io_uring_setup(0x4000592, &(0x7f0000000880)={0x0, 0xa943, 0x200, 0x0, 0x427b}, &(0x7f0000000900), &(0x7f0000000500)) r7 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_ifreq(r7, 0x89a2, &(0x7f0000000280)={'bridge0\x00', @ifru_settings={0x43, 0x0, @sync=0x0}}) 4.71113436s ago: executing program 0 (id=1877): socket(0xa, 0x3, 0x3a) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = openat(0xffffffffffffff9c, 0x0, 0x82400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x3ff) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r4 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=0x0) timer_settime(r5, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r6, 0x0, 0x0) readv(r3, &(0x7f0000000300)=[{&(0x7f0000000080)=""/107, 0x6b}], 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cgroups\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(r1, 0x0, 0x0) r8 = open_tree(0xffffffffffffff9c, 0x0, 0x89901) socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_ethernet(0xe3, &(0x7f0000000540)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0xad, 0x6, 0x0, @local, @local, {[], {{0x0, 0x5e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}, {"e0b7a2131c49e96e49919ea7d3c832a32c3cfdf0403efaee80c63d0bc0d2296870e7aa4b020000001510011964791b945875019a6ce5503ccdff62932af34f29646fc94fb4a79807db7c4aee5ff6e7819a92142989ff2129ac2b1dbf0575e3f99d193cd997f3aae221376c40c1f0d91cbcc9580262897dae6471ecce3ed98d552311b844c1a9f36af6ee0d0943462d3dd527596fb7c679b200"}}}}}}}, 0x0) move_mount(r8, 0x0, r8, 0x0, 0x207) mount$bind(0x0, 0x0, 0x0, 0x3097c98, 0x0) unshare(0x2c020400) socket$nl_route(0x10, 0x3, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYRES8=r4, @ANYRES32=r0, @ANYBLOB="0000000000000000b703000001000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000200), &(0x7f00000003c0)=r9}, 0x20) 4.375857623s ago: executing program 5 (id=1878): socket$kcm(0x2, 0xa, 0x73) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 3.761566935s ago: executing program 4 (id=1879): r0 = socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0x3, 0x0, 0x0, 0x2, 0x10001}, 0x0, 0x100000, 'id0\x00', 'timer0\x00'}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$int_in(r1, 0x5421, &(0x7f0000000300)=0xff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4004854) sched_setscheduler(r2, 0x1, &(0x7f0000000280)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r3, 0x10000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x218, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r6 = dup(r0) r7 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r7, 0x0) write$P9_RLERRORu(r6, &(0x7f0000000200)=ANY=[], 0x53) 3.492547846s ago: executing program 5 (id=1880): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) syz_pidfd_open(r2, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d8) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400000008000000010000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000400000800000000000000004b5eb0cd76d9fab100bcd00a068af94561c06b56fa751d1121faabc570fc119ed623c31308be42e5cf62142dc62f0506f4597129cde90400ba2fe5f04cba3604000000000000000d1fac3efc0306f78db42569a7559aada2d721b7b41a13dc82dd8626860c81a6f73d1d"], 0x50) r3 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$binder(&(0x7f0000bdf000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x2000000) r4 = socket(0x848000000015, 0x805, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4) syz_emit_ethernet(0x6c7, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x691, 0x0, 0x0, @private2, @local, {[], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3ead97c4e16229ce4c08a111a0fc64651c21e9174dd72442a9ae2a42d9433c7b54c8dd4b59203f9a2e227e9b043eb430e606cf98f3428ac8511948dd553bc0728c0626fbda71bd2a1d734d605e27bdb0be93b7b91284689e31fccb70c15f2c39da9011c84d36fe4b4b36ff26e45a34685fc638dbdaa068a3d3d4f5d44b74afc0fc7956e5fcc3fe405ac6d292d1d90f257f18fe14a3192d28ed369956aa2f91f9fee773cf7fb5d90705347eeadc1af86de78a498fa1a20e5b3f481a0595769654d969299506d8ffbc172a7fb9453a8a3787e80b167936863f2cc16c1d03481bd40e1abcf87a292559771572136932bf30e48174012a1d4d5f138f93140af2ceb9c821c7966ea7592d762975b5b33ef141b6b91eb388c91b924945c3231d0f299adb5a36e0c95a17872e7ebf0bc0e33baf5c46f9e2087b77bad0794d519ce7bc8674a70f3545d020454ded22f164185df3b4f952b132947b75333993fd73a6bac5836dd5720e559bcb82a4926734c5c3b1287c5fec219a99f71eb398430001f007306e9232c269c2886357f75d935e8de054341ac36f1df1fc77fbc347d90660f4d5658cfeb9e289f70968a7c0b38ae34c4bfa46b47964e223ac34f472e3231e8c285add5713592c76c062c3477beb55b279846f04f8d6a5ce2743c6a2020f0c5164953b8dca7e57239dc8a7f507bcf77767ab0b4602437171a09c8e80f5a165c4c37eaae386cfcb927dd1a935fa717fa1608792b34bafbc20cf11a678455894ede62788309ab7a7075535847a2b48260a613e521b01d75648263ad78e6176528dbf3e6c4e4d72066e617be5387183a51dd97d2e846c5d173b51e17a4c8d78a49c914cbe44236c52c78de45b44f9d80bc6f77c75135922a84579bce77baa71311889f5b7b90c5124b8298d5e9c81c442d60df00795854d3213a1ac254c8963c109f68b3ff5451c381f6fb56c116f86b71f988d1e9f732280cbf3d4e9791fefc4bdec5dc293fb77b02d5aab6bd8cd179b7e425126b7f78c0d004bc6470ecc2bbc422bd06a6bd8f717009509e6a88b01347b7a62b9dea6f7a7446a371f422499a6e66eeb6a7b0beb4a86a61f875a9bfe0f5d5f0d0e4c85852afaea97d74ebc80d6491a8a1c998c4b5bc34b3edaeba2df902cd5e14e016720e6c3c8b15287b2471c34251e26dc442720cd5d984e30b110b7370f233f865b9ac129fdf49ff02b303d7d4f91039d3bb58a9d64d7a72d8b8eba6b45a000370d4f0e9c0d411768441372e7112e5d4e7d70a9d6b428b8b85ee6209d6f73e7b024740c052166deeb843e4ab78d1d354d75a5827ff0d49d8964e75785f3594c7299c0917b48f3b2efb81a4c3a7d6e0f1cf50efe0360963c2e3ee390ed2a4c39f42e856eced0f2ee7beacd2ecbece493e911ca0460584323ea6d4a0c00864693c979cae38f0c5841bfaeebf609d1075163c120fea0bd0207d2dd07e5e2e0a5afe3efee0ee6bb9a926a8dba7a27a82c5421a5b20bfb5dbdef532a12435fcd899f15603209831711e0dcfaaf2104b2016f087fce44848c70b65a34b9be83df2064391fc5a8d169dc1943d226e57ab5ba06c656273d4efba73a8a61aae19df4d2445f3ce7e649af1b4ffc86106c9092ddd0aafeb45653d181cb32b06a1dd41573495f15c3b8c0019ba72a2eb163dfcbdbb235322ae27d7116af506f295c2424ab9191aa8ce0e4617b212af21983f8d2b19d7fdeec881f6fa448acc7c3e133b6f281583fad4467c05801e69f6ffc1ae2e1f54655534d884c2f8f60303da33ccbe47a293643edb61c7d9fad4e3e54028bc64be8e5b1da53446869b136660b8e96ff96c48641ece275967b27b291c5c240b3399b5b901b699227735f821938bc88ded45bada2b257b1a4bcab7ed6647f2027e5680c87329e9cfdba6bde2f2a9b676be016001702bebbabb2eae3eba01d6f49ab70245a4c5ef0e136b531e1843487b3f69c5b811217d6d2f5e71b47f40c2"}}}}}, 0x0) syz_emit_vhci(&(0x7f00000006c0)=ANY=[@ANYBLOB="040e04001220"], 0x7) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c) 2.782577764s ago: executing program 4 (id=1881): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r2 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+ \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3) write$binfmt_misc(r2, &(0x7f0000000740), 0xff67) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, r2, {0x80}}, './file0\x00'}) (async) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x6}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000005c0)={r4, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xc}}}, 0x2, 0x200, 0x4, 0x1, 0x83, 0x6, 0xea}, 0x9c) (async) sendfile(r1, r2, &(0x7f0000000000), 0xfffb) (async) fcntl$addseals(r2, 0x409, 0x8) (async) ftruncate(r2, 0x0) (async) r5 = openat$cgroup_procs(r3, &(0x7f00000001c0)='cgroup.threads\x00', 0x2, 0x0) lseek(r5, 0x3ff, 0xf8dda40cf7c771fe) (async) ioctl$FITHAW(r2, 0xc0045878) (async) r6 = memfd_secret(0x80000) fcntl$addseals(r6, 0x409, 0x4) (async) r7 = syz_open_dev$usbfs(&(0x7f0000000040), 0xfffffffffffffff8, 0x402000) ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f00000000c0)=@usbdevfs_disconnect={0x2}) 2.515357802s ago: executing program 0 (id=1882): prlimit64(0x0, 0xe, &(0x7f0000000440)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000340)='ext3\x00', 0x280081c, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0xfe, 0x0, 0x7ffffffe}]}) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r5], 0x60}}, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0xe) r7 = fcntl$dupfd(r6, 0x0, r6) read$rfkill(r7, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000000c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r3, 0x40082102, &(0x7f0000000000)=r8) 2.487598384s ago: executing program 5 (id=1883): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004f40)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000400)="f2e0b7531e2063b7a6345c67a555f26bf2ef0fbc7006a89c01a5517e64a10b791358670701b411733c3a0934877d466f0cd8cb7f6a170fc7a990fb07b3e8d4c588345e6b8fdf025851f3aadc6c3abde6ba8a4b5ece8598be1d57bd1e85c8e8660cbc3a", 0x63}], 0x1}}], 0x1, 0x48100) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8582, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x44, 0x6, 0x3a8, 0x2b0, 0x2b0, 0x2b0, 0x138, 0x98, 0x380, 0x380, 0x380, 0x380, 0x380, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x408) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x19, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xf, 0x9, '\x00', 0x5}) ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 2) 2.48326917s ago: executing program 4 (id=1884): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) fsopen(&(0x7f0000000400)='9p\x00', 0x1) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f00000004c0), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r2, 0x0) ioctl$SNDCTL_FM_4OP_ENABLE(r2, 0x4004510f, &(0x7f00000001c0)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) cachestat(r2, &(0x7f0000000040), &(0x7f0000000080), 0x0) 1.46388445s ago: executing program 0 (id=1885): openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x40, 0x1, 0x0) mq_timedreceive(r2, &(0x7f0000000000)=""/83, 0x9b0c4f391059f39b, 0x20000900, &(0x7f0000000100)={0x77359400}) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) 1.425992849s ago: executing program 7 (id=1886): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$sock(r1, &(0x7f0000005080)=[{{&(0x7f0000000a80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, 0x0}}], 0x1, 0x0) r2 = epoll_create1(0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f0000000000)=0xfff) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000001c0)) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0), &(0x7f0000000040)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) 1.280062988s ago: executing program 4 (id=1887): socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_lsm={0x1d, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x8, 0xce, &(0x7f0000000140)=""/206, 0x41000, 0xc, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0xb, 0x7f, 0x7f}, 0x10, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000002c0)=[0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000300)=[{0x3, 0x5, 0xc, 0x5}], 0x10, 0x6, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_getattr(r0, &(0x7f0000000000)={0x38}, 0x38, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) r4 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 1.244249347s ago: executing program 5 (id=1888): r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x0) read(r1, &(0x7f0000000b80)=""/215, 0xd7) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001098b7500090583"], 0x0) socket$rds(0x15, 0x5, 0x0) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f0000000080)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x18) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0xc04c5349, &(0x7f00000006c0)={0x400, 0x2, 0xe}) tkill(r0, 0x28) 1.243771851s ago: executing program 7 (id=1889): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000002240)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) 1.079733043s ago: executing program 7 (id=1890): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001a00), 0x0, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) accept(r0, 0x0, 0x0) 238.773518ms ago: executing program 4 (id=1891): r0 = socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0x3, 0x0, 0x0, 0x2, 0x10001}, 0x0, 0x100000, 'id0\x00', 'timer0\x00'}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$int_in(r1, 0x5421, &(0x7f0000000300)=0xff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4004854) sched_setscheduler(r2, 0x1, &(0x7f0000000280)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r3, 0x10000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x218, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r6 = dup(r0) r7 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r7, 0x0) write$P9_RLERRORu(r6, &(0x7f0000000200)=ANY=[], 0x53) 36.351891ms ago: executing program 0 (id=1892): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) (async) r1 = accept4(r0, 0x0, 0x0, 0x100000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4) (async) sendto$unix(r1, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0) (async) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x7) openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x101802, 0x0) (async) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000180)={0x18, 0x0, {0x2, @multicast, 'veth1_to_batadv\x00'}}, 0x1e) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, 0x0, 0x0) (async) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, 0x0, 0x5, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f0000000080), 0x2, 0x0) read$msr(r5, &(0x7f0000019680)=""/102384, 0x18ff0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) capset(0x0, 0x0) (async) io_uring_setup(0x4ca4, 0x0) (async) socket$inet_icmp(0x2, 0x2, 0x1) r6 = syz_open_dev$amidi(&(0x7f00000000c0), 0x92, 0x42000) r7 = dup2(r6, r3) socket$inet6(0xa, 0x80002, 0x0) (async) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r7, 0x7, &(0x7f0000000200), 0x1) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, 0x0, 0x0, 0x4) (async) ioctl$PPPOEIOCSFWD(r3, 0x4008b100, &(0x7f0000000480)={0x18, 0x0, {0x2, @remote, 'veth1_vlan\x00'}}) ioctl$SIOCAX25DELFWD(r2, 0x89eb, &(0x7f0000000000)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}}) 0s ago: executing program 7 (id=1893): r0 = eventfd2(0x0, 0x0) io_setup(0x81, &(0x7f0000000400)=0x0) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) dup(r2) read$eventfd(r0, &(0x7f0000000000), 0x8) (fail_nth: 2) socket$inet6_tcp(0xa, 0x1, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1fd, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r0}]) kernel console output (not intermixed with test programs): 39815][ T5831] Bluetooth: hci6: command tx timeout [ 554.858439][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.887876][T11848] bridge0: port 4(gretap0) entered blocking state [ 554.905487][T11848] bridge0: port 4(gretap0) entered disabled state [ 554.916032][ T24] usb 3-1: config 0 descriptor?? [ 554.944254][T11848] gretap0: entered allmulticast mode [ 554.959684][T11848] gretap0: entered promiscuous mode [ 554.967112][T11848] bridge0: port 4(gretap0) entered blocking state [ 554.973611][T11848] bridge0: port 4(gretap0) entered forwarding state [ 554.998066][T11850] gretap0: left allmulticast mode [ 555.005223][T11850] gretap0: left promiscuous mode [ 555.017181][T11850] bridge0: port 4(gretap0) entered disabled state [ 555.053063][T11773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 555.103110][T11773] 8021q: adding VLAN 0 to HW filter on device team0 [ 555.115915][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 555.123074][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 555.230697][ T7050] bridge0: port 2(bridge_slave_1) entered blocking state [ 555.237874][ T7050] bridge0: port 2(bridge_slave_1) entered forwarding state [ 555.653220][ T24] kone 0003:1E7D:2CED.001A: unknown main item tag 0x0 [ 556.158434][ T24] kone 0003:1E7D:2CED.001A: unknown main item tag 0x0 [ 556.180338][ T24] kone 0003:1E7D:2CED.001A: unknown main item tag 0x0 [ 556.246334][ T24] kone 0003:1E7D:2CED.001A: unknown main item tag 0x0 [ 556.304559][ T24] kone 0003:1E7D:2CED.001A: unknown main item tag 0x0 [ 556.384801][ T24] kone 0003:1E7D:2CED.001A: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.2-1/input0 [ 556.442728][ T24] usb 3-1: USB disconnect, device number 40 [ 556.559346][T11773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 556.728642][T11773] veth0_vlan: entered promiscuous mode [ 556.739565][T11773] veth1_vlan: entered promiscuous mode [ 556.820964][T11773] veth0_macvtap: entered promiscuous mode [ 556.840183][T11773] veth1_macvtap: entered promiscuous mode [ 556.917069][T11887] FAULT_INJECTION: forcing a failure. [ 556.917069][T11887] name failslab, interval 1, probability 0, space 0, times 0 [ 556.930187][T11887] CPU: 0 UID: 0 PID: 11887 Comm: syz.2.1569 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 556.930210][T11887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 556.930221][T11887] Call Trace: [ 556.930227][T11887] [ 556.930234][T11887] dump_stack_lvl+0x16c/0x1f0 [ 556.930262][T11887] should_fail_ex+0x512/0x640 [ 556.930280][T11887] ? fs_reclaim_acquire+0xae/0x150 [ 556.930308][T11887] should_failslab+0xc2/0x120 [ 556.930328][T11887] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 556.930345][T11887] ? preempt_schedule_thunk+0x16/0x30 [ 556.930364][T11887] ? dqget+0x747/0x1180 [ 556.930386][T11887] dqget+0x747/0x1180 [ 556.930408][T11887] ? __pfx_dqget+0x10/0x10 [ 556.930425][T11887] ? map_id_range_down+0x2bc/0x3b0 [ 556.930445][T11887] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 556.930466][T11887] dquot_set_dqblk+0x2b/0x1290 [ 556.930490][T11887] quota_setquota+0x4c1/0x5e0 [ 556.930515][T11887] ? __pfx_quota_setquota+0x10/0x10 [ 556.930545][T11887] ? avc_has_perm+0x11a/0x1c0 [ 556.930575][T11887] ? selinux_quotactl+0x171/0x300 [ 556.930600][T11887] do_quotactl+0xaf6/0x13d0 [ 556.930627][T11887] ? __pfx_do_quotactl+0x10/0x10 [ 556.930656][T11887] ? __pfx___might_resched+0x10/0x10 [ 556.930681][T11887] ? find_held_lock+0x2b/0x80 [ 556.930712][T11887] ? down_read+0x13d/0x480 [ 556.930736][T11887] ? mnt_get_write_access+0x54/0x300 [ 556.930758][T11887] ? __pfx_down_read+0x10/0x10 [ 556.930782][T11887] ? mnt_get_write_access+0x20c/0x300 [ 556.930809][T11887] __x64_sys_quotactl_fd+0x309/0x540 [ 556.930839][T11887] do_syscall_64+0xcd/0x260 [ 