last executing test programs: 2m49.470273704s ago: executing program 4 (id=1110): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="c40000", @ANYRES16=r0, @ANYBLOB="01000000000000000000100000002c000280060002004e2000000800090010000000060002004e210000080007000101000006000f000700000008000400ff7fffff1400028008000600020000"], 0xc4}}, 0x0) 2m49.088982278s ago: executing program 4 (id=1112): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b00000079beccbd83b6110ab10000000000ff00000000000000000000cfe228d8080000000000", @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x88081, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000001140)={0x28, 0x2, r2, 0x0, &(0x7f0000000000)='p', 0xb6299679db8e922f, 0x2823}) sched_setaffinity(0x0, 0x8, &(0x7f0000000540)=0xb1e) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) r5 = openat$snapshot(0xffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r5, 0x400c330d, &(0x7f0000000640)={0x61, 0x3ff}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r6) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x2000000, 0x0) r7 = inotify_init1(0x0) fcntl$setown(r7, 0x8, 0xffffffffffffffff) fcntl$getownex(r7, 0x10, &(0x7f0000000140)) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380), 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0x18, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000001fcffff000000ea090000004570200001000000186000000d00000000000000030000008500000057000000b7080000000000007b8af8ff00000000b7080000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffff", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r3, @ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x3c61, 0x62, &(0x7f0000000300)=""/98, 0x41100, 0x60, '\x00', 0x0, 0x25, r8, 0x8, &(0x7f00000003c0)={0x3, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000400)=[r0, 0xffffffffffffffff, r0], &(0x7f0000000440)=[{0x0, 0x5, 0x10, 0xa}, {0x4, 0x4, 0xb, 0x7}, {0x0, 0x5, 0x9, 0xa}, {0x3, 0x1, 0x0, 0x5}, {0x0, 0x1, 0xd, 0x7}], 0x10, 0x6, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000002c00000000", @ANYRES64=r7, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, @void, @value}, 0x90) r9 = fsopen(&(0x7f0000000000)='ceph\x00', 0x0) munlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='auto_da_alloc', 0x0) openat$tcp_congestion(0xffffff9c, &(0x7f00000004c0), 0x1, 0x0) 2m46.391052149s ago: executing program 4 (id=1116): gettid() r0 = getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067000000050000", @ANYRES8=0x0], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000000400)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2db, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="ff070852a30635524f5881970e4e9882f29546715b4e54aefd803b36d4c1d658cd2aa7aeb8165715d76548e013298a9ed122b5f7e654b7ba91ff71939c87169f422a9658229ea985afb27ca7838bd6d5194ff70ad17a04835bbc148d216e174945cc4ff8eab7ec2b31ab636b4d1eed1898798e1eba268a98cb295ef7b876c2c9ffd6f84376e276614c7ae6d85095dd1e12bf1b17c6867ec20039f3e8d27014eb90a4ec779e6e6c", @ANYRES16=r3, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000000000d0001007564703a73797a3200000000"], 0x54}}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = syz_clone(0x58060200, &(0x7f0000000080)="91105cff112598770c", 0x9, &(0x7f0000000240), 0x0, &(0x7f0000000480)) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r5, 0x0, 0x0) r6 = socket$inet6(0xa, 0x0, 0x0) r7 = dup2(r6, r6) r8 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r8, &(0x7f0000000040)={&(0x7f00000000c0)={0x2, 0x4001, @loopback}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000005c) setsockopt$sock_attach_bpf(r8, 0x1, 0xd, &(0x7f0000000080), 0x24) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r10 = accept4(r9, 0x0, 0x0, 0x0) sendmsg$kcm(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000200)="7f96be1030f2a6a5e2c9b768ae8349417d7b72e2dfe0002c43ae001897d43052cae96064b55c8a04c6ad7f72cc5e3f5aba5b2320b7ca", 0x36}, {&(0x7f0000000640)="0d58fa00a4a25557616d6ad626d271bcc615561efebc4402c751263a6048a6cc870c57", 0x23}], 0x2}, 0x8010) sendmmsg$alg(r10, &(0x7f0000000400)=[{0x0, 0x0, 0x0}], 0x1, 0x0) recvmmsg(r10, &(0x7f0000002440)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001ec0)=[{&(0x7f0000000ec0)=""/4096, 0x1000}], 0x1}, 0xfffffffd}], 0x2, 0x163, 0x0) close(r8) getsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f0000000440)={{{@in=@broadcast, @in6=@mcast1}}, {{@in=@loopback}, 0x0, @in=@remote}}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000c40)="c10e020022003505d25a806f8c6394f90435fc60040011000a740100053582c137153e3702", 0x25}], 0x1}, 0x20004085) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2m42.959626293s ago: executing program 4 (id=1122): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$kcm(0x2, 0x200000000000004, 0x106) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x6395459081ea675d, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x39, 0x0, "b0fd7b07ff8a216915a8d3215a3225178096acf74c85ad01ba95fd9d0543750fb5a62a045888e8febca073f1f821abb8083f4d192383c47b3800abd4d841e2d4b56039653b95d0cd0a00a6ea35bdfaf6"}, 0xd8) r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0) ioctl$TCSETAF(r3, 0x5408, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "f6a6756c9832488c"}) writev(r3, &(0x7f0000000040)=[{&(0x7f0000000400)="1876d433b8c266f9be2253e7c12fc9ea10343a19c358547a9357a174911e926c57b51eab3d0a4a2297653ac0c62201010000881a8789adddd1ca89ebd8632972a4f65ad1505ed06b6785508eb1dee994d18b084ef189ce72b079ed03ef849c46e3dedf604c01fae7c32f782dd9a45993a0798444d6ba181f2546b88893bf12575b27c1af55a55c55ca8855d5dc89db3e110430d10f429cc423ff64acc9fdb59a76caf809ce3c954f8a9618ebe5c3253e888feae6cc381ecb4a64085e24c48cf5ae9c5125d58d78ab2b70ec9216b42cf69b0cd34aa9a9b8e32e1841f19a7d38ce8de4d6d24b1a239ccfbb0935e4db5f50c9b8ebdf158eb582b914857522de035110521a268d3fa0888ebd65ab9b382f0d66bd42713338b2fa1029851d62af03f2bcf6034cf0287f10c84c967bae32a79fbf90122d41a622c0fa8a0fae4ffa55df5ec7ebb0708dbb6148f2cde6d128018a0efa8598fa29ac80c6642d52c6f6b979e8fe5e1fbe7615ca1bc31f2bc541b3f67f129a490900000004ab65b661139a2d66fbe14888b28fb681b11cd33e07a04cee7fa461932185531acd971e41d0eaed454f6b4520963c5d21b889764986530174051ddeca7547b3aeb0ed720e20099fbeec90859a9f22b9229f72fb45e62fb2c7048099eb484eda", 0x1d8}], 0x1) sendto$inet6(0xffffffffffffffff, &(0x7f00000008c0)="44f9b108b1cdc885c9c533ca1f474bec8bfef1df1e2da71e000000000000000015378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a54049f0c85d92d7083fd38844cbb0c6c5eb508dd50bf3074fb0d775da4df5a3fda0800002eeb6b923da9d0e25b80f76a8736dab5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57b926ac959a5628c45088fbe0c87fbe6cbcda4662d2a16e1ae119edeedfaf44ea22ab6be3ef6a88d7e1e05898257b8c0edffe0f555bd7a0926f53da790f3bc8f428803ef4fb5ef4278af8c797d33f48a7d7f4331e96d899a03c24bebf28d41ca4615a415cc99d8c01a84e36c13917fdebe2f8c19793ea7920e3957abe652803aaafd0b6930857682048822aa6f1b11da93db97a1e6d5b96bf2a4037e4d49e655c91d365a5bdce83ac017963ab754d9a7837eca49312beaaabea4cc63c57b26c073030ed", 0x15b, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000001900)={0x0, 0x0, 0x0}, 0x0) syz_open_procfs$namespace(0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='inet_sock_set_state\x00', r4}, 0x10) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0xc) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x4, 0x4) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000000)=0x8, 0x4) r6 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r6, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) 2m33.631632412s ago: executing program 4 (id=1130): openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r3 = syz_open_procfs(r2, &(0x7f0000000040)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r3, 0x40286608, &(0x7f0000000180)={@id={0x40000, 0x0, @b}}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) pipe(0x0) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x15, 0x301, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) r6 = socket(0x8000000010, 0x2, 0x0) write(r6, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) r7 = socket(0x840000000002, 0x3, 0x100) connect$inet(r7, &(0x7f00000005c0)={0x2, 0x0, @local}, 0x10) symlinkat(&(0x7f0000000440)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000480)='./file0\x00') r8 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}}, 0x0) ioctl$sock_inet_SIOCSARP(r8, 0x8955, &(0x7f0000000180)={{0x2, 0x0, @remote}, {0x20000010304, @dev}, 0x4, {0x2, 0x0, @multicast1=0xe000cc02}}) 2m27.319939525s ago: executing program 4 (id=1135): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1}}], 0x4000210, 0x2, 0x0) r1 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002", @ANYRES8=r0, @ANYRES8=r0], 0x0) syz_usb_disconnect(r1) r2 = syz_usb_connect(0x0, 0x4a, &(0x7f00000000c0)=ANY=[], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0x88, &(0x7f0000000040)=ANY=[]) r3 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r3, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @local, 0x1}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @local}], 0x1c) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r5, 0x0) read$char_usb(r4, &(0x7f00000008c0)=""/206, 0xce) write$P9_RREADLINK(r5, &(0x7f0000000080)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) 2m18.794297321s ago: executing program 3 (id=1141): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0x80111500, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, 0x930, 0x2, 0x10010, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r2, 0x8008ae9d, &(0x7f0000000240)=""/4096) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close(0x3) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) close(0x4) 2m18.174897483s ago: executing program 3 (id=1143): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b00000079beccbd83b6110ab10000000000ff00000000000000000000cfe228d8080000000000", @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x88081, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000001140)={0x28, 0x2, r2, 0x0, &(0x7f0000000000)='p', 0xb6299679db8e922f, 0x2823}) sched_setaffinity(0x0, 0x8, &(0x7f0000000540)=0xb1e) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) r5 = openat$snapshot(0xffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r5, 0x400c330d, &(0x7f0000000640)={0x61, 0x3ff}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r6) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x2000000, 0x0) r7 = inotify_init1(0x0) fcntl$setown(r7, 0x8, 0xffffffffffffffff) fcntl$getownex(r7, 0x10, &(0x7f0000000140)) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380), 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0x18, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000001fcffff000000ea090000004570200001000000186000000d00000000000000030000008500000057000000b7080000000000007b8af8ff00000000b7080000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffff", @ANYBLOB="0000000000000000b70500", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x3c61, 0x62, &(0x7f0000000300)=""/98, 0x41100, 0x60, '\x00', 0x0, 0x25, r8, 0x8, &(0x7f00000003c0)={0x3, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000400)=[r0, 0xffffffffffffffff, r0], &(0x7f0000000440)=[{0x0, 0x5, 0x10, 0xa}, {0x4, 0x4, 0xb, 0x7}, {0x0, 0x5, 0x9, 0xa}, {0x3, 0x1, 0x0, 0x5}, {0x0, 0x1, 0xd, 0x7}], 0x10, 0x6, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000002c00000000", @ANYRES64=r7, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, @void, @value}, 0x90) r9 = fsopen(&(0x7f0000000000)='ceph\x00', 0x0) munlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='auto_da_alloc', 0x0) openat$tcp_congestion(0xffffff9c, &(0x7f00000004c0), 0x1, 0x0) 2m12.375773949s ago: executing program 3 (id=1150): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$kcm(0x2, 0x200000000000004, 0x106) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x6395459081ea675d, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x39, 0x0, "b0fd7b07ff8a216915a8d3215a3225178096acf74c85ad01ba95fd9d0543750fb5a62a045888e8febca073f1f821abb8083f4d192383c47b3800abd4d841e2d4b56039653b95d0cd0a00a6ea35bdfaf6"}, 0xd8) r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0) ioctl$TCSETAF(r3, 0x5408, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "f6a6756c9832488c"}) writev(r3, &(0x7f0000000040)=[{&(0x7f0000000400)="1876d433b8c266f9be2253e7c12fc9ea10343a19c358547a9357a174911e926c57b51eab3d0a4a2297653ac0c62201010000881a8789adddd1ca89ebd8632972a4f65ad1505ed06b6785508eb1dee994d18b084ef189ce72b079ed03ef849c46e3dedf604c01fae7c32f782dd9a45993a0798444d6ba181f2546b88893bf12575b27c1af55a55c55ca8855d5dc89db3e110430d10f429cc423ff64acc9fdb59a76caf809ce3c954f8a9618ebe5c3253e888feae6cc381ecb4a64085e24c48cf5ae9c5125d58d78ab2b70ec9216b42cf69b0cd34aa9a9b8e32e1841f19a7d38ce8de4d6d24b1a239ccfbb0935e4db5f50c9b8ebdf158eb582b914857522de035110521a268d3fa0888ebd65ab9b382f0d66bd42713338b2fa1029851d62af03f2bcf6034cf0287f10c84c967bae32a79fbf90122d41a622c0fa8a0fae4ffa55df5ec7ebb0708dbb6148f2cde6d128018a0efa8598fa29ac80c6642d52c6f6b979e8fe5e1fbe7615ca1bc31f2bc541b3f67f129a490900000004ab65b661139a2d66fbe14888b28fb681b11cd33e07a04cee7fa461932185531acd971e41d0eaed454f6b4520963c5d21b889764986530174051ddeca7547b3aeb0ed720e20099fbeec90859a9f22b9229f72fb45e62fb2c7048099eb484eda", 0x1d8}], 0x1) sendto$inet6(0xffffffffffffffff, &(0x7f00000008c0)="44f9b108b1cdc885c9c533ca1f474bec8bfef1df1e2da71e000000000000000015378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a54049f0c85d92d7083fd38844cbb0c6c5eb508dd50bf3074fb0d775da4df5a3fda0800002eeb6b923da9d0e25b80f76a8736dab5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57b926ac959a5628c45088fbe0c87fbe6cbcda4662d2a16e1ae119edeedfaf44ea22ab6be3ef6a88d7e1e05898257b8c0edffe0f555bd7a0926f53da790f3bc8f428803ef4fb5ef4278af8c797d33f48a7d7f4331e96d899a03c24bebf28d41ca4615a415cc99d8c01a84e36c13917fdebe2f8c19793ea7920e3957abe652803aaafd0b6930857682048822aa6f1b11da93db97a1e6d5b96bf2a4037e4d49e655c91d365a5bdce83ac017963ab754d9a7837eca49312beaaabea4cc63c57b26c073030eda7", 0x15c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000001900)={0x0, 0x0, 0x0}, 0x0) syz_open_procfs$namespace(0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='inet_sock_set_state\x00', r4}, 0x10) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0xc) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x4, 0x4) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000000)=0x8, 0x4) r6 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r6, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) 2m4.518710012s ago: executing program 3 (id=1155): socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) dup(r0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r1, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000540)=""/32, 0x20, 0x0, 0x0, 0x2, 0x0, 0x1}}, 0x120) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xffffffffffffff16) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$can_raw(0x1d, 0x3, 0x1) socket$unix(0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r3, 0x0, 0x0, 0x0, 0x400) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r4, 0x0, 0x0) bind$can_raw(r3, &(0x7f0000000200)={0x1d, r6}, 0x10) socket$inet6(0xa, 0x806, 0x0) r7 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00') r8 = syz_open_dev$vim2m(&(0x7f0000000040), 0x40005, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000000000)={0xf0f045}) r9 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000000080)={0x2011}) read$msr(r7, &(0x7f0000000040)=""/59, 0xffb5) read$msr(r7, 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000240), 0x402800, 0x0) socket$igmp(0x2, 0x3, 0x2) 9.992120034s ago: executing program 0 (id=1282): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder0\x00', 0x2, 0x0) ioctl$BINDER_FREEZE(r0, 0x400c620e, &(0x7f0000000040)={0x0, 0x0, 0x2}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0xc, 0x0, &(0x7f0000000080)=[@dead_binder_done], 0x72, 0x0, &(0x7f00000000c0)="f335d807c299890f9dc8312fb93fa694f69d88f9386ce18d71b3a41561b5516033b525dd0f1ce0201b9ac2ee93c61f1a3a12bfa835a58916d4b124af1bae598bdabc3c460724ee5ac7df27a5f43b5c4ef6760bcdc87787df1077073fa85031a5a81570e4234fd13882cc0cb73d4a47d1aced"}) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_SET_XCRS(r1, 0x4188aea7, &(0x7f0000000180)={0x6, 0x101, [{0x1}, {0xa445, 0x0, 0x3}, {0x10, 0x0, 0x6}, {0xe, 0x0, 0xb7a4}, {0x400, 0x0, 0x7}, {0x6, 0x0, 0x6}]}) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000200), &(0x7f0000000240)=0x4) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000280), 0x4) r3 = openat2$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x101000, 0x2, 0x10}, 0x18) execveat(r3, &(0x7f0000000340)='./file0\x00', &(0x7f0000000400)={[&(0x7f0000000380)='./binderfs2/binder0\x00', 0x0]}, &(0x7f0000000580)={[&(0x7f0000000440)='./binderfs2/binder0\x00', &(0x7f0000000480)='.