last executing test programs: 19.683116648s ago: executing program 1 (id=1270): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x0, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = syz_io_uring_setup(0x10d, &(0x7f00000003c0), &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r2, 0x3f70, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0) socket$inet6(0xa, 0x6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140), 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x6c, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x40, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_bridge\x00'}, {0x14, 0x1, 'geneve0\x00'}]}]}]}, @NFT_MSG_DELFLOWTABLE={0x48, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}]}]}]}], {0x14, 0x10}}, 0xfc}}, 0x0) r6 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000180), r0) sendmsg$NLBL_CALIPSO_C_LIST(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r6, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}]}, 0x1c}}, 0x4) 15.852705705s ago: executing program 1 (id=1279): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) fstatfs(0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, 0x0, 0x4048005) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) ioctl$FBIO_WAITFORVSYNC(r1, 0x40044620, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0xfea7) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x1, 0x12, r3, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) capset(&(0x7f0000000200)={0x20071026}, &(0x7f0000000040)) r4 = fanotify_init(0x200, 0x0) readv(r4, &(0x7f00000003c0)=[{&(0x7f0000000480)=""/4096, 0x34}], 0x8) fanotify_mark(r4, 0x101, 0x48001051, 0xffffffffffffffff, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setreuid(0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) io_setup(0x8, &(0x7f0000004200)) 14.551344442s ago: executing program 4 (id=1286): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x4c, 0xf, 0x6, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@IPSET_ATTR_INDEX={0x6, 0xb, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x2}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40004) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000914010000000000000000000900020073797a3110"], 0x38}}, 0x0) 13.572726708s ago: executing program 4 (id=1289): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x0, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = syz_io_uring_setup(0x10d, &(0x7f00000003c0), &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r2, 0x3f70, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0) socket$inet6(0xa, 0x6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140), 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x6c, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x40, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_bridge\x00'}, {0x14, 0x1, 'geneve0\x00'}]}]}]}, @NFT_MSG_DELFLOWTABLE={0x48, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}]}]}]}], {0x14, 0x10}}, 0xfc}}, 0x0) r6 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000180), r0) sendmsg$NLBL_CALIPSO_C_LIST(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r6, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}]}, 0x1c}}, 0x4) 10.844195756s ago: executing program 1 (id=1293): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f0000000cc0)=ANY=[], 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0) writev(r3, &(0x7f0000000240)=[{&(0x7f0000000800)='9', 0x1}], 0x1f) pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r5, 0x5760, 0x0) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="140100001400210200000000fcdbdf2502"], 0x114}], 0x1}, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000940)={r7, 0x0, 0x0, 0x0, 0x0, [], [0x0, 0x400], [0x0, 0x0, 0x3], [0x0, 0x4, 0x2000000]}) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[], 0xff2e) syz_open_pts(0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="181500"/15], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10) r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000007c0)={0x68, r9, 0x401, 0x0, 0x0, {{}, {0x0, 0x410c}, {0x4c, 0x14, {0x0, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0) 8.559669399s ago: executing program 0 (id=1296): mount(0x0, 0x0, 0x0, 0x302f800, 0x0) r0 = open(0x0, 0x0, 0x5a) r1 = io_uring_setup(0x24cb, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2, 0x72}) r2 = syz_usb_connect(0x1, 0x36, &(0x7f0000000680)=ANY=[@ANYRESHEX=r0], &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r2) close_range(r1, 0xffffffffffffffff, 0x0) r3 = socket$netlink(0x10, 0x3, 0x6) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) copy_file_range(r4, 0x0, r3, 0x0, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRES32], 0xb8}}, 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}, 0x1, 0x0, 0x0, 0x4}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000180)='schedstat\x00') preadv(r6, &(0x7f0000000780)=[{&(0x7f0000000000)=""/65, 0x41}], 0x1, 0x0, 0x0) prctl$PR_SET_IO_FLUSHER(0x39, 0x0) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8) rseq(0x0, 0x0, 0x0, 0x0) lseek(r7, 0x9, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() 8.504025997s ago: executing program 3 (id=1297): r0 = socket$pppl2tp(0x18, 0x1, 0x1) (async) r1 = openat$mice(0xffffffffffffff9c, 0x0, 0x0) (async) r2 = getpid() (async) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000240)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x1}, &(0x7f0000000040)=0x8) (rerun: 32) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000080)={r4, 0x4, 0x0, 0x1, 0xe2}, &(0x7f0000000140)=0x18) (async) sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, 0x0, 0x404) (async) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, 0x0) r5 = getpid() getpgid(r5) (async) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f00000008c0)={'team0\x00', 0xe761}) 8.450632718s ago: executing program 4 (id=1298): r0 = socket(0x840000000002, 0x3, 0xff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x16}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) sendmmsg$inet(r0, &(0x7f0000000380)=[{{&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000200)="a905000000000000073a00338bb335529f56ed5c0e5d4da880fdb79bfc73a3692bc7e6d3", 0x24}], 0x1}}], 0x1, 0x0) 8.307251837s ago: executing program 3 (id=1299): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x4c, 0xf, 0x6, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@IPSET_ATTR_INDEX={0x6, 0xb, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x2}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40004) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000914010000000000000000000900020073797a3110"], 0x38}}, 0x0) 8.246480879s ago: executing program 4 (id=1300): connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2, 0xfffffffd}}, 0x2e) mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x4100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x800) r6 = accept$alg(r5, 0x0, 0x0) recvmmsg(r6, &(0x7f000000a6c0)=[{{0x0, 0x1f000000, 0x0, 0x0, 0x0, 0x59, 0xffffffff}}], 0x500, 0x20010100, 0x0) 7.347146195s ago: executing program 3 (id=1301): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="2ec3ff0010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb440009000e000a0010000000ba8000001201", 0x2e}], 0x1}, 0x0) 7.199188908s ago: executing program 1 (id=1303): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) (fail_nth: 3) 6.219873026s ago: executing program 4 (id=1304): socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$RTC_ALM_READ(0xffffffffffffffff, 0x80247008, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000023"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x20, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) getrusage(0x0, &(0x7f0000000100)) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = gettid() futex(0x0, 0x800000000006, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$key(0xf, 0x3, 0x2) socket$inet6(0xa, 0x3, 0xff) r3 = dup2(r0, 0xffffffffffffffff) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, 0x0, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000740)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="78020000180008002dbd7000fcdbdf2564010101000000fe8000000000000000000000000000aa4e2113", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x278}}, 0x40) ioctl$TCXONC(r4, 0x540a, 0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) 5.572776053s ago: executing program 2 (id=1305): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) creat(0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x10c045f55bed3d0e, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) connect$bt_sco(r1, &(0x7f0000000000)={0x1f, @none}, 0x8) shutdown(r1, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000001c0)) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f00000004c0)=""/68, 0x0}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/73, 0x0}) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000100), 0x1670c0) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) 5.498129523s ago: executing program 3 (id=1306): r0 = socket$kcm(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000480)='wbt_timer\x00', r1}, 0x18) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f00000004c0)={0x9, 0xa, {0xffffffffffffffff}, {}, 0x5, 0x1}) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYRES32=r0, @ANYBLOB="cfa728f34244f6d36efe02ab67eecb"], 0x0, 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffda5, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r5, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x7, 0x1, 0xd, 0x80000000, 0x9, 0x2, 0x8}, 0x1c) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000007000000890704e06800000011"], 0x68}, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, &(0x7f0000000140)=0xa80, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000006b80)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x0, @local}, 0x1c, 0x0}}, {{&(0x7f0000000340)={0xa, 0x4e24, 0x0, @remote}, 0xfffffffffffffd4f, 0x0, 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="e80200002900000004000000005a000000000000c2040000000000dfaac7f65dde66007550d861b7b537fd49b44ed35b0b7c2ed243f39735881ba7309715165c3b9edec92e7dadb7a5bb76e68b4ce5350b4f2671dd45a5fd4320d89ed45cf375461e38967ad0f0891dc4bbba54a2c4b99498353dcc9f0233d55a6e0fbf78c3ba94983f48b6f65060c96fd75c4a82e937f62c958445a04c99c7646db75133bf141405b7db695b0de9a482a9dc8dc3c15f15db0153211c3604213a2baf4222bf165fdfa2ca3fddc94be49ac220c6fec65b5f419d364efc16072c068df6df4ff736f92d14e2d5c87eb699c31f1755ba93bf935b06fb93bdb863bb796b4fa365b5b80e7eacb78b04010007180000000004000000000000000000000000000000000000000774000000000a00000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000002229d40aeab2ece2763e7895cbddd3bcef323f53499b24b0bc57e8e417e20893cedcc8e4f10efdeb88f5e0c3de3fe3ca7d3e9d153f8829a9ace483ea348411f9c44740bfb23125dd1a1609525b9042df61031991b12c271afeb2aadd8f85a0d4677fadd"], 0x2e8}}], 0x2, 0x800) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x12020, 0x0, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r6, 0x0) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000e40)={'vcan0\x00'}) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_SET_TUNSRC(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[], 0x14}}, 0x0) bind$bt_hci(r7, &(0x7f0000000000)={0x27, 0x44}, 0x6) sendmmsg$unix(r7, &(0x7f0000006380)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400000024000900000020000000070006000000"], 0x14}}, 0x0) 5.496538769s ago: executing program 1 (id=1307): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0x2087acee, 0x2, {0xd, @win={{0x0, 0x7, 0xffff}, 0x3, 0x0, 0x0, 0x0, 0x0, 0x80}}}) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x2, 0x0, 0x4, 0x0, {0xa, 0x0, 0x0, @private0, 0xffff7fff}}}, 0x32) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {r0}}, './file0\x00'}) fcntl$setown(r3, 0x8, 0x0) 4.870049073s ago: executing program 0 (id=1308): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x234202, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xe) open(&(0x7f0000000000)='./file0\x00', 0x80ff, 0x0) pipe2$9p(0x0, 0x80800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x24000000) recvmmsg(r2, &(0x7f00000000c0), 0x400007a, 0x2, 0x0) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r4, 0x5609, &(0x7f0000001080)={0xffff}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x20002) write$FUSE_LSEEK(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x14}, 0x14}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r5) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000280)="0c000000010001", 0x7) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 4.750018541s ago: executing program 2 (id=1309): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) close(0x4) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000040)) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(authencesn(streebog256-generic,xchacha12-generic))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000002c0)="0400", 0x2) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x1, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x0, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x4, 0x9}}, @qdisc_kind_options=@q_skbprio={{0xc}, {0xfffffffffffffd7d, 0x2, 0x10000}}]}, 0x40}}, 0x0) (fail_nth: 4) 4.543101667s ago: executing program 1 (id=1310): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socket$igmp6(0xa, 0x3, 0x2) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$cec(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000280)={'wg2\x00'}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r3}, 0x0, &(0x7f0000000180)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="90000000", @ANYRES16=r5, @ANYBLOB="01000200000001000000090000007c00038008000100020000000800040002000000060007004e200000080003000100000014000600fe8800000000000000000000000000011400027b480000000000006f5f62726964676500140002"], 0x90}}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast}) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r1, &(0x7f00000021c0)={0x2020}, 0x2020) socket$inet6_sctp(0xa, 0x801, 0x84) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) 3.699347725s ago: executing program 0 (id=1311): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x4c, 0xf, 0x6, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@IPSET_ATTR_INDEX={0x6, 0xb, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x2}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40004) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000914010000000000000000000900020073797a3110"], 0x38}}, 0x0) 2.594449959s ago: executing program 0 (id=1312): setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x108) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) capset(&(0x7f00000003c0)={0x20080522}, &(0x7f0000000280)={0x0, 0x200, 0x8001, 0x8ee, 0xffffffff, 0xdd8a}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1802000000000000000000000000000000000000000000009500000000000000080000000000000040bc4789aa14b77f4b0c9282a7bae9942c485ebac9cee6888b3e49b872ba833c41eefcd79155efbc6cd2f49ed7e0080cec952c6dcff792ec23840713"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) fsopen(&(0x7f0000000000)='hfsplus\x00', 0x0) getpeername(r1, &(0x7f0000000640)=@isdn, &(0x7f0000000100)=0x80) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={0xffffffffffffffff, 0x0, &(0x7f0000003780)=""/4096}, 0x20) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYRES16], 0x50}}, 0x0) r5 = inotify_init1(0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40305839, &(0x7f0000000240)=0x28084) readv(r5, &(0x7f0000000180)=[{&(0x7f0000000340)=""/86, 0x56}, {&(0x7f0000000500)=""/181, 0xb5}], 0x2) 2.561129971s ago: executing program 4 (id=1313): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) syz_io_uring_setup(0x201, &(0x7f000001fd40)={0x0, 0x200000, 0x100}, &(0x7f0000ffb000), &(0x7f00000002c0)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x7) getpid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000440)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='pstore\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r4 = inotify_init1(0x0) fcntl$setown(r4, 0x8, 0xffffffffffffffff) fcntl$getownex(r4, 0x10, &(0x7f0000000380)={0x0, 0x0}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) setpgid(0x0, r5) open(&(0x7f00000000c0)='./file0\x00', 0x6a4382, 0x2d) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00000002030104007c87c4a4000000000000000800010001"], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c002600020303000000000000000000100000000800010002000000"], 0x1c}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r6, 0x0, r9, 0x0, 0x8ec0, 0x0) fcntl$setpipe(r9, 0x407, 0x0) dup3(r7, r8, 0x80000) 2.463454762s ago: executing program 2 (id=1314): r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2287, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r1, 0x3, &(0x7f0000000200)=0x8000) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r6 = socket$inet_tcp(0x2, 0x1, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)={0x64, r8, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x30, 0x51, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "a7fd4531296b6353d1f3e08847"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_DEFAULT={0x4}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}]]}, 0x64}}, 0x0) sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f0001000000000000000000030100800c0001"], 0x114}], 0x1}, 0x0) 1.618617505s ago: executing program 3 (id=1315): r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000540)={0xe0, 0x10, 0x50b, 0x0, 0xfeffffff, "", [@nested={0xcd, 0x13c, 0x0, 0x1, [@generic="e445eb73ecd2095b89d5fac2ac14532cbb900b0f3dc25a4bbce076c403445493b655ef385e01e7d0764ce49e398a010e7f2f4ecbe882bb0ef6e317beb3ba4e6c694d1071777e50525e457a7e2f3f3ac31f218b5e9ac32c9d4a68da61a41ff2dfad7c27cd9c1af6052650201dc765c7795c54e04c8ca329efadf673f9ebea1ebd19cebfee5d5635bc8860c42c5291624aefab35b5ba8242184c30ec17cfc9f88db7a1f2321c6806fc9955c5091272dde803f79479b13c653f60ad870dcc4f5b2e8f26bceed084917ee0"]}]}, 0xe0}], 0x1, 0x0, 0x0, 0x4048880}, 0x0) 1.470449819s ago: executing program 2 (id=1316): ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0x2, 0x40, 0x7}) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000340)={&(0x7f0000000040), 