556.930866][T11887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.930883][T11887] RIP: 0033:0x7f8fa0d8d169 [ 556.930897][T11887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 556.930914][T11887] RSP: 002b:00007f8fa1b2e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bb [ 556.930930][T11887] RAX: ffffffffffffffda RBX: 00007f8fa0fa6080 RCX: 00007f8fa0d8d169 [ 556.930941][T11887] RDX: 000000000000ee01 RSI: ffffffff80000800 RDI: 0000000000000007 [ 556.930953][T11887] RBP: 00007f8fa1b2e090 R08: 0000000000000000 R09: 0000000000000000 [ 556.930963][T11887] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 556.930974][T11887] R13: 0000000000000000 R14: 00007f8fa0fa6080 R15: 00007fffb8f43a58 [ 556.930998][T11887] [ 556.933341][ T5831] Bluetooth: hci6: command tx timeout [ 557.700133][T11773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 557.710643][T11773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.720704][T11773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 557.731131][T11773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.741201][T11773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 557.751656][T11773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.763874][T11773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 557.783338][T11773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 557.794763][T11773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.805358][T11773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 557.815822][T11773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.826395][T11773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 557.843500][T11773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.033383][T11773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 558.047267][T11773] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.061589][T11773] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.887423][ T30] audit: type=1400 audit(1744602628.299:795): avc: denied { watch } for pid=11889 comm="syz.5.1570" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=1367 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 558.932103][T11773] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.946852][T11773] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.858478][T11919] random: crng reseeded on system resumption [ 560.421043][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 560.429597][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 560.540065][ T6976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 560.548292][ T6976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 560.585264][T11931] FAULT_INJECTION: forcing a failure. [ 560.585264][T11931] name failslab, interval 1, probability 0, space 0, times 0 [ 560.628401][T11931] CPU: 0 UID: 0 PID: 11931 Comm: syz.2.1578 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 560.628433][T11931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 560.628443][T11931] Call Trace: [ 560.628449][T11931] [ 560.628456][T11931] dump_stack_lvl+0x16c/0x1f0 [ 560.628483][T11931] should_fail_ex+0x512/0x640 [ 560.628500][T11931] ? fs_reclaim_acquire+0xae/0x150 [ 560.628526][T11931] ? tomoyo_encode2+0x100/0x3e0 [ 560.628548][T11931] should_failslab+0xc2/0x120 [ 560.628567][T11931] __kmalloc_noprof+0xd2/0x510 [ 560.628591][T11931] tomoyo_encode2+0x100/0x3e0 [ 560.628617][T11931] tomoyo_encode+0x29/0x50 [ 560.628638][T11931] tomoyo_realpath_from_path+0x18f/0x6e0 [ 560.628662][T11931] ? tomoyo_profile+0x47/0x60 [ 560.628679][T11931] tomoyo_path_number_perm+0x245/0x580 [ 560.628697][T11931] ? tomoyo_path_number_perm+0x237/0x580 [ 560.628718][T11931] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 560.628739][T11931] ? find_held_lock+0x2b/0x80 [ 560.628778][T11931] ? find_held_lock+0x2b/0x80 [ 560.628798][T11931] ? hook_file_ioctl_common+0x145/0x410 [ 560.628820][T11931] ? __fget_files+0x20e/0x3c0 [ 560.628840][T11931] security_file_ioctl+0x9b/0x240 [ 560.628865][T11931] __x64_sys_ioctl+0xb7/0x200 [ 560.628889][T11931] do_syscall_64+0xcd/0x260 [ 560.628914][T11931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.628931][T11931] RIP: 0033:0x7f8fa0d8d169 [ 560.628946][T11931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 560.628962][T11931] RSP: 002b:00007f8fa1b2d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 560.628977][T11931] RAX: ffffffffffffffda RBX: 00007f8fa0fa6080 RCX: 00007f8fa0d8d169 [ 560.628987][T11931] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 560.628997][T11931] RBP: 00007f8fa1b2d090 R08: 0000000000000000 R09: 0000000000000000 [ 560.629007][T11931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 560.629016][T11931] R13: 0000000000000000 R14: 00007f8fa0fa6080 R15: 00007fffb8f43a58 [ 560.629039][T11931] [ 560.840839][T11931] ERROR: Out of memory at tomoyo_realpath_from_path. [ 561.289230][ T5918] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 561.420430][ T5918] usb 7-1: device descriptor read/64, error -71 [ 561.839119][ T5918] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 561.979133][ T5918] usb 7-1: device descriptor read/64, error -71 [ 562.119451][ T5918] usb usb7-port1: attempt power cycle [ 562.445301][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.451689][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.579118][ T5918] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 562.603145][ T5918] usb 7-1: device descriptor read/8, error -71 [ 562.849298][ T5918] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 563.362043][T11966] netlink: 'syz.0.1589': attribute type 4 has an invalid length. [ 563.376243][ T5918] usb 7-1: device descriptor read/8, error -71 [ 563.474007][T11972] netlink: 'syz.2.1590': attribute type 4 has an invalid length. [ 563.920719][ T5918] usb usb7-port1: unable to enumerate USB device [ 564.439247][T11988] netlink: 'syz.6.1594': attribute type 4 has an invalid length. [ 566.887832][ T30] audit: type=1400 audit(1744602636.829:796): avc: denied { getopt } for pid=12011 comm="syz.6.1603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 567.382096][T12017] FAULT_INJECTION: forcing a failure. [ 567.382096][T12017] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 567.395224][T12017] CPU: 0 UID: 0 PID: 12017 Comm: syz.0.1595 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 567.395245][T12017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 567.395255][T12017] Call Trace: [ 567.395261][T12017] [ 567.395267][T12017] dump_stack_lvl+0x16c/0x1f0 [ 567.395293][T12017] should_fail_ex+0x512/0x640 [ 567.395314][T12017] strncpy_from_user+0x3b/0x2e0 [ 567.395331][T12017] getname_flags.part.0+0x8b/0x540 [ 567.395355][T12017] getname_flags+0x93/0xf0 [ 567.395378][T12017] do_sys_openat2+0xb8/0x1d0 [ 567.395398][T12017] ? __pfx_do_sys_openat2+0x10/0x10 [ 567.395422][T12017] ? __fget_files+0x20e/0x3c0 [ 567.395443][T12017] __x64_sys_openat+0x174/0x210 [ 567.395464][T12017] ? __pfx___x64_sys_openat+0x10/0x10 [ 567.395484][T12017] ? ksys_write+0x1b9/0x240 [ 567.395508][T12017] do_syscall_64+0xcd/0x260 [ 567.395534][T12017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.395552][T12017] RIP: 0033:0x7f950e78bad0 [ 567.395566][T12017] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 567.395582][T12017] RSP: 002b:00007f950f5a0b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 567.395599][T12017] RAX: ffffffffffffffda RBX: 0000000000022c01 RCX: 00007f950e78bad0 [ 567.395611][T12017] RDX: 0000000000022c01 RSI: 00007f950f5a0c10 RDI: 00000000ffffff9c [ 567.395621][T12017] RBP: 00007f950f5a0c10 R08: 0000000000000000 R09: 002367732f766564 [ 567.395632][T12017] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 567.395643][T12017] R13: 0000000000000000 R14: 00007f950e9a6160 R15: 00007ffc15a54388 [ 567.395666][T12017] [ 567.806382][T12021] netlink: 'syz.5.1604': attribute type 4 has an invalid length. [ 568.050203][ T10] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 568.212040][T12026] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1606'. [ 568.249450][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 568.255302][ T10] usb 7-1: too many configurations: 11, using maximum allowed: 8 [ 568.267893][ T10] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 568.275920][ T10] usb 7-1: can't read configurations, error -61 [ 568.390167][T12028] netlink: 2048 bytes leftover after parsing attributes in process `syz.2.1605'. [ 568.406938][T12029] tmpfs: Unknown parameter 'quïtÁvÌï?a' [ 568.412721][ T10] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 568.569077][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 568.655457][ T10] usb 7-1: too many configurations: 11, using maximum allowed: 8 [ 568.664653][ T10] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 568.672404][ T10] usb 7-1: can't read configurations, error -61 [ 568.680294][ T10] usb usb7-port1: attempt power cycle [ 568.688787][T12038] FAULT_INJECTION: forcing a failure. [ 568.688787][T12038] name failslab, interval 1, probability 0, space 0, times 0 [ 569.359113][T12038] CPU: 0 UID: 0 PID: 12038 Comm: syz.4.1607 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 569.359139][T12038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 569.359149][T12038] Call Trace: [ 569.359155][T12038] [ 569.359162][T12038] dump_stack_lvl+0x16c/0x1f0 [ 569.359188][T12038] should_fail_ex+0x512/0x640 [ 569.359207][T12038] ? __kmalloc_noprof+0xbf/0x510 [ 569.359226][T12038] ? io_cache_alloc_new+0x45/0xf0 [ 569.359246][T12038] should_failslab+0xc2/0x120 [ 569.359265][T12038] __kmalloc_noprof+0xd2/0x510 [ 569.359284][T12038] io_cache_alloc_new+0x45/0xf0 [ 569.359306][T12038] io_rsrc_node_alloc+0x221/0x2b0 [ 569.359324][T12038] io_sqe_buffer_register+0xee/0x1d10 [ 569.359354][T12038] ? __pfx_io_sqe_buffer_register+0x10/0x10 [ 569.359370][T12038] ? trace_kmalloc+0x2b/0xd0 [ 569.359387][T12038] ? __kvmalloc_node_noprof+0x296/0x600 [ 569.359413][T12038] ? iovec_from_user+0xbb/0x140 [ 569.359433][T12038] io_sqe_buffers_register+0x1f3/0x850 [ 569.359458][T12038] ? __pfx_io_sqe_buffers_register+0x10/0x10 [ 569.359482][T12038] ? __pfx___mutex_trylock_common+0x10/0x10 [ 569.359502][T12038] __io_uring_register+0x22cc/0x2390 [ 569.359522][T12038] ? trace_contention_end+0xdd/0x130 [ 569.359537][T12038] ? __pfx___io_uring_register+0x10/0x10 [ 569.359555][T12038] ? __mutex_lock+0x1ca/0xb90 [ 569.359579][T12038] ? __x64_sys_io_uring_register+0x159/0x280 [ 569.359599][T12038] ? __pfx___mutex_lock+0x10/0x10 [ 569.359619][T12038] ? __fget_files+0x20e/0x3c0 [ 569.359629][T12038] ? fput+0x20/0xf0 [ 569.359644][T12038] __x64_sys_io_uring_register+0x169/0x280 [ 569.359659][T12038] do_syscall_64+0xcd/0x260 [ 569.359676][T12038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.359687][T12038] RIP: 0033:0x7f920cd8d169 [ 569.359696][T12038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.359706][T12038] RSP: 002b:00007f920db69038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 569.359717][T12038] RAX: ffffffffffffffda RBX: 00007f920cfa6080 RCX: 00007f920cd8d169 [ 569.359724][T12038] RDX: 00002000000002c0 RSI: 0000000000000000 RDI: 0000000000000005 [ 569.359730][T12038] RBP: 00007f920db69090 R08: 0000000000000000 R09: 0000000000000000 [ 569.359736][T12038] R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000001 [ 569.359742][T12038] R13: 0000000000000000 R14: 00007f920cfa6080 R15: 00007ffd4d5b2438 [ 569.359756][T12038] [ 570.177622][T12046] sctp: [Deprecated]: syz.2.1612 (pid 12046) Use of struct sctp_assoc_value in delayed_ack socket option. [ 570.177622][T12046] Use struct sctp_sack_info instead [ 570.860089][T12046] syz.2.1612: attempt to access beyond end of device [ 570.860089][T12046] loop2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 570.882696][T12046] XFS (loop2): SB validate failed with error -5. [ 571.160487][T12068] netlink: 'syz.0.1616': attribute type 4 has an invalid length. [ 572.345005][T12076] netlink: 'syz.0.1618': attribute type 4 has an invalid length. [ 573.986372][T12090] FAULT_INJECTION: forcing a failure. [ 573.986372][T12090] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 573.999605][T12090] CPU: 0 UID: 0 PID: 12090 Comm: syz.0.1621 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 573.999634][T12090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 573.999644][T12090] Call Trace: [ 573.999650][T12090] [ 573.999656][T12090] dump_stack_lvl+0x16c/0x1f0 [ 573.999684][T12090] should_fail_ex+0x512/0x640 [ 573.999707][T12090] _copy_from_user+0x2e/0xd0 [ 573.999728][T12090] copy_msghdr_from_user+0x98/0x160 [ 573.999750][T12090] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 573.999782][T12090] ___sys_sendmsg+0xfe/0x1d0 [ 573.999804][T12090] ? __pfx____sys_sendmsg+0x10/0x10 [ 573.999823][T12090] ? find_held_lock+0x2b/0x80 [ 573.999874][T12090] __sys_sendmmsg+0x200/0x420 [ 573.999898][T12090] ? __pfx___sys_sendmmsg+0x10/0x10 [ 573.999927][T12090] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 573.999961][T12090] ? fput+0x70/0xf0 [ 573.999981][T12090] ? ksys_write+0x1b9/0x240 [ 573.999996][T12090] ? __pfx_ksys_write+0x10/0x10 [ 574.000016][T12090] __x64_sys_sendmmsg+0x9c/0x100 [ 574.000036][T12090] ? lockdep_hardirqs_on+0x7c/0x110 [ 574.000058][T12090] do_syscall_64+0xcd/0x260 [ 574.000083][T12090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.000100][T12090] RIP: 0033:0x7f950e78d169 [ 574.000114][T12090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 574.000131][T12090] RSP: 002b:00007f950f5a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 574.000147][T12090] RAX: ffffffffffffffda RBX: 00007f950e9a6160 RCX: 00007f950e78d169 [ 574.000158][T12090] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000007 [ 574.000169][T12090] RBP: 00007f950f5a1090 R08: 0000000000000000 R09: 0000000000000000 [ 574.000179][T12090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 574.000190][T12090] R13: 0000000000000000 R14: 00007f950e9a6160 R15: 00007ffc15a54388 [ 574.000213][T12090] [ 575.257280][T12098] FAULT_INJECTION: forcing a failure. [ 575.257280][T12098] name failslab, interval 1, probability 0, space 0, times 0 [ 575.270004][T12098] CPU: 1 UID: 0 PID: 12098 Comm: syz.2.1625 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 575.270027][T12098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 575.270038][T12098] Call Trace: [ 575.270044][T12098] [ 575.270051][T12098] dump_stack_lvl+0x16c/0x1f0 [ 575.270078][T12098] should_fail_ex+0x512/0x640 [ 575.270096][T12098] ? __kmalloc_noprof+0xbf/0x510 [ 575.270115][T12098] ? iovec_from_user+0x108/0x140 [ 575.270133][T12098] should_failslab+0xc2/0x120 [ 575.270152][T12098] __kmalloc_noprof+0xd2/0x510 [ 575.270169][T12098] ? mark_held_locks+0x49/0x80 [ 575.270188][T12098] iovec_from_user+0x108/0x140 [ 575.270211][T12098] __import_iovec+0x88/0x660 [ 575.270230][T12098] ? __might_fault+0xe3/0x190 [ 575.270246][T12098] ? __might_fault+0x13b/0x190 [ 575.270268][T12098] import_iovec+0x109/0x140 [ 575.270290][T12098] copy_msghdr_from_user+0xf9/0x160 [ 575.270311][T12098] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 575.270343][T12098] ___sys_sendmsg+0xfe/0x1d0 [ 575.270365][T12098] ? __pfx____sys_sendmsg+0x10/0x10 [ 575.270397][T12098] ? find_held_lock+0x2b/0x80 [ 575.270440][T12098] __sys_sendmmsg+0x200/0x420 [ 575.270464][T12098] ? __pfx___sys_sendmmsg+0x10/0x10 [ 575.270508][T12098] ? fput+0x70/0xf0 [ 575.270527][T12098] ? ksys_write+0x1b9/0x240 [ 575.270550][T12098] __x64_sys_sendmmsg+0x9c/0x100 [ 575.270570][T12098] ? lockdep_hardirqs_on+0x7c/0x110 [ 575.270592][T12098] do_syscall_64+0xcd/0x260 [ 575.270618][T12098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.270635][T12098] RIP: 0033:0x7f8fa0d8d169 [ 575.270649][T12098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.270665][T12098] RSP: 002b:00007f8fa1b0d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 575.270681][T12098] RAX: ffffffffffffffda RBX: 00007f8fa0fa6160 RCX: 00007f8fa0d8d169 [ 575.270693][T12098] RDX: 0400000000000172 RSI: 0000200000003cc0 RDI: 0000000000000007 [ 575.270704][T12098] RBP: 00007f8fa1b0d090 R08: 0000000000000000 R09: 0000000000000000 [ 575.270714][T12098] R10: 0000000004001c00 R11: 0000000000000246 R12: 0000000000000001 [ 575.270725][T12098] R13: 0000000000000000 R14: 00007f8fa0fa6160 R15: 00007fffb8f43a58 [ 575.270748][T12098] [ 575.739045][ T5871] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 575.963147][ T5871] usb 1-1: Using ep0 maxpacket: 8 [ 575.973904][ T5871] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 575.986058][ T5871] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 575.997959][ T5871] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 576.009817][ T5871] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 576.029098][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.045164][ T5871] usb 1-1: Product: syz [ 576.054089][ T5871] usb 1-1: Manufacturer: syz [ 576.060623][ T5871] usb 1-1: SerialNumber: syz [ 578.233265][ T5871] usb 1-1: 0:2 : does not exist [ 578.390709][ T5136] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 578.413432][ T5136] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 578.499414][ T5871] usb 1-1: USB disconnect, device number 47 [ 578.557037][T11775] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 578.691125][ T30] audit: type=1804 audit(1744602648.639:797): pid=12119 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1631" name="/newroot/323/file0" dev="tmpfs" ino=1763 res=1 errno=0 [ 578.741864][T11775] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 578.754813][T11775] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 578.791014][T12121] netlink: 'syz.4.1633': attribute type 11 has an invalid length. [ 578.825357][T12124] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1634'. [ 578.835287][T10067] udevd[10067]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 578.836007][ T30] audit: type=1400 audit(1744602648.779:798): avc: denied { audit_control } for pid=12120 comm="syz.4.1633" capability=30 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 579.355605][T12113] lo speed is unknown, defaulting to 1000 [ 579.701627][T12113] chnl_net:caif_netlink_parms(): no