$\x00', &(0x7f00000004c0)=']-\x00', &(0x7f0000000500)='./binderfs2/binder0\x00', &(0x7f0000000540)='-\x00']}, 0x1000) r4 = userfaultfd(0x80000) ioctl$UFFDIO_CONTINUE(r4, 0xc020aa07, &(0x7f00000005c0)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}}) r5 = accept4$bt_l2cap(0xffffffffffffffff, 0x0, &(0x7f0000000600), 0x80000) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000640)={0x0, 0x2, 0x7, 0x4}) r6 = socket$tipc(0x1e, 0x5, 0x0) accept4$tipc(r6, 0x0, &(0x7f0000000680), 0x80800) getresuid(&(0x7f00000006c0)=0x0, &(0x7f0000000700), &(0x7f0000000740)) quotactl_fd$Q_QUOTAOFF(0xffffffffffffffff, 0xffffffff80000301, r7, 0x0) r8 = syz_init_net_socket$ax25(0x3, 0x3, 0xca) r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r9, 0x4068aea3, &(0x7f0000000780)={0xcc, 0x0, 0x1}) r10 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000800), 0x100, 0x0) ioctl$SNDCTL_TMR_TEMPO(r10, 0xc0045405, &(0x7f0000000840)=0xce) r11 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r11, 0x84, 0x4, &(0x7f0000000880), &(0x7f00000008c0)=0x4) socket$nl_route(0x10, 0x3, 0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r8, 0x40309410, &(0x7f0000000900)={0x9, 0x7, 0x3, 0x2, 0x3, [0x7, 0x0, 0x0, 0x7]}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000a40)={&(0x7f0000000940)=[0x0, 0x0, 0x0], &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000a00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x3, 0x7, 0x4, 0xa}) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) gettid() 9.48903244s ago: executing program 0 (id=1283): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) setsockopt$inet_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0x1, 0x4) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) r4 = getuid() setresuid(0xffffffffffffffff, r4, 0x0) getresgid(&(0x7f0000000280), &(0x7f0000000880), &(0x7f00000008c0)) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) accept4$ax25(0xffffffffffffffff, &(0x7f0000000900)={{0x3, @rose}, [@null, @rose, @remote, @default, @null, @remote, @bcast, @rose]}, &(0x7f0000000180)=0x48, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmmsg$unix(r3, &(0x7f0000000a80), 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000c00)={0x1, 0x1, 0x1, 0x0, 0x18}) ioctl$vim2m_VIDIOC_QBUF(r6, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "66864e02"}, 0x0, 0x1, {0x0}, 0x9}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00'}, 0x10) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 8.796512086s ago: executing program 2 (id=1286): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeef, 0x10, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='rpm_return_int\x00', r6}, 0x10) mmap(&(0x7f000038a000/0x3000)=nil, 0x3000, 0xfffffffffefffff0, 0x10, r4, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_ALLOW_SUSPEND(r5, 0x5522) close(r5) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x121041) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x0, 0x0, 0x0, {0x0, 0x100000000000001}, {0x74, 0x2}}) ioctl$EVIOCGKEY(r7, 0x80404518, &(0x7f0000000200)=""/36) syz_init_net_socket$x25(0x9, 0x5, 0x0) 8.206148093s ago: executing program 0 (id=1289): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, &(0x7f0000000040)=""/249, 0x0, 0xf9, 0x6, 0x0, 0x0, @void, @value}, 0x20) sched_setscheduler(0x0, 0x1, &(0x7f00000004c0)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) ioctl$sock_bt_hci(r1, 0x800448d5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000002a00000084000000000000009500000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$binfmt_misc(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="3a00030007"], 0xd) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000400)={&(0x7f0000000200), 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, 0x0, 0x10, 0x70bd25, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}]}, 0x30}}, 0x8000) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)={0x40, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x4}, @NL80211_TXRATE_HE={0x14}]}]}]}, 0x40}}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f00000007c0)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b704000003000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7000000}, 0x50) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000007, 0x2010, 0xffffffffffffffff, 0xe373f000) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x9, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x2000, 0x4}, [@ldst={0x3, 0x2, 0x3, 0x1, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 6.844920943s ago: executing program 2 (id=1290): syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f00000012c0)={0x2}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311c", 0x8) 5.811945237s ago: executing program 0 (id=1292): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000380), 0x7f, 0x2) syz_io_uring_setup(0x20e3, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000040)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000080), 0x3, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000280)={'\x00', 0x11, 0x8, 0x401}) r4 = syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x0) socket(0x1, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r5 = syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f00000002c0)={'wpan0\x00'}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[], 0x40}}, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r5, 0xc0205647, &(0x7f0000000080)={0x0, 0x500, 0x0, '\x00', 0x0}) shmat(0x0, &(0x7f0000fee000/0x4000)=nil, 0x6000) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffff}, 0x6) ioctl$BLKTRACETEARDOWN(r4, 0x1276, 0x0) 5.81113119s ago: executing program 1 (id=1293): bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_procfs(r0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000008000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r5, 0x0, 0x0) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f0000000240)=0x60, 0x2) unshare(0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, 0x3}, 0x6) r6 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r7 = fcntl$dupfd(r6, 0x0, r6) write$binfmt_script(r7, &(0x7f0000000100), 0xfffffd9d) write$sequencer(r7, &(0x7f0000000000), 0xca80) r8 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) r10 = dup(r9) mount$9p_fd(0x20100000, &(0x7f0000000380)='.