0xc, &(0x7f0000000300)={&(0x7f00000000c0)={0x20c, r1, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK={0xb4, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}]}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x200}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x61d94230}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffffc}]}, @TIPC_NLA_MEDIA={0x48, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd12f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6629}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x11}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8697}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}]}, @TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0xdcd1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8e7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x10000}]}, @TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x111}]}, @TIPC_NLA_BEARER={0x20, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_NAME={0x14, 0x1, @l2={'ib', 0x3a, 'team_slave_0\x00'}}]}]}, 0x20c}, 0x1, 0x0, 0x0, 0x4000}, 0x80) r2 = socket$netlink(0x10, 0x3, 0x1) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r2, 0x10e, 0x8, &(0x7f0000000380)=0x7, 0x4) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, @null, @netrom={'nr', 0x0}, 0x9, 'syz1\x00', @default, 0x7b, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @default]}) r3 = openat(r0, &(0x7f0000000440)='./file0\x00', 0x400, 0x100) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'wpan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r4, &(0x7f0000000700)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000540)={0x154, 0x0, 0x10, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVKEY={0xe8, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x90, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x10000}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x40, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xffffff97}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1000}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x100}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_ID={0x3c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1ff}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x9}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x100}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SEC_DEVKEY={0x1c, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0x5555555555540004}}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_SEC_DEVKEY={0x14, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x7}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x2}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}]}, 0x154}, 0x1, 0x0, 0x0, 0x4000001}, 0x4008080) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000740)={{{@in6=@loopback, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@broadcast}}, &(0x7f0000000840)=0xe8) read$FUSE(r3, &(0x7f0000000880)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) fchown(r3, r7, r8) r9 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00000028c0), 0x2, 0x0) write$selinux_user(r9, &(0x7f0000002900)={'/usr/sbin/cupsd', 0x20, 'system_u\x00'}, 0x19) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000002940)='./cgroup.net/syz0\x00', 0x200002, 0x0) r11 = openat$cgroup_ro(r10, &(0x7f0000002980)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0) r12 = ioctl$KVM_CREATE_GUEST_MEMFD(r11, 0xc040aed4, &(0x7f00000029c0)={0x3, 0x80}) ioctl$int_out(r12, 0x0, &(0x7f0000002a00)) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r11, 0x84, 0x1a, &(0x7f0000002a40)={0x0, 0xc8, "b38925eee3338b2b88150766491184ba374c4629676f6aee7fb845c886a5decde0a05122fc58c003260ea2f332f0c7fd955ac9f7c6d3a9b38b10f1a212e6f6f3148b66ddff49be16a64a30fb927c9924cc8d67bdf3a2dcb013bd26df3842ba80152f9595f921c4fb0e35ef50e25da0e67780cc0585ae45ebe26e9521a09b20fd2a8b6ea470942576489d03d1d2799c9050ac7cc98666cb287a1c00a8d271c07aeb1b6b54a7e6518f4370f4e93e1d0031bb0b3ac92d77f76e7f890fa1e292479ef32ba2ea41e2f041"}, &(0x7f0000002b40)=0xd0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r11, 0x84, 0x18, &(0x7f0000002b80)={r13, 0x6}, &(0x7f0000002bc0)=0x8) syz_genetlink_get_family_id$fou(&(0x7f0000002c00), r2) r14 = syz_socket_connect_nvme_tcp() recvmsg$inet_nvme(r14, &(0x7f0000003240)={&(0x7f0000002c40)=@nl, 0x80, &(0x7f0000003140)=[{&(0x7f0000002cc0)=""/184, 0xb8}, {&(0x7f0000002d80)=""/189, 0xbd}, {&(0x7f0000002e40)=""/72, 0x48}, {&(0x7f0000002ec0)=""/63, 0x3f}, {&(0x7f0000002f00)=""/153, 0x99}, {&(0x7f0000002fc0)=""/84, 0x54}, {&(0x7f0000003040)=""/208, 0xd0}], 0x7, &(0x7f00000031c0)=""/110, 0x6e}, 0x60) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000003280)={0x8001, 0x0, 0x2}) ioctl$DRM_IOCTL_SG_ALLOC(r0, 0xc0106438, &(0x7f00000032c0)={0xd, r15}) r16 = syz_genetlink_get_family_id$nfc(&(0x7f0000003340), r4) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000003380)=0x0) sendmsg$NFC_CMD_ACTIVATE_TARGET(r4, &(0x7f0000003440)={&(0x7f0000003300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000003400)={&(0x7f00000033c0)={0x24, r16, 0x8, 0x70bd2d, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r17}]}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x0) 1.464939189s ago: executing program 0 (id=1317): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) socket$qrtr(0x2a, 0x2, 0x0) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) listen(r4, 0x0) socket$tipc(0x1e, 0x5, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TCSETSW(r5, 0x5406, &(0x7f00000002c0)={0x0, 0x3920, 0x3f, 0x20000000, 0x0, "efdfffff77f22d8412d256e3c7183ab6165578"}) r6 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) r7 = fsmount(r6, 0x0, 0x0) r8 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={0xffffffffffffffff, r7}, 0x10) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000006c0)={r8, 0xffffffffffffffff, 0x4}, 0x10) socket$can_j1939(0x1d, 0x2, 0x7) r9 = socket(0x1, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bind$unix(r9, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001e40), 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r10, &(0x7f0000001f40)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0}}, 0x20) 1.215266803s ago: executing program 2 (id=1318): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18) io_uring_enter(0xffffffffffffffff, 0x2a94, 0x91ec, 0x18, &(0x7f00000000c0)={[0x2]}, 0x8) socket$inet_mptcp(0x2, 0x1, 0x106) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xa) r4 = dup(r1) ioctl$SOUND_MIXER_READ_CAPS(r4, 0x80044dfc, &(0x7f0000000040)) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r5, 0x29, 0x3c, &(0x7f0000311ffc)=0x1, 0x4) setsockopt$inet6_buf(r5, 0x29, 0x3e, &(0x7f00002cef88)="d84f7398", 0x4) sendto$inet6(r5, &(0x7f0000000800)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e612721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ef42eeb66c3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a068e9607f57f626a5b8d476636ef1ee76307524009ae49be402000000000000001e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408074c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dff02ba9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669cabc206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb252f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2e02fad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea09364ab42ee9802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c59d88a29af5886c1f5dfc6837c58aaef12a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e5590fe2d92f912759b9937f64204ec5caa92e218daa5a3ef64617beb30cccb31016b13ed8d7bcabb03e176b1c9bda3bf1c1256ab74ab6f42ed9bafbbd0096263be1a7da1e1c88deec55a653d170e1e13c77dacaa60a37a6ba2383e661ebc9f13dbaade2dd884c9951819fb4608e19e70cd2496ccfb12f24c71f496cfe90400fe1bbea1e9a24b1d4664fb0776aca6269b396779680e52f86877d9209988d12ccb137be01ab7496d00547a7d4849d365a18dbb55c429cde87d33c4b74ad2273cdfee88b5418866ef327f25e9cbcd5a64d97184339f7e4cb5f8de171d2779c0f68884ae835e398f982d5749f085628d3608986656ea04b721f828202e9342bd7d19dfa091e772aebf9718030167a8c029df7c58b7f40029d7cfcaf26fd1900d8775ef373e8e2c5bf3525f907add3be426cd5a079c49abffe933e9ee213a3baf34f932d1299312691e1c53e6247ae0989ad66070d51fad22856a8b6b28954e7d41189b11c5321789eec8670de9e8db0b0473ba2e02731e60e7222697d61e052c18d4bcc6d1572fdf426f7b2fee6c1dee66c85c497b90facaf63b8ec5cde4a73400f9180bcfc0f81eca9580a7c81462a077f9034026bf72aa7c6de4b3c15d4a2dbd6fd7d87084aea9f25fb4bf5ec83eb56874a760533792dff2695407ccdd6a7375e0007230fd3f6501c152f1c1ff279b1d67cc95f2820762b7927659368e41657bdef2dd15b63498a93b787bdb26809d734aaf98b86fcf9fc643a34d03ebbe072820662d20d4774d66c5ae270adade5b8f6242a059b926221ee3d677487471c432b0d6d64dad030703475bb3ecac39b204a814f5ece5961621358e36f8a2cf7196c76959824bbb475a7cad8f57853fe05f59f341b5207cc9bb8d686982c2f158e0d8f5c7ec6cbfd5", 0x5ad, 0x0, &(0x7f0000000080)={0xa, 0x5e20, 0x0, @mcast2}, 0x1c) recvfrom$inet6(r5, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_RECONFIGURE(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r6) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r6) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r7, @ANYRES32, @ANYBLOB="24002d801a0001"], 0x64}}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), r6) 459.719389ms ago: executing program 0 (id=1319): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) getpid() r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000240012800b00010065727370616e000014000280050016000000000006000e"], 0x44}}, 0x0) close(r2) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x24000044, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0f00000000000000e8e6a0979144347cf3bc00e3a19625f43a2b1bf619f89495b64db8578527fcfb5a11750630a463face98916dc0d87673ce67ed8d6ed5882edc0a41878d151084086c95001299e36812f24782b043b78bcd6d8a2312305b01779d1040aab75184050dd341e338f6e01b4f848dbf5e9f2a7578cddebd39e5ad1c26eb7da34152a3b796a2bdf7f24b6c74bf14877989c588b612a0273326e2256146c644b05aadccc67d40ca1b3ed1cf4fafbdf6f89cd41deaa97c573a955c2bb974dfcf75de9408ce6ac746da914f09cfbedbe604f99dd62842c4bdd7fdc0c928df0e7469c632292c2a197c1a0211c3193e20b5ebb0bd6e97f77fac8712c8fa6a2362c4389d099bddef90e646747470ae5d844143b9c5fb78c2f5b00a8763b5aa82799cecb473422798ba7a218991c40906df42c67e", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES64=r0, @ANYRES32], 0x50) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000ea00000000000000000000850000002700000095000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r3, @ANYRES32=r4, @ANYBLOB, @ANYBLOB, @ANYRES64=0x0], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r3, &(0x7f0000000340), &(0x7f0000000040)=@tcp}, 0x20) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005740)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000005c0)="42a937b35fdab1266622ac4ad4ed3da89bdeac7998ffb1568d0629abda1b78c510e8ff473966a40506a3bed7d05ffaeb884811bc2f0689aea79d2eb6837c3a9d56439459045b7331775d9b0078f32c562399853404478ddf0bcb15843f72d9eb7df38be4793d484f968c244b120fe4afc2d3cbd2e271873cbfdc03e1a34d76fa4e14e4074f0fde8b83679c694d31bc5f35ffc600"/167, 0xa7}], 0x1}}], 0x1, 0x40005) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000880)={'bridge_slave_0\x00', 0x0}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x38) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x711642, 0x0) ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7e12ddc5a89047bf00"}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x50) r8 = syz_open_pts(r7, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000200)=0x2) r9 = dup2(r8, r7) ioctl$TIOCSPTLCK(r8, 0x40045431, &(0x7f0000000140)) setsockopt$packet_drop_memb(r9, 0x107, 0x2, &(0x7f0000000680)={r5, 0x1, 0x6, @local}, 0x10) 455.123789ms ago: executing program 3 (id=1320): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000380)=ANY=[@ANYBLOB="1e00000000000000060000000500000041000000", @ANYRES32, @ANYBLOB="0900000000ff218300"/20, @ANYRES32=0x0, @ANYRESDEC=r0, @ANYBLOB="04000000040000000400b10000020000000000000002000000000000"], 0x50) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000180)=[{}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = gettid() sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket(0x0, 0x0, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00000000040000000400", @ANYRES32, @ANYBLOB="0000000000001c80000000000000000000000000a2f8c74a4bae2deaa151e563dfef29463a593b0c5a2262dfcb8bb6997519714f200331e85a3407166c33c06eaf6354d7292936817ce089205d827aa725183a557323d116", @ANYRES16=r3, @ANYRES32, @ANYBLOB='\x00'/28, @ANYRESOCT=0x0, @ANYBLOB="b9789faaa55d11c8cd502208d51600e913b58f3629282fc6b4a70222c2ce02318a737146e736d6337083c6ef6b8ddb33dbc08940e1d12f12a3f7afbaa18d9380f269a6bda53767b6d535a8bad58ba274bbbf09fb9e8c5c6c9ee37315868d6194fe56968839a8e2d426f0ce29bc04f1820455e7f71fa9073a0b15591bb6c49fe22ede66c2ddf355d4fd952294e2d9618917d6157e854731333ca2052846d506e13b4da4b89e3999f2c1280b3cd09eb247c1c88b42295eeab165cd00aeeecaea03a54eb8757563773850a87c6fdf16dfb3f67e24a657cc27", @ANYRES16=r0], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000480)=ANY=[@ANYRES64=r3, @ANYRES32=r3, @ANYBLOB='&\x00'/12, @ANYRES32, @ANYBLOB="3e4dbd68eb9ceb625c27d283b5ea0fe3d0f60cc5bec0454557b3982a4f0bebdabe3009153580", @ANYRESOCT=r1], 0x20) getpid() ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x8004587d, &(0x7f0000000f80)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr$security_selinux(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x0, 0x0, 0x0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000000100000d00000008090000000300"/46], 0x0, 0x2e, 0x0, 0x1, 0x37df, 0x0, @void, @value}, 0x28) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r7 = socket$netlink(0x10, 0x3, 0x1) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRESHEX=r7, @ANYRESOCT=r5, @ANYBLOB="080003"], 0x54}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000080)={0xfff9, 0x5, 0x869, 0xad}, 0xc) connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xf) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r8, &(0x7f0000000200)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x1, 0x1}, 0xe) 0s ago: executing program 2 (id=1321): syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) mknod(&(0x7f0000000040)='./file0\x00', 0x10, 0x2040000) r0 = syz_open_dev$vim2m(&(0x7f0000000680), 0x10007fffffff, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0) write$FUSE_IOCTL(0xffffffffffffffff, 0x0, 0x0) openat(r1, 0x0, 0x20942, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000006c0)={0x1, @win={{0x8, 0x1, 0x8, 0x70ec2dba}, 0x9, 0x6, &(0x7f0000000400)={{0x3, 0x5, 0x9, 0x5}, &(0x7f0000000380)={{0x4, 0x101, 0x2, 0x9}}}, 0x2, &(0x7f0000000580)='F-', 0xfb}}) socket$kcm(0x11, 0x3, 0x0) r2 = socket$inet6(0xa, 0x80002, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x4000000400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000004c0)={r1, 0x58, &(0x7f0000000440)}, 0x10) mkdir(&(0x7f0000000600)='./file1\x00', 0x0) mount(&(0x7f00000009c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000a00)='./file1\x00', &(0x7f0000000080)='ocfs2\x00', 0x1031010, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) syz_io_uring_setup(0x0, &(0x7f00000002c0), &(0x7f00000000c0), 0x0) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='jfs\x00', 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan0\x00'}) r5 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) kernel console output (not intermixed with test programs): -4 [ 520.067273][ T9475] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 520.112232][ T9475] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 520.163655][ T9475] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 520.769627][ T9493] netlink: 'syz.1.876': attribute type 1 has an invalid length. [ 521.122496][ T8278] Bluetooth: hci2: command 0x0c1a tx timeout [ 521.378911][ T9503] overlayfs: missing 'lowerdir' [ 521.400350][ T9493] bond1: entered promiscuous mode [ 521.405606][ T9504] netlink: 4 bytes leftover after parsing attributes in process `syz.3.875'. [ 521.490276][ T9499] netlink: 4 bytes leftover after parsing attributes in process `syz.1.876'. [ 521.509613][ T9499] bond1: left promiscuous mode [ 521.517423][ T25] usb 1-1: USB disconnect, device number 18 [ 521.520026][ T9499] 8021q: adding VLAN 0 to HW filter on device bond1 [ 521.545623][ T25] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 521.584255][ T9498] netlink: 'syz.3.875': attribute type 1 has an invalid length. [ 521.585460][ T25] keyspan 1-1:0.0: device disconnected [ 521.684792][ T9498] bond1: entered promiscuous mode [ 522.160681][ T9518] vivid-000: disconnect [ 522.165452][ T9518] FAULT_INJECTION: forcing a failure. [ 522.165452][ T9518] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 522.178677][ T9518] CPU: 0 UID: 0 PID: 9518 Comm: syz.2.880 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 522.188927][ T9518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 522.199230][ T9518] Call Trace: [ 522.202497][ T9518] [ 522.205414][ T9518] dump_stack_lvl+0x16c/0x1f0 [ 522.210084][ T9518] should_fail_ex+0x497/0x5b0 [ 522.214754][ T9518] _copy_to_user+0x30/0xc0 [ 522.219170][ T9518] video_usercopy+0xf37/0x1600 [ 522.223946][ T9518] ? __pfx___video_do_ioctl+0x10/0x10 [ 522.230144][ T9518] ? __pfx_video_usercopy+0x10/0x10 [ 522.235355][ T9518] v4l2_ioctl+0x1ba/0x250 [ 522.239675][ T9518] ? __pfx_v4l2_ioctl+0x10/0x10 [ 522.244531][ T9518] __x64_sys_ioctl+0x18d/0x210 [ 522.249301][ T9518] do_syscall_64+0xcd/0x250 [ 522.253794][ T9518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.259701][ T9518] RIP: 0033:0x7f346ab7def9 [ 522.264119][ T9518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 522.283733][ T9518] RSP: 002b:00007f346b94a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 522.292136][ T9518] RAX: ffffffffffffffda RBX: 00007f346ad36058 RCX: 00007f346ab7def9 [ 522.300098][ T9518] RDX: 0000000020000080 RSI: 00000000c008561c RDI: 0000000000000005 [ 522.308055][ T9518] RBP: 00007f346b94a090 R08: 0000000000000000 R09: 0000000000000000 [ 522.316014][ T9518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 522.323970][ T9518] R13: 0000000000000000 R14: 00007f346ad36058 R15: 00007ffd68757738 [ 522.331939][ T9518] [ 522.842892][ T9515] vivid-000: reconnect [ 522.865881][ T8278] Bluetooth: hci5: command 0x0c1a tx timeout [ 