params data found [ 579.929348][ T5871] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 580.143094][ T5871] usb 1-1: Using ep0 maxpacket: 16 [ 580.143629][T12138] netlink: 'syz.2.1636': attribute type 4 has an invalid length. [ 580.154581][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 580.183226][ T5871] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 580.201242][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.217683][ T5871] usb 1-1: Product: syz [ 580.222430][ T5871] usb 1-1: Manufacturer: syz [ 580.227117][ T5871] usb 1-1: SerialNumber: syz [ 580.233927][T12113] bridge0: port 1(bridge_slave_0) entered blocking state [ 580.237032][ T5871] usb 1-1: config 0 descriptor?? [ 580.244676][T12113] bridge0: port 1(bridge_slave_0) entered disabled state [ 580.249422][ T5871] hub 1-1:0.0: bad descriptor, ignoring hub [ 580.259512][ T5871] hub 1-1:0.0: probe with driver hub failed with error -5 [ 580.267265][T12113] bridge_slave_0: entered allmulticast mode [ 580.269331][ T5871] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input34 [ 580.303719][T12113] bridge_slave_0: entered promiscuous mode [ 580.324765][T12113] bridge0: port 2(bridge_slave_1) entered blocking state [ 580.331964][T12113] bridge0: port 2(bridge_slave_1) entered disabled state [ 580.348776][T12113] bridge_slave_1: entered allmulticast mode [ 580.414729][T12113] bridge_slave_1: entered promiscuous mode [ 580.534478][T12113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 580.555461][T12113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 580.583318][T12113] team0: Port device team_slave_0 added [ 580.592506][T12113] team0: Port device team_slave_1 added [ 580.840279][T11775] Bluetooth: hci6: command tx timeout [ 580.999772][ C0] bridge0: received packet on vlan2 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 581.069888][T12113] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 581.076901][T12113] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 581.104219][T12113] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 581.116591][T12113] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 581.123736][T12113] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 581.151088][T12113] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 581.247365][T12113] hsr_slave_0: entered promiscuous mode [ 581.254508][T12113] hsr_slave_1: entered promiscuous mode [ 581.262245][T12113] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 581.273637][T12113] Cannot create hsr debugfs directory [ 581.421561][T12113] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.546334][T12113] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.599173][ T5875] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 581.630200][T12113] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 582.035547][T12113] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 582.119896][ T5875] usb 3-1: Using ep0 maxpacket: 32 [ 582.126580][ T5875] usb 3-1: unable to get BOS descriptor set [ 582.133507][ T5875] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 43, changing to 9 [ 582.144772][ T5875] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32 [ 582.156482][ T5875] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 582.166679][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.174823][ T5875] usb 3-1: Product: 㮳æ›î´¤ç„¸ã¹â¨«â¼¾î’½ã·¼è¿ˆç¡‰æƒ²è¨ƒè‚ºå¸‹â ê›ŸäŒê“ˆæ»–ìžä·ä›¡ç­¬â¬ê°¤ïž‹èš™ì‚ꬔæ£ä¤€ç®¹ç©©î‡€è´´î®Ÿî™¦é‘²ìŒ’åŸìª›æ䜄鱬섂ဘꩿ㻠铇ⴑ뛠㮰ଃ椯긊ꠖ㋯땄젣螕莭䛟逧颫舟瘀ូଧ︾﷧饵膄ⱉ샒ã°ë·å«Žæ¾å€‘䬩䳓앃䜃⊃숒ٶ뷥⾧ä€ç™–ᑠ䂤 [ 582.233383][ T5875] usb 3-1: Manufacturer: à ¾ [ 582.242099][ T5875] usb 3-1: SerialNumber: ä´ì²¡ì¢±å±‘엱ਲ਼♾ࣴﶶ㽻仴걑议瀿슼⥣䷪굯訚꾒ë³äµ¨ã—±å¢”⮥⹳å¥íî‡ä§Žç–¹ì‘€ç‘ªá½å‰œî¤©ï©šï‹·ê™Žãª°êŽ‘뭡წ᧶î냇씨὿é™ì‹ ïŒ™êˆì²žá™”쨇괋ኳ쑂䶥î©ä¸ƒàª¦á€…銡蹂┖㻺漷뤬嵛㗸뫅宒ꄅ㸬æ窒ᗃ䞨ì­ë‹ºè‚›î¢¨ë—‘ࠤ茓ᖟ᪦Ń檌䟬ꧺ䬘쓆拻ꦰ킮胤㼼⬌ [ 582.276677][T12113] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 582.329330][T12113] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 582.341718][T12113] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 582.353806][T12113] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 582.475456][T12113] 8021q: adding VLAN 0 to HW filter on device bond0 [ 582.498468][T12113] 8021q: adding VLAN 0 to HW filter on device team0 [ 582.516765][ T5875] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 582.524377][ T5875] cdc_ncm 3-1:1.0: bind() failure [ 582.535062][T11922] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.542199][T11922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 582.552430][ T5875] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 582.552592][T11922] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.559504][ T5875] cdc_ncm 3-1:1.1: bind() failure [ 582.566307][T11922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 582.591186][T12163] lo speed is unknown, defaulting to 1000 [ 582.688297][T12113] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 582.700716][T12113] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 582.719442][ T5918] usb 1-1: USB disconnect, device number 48 [ 582.868647][T12154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 582.923742][T11775] Bluetooth: hci6: command tx timeout [ 582.933823][T12154] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 583.113729][ T5828] usb 3-1: USB disconnect, device number 41 [ 584.971740][T12113] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 585.001873][T11775] Bluetooth: hci6: command tx timeout [ 585.619220][T12207] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 586.015486][T12113] veth0_vlan: entered promiscuous mode [ 586.035181][T12113] veth1_vlan: entered promiscuous mode [ 586.090933][T12113] veth0_macvtap: entered promiscuous mode [ 586.117799][T12113] veth1_macvtap: entered promiscuous mode [ 586.167759][T12113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 586.178264][T12113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.188530][T12113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 586.235260][T12113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.245336][T12113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 586.264463][T12113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.274904][T12113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 586.285721][T12113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.296881][T12113] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 586.318800][T12113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 586.330396][T12113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.344728][T12113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 586.365045][T12113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.378599][T12221] input: syz1 as /devices/virtual/input/input35 [ 586.386119][T12113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 586.417838][T12113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.428239][T12113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 586.440521][T12113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.460276][T12113] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 586.477803][T12113] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 586.487378][T12113] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 586.497161][T12113] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 586.506600][T12113] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.009995][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 587.034641][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 587.049375][ T10] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 587.072292][ T6415] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 587.080615][T11775] Bluetooth: hci6: command tx timeout [ 587.089644][ T6415] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 587.231808][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 587.511731][ T5870] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 587.631089][ T10] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 587.677490][ T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 587.690462][ T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 588.180748][ T10] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 588.200815][ T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 588.209937][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.229013][ T5870] usb 5-1: Using ep0 maxpacket: 16 [ 588.258873][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 588.285631][ T5870] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 588.295020][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.306831][ T5870] usb 5-1: Product: syz [ 588.311095][ T5870] usb 5-1: Manufacturer: syz [ 588.315789][ T5870] usb 5-1: SerialNumber: syz [ 588.353574][ T5870] usb 5-1: config 0 descriptor?? [ 588.366038][ T5870] hub 5-1:0.0: bad descriptor, ignoring hub [ 588.373170][ T5870] hub 5-1:0.0: probe with driver hub failed with error -5 [ 588.388608][T12241] input: syz0 as /devices/virtual/input/input36 [ 588.394797][ T5870] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input37 [ 588.485476][ T10] usb 3-1: GET_CAPABILITIES returned 0 [ 588.563219][ T10] usbtmc 3-1:16.0: can't read capabilities [ 588.736337][ T5875] usb 3-1: USB disconnect, device number 42 [ 589.397950][ T5828] usb 1-1: new full-speed USB device number 49 using dummy_hcd [ 589.748918][ T5828] usb 1-1: config index 0 descriptor too short (expected 539, got 27) [ 589.818921][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 4 [ 589.993430][ T5828] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 590.126250][ T5828] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.234987][ T5828] usb 1-1: Product: syz [ 590.281975][ T5828] usb 1-1: Manufacturer: syz [ 590.301832][ T5828] usb 1-1: SerialNumber: syz [ 590.345317][ T5828] usb 1-1: config 0 descriptor?? [ 590.369844][ T5828] hub 1-1:0.0: bad descriptor, ignoring hub [ 590.375789][ T5828] hub 1-1:0.0: probe with driver hub failed with error -5 [ 590.391044][ T5828] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input38 [ 590.410811][ T5828] usbtouchscreen 1-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -90 [ 590.424236][ T5871] usb 5-1: USB disconnect, device number 35 [ 590.500482][ T5828] usbtouchscreen 1-1:0.0: probe with driver usbtouchscreen failed with error -90 [ 590.564666][T11775] block nbd4: Receive control failed (result -107) [ 590.660590][T12253] syz.4.1668: attempt to access beyond end of device [ 590.660590][T12253] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 590.699350][T12253] syz.4.1668: attempt to access beyond end of device [ 590.699350][T12253] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0 [ 590.724088][T12253] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 590.732844][T12252] nbd4: detected capacity change from 0 to 12 [ 590.739569][T12253] block nbd4: Dead connection, failed to find a fallback [ 590.739613][T12253] block nbd4: shutting down sockets [ 590.739636][T12253] blk_print_req_error: 7 callbacks suppressed [ 590.739648][T12253] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 590.739732][T12253] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=0, location=0 [ 590.784623][T12253] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 590.795367][T12253] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=1, location=1 [ 590.813673][T10067] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 590.823724][T10067] buffer_io_error: 7 callbacks suppressed [ 590.823732][T10067] Buffer I/O error on dev nbd4, logical block 0, async page read [ 590.829268][ T5870] usb 1-1: USB disconnect, device number 49 [ 590.963851][T10067] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 590.972984][T10067] Buffer I/O error on dev nbd4, logical block 1, async page read [ 590.981090][T10067] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 590.984455][T12253] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 590.990139][T10067] Buffer I/O error on dev nbd4, logical block 2, async page read [ 590.990267][T10067] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 591.019028][T10067] Buffer I/O error on dev nbd4, logical block 3, async page read [ 591.034534][T12253] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 591.036641][T10067] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 591.048237][T12253] I/O error, dev nbd4, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 591.053692][ T5831] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 591.074607][T10067] Buffer I/O error on dev nbd4, logical block 0, async page read [ 591.082431][ T5831] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 591.089485][T12253] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=2, location=2 [ 591.090279][T10067] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 591.107679][ T5831] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 591.116494][T10067] Buffer I/O error on dev nbd4, logical block 1, async page read [ 591.124619][T10067] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 591.125392][ T5831] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 591.133684][T10067] Buffer I/O error on dev nbd4, logical block 0, async page read [ 591.133826][T10067] Buffer I/O error on dev nbd4, logical block 1, async page read [ 591.145684][ T5831] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 591.150809][T12253] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=1, location=1 [ 591.162812][T10067] Buffer I/O error on dev nbd4, logical block 0, async page read [ 591.189525][T12253] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=0, location=0 [ 591.196477][T12256] lo speed is unknown, defaulting to 1000 [ 591.198909][T10067] Buffer I/O error on dev nbd4, logical block 1, async page read [ 591.220083][T10067] ldm_validate_partition_table(): Disk read failed. [ 591.226943][T12253] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 591.242197][T10067] Dev nbd4: unable to read RDB block 0 [ 591.249932][T12253] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 591.251744][T10067] nbd4: unable to read partition table [ 591.268565][T10067] nbd4: partition table beyond EOD, truncated [ 591.269403][T12253] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=0, location=0 [ 591.310680][T10067] ldm_validate_partition_table(): Disk read failed. [ 591.315997][T12253] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 591.327679][T12253] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1) [ 591.327852][T10067] Dev nbd4: unable to read RDB block 0 [ 591.365869][T10067] nbd4: unable to read partition table [ 591.375797][T10067] nbd4: partition table beyond EOD, truncated [ 591.450058][T12256] chnl_net:caif_netlink_parms(): no params data found [ 591.856025][T12262] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 591.938792][T12256] bridge0: port 1(bridge_slave_0) entered blocking state [ 591.999206][T12256] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.012115][T12256] bridge_slave_0: entered allmulticast mode [ 592.027909][T12256] bridge_slave_0: entered promiscuous mode [ 592.089158][T12274] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 592.165444][T12256] bridge0: port 2(bridge_slave_1) entered blocking state [ 592.187845][T12256] bridge0: port 2(bridge_slave_1) entered disabled state [ 592.210617][T12256] bridge_slave_1: entered allmulticast mode [ 592.232838][T12256] bridge_slave_1: entered promiscuous mode [ 592.314294][T12282] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 592.771228][T12256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 592.810957][T12256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 593.240267][T11775] Bluetooth: hci6: command tx timeout [ 593.564683][T12256] team0: Port device team_slave_0 added [ 593.594819][T12256] team0: Port device team_slave_1 added [ 593.796174][T12256] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 593.803673][T12256] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 593.848989][T12256] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 593.870798][T12256] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 593.877759][T12256] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 593.918841][T12256] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 593.929266][ T5870] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 594.034108][T12256] hsr_slave_0: entered promiscuous mode [ 594.051631][T12256] hsr_slave_1: entered promiscuous mode [ 594.071147][T12256] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 594.088891][T12256] Cannot create hsr debugfs directory [ 594.090344][ T5870] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 594.138863][ T5870] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 594.155819][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.168133][ T5870] usb 1-1: Product: syz [ 594.187951][ T5870] usb 1-1: Manufacturer: syz [ 594.200141][ T5870] usb 1-1: SerialNumber: syz [ 594.291533][ T5870] usb 1-1: config 0 descriptor?? [ 594.301570][T12309] netlink: 'syz.4.1679': attribute type 10 has an invalid length. [ 594.303022][ T5870] usb 1-1: Found UVC 0.00 device syz (18ec:3288) [ 594.317733][ T5870] usb 1-1: No valid video chain found. [ 595.193547][ T5870] usb 1-1: USB disconnect, device number 50 [ 595.275622][T12256] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.319127][T11775] Bluetooth: hci6: command tx timeout [ 595.469298][T12256] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.548467][T12334] netlink: 'syz.2.1683': attribute type 11 has an invalid length. [ 595.587598][T12256] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.748804][T12256] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 596.079056][T12256] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 596.082495][ T30] audit: type=1400 audit(1744602666.019:799): avc: denied { wake_alarm } for pid=12336 comm="syz.2.1684" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 596.410239][T12256] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 596.688112][T12256] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 596.783726][T12256] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 