\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r8}}) 5.215342013s ago: executing program 3 (id=1167): syz_emit_ethernet(0x32, &(0x7f0000001480)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3, 0x24, 0x67, 0x0, 0x5, 0x11, 0x0, @private=0xa010101, @local}, {0x4e23, 0x4e22, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x6, 0x0, @val=0x80}}}}}}}, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000c40), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000c80)={0x7, 0x8, 0x401, {0xffffff01, 0x4}, 0x0, 0x4}) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x5000000) syz_usb_connect(0x2, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') r2 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000300)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r2, 0x7a98, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000002200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f00000001c0)='devpts\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0/../file0/../file0\x00', 0x0, 0x820, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x7, 0x4) r6 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'erspan0\x00', 0x0}) sendto$packet(r5, &(0x7f00000002c0)="05030500d3fc020000004788031c09101128", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @multicast}, 0x51) syz_emit_ethernet(0x569, &(0x7f00000006c0)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x21}, @remote, @void, {@ipv6={0x86dd, @generic={0xe, 0x6, "5651e9", 0x533, 0x54, 0xff, @dev={0xfe, 0x80, '\x00', 0xc}, @mcast2, {[@hopopts={0x62, 0x25, '\x00', [@jumbo={0xc2, 0x4, 0x931}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @calipso={0x7, 0x38, {0x1, 0xc, 0xa4, 0x80, [0xb9, 0x4, 0x3, 0x6, 0x7f, 0x1]}}, @pad1, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @jumbo={0xc2, 0x4, 0x3}, @generic={0x3, 0xb9, "d7fdc0ca243e061d49cfd0e3e30b155ab4cd35c82567ce079975a4a68adc99ab6a3cc16cff71a662861d9bb89e2fd4babb50e138af66e920f2bc6bc9ae2daf30cab4ad16bc618ec52c0617a81ab55d83514a6eac46a8a99a671347354a391a9017165b79b3e44da584160789246e5cf3f2d798852bf3f9839d3a87dd5740c87e7cfe9355c5a086df2865293001793b596ebc3eb74ad89a2483e3a7f159e97ad4d87db5b335b549e0298f0b77ac6228eb8da2a878f2337bbf3d"}, @ra={0x5, 0x2, 0x2}]}, @hopopts={0xc, 0x18, '\x00', [@generic={0x6, 0x91, "55a9b900d585f28ad6c3758c04002db725698fabb5e8746650afa193718893d600c6beed43d811add4e08aadd59bdbe9c722da98642dbe3dd49af01ffd951ccb7df07954cf47cd0e4bf28ed3a340de81e6c327fb04e8dc3a499b8142c266614b93a1d34e6c9d67b31721513262ff8e269aa2afb0562a368c5e01aa2642893e99f73d9fbafe2ac75c71cb2ff53ca97c7fe2"}, @calipso={0x7, 0x20, {0x2, 0x6, 0xfe, 0x8, [0x6c55, 0x2, 0x2]}}, @pad1, @ra, @ra={0x5, 0x2, 0x8}, @pad1]}, @hopopts={0x3c, 0x25, '\x00', [@generic={0xfd, 0xd2, "24c8a0e03a27c2bb9553dd3878af8d7c73e797ea39fdd62ff5f85004fcbf1b004d89b3a9ae678e29b24dca8e1e6ca6b0923e0c234c52d70e0c430ae4f2ab3d42a5bc4b5887d069e5af221ef52219c6751627155fbd9677068abb40a9df207adea04d411b0c8344c7f988ba90dea9770269232e65854e8810617d9cfc04888dc6bc0955d83fe0bbbf37684c88aa62b848c7387ca61948b9eeff389d3069f57e2a68e3be4a8a5a72c7dba28ea73d327014cda678e2061ab1d835e1dba02fabe51f36b04950a5f677b8bef5ec9a77e878c40d8d"}, @generic={0x6, 0x53, "1bdb5b84bf573c70fc2e237ce438849443b218bc160752a21f079cd615ccfb450a864e8dfdcba7aa1bcf80311cff0ede87b11049d54910e9cce2553dbd790d2a429985e21316a0c4a831d004c914ec8b6eab35"}]}, @srh={0x0, 0x6, 0x4, 0x3, 0x3, 0x10, 0xfff, [@rand_addr=' \x01\x00', @private0={0xfc, 0x0, '\x00', 0x1}, @empty]}, @fragment={0x58, 0x0, 0x6, 0x1, 0x0, 0xb, 0x66}, @dstopts={0x3b, 0xa, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @calipso={0x7, 0x18, {0x2, 0x4, 0x2, 0xfff9, [0x84, 0x8]}}, @calipso={0x7, 0x28, {0x0, 0x8, 0x0, 0x1, [0x10e, 0x0, 0x3, 0x2e]}}, @pad1, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0xff, 0x0, '\x00', [@ra={0x5, 0x2, 0x7fff}, @padn={0x1, 0x1, [0x0]}]}, @hopopts={0x2, 0x9, '\x00', [@hao={0xc9, 0x10, @mcast1}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}, @enc_lim={0x4, 0x1, 0x9}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x1}, @padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x8e}, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}], "1a2ad63af87d403f11f38d69af3f7810dbccc31df75044a8df6c440a8b6a9e4c9ceba0328460b686a9aa9b74d90933b1062c3caada559672df5b028af2818246fc3fcc511c19c875a4f76b0cb5f8ec569cd47801a0e5a61dc21191b4f1bafcafc164ec0d41eeb50ec097949dc1a80bd121c2333a00995ab24d7902358671ffed07947e45545481cb07c710d0a5e6cffb256563d0b76029c4ad7de08cde1b7cadcb885da30e686d4ddb0753fe59f1084d4096d493185518aaee71301e1cf3e946afe05d336fbafd1e15648590da6d1985b9fc27d255eb41e29453f21f358c6b6ce2bbf81abece6c5bf0e9a1"}}}}}, &(0x7f0000000000)={0x1, 0x3, [0xaff, 0x3c2, 0x858, 0xfbc]}) 4.325473661s ago: executing program 1 (id=1294): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000000c0)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='rxrpc_local\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={0x0, r1}, 0x18) r2 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r2, &(0x7f0000000400)=@in6={0x21, 0x0, 0x2, 0x1c, {0x2, 0x0, 0x0, @private1}}, 0x24) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x301540, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a0001000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000400"/28], 0x50) 3.826673969s ago: executing program 1 (id=1295): mknod(0x0, 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='f\a!', @ANYRESHEX=r4, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) r5 = add_key$keyring(&(0x7f0000001240), &(0x7f0000001280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000000)={r5}, &(0x7f0000000100)={'enc=', 'oaep', ' hash=', {'michael_mic\x00'}}, &(0x7f0000000340), 0x0) socket(0xa, 0x2, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0/../file0'}, 0x14) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f00000000c0)={0x0, 0x2, {0x2, 0x2, 0x4}}) mount$9p_fd(0x20100000, 0x0, &(0x7f00000001c0), 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="800000002a00090000000000000000000440002c0800170002"], 0x80}}, 0x0) (fail_nth: 4) 3.705153802s ago: executing program 2 (id=1296): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8}, @NFTA_IMMEDIATE_DATA={0x8, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xbc}}, 0x0) 2.588993292s ago: executing program 1 (id=1297): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xf, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000380)={{}, 'syz0\x00'}) close(r0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'gre0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x20, 0x8000, 0x0, 0xfffffc01, {{0x6, 0x4, 0x1, 0x7, 0x18, 0x66, 0x0, 0x17, 0x29, 0x0, @loopback, @dev={0xac, 0x14, 0x14, 0xf}, {[@generic={0x88, 0x2}]}}}}}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@const]}, {0x0, [0x2e, 0x0]}}, &(0x7f0000000200)=""/50, 0x28, 0x32, 0x1, 0x6, 0x0, @void, @value}, 0x20) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001700)={0x1b, 0x0, 0x0, 0x3ff, 0x0, r1, 0x8368, '\x00', r2, 0xffffffffffffffff, 0x2, 0x0, 0x4, 0x0, @void, @value, @void, @value}, 0x48) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x3, 0x3800, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000500)={{r3}, &(0x7f0000000480)=0x1f6, &(0x7f00000004c0)='%+9llu \x00'}, 0x20) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000080)={0x5, 0x8, 0xff, 0x0, 0x3, "56f6014f3dfc29e9"}) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0x114, 0x16, 0x0, 0x0, 0x0, {{{@in, @in6=@rand_addr=' \x01\x00', 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@multicast1}, @in=@broadcast, {}, {}, {0x0, 0x4}, 0x70bd26, 0x0, 0xa}, 0x0, 0x5}, [@replay_esn_val={0x1c}]}, 0x114}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0x114, 0x16, 0x1, 0x0, 0x0, {{{@in, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@broadcast, {}, {}, {}, 0x70bd26, 0x0, 0xa}, 0x5, 0x5}, [@replay_esn_val={0x1c}]}, 0x114}}, 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0x114, 0x16, 0x1, 0x0, 0x0, {{{@in, @in6=@mcast1, 0x4e22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@broadcast, {0x0, 0x6}, {0x0, 0x0, 0x0, 0x400000000000000}, {0x0, 0xfee}, 0x70bd26, 0x0, 0xa}, 0x45, 0x5}, [@replay_esn_val={0x1c, 0x17, {0x0, 0x20000, 0x0, 0x0, 0x0, 0xfffffff7}}]}, 0x114}}, 0x0) 2.358203129s ago: executing program 2 (id=1298): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeef, 0x10, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='rpm_return_int\x00', r6}, 0x10) mmap(&(0x7f000038a000/0x3000)=nil, 0x3000, 0xfffffffffefffff0, 0x10, r4, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_ALLOW_SUSPEND(r5, 0x5522) close(r5) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x121041) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x0, 0x0, 0x0, {0x0, 0x100000000000001}, {0x74, 0x2}}) ioctl$EVIOCGKEY(r7, 0x80404518, &(0x7f0000000200)=""/36) syz_init_net_socket$x25(0x9, 0x5, 0x0) 2.094662329s ago: executing program 1 (id=1299): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0) move_pages(0x0, 