522.871952][ T8278] Bluetooth: hci1: command 0x0c1a tx timeout [ 522.878052][ T8278] Bluetooth: hci0: command 0x0c1a tx timeout [ 523.061013][ T9514] netlink: 12 bytes leftover after parsing attributes in process `syz.1.881'. [ 523.116120][ T9517] netlink: 4 bytes leftover after parsing attributes in process `syz.1.881'. [ 523.315925][ T25] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 523.576003][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 523.609397][ T25] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 523.641300][ T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 523.662996][ T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 523.691135][ T25] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 523.708674][ T25] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 523.722536][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.516589][ T9536] netlink: 'syz.4.884': attribute type 12 has an invalid length. [ 529.526068][ T9536] netlink: 197276 bytes leftover after parsing attributes in process `syz.4.884'. [ 530.786290][ T25] usb 1-1: can't set config #16, error -71 [ 530.807422][ T25] usb 1-1: USB disconnect, device number 19 [ 530.889186][ T9548] FAULT_INJECTION: forcing a failure. [ 530.889186][ T9548] name failslab, interval 1, probability 0, space 0, times 0 [ 530.923654][ T9548] CPU: 1 UID: 0 PID: 9548 Comm: syz.3.888 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 530.933958][ T9548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 530.944028][ T9548] Call Trace: [ 530.947321][ T9548] [ 530.950238][ T9548] dump_stack_lvl+0x16c/0x1f0 [ 530.954907][ T9548] should_fail_ex+0x497/0x5b0 [ 530.959583][ T9548] ? fs_reclaim_acquire+0xae/0x160 [ 530.964692][ T9548] should_failslab+0xc2/0x120 [ 530.969461][ T9548] __kmalloc_noprof+0xcb/0x400 [ 530.974320][ T9548] iter_file_splice_write+0x1cd/0x10b0 [ 530.979810][ T9548] ? copy_splice_read+0x8a1/0xb90 [ 530.984969][ T9548] ? __pfx___lock_acquire+0x10/0x10 [ 530.990206][ T9548] ? __pfx_iter_file_splice_write+0x10/0x10 [ 530.996151][ T9548] ? __pfx_lock_acquire+0x10/0x10 [ 531.001222][ T9548] ? __pfx_iter_file_splice_write+0x10/0x10 [ 531.007153][ T9548] direct_splice_actor+0x18f/0x6c0 [ 531.012299][ T9548] splice_direct_to_actor+0x346/0xa40 [ 531.017701][ T9548] ? __pfx_direct_splice_actor+0x10/0x10 [ 531.023367][ T9548] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 531.029288][ T9548] ? __fget_files+0x23a/0x3f0 [ 531.033989][ T9548] ? __pfx___might_resched+0x10/0x10 [ 531.039306][ T9548] do_splice_direct+0x178/0x250 [ 531.044188][ T9548] ? __pfx_do_splice_direct+0x10/0x10 [ 531.049589][ T9548] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 531.055525][ T9548] do_sendfile+0xb0a/0xe40 [ 531.059973][ T9548] ? __pfx_do_sendfile+0x10/0x10 [ 531.064945][ T9548] __x64_sys_sendfile64+0x1da/0x220 [ 531.070173][ T9548] ? ksys_write+0x1ab/0x260 [ 531.074697][ T9548] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 531.080455][ T9548] do_syscall_64+0xcd/0x250 [ 531.084984][ T9548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.090912][ T9548] RIP: 0033:0x7f175a77def9 [ 531.095344][ T9548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 531.115070][ T9548] RSP: 002b:00007f175b591038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 531.123507][ T9548] RAX: ffffffffffffffda RBX: 00007f175a935f80 RCX: 00007f175a77def9 [ 531.131495][ T9548] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 531.139483][ T9548] RBP: 00007f175b591090 R08: 0000000000000000 R09: 0000000000000000 [ 531.147471][ T9548] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000001 [ 531.155466][ T9548] R13: 0000000000000000 R14: 00007f175a935f80 R15: 00007ffeec2413b8 [ 531.163484][ T9548] [ 531.171121][ T9552] netlink: 'syz.0.889': attribute type 1 has an invalid length. [ 531.245674][ T9552] bond1: entered promiscuous mode [ 531.254503][ T9554] netlink: 4 bytes leftover after parsing attributes in process `syz.0.889'. [ 531.280560][ T9555] overlayfs: missing 'lowerdir' [ 531.344490][ T9554] bond1: left promiscuous mode [ 531.389669][ T9554] 8021q: adding VLAN 0 to HW filter on device bond1 [ 531.604964][ T29] audit: type=1326 audit(1726750162.109:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9556 comm="syz.3.890" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f175a77def9 code=0x0 [ 532.958509][ T9567] netlink: 12 bytes leftover after parsing attributes in process `syz.3.893'. [ 533.054782][ T9570] netlink: 4 bytes leftover after parsing attributes in process `syz.3.893'. [ 533.747942][ T29] audit: type=1400 audit(1726750164.199:533): avc: denied { create } for pid=9584 comm="syz.4.896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 534.040371][ T29] audit: type=1400 audit(1726750164.219:534): avc: denied { write } for pid=9584 comm="syz.4.896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 534.449019][ T4613] Bluetooth: hci2: unexpected event for opcode 0x202a [ 534.856048][ T29] audit: type=1326 audit(1726750164.959:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9591 comm="syz.1.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a47b7def9 code=0x7ffc0000 [ 535.005530][ T29] audit: type=1326 audit(1726750164.959:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9591 comm="syz.1.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a47b7def9 code=0x7ffc0000 [ 535.122203][ T29] audit: type=1326 audit(1726750164.969:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9591 comm="syz.1.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0a47b7def9 code=0x7ffc0000 [ 535.212722][ T29] audit: type=1326 audit(1726750165.009:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9591 comm="syz.1.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a47b7def9 code=0x7ffc0000 [ 535.306865][ T29] audit: type=1326 audit(1726750165.009:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9591 comm="syz.1.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a47b7def9 code=0x7ffc0000 [ 536.155058][ T29] audit: type=1326 audit(1726750165.009:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9591 comm="syz.1.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0a47b7def9 code=0x7ffc0000 [ 536.205945][ T5281] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 536.382289][ T29] audit: type=1326 audit(1726750165.009:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9591 comm="syz.1.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a47b7def9 code=0x7ffc0000 [ 536.446089][ T5281] usb 4-1: Using ep0 maxpacket: 8 [ 536.706841][ T9615] overlayfs: missing 'lowerdir' [ 536.821557][ T5281] usb 4-1: device descriptor read/all, error -71 [ 536.857940][ T9617] netlink: 8 bytes leftover after parsing attributes in process `syz.0.905'. [ 536.914555][ T5278] IPVS: starting estimator thread 0... [ 537.036942][ T9621] IPVS: using max 18 ests per chain, 43200 per kthread [ 537.401388][ T9626] bond2: entered promiscuous mode [ 538.048386][ T9629] netlink: 4 bytes leftover after parsing attributes in process `syz.3.907'. [ 538.092913][ T9629] bond2: left promiscuous mode [ 538.117680][ T9629] 8021q: adding VLAN 0 to HW filter on device bond2 [ 538.945913][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 538.945933][ T29] audit: type=1400 audit(1726750169.449:556): avc: denied { create } for pid=9638 comm="syz.4.910" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 540.476153][ T46] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 541.306222][ T46] usb 2-1: Using ep0 maxpacket: 8 [ 541.321574][ T46] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 541.349427][ T46] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 541.374152][ T46] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 541.404201][ T46] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 541.441416][ T46] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 541.464035][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.506029][ T25] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 541.527369][ T46] hub 2-1:1.0: bad descriptor, ignoring hub [ 541.552312][ T46] hub 2-1:1.0: probe with driver hub failed with error -5 [ 541.574476][ T46] cdc_wdm 2-1:1.0: skipping garbage [ 541.590363][ T46] cdc_wdm 2-1:1.0: skipping garbage [ 541.611733][ T46] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 541.626162][ T46] cdc_wdm 2-1:1.0: Unknown control protocol [ 541.718197][ T25] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 541.758385][ T25] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 541.811095][ T25] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 541.836965][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.283789][ T25] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 546.349991][ T25] usb 1-1: invalid MIDI out EP 0 [ 547.693595][ T5278] usb 2-1: USB disconnect, device number 7 [ 547.704561][ T25] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 547.783697][ T25] usb 1-1: USB disconnect, device number 20 [ 548.305030][ T9678] overlayfs: missing 'lowerdir' [ 549.463502][ T29] audit: type=1400 audit(1726750179.969:557): avc: denied { create } for pid=9686 comm="syz.0.924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 549.564606][ T9685] bond3: entered promiscuous mode [ 549.591744][ T9689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.923'. [ 549.674243][ T9689] bond3: left promiscuous mode [ 549.696224][ T9689] 8021q: adding VLAN 0 to HW filter on device bond3 [ 550.935687][ T9694] netlink: 28 bytes leftover after parsing attributes in process `syz.3.926'. [ 550.986021][ T9694] netlink: 40 bytes leftover after parsing attributes in process `syz.3.926'. [ 551.069882][ T9698] netlink: 'syz.2.927': attribute type 1 has an invalid length. [ 551.274827][ T9698] bond4: entered promiscuous mode [ 552.354485][ T9698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.927'. [ 552.366809][ T9698] bond4: left promiscuous mode [ 552.384497][ T9698] 8021q: adding VLAN 0 to HW filter on device bond4 [ 552.467604][ T4613] Bluetooth: hci1: unexpected event 0x08 length: 78 > 4 [ 552.478559][ T4613] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 552.571289][ T9714] netlink: 8 bytes leftover after parsing attributes in process `syz.1.932'. [ 552.753070][ T9717] FAULT_INJECTION: forcing a failure. [ 552.753070][ T9717] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 552.766490][ T9717] CPU: 1 UID: 0 PID: 9717 Comm: syz.3.931 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 552.776758][ T9717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 552.786836][ T9717] Call Trace: [ 552.790219][ T9717] [ 552.793164][ T9717] dump_stack_lvl+0x16c/0x1f0 [ 552.797883][ T9717] should_fail_ex+0x497/0x5b0 [ 552.802779][ T9717] _copy_from_user+0x30/0xf0 [ 552.807418][ T9717] copy_msghdr_from_user+0x99/0x160 [ 552.812657][ T9717] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 552.818516][ T9717] ? irqentry_exit+0x3b/0x90 [ 552.823127][ T9717] ? lockdep_hardirqs_on+0x7c/0x110 [ 552.828370][ T9717] ___sys_sendmsg+0xff/0x1e0 [ 552.833002][ T9717] ? __pfx____sys_sendmsg+0x10/0x10 [ 552.838254][ T9717] ? lock_release+0x3e5/0x6f0 [ 552.842989][ T9717] ? ksys_write+0x21c/0x260 [ 552.847543][ T9717] ? __fget_light+0x173/0x210 [ 552.852268][ T9717] __sys_sendmsg+0x117/0x1f0 [ 552.857073][ T9717] ? __pfx___sys_sendmsg+0x10/0x10 [ 552.862246][ T9717] do_syscall_64+0xcd/0x250 [ 552.866784][ T9717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.872716][ T9717] RIP: 0033:0x7f175a77def9 [ 552.877151][ T9717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 552.896795][ T9717] RSP: 002b:00007f175b570038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 552.905251][ T9717] RAX: ffffffffffffffda RBX: 00007f175a936058 RCX: 00007f175a77def9 [ 552.913249][ T9717] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000006 [ 552.921334][ T9717] RBP: 00007f175b570090 R08: 0000000000000000 R09: 0000000000000000 [ 552.929336][ T9717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 552.937334][ T9717] R13: 0000000000000000 R14: 00007f175a936058 R15: 00007ffeec2413b8 [ 552.945337][ T9717] [ 554.918126][ T9735] bond5: entered promiscuous mode [ 554.926854][ T9742] netlink: 4 bytes leftover after parsing attributes in process `syz.2.936'. [ 554.983254][ T29] audit: type=1400 audit(1726750185.489:558): avc: denied { ioctl } for pid=9740 comm="syz.4.939" path="socket:[29524]" dev="sockfs" ino=29524 ioctlcmd=0x8947 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 554.984350][ T9742] bond5: left promiscuous mode [ 555.072231][ T9742] 8021q: adding VLAN 0 to HW filter on device bond5 [ 556.210280][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 556.481496][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.024706][ T9782] loop5: detected capacity change from 0 to 16384 [ 557.706697][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.333476][ T9782] loop5: detected capacity change from 16384 to 16320 [ 558.682458][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.866804][ T5277] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 558.957121][ T8278] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 558.967525][ T8278] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 558.977994][ T8278] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 558.997451][ T8278] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 559.005229][ T8278] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 559.015243][ T8278] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 559.086609][ T9808] bond2: entered promiscuous mode [ 559.126569][ T5277] usb 5-1: Using ep0 maxpacket: 16 [ 559.147237][ T5277] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 559.164874][ T5277] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 559.180450][ T5277] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 559.196125][ T5277] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.268838][ T5277] usb 5-1: config 0 descriptor?? [ 559.287610][ T5277] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 559.317439][ T9812] netlink: 4 bytes leftover after parsing attributes in process `syz.0.955'. [ 559.332999][ T9812] bond2: left promiscuous mode [ 559.339742][ T9812] 8021q: adding VLAN 0 to HW filter on device bond2 [ 559.467268][ T11] bridge_slave_1: left allmulticast mode [ 559.475285][ T11] bridge_slave_1: left promiscuous mode [ 559.499546][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.565756][ T11] bridge_slave_0: left allmulticast mode [ 559.609315][ T11] bridge_slave_0: left promiscuous mode [ 559.652007][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.775916][ T9822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 559.896491][ T9822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 561.066643][ T4613] Bluetooth: hci2: command tx timeout [ 561.345361][ T4613] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 562.716906][ T29] audit: type=1400 audit(1726750192.599:559): avc: denied { ioctl } for pid=9851 comm="syz.3.962" path="socket:[30186]" dev="sockfs" ino=30186 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 563.146291][ T4613] Bluetooth: hci2: command tx timeout [ 563.477523][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.520393][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 563.543281][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 563.569827][ T11] bond0 (unregistering): Released all slaves [ 564.013975][ T9862] delete_channel: no stack [ 564.080478][ T11] bond1 (unregistering): Released all slaves [ 564.344408][ T11] tipc: Left network mode [ 564.401314][ T5281] usb 5-1: USB disconnect, device number 7 [ 565.421870][ T4613] Bluetooth: hci2: command tx timeout [ 565.503218][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 565.755965][ T11] hsr_slave_0: left promiscuous mode [ 565.784873][ T11] hsr_slave_1: left promiscuous mode [ 565.955027][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 565.966969][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 566.019174][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 566.028389][ T29] audit: type=1400 audit(1726750196.539:560): avc: denied { ioctl } for pid=9890 comm="syz.4.970" path="/dev/sg0" dev="devtmpfs" ino=696 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 566.062479][ T9896] netlink: 4100 bytes leftover after parsing attributes in process `syz.4.970'. [ 566.089134][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 566.187020][ T11] veth1_macvtap: left promiscuous mode [ 566.198628][ T11] veth0_macvtap: left promiscuous mode [ 566.217520][ T25] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 566.230579][ T11] veth1_vlan: left promiscuous mode [ 566.264084][ T11] veth0_vlan: left promiscuous mode [ 566.366250][ T29] audit: type=1400 audit(1726750196.859:561): avc: denied { module_request } for pid=9892 comm="syz.0.969" kmod="netdev-rose0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 566.426570][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 566.468041][ T25] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 566.521250][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 566.594723][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 566.617676][ T29] audit: type=1400 audit(1726750197.129:562): avc: denied { ioctl } for pid=9892 comm="syz.0.969" path="socket:[30322]" dev="sockfs" ino=30322 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 566.635893][ T25] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 566.690095][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.724011][ T25] usb 3-1: config 0 descriptor?? [ 566.776211][ T9900] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 566.801668][ T25] hub 3-1:0.0: USB hub found [ 566.895995][ T46] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 567.004339][ T25] hub 3-1:0.0: 2 ports detected [ 567.094395][ T25] hub 3-1:0.0: hub_hub_status failed (err = -71) [ 567.110814][ T46] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 567.122742][ T25] hub 3-1:0.0: config failed, can't get hub status (err -71) [ 567.130680][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.150765][ T46] usb 5-1: Product: syz [ 567.155492][ T25] usbhid 3-1:0.0: can't add hid device: -71 [ 567.171851][ T46] usb 5-1: Manufacturer: syz [ 567.177160][ T25] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 567.192615][ T46] usb 5-1: SerialNumber: syz [ 567.211691][ T46] usb 5-1: config 0 descriptor?? [ 567.237175][ T25] usb 3-1: USB disconnect, device number 9 [ 567.406398][ T941] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 567.466062][ T4613] Bluetooth: hci2: command tx timeout [ 567.506545][ T46] usb-storage 5-1:0.0: USB Mass Storage device detected [ 567.597714][ T941] usb 4-1: Using ep0 maxpacket: 16 [ 567.609197][ T941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.624237][ T941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 567.647086][ T941] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 567.657311][ T9923] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 567.675218][ T941] usb 4-1: New USB device found, idVendor=056a, idProduct=0022, bcdDevice= 0.00 [ 567.686865][ T941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.814569][ T941] usb 4-1: config 0 descriptor?? [ 568.377044][ T9915] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 568.402973][ T9915] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 568.646424][ T5281] usb 5-1: USB disconnect, device number 8 [ 568.731158][ T11] team0 (unregistering): Port device team_slave_1 removed [ 568.928319][ T11] team0 (unregistering): Port device team_slave_0 removed [ 568.932371][ T941] wacom 0003:056A:0022.0005: Unknown device_type for 'HID 056a:0022'. Assuming pen. [ 569.012176][ T941] wacom 0003:056A:0022.0005: hidraw0: USB HID v0.00 Device [HID 056a:0022] on usb-dummy_hcd.3-1/input0 [ 569.087184][ T941] input: Wacom Intuos 9x12 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0022.0005/input/input22 [ 570.595199][ T9933] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 570.611389][ T9934] netlink: 4 bytes leftover after parsing attributes in process `syz.4.975'. [ 570.672097][ T29] audit: type=1400 audit(1726750201.179:563): avc: denied { mount } for pid=9942 comm="syz.0.978" name="/" dev="autofs" ino=30972 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 572.234584][ T29] audit: type=1400 audit(1726750202.739:564): avc: denied { unmount } for pid=8273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 572.307551][ T9806] chnl_net:caif_netlink_parms(): no params data found [ 572.327922][ T5281] usb 4-1: USB disconnect, device number 12 [ 573.114660][ T29] audit: type=1400 audit(1726750203.619:565): avc: denied { accept } for pid=9963 comm="syz.0.982" laddr=fe80::a8aa:aaff:feaa:aa16 lport=255 faddr=ff01::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 573.465045][ T11] IPVS: stop unused estimator thread 0... [ 573.960224][ T5278] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 573.994132][ T9806] bridge0: port 1(bridge_slave_0) entered blocking state [ 574.049747][ T9806] bridge0: port 1(bridge_slave_0) entered disabled state [ 574.066056][ T9806] bridge_slave_0: entered allmulticast mode [ 574.087850][ T9806] bridge_slave_0: entered promiscuous mode [ 574.167872][ T9806] bridge0: port 2(bridge_slave_1) entered blocking state [ 574.195207][ T9806] bridge0: port 2(bridge_slave_1) entered disabled state [ 574.211564][ T9806] bridge_slave_1: entered allmulticast mode [ 574.232376][ T9806] bridge_slave_1: entered promiscuous mode [ 574.316404][ T9990] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 574.629239][ T5278] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 574.639513][ T5278] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.703715][ T5278] usb 1-1: config 0 descriptor?? [ 574.779668][ T9806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 574.841603][ T9806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 574.891861][T10000] netlink: 'syz.3.988': attribute type 1 has an invalid length. [ 574.935381][ T5278] [drm] vendor descriptor length:6 data:02 5f 01 15 72 a2 00 00 00 00 00 [ 574.962730][ T5278] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 574.992571][T10000] bond4: entered promiscuous mode [ 575.075966][ T941] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 575.117343][T10003] netlink: 4 bytes leftover after parsing attributes in process `syz.3.988'. [ 575.140203][ T5278] [drm:udl_init] *ERROR* Selecting channel failed [ 575.175491][T10003] bond4: left promiscuous mode [ 575.216344][T10003] 8021q: adding VLAN 0 to HW filter on device bond4 [ 575.255288][ T5278] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 575.278545][ T941] usb 5-1: Using ep0 maxpacket: 16 [ 575.285302][ T5278] [drm] Initialized udl on minor 2 [ 575.332772][ T941] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 575.382251][ T5278] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 575.415944][ T941] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 575.468254][T10013] overlayfs: missing 'lowerdir' [ 575.476118][ T941] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 575.479112][ T5278] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 575.485327][ T941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.505957][ T5281] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 575.567511][ T941] usb 5-1: config 0 descriptor?? [ 575.568202][ T5281] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 575.613744][ T5278] usb 1-1: USB disconnect, device number 21 [ 575.651398][ T941] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 575.685432][ T5281] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 575.717860][ T9806] team0: Port device team_slave_0 added [ 575.778590][ T9806] team0: Port device team_slave_1 added [ 576.349614][ T9806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 576.375273][ T9806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 576.591525][T10017] [U]  [ 576.715142][ T29] audit: type=1400 audit(1726750207.029:566): avc: denied { bind } for pid=10021 comm="syz.0.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 577.086129][ T9806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 577.112558][ T9806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 577.119929][ T9806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 577.148341][ T9806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 577.951948][ T941] kernel write not supported for file /sysvipc/shm (pid: 941 comm: kworker/1:2) [ 577.960049][ T9806] hsr_slave_0: entered promiscuous mode [ 577.975615][ T9806] hsr_slave_1: entered promiscuous mode [ 578.012044][T10042] netlink: 'syz.2.994': attribute type 1 has an invalid length. [ 578.066317][ T941] usb 5-1: USB disconnect, device number 9 [ 578.160110][T10042] bond6: entered promiscuous mode [ 578.207957][T10044] netlink: 8 bytes leftover after parsing attributes in process `syz.2.994'. [ 578.242638][T10042] netlink: 4 bytes leftover after parsing attributes in process `syz.2.994'. [ 578.261394][T10042] bond6: left promiscuous mode [ 578.274803][T10042] 8021q: adding VLAN 0 to HW filter on device bond6 [ 578.865861][ T29] audit: type=1400 audit(1726750209.349:567): avc: denied { read } for pid=10049 comm="syz.0.996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 578.948914][ T29] audit: type=1400 audit(1726750209.459:568): avc: denied { setopt } for pid=10049 comm="syz.0.996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 579.528979][T10059] netlink: 20 bytes leftover after parsing attributes in process `syz.3.997'. [ 581.181885][ T29] audit: type=1400 audit(1726750211.689:569): avc: denied { read } for pid=10086 comm="syz.2.1003" name="btrfs-control" dev="devtmpfs" ino=1119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 581.231798][ T29] audit: type=1400 audit(1726750211.719:570): avc: denied { open } for pid=10086 comm="syz.2.1003" path="/dev/btrfs-control" dev="devtmpfs" ino=1119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 581.246533][T10087] Invalid logical block size (4) [ 582.179060][ T9806] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 582.272311][ T9806] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 582.289560][ T9806] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 582.319379][T10096] overlayfs: missing 'lowerdir' [ 582.342426][ T9806] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 582.924433][ T9806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 583.023925][ T9806] 8021q: adding VLAN 0 to HW filter on device team0 [ 583.055369][ T2581] bridge0: port 1(bridge_slave_0) entered blocking state [ 583.062625][ T2581] bridge0: port 1(bridge_slave_0) entered forwarding state [ 583.175436][ T2581] bridge0: port 2(bridge_slave_1) entered blocking state [ 583.182759][ T2581] bridge0: port 2(bridge_slave_1) entered forwarding state [ 583.310603][ T941] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 583.385936][ T5278] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 583.547036][ T941] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 583.591211][ T941] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 583.615923][ T5278] usb 4-1: Using ep0 maxpacket: 32 [ 583.621638][ T941] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 583.648346][ T5278] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 583.685040][ T5278] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 583.689952][ T941] usb 1-1: config 0 interface 0 has no altsetting 0 [ 583.721025][ T5278] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 583.731250][ T941] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 583.731318][ T941] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 583.731353][ T941] usb 1-1: config 0 interface 0 has no altsetting 0 [ 583.764963][ T941] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 583.792217][ T5278] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 583.803696][ T5278] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 583.811504][ T941] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 583.815130][ T5278] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 583.881896][ T5278] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 583.918548][ T5278] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.933249][ T941] usb 1-1: config 0 interface 0 has no altsetting 0 [ 583.974474][ T941] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 583.985216][ T941] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 584.035491][ T5278] usb 4-1: config 0 descriptor?? [ 584.056988][ T941] usb 1-1: config 0 interface 0 has no altsetting 0 [ 584.087389][ T941] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 584.140396][ T941] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 584.182028][ T941] usb 1-1: config 0 interface 0 has no altsetting 0 [ 584.221647][ T941] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 584.248101][ T941] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 584.288550][ T5278] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 13 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 584.327395][ T941] usb 1-1: config 0 interface 0 has no altsetting 0 [ 584.359031][ T941] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 584.393362][ T941] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 584.458089][ T5278] usb 4-1: USB disconnect, device number 13 [ 584.484162][ T941] usb 1-1: config 0 interface 0 has no altsetting 0 [ 584.522867][ T5278] usblp0: removed [ 584.562271][T10143] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.1011'. [ 584.577316][ T941] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 584.597651][ T941] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 584.635654][ T9806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 584.661383][ T941] usb 1-1: config 0 interface 0 has no altsetting 0 [ 584.692202][ T941] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 584.723480][ T941] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 584.734449][ T941] usb 1-1: Product: syz [ 584.744628][ T941] usb 1-1: Manufacturer: syz [ 584.755360][ T941] usb 1-1: SerialNumber: syz [ 584.803593][ T941] usb 1-1: config 0 descriptor?? [ 584.835361][ T941] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 584.925954][ T5278] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 585.068375][ T9806] veth0_vlan: entered promiscuous mode [ 585.085120][ T1170] usb 1-1: USB disconnect, device number 22 [ 585.119846][ T1170] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 585.166149][ T5278] usb 4-1: Using ep0 maxpacket: 32 [ 585.173982][ T5278] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 585.184503][ T9806] veth1_vlan: entered promiscuous mode [ 585.196723][ T5278] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 585.244339][ T5278] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 585.306756][ T5278] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 585.348680][ T5278] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 585.379084][ T9806] veth0_macvtap: entered promiscuous mode [ 585.391102][ T5278] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 585.415256][ T9806] veth1_macvtap: entered promiscuous mode [ 585.436931][ T5278] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 585.451851][ T5278] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.654472][ T9806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 585.696942][ T5278] usb 4-1: config 0 descriptor?? [ 585.753765][ T9806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.817771][ T9806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 585.989157][ T5278] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 14 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 586.114048][ T9806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.232102][ T9806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 586.331185][ T941] usb 4-1: USB disconnect, device number 14 [ 586.355941][ T9806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.369506][ T941] usblp0: removed [ 586.385845][ T9806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 586.422810][ T9806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.459613][ T9806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 586.538908][ T9806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 586.585983][ T9806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.743570][ T9806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 586.843217][ T9806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.889226][ T29] audit: type=1400 audit(1726750217.399:571): avc: denied { setopt } for pid=10171 comm="syz.2.1017" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 586.895954][ T9806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 586.938747][ T29] audit: type=1400 audit(1726750217.439:572): avc: denied { write } for pid=10171 comm="syz.2.1017" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 586.945234][ T9806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.969937][ T9806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 586.991344][ T9806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.008143][ T9806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 587.103119][ T9806] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.123147][ T9806] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.163303][ T9806] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.169750][T10172] netlink: 'syz.2.1017': attribute type 2 has an invalid length. [ 587.172277][ T9806] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.229985][T10172] netlink: 'syz.2.1017': attribute type 1 has an invalid length. [ 587.834806][T10183] overlayfs: missing 'lowerdir' [ 587.840936][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 587.897476][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 591.621459][ T2519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 591.690643][ T2519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 592.919369][ T4613] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 593.674230][ T29] audit: type=1400 audit(1726750223.519:573): avc: denied { watch } for pid=10217 comm="syz.4.1026" path="/75/net_prio.prioidx" dev="tmpfs" ino=420 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 593.886708][ T29] audit: type=1400 audit(1726750223.519:574): avc: denied { watch_sb watch_reads } for pid=10217 comm="syz.4.1026" path="/75/net_prio.prioidx" dev="tmpfs" ino=420 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 594.425931][ T25] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 594.687832][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 594.750631][ T25] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 594.885420][ T29] audit: type=1400 audit(1726750225.379:575): avc: denied { setopt } for pid=10241 comm="syz.4.1030" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 594.946921][ T25] usb 2-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 595.007277][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.101677][ T25] usb 2-1: config 0 descriptor?? [ 595.870766][T10266] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1032'. [ 600.707077][ T5281] usb 2-1: USB disconnect, device number 8 [ 600.991920][T10277] netlink: 'syz.4.1035': attribute type 1 has an invalid length. [ 601.053857][T10277] bond1: entered promiscuous mode [ 601.093903][T10278] netlink: 'syz.1.1036': attribute type 1 has an invalid length. [ 601.124090][T10277] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1035'. [ 601.176295][ T5277] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 601.227924][T10277] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 601.259166][T10278] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1036'. [ 601.281048][T10278] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 601.340747][T10283] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1035'. [ 601.536136][ T25] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 601.689475][T10283] bond1: left promiscuous mode [ 601.771049][T10283] 8021q: adding VLAN 0 to HW filter on device bond1 [ 601.852153][ T25] usb 4-1: config 1 interface 0 has no altsetting 0 [ 602.020496][ T25] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 602.043912][T10278] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1036'. [ 602.058220][ T5277] usb 3-1: Using ep0 maxpacket: 8 [ 602.065948][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.092493][ T5277] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 602.109680][ T5277] usb 