597.070532][T12357] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 597.231783][T12256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 597.325649][T12256] 8021q: adding VLAN 0 to HW filter on device team0 [ 597.414979][T11775] Bluetooth: hci6: command tx timeout [ 597.461817][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 597.468974][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 597.491142][T11922] bridge0: port 2(bridge_slave_1) entered blocking state [ 597.498248][T11922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 597.635227][T12256] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 597.703682][T12256] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 598.285285][T12380] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 598.649114][ T5870] usb 1-1: new full-speed USB device number 51 using dummy_hcd [ 598.938587][ T5870] usb 1-1: config index 0 descriptor too short (expected 539, got 27) [ 599.064609][ T5870] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 4 [ 599.309879][ T5870] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 599.452061][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 599.489226][T11775] Bluetooth: hci6: command tx timeout [ 599.592851][ T5870] usb 1-1: Product: syz [ 599.597048][ T5870] usb 1-1: Manufacturer: syz [ 599.663859][ T5870] usb 1-1: SerialNumber: syz [ 599.770587][ T5870] usb 1-1: config 0 descriptor?? [ 599.830290][ T5870] hub 1-1:0.0: bad descriptor, ignoring hub [ 599.848599][T12256] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 599.855789][ T5870] hub 1-1:0.0: probe with driver hub failed with error -5 [ 599.900418][ T5870] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input39 [ 599.927251][ T5870] usbtouchscreen 1-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -90 [ 600.341267][ T5870] usbtouchscreen 1-1:0.0: probe with driver usbtouchscreen failed with error -90 [ 600.420091][ T5870] usb 1-1: USB disconnect, device number 51 [ 600.801678][T12256] veth0_vlan: entered promiscuous mode [ 600.812919][T12256] veth1_vlan: entered promiscuous mode [ 600.910355][T12256] veth0_macvtap: entered promiscuous mode [ 600.927671][T12256] veth1_macvtap: entered promiscuous mode [ 600.992136][T12256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 601.011439][T12256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.146948][T11775] Bluetooth: hci5: unexpected event for opcode 0x2012 [ 601.233147][T12256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 601.329075][T12256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.355486][T12256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 601.372451][T12256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.404042][T12256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 601.414680][T12256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.424959][T12256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 601.435510][T12256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.446501][T12256] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 601.483256][T12256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 601.537157][T12256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.559020][T12256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 601.577109][T12256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.920406][T12256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 601.944674][T12256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.969161][T12256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 601.988327][T12256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 602.005039][T12256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 602.031160][T12256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 602.069735][T12256] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 602.126698][T12256] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.159000][T12256] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.169008][T12256] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.202962][T12256] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 603.279009][ T5872] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 603.629289][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 603.637126][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 603.689271][ T5872] usb 3-1: Using ep0 maxpacket: 16 [ 603.697591][ T5872] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 603.737833][ T5872] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 603.767308][ T5872] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.777476][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 603.801678][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 603.809105][ T5872] usb 3-1: Product: syz [ 603.824063][ T5872] usb 3-1: Manufacturer: syz [ 603.838836][ T5872] usb 3-1: SerialNumber: syz [ 604.109907][ T5872] usb 3-1: config 0 descriptor?? [ 604.186909][ T5872] hub 3-1:0.0: bad descriptor, ignoring hub [ 604.221155][ T5872] hub 3-1:0.0: probe with driver hub failed with error -5 [ 604.248900][ T5872] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input40 [ 604.265997][T12477] FAULT_INJECTION: forcing a failure. [ 604.265997][T12477] name failslab, interval 1, probability 0, space 0, times 0 [ 604.294357][T12477] CPU: 0 UID: 0 PID: 12477 Comm: syz.5.1709 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 604.294382][T12477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 604.294393][T12477] Call Trace: [ 604.294399][T12477] [ 604.294406][T12477] dump_stack_lvl+0x16c/0x1f0 [ 604.294433][T12477] should_fail_ex+0x512/0x640 [ 604.294450][T12477] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 604.294471][T12477] should_failslab+0xc2/0x120 [ 604.294490][T12477] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 604.294508][T12477] ? __alloc_skb+0x2b2/0x380 [ 604.294530][T12477] __alloc_skb+0x2b2/0x380 [ 604.294548][T12477] ? __pfx___alloc_skb+0x10/0x10 [ 604.294571][T12477] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 604.294598][T12477] netlink_alloc_large_skb+0x69/0x130 [ 604.294621][T12477] netlink_sendmsg+0x6a1/0xdd0 [ 604.294647][T12477] ? __pfx_netlink_sendmsg+0x10/0x10 [ 604.294678][T12477] ____sys_sendmsg+0xa95/0xc70 [ 604.294703][T12477] ? copy_msghdr_from_user+0x10a/0x160 [ 604.294724][T12477] ? __pfx_____sys_sendmsg+0x10/0x10 [ 604.294759][T12477] ___sys_sendmsg+0x134/0x1d0 [ 604.294780][T12477] ? __pfx____sys_sendmsg+0x10/0x10 [ 604.294827][T12477] __sys_sendmsg+0x16d/0x220 [ 604.294847][T12477] ? __pfx___sys_sendmsg+0x10/0x10 [ 604.294874][T12477] ? rcu_is_watching+0x12/0xc0 [ 604.294902][T12477] do_syscall_64+0xcd/0x260 [ 604.294926][T12477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.294944][T12477] RIP: 0033:0x7f517118d169 [ 604.294959][T12477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 604.294975][T12477] RSP: 002b:00007f5171f51038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 604.294992][T12477] RAX: ffffffffffffffda RBX: 00007f51713a5fa0 RCX: 00007f517118d169 [ 604.295003][T12477] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003 [ 604.295013][T12477] RBP: 00007f5171f51090 R08: 0000000000000000 R09: 0000000000000000 [ 604.295023][T12477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 604.295034][T12477] R13: 0000000000000000 R14: 00007f51713a5fa0 R15: 00007ffef9e79d08 [ 604.295056][T12477] [ 604.670578][T12483] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 605.160690][T11775] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 605.169866][T11775] Bluetooth: hci5: Injecting HCI hardware error event [ 605.178130][T11775] Bluetooth: hci5: hardware error 0x00 [ 607.091794][ T5875] usb 3-1: USB disconnect, device number 43 [ 607.319812][T11775] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 607.410148][ T30] audit: type=1400 audit(1744602677.359:800): avc: denied { watch_mount } for pid=12507 comm="syz.4.1718" path="/365" dev="tmpfs" ino=1979 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 607.439805][T12510] 9pnet_fd: Insufficient options for proto=fd [ 607.480404][T12511] FAULT_INJECTION: forcing a failure. [ 607.480404][T12511] name failslab, interval 1, probability 0, space 0, times 0 [ 607.540097][T12511] CPU: 0 UID: 0 PID: 12511 Comm: syz.5.1716 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 607.540123][T12511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 607.540133][T12511] Call Trace: [ 607.540139][T12511] [ 607.540146][T12511] dump_stack_lvl+0x16c/0x1f0 [ 607.540174][T12511] should_fail_ex+0x512/0x640 [ 607.540192][T12511] ? fs_reclaim_acquire+0xae/0x150 [ 607.540218][T12511] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 607.540241][T12511] should_failslab+0xc2/0x120 [ 607.540259][T12511] __kmalloc_noprof+0xd2/0x510 [ 607.540282][T12511] tomoyo_realpath_from_path+0xc2/0x6e0 [ 607.540309][T12511] ? tomoyo_profile+0x47/0x60 [ 607.540328][T12511] tomoyo_path_number_perm+0x245/0x580 [ 607.540349][T12511] ? tomoyo_path_number_perm+0x237/0x580 [ 607.540371][T12511] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 607.540393][T12511] ? find_held_lock+0x2b/0x80 [ 607.540437][T12511] ? find_held_lock+0x2b/0x80 [ 607.540457][T12511] ? hook_file_ioctl_common+0x145/0x410 [ 607.540487][T12511] ? __fget_files+0x20e/0x3c0 [ 607.540508][T12511] security_file_ioctl+0x9b/0x240 [ 607.540533][T12511] __x64_sys_ioctl+0xb7/0x200 [ 607.540558][T12511] do_syscall_64+0xcd/0x260 [ 607.540584][T12511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.540601][T12511] RIP: 0033:0x7f517118d169 [ 607.540614][T12511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 607.540630][T12511] RSP: 002b:00007f5171f51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 607.540647][T12511] RAX: ffffffffffffffda RBX: 00007f51713a5fa0 RCX: 00007f517118d169 [ 607.540658][T12511] RDX: 0000200000000440 RSI: 000000000000b704 RDI: 0000000000000003 [ 607.540667][T12511] RBP: 00007f5171f51090 R08: 0000000000000000 R09: 0000000000000000 [ 607.540678][T12511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 607.540687][T12511] R13: 0000000000000000 R14: 00007f51713a5fa0 R15: 00007ffef9e79d08 [ 607.540711][T12511] [ 607.540719][T12511] ERROR: Out of memory at tomoyo_realpath_from_path. [ 607.705991][ T30] audit: type=1804 audit(1744602677.649:801): pid=12519 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1719" name="/newroot/344/file0" dev="tmpfs" ino=1872 res=1 errno=0 [ 607.914279][ T5831] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 607.995991][ T5831] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 608.021109][ T5831] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 608.043885][ T5831] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 608.062340][ T5831] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 608.188863][T12516] lo speed is unknown, defaulting to 1000 [ 609.987317][T12550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1727'. [ 610.015409][T12516] chnl_net:caif_netlink_parms(): no params data found [ 610.081092][T12516] bridge0: port 1(bridge_slave_0) entered blocking state [ 610.088337][T12516] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.095635][T12516] bridge_slave_0: entered allmulticast mode [ 610.102716][T12516] bridge_slave_0: entered promiscuous mode [ 610.111480][T12516] bridge0: port 2(bridge_slave_1) entered blocking state [ 610.114997][ T30] audit: type=1400 audit(1744602680.059:802): avc: denied { accept } for pid=12547 comm="syz.2.1727" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 610.118662][T12516] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.141931][ T30] audit: type=1400 audit(1744602680.059:803): avc: denied { read } for pid=12547 comm="syz.2.1727" laddr=127.0.0.1 lport=41398 faddr=127.0.0.1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 610.150511][T12516] bridge_slave_1: entered allmulticast mode [ 610.180605][T12516] bridge_slave_1: entered promiscuous mode [ 610.199263][T11775] Bluetooth: hci6: command tx timeout [ 610.210924][T12516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 610.225018][T12516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 610.255186][T12516] team0: Port device team_slave_0 added [ 610.267203][T12516] team0: Port device team_slave_1 added [ 610.290111][T12516] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 610.297052][T12516] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 610.323178][T10625] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 610.330959][T12516] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 610.344721][T12516] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 610.351765][T12516] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 610.382773][T12516] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 610.417184][T12516] hsr_slave_0: entered promiscuous mode [ 610.423393][T12516] hsr_slave_1: entered promiscuous mode [ 610.432955][T12516] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 610.441870][T12516] Cannot create hsr debugfs directory [ 610.489198][T10625] usb 5-1: Using ep0 maxpacket: 16 [ 610.500088][T10625] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 610.512255][T10625] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 610.521519][T10625] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 610.529714][T10625] usb 5-1: Product: syz [ 610.533896][T10625] usb 5-1: Manufacturer: syz [ 610.538478][T10625] usb 5-1: SerialNumber: syz [ 610.545759][T10625] usb 5-1: config 0 descriptor?? [ 610.553326][T10625] hub 5-1:0.0: bad descriptor, ignoring hub [ 610.559647][T10625] hub 5-1:0.0: probe with driver hub failed with error -5 [ 610.571572][T10625] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input41 [ 610.611993][T12516] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 610.822014][T12516] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.051561][T12516] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.287973][T11775] Bluetooth: hci6: command tx timeout [ 612.370796][T12516] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.578371][T12581] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 613.146962][T12516] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 613.200365][T12516] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 613.683897][T12516] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 613.712571][T12516] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 613.962056][T12516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 613.971136][T10625] usb 5-1: USB disconnect, device number 36 [ 613.984158][T12516] 8021q: adding VLAN 0 to HW filter on device team0 [ 614.006255][T11922] bridge0: port 1(bridge_slave_0) entered blocking state [ 614.013417][T11922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 614.074376][T11922] bridge0: port 2(bridge_slave_1) entered blocking state [ 614.081547][T11922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 614.372194][T11775] Bluetooth: hci6: command tx timeout [ 614.541706][T12601] could not allocate digest TFM handle sm3-ce [ 614.875471][T12516] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 614.907896][T12617] FAULT_INJECTION: forcing a failure. [ 614.907896][T12617] name failslab, interval 1, probability 0, space 0, times 0 [ 614.946457][T12617] CPU: 0 UID: 0 PID: 12617 Comm: syz.2.1740 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 614.946483][T12617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 614.946493][T12617] Call Trace: [ 614.946500][T12617] [ 614.946507][T12617] dump_stack_lvl+0x16c/0x1f0 [ 614.946534][T12617] should_fail_ex+0x512/0x640 [ 614.946552][T12617] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 614.946574][T12617] should_failslab+0xc2/0x120 [ 614.946593][T12617] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 614.946611][T12617] ? mas_alloc_nodes+0x18b/0x8b0 [ 614.946636][T12617] mas_alloc_nodes+0x18b/0x8b0 [ 614.946662][T12617] mas_node_count_gfp+0x105/0x130 [ 614.946685][T12617] mas_preallocate+0x53e/0xcd0 [ 614.946712][T12617] ? __memcg_slab_post_alloc_hook+0x4d0/0x940 [ 614.946737][T12617] ? __pfx_mas_preallocate+0x10/0x10 [ 614.946770][T12617] ? anon_vma_name+0x75/0x100 [ 614.946795][T12617] __split_vma+0x33b/0x1030 [ 614.946816][T12617] ? __pfx___split_vma+0x10/0x10 [ 614.946844][T12617] vms_gather_munmap_vmas+0x1c2/0x1310 [ 614.946866][T12617] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 614.946885][T12617] ? is_bpf_text_address+0x8a/0x1a0 [ 614.946903][T12617] ? bpf_ksym_find+0x127/0x1c0 [ 614.946926][T12617] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 614.946950][T12617] ? is_bpf_text_address+0x94/0x1a0 [ 614.946969][T12617] ? kernel_text_address+0x8d/0x100 [ 614.946989][T12617] ? __kernel_text_address+0xd/0x40 [ 614.947012][T12617] do_vmi_align_munmap+0x27c/0x7d0 [ 614.947034][T12617] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 614.947084][T12617] do_vmi_munmap+0x208/0x3e0 [ 614.947107][T12617] do_munmap+0xbd/0x100 [ 614.947131][T12617] ? __pfx_do_munmap+0x10/0x10 [ 614.947160][T12617] ? __pfx_down_write_killable+0x10/0x10 [ 614.947193][T12617] __do_sys_mremap+0xfb4/0x15d0 [ 614.947220][T12617] ? __pfx___do_sys_mremap+0x10/0x10 [ 614.947239][T12617] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 614.947266][T12617] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 614.947292][T12617] ? __fget_files+0x20e/0x3c0 [ 614.947328][T12617] do_syscall_64+0xcd/0x260 [ 614.947354][T12617] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.947370][T12617] RIP: 0033:0x7f8fa0d8d169 [ 614.947384][T12617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 614.947401][T12617] RSP: 002b:00007f8fa1b2e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 614.947417][T12617] RAX: ffffffffffffffda RBX: 00007f8fa0fa6080 RCX: 00007f8fa0d8d169 [ 614.947428][T12617] RDX: 0000000000002000 RSI: 0000000000002000 RDI: 0000200000ffe000 [ 614.947439][T12617] RBP: 00007f8fa1b2e090 R08: 00002000007fe000 R09: 0000000000000000 [ 614.947449][T12617] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 614.947459][T12617] R13: 0000000000000001 R14: 00007f8fa0fa6080 R15: 00007fffb8f43a58 [ 614.947483][T12617] [ 615.350147][T12620] netlink: 'syz.4.1742': attribute type 4 has an invalid length. [ 615.836390][T12623] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1743'. [ 616.374921][T12516] veth0_vlan: entered promiscuous mode [ 616.426454][T12516] veth1_vlan: entered promiscuous mode [ 616.439246][T11775] Bluetooth: hci6: command tx timeout [ 616.500440][T12516] veth0_macvtap: entered promiscuous mode [ 616.524693][T12516] veth1_macvtap: entered promiscuous mode [ 616.547217][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 616.559684][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.569750][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 616.580371][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.591291][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 616.659027][ T5828] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 616.692617][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.709084][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 616.721702][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.749025][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 617.261801][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.301646][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 617.334582][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.350503][T12516] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 617.439384][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 617.464685][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 617.483607][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.493736][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 617.523347][ T5828] usb 1-1: New USB device found, idVendor=0461, idProduct=4e72, bcdDevice= 0.00 [ 617.550928][ T5828] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.557438][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 617.659412][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.673757][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 617.684295][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.684317][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 617.684331][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.684346][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 617.684357][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.684372][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 617.684384][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.685377][T12516] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 617.689941][T12516] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.701386][ T5828] usb 1-1: config 0 descriptor?? [ 617.709089][T12516] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.825710][T12516] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.834560][T12516] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.328713][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 618.347629][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 618.406302][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 618.433793][T12634] loop2: detected capacity change from 0 to 7 [ 618.475947][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 618.486782][ T5832] Dev loop2: unable to read RDB block 7 [ 618.495016][ T5832] loop2: unable to read partition table [ 618.525892][ T5832] loop2: partition table beyond EOD, truncated [ 618.539333][ T5828] hid-rmi 0003:0461:4E72.001B: item fetching failed at offset 1/3 [ 618.547676][ T5828] hid-rmi 0003:0461:4E72.001B: parse failed [ 618.554981][T12634] Dev loop2: unable to read RDB block 7 [ 618.575499][ T5828] hid-rmi 0003:0461:4E72.001B: probe with driver hid-rmi failed with error -22 [ 618.579521][T12634] loop2: unable to read partition table [ 618.619350][T12634] loop2: partition table beyond EOD, truncated [ 618.625918][T12634] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 618.812317][ T5873] usb 1-1: USB disconnect, device number 52 [ 618.901374][T12666] netlink: 'syz.2.1753': attribute type 4 has an invalid length. [ 619.469923][T12669] netlink: 'syz.0.1756': attribute type 1 has an invalid length. [ 619.503172][T12669] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1756'. [ 619.663373][ T30] audit: type=1400 audit(1744602689.589:804): avc: denied { map } for pid=12667 comm="syz.0.1756" path="socket:[39834]" dev="sockfs" ino=39834 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 619.919115][ T30] audit: type=1400 audit(1744602689.589:805): avc: denied { read } for pid=12667 comm="syz.0.1756" path="socket:[39834]" dev="sockfs" ino=39834 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 619.960599][T12686] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1760'. [ 622.282041][T12696] wg1: left allmulticast mode [ 622.282667][ T52] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 622.287168][T12696] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 624.120451][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.389599][ T5831] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 624.409303][ T5831] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 624.419709][ T5831] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 624.429128][ T5831] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 624.437778][ T5831] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 624.490438][T12713] lo speed is unknown, defaulting to 1000 [ 624.627266][ T30] audit: type=1400 audit(1744602694.499:806): avc: denied { accept } for pid=12715 comm="syz.2.1768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 624.766943][T12719] random: crng reseeded on system resumption [ 626.481573][T12713] chnl_net:caif_netlink_parms(): no params data found [ 626.519147][T11775] Bluetooth: hci6: command tx timeout [ 626.745325][ T5873] usb 5-1: new full-speed USB device number 37 using dummy_hcd [ 626.969363][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 627.036487][ T5873] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 627.102647][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 627.169789][ T5873] usb 5-1: config 0 descriptor?? [ 627.216184][T12736] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 627.807351][ T52] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 628.011430][T12713] bridge0: port 1(bridge_slave_0) entered blocking state [ 628.024010][T12713] bridge0: port 1(bridge_slave_0) entered disabled state [ 628.054074][T12713] bridge_slave_0: entered allmulticast mode [ 628.099063][T12713] bridge_slave_0: entered promiscuous mode [ 628.166723][T12713] bridge0: port 2(bridge_slave_1) entered blocking state [ 628.175292][ T5873] elan 0003:04F3:0755.001C: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0 [ 628.198574][T12713] bridge0: port 2(bridge_slave_1) entered disabled state [ 628.215622][T12713] bridge_slave_1: entered allmulticast mode [ 628.243718][T12713] bridge_slave_1: entered promiscuous mode [ 628.600023][T11775] Bluetooth: hci6: command tx timeout [ 628.705704][T12764] random: crng reseeded on system resumption [ 628.764427][T12713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 628.817346][T12713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 628.958431][T12713] team0: Port device team_slave_0 added [ 628.975344][T12713] team0: Port device team_slave_1 added [ 629.091240][T12713] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 629.115064][T12713] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 629.148077][T12713] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 629.202698][ T5831] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 629.213529][ T5831] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 629.222801][ T5831] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 629.243354][ T5831] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 629.251573][ T5831] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 629.274914][T12713] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 629.282031][T12713] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 629.309174][T12713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 630.011416][T12713] hsr_slave_0: entered promiscuous mode [ 630.027433][T12713] hsr_slave_1: entered promiscuous mode [ 630.038639][T12713] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 630.046815][T12713] Cannot create hsr debugfs directory [ 630.062622][T12775] lo speed is unknown, defaulting to 1000 [ 630.360798][ T5918] usb 5-1: USB disconnect, device number 37 [ 630.682086][ T5831] Bluetooth: hci6: command tx timeout [ 630.773872][ T5828] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 631.015633][ T5828] usb 1-1: Using ep0 maxpacket: 16 [ 631.059609][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 631.142258][ T5828] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 631.186264][ T5828] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 631.209073][ T5828] usb 1-1: Product: syz [ 631.213266][ T5828] usb 1-1: Manufacturer: syz [ 631.217855][ T5828] usb 1-1: SerialNumber: syz [ 631.230114][ T5828] usb 1-1: config 0 descriptor?? [ 631.237310][ T5828] hub 1-1:0.0: bad descriptor, ignoring hub [ 631.244393][ T5828] hub 1-1:0.0: probe with driver hub failed with error -5 [ 631.266322][ T5828] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input42 [ 631.319710][ T5831] Bluetooth: hci4: command tx timeout [ 631.853144][T12813] random: crng reseeded on system resumption [ 631.962102][T12713] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 632.198275][T12713] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 632.295713][T12713] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 632.406483][ T30] audit: type=1400 audit(1744602702.349:807): avc: denied { shutdown } for pid=12838 comm="syz.5.1792" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 632.430222][T12713] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 632.457481][T12775] chnl_net:caif_netlink_parms(): no params data found [ 632.759092][ T5831] Bluetooth: hci6: command tx timeout [ 632.836790][T12775] bridge0: port 1(bridge_slave_0) entered blocking state [ 632.866425][T12775] bridge0: port 1(bridge_slave_0) entered disabled state [ 632.877309][T12775] bridge_slave_0: entered allmulticast mode [ 632.889087][T12775] bridge_slave_0: entered promiscuous mode [ 632.916685][T12713] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 632.944802][T12775] bridge0: port 2(bridge_slave_1) entered blocking state [ 632.978223][T12775] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.010833][T12775] bridge_slave_1: entered allmulticast mode [ 633.046456][T12775] bridge_slave_1: entered promiscuous mode [ 633.430141][ T5831] Bluetooth: hci4: command tx timeout [ 633.490731][T12459] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 633.539939][T12713] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 633.739300][ T5872] usb 1-1: USB disconnect, device number 53 [ 633.935869][T12873] random: crng reseeded on system resumption [ 634.080379][T12713] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 634.264697][T12713] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 634.527636][T12775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 634.636262][T12775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 634.895443][T12713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 634.967774][T12713] 8021q: adding VLAN 0 to HW filter on device team0 [ 634.983349][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.990528][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 635.025390][T12775] team0: Port device team_slave_0 added [ 635.076783][ T3050] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.083882][ T3050] bridge0: port 2(bridge_slave_1) entered forwarding state [ 635.133014][T12775] team0: Port device team_slave_1 added [ 635.479107][ T5831] Bluetooth: hci4: command tx timeout [ 635.516843][T12775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 635.545218][T12775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 635.614903][T12775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 635.630540][ T5831] Bluetooth: hci3: unexpected event for opcode 0x2012 [ 635.658837][T12775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 635.666044][T12775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 635.692623][T12775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 635.821848][T12775] hsr_slave_0: entered promiscuous mode [ 635.828476][T12775] hsr_slave_1: entered promiscuous mode [ 635.843035][T12775] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 635.853969][T12775] Cannot create hsr debugfs directory [ 636.046595][ T30] audit: type=1400 audit(1744602705.989:808): avc: denied { listen } for pid=12902 comm="syz.4.1798" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 636.144883][ T30] audit: type=1400 audit(1744602705.989:809): avc: denied { accept } for pid=12902 comm="syz.4.1798" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 636.212240][ T30] audit: type=1400 audit(1744602706.039:810): avc: denied { ioctl } for pid=12902 comm="syz.4.1798" path="socket:[41330]" dev="sockfs" ino=41330 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 636.575974][T12918] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 636.642787][T12713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 636.707286][T12775] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 636.769553][T12775] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 636.849942][T12932] random: crng reseeded on system resumption [ 637.118629][T12775] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 637.178987][T12775] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 637.425792][T12775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 637.479738][T12775] 8021q: adding VLAN 0 to HW filter on device team0 [ 637.503470][T12713] veth0_vlan: entered promiscuous mode [ 637.512572][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 637.519700][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 637.535506][T12713] veth1_vlan: entered promiscuous mode [ 637.544839][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 637.552000][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 637.574711][ T5831] Bluetooth: hci4: command tx timeout [ 637.694105][T12713] veth0_macvtap: entered promiscuous mode [ 637.728432][T12713] veth1_macvtap: entered promiscuous mode [ 637.817212][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.864836][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.921452][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.074148][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.084629][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.095312][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.105195][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.118156][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.128593][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.141241][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.151251][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.164138][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.174109][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 638.535019][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.562866][T12713] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 638.601943][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.612658][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.623831][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.635624][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.645774][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.656493][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.658022][T12975] input: syz0 as /devices/virtual/input/input43 [ 638.667749][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.703642][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.729745][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.747945][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.823071][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.850005][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 638.894233][T12713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 638.918307][T12713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 639.000696][T12713] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 639.240530][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 639.240652][ C0] bridge0: received packet on vlan2 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 639.337936][T12713] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.360493][T12713] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.369371][T12713] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.378028][T12713] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.745553][ T5831] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 639.756951][ T5831] Bluetooth: hci3: Injecting HCI hardware error event [ 639.768213][ T5831] Bluetooth: hci3: hardware error 0x00 [ 640.078450][T12775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 640.162973][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 640.219456][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 640.426528][T13008] random: crng reseeded on system resumption [ 640.779475][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 640.799020][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 640.980752][T12775] veth0_vlan: entered promiscuous mode [ 640.994599][T12775] veth1_vlan: entered promiscuous mode [ 641.017183][T12775] veth0_macvtap: entered promiscuous mode [ 641.109482][T12775] veth1_macvtap: entered promiscuous mode [ 641.182066][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.212060][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.223759][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.235699][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.246721][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.265394][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.275555][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.296188][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.319358][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.338383][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.348657][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.376275][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.396212][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.407382][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.417921][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.428798][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.439395][ T5872] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 641.445450][T12775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 641.479927][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.496876][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.507224][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.521354][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.531615][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.542498][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.552715][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.563664][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.573782][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.584471][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.597126][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.611624][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.619030][ T5872] usb 5-1: Using ep0 maxpacket: 16 [ 641.634036][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.646190][ T5872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 641.656271][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.663471][ T5872] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 641.666551][T12775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.678624][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.692249][T12775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.697053][ T5872] usb 5-1: Product: syz [ 641.709927][ T5872] usb 5-1: Manufacturer: syz [ 641.712777][T12775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 641.721661][ T5872] usb 5-1: SerialNumber: syz [ 641.748191][ T5872] usb 5-1: config 0 descriptor?? [ 641.761713][ T5872] hub 5-1:0.0: bad descriptor, ignoring hub [ 641.767663][ T5872] hub 5-1:0.0: probe with driver hub failed with error -5 [ 641.782837][T12775] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.788384][ T5872] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input44 [ 641.793451][T12775] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.812931][T12775] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.822567][T12775] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.948159][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 641.966684][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 642.004968][ T6415] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 642.020382][ T6415] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 642.119239][ T5831] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 643.850028][ T30] audit: type=1400 audit(1744602713.789:811): avc: denied { mount } for pid=13063 comm="syz.5.1823" name="/" dev="hugetlbfs" ino=41893 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 644.362862][ T5875] usb 5-1: USB disconnect, device number 38 [ 645.213276][ T52] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 645.271439][T11775] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 645.289314][T11775] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 645.297581][T11775] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 645.310342][T11775] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 645.317816][T11775] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 645.345252][T13080] FAULT_INJECTION: forcing a failure. [ 645.345252][T13080] name failslab, interval 1, probability 0, space 0, times 0 [ 645.356007][T13076] lo speed is unknown, defaulting to 1000 [ 645.364019][T13080] CPU: 0 UID: 0 PID: 13080 Comm: syz.4.1826 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 645.364041][T13080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 645.364058][T13080] Call Trace: [ 645.364064][T13080] [ 645.364070][T13080] dump_stack_lvl+0x16c/0x1f0 [ 645.364096][T13080] should_fail_ex+0x512/0x640 [ 645.364113][T13080] ? __kmalloc_noprof+0xbf/0x510 [ 645.364132][T13080] ? sock_kmalloc+0x111/0x170 [ 645.364153][T13080] should_failslab+0xc2/0x120 [ 645.364171][T13080] __kmalloc_noprof+0xd2/0x510 [ 645.364186][T13080] ? do_raw_spin_lock+0x12c/0x2b0 [ 645.364211][T13080] sock_kmalloc+0x111/0x170 [ 645.364236][T13080] hash_alloc_result+0xd7/0x150 [ 645.364260][T13080] hash_recvmsg+0x198/0x920 [ 645.364283][T13080] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 645.364307][T13080] sock_recvmsg+0x1f6/0x250 [ 645.364332][T13080] ____sys_recvmsg+0x218/0x6b0 [ 645.364360][T13080] ? __pfx_____sys_recvmsg+0x10/0x10 [ 645.364394][T13080] ? __lock_acquire+0x5ca/0x1ba0 [ 645.364415][T13080] ___sys_recvmsg+0x114/0x1a0 [ 645.364436][T13080] ? __pfx____sys_recvmsg+0x10/0x10 [ 645.364458][T13080] ? find_held_lock+0x2b/0x80 [ 645.364493][T13080] do_recvmmsg+0x2fe/0x740 [ 645.364517][T13080] ? __pfx_do_recvmmsg+0x10/0x10 [ 645.364538][T13080] ? __pfx_bpf_strtol+0x10/0x10 [ 645.364559][T13080] ? lock_acquire+0x179/0x350 [ 645.364585][T13080] ? bpf_trace_run2+0x2a5/0x590 [ 645.364601][T13080] ? __pfx_bpf_trace_run2+0x10/0x10 [ 645.364619][T13080] __x64_sys_recvmmsg+0x22a/0x280 [ 645.364640][T13080] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 645.364659][T13080] ? syscall_trace_enter+0x1cb/0x260 [ 645.364680][T13080] ? rcu_is_watching+0x12/0xc0 [ 645.364704][T13080] do_syscall_64+0xcd/0x260 [ 645.364728][T13080] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 645.364744][T13080] RIP: 0033:0x7f920cd8d169 [ 645.364758][T13080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 645.364774][T13080] RSP: 002b:00007f920db69038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 645.364790][T13080] RAX: ffffffffffffffda RBX: 00007f920cfa6080 RCX: 00007f920cd8d169 [ 645.364800][T13080] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000006 [ 645.364810][T13080] RBP: 00007f920db69090 R08: 0000000000000000 R09: 0000000000000000 [ 645.364820][T13080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 645.364829][T13080] R13: 0000000000000000 R14: 00007f920cfa6080 R15: 00007ffd4d5b2438 [ 645.364852][T13080] [ 645.471116][ T5828] usb 1-1: new full-speed USB device number 54 using dummy_hcd [ 645.781989][T13076] chnl_net:caif_netlink_parms(): no params data found [ 645.850478][ T5828] usb 1-1: config index 0 descriptor too short (expected 539, got 27) [ 645.868641][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 4 [ 645.920858][ T5828] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 645.930755][ T5828] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 645.939315][ T5828] usb 1-1: Product: syz [ 645.962011][ T5828] usb 1-1: Manufacturer: syz [ 645.966678][ T5828] usb 1-1: SerialNumber: syz [ 645.976992][T13085] netlink: 'syz.7.1827': attribute type 4 has an invalid length. [ 645.981108][ T5828] usb 1-1: config 0 descriptor?? [ 645.992645][ T5828] hub 1-1:0.0: bad descriptor, ignoring hub [ 645.992964][T13076] bridge0: port 1(bridge_slave_0) entered blocking state [ 645.998579][ T5828] hub 1-1:0.0: probe with driver hub failed with error -5 [ 646.014438][ T5828] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input45 [ 646.022498][ T5828] usbtouchscreen 1-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -90 [ 646.034704][T13076] bridge0: port 1(bridge_slave_0) entered disabled state [ 646.049999][T13076] bridge_slave_0: entered allmulticast mode [ 646.057651][T13076] bridge_slave_0: entered promiscuous mode [ 646.074907][T13076] bridge0: port 2(bridge_slave_1) entered blocking state [ 646.085336][T13076] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.085924][ T5828] usbtouchscreen 1-1:0.0: probe with driver usbtouchscreen failed with error -90 [ 646.092613][T13076] bridge_slave_1: entered allmulticast mode [ 646.120604][T13076] bridge_slave_1: entered promiscuous mode [ 646.222451][T13076] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 646.268789][T13076] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 646.448136][T13094] random: crng reseeded on system resumption [ 646.752967][T13076] team0: Port device team_slave_0 added [ 646.760490][T13076] team0: Port device team_slave_1 added [ 646.837366][ T30] audit: type=1400 audit(1744602716.779:812): avc: denied { unmount } for pid=11441 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 647.046288][T13076] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 647.067808][T13076] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 647.104350][T13076] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 647.120261][T13076] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 647.138588][T13076] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 647.238074][ T5828] usb 1-1: USB disconnect, device number 54 [ 647.257361][T13076] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 647.342645][T13076] hsr_slave_0: entered promiscuous mode [ 647.630506][ T5831] Bluetooth: hci6: command tx timeout [ 647.801551][T13076] hsr_slave_1: entered promiscuous mode [ 647.818535][T13076] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 647.836866][T13076] Cannot create hsr debugfs directory [ 648.380957][T13113] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 648.444445][T13076] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.552115][T13076] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.935063][T13076] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.065602][T13076] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.136472][T13125] netlink: 'syz.4.1838': attribute type 1 has an invalid length. [ 649.168272][T13125] 8021q: adding VLAN 0 to HW filter on device bond3 [ 649.401188][ T30] audit: type=1400 audit(1744602719.339:813): avc: denied { accept } for pid=13124 comm="syz.4.1838" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 649.509851][T13131] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=13131 comm=syz.4.1838 [ 649.527171][T13125] ip6erspan0: entered promiscuous mode [ 649.531958][T13131] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2562 sclass=netlink_route_socket pid=13131 comm=syz.4.1838 [ 649.719209][ T5831] Bluetooth: hci6: command tx timeout [ 649.760700][T13125] bond3: (slave ip6erspan0): making interface the new active one [ 649.799641][T13125] bond3: (slave ip6erspan0): Enslaving as an active interface with an up link [ 649.870781][T13134] random: crng reseeded on system resumption [ 649.972156][T13076] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 650.028425][T13076] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 650.311957][T13076] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 650.341409][T13076] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 650.558401][T13145] FAULT_INJECTION: forcing a failure. [ 650.558401][T13145] name failslab, interval 1, probability 0, space 0, times 0 [ 650.571115][T13145] CPU: 1 UID: 0 PID: 13145 Comm: syz.7.1841 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 650.571137][T13145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 650.571147][T13145] Call Trace: [ 650.571153][T13145] [ 650.571160][T13145] dump_stack_lvl+0x16c/0x1f0 [ 650.571186][T13145] should_fail_ex+0x512/0x640 [ 650.571209][T13145] should_failslab+0xc2/0x120 [ 650.571228][T13145] __kvmalloc_node_noprof+0x135/0x600 [ 650.571246][T13145] ? snd_info_text_entry_write+0x2e0/0x4f0 [ 650.571276][T13145] ? snd_info_text_entry_write+0x2e0/0x4f0 [ 650.571304][T13145] snd_info_text_entry_write+0x2e0/0x4f0 [ 650.571332][T13145] ? __pfx_snd_info_text_entry_write+0x10/0x10 [ 650.571357][T13145] proc_reg_write+0x23d/0x330 [ 650.571380][T13145] vfs_write+0x25c/0x1180 [ 650.571394][T13145] ? __pfx_proc_reg_write+0x10/0x10 [ 650.571418][T13145] ? __pfx___mutex_lock+0x10/0x10 [ 650.571441][T13145] ? __pfx_vfs_write+0x10/0x10 [ 650.571464][T13145] ? __fget_files+0x20e/0x3c0 [ 650.571479][T13145] ? rcu_watching_snap_stopped_since+0xe0/0x110 [ 650.571510][T13145] ksys_write+0x12a/0x240 [ 650.571525][T13145] ? __pfx_ksys_write+0x10/0x10 [ 650.571549][T13145] do_syscall_64+0xcd/0x260 [ 650.571575][T13145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.571592][T13145] RIP: 0033:0x7f6e7858d169 [ 650.571606][T13145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 650.571622][T13145] RSP: 002b:00007f6e793ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 650.571638][T13145] RAX: ffffffffffffffda RBX: 00007f6e787a6160 RCX: 00007f6e7858d169 [ 650.571649][T13145] RDX: 00000000000000d3 RSI: 00002000000000c0 RDI: 000000000000000b [ 650.571659][T13145] RBP: 00007f6e793ac090 R08: 0000000000000000 R09: 0000000000000000 [ 650.571669][T13145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 650.571679][T13145] R13: 0000000000000000 R14: 00007f6e787a6160 R15: 00007ffe7313b188 [ 650.571703][T13145] [ 650.793389][T11922] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 650.831340][T13145] bridge0: port 3(netdevsim0) entered blocking state [ 650.838110][T13145] bridge0: port 3(netdevsim0) entered disabled state [ 650.845042][T13145] netdevsim netdevsim7 netdevsim0: entered allmulticast mode [ 650.853184][T13145] netdevsim netdevsim7 netdevsim0: entered promiscuous mode [ 650.860715][T13145] bridge0: port 3(netdevsim0) entered blocking state [ 650.867392][T13145] bridge0: port 3(netdevsim0) entered forwarding state [ 650.893878][T13147] veth1_macvtap: left promiscuous mode [ 650.905704][T13147] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1842'. [ 650.933374][T13076] 8021q: adding VLAN 0 to HW filter on device bond0 [ 650.966184][T13076] 8021q: adding VLAN 0 to HW filter on device team0 [ 650.976432][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 650.983572][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 650.996615][T12459] bridge0: port 2(bridge_slave_1) entered blocking state [ 651.003781][T12459] bridge0: port 2(bridge_slave_1) entered forwarding state [ 651.313524][T13076] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 651.839227][ T5831] Bluetooth: hci6: command tx timeout [ 652.977658][T13076] veth0_vlan: entered promiscuous mode [ 653.158288][T13076] veth1_vlan: entered promiscuous mode [ 653.228188][T13076] veth0_macvtap: entered promiscuous mode [ 653.237388][T13076] veth1_macvtap: entered promiscuous mode [ 653.251187][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.263553][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.278771][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.292399][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.302682][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.313507][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.326250][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.353748][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.364454][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.376438][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.402672][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.418466][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.432193][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.445594][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.594945][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.701062][T13190] random: crng reseeded on system resumption [ 653.912229][ T5831] Bluetooth: hci6: command tx timeout [ 653.929560][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.939491][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.960947][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.972930][T13076] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 653.991919][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.035645][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.122546][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.156248][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.178526][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.199148][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.209806][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.220597][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.237414][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.250131][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.263162][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.280941][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.296165][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.307093][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.317314][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.344590][T13195] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1853'. [ 654.354203][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.364561][T13076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.375558][T13076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.421949][T13076] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 654.448195][T13076] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 654.465926][T13076] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 654.479056][T13076] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 654.487874][T13076] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 654.595768][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 654.628479][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 654.748699][ T5872] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 654.766717][ T3050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 654.776654][ T3050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 654.929290][ T5872] usb 1-1: Using ep0 maxpacket: 8 [ 654.935741][ T5872] usb 1-1: New USB device found, idVendor=0abf, idProduct=3370, bcdDevice= 3.0e [ 654.944928][ T5872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.955308][ T5872] usb 1-1: config 0 descriptor?? [ 656.554787][ T3050] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 657.251527][T13219] FAULT_INJECTION: forcing a failure. [ 657.251527][T13219] name failslab, interval 1, probability 0, space 0, times 0 [ 657.269280][T13219] CPU: 0 UID: 0 PID: 13219 Comm: syz.4.1859 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 657.269305][T13219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 657.269314][T13219] Call Trace: [ 657.269320][T13219] [ 657.269326][T13219] dump_stack_lvl+0x16c/0x1f0 [ 657.269352][T13219] should_fail_ex+0x512/0x640 [ 657.269375][T13219] ? __kmalloc_noprof+0xbf/0x510 [ 657.269390][T13219] ? sock_kmalloc+0x111/0x170 [ 657.269408][T13219] should_failslab+0xc2/0x120 [ 657.269424][T13219] __kmalloc_noprof+0xd2/0x510 [ 657.269435][T13219] ? do_raw_spin_lock+0x12c/0x2b0 [ 657.269456][T13219] sock_kmalloc+0x111/0x170 [ 657.269476][T13219] hash_alloc_result+0xd7/0x150 [ 657.269496][T13219] hash_recvmsg+0x198/0x920 [ 657.269514][T13219] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 657.269535][T13219] sock_recvmsg+0x1f6/0x250 [ 657.269555][T13219] ____sys_recvmsg+0x218/0x6b0 [ 657.269579][T13219] ? __pfx_____sys_recvmsg+0x10/0x10 [ 657.269606][T13219] ? __lock_acquire+0x5ca/0x1ba0 [ 657.269625][T13219] ___sys_recvmsg+0x114/0x1a0 [ 657.269642][T13219] ? __pfx____sys_recvmsg+0x10/0x10 [ 657.269661][T13219] ? find_held_lock+0x2b/0x80 [ 657.269691][T13219] do_recvmmsg+0x2fe/0x740 [ 657.269711][T13219] ? __pfx_do_recvmmsg+0x10/0x10 [ 657.269732][T13219] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 657.269758][T13219] ? __fget_files+0x20e/0x3c0 [ 657.269777][T13219] __x64_sys_recvmmsg+0x22a/0x280 [ 657.269795][T13219] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 657.269811][T13219] ? rcu_is_watching+0x12/0xc0 [ 657.269833][T13219] do_syscall_64+0xcd/0x260 [ 657.269853][T13219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.269867][T13219] RIP: 0033:0x7f920cd8d169 [ 657.269879][T13219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 657.269892][T13219] RSP: 002b:00007f920db48038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 657.269907][T13219] RAX: ffffffffffffffda RBX: 00007f920cfa6160 RCX: 00007f920cd8d169 [ 657.269915][T13219] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000006 [ 657.269924][T13219] RBP: 00007f920db48090 R08: 0000000000000000 R09: 0000000000000000 [ 657.269932][T13219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 657.269940][T13219] R13: 0000000000000000 R14: 00007f920cfa6160 R15: 00007ffd4d5b2438 [ 657.269958][T13219] [ 657.920034][ T5871] usb 1-1: USB disconnect, device number 55 [ 659.361506][T13239] FAULT_INJECTION: forcing a failure. [ 659.361506][T13239] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 659.374667][T13239] CPU: 1 UID: 0 PID: 13239 Comm: syz.0.1864 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 659.374690][T13239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 659.374700][T13239] Call Trace: [ 659.374707][T13239] [ 659.374713][T13239] dump_stack_lvl+0x16c/0x1f0 [ 659.374741][T13239] should_fail_ex+0x512/0x640 [ 659.374763][T13239] _copy_from_user+0x2e/0xd0 [ 659.374785][T13239] __x64_sys_sendfile64+0x120/0x220 [ 659.374804][T13239] ? ksys_write+0x1b9/0x240 [ 659.374819][T13239] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 659.374847][T13239] do_syscall_64+0xcd/0x260 [ 659.374872][T13239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.374889][T13239] RIP: 0033:0x7f950e78d169 [ 659.374904][T13239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 659.374921][T13239] RSP: 002b:00007f950f5a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 659.374937][T13239] RAX: ffffffffffffffda RBX: 00007f950e9a6160 RCX: 00007f950e78d169 [ 659.374949][T13239] RDX: 0000200000000080 RSI: 0000000000000005 RDI: 0000000000000005 [ 659.374959][T13239] RBP: 00007f950f5a1090 R08: 0000000000000000 R09: 0000000000000000 [ 659.374970][T13239] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000001 [ 659.374980][T13239] R13: 0000000000000000 R14: 00007f950e9a6160 R15: 00007ffc15a54388 [ 659.375009][T13239] [ 660.312282][T11775] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 660.326097][T11775] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 660.337143][T11775] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 660.345213][T11775] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 660.352832][T11775] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 660.436812][T13242] lo speed is unknown, defaulting to 1000 [ 660.515914][T13245] FAULT_INJECTION: forcing a failure. [ 660.515914][T13245] name failslab, interval 1, probability 0, space 0, times 0 [ 660.529001][T13245] CPU: 0 UID: 0 PID: 13245 Comm: syz.5.1867 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 660.529025][T13245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 660.529035][T13245] Call Trace: [ 660.529042][T13245] [ 660.529049][T13245] dump_stack_lvl+0x16c/0x1f0 [ 660.529076][T13245] should_fail_ex+0x512/0x640 [ 660.529094][T13245] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 660.529115][T13245] should_failslab+0xc2/0x120 [ 660.529135][T13245] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 660.529153][T13245] ? __alloc_skb+0x2b2/0x380 [ 660.529177][T13245] __alloc_skb+0x2b2/0x380 [ 660.529196][T13245] ? __pfx___alloc_skb+0x10/0x10 [ 660.529217][T13245] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 660.529243][T13245] netlink_alloc_large_skb+0x69/0x130 [ 660.529267][T13245] netlink_sendmsg+0x6a1/0xdd0 [ 660.529294][T13245] ? __pfx_netlink_sendmsg+0x10/0x10 [ 660.529326][T13245] ____sys_sendmsg+0xa95/0xc70 [ 660.529351][T13245] ? copy_msghdr_from_user+0x10a/0x160 [ 660.529369][T13245] ? __pfx_____sys_sendmsg+0x10/0x10 [ 660.529403][T13245] ___sys_sendmsg+0x134/0x1d0 [ 660.529425][T13245] ? __pfx____sys_sendmsg+0x10/0x10 [ 660.529474][T13245] __sys_sendmsg+0x16d/0x220 [ 660.529494][T13245] ? __pfx___sys_sendmsg+0x10/0x10 [ 660.529521][T13245] ? rcu_is_watching+0x12/0xc0 [ 660.529548][T13245] do_syscall_64+0xcd/0x260 [ 660.529572][T13245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.529589][T13245] RIP: 0033:0x7f517118d169 [ 660.529603][T13245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 660.529618][T13245] RSP: 002b:00007f5171f51038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 660.529635][T13245] RAX: ffffffffffffffda RBX: 00007f51713a5fa0 RCX: 00007f517118d169 [ 660.529646][T13245] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 660.529656][T13245] RBP: 00007f5171f51090 R08: 0000000000000000 R09: 0000000000000000 [ 660.529666][T13245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 660.529677][T13245] R13: 0000000000000000 R14: 00007f51713a5fa0 R15: 00007ffef9e79d08 [ 660.529700][T13245] [ 662.303276][T12459] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 662.537679][T11775] Bluetooth: hci6: command tx timeout [ 663.496103][T13242] chnl_net:caif_netlink_parms(): no params data found [ 663.546792][T13282] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 663.553337][T13282] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 663.590113][T13282] vhci_hcd vhci_hcd.0: Device attached [ 663.617241][T13285] vhci_hcd: connection closed [ 663.618278][T11922] vhci_hcd: stop threads [ 663.655031][T11922] vhci_hcd: release socket [ 663.659711][T11922] vhci_hcd: disconnect device [ 663.850259][T13242] bridge0: port 1(bridge_slave_0) entered blocking state [ 663.859456][T13242] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.866693][T13242] bridge_slave_0: entered allmulticast mode [ 663.914183][T13242] bridge_slave_0: entered promiscuous mode [ 663.929932][T13242] bridge0: port 2(bridge_slave_1) entered blocking state [ 663.942142][T13242] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.949607][T13242] bridge_slave_1: entered allmulticast mode [ 663.958337][T13242] bridge_slave_1: entered promiscuous mode [ 664.132780][T13242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 664.164734][T13242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 664.173936][ T30] audit: type=1400 audit(1744602734.059:814): avc: denied { read } for pid=13295 comm="syz.0.1877" path="socket:[43767]" dev="sockfs" ino=43767 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 664.601588][T11775] Bluetooth: hci6: command tx timeout [ 664.837186][T13242] team0: Port device team_slave_0 added [ 664.882841][T13293] ALSA: mixer_oss: invalid OSS volume 'SPEA' [ 665.001245][T13242] team0: Port device team_slave_1 added [ 665.642541][T13242] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 665.649539][T13242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 665.677846][T13242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 665.714291][T13242] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 665.793576][T13242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 666.010035][T13242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 666.443463][T13318] FAULT_INJECTION: forcing a failure. [ 666.443463][T13318] name failslab, interval 1, probability 0, space 0, times 0 [ 666.456204][T13318] CPU: 0 UID: 0 PID: 13318 Comm: syz.5.1883 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 666.456225][T13318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 666.456236][T13318] Call Trace: [ 666.456242][T13318] [ 666.456249][T13318] dump_stack_lvl+0x16c/0x1f0 [ 666.456275][T13318] should_fail_ex+0x512/0x640 [ 666.456293][T13318] ? fs_reclaim_acquire+0xae/0x150 [ 666.456319][T13318] ? tomoyo_encode2+0x100/0x3e0 [ 666.456341][T13318] should_failslab+0xc2/0x120 [ 666.456360][T13318] __kmalloc_noprof+0xd2/0x510 [ 666.456384][T13318] tomoyo_encode2+0x100/0x3e0 [ 666.456410][T13318] tomoyo_encode+0x29/0x50 [ 666.456432][T13318] tomoyo_realpath_from_path+0x18f/0x6e0 [ 666.456459][T13318] ? tomoyo_profile+0x47/0x60 [ 666.456476][T13318] tomoyo_path_number_perm+0x245/0x580 [ 666.456495][T13318] ? tomoyo_path_number_perm+0x237/0x580 [ 666.456517][T13318] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 666.456539][T13318] ? find_held_lock+0x2b/0x80 [ 666.456584][T13318] ? find_held_lock+0x2b/0x80 [ 666.456604][T13318] ? hook_file_ioctl_common+0x145/0x410 [ 666.456626][T13318] ? __fget_files+0x20e/0x3c0 [ 666.456648][T13318] security_file_ioctl+0x9b/0x240 [ 666.456673][T13318] __x64_sys_ioctl+0xb7/0x200 [ 666.456695][T13318] do_syscall_64+0xcd/0x260 [ 666.456718][T13318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.456733][T13318] RIP: 0033:0x7f517118d169 [ 666.456747][T13318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.456763][T13318] RSP: 002b:00007f5171f51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 666.456780][T13318] RAX: ffffffffffffffda RBX: 00007f51713a5fa0 RCX: 00007f517118d169 [ 666.456791][T13318] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 666.456800][T13318] RBP: 00007f5171f51090 R08: 0000000000000000 R09: 0000000000000000 [ 666.456811][T13318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 666.456820][T13318] R13: 0000000000000000 R14: 00007f51713a5fa0 R15: 00007ffef9e79d08 [ 666.456843][T13318] [ 666.901101][T11775] Bluetooth: hci6: command tx timeout [ 667.009726][T13318] ERROR: Out of memory at tomoyo_realpath_from_path. [ 667.214614][T13242] hsr_slave_0: entered promiscuous mode [ 667.223601][T13242] hsr_slave_1: entered promiscuous mode [ 667.234592][T13242] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 667.248971][T13242] Cannot create hsr debugfs directory [ 667.677012][T13242] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.679796][ T31] INFO: task syz.1.1418:11246 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 668.719986][ T31] Not tainted 6.15.0-rc2-syzkaller #0 [ 668.725937][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 668.776276][ T31] task:syz.1.1418 state:D stack:25688 pid:11246 tgid:11234 ppid:5818 task_flags:0x400140 flags:0x00004004 [ 668.834013][ T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 668.846403][ T31] Call Trace: [ 668.849761][ T31] [ 668.852698][ T31] __schedule+0x116f/0x5de0 [ 668.868962][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 668.873948][ T31] ? __pfx___schedule+0x10/0x10 [ 668.878817][ T31] ? find_held_lock+0x2b/0x80 [ 668.889357][ T31] ? schedule+0x2d7/0x3a0 [ 668.893802][ T31] schedule+0xe7/0x3a0 [ 668.897933][ T31] schedule_timeout+0x257/0x290 [ 668.904442][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 668.918997][T11775] Bluetooth: hci6: command tx timeout [ 668.974249][ T31] ? mark_held_locks+0x49/0x80 [ 669.071983][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 669.111125][T13351] FAULT_INJECTION: forcing a failure. [ 669.111125][T13351] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 669.112597][T13351] [ 669.112605][T13351] ====================================================== [ 669.112611][T13351] WARNING: possible circular locking dependency detected [ 669.112618][T13351] 6.15.0-rc2-syzkaller #0 Not tainted [ 669.112627][T13351] ------------------------------------------------------ [ 669.112632][T13351] syz.7.1893/13351 is trying to acquire lock: [ 669.112641][T13351] ffffffff8e2cea00 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0 [ 669.112683][T13351] [ 669.112683][T13351] but task is already holding lock: [ 669.112688][T13351] ffff8880b8539dd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 669.112724][T13351] [ 669.112724][T13351] which lock already depends on the new lock. [ 669.112724][T13351] [ 669.112729][T13351] [ 669.112729][T13351] the existing dependency chain (in reverse order) is: [ 669.112734][T13351] [ 669.112734][T13351] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 669.112754][T13351] _raw_spin_lock_nested+0x31/0x40 [ 669.112772][T13351] raw_spin_rq_lock_nested+0x29/0x130 [ 669.112791][T13351] task_rq_lock+0xcf/0x490 [ 669.112808][T13351] cgroup_move_task+0x81/0x2a0 [ 669.112829][T13351] css_set_move_task+0x288/0x5f0 [ 669.112851][T13351] cgroup_post_fork+0x201/0x9e0 [ 669.112868][T13351] copy_process+0x5006/0x91a0 [ 669.112890][T13351] kernel_clone+0xfc/0x960 [ 669.112909][T13351] user_mode_thread+0xc7/0x110 [ 669.112930][T13351] rest_init+0x23/0x2b0 [ 669.112942][T13351] start_kernel+0x3e9/0x4d0 [ 669.112964][T13351] x86_64_start_reservations+0x18/0x30 [ 669.112984][T13351] x86_64_start_kernel+0xb0/0xc0 [ 669.113004][T13351] common_startup_64+0x13e/0x148 [ 669.113024][T13351] [ 669.113024][T13351] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 669.113043][T13351] _raw_spin_lock_irqsave+0x3a/0x60 [ 669.113060][T13351] try_to_wake_up+0xb2/0x1680 [ 669.113078][T13351] __wake_up_common+0x132/0x1f0 [ 669.113092][T13351] __wake_up+0x31/0x60 [ 669.113111][T13351] tty_port_default_wakeup+0x2a/0x40 [ 669.113126][T13351] serial8250_tx_chars+0x68e/0x860 [ 669.113140][T13351] serial8250_handle_irq+0x761/0xcb0 [ 669.113156][T13351] serial8250_default_handle_irq+0x9a/0x210 [ 669.113171][T13351] serial8250_interrupt+0x103/0x210 [ 669.113188][T13351] __handle_irq_event_percpu+0x229/0x7d0 [ 669.113206][T13351] handle_irq_event+0xab/0x1e0 [ 669.113229][T13351] handle_edge_irq+0x263/0xd10 [ 669.113245][T13351] __common_interrupt+0xdf/0x250 [ 669.113259][T13351] common_interrupt+0x61/0xe0 [ 669.113275][T13351] asm_common_interrupt+0x26/0x40 [ 669.113289][T13351] _raw_spin_lock_irqsave+0x0/0x60 [ 669.113307][T13351] debug_object_active_state+0x141/0x3f0 [ 669.113327][T13351] rcu_core+0x71f/0x14e0 [ 669.113343][T13351] handle_softirqs+0x216/0x8e0 [ 669.113363][T13351] __irq_exit_rcu+0x109/0x170 [ 669.113382][T13351] irq_exit_rcu+0x9/0x30 [ 669.113401][T13351] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 669.113420][T13351] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 669.113435][T13351] pv_native_safe_halt+0xf/0x20 [ 669.113453][T13351] default_idle+0x13/0x20 [ 669.113475][T13351] default_idle_call+0x6d/0xb0 [ 669.113497][T13351] do_idle+0x391/0x510 [ 669.113515][T13351] cpu_startup_entry+0x4f/0x60 [ 669.113534][T13351] start_secondary+0x21d/0x2b0 [ 669.113549][T13351] common_startup_64+0x13e/0x148 [ 669.113568][T13351] [ 669.113568][T13351] -> #2 (&tty->write_wait){-.-.}-{3:3}: [ 669.113588][T13351] _raw_spin_lock_irqsave+0x3a/0x60 [ 669.113605][T13351] __wake_up+0x1c/0x60 [ 669.113625][T13351] tty_port_default_wakeup+0x2a/0x40 [ 669.113638][T13351] serial8250_tx_chars+0x68e/0x860 [ 669.113652][T13351] serial8250_handle_irq+0x761/0xcb0 [ 669.113667][T13351] serial8250_default_handle_irq+0x9a/0x210 [ 669.113682][T13351] serial8250_interrupt+0x103/0x210 [ 669.113698][T13351] __handle_irq_event_percpu+0x229/0x7d0 [ 669.113716][T13351] handle_irq_event+0xab/0x1e0 [ 669.113733][T13351] handle_edge_irq+0x263/0xd10 [ 669.113749][T13351] __common_interrupt+0xdf/0x250 [ 669.113763][T13351] common_interrupt+0x61/0xe0 [ 669.113776][T13351] asm_common_interrupt+0x26/0x40 [ 669.113791][T13351] _raw_spin_lock_irqsave+0x0/0x60 [ 669.113807][T13351] debug_object_active_state+0x141/0x3f0 [ 669.113827][T13351] rcu_core+0x71f/0x14e0 [ 669.113842][T13351] handle_softirqs+0x216/0x8e0 [ 669.113862][T13351] __irq_exit_rcu+0x109/0x170 [ 669.113881][T13351] irq_exit_rcu+0x9/0x30 [ 669.113899][T13351] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 669.113918][T13351] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 669.113934][T13351] pv_native_safe_halt+0xf/0x20 [ 669.113951][T13351] default_idle+0x13/0x20 [ 669.113972][T13351] default_idle_call+0x6d/0xb0 [ 669.113994][T13351] do_idle+0x391/0x510 [ 669.114011][T13351] cpu_startup_entry+0x4f/0x60 [ 669.114030][T13351] start_secondary+0x21d/0x2b0 [ 669.114044][T13351] common_startup_64+0x13e/0x148 [ 669.114063][T13351] [ 669.114063][T13351] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 669.114082][T13351] _raw_spin_lock_irqsave+0x3a/0x60 [ 669.114098][T13351] serial8250_console_write+0x181/0x1890 [ 669.114115][T13351] console_flush_all+0x801/0xc60 [ 669.114132][T13351] console_unlock+0xd8/0x210 [ 669.114149][T13351] vprintk_emit+0x418/0x6d0 [ 669.114167][T13351] _printk+0xc7/0x100 [ 669.114180][T13351] register_console+0xc2d/0x11b0 [ 669.114199][T13351] univ8250_console_init+0x5f/0x90 [ 669.114224][T13351] console_init+0x14f/0x680 [ 669.114246][T13351] start_kernel+0x29f/0x4d0 [ 669.114265][T13351] x86_64_start_reservations+0x18/0x30 [ 669.114287][T13351] x86_64_start_kernel+0xb0/0xc0 [ 669.114307][T13351] common_startup_64+0x13e/0x148 [ 669.114326][T13351] [ 669.114326][T13351] -> #0 (console_owner){-.-.}-{0:0}: [ 669.114345][T13351] __lock_acquire+0x1173/0x1ba0 [ 669.114359][T13351] lock_acquire+0x179/0x350 [ 669.114372][T13351] console_lock_spinning_enable+0xb0/0xd0 [ 669.114390][T13351] console_flush_all+0x7aa/0xc60 [ 669.114408][T13351] console_unlock+0xd8/0x210 [ 669.114425][T13351] vprintk_emit+0x418/0x6d0 [ 669.114443][T13351] _printk+0xc7/0x100 [ 669.114455][T13351] should_fail_ex+0x4e7/0x640 [ 669.114471][T13351] strncpy_from_user+0x3b/0x2e0 [ 669.114485][T13351] strncpy_from_user_nofault+0x7f/0x180 [ 669.114506][T13351] bpf_probe_read_compat_str+0xf1/0x170 [ 669.114529][T13351] bpf_prog_c1796171ffc7efef+0x3e/0x40 [ 669.114542][T13351] bpf_trace_run4+0x249/0x5a0 [ 669.114556][T13351] __bpf_trace_sched_switch+0x145/0x190 [ 669.114576][T13351] __traceiter_sched_switch+0x6c/0xc0 [ 669.114593][T13351] __schedule+0x1bf3/0x5de0 [ 669.114610][T13351] schedule+0xe7/0x3a0 [ 669.114627][T13351] syscall_exit_to_user_mode+0xf5/0x2a0 [ 669.114647][T13351] do_syscall_64+0xda/0x260 [ 669.114668][T13351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.114683][T13351] [ 669.114683][T13351] other info that might help us debug this: [ 669.114683][T13351] [ 669.114688][T13351] Chain exists of: [ 669.114688][T13351] console_owner --> &p->pi_lock --> &rq->__lock [ 669.114688][T13351] [ 669.114710][T13351] Possible unsafe locking scenario: [ 669.114710][T13351] [ 669.114715][T13351] CPU0 CPU1 [ 669.114719][T13351] ---- ---- [ 669.114724][T13351] lock(&rq->__lock); [ 669.114734][T13351] lock(&p->pi_lock); [ 669.114744][T13351] lock(&rq->__lock); [ 669.114755][T13351] lock(console_owner); [ 669.114765][T13351] [ 669.114765][T13351] *** DEADLOCK *** [ 669.114765][T13351] [ 669.114769][T13351] 4 locks held by syz.7.1893/13351: [ 669.114778][T13351] #0: ffff8880b8539dd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 669.114817][T13351] #1: ffffffff8e3c15c0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1cf/0x5a0 [ 669.114851][T13351] #2: ffffffff8e3aee40 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100 [ 669.114883][T13351] #3: ffffffff8e3aeeb0 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60 [ 669.114921][T13351] [ 669.114921][T13351] stack backtrace: [ 669.114929][T13351] CPU: 1 UID: 0 PID: 13351 Comm: syz.7.1893 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 669.114948][T13351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 669.114958][T13351] Call Trace: [ 669.114964][T13351] [ 669.114970][T13351] dump_stack_lvl+0x116/0x1f0 [ 669.114992][T13351] print_circular_bug+0x275/0x350 [ 669.115016][T13351] check_noncircular+0x14c/0x170 [ 669.115043][T13351] __lock_acquire+0x1173/0x1ba0 [ 669.115062][T13351] lock_acquire+0x179/0x350 [ 669.115076][T13351] ? console_lock_spinning_enable+0x9f/0xd0 [ 669.115096][T13351] ? console_lock_spinning_enable+0x88/0xd0 [ 669.115117][T13351] console_lock_spinning_enable+0xb0/0xd0 [ 669.115136][T13351] ? console_lock_spinning_enable+0x9f/0xd0 [ 669.115154][T13351] console_flush_all+0x7aa/0xc60 [ 669.115175][T13351] ? __pfx_console_flush_all+0x10/0x10 [ 669.115197][T13351] ? is_printk_cpu_sync_owner+0x32/0x40 [ 669.115224][T13351] console_unlock+0xd8/0x210 [ 669.115242][T13351] ? __pfx_console_unlock+0x10/0x10 [ 669.115260][T13351] ? do_raw_spin_unlock+0x150/0x230 [ 669.115280][T13351] ? _printk+0xc7/0x100 [ 669.115294][T13351] ? __down_trylock_console_sem+0xb0/0x140 [ 669.115311][T13351] vprintk_emit+0x418/0x6d0 [ 669.115331][T13351] ? __pfx_vprintk_emit+0x10/0x10 [ 669.115352][T13351] ? lock_acquire+0x179/0x350 [ 669.115367][T13351] _printk+0xc7/0x100 [ 669.115381][T13351] ? __pfx__printk+0x10/0x10 [ 669.115397][T13351] ? ___ratelimit+0x24c/0x570 [ 669.115417][T13351] ? __pfx____ratelimit+0x10/0x10 [ 669.115438][T13351] should_fail_ex+0x4e7/0x640 [ 669.115456][T13351] strncpy_from_user+0x3b/0x2e0 [ 669.115472][T13351] strncpy_from_user_nofault+0x7f/0x180 [ 669.115493][T13351] bpf_probe_read_compat_str+0xf1/0x170 [ 669.115518][T13351] bpf_prog_c1796171ffc7efef+0x3e/0x40 [ 669.115531][T13351] bpf_trace_run4+0x249/0x5a0 [ 669.115545][T13351] ? __pfx_bpf_trace_run4+0x10/0x10 [ 669.115561][T13351] ? sched_clock_cpu+0x6c/0x530 [ 669.115584][T13351] ? lock_acquire+0x179/0x350 [ 669.115600][T13351] __bpf_trace_sched_switch+0x145/0x190 [ 669.115621][T13351] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 669.115645][T13351] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 669.115665][T13351] __traceiter_sched_switch+0x6c/0xc0 [ 669.115684][T13351] __schedule+0x1bf3/0x5de0 [ 669.115702][T13351] ? vfs_read+0x238/0xc70 [ 669.115728][T13351] ? find_held_lock+0x2b/0x80 [ 669.115750][T13351] ? __pfx___schedule+0x10/0x10 [ 669.115770][T13351] ? fput+0x70/0xf0 [ 669.115788][T13351] ? ksys_read+0x1b9/0x240 [ 669.115803][T13351] schedule+0xe7/0x3a0 [ 669.115821][T13351] syscall_exit_to_user_mode+0xf5/0x2a0 [ 669.115843][T13351] do_syscall_64+0xda/0x260 [ 669.115866][T13351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.115882][T13351] RIP: 0033:0x7f6e7858d169 [ 669.115895][T13351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 669.115911][T13351] RSP: 002b:00007f6e793ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 669.115927][T13351] RAX: fffffffffffffe00 RBX: 00007f6e787a5fa0 RCX: 00007f6e7858d169 [ 669.115938][T13351] RDX: 0000000000000008 RSI: 0000200000000000 RDI: 0000000000000003 [ 669.115948][T13351] RBP: 00007f6e793ee090 R08: 0000000000000000 R09: 0000000000000000 [ 669.115958][T13351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 669.115968][T13351] R13: 0000000000000000 R14: 00007f6e787a5fa0 R15: 00007ffe7313b188 [ 669.115984][T13351] [ 670.267363][T13351] CPU: 1 UID: 0 PID: 13351 Comm: syz.7.1893 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 670.267379][T13351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 670.267386][T13351] Call Trace: [ 670.267392][T13351] [ 670.267398][T13351] dump_stack_lvl+0x116/0x1f0 [ 670.267417][T13351] should_fail_ex+0x512/0x640 [ 670.267430][T13351] strncpy_from_user+0x3b/0x2e0 [ 670.267440][T13351] strncpy_from_user_nofault+0x7f/0x180 [ 670.267455][T13351] bpf_probe_read_compat_str+0xf1/0x170 [ 670.267472][T13351] bpf_prog_c1796171ffc7efef+0x3e/0x40 [ 670.267481][T13351] bpf_trace_run4+0x249/0x5a0 [ 670.267491][T13351] ? __pfx_bpf_trace_run4+0x10/0x10 [ 670.267501][T13351] ? sched_clock_cpu+0x6c/0x530 [ 670.267517][T13351] ? lock_acquire+0x179/0x350 [ 670.267527][T13351] __bpf_trace_sched_switch+0x145/0x190 [ 670.267541][T13351] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 670.267556][T13351] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 670.267572][T13351] __traceiter_sched_switch+0x6c/0xc0 [ 670.267585][T13351] __schedule+0x1bf3/0x5de0 [ 670.267598][T13351] ? vfs_read+0x238/0xc70 [ 670.267615][T13351] ? find_held_lock+0x2b/0x80 [ 670.267629][T13351] ? __pfx___schedule+0x10/0x10 [ 670.267642][T13351] ? fput+0x70/0xf0 [ 670.267653][T13351] ? ksys_read+0x1b9/0x240 [ 670.267662][T13351] schedule+0xe7/0x3a0 [ 670.267674][T13351] syscall_exit_to_user_mode+0xf5/0x2a0 [ 670.267688][T13351] do_syscall_64+0xda/0x260 [ 670.267703][T13351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.267714][T13351] RIP: 0033:0x7f6e7858d169 [ 670.267723][T13351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 670.267733][T13351] RSP: 002b:00007f6e793ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 670.267744][T13351] RAX: fffffffffffffe00 RBX: 00007f6e787a5fa0 RCX: 00007f6e7858d169 [ 670.267751][T13351] RDX: 0000000000000008 RSI: 0000200000000000 RDI: 0000000000000003 [ 670.267757][T13351] RBP: 00007f6e793ee090 R08: 0000000000000000 R09: 0000000000000000 [ 670.267763][T13351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 670.267769][T13351] R13: 0000000000000000 R14: 00007f6e787a5fa0 R15: 00007ffe7313b188 [ 670.267778][T13351] [ 670.509869][ T31] __wait_for_common+0x2fc/0x4e0 [ 670.514848][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 670.522510][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 670.527994][ T31] ? ib_cq_pool_cleanup+0x220/0x360 [ 670.533432][ T31] disable_device+0x16f/0x280 [ 670.538107][ T31] ? __pfx_disable_device+0x10/0x10 [ 670.543511][ T31] __ib_unregister_device+0x2b4/0x480 [ 670.548953][ T31] ? __pfx_ib_device_get_by_index+0x10/0x10 [ 670.554985][ T31] ib_unregister_device_and_put+0x5a/0x80 [ 670.560726][ T31] nldev_dellink+0x21f/0x320 [ 670.565340][ T31] ? __pfx_nldev_dellink+0x10/0x10 [ 670.570633][ T31] ? cap_capable+0xb3/0x250 [ 670.575247][ T31] ? bpf_lsm_capable+0x9/0x10 [ 670.580827][ T31] ? security_capable+0x7e/0x260 [ 670.585776][ T31] ? ns_capable+0xd7/0x110 [ 670.590264][ T31] ? __pfx_nldev_dellink+0x10/0x10 [ 670.595386][ T31] rdma_nl_rcv_msg+0x387/0x6e0 [ 670.604485][ T31] ? __pfx_rdma_nl_rcv_msg+0x10/0x10 [ 670.610459][ T31] rdma_nl_rcv_skb.constprop.0.isra.0+0x2e5/0x450 [ 670.616889][ T31] ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10 [ 670.624154][ T31] ? netlink_deliver_tap+0x1ae/0xd30 [ 670.629486][ T31] netlink_unicast+0x53a/0x7f0 [ 670.634247][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 670.639660][ T31] netlink_sendmsg+0x8d1/0xdd0 [ 670.644433][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 670.649766][ T31] ____sys_sendmsg+0xa95/0xc70 [ 670.654524][ T31] ? copy_msghdr_from_user+0x10a/0x160 [ 670.660016][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 670.665325][ T31] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 670.671191][ T31] ___sys_sendmsg+0x134/0x1d0 [ 670.675865][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 670.681945][ T31] __sys_sendmsg+0x16d/0x220 [ 670.686532][ T31] ? __pfx___sys_sendmsg+0x10/0x10 [ 670.691673][ T31] ? __x64_sys_futex+0x1e0/0x4c0 [ 670.696605][ T31] ? rcu_is_watching+0x12/0xc0 [ 670.701388][ T31] do_syscall_64+0xcd/0x260 [ 670.705891][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.711910][ T31] RIP: 0033:0x7faaf9f8d169 [ 670.716330][ T31] RSP: 002b:00007faaf7991038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 670.724745][ T31] RAX: ffffffffffffffda RBX: 00007faafa1a6240 RCX: 00007faaf9f8d169 [ 670.732759][ T31] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000007 [ 670.740763][ T31] RBP: 00007faafa00e990 R08: 0000000000000000 R09: 0000000000000000 [ 670.748724][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 670.756719][ T31] R13: 0000000000000000 R14: 00007faafa1a6240 R15: 00007ffc29f22a08 [ 670.764738][ T31] [ 670.767847][ T31] INFO: lockdep is turned off. [ 670.862021][ T31] NMI backtrace for cpu 1 [ 670.862038][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 670.862059][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 670.862069][ T31] Call Trace: [ 670.862075][ T31] [ 670.862081][ T31] dump_stack_lvl+0x116/0x1f0 [ 670.862108][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 670.862124][ T31] ? watchdog+0xd79/0x12c0 [ 670.862142][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 670.862160][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 670.862178][ T31] watchdog+0xf70/0x12c0 [ 670.862195][ T31] ? __pfx_watchdog+0x10/0x10 [ 670.862211][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 670.862232][ T31] ? __kthread_parkme+0x19e/0x250 [ 670.862257][ T31] ? __pfx_watchdog+0x10/0x10 [ 670.862273][ T31] kthread+0x3c2/0x780 [ 670.862289][ T31] ? __pfx_kthread+0x10/0x10 [ 670.862305][ T31] ? __pfx_kthread+0x10/0x10 [ 670.862320][ T31] ? __pfx_kthread+0x10/0x10 [ 670.862335][ T31] ? __pfx_kthread+0x10/0x10 [ 670.862350][ T31] ? rcu_is_watching+0x12/0xc0 [ 670.862371][ T31] ? __pfx_kthread+0x10/0x10 [ 670.862388][ T31] ret_from_fork+0x45/0x80 [ 670.862404][ T31] ? __pfx_kthread+0x10/0x10 [ 670.862420][ T31] ret_from_fork_asm+0x1a/0x30 [ 670.862450][ T31] [ 670.862456][ T31] Sending NMI from CPU 1 to CPUs 0: [ 670.999004][ C0] NMI backtrace for cpu 0 [ 670.999018][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 670.999034][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 670.999042][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 [ 670.999062][ C0] Code: 96 56 55 00 48 89 df 5b e9 3d b0 5a 00 be 03 00 00 00 5b e9 c2 60 14 03 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 34 24 65 48 8b 15 98 a2 eb 11 65 8b 05 a9 a2 eb [ 670.999074][ C0] RSP: 0018:ffffffff8e007650 EFLAGS: 00000002 [ 670.999086][ C0] RAX: 0000000000000000 RBX: ffffffff8829ba25 RCX: ffffffff8b66ea4b [ 670.999095][ C0] RDX: ffffffff8e097740 RSI: ffffffff850108a5 RDI: 0000000000000006 [ 670.999103][ C0] RBP: ffffffff850108a5 R08: 0000000000000006 R09: ffffffff850108a5 [ 670.999112][ C0] R10: ffffffff8829ba25 R11: 0000000000000000 R12: 0000000000000001 [ 670.999120][ C0] R13: 0000000000000114 R14: 000000000000000c R15: ffffffff8dec0c50 [ 670.999129][ C0] FS: 0000000000000000(0000) GS:ffff8881249b2000(0000) knlGS:0000000000000000 [ 670.999143][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 670.999152][ C0] CR2: 0000000000000000 CR3: 0000000035c7c000 CR4: 00000000003526f0 [ 670.999160][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 670.999169][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 670.999177][ C0] Call Trace: [ 670.999182][ C0] [ 670.999186][ C0] cmp_ex_search+0x75/0xb0 [ 670.999204][ C0] bsearch+0x5b/0xc0 [ 670.999220][ C0] ? __pfx_cmp_ex_search+0x10/0x10 [ 670.999242][ C0] search_extable+0x82/0xb0 [ 670.999257][ C0] ? __pfx_search_extable+0x10/0x10 [ 670.999273][ C0] ? strncpy_from_user+0x1d5/0x2e0 [ 670.999285][ C0] ? lock_acquire+0x179/0x350 [ 670.999297][ C0] ? strncpy_from_user+0x1d5/0x2e0 [ 670.999309][ C0] search_exception_tables+0x37/0x60 [ 670.999324][ C0] fixup_exception+0x51/0xaf0 [ 670.999341][ C0] kernelmode_fixup_or_oops.constprop.0+0x6c/0xe0 [ 670.999357][ C0] __bad_area_nosemaphore+0x399/0x6a0 [ 670.999373][ C0] do_user_addr_fault+0x927/0x1370 [ 670.999389][ C0] exc_page_fault+0x5c/0xc0 [ 670.999405][ C0] asm_exc_page_fault+0x26/0x30 [ 670.999418][ C0] RIP: 0010:strncpy_from_user+0x1d5/0x2e0 [ 670.999430][ C0] Code: 0f 84 9b 00 00 00 e8 ea 34 ba fc 48 83 c3 01 48 83 ed 01 31 ff 48 89 ee e8 48 30 ba fc 48 85 ed 74 65 e8 ce 34 ba fc 45 31 ff <41> 8a 04 1c 31 ff 44 89 fe 41 89 c6 e8 fa 2f ba fc 45 85 ff 0f 84 [ 670.999443][ C0] RSP: 0018:ffffffff8e007978 EFLAGS: 00050046 [ 670.999453][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff85010898 [ 670.999461][ C0] RDX: ffffffff8e097740 RSI: ffffffff850108a2 RDI: 0000000000000007 [ 670.999469][ C0] RBP: 0000000000000008 R08: 0000000000000007 R09: 0000000000000000 [ 670.999477][ C0] R10: 0000000000000008 R11: 0000000000000000 R12: 0000000000000000 [ 670.999486][ C0] R13: ffffffff8e007a18 R14: 0000000000000000 R15: 0000000000000000 [ 670.999496][ C0] ? strncpy_from_user+0x1c8/0x2e0 [ 670.999507][ C0] ? strncpy_from_user+0x1d2/0x2e0 [ 670.999520][ C0] ? strncpy_from_user+0x1d2/0x2e0 [ 670.999533][ C0] strncpy_from_user_nofault+0x7f/0x180 [ 670.999551][ C0] bpf_probe_read_compat_str+0xf1/0x170 [ 670.999570][ C0] bpf_prog_c1796171ffc7efef+0x3e/0x40 [ 670.999582][ C0] bpf_trace_run4+0x249/0x5a0 [ 670.999594][ C0] ? __pfx_bpf_trace_run4+0x10/0x10 [ 670.999605][ C0] ? reacquire_held_locks+0xcd/0x1f0 [ 670.999618][ C0] ? sched_clock_cpu+0x6c/0x530 [ 670.999635][ C0] ? __dequeue_entity+0xa76/0x1830 [ 670.999655][ C0] __bpf_trace_sched_switch+0x145/0x190 [ 670.999671][ C0] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 670.999689][ C0] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 670.999705][ C0] __traceiter_sched_switch+0x6c/0xc0 [ 670.999720][ C0] __schedule+0x1bf3/0x5de0 [ 670.999735][ C0] ? get_jiffies_update+0xaa/0x2a0 [ 670.999751][ C0] ? get_jiffies_update+0x13a/0x2a0 [ 670.999767][ C0] ? rcu_needs_cpu+0x71/0xc0 [ 670.999781][ C0] ? __pfx_tick_nohz_next_event+0x10/0x10 [ 670.999799][ C0] ? __pfx___schedule+0x10/0x10 [ 670.999812][ C0] ? ct_kernel_exit_state+0x34/0x80 [ 670.999831][ C0] ? rcu_is_watching+0x12/0xc0 [ 670.999847][ C0] schedule_idle+0x5c/0x90 [ 670.999862][ C0] do_idle+0x2b6/0x510 [ 670.999878][ C0] ? __pfx_do_idle+0x10/0x10 [ 670.999893][ C0] ? trace_sched_exit_tp+0x31/0x130 [ 670.999912][ C0] cpu_startup_entry+0x4f/0x60 [ 670.999927][ C0] rest_init+0x16b/0x2b0 [ 670.999937][ C0] ? acpi_subsystem_init+0x133/0x180 [ 670.999953][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 670.999972][ C0] start_kernel+0x3e9/0x4d0 [ 670.999989][ C0] x86_64_start_reservations+0x18/0x30 [ 671.000006][ C0] x86_64_start_kernel+0xb0/0xc0 [ 671.000023][ C0] common_startup_64+0x13e/0x148 [ 671.000043][ C0] [ 671.004667][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 671.477794][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 671.487837][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 671.498047][ T31] Call Trace: [ 671.501307][ T31] [ 671.504220][ T31] dump_stack_lvl+0x3d/0x1f0 [ 671.508801][ T31] panic+0x71c/0x800 [ 671.512674][ T31] ? __pfx_panic+0x10/0x10 [ 671.517066][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 671.522419][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 671.528380][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 671.533731][ T31] ? watchdog+0xdda/0x12c0 [ 671.538126][ T31] ? watchdog+0xdcd/0x12c0 [ 671.542520][ T31] watchdog+0xdeb/0x12c0 [ 671.546743][ T31] ? __pfx_watchdog+0x10/0x10 [ 671.551397][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 671.556577][ T31] ? __kthread_parkme+0x19e/0x250 [ 671.561585][ T31] ? __pfx_watchdog+0x10/0x10 [ 671.566242][ T31] kthread+0x3c2/0x780 [ 671.570288][ T31] ? __pfx_kthread+0x10/0x10 [ 671.574854][ T31] ? __pfx_kthread+0x10/0x10 [ 671.579421][ T31] ? __pfx_kthread+0x10/0x10 [ 671.583991][ T31] ? __pfx_kthread+0x10/0x10 [ 671.588557][ T31] ? rcu_is_watching+0x12/0xc0 [ 671.593303][ T31] ? __pfx_kthread+0x10/0x10 [ 671.597870][ T31] ret_from_fork+0x45/0x80 [ 671.602267][ T31] ? __pfx_kthread+0x10/0x10 [ 671.606835][ T31] ret_from_fork_asm+0x1a/0x30 [ 671.611589][ T31] [ 671.614769][ T31] Kernel Offset: disabled [ 671.619069][ T31] Rebooting in 86400 seconds..