0x10, &(0x7f0000000140)=[&(0x7f0000000000/0x1000)=nil], &(0x7f0000000040)=[0x1], 0x0, 0x0) 1.223796468s ago: executing program 2 (id=1300): mknod(0x0, 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x10, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000000)={@broadcast, @dev, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @local, @empty, @empty, @local}}}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='f\a!', @ANYRESHEX=r4, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) r5 = add_key$keyring(&(0x7f0000001240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0x0) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000000)={r5}, &(0x7f0000000100)=ANY=[@ANYBLOB="656ea5b878584a6173ef6173683d6d69636861656c5f6d696300"/78], &(0x7f0000000340), 0x0) socket(0xa, 0x2, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0/../file0'}, 0x14) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f00000000c0)={0x80, 0x2, {0x1, 0x2, 0xfffffffd, 0x2}, 0xffffffff}) mount$9p_fd(0x20100000, 0x0, &(0x7f00000001c0), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder0\x00', 0x800, 0x0) 1.137453848s ago: executing program 0 (id=1301): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder0\x00', 0x2, 0x0) ioctl$BINDER_FREEZE(r0, 0x400c620e, &(0x7f0000000040)={0x0, 0x0, 0x2}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0xc, 0x0, &(0x7f0000000080)=[@dead_binder_done], 0x72, 0x0, &(0x7f00000000c0)="f335d807c299890f9dc8312fb93fa694f69d88f9386ce18d71b3a41561b5516033b525dd0f1ce0201b9ac2ee93c61f1a3a12bfa835a58916d4b124af1bae598bdabc3c460724ee5ac7df27a5f43b5c4ef6760bcdc87787df1077073fa85031a5a81570e4234fd13882cc0cb73d4a47d1aced"}) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_SET_XCRS(r1, 0x4188aea7, &(0x7f0000000180)={0x6, 0x101, [{0x1}, {0xa445, 0x0, 0x3}, {0x10, 0x0, 0x6}, {0xe, 0x0, 0xb7a4}, {0x400, 0x0, 0x7}, {0x6, 0x0, 0x6}]}) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000200), &(0x7f0000000240)=0x4) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000280), 0x4) r3 = openat2$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x101000, 0x2, 0x10}, 0x18) execveat(r3, &(0x7f0000000340)='./file0\x00', &(0x7f0000000400)={[&(0x7f00000003c0)='./binderfs2/binder0\x00']}, &(0x7f0000000580)={[&(0x7f0000000440)='./binderfs2/binder0\x00', &(0x7f0000000480)='.$\x00', &(0x7f00000004c0)=']-\x00', &(0x7f0000000500)='./binderfs2/binder0\x00', &(0x7f0000000540)='-\x00']}, 0x1000) r4 = userfaultfd(0x80000) ioctl$UFFDIO_CONTINUE(r4, 0xc020aa07, &(0x7f00000005c0)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}}) r5 = accept4$bt_l2cap(0xffffffffffffffff, 0x0, &(0x7f0000000600), 0x80000) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000640)={0x0, 0x2, 0x7, 0x4}) r6 = socket$tipc(0x1e, 0x5, 0x0) accept4$tipc(r6, 0x0, &(0x7f0000000680), 0x80800) getresuid(&(0x7f00000006c0)=0x0, &(0x7f0000000700), &(0x7f0000000740)) quotactl_fd$Q_QUOTAOFF(0xffffffffffffffff, 0xffffffff80000301, r7, 0x0) r8 = syz_init_net_socket$ax25(0x3, 0x3, 0xca) r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r9, 0x4068aea3, &(0x7f0000000780)={0xcc, 0x0, 0x1}) r10 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000800), 0x100, 0x0) ioctl$SNDCTL_TMR_TEMPO(r10, 0xc0045405, &(0x7f0000000840)=0xce) r11 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r11, 0x84, 0x4, &(0x7f0000000880), &(0x7f00000008c0)=0x4) socket$nl_route(0x10, 0x3, 0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r8, 0x40309410, &(0x7f0000000900)={0x9, 0x7, 0x3, 0x2, 0x3, [0x7, 0x0, 0x0, 0x7]}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000a40)={&(0x7f0000000940)=[0x0, 0x0, 0x0], &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000a00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x3, 0x7, 0x4, 0xa}) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) gettid() 836.597913ms ago: executing program 0 (id=1302): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r1, 0x6, 0x19, 0x0, &(0x7f0000000040)) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) rt_sigaction(0xfffffffe, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0xa00, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r4 = getpid() sched_setscheduler(r4, 0x1, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$FUSE_POLL(r5, &(0x7f0000000280)={0x18}, 0x18) r6 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r6, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @local}, 0xc) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) setreuid(0x0, 0x0) ioctl$VT_OPENQRY(r8, 0x4b4c, &(0x7f0000000140)) ptrace(0x10, r7) ptrace$pokeuser(0x6, r7, 0x358, 0xffff88806b13da00) 758.802084ms ago: executing program 1 (id=1303): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x103982, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x3, @local, 'geneve0\x00'}}, 0x1e) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000100)=0x1) ioctl$PPPIOCCONNECT(r2, 0x4004743a, &(0x7f0000000280)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000f80)=ANY=[@ANYBLOB="480000001400010000000000000000002c"], 0x48}}, 0x0) syz_usb_connect(0x6, 0x24, &(0x7f0000000040)=ANY=[@ANYRESHEX=r4], 0x0) syz_open_dev$radio(&(0x7f00000000c0), 0x2, 0x2) syz_init_net_socket$netrom(0x6, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x4]}, 0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f0000941000/0x4000)=nil, 0x4000, 0x0, 0x810, 0xffffffffffffffff, 0x0) close(r5) syz_io_uring_submit(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r6}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) getpid() socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)) 695.982882ms ago: executing program 3 (id=1304): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000000c0)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='rxrpc_local\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={0x0, r1}, 0x18) r2 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r2, &(0x7f0000000400)=@in6={0x21, 0x0, 0x2, 0x1c, {0x2, 0x0, 0x0, @private1}}, 0x24) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x301540, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a0001000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000400"/28], 0x50) 0s ago: executing program 2 (id=1305): syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f00000012c0)={0x2}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311c", 0x8) kernel console output (not intermixed with test programs): ] Bluetooth: hci2: command tx timeout [ 1248.702072][T10953] team0: Port device team_slave_0 added [ 1248.719203][T10953] team0: Port device team_slave_1 added [ 1248.781349][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 1248.794158][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 1249.036603][ T7757] Bluetooth: hci2: command tx timeout [ 1250.883837][T11040] chnl_net:caif_netlink_parms(): no params data found [ 1252.750605][T10953] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1252.757821][T10953] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1252.785128][T10953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1252.829448][T10953] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1252.836466][T10953] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1252.869703][T10953] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1255.260414][T10953] hsr_slave_0: entered promiscuous mode [ 1255.323591][T10953] hsr_slave_1: entered promiscuous mode [ 1255.345983][T10953] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1255.417856][T10953] Cannot create hsr debugfs directory [ 1255.447010][T11040] bridge0: port 1(bridge_slave_0) entered blocking state [ 1255.459949][T11040] bridge0: port 1(bridge_slave_0) entered disabled state [ 1255.480893][T11040] bridge_slave_0: entered allmulticast mode [ 1255.508802][T11040] bridge_slave_0: entered promiscuous mode [ 1255.533290][T11040] bridge0: port 2(bridge_slave_1) entered blocking state [ 1255.548287][T11040] bridge0: port 2(bridge_slave_1) entered disabled state [ 1255.556045][T11040] bridge_slave_1: entered allmulticast mode [ 1255.575656][T11040] bridge_slave_1: entered promiscuous mode [ 1256.025031][ T7755] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 1256.442103][ T7755] usb 5-1: config 1 has an invalid descriptor of length 95, skipping remainder of the config [ 1256.561310][ T7755] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1256.663618][ T7755] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1256.680362][ T7755] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1256.757120][ T7755] usb 5-1: SerialNumber: syz [ 1256.898280][ T941] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1257.921650][ T941] usb 4-1: Using ep0 maxpacket: 16 [ 1258.491121][ T941] usb 4-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=6c.de [ 1258.849668][ T7755] usb 5-1: 0:2 : does not exist [ 1258.864877][ T7755] usb 5-1: unit 5: unexpected type 0x0c [ 1258.890028][ T941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1258.940009][ T941] usb 4-1: Product: syz [ 1258.944320][ T941] usb 4-1: Manufacturer: syz [ 1258.960719][ T941] usb 4-1: SerialNumber: syz [ 1258.974733][ T941] usb 4-1: config 0 descriptor?? [ 1258.993926][ T7755] usb 5-1: USB disconnect, device number 22 [ 1259.309494][T11163] udevd[11163]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1259.329519][T11040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1259.381581][ T941] usb 4-1: can't set config #0, error -71 [ 1259.439145][ T941] usb 4-1: USB disconnect, device number 22 [ 1260.601432][T11040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1260.733237][ T29] audit: type=1400 audit(1727178617.549:427): avc: denied { ioctl } for pid=11168 comm="syz.3.993" path="socket:[54120]" dev="sockfs" ino=54120 ioctlcmd=0x89e4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1260.899586][T11176] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11176 comm=syz.4.995 [ 1263.894908][T11040] team0: Port device team_slave_0 added [ 1264.347603][T11040] team0: Port device team_slave_1 added [ 1264.635583][T11040] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1264.650635][T11040] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1264.689646][T11040] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1264.705434][T11040] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1264.712861][T11040] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1264.751160][T11040] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1265.195277][T11040] hsr_slave_0: entered promiscuous mode [ 1265.221071][T11040] hsr_slave_1: entered promiscuous mode [ 1265.240774][T11040] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1265.255500][T11040] Cannot create hsr debugfs directory [ 1267.155184][T10929] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1269.017759][ T5319] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1269.568278][ T5319] usb 4-1: Using ep0 maxpacket: 16 [ 1269.613818][ T11] bridge_slave_1: left allmulticast mode [ 1269.619969][ T11] bridge_slave_1: left promiscuous mode [ 1269.635205][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1269.745919][ T11] bridge_slave_0: left allmulticast mode [ 1269.806166][ T11] bridge_slave_0: left promiscuous mode [ 1269.812089][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1269.832914][ T5319] usb 4-1: device descriptor read/all, error -71 [ 1269.936295][ T11] bridge_slave_1: left allmulticast mode [ 1269.943355][ T11] bridge_slave_1: left promiscuous mode [ 1270.001002][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1270.049938][ T11] bridge_slave_0: left allmulticast mode [ 1270.075325][ T11] bridge_slave_0: left promiscuous mode [ 1270.275105][T11216] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1001'. [ 1270.282785][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1271.323756][T11215] xt_SECMARK: invalid mode: 0 [ 1271.654660][T11222] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 1271.660655][T11222] [U] J"—e:ÀÆ" [ 1271.959952][T11217] [U] f½Bq38²ú)…b¯ò¼öLð(ÈL–{®2§Ÿ¿-A¦"ÀúŠ®OúUß^Çë°p»aHòÍæÑ(Šú…˜ú)¬€Æd-RÆö¹yèþ^¾vÊÃ+ÅA³öšI [ 1276.216013][T11234] FAULT_INJECTION: forcing a failure. [ 1276.216013][T11234] name failslab, interval 1, probability 0, space 0, times 0 [ 1276.241101][T11234] CPU: 1 UID: 0 PID: 11234 Comm: syz.3.1005 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1276.251615][T11234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1276.261692][T11234] Call Trace: [ 1276.264985][T11234] [ 1276.267950][T11234] dump_stack_lvl+0x16c/0x1f0 [ 1276.272669][T11234] should_fail_ex+0x497/0x5b0 [ 1276.277371][T11234] ? fs_reclaim_acquire+0xae/0x160 [ 1276.282508][T11234] should_failslab+0xc2/0x120 [ 1276.287217][T11234] __kmalloc_cache_noprof+0x6b/0x300 [ 1276.292574][T11234] ? snd_pcm_oss_change_params_locked+0x242/0x3a60 [ 1276.299142][T11234] ? kasan_save_track+0x14/0x30 [ 1276.304078][T11234] snd_pcm_oss_change_params_locked+0x242/0x3a60 [ 1276.310520][T11234] ? __mutex_trylock_common+0x65/0x250 [ 1276.316098][T11234] ? __pfx___lock_acquire+0x10/0x10 [ 1276.321329][T11234] ? rcu_is_watching+0x12/0xc0 [ 1276.326129][T11234] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1276.332939][T11234] ? __mutex_lock+0x1a6/0x9c0 [ 1276.337682][T11234] ? __pfx___mutex_lock+0x10/0x10 [ 1276.342742][T11234] ? find_held_lock+0x2d/0x110 [ 1276.347555][T11234] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1276.353533][T11234] snd_pcm_oss_write+0x4a3/0xa00 [ 1276.358550][T11234] ? security_file_permission+0x71/0x210 [ 1276.364348][T11234] ? rw_verify_area+0xd0/0x700 [ 1276.369170][T11234] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1276.374656][T11234] vfs_write+0x28e/0x1140 [ 1276.379015][T11234] ? __pfx_vfs_write+0x10/0x10 [ 1276.383799][T11234] ? __fget_files+0x244/0x3f0 [ 1276.388493][T11234] ? __fget_light+0x173/0x210 [ 1276.393188][T11234] ksys_write+0x12f/0x260 [ 1276.397540][T11234] ? __pfx_ksys_write+0x10/0x10 [ 1276.402421][T11234] do_syscall_64+0xcd/0x250 [ 1276.406970][T11234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1276.412895][T11234] RIP: 0033:0x7f288fd7def9 [ 1276.417325][T11234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1276.436982][T11234] RSP: 002b:00007f2890bb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1276.445428][T11234] RAX: ffffffffffffffda RBX: 00007f288ff35f80 RCX: 00007f288fd7def9 [ 1276.453431][T11234] RDX: 000000000000fdbc RSI: 0000000020000500 RDI: 0000000000000003 [ 1276.461418][T11234] RBP: 00007f2890bb8090 R08: 0000000000000000 R09: 0000000000000000 [ 1276.469517][T11234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1276.477518][T11234] R13: 0000000000000000 R14: 00007f288ff35f80 R15: 00007ffef8722b08 [ 1276.485524][T11234] [ 1277.163539][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1277.212292][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1277.242309][ T11] bond0 (unregistering): Released all slaves [ 1277.274911][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1277.310721][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1277.332873][ T11] bond0 (unregistering): Released all slaves [ 1277.349827][T10929] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1277.377109][T10929] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1277.541925][T10929] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1277.777317][ T11] hsr_slave_0: left promiscuous mode [ 1277.804896][ T11] hsr_slave_1: left promiscuous mode [ 1277.818786][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1277.860468][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1277.937408][ T11] hsr_slave_0: left promiscuous mode [ 1277.958884][ T11] hsr_slave_1: left promiscuous mode [ 1277.965830][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1277.973830][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1281.333522][ T5285] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1281.792944][T11257] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 1281.798931][T11257] [U] J"—e:ÀÆ" [ 1282.186003][T11265] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 1282.372292][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1282.388687][T11256] [U] f½Bq38²ú)…b¯ò¼öLð(ÈL–{®2§Ÿ¿-A¦"ÀúŠ®OúUß^Çë°p»aHòÍæÑ(Šú…˜ú)¬€Æd-RÆö¹yèþ^¾vÊÃ+ÅA³öšI [ 1282.594939][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1284.620553][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1284.667340][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1287.038821][T10929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1287.148538][T10929] 8021q: adding VLAN 0 to HW filter on device team0 [ 1287.252733][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 1287.260205][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1287.320910][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 1287.328309][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1288.461376][T11040] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1288.596450][T11040] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1288.684341][T11040] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1288.732596][T11040] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1290.092665][T10953] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1290.107094][T10953] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1290.127292][T10953] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1290.183397][T10929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1290.191132][T10953] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1290.632606][T10929] veth0_vlan: entered promiscuous mode [ 1290.766343][T10929] veth1_vlan: entered promiscuous mode [ 1290.803000][ T7755] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1290.881779][T11040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1291.032276][ T7755] usb 5-1: Using ep0 maxpacket: 16 [ 1291.072986][ T7755] usb 5-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=6c.de [ 1291.148410][ T7755] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1291.188039][ T7755] usb 5-1: Product: syz [ 1291.197170][ T7755] usb 5-1: Manufacturer: syz [ 1291.216415][ T7755] usb 5-1: SerialNumber: syz [ 1291.232772][T10929] veth0_macvtap: entered promiscuous mode [ 1291.276855][T11040] 8021q: adding VLAN 0 to HW filter on device team0 [ 1291.280689][ T7755] usb 5-1: config 0 descriptor?? [ 1291.354779][ T7755] ems_usb 5-1:0.0 (unnamed net_device) (uninitialized): couldn't initialize controller: -22 [ 1291.385168][T10929] veth1_macvtap: entered promiscuous mode [ 1291.432616][ T7755] ems_usb 5-1:0.0: probe with driver ems_usb failed with error -22 [ 1291.463789][ T7126] bridge0: port 1(bridge_slave_0) entered blocking state [ 1291.471014][ T7126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1291.519123][T11316] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1291.556822][T11316] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1291.627570][T10953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1291.696643][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 1291.703284][T11316] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1291.703916][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1291.710154][T11316] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1291.727273][T11316] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1291.930167][T11316] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1292.047067][T10929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1292.072726][T11316] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1292.079964][T10929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1292.089671][T11316] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1292.120968][T10929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1292.167288][T10929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1292.206929][T10929] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1292.328311][T11316] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1292.346203][T10953] 8021q: adding VLAN 0 to HW filter on device team0 [ 1292.378911][T11316] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1292.398194][T11316] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1292.445367][T10929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1292.457486][T11316] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1292.510085][T10929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1292.548525][T10929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1292.591666][T10929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1292.633472][T10929] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1292.744859][ T2524] bridge0: port 1(bridge_slave_0) entered blocking state [ 1292.752100][ T2524] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1292.944374][ T2524] bridge0: port 2(bridge_slave_1) entered blocking state [ 1292.951667][ T2524] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1293.007942][T10929] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1293.021346][T10929] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1293.060674][T10929] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1293.098890][T10929] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1293.155808][ T5238] Bluetooth: hci6: command 0x0406 tx timeout [ 1293.527491][ T9] usb 5-1: USB disconnect, device number 23 [ 1293.821160][T10953] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1293.946812][ T5238] Bluetooth: hci1: command 0x0c1a tx timeout [ 1293.986825][ T5238] Bluetooth: hci3: command 0x0406 tx timeout [ 1294.281970][ T5238] Bluetooth: hci0: command 0x0c1a tx timeout [ 1294.541958][ T5238] Bluetooth: hci2: command 0x0c1a tx timeout [ 1294.740879][T11341] netlink: 'syz.3.1018': attribute type 1 has an invalid length. [ 1294.831431][T11341] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1018'. [ 1295.028472][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1295.036364][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1295.418460][ T5238] Bluetooth: hci6: command 0x0406 tx timeout [ 1295.527573][T11040] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1295.741624][T11040] veth0_vlan: entered promiscuous mode [ 1295.880222][T11040] veth1_vlan: entered promiscuous mode [ 1296.297678][ T5238] Bluetooth: hci1: command 0x0c1a tx timeout [ 1296.609978][ T5238] Bluetooth: hci0: command 0x0c1a tx timeout [ 1296.794433][ T5238] Bluetooth: hci2: command 0x0c1a tx timeout [ 1297.258059][T11040] veth0_macvtap: entered promiscuous mode [ 1297.415133][T11040] veth1_macvtap: entered promiscuous mode [ 1302.455560][ T5238] Bluetooth: hci0: command 0x0c1a tx timeout [ 1302.455581][ T7757] Bluetooth: hci2: command 0x0c1a tx timeout [ 1303.177287][T11375] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11375 comm=syz.3.1022 [ 1304.397349][T11040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1304.518092][T11040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1304.558253][T11040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1304.654879][T11040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1304.727954][T11040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1304.830552][T11040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1305.088365][T11040] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1305.234369][ T5232] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1305.247132][ T5232] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1305.261589][ T5232] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1305.271827][ T5232] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1305.280039][ T5232] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1305.287577][ T5232] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1305.525749][ T7757] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1305.555593][ T7757] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1305.568039][ T7757] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1305.578523][ T7757] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1305.592634][ T7757] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1305.600404][ T7757] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1306.171530][ T7126] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1306.446365][ T7757] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1306.475321][ T7757] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1306.484483][ T7757] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1306.505089][ T7757] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1306.523974][ T7757] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1306.531864][ T7757] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1306.829428][ T7126] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1307.150068][ T7126] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1307.477519][ T7126] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1307.541582][ T7757] Bluetooth: hci0: command tx timeout [ 1307.890863][ T7757] Bluetooth: hci1: command tx timeout [ 1308.659657][ T7126] bridge_slave_1: left allmulticast mode [ 1308.692213][ T7126] bridge_slave_1: left promiscuous mode [ 1308.708793][ T7126] bridge0: port 2(bridge_slave_1) entered disabled state [ 1308.721844][T11417] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1308.732957][ T7126] bridge_slave_0: left allmulticast mode [ 1308.737220][T11417] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1308.738943][ T7126] bridge_slave_0: left promiscuous mode [ 1308.752754][ T7126] bridge0: port 1(bridge_slave_0) entered disabled state [ 1308.752994][T11417] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1308.762748][ T7757] Bluetooth: hci4: command tx timeout [ 1308.776851][T11417] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1308.819654][T11417] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1308.877935][T11417] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1308.890416][T11417] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1309.025134][T11417] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1309.133445][T11417] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1309.162349][T11417] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1309.211670][T11417] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1309.573199][ T9353] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 1309.819880][ T9353] usb 5-1: Using ep0 maxpacket: 16 [ 1309.838269][ T9353] usb 5-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=6c.de [ 1309.847421][ T9353] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1309.860936][ T7126] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1309.866876][ T9353] usb 5-1: Product: syz [ 1309.876034][ T9353] usb 5-1: Manufacturer: syz [ 1309.882281][ T9353] usb 5-1: SerialNumber: syz [ 1309.899634][ T7126] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1309.901081][ T9353] usb 5-1: config 0 descriptor?? [ 1309.931395][ T9353] ems_usb 5-1:0.0 (unnamed net_device) (uninitialized): couldn't initialize controller: -22 [ 1309.945613][ T9353] ems_usb 5-1:0.0: probe with driver ems_usb failed with error -22 [ 1309.969992][ T7126] bond0 (unregistering): Released all slaves [ 1310.118747][T11393] chnl_net:caif_netlink_parms(): no params data found [ 1310.143252][ T7757] Bluetooth: hci6: command 0x0406 tx timeout [ 1310.854631][ T7126] hsr_slave_0: left promiscuous mode [ 1310.869701][ T7126] hsr_slave_1: left promiscuous mode [ 1310.878094][ T7126] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1310.908064][ T7126] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1310.917267][ T7126] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1310.925246][ T7757] Bluetooth: hci3: command 0x0406 tx timeout [ 1310.943771][ T7126] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1311.009005][ T7757] Bluetooth: hci0: command 0x040f tx timeout [ 1311.023932][ T7126] veth1_macvtap: left promiscuous mode [ 1311.045179][ T7126] veth0_macvtap: left promiscuous mode [ 1311.066848][ T7126] veth1_vlan: left promiscuous mode [ 1311.094614][ T7126] veth0_vlan: left promiscuous mode [ 1311.106033][ T7757] Bluetooth: hci1: command 0x040f tx timeout [ 1311.358951][ T7757] Bluetooth: hci4: command 0x040f tx timeout [ 1311.380062][ T29] audit: type=1400 audit(1727178664.290:428): avc: denied { getopt } for pid=11452 comm="syz.3.1028" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 1311.392344][ T5319] hid-generic 007F:0002:0006.0002: unknown main item tag 0x3 [ 1311.430877][ T5319] hid-generic 007F:0002:0006.0002: item fetching failed at offset 30/78 [ 1311.453060][ T5319] hid-generic 007F:0002:0006.0002: probe with driver hid-generic failed with error -22 [ 1311.510698][ T5327] usb 5-1: USB disconnect, device number 24 [ 1312.066338][T11461] EXT4-fs warning (device sda1): ext4_group_extend:1869: need to use ext2online to resize further [ 1313.437812][ T5232] Bluetooth: hci1: command 0x040f tx timeout [ 1313.444187][ T7757] Bluetooth: hci0: command 0x040f tx timeout [ 1313.609016][ T7757] Bluetooth: hci4: command 0x040f tx timeout [ 1314.102058][ T29] audit: type=1400 audit(1727178666.810:429): avc: denied { accept } for pid=11470 comm="syz.4.1032" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 1314.539056][ T7126] team0 (unregistering): Port device team_slave_1 removed [ 1314.620599][ T7126] team0 (unregistering): Port device team_slave_0 removed [ 1315.346707][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 1315.354997][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 1315.691008][ T7757] Bluetooth: hci0: command 0x040f tx timeout [ 1315.697189][ T5232] Bluetooth: hci1: command 0x040f tx timeout [ 1315.867040][ T7757] Bluetooth: hci4: command 0x040f tx timeout [ 1316.328514][T11393] bridge0: port 1(bridge_slave_0) entered blocking state [ 1316.335786][T11393] bridge0: port 1(bridge_slave_0) entered disabled state [ 1316.393013][T11393] bridge_slave_0: entered allmulticast mode [ 1316.402894][T11393] bridge_slave_0: entered promiscuous mode [ 1316.429920][T11393] bridge0: port 2(bridge_slave_1) entered blocking state [ 1316.447632][T11393] bridge0: port 2(bridge_slave_1) entered disabled state [ 1316.454981][T11393] bridge_slave_1: entered allmulticast mode [ 1316.481259][T11393] bridge_slave_1: entered promiscuous mode [ 1316.728135][T11391] chnl_net:caif_netlink_parms(): no params data found [ 1316.813060][T11393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1316.872110][T11393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1316.911131][T11400] chnl_net:caif_netlink_parms(): no params data found [ 1316.911348][ T5327] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 1317.216021][T11393] team0: Port device team_slave_0 added [ 1317.446750][T11393] team0: Port device team_slave_1 added [ 1317.945942][ T7757] Bluetooth: hci0: command 0x040f tx timeout [ 1317.945972][ T5232] Bluetooth: hci1: command 0x040f tx timeout [ 1317.975097][T11393] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1317.982553][T11393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1318.008549][ C1] vkms_vblank_simulate: vblank timer overrun [ 1318.026397][T11393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1318.117344][ T5232] Bluetooth: hci4: command 0x040f tx timeout [ 1318.172768][T11393] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1318.179789][T11393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1318.205796][ C1] vkms_vblank_simulate: vblank timer overrun [ 1318.213868][T11393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1318.227182][T11391] bridge0: port 1(bridge_slave_0) entered blocking state [ 1318.234546][T11391] bridge0: port 1(bridge_slave_0) entered disabled state [ 1318.242600][T11391] bridge_slave_0: entered allmulticast mode [ 1318.253969][T11391] bridge_slave_0: entered promiscuous mode [ 1318.476782][T11391] bridge0: port 2(bridge_slave_1) entered blocking state [ 1318.497781][T11391] bridge0: port 2(bridge_slave_1) entered disabled state [ 1318.505169][T11391] bridge_slave_1: entered allmulticast mode [ 1318.554019][T11391] bridge_slave_1: entered promiscuous mode [ 1318