3-1: config 0 has no interface number 0 [ 602.132242][ T5277] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 602.137423][ T25] usb 4-1: Product: syz [ 602.166363][ T25] usb 4-1: Manufacturer: syz [ 602.171023][ T25] usb 4-1: SerialNumber: syz [ 602.194082][ T5277] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 602.220711][ T5277] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.251617][ T5277] usb 3-1: config 0 descriptor?? [ 602.301696][ T5277] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 602.354471][T10304] bio_check_eod: 2 callbacks suppressed [ 602.354484][T10304] syz.1.1041: attempt to access beyond end of device [ 602.354484][T10304] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 602.392419][T10304] syz.1.1041: attempt to access beyond end of device [ 602.392419][T10304] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 602.453647][T10304] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 602.487925][T10305] FAULT_INJECTION: forcing a failure. [ 602.487925][T10305] name failslab, interval 1, probability 0, space 0, times 0 [ 602.508563][T10302] dlm: no locking on control device [ 602.522848][ T5277] usb 3-1: USB disconnect, device number 10 [ 602.536917][T10304] syz.1.1041: attempt to access beyond end of device [ 602.536917][T10304] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 602.555935][ T5277] iowarrior 3-1:0.1: I/O-Warror #0 now disconnected [ 602.570507][T10302] netlink: 292 bytes leftover after parsing attributes in process `syz.0.1039'. [ 602.582841][T10305] CPU: 0 UID: 0 PID: 10305 Comm: syz.1.1041 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 602.593301][T10305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 602.603353][T10305] Call Trace: [ 602.606638][T10305] [ 602.609587][T10305] dump_stack_lvl+0x16c/0x1f0 [ 602.614267][T10305] should_fail_ex+0x497/0x5b0 [ 602.618965][T10305] ? fs_reclaim_acquire+0xae/0x160 [ 602.624099][T10305] should_failslab+0xc2/0x120 [ 602.628788][T10305] __kmalloc_noprof+0xcb/0x400 [ 602.633584][T10305] ? __pfx_lock_acquire+0x10/0x10 [ 602.638635][T10305] tomoyo_realpath_from_path+0xb9/0x720 [ 602.644202][T10305] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 602.649949][T10305] ? tomoyo_profile+0x47/0x60 [ 602.654620][T10305] tomoyo_path_number_perm+0x245/0x590 [ 602.660091][T10305] ? tomoyo_path_number_perm+0x232/0x590 [ 602.665741][T10305] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 602.671780][T10305] ? __fget_files+0x244/0x3f0 [ 602.676474][T10305] security_file_ioctl+0x9b/0x240 [ 602.681523][T10305] __x64_sys_ioctl+0xbb/0x210 [ 602.686209][T10305] do_syscall_64+0xcd/0x250 [ 602.690729][T10305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.696634][T10305] RIP: 0033:0x7f8261d7def9 [ 602.701141][T10305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 602.720755][T10305] RSP: 002b:00007f8262a93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 602.729179][T10305] RAX: ffffffffffffffda RBX: 00007f8261f36058 RCX: 00007f8261d7def9 [ 602.737158][T10305] RDX: 0000000000000000 RSI: 000000000000ab04 RDI: 0000000000000005 [ 602.745133][T10305] RBP: 00007f8262a93090 R08: 0000000000000000 R09: 0000000000000000 [ 602.753107][T10305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 602.761080][T10305] R13: 0000000000000000 R14: 00007f8261f36058 R15: 00007ffed7ec24f8 [ 602.769077][T10305] [ 602.847027][T10305] ERROR: Out of memory at tomoyo_realpath_from_path. [ 602.854041][T10304] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 602.996218][T10304] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 603.020366][T10304] UDF-fs: Scanning with blocksize 512 failed [ 603.050574][T10304] syz.1.1041: attempt to access beyond end of device [ 603.050574][T10304] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 603.102702][T10304] syz.1.1041: attempt to access beyond end of device [ 603.102702][T10304] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 603.104406][T10313] 9pnet: Found fid 0 not clunked [ 603.120937][T10304] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 603.189514][T10304] syz.1.1041: attempt to access beyond end of device [ 603.189514][T10304] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 603.215340][T10304] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 603.330832][T10304] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 603.360225][T10304] UDF-fs: Scanning with blocksize 1024 failed [ 603.486627][T10304] syz.1.1041: attempt to access beyond end of device [ 603.486627][T10304] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 603.517051][T10304] syz.1.1041: attempt to access beyond end of device [ 603.517051][T10304] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 603.615687][T10304] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 603.674738][T10304] syz.1.1041: attempt to access beyond end of device [ 603.674738][T10304] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 603.787574][T10304] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 603.848792][T10304] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 603.892728][T10304] UDF-fs: Scanning with blocksize 2048 failed [ 603.926510][T10304] syz.1.1041: attempt to access beyond end of device [ 603.926510][T10304] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 603.996209][T10304] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 604.017800][ T1170] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 604.152183][T10304] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 604.197638][T10304] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 604.291517][T10304] UDF-fs: Scanning with blocksize 4096 failed [ 604.335897][ T1170] usb 3-1: Using ep0 maxpacket: 8 [ 604.345299][T10304] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 604.379815][ T1170] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 604.414801][ T1170] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 604.457820][ T1170] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 604.493842][ T1170] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 604.707163][ T1170] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 604.772411][ T1170] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.037834][T10335] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1043'. [ 606.107929][ T1170] usb 3-1: GET_CAPABILITIES returned 0 [ 606.113649][ T1170] usbtmc 3-1:16.0: can't read capabilities [ 606.488955][T10344] netlink: 'syz.1.1045': attribute type 16 has an invalid length. [ 606.497334][T10344] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.1045'. [ 608.005431][ T5281] usb 3-1: USB disconnect, device number 11 [ 609.061640][ T25] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 15 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 609.077762][ T4613] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 611.943870][T10364] netlink: 'syz.2.1050': attribute type 1 has an invalid length. [ 612.282163][T10364] bond7: entered promiscuous mode [ 612.306193][T10369] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1050'. [ 612.550721][ T29] audit: type=1400 audit(1726750243.059:576): avc: denied { bind } for pid=10373 comm="syz.1.1053" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 613.374951][T10372] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1050'. [ 613.767347][T10372] bond7: left promiscuous mode [ 613.811334][T10372] 8021q: adding VLAN 0 to HW filter on device bond7 [ 613.877460][T10385] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 614.167119][T10389] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1055'. [ 615.025430][ T29] audit: type=1400 audit(1726750245.529:577): avc: denied { write } for pid=10392 comm="syz.0.1058" name="fb0" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 616.239858][ T29] audit: type=1400 audit(1726750246.749:578): avc: denied { mounton } for pid=10406 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 616.269328][ T8278] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 616.279154][ T8278] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 616.293521][ T8278] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 616.306550][ T8278] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 616.317312][ T29] audit: type=1400 audit(1726750246.819:579): avc: denied { map } for pid=10402 comm="syz.0.1059" path="socket:[33217]" dev="sockfs" ino=33217 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 616.343124][ T8278] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 616.350812][ T8278] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 617.136198][ T29] audit: type=1400 audit(1726750246.819:580): avc: denied { accept } for pid=10402 comm="syz.0.1059" path="socket:[33217]" dev="sockfs" ino=33217 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 617.638671][ T29] audit: type=1400 audit(1726750248.119:581): avc: denied { map } for pid=10410 comm="syz.2.1061" path="socket:[33258]" dev="sockfs" ino=33258 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 618.805256][ T8278] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 619.226502][ T8278] Bluetooth: hci3: command tx timeout [ 619.233296][T10406] chnl_net:caif_netlink_parms(): no params data found [ 619.643512][ T29] audit: type=1400 audit(1726750250.149:582): avc: denied { getopt } for pid=10436 comm="syz.2.1066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 619.941002][T10406] bridge0: port 1(bridge_slave_0) entered blocking state [ 619.957631][T10406] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.986627][T10406] bridge_slave_0: entered allmulticast mode [ 620.023691][T10406] bridge_slave_0: entered promiscuous mode [ 620.125621][T10447] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1067'. [ 620.843787][T10406] bridge0: port 2(bridge_slave_1) entered blocking state [ 620.855954][T10406] bridge0: port 2(bridge_slave_1) entered disabled state [ 620.877902][T10406] bridge_slave_1: entered allmulticast mode [ 620.895431][T10406] bridge_slave_1: entered promiscuous mode [ 620.913845][ T25] usb 4-1: USB disconnect, device number 15 [ 621.024888][ T25] usblp0: removed [ 621.794573][ T4613] Bluetooth: hci3: command tx timeout [ 622.530046][ T2973] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.696149][ T5281] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 622.725305][ T2973] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.761722][T10406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 622.775439][T10406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 622.873605][ T2973] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.886003][ T5281] usb 2-1: Using ep0 maxpacket: 8 [ 622.914742][ T5281] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 622.934140][ T5281] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 622.962021][ T5281] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 623.003870][ T5281] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 623.022226][ T5281] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 623.031841][ T5281] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.059917][T10406] team0: Port device team_slave_0 added [ 623.139257][T10406] team0: Port device team_slave_1 added [ 623.241046][ T2973] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.613109][T10406] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 623.701278][T10406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 623.762151][T10406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 623.874709][ T4613] Bluetooth: hci3: command 0x040f tx timeout [ 623.913102][T10406] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 623.980081][T10406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 624.189093][T10406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 624.264465][ T5281] usb 2-1: GET_CAPABILITIES returned 0 [ 624.279764][ T5281] usbtmc 2-1:16.0: can't read capabilities [ 624.789922][T10406] hsr_slave_0: entered promiscuous mode [ 624.849187][T10406] hsr_slave_1: entered promiscuous mode [ 624.882841][T10406] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 624.912193][T10406] Cannot create hsr debugfs directory [ 624.914764][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.009751][ T5232] usb 2-1: USB disconnect, device number 9 [ 625.561519][ T2973] bridge_slave_1: left allmulticast mode [ 625.580140][ T2973] bridge_slave_1: left promiscuous mode [ 625.598066][ T2973] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.635619][ T2973] bridge_slave_0: left allmulticast mode [ 625.645829][ T2973] bridge_slave_0: left promiscuous mode [ 625.668888][ T2973] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.697656][ T29] audit: type=1400 audit(1726750256.199:583): avc: denied { unmount } for pid=6057 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 625.869273][ T29] audit: type=1400 audit(1726750256.379:584): avc: denied { read } for pid=10485 comm="syz.2.1075" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 625.943475][ T29] audit: type=1400 audit(1726750256.379:585): avc: denied { open } for pid=10485 comm="syz.2.1075" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 625.967253][ T8278] Bluetooth: hci3: command 0x040f tx timeout [ 626.185086][ T29] audit: type=1400 audit(1726750256.409:586): avc: denied { read } for pid=10485 comm="syz.2.1075" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 626.219538][T10491] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 626.246905][ T29] audit: type=1400 audit(1726750256.409:587): avc: denied { open } for pid=10485 comm="syz.2.1075" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 626.706605][T10500] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1077'. [ 628.190283][ T8278] Bluetooth: hci3: command 0x040f tx timeout [ 628.269539][ T46] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 628.509880][ T46] usb 3-1: Using ep0 maxpacket: 16 [ 628.737857][ T46] usb 3-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 0.02 [ 628.758177][ T46] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 628.772614][ T46] usb 3-1: Product: syz [ 628.782727][ T46] usb 3-1: Manufacturer: syz [ 628.801011][ T46] usb 3-1: SerialNumber: syz [ 628.813409][ T46] usb 3-1: config 0 descriptor?? [ 629.392225][ T2973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 629.414662][ T2973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 629.432169][ T2973] bond0 (unregistering): Released all slaves [ 629.452799][ T2973] bond1 (unregistering): Released all slaves [ 629.520217][T10520] fuse: Bad value for 'fd' [ 629.900451][ T2973] bond2 (unregistering): Released all slaves [ 630.111989][ T2973] bond3 (unregistering): Released all slaves [ 630.329979][ T2973] bond4 (unregistering): Released all slaves [ 630.366474][T10498] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR [ 630.516465][ T25] usb 3-1: USB disconnect, device number 12 [ 631.040510][T10533] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1085'. [ 631.715106][T10532] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 631.793935][ T29] audit: type=1400 audit(1726750262.299:588): avc: denied { read } for pid=10535 comm="syz.4.1087" path="socket:[33532]" dev="sockfs" ino=33532 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 633.803649][T10544] netlink: 'syz.4.1089': attribute type 1 has an invalid length. [ 633.930934][T10544] bond2: entered promiscuous mode [ 634.129330][T10551] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1089'. [ 634.160656][T10551] bond2: left promiscuous mode [ 634.456917][T10551] 8021q: adding VLAN 0 to HW filter on device bond2 [ 634.596150][ T2973] hsr_slave_0: left promiscuous mode [ 634.624837][ T2973] hsr_slave_1: left promiscuous mode [ 634.649143][ T2973] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 634.687999][ T2973] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 635.497627][ T2973] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 635.532305][ T2973] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 635.707408][T10569] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1093'. [ 636.470592][ T2973] veth1_macvtap: left promiscuous mode [ 636.487297][ T2973] veth0_macvtap: left promiscuous mode [ 636.507171][ T2973] veth1_vlan: left promiscuous mode [ 636.512424][ T2973] veth0_vlan: left promiscuous mode [ 636.894936][ T29] audit: type=1400 audit(1726750267.389:589): avc: denied { ioctl } for pid=10567 comm="syz.4.1094" path="/dev/nullb0" dev="devtmpfs" ino=682 ioctlcmd=0x125f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 639.396285][ T46] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 639.624475][ T46] usb 3-1: Using ep0 maxpacket: 8 [ 639.643742][ T46] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 639.663926][ T46] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.688851][ T46] usb 3-1: Product: syz [ 639.693231][ T46] usb 3-1: Manufacturer: syz [ 639.703909][ T46] usb 3-1: SerialNumber: syz [ 639.733212][ T46] usb 3-1: config 0 descriptor?? [ 639.754045][ T46] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 639.808060][ T2973] team0 (unregistering): Port device team_slave_1 removed [ 639.902308][ T2973] team0 (unregistering): Port device team_slave_0 removed [ 640.297704][ T46] gspca_sonixj: reg_w1 err -110 [ 640.303589][ T46] sonixj 3-1:0.0: probe with driver sonixj failed with error -110 [ 641.117725][ T29] audit: type=1326 audit(1726750271.629:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b8017def9 code=0x7ffc0000 [ 641.179588][ T29] audit: type=1326 audit(1726750271.659:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b8017def9 code=0x7ffc0000 [ 641.245669][ T29] audit: type=1326 audit(1726750271.659:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f0b8017def9 code=0x7ffc0000 [ 641.307098][ T29] audit: type=1326 audit(1726750271.709:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b8017def9 code=0x7ffc0000 [ 641.364814][ T29] audit: type=1326 audit(1726750271.709:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b8017def9 code=0x7ffc0000 [ 641.394502][ T29] audit: type=1326 audit(1726750271.739:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0b8017def9 code=0x7ffc0000 [ 641.418745][ T29] audit: type=1326 audit(1726750271.739:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b8017def9 code=0x7ffc0000 [ 641.442977][ T29] audit: type=1326 audit(1726750271.739:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b8017def9 code=0x7ffc0000 [ 641.507210][ T29] audit: type=1326 audit(1726750271.749:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0b8017c890 code=0x7ffc0000 [ 641.543074][T10587] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1098'. [ 642.256234][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 642.256252][ T29] audit: type=1326 audit(1726750272.769:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0b8017dafb code=0x7ffc0000 [ 642.393519][ T29] audit: type=1326 audit(1726750272.889:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0b8017dafb code=0x7ffc0000 [ 642.430131][T10406] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 642.456065][ T5278] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 642.632579][T10406] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 642.646560][ T29] audit: type=1326 audit(1726750273.159:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0b8017dafb code=0x7ffc0000 [ 643.510584][T10406] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 643.525944][ T5278] usb 5-1: Using ep0 maxpacket: 32 [ 643.638388][ T25] usb 3-1: USB disconnect, device number 13 [ 643.644785][T10406] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 644.156256][ T29] audit: type=1400 audit(1726750274.659:606): avc: denied { create } for pid=10603 comm="syz.0.1102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 644.217167][ T29] audit: type=1400 audit(1726750274.669:607): avc: denied { ioctl } for pid=10603 comm="syz.0.1102" path="socket:[32635]" dev="sockfs" ino=32635 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 644.223246][T10606] binder: 10603:10606 ioctl c0306201 0 returned -14 [ 644.282385][T10607] binder: 10603:10607 ioctl 80045002 20000080 returned -22 [ 644.308139][T10607] Bluetooth: hci2: Frame reassembly failed (-84) [ 644.326852][ T12] Bluetooth: hci2: Frame reassembly failed (-84) [ 644.390833][T10406] 8021q: adding VLAN 0 to HW filter on device bond0 [ 644.433197][T10406] 8021q: adding VLAN 0 to HW filter on device team0 [ 644.478416][ T2551] bridge0: port 1(bridge_slave_0) entered blocking state [ 644.485736][ T2551] bridge0: port 1(bridge_slave_0) entered forwarding state [ 644.544047][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 644.551452][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 644.776525][ T5278] usb 5-1: device descriptor read/all, error -71 [ 644.946642][ T2973] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.312920][ T2973] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.664717][ T2973] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.714953][ T5230] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 645.728120][ T5230] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 645.740980][ T5230] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 645.749809][ T5230] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 645.762790][ T5230] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 645.771647][ T5230] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 645.833961][ T29] audit: type=1400 audit(1726750276.339:608): avc: denied { connect } for pid=10614 comm="syz.4.1106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 646.024374][ T2973] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 646.346037][ T8278] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 646.352645][ T5230] Bluetooth: hci2: command 0x1003 tx timeout [ 646.535198][ T29] audit: type=1400 audit(1726750277.029:609): avc: denied { connect } for pid=10623 comm="syz.4.1107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 646.611239][ T29] audit: type=1400 audit(1726750277.079:610): avc: denied { read } for pid=10623 comm="syz.4.1107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 646.698208][ T2973] bridge_slave_1: left allmulticast mode [ 646.725176][T10627] binder: 10626:10627 ioctl c018620c 20000040 returned -1 [ 646.726125][ T2973] bridge_slave_1: left promiscuous mode [ 646.744537][ T2973] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.768958][ T2973] bridge_slave_0: left allmulticast mode [ 646.774707][ T2973] bridge_slave_0: left promiscuous mode [ 646.781220][ T2973] bridge0: port 1(bridge_slave_0) entered disabled state [ 646.836634][ T29] audit: type=1400 audit(1726750277.349:611): avc: denied { ioctl } for pid=10626 comm="syz.2.1108" path="/dev/rtc0" dev="devtmpfs" ino=838 ioctlcmd=0x700c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 646.921631][ T5281] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 647.137030][ T5281] usb 5-1: Using ep0 maxpacket: 32 [ 647.148863][ T5281] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 647.160213][ T5281] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 647.172695][ T5281] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 647.183290][ T5281] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 647.193193][ T5281] usb 5-1: Product: syz [ 647.198597][ T5281] usb 5-1: Manufacturer: syz [ 647.281464][T10633] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1109'. [ 647.300359][ T5281] hub 5-1:4.0: USB hub found [ 647.870237][ T8278] Bluetooth: hci5: command tx timeout [ 649.946322][ T8278] Bluetooth: hci5: command tx timeout [ 651.154949][ T5281] hub 5-1:4.0: config failed, can't read hub descriptor (err -22) [ 651.230115][ T5281] usb 5-1: USB disconnect, device number 12 [ 651.252020][ T2973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 651.266232][ T2973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 651.283048][ T2973] bond0 (unregistering): Released all slaves [ 651.981473][T10406] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 652.109145][T10629] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1108'. [ 652.123956][T10629] (unnamed net_device) (uninitialized): peer notification delay (2) is not a multiple of miimon (129), value rounded to 0 ms [ 652.139171][T10629] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (511) [ 652.150942][T10629] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 652.359050][ T8278] Bluetooth: hci5: command tx timeout [ 654.567231][ T8278] Bluetooth: hci5: command tx timeout [ 655.331394][T10406] veth0_vlan: entered promiscuous mode [ 655.502538][ T2973] hsr_slave_0: left promiscuous mode [ 655.571881][ T2973] hsr_slave_1: left promiscuous mode [ 655.595056][ T2973] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 655.644841][ T2973] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 655.689773][ T2973] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 655.733029][ T2973] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 655.800632][ T2973] veth1_macvtap: left promiscuous mode [ 655.820523][ T2973] veth0_macvtap: left promiscuous mode [ 655.831203][ T2973] veth1_vlan: left promiscuous mode [ 655.840290][ T2973] veth0_vlan: left promiscuous mode [ 656.053949][T10664] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1116'. [ 656.070623][T10664] openvswitch: netlink: VXLAN extension 11 out of range max 1 [ 656.153031][T10665] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 664.466520][T10690] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1122'. [ 665.332786][ T29] audit: type=1400 audit(1726750295.839:612): avc: denied { execute } for pid=10675 comm="syz.0.1119" path="/dev/audio" dev="devtmpfs" ino=1094 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 665.921446][ T2973] team0 (unregistering): Port device team_slave_1 removed [ 666.044342][ T2973] team0 (unregistering): Port device team_slave_0 removed [ 667.644492][T10617] chnl_net:caif_netlink_parms(): no params data found [ 667.805245][T10406] veth1_vlan: entered promiscuous mode [ 668.001441][T10711] IPVS: set_ctl: invalid protocol: 2 127.0.0.1:0 [ 668.033278][ T1170] IPVS: starting estimator thread 0... [ 668.156254][T10714] IPVS: using max 20 ests per chain, 48000 per kthread [ 668.181650][T10617] bridge0: port 1(bridge_slave_0) entered blocking state [ 668.208962][T10617] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.219122][T10617] bridge_slave_0: entered allmulticast mode [ 668.270079][T10617] bridge_slave_0: entered promiscuous mode [ 668.362771][T10703] sp0: Synchronizing with TNC [ 668.384657][T10617] bridge0: port 2(bridge_slave_1) entered blocking state [ 668.424066][T10617] bridge0: port 2(bridge_slave_1) entered disabled state [ 668.441404][ T29] audit: type=1400 audit(1726750298.959:613): avc: denied { getopt } for pid=10712 comm="syz.0.1127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 668.455542][T10617] bridge_slave_1: entered allmulticast mode [ 668.502943][T10617] bridge_slave_1: entered promiscuous mode [ 668.542436][T10406] veth0_macvtap: entered promiscuous mode [ 668.633333][T10406] veth1_macvtap: entered promiscuous mode [ 668.787813][T10617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 668.883054][T10617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 669.029144][T10617] team0: Port device team_slave_0 added [ 669.072910][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 669.112226][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.125667][T10724] input: syz1 as /devices/virtual/input/input26 [ 669.133910][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 669.178934][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.205873][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 669.244042][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.321088][T10406] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 669.371936][T10617] team0: Port device team_slave_1 added [ 669.509651][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 669.523547][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.538033][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 669.550323][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.561328][T10406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 669.580615][T10406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.615221][T10406] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 669.635078][T10406] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.663189][T10406] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.694454][T10406] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.705398][T10406] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.817125][T10617] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 669.824266][T10617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 669.872355][T10617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 669.923562][T10617] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 669.931240][T10617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 669.995519][ T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 670.013123][T10617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 670.196537][T10738] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1133'. [ 670.945986][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 671.010521][ T9] usb 5-1: config 0 has an invalid interface number: 151 but max is 0 [ 671.025961][ T9] usb 5-1: config 0 has no interface number 0 [ 671.052230][ T9] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 671.061704][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 671.074919][ T9] usb 5-1: Product: syz [ 671.080624][ T9] usb 5-1: Manufacturer: syz [ 671.085339][ T9] usb 5-1: SerialNumber: syz [ 671.094524][ T9] usb 5-1: config 0 descriptor?? [ 671.119170][T10617] hsr_slave_0: entered promiscuous mode [ 671.137155][T10617] hsr_slave_1: entered promiscuous mode [ 672.633761][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 672.765411][T10758] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1137'. [ 673.526123][ T9] usb 5-1: USB disconnect, device number 13 [ 674.075145][ T5230] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 674.103472][ T5230] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 674.118314][ T5230] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 674.132115][ T5230] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 674.141190][ T5230] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 674.151745][ T5230] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 675.448602][T10772] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1140'. [ 675.475536][T10772] netem: invalid attributes len -16 [ 675.483068][T10772] netem: change failed [ 676.184870][T10782] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1142'. [ 676.198981][ T8278] Bluetooth: hci2: command tx timeout [ 676.842002][ T2528] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.824949][ T2528] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.276107][ T8278] Bluetooth: hci2: command tx timeout [ 679.438136][ T2528] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.783680][ T2528] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.354437][T10808] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 680.360798][T10808] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 680.367071][T10808] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 680.373076][T10808] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 680.386101][ T8278] Bluetooth: hci2: command tx timeout [ 680.520831][T10808] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 680.526722][T10617] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 680.553188][T10808] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 680.559655][T10808] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 680.568058][T10808] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 680.741294][T10617] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 680.879107][T10617] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 680.969838][T10617] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 680.998527][T10809] binder: 10804:10809 ioctl c0306201 200001c0 returned -14 [ 680.998603][ T29] audit: type=1400 audit(1726750311.509:614): avc: denied { create } for pid=10814 comm="syz.4.1150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 681.215951][ T2528] bridge_slave_1: left allmulticast mode [ 681.221629][ T2528] bridge_slave_1: left promiscuous mode [ 681.306026][ T2528] bridge0: port 2(bridge_slave_1) entered disabled state [ 681.347822][ T2528] bridge_slave_0: left allmulticast mode [ 681.374746][ T2528] bridge_slave_0: left promiscuous mode [ 681.397678][ T2528] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.435871][T10746] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 681.676900][T10746] usb 5-1: Using ep0 maxpacket: 16 [ 681.700012][T10746] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 681.730135][T10746] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 681.741461][T10746] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 681.751272][T10746] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.790683][ T29] audit: type=1400 audit(1726750312.299:615): avc: denied { execute } for pid=10820 comm="syz.0.1151" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=35469 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 681.794865][T10746] usb 5-1: config 0 descriptor?? [ 681.892702][ T29] audit: type=1326 audit(1726750312.399:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10823 comm="syz.2.1152" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f346ab7def9 code=0x0 [ 682.272373][ T5230] Bluetooth: hci0: command 0x0c1a tx timeout [ 682.432236][ T5230] Bluetooth: hci5: command 0x0c1a tx timeout [ 682.432418][ T8278] Bluetooth: hci1: command 0x0c1a tx timeout [ 682.440937][ T9] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 682.458863][T10818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 682.491491][T10818] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 682.521448][ T29] audit: type=1400 audit(1726750313.029:617): avc: denied { write } for pid=10814 comm="syz.4.1150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 682.525118][T10746] hid (null): bogus close delimiter [ 682.557714][T10746] hid (null): invalid report_count 58028 [ 682.563627][T10746] hid (null): unknown global tag 0xd [ 682.601684][T10746] hid-generic 0003:0158:0100.0006: unknown main item tag 0x0 [ 682.622031][T10746] hid-generic 0003:0158:0100.0006: unknown main item tag 0x0 [ 682.631282][T10746] hid-generic 0003:0158:0100.0006: bogus close delimiter [ 682.650021][T10746] hid-generic 0003:0158:0100.0006: item 0 0 2 10 parsing failed [ 682.656087][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 682.670360][T10746] hid-generic 0003:0158:0100.0006: probe with driver hid-generic failed with error -22 [ 682.676815][ T9] usb 3-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 682.710874][ T9] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 682.746597][ T8278] Bluetooth: hci2: command 0x0c1a tx timeout [ 682.757035][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 682.785850][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 682.793907][ T9] usb 3-1: SerialNumber: syz [ 682.843391][ T1170] usb 5-1: USB disconnect, device number 14 [ 682.850989][ T2528] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 682.870481][ T2528] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 682.872935][ T9] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 682.893639][ T9] usb-storage 3-1:1.0: USB Mass Storage device detected [ 682.894437][ T2528] bond0 (unregistering): Released all slaves [ 682.927241][ T9] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 682.935271][T10765] chnl_net:caif_netlink_parms(): no params data found [ 683.250988][ T29] audit: type=1400 audit(1726750313.759:618): avc: denied { map } for pid=10823 comm="syz.2.1152" path="socket:[34607]" dev="sockfs" ino=34607 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 683.334020][ T2528] hsr_slave_0: left promiscuous mode [ 683.403036][ T2528] hsr_slave_1: left promiscuous mode [ 683.481615][ T29] audit: type=1400 audit(1726750313.759:619): avc: denied { read } for pid=10823 comm="syz.2.1152" path="socket:[34607]" dev="sockfs" ino=34607 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 683.525290][ T2528] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 684.132109][ T2528] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 684.163616][ T2528] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 684.172105][ T2528] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 684.210127][ T2528] veth1_macvtap: left promiscuous mode [ 684.215700][ T2528] veth0_macvtap: left promiscuous mode [ 684.223605][ T2528] veth1_vlan: left promiscuous mode [ 684.229095][ T2528] veth0_vlan: left promiscuous mode [ 684.506200][ T8278] Bluetooth: hci5: command 0x0c1a tx timeout [ 684.827196][ T8278] Bluetooth: hci2: command 0x0c1a tx timeout [ 684.929410][ T1170] usb 3-1: USB disconnect, device number 14 [ 685.078441][ T2528] team0 (unregistering): Port device team_slave_1 removed [ 685.160096][ T2528] team0 (unregistering): Port device team_slave_0 removed [ 686.387702][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.606398][ T8278] Bluetooth: hci5: command 0x0c1a tx timeout [ 686.911879][ T8278] Bluetooth: hci2: command 0x0c1a tx timeout [ 687.160351][T10841] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1155'. [ 687.196359][T10835] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 687.202452][T10835] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 687.220708][T10835] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 687.227261][T10835] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 687.446929][T10765] bridge0: port 1(bridge_slave_0) entered blocking state [ 687.459184][T10765] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.471470][T10765] bridge_slave_0: entered allmulticast mode [ 687.484369][T10765] bridge_slave_0: entered promiscuous mode [ 687.504291][T10765] bridge0: port 2(bridge_slave_1) entered blocking state [ 687.514957][T10765] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.523535][T10765] bridge_slave_1: entered allmulticast mode [ 687.538262][T10765] bridge_slave_1: entered promiscuous mode [ 687.718471][T10864] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1161'. [ 688.064539][T10866] overlay: ./file0 is not a directory [ 688.070345][ T29] audit: type=1400 audit(1726750318.559:620): avc: denied { mount } for pid=10859 comm="syz.4.1162" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 688.638153][T10869] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1164'. [ 688.688669][T10765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 688.773499][T10765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 689.583816][ T5230] Bluetooth: hci5: command 0x0c1a tx timeout [ 689.585911][ T4613] Bluetooth: hci0: command 0x0c1a tx timeout [ 689.590176][ T5241] Bluetooth: hci2: command 0x0c1a tx timeout [ 689.595866][ T8278] Bluetooth: hci1: command 0x0c1a tx timeout [ 690.664497][T10765] team0: Port device team_slave_0 added [ 690.721218][T10765] team0: Port device team_slave_1 added [ 691.670604][T10617] 8021q: adding VLAN 0 to HW filter on device bond0 [ 691.723697][T10617] 8021q: adding VLAN 0 to HW filter on device team0 [ 691.899505][T10765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 691.909164][T10765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 692.276260][ T8] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 692.296607][T10765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 692.495932][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 692.522157][ T8] usb 3-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=f6.59 [ 692.583273][T10903] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 692.593300][T10765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 692.607264][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 692.615351][ T8] usb 3-1: Product: syz [ 692.629570][ T8] usb 3-1: Manufacturer: syz [ 692.631354][T10765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 692.634788][ T8] usb 3-1: SerialNumber: syz [ 692.696945][ T8] usb 3-1: config 0 descriptor?? [ 692.713961][T10765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 692.851568][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 692.858742][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 692.869659][ T8] peak_usb 3-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22 [ 692.895837][ T8] peak_usb 3-1:0.0: unable to read PCAN-USB serial number (err -22) [ 693.028214][T10765] hsr_slave_0: entered promiscuous mode [ 693.058326][T10765] hsr_slave_1: entered promiscuous mode [ 693.090288][T10765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 693.100902][T10765] Cannot create hsr debugfs directory [ 693.132701][ T2551] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.139884][ T2551] bridge0: port 2(bridge_slave_1) entered forwarding state [ 693.169800][ T8] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -22 [ 694.630019][ T9] usb 3-1: USB disconnect, device number 15 [ 694.748496][T10617] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 695.669987][T10765] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 695.692265][T10765] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 695.732706][T10765] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 695.771764][T10765] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 695.950786][T10617] veth0_vlan: entered promiscuous mode [ 696.025417][T10617] veth1_vlan: entered promiscuous mode [ 696.319370][T10617] veth0_macvtap: entered promiscuous mode [ 696.368980][T10617] veth1_macvtap: entered promiscuous mode [ 696.409200][T10765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 696.477928][T10617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 696.504160][T10617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.517255][T10617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 696.528995][T10617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.551173][T10617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 696.564778][T10617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.579932][T10617] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 696.646582][T10765] 8021q: adding VLAN 0 to HW filter on device team0 [ 696.700187][T10617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 696.721947][T10617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.739592][T10617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 696.755828][T10617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.769905][T10617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 696.783563][T10617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 696.807056][T10617] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 696.860370][T10617] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.895528][T10617] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.910825][T10617] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.922415][T10617] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.965162][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 696.972392][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 697.024717][ T2528] bridge0: port 2(bridge_slave_1) entered blocking state [ 697.031942][ T2528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 697.606248][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 697.635495][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 697.874191][ T2973] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 697.898788][ T2973] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 698.496431][T10746] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 698.504218][ T941] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 698.687634][T10746] usb 3-1: device descriptor read/64, error -71 [ 698.699660][T10765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 698.736236][ T941] usb 2-1: Using ep0 maxpacket: 16 [ 698.760108][ T941] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 698.785972][ T941] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 698.821191][ T941] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 698.834694][ T941] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.905048][ T941] usb 2-1: config 0 descriptor?? [ 698.916815][T10765] veth0_vlan: entered promiscuous mode [ 698.932411][ T941] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 698.989703][T10765] veth1_vlan: entered promiscuous mode [ 699.006205][T10746] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 699.175975][T10746] usb 3-1: device descriptor read/64, error -71 [ 699.257944][T10765] veth0_macvtap: entered promiscuous mode [ 699.291188][T10765] veth1_macvtap: entered promiscuous mode [ 699.334383][T10949] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 699.350768][T10746] usb usb3-port1: attempt power cycle [ 699.365224][T10765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 699.416894][T10765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 699.428722][T10765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 699.444561][T10765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 699.458187][T10765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 699.495190][T10765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 699.554980][T10765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 699.591605][ T29] audit: type=1400 audit(1726750330.099:621): avc: denied { compute_member } for pid=10954 comm="syz.4.1182" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 699.591815][T10765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 699.687508][T10765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 699.750339][T10765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 699.767086][T10765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 699.779949][T10765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 699.861864][T10765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 699.876501][T10746] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 699.929608][T10746] usb 3-1: device descriptor read/8, error -71 [ 699.937598][T10765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 699.998890][T10765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.028784][T10765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 700.073170][T10765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.132494][T10765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 700.141444][ T29] audit: type=1400 audit(1726750330.639:622): avc: denied { name_bind } for pid=10954 comm="syz.4.1182" src=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 700.194711][T10765] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.216627][T10765] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.245955][T10746] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 700.267909][T10765] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.278639][T10746] usb 3-1: device descriptor read/8, error -71 [ 700.290011][T10765] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.417502][T10746] usb usb3-port1: unable to enumerate USB device [ 700.604853][ T2551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 700.633807][ T2551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 700.697140][ T2973] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 700.706394][ T2973] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 700.959272][T10971] netlink: 'syz.3.1051': attribute type 11 has an invalid length. [ 701.775891][ T5232] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 701.869400][T10739] usb 2-1: USB disconnect, device number 10 [ 702.078446][ T5232] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 702.090024][ T5232] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 31, changing to 7 [ 702.102987][ T5232] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 702.144324][ T5232] usb 1-1: language id specifier not provided by device, defaulting to English [ 702.251158][ T5232] usb 1-1: New USB device found, idVendor=2013, idProduct=0251, bcdDevice=e8.6e [ 702.265183][ T5232] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 702.274161][ T5232] usb 1-1: Product: 䢉ಫߜ冿հࡷ [ 702.291142][ T5232] usb 1-1: SerialNumber: syz [ 702.395588][ T5232] usb 1-1: config 0 descriptor?? [ 702.460171][ T5232] em28xx 1-1:0.0: New device 䢉ಫߜ冿հࡷ @ 480 Mbps (2013:0251, interface 0, class 0) [ 702.492957][ T5232] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 702.544449][T10978] netlink: 'syz.3.1185': attribute type 1 has an invalid length. [ 702.600829][T10978] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 703.312322][T10986] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1185'. [ 703.576939][ T5232] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 703.589368][T10992] binder: 10987:10992 ioctl 4018620d 0 returned -22 [ 703.606017][ T5232] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 703.633951][ T5232] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 703.675874][ T5232] em28xx 1-1:0.0: No AC97 audio processor [ 703.826909][ T5232] usb 1-1: USB disconnect, device number 23 [ 703.850381][ T5232] em28xx 1-1:0.0: Disconnecting em28xx [ 703.874641][ T5232] em28xx 1-1:0.0: Freeing device [ 704.106162][T10998] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1191'. [ 704.146122][T10739] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 705.237114][T10739] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 705.263039][T10739] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 705.280082][T10739] usb 3-1: New USB device found, idVendor=05ac, idProduct=022a, bcdDevice= 0.00 [ 705.289436][T10739] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 705.300945][T10739] usb 3-1: config 0 descriptor?? [ 709.669231][T10739] appletouch 3-1:0.0: Failed to request geyser raw mode [ 709.679568][T10739] appletouch 3-1:0.0: probe with driver appletouch failed with error -5 [ 709.761528][T10739] usb 3-1: USB disconnect, device number 20 [ 712.931639][ T29] audit: type=1400 audit(1726750343.439:623): avc: denied { ioctl } for pid=11045 comm="syz.3.1208" path="socket:[36781]" dev="sockfs" ino=36781 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 713.100705][T11049] veth0_vlan: left promiscuous mode [ 713.117987][T11049] veth0_vlan: entered promiscuous mode [ 716.285941][ T941] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 716.529092][ T941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 716.556030][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 716.596514][ T1170] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 716.605050][ T941] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 716.636255][ T941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 716.654745][ T941] usb 5-1: config 0 descriptor?? [ 716.995443][ T1170] usb 1-1: Using ep0 maxpacket: 32 [ 717.061442][ T1170] usb 1-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=10.fe [ 717.180441][ T1170] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 717.292102][ T1170] usb 1-1: Product: syz [ 717.325560][ T1170] usb 1-1: Manufacturer: syz [ 717.614676][ T1170] usb 1-1: SerialNumber: syz [ 717.648811][ T941] usbhid 5-1:0.0: can't add hid device: -71 [ 717.655673][ T1170] usb 1-1: config 0 descriptor?? [ 717.675235][ T1170] ati_remote2 1-1:0.0: ati_remote2_probe(): interface 0 must have an endpoint [ 717.691684][ T941] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 717.771920][ T941] usb 5-1: USB disconnect, device number 15 [ 717.798146][T11092] netlink: 'syz.1.1221': attribute type 10 has an invalid length. [ 717.825095][T11092] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1221'. [ 718.086080][T11082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 718.102200][T11082] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 718.150115][ T29] audit: type=1400 audit(1726750348.659:624): avc: denied { bind } for pid=11091 comm="syz.1.1221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 718.171531][ T46] usb 1-1: USB disconnect, device number 24 [ 719.454332][T11104] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1224'. [ 719.549598][T11105] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11105 comm=syz.4.1224 [ 719.895857][ T29] audit: type=1400 audit(1726750350.359:625): avc: denied { getopt } for pid=11106 comm="syz.1.1225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 720.103057][T11104] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1224'. [ 720.258207][ T29] audit: type=1400 audit(1726750350.399:626): avc: denied { nlmsg_read } for pid=11101 comm="syz.4.1224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 720.436178][ T29] audit: type=1400 audit(1726750350.929:627): avc: denied { ioctl } for pid=11111 comm="syz.2.1227" path="socket:[37135]" dev="sockfs" ino=37135 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 720.625003][T11120] vlan2: entered promiscuous mode [ 720.636816][T11120] vlan2: entered allmulticast mode [ 728.239413][ T29] audit: type=1400 audit(1726750358.749:628): avc: denied { call } for pid=11156 comm="syz.1.1238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 728.264649][T11158] binder_alloc: 11156: binder_alloc_buf, no vma [ 728.300321][ T29] audit: type=1400 audit(1726750358.779:629): avc: denied { transfer } for pid=11156 comm="syz.1.1238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 728.333650][T11158] binder: 11156:11158 ioctl 7439 0 returned -22 [ 728.497390][ T1170] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 728.958079][ T1170] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 728.969352][ T1170] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 728.979435][ T1170] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 728.992983][ T1170] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.227574][T11155] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 729.609700][ T1170] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 729.816175][T11166] vxcan0: tx drop: invalid da for name 0x0000000000000004 [ 729.877352][T11171] Driver unsupported XDP return value 0 on prog (id 398) dev N/A, expect packet loss! [ 730.359583][ T1170] usb 5-1: USB disconnect, device number 16 [ 731.934475][T11189] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11189 comm=syz.2.1246 [ 731.976104][ T29] audit: type=1400 audit(1726750362.469:630): avc: denied { search } for pid=11187 comm="syz.3.1247" name="/" dev="configfs" ino=164 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 731.999823][T11192] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1246'. [ 732.014228][T11192] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11192 comm=syz.2.1246 [ 734.919789][T11207] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 735.226946][T11207] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 735.280460][T11207] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 735.494509][ T8278] Bluetooth: hci0: SCO packet for unknown connection handle 3072 [ 735.504890][T11207] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 736.477961][ T8278] Bluetooth: hci0: command 0x0c1a tx timeout [ 736.630598][T11221] input: syz1 as /devices/virtual/input/input28 [ 736.957832][T11232] FAULT_INJECTION: forcing a failure. [ 736.957832][T11232] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 736.971041][T11232] CPU: 0 UID: 0 PID: 11232 Comm: syz.1.1257 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 736.981489][T11232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 736.991561][T11232] Call Trace: [ 736.994863][T11232] [ 736.997813][T11232] dump_stack_lvl+0x16c/0x1f0 [ 737.002528][T11232] should_fail_ex+0x497/0x5b0 [ 737.007241][T11232] _copy_from_iter+0x2a1/0x1550 [ 737.012130][T11232] ? preempt_schedule_common+0x44/0xc0 [ 737.017624][T11232] ? __pfx__copy_from_iter+0x10/0x10 [ 737.022942][T11232] ? __virt_addr_valid+0x2d3/0x590 [ 737.028100][T11232] ? __virt_addr_valid+0x2e0/0x590 [ 737.033253][T11232] ? __virt_addr_valid+0x5e/0x590 [ 737.038306][T11232] ? const_folio_flags.constprop.0+0x56/0x150 [ 737.044408][T11232] ? __phys_addr_symbol+0x30/0x80 [ 737.049464][T11232] ? __check_object_size+0x497/0x720 [ 737.054796][T11232] netlink_sendmsg+0x813/0xd70 [ 737.059623][T11232] ? __pfx_netlink_sendmsg+0x10/0x10 [ 737.064948][T11232] ____sys_sendmsg+0xaaf/0xc90 [ 737.069739][T11232] ? copy_msghdr_from_user+0x10b/0x160 [ 737.075233][T11232] ? __pfx_____sys_sendmsg+0x10/0x10 [ 737.080552][T11232] ? __pfx___lock_acquire+0x10/0x10 [ 737.085802][T11232] ___sys_sendmsg+0x135/0x1e0 [ 737.090515][T11232] ? __pfx____sys_sendmsg+0x10/0x10 [ 737.095738][T11232] ? find_held_lock+0x2d/0x110 [ 737.100542][T11232] ? irqentry_exit+0x3b/0x90 [ 737.105153][T11232] ? lockdep_hardirqs_on+0x7c/0x110 [ 737.110404][T11232] ? __fget_light+0x173/0x210 [ 737.115117][T11232] __sys_sendmsg+0x117/0x1f0 [ 737.119754][T11232] ? __pfx___sys_sendmsg+0x10/0x10 [ 737.124909][T11232] ? __pfx___schedule+0x10/0x10 [ 737.129824][T11232] do_syscall_64+0xcd/0x250 [ 737.134354][T11232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.140283][T11232] RIP: 0033:0x7f8f2717def9 [ 737.144719][T11232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 737.164362][T11232] RSP: 002b:00007f8f27f1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 737.172807][T11232] RAX: ffffffffffffffda RBX: 00007f8f27336130 RCX: 00007f8f2717def9 [ 737.180804][T11232] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 737.188798][T11232] RBP: 00007f8f27f1a090 R08: 0000000000000000 R09: 0000000000000000 [ 737.196796][T11232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 737.204791][T11232] R13: 0000000000000000 R14: 00007f8f27336130 R15: 00007fffafbd14c8 [ 737.212804][T11232] [ 737.312597][ T4613] Bluetooth: hci1: command 0x0c1a tx timeout [ 737.318789][ T8278] Bluetooth: hci5: command 0x0c1a tx timeout [ 738.038909][ T4613] Bluetooth: hci2: command 0x0c1a tx timeout [ 738.586387][ T29] audit: type=1400 audit(1726750369.099:631): avc: denied { sqpoll } for pid=11258 comm="syz.1.1265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 738.671049][T11242] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 738.697702][ T29] audit: type=1400 audit(1726750369.209:632): avc: denied { create } for pid=11258 comm="syz.1.1265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 738.836120][ T46] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 739.056042][ T46] usb 5-1: Using ep0 maxpacket: 32 [ 739.089678][ T46] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 739.223744][ T46] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 739.233612][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 739.242294][ T46] usb 5-1: Product: syz [ 739.246746][ T46] usb 5-1: Manufacturer: syz [ 739.251678][ T46] usb 5-1: SerialNumber: syz [ 739.380068][T11242] kvm: pic: level sensitive irq not supported [ 739.380549][T11242] kvm: pic: non byte read [ 739.404941][T11242] kvm: pic: level sensitive irq not supported [ 739.405114][T11242] kvm: pic: non byte read [ 739.474483][T11242] kvm: pic: level sensitive irq not supported [ 739.474582][T11242] kvm: pic: non byte read [ 739.586334][T11242] kvm: pic: level sensitive irq not supported [ 739.587891][T11242] kvm: pic: non byte read [ 739.621988][T11257] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1264'. [ 739.669685][ T46] cdc_ncm 5-1:1.0: bind() failure [ 739.674295][T11242] kvm: pic: level sensitive irq not supported [ 739.690864][T11242] kvm: pic: non byte read [ 739.708369][ T46] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 739.742393][ T46] cdc_ncm 5-1:1.1: bind() failure [ 739.779629][ T46] usb 5-1: USB disconnect, device number 17 [ 741.696648][T11282] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 741.702761][T11282] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 741.765594][T11282] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 741.778553][T11282] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 743.846134][ T8278] Bluetooth: hci0: command 0x0c1a tx timeout [ 743.852241][ T8278] Bluetooth: hci1: command 0x0c1a tx timeout [ 743.858347][ T4613] Bluetooth: hci2: command 0x0c1a tx timeout [ 743.858711][ T8278] Bluetooth: hci5: command 0x0c1a tx timeout [ 746.007201][ T8] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 746.605868][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 746.893583][ T8] usb 1-1: config 0 has an invalid interface number: 186 but max is 0 [ 746.912815][ T8] usb 1-1: config 0 has no interface number 0 [ 746.926310][ T8] usb 1-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 746.969892][ T8] usb 1-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 747.468708][ T8] usb 1-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 108, changing to 10 [ 747.541943][ T8] usb 1-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid maxpacket 8949, setting to 1024 [ 747.557815][ T8] usb 1-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 747.616405][ T8] usb 1-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 747.649864][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 747.713529][ T8] usb 1-1: Product: syz [ 747.752308][ T8] usb 1-1: Manufacturer: syz [ 747.793779][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.834417][ T8] usb 1-1: SerialNumber: syz [ 747.881604][ T8] usb 1-1: config 0 descriptor?? [ 749.626008][T11353] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 749.632303][ T8278] Bluetooth: hci0: command 0x0c1a tx timeout [ 749.688680][ T29] audit: type=1400 audit(1726750380.179:633): avc: denied { setopt } for pid=11363 comm="syz.3.1292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 750.043206][T11353] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 750.068517][T11353] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 750.088152][T11353] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 750.277462][T11373] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1293'. [ 750.524863][ T29] audit: type=1400 audit(1726750380.779:634): avc: denied { write } for pid=11369 comm="syz.1.1293" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 751.785889][ T8278] Bluetooth: hci1: command 0x0c1a tx timeout [ 751.840782][ T8] iowarrior 1-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0 [ 752.005068][ T8] usb 1-1: USB disconnect, device number 25 [ 752.060658][ T8] iowarrior 1-1:0.186: I/O-Warror #0 now disconnected [ 752.176205][ T8278] Bluetooth: hci2: command 0x0c1a tx timeout [ 752.182434][ T8278] Bluetooth: hci5: command 0x0c1a tx timeout [ 753.782786][ T8] usb 1-1: new low-speed USB device number 26 using dummy_hcd [ 754.494729][T11407] FAULT_INJECTION: forcing a failure. [ 754.494729][T11407] name failslab, interval 1, probability 0, space 0, times 0 [ 754.652874][T11407] CPU: 0 UID: 0 PID: 11407 Comm: syz.1.1303 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 754.663363][T11407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 754.673446][T11407] Call Trace: [ 754.676759][T11407] [ 754.679715][T11407] dump_stack_lvl+0x16c/0x1f0 [ 754.684443][T11407] should_fail_ex+0x497/0x5b0 [ 754.689167][T11407] ? fs_reclaim_acquire+0xae/0x160 [ 754.694332][T11407] should_failslab+0xc2/0x120 [ 754.699046][T11407] kmem_cache_alloc_lru_noprof+0x72/0x2f0 [ 754.704798][T11407] ? __d_alloc+0x31/0xaa0 [ 754.709168][T11407] __d_alloc+0x31/0xaa0 [ 754.713356][T11407] d_alloc+0x4a/0x1e0 [ 754.717362][T11407] lookup_one_qstr_excl+0xcb/0x190 [ 754.722499][T11407] filename_create+0x1ed/0x530 [ 754.727282][T11407] ? __pfx_filename_create+0x10/0x10 [ 754.732622][T11407] do_mknodat+0x18e/0x5d0 [ 754.736988][T11407] ? __pfx_do_mknodat+0x10/0x10 [ 754.741859][T11407] ? getname_flags.part.0+0x1c5/0x550 [ 754.747263][T11407] __x64_sys_mknodat+0xaf/0xe0 [ 754.752054][T11407] do_syscall_64+0xcd/0x250 [ 754.756575][T11407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.762498][T11407] RIP: 0033:0x7f8f2717def9 [ 754.766933][T11407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 754.786556][T11407] RSP: 002b:00007f8f27f5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 754.794988][T11407] RAX: ffffffffffffffda RBX: 00007f8f27335f80 RCX: 00007f8f2717def9 [ 754.802975][T11407] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 754.810961][T11407] RBP: 00007f8f27f5c090 R08: 0000000000000000 R09: 0000000000000000 [ 754.818964][T11407] R10: 0000000000000103 R11: 0000000000000246 R12: 0000000000000001 [ 754.826958][T11407] R13: 0000000000000000 R14: 00007f8f27335f80 R15: 00007fffafbd14c8 [ 754.835051][T11407] [ 754.855827][ T8] usb 1-1: device descriptor read/64, error -71 [ 755.315020][ T8] usb 1-1: new low-speed USB device number 27 using dummy_hcd [ 755.506527][T11412] veth0_vlan: entered allmulticast mode [ 755.881582][T11425] Bluetooth: MGMT ver 1.23 [ 755.928921][ T29] audit: type=1400 audit(1726750386.369:635): avc: denied { write } for pid=11419 comm="syz.3.1306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 756.352493][T11434] FAULT_INJECTION: forcing a failure. [ 756.352493][T11434] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 756.368095][T11434] CPU: 1 UID: 0 PID: 11434 Comm: syz.2.1309 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 756.378561][T11434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 756.388675][T11434] Call Trace: [ 756.391951][T11434] [ 756.394875][T11434] dump_stack_lvl+0x16c/0x1f0 [ 756.399558][T11434] should_fail_ex+0x497/0x5b0 [ 756.404248][T11434] _copy_from_iter+0x2a1/0x1550 [ 756.409115][T11434] ? __alloc_skb+0x1fe/0x380 [ 756.413707][T11434] ? __pfx__copy_from_iter+0x10/0x10 [ 756.419001][T11434] ? __virt_addr_valid+0x5e/0x590 [ 756.424028][T11434] ? __phys_addr_symbol+0x30/0x80 [ 756.429055][T11434] ? __check_object_size+0x497/0x720 [ 756.434350][T11434] netlink_sendmsg+0x813/0xd70 [ 756.439128][T11434] ? __pfx_netlink_sendmsg+0x10/0x10 [ 756.444420][T11434] ? __pfx_netlink_sendmsg+0x10/0x10 [ 756.449713][T11434] ____sys_sendmsg+0xaaf/0xc90 [ 756.454477][T11434] ? copy_msghdr_from_user+0x10b/0x160 [ 756.459945][T11434] ? __pfx_____sys_sendmsg+0x10/0x10 [ 756.465236][T11434] ? __pfx___lock_acquire+0x10/0x10 [ 756.470532][T11434] ___sys_sendmsg+0x135/0x1e0 [ 756.475229][T11434] ? __pfx____sys_sendmsg+0x10/0x10 [ 756.480459][T11434] ? find_held_lock+0x2d/0x110 [ 756.485243][T11434] ? ksys_write+0x21c/0x260 [ 756.489756][T11434] ? __fget_light+0x173/0x210 [ 756.494443][T11434] __sys_sendmsg+0x117/0x1f0 [ 756.499047][T11434] ? __pfx___sys_sendmsg+0x10/0x10 [ 756.504182][T11434] do_syscall_64+0xcd/0x250 [ 756.508721][T11434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.514624][T11434] RIP: 0033:0x7f346ab7def9 [ 756.519039][T11434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 756.538651][T11434] RSP: 002b:00007f346b929038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 756.547062][T11434] RAX: ffffffffffffffda RBX: 00007f346ad36130 RCX: 00007f346ab7def9 [ 756.555031][T11434] RDX: 0000000000000000 RSI: 00000000200012c0 RDI: 0000000000000003 [ 756.563001][T11434] RBP: 00007f346b929090 R08: 0000000000000000 R09: 0000000000000000 [ 756.570974][T11434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 756.578956][T11434] R13: 0000000000000000 R14: 00007f346ad36130 R15: 00007ffd68757738 [ 756.586937][T11434] [ 756.589988][ C1] vkms_vblank_simulate: vblank timer overrun [ 756.987447][ T8278] Bluetooth: hci2: command 0x0c1a tx timeout [ 757.803905][T11431] netlink: 'syz.1.1310': attribute type 4 has an invalid length. [ 757.901604][T11431] wg2: entered promiscuous mode [ 757.919978][T11431] wg2: entered allmulticast mode [ 758.237213][T11449] netlink: 'syz.2.1314': attribute type 1 has an invalid length. [ 758.245048][T11449] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1314'. [ 758.254253][T11449] NCSI netlink: No device for ifindex 0 [ 759.303310][ T29] audit: type=1400 audit(1726750389.749:636): avc: denied { listen } for pid=11456 comm="syz.0.1317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 761.310297][ T8278] list_del corruption, ffff88801febb580->next is LIST_POISON1 (dead000000000100) [ 761.321600][ T8278] ------------[ cut here ]------------ [ 761.327131][ T8278] kernel BUG at lib/list_debug.c:56! [ 761.332442][ T8278] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 761.339366][ T8278] CPU: 1 UID: 0 PID: 8278 Comm: kworker/u9:2 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 761.349854][ T8278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 761.359903][ T8278] Workqueue: hci2 hci_conn_timeout [ 761.365016][ T8278] RIP: 0010:__list_del_entry_valid_or_report+0x108/0x1c0 [ 761.372031][ T8278] Code: c7 c7 80 1b b1 8b e8 c7 c6 dd fc 90 0f 0b 48 c7 c7 e0 1b b1 8b e8 b8 c6 dd fc 90 0f 0b 48 c7 c7 40 1c b1 8b e8 a9 c6 dd fc 90 <0f> 0b 48 89 ca 48 c7 c7 a0 1c b1 8b e8 97 c6 dd fc 90 0f 0b 48 89 [ 761.391648][ T8278] RSP: 0018:ffffc90003a1fbe0 EFLAGS: 00010286 [ 761.397814][ T8278] RAX: 000000000000004e RBX: ffff88801febb580 RCX: ffffffff816c6699 [ 761.405782][ T8278] RDX: 0000000000000000 RSI: ffffffff816cf7b6 RDI: 0000000000000005 [ 761.413830][ T8278] RBP: ffff88805f5a8000 R08: 0000000000000005 R09: 0000000000000000 [ 761.421790][ T8278] R10: 0000000080000000 R11: 0000000000000001 R12: ffff88801febb588 [ 761.429754][ T8278] R13: dffffc0000000000 R14: ffff88805f5a8618 R15: ffff88801febb580 [ 761.437718][ T8278] FS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000 [ 761.446651][ T8278] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 761.453232][ T8278] CR2: 00000000202f5000 CR3: 0000000060a82000 CR4: 00000000003506f0 [ 761.461222][ T8278] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 761.469186][ T8278] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 761.477148][ T8278] Call Trace: [ 761.480417][ T8278] [ 761.483337][ T8278] ? show_regs+0x8c/0xa0 [ 761.487582][ T8278] ? die+0x36/0xa0 [ 761.491308][ T8278] ? do_trap+0x232/0x430 [ 761.495563][ T8278] ? __list_del_entry_valid_or_report+0x108/0x1c0 [ 761.501986][ T8278] ? __list_del_entry_valid_or_report+0x108/0x1c0 [ 761.508392][ T8278] ? do_error_trap+0xf4/0x230 [ 761.513064][ T8278] ? __list_del_entry_valid_or_report+0x108/0x1c0 [ 761.519471][ T8278] ? handle_invalid_op+0x34/0x40 [ 761.524404][ T8278] ? __list_del_entry_valid_or_report+0x108/0x1c0 [ 761.530807][ T8278] ? exc_invalid_op+0x2e/0x50 [ 761.535478][ T8278] ? asm_exc_invalid_op+0x1a/0x20 [ 761.540503][ T8278] ? __wake_up_klogd.part.0+0x99/0xf0 [ 761.545874][ T8278] ? vprintk+0x86/0xa0 [ 761.549940][ T8278] ? __list_del_entry_valid_or_report+0x108/0x1c0 [ 761.556345][ T8278] _hci_cmd_sync_cancel_entry.constprop.0+0x80/0x1d0 [ 761.563015][ T8278] hci_cancel_connect_sync+0x103/0x2c0 [ 761.568472][ T8278] hci_abort_conn+0x163/0x340 [ 761.573143][ T8278] hci_conn_timeout+0x1ab/0x220 [ 761.577985][ T8278] process_one_work+0x9c5/0x1b40 [ 761.582927][ T8278] ? __pfx_lock_acquire+0x10/0x10 [ 761.587947][ T8278] ? __pfx_process_one_work+0x10/0x10 [ 761.593317][ T8278] ? assign_work+0x1a0/0x250 [ 761.597914][ T8278] worker_thread+0x6c8/0xf00 [ 761.602500][ T8278] ? __kthread_parkme+0x148/0x220 [ 761.607516][ T8278] ? __pfx_worker_thread+0x10/0x10 [ 761.612615][ T8278] kthread+0x2c1/0x3a0 [ 761.616675][ T8278] ? _raw_spin_unlock_irq+0x23/0x50 [ 761.621870][ T8278] ? __pfx_kthread+0x10/0x10 [ 761.626452][ T8278] ret_from_fork+0x45/0x80 [ 761.630866][ T8278] ? __pfx_kthread+0x10/0x10 [ 761.635448][ T8278] ret_from_fork_asm+0x1a/0x30 [ 761.640218][ T8278] [ 761.643224][ T8278] Modules linked in: [ 761.647154][ C1] vkms_vblank_simulate: vblank timer overrun [ 761.654353][ T8278] ---[ end trace 0000000000000000 ]--- [ 761.659859][ T8278] RIP: 0010:__list_del_entry_valid_or_report+0x108/0x1c0 [ 761.666913][ T8278] Code: c7 c7 80 1b b1 8b e8 c7 c6 dd fc 90 0f 0b 48 c7 c7 e0 1b b1 8b e8 b8 c6 dd fc 90 0f 0b 48 c7 c7 40 1c b1 8b e8 a9 c6 dd fc 90 <0f> 0b 48 89 ca 48 c7 c7 a0 1c b1 8b e8 97 c6 dd fc 90 0f 0b 48 89 [ 761.686568][ T8278] RSP: 0018:ffffc90003a1fbe0 EFLAGS: 00010286 [ 761.692690][ T8278] RAX: 000000000000004e RBX: ffff88801febb580 RCX: ffffffff816c6699 [ 761.701582][ T8278] RDX: 0000000000000000 RSI: ffffffff816cf7b6 RDI: 0000000000000005 [ 761.709702][ T8278] RBP: ffff88805f5a8000 R08: 0000000000000005 R09: 0000000000000000 [ 761.717700][ T8278] R10: 0000000080000000 R11: 0000000000000001 R12: ffff88801febb588 [ 761.725678][ T8278] R13: dffffc0000000000 R14: ffff88805f5a8618 R15: ffff88801febb580 [ 761.733707][ T8278] FS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000 [ 761.742684][ T8278] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 761.749294][ T8278] CR2: 00000000202f5000 CR3: 0000000060a82000 CR4: 00000000003506f0 [ 761.757498][ T8278] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 761.765458][ T8278] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 761.773475][ T8278] Kernel panic - not syncing: Fatal exception [ 761.779773][ T8278] Kernel Offset: disabled [ 761.784093][ T8278] Rebooting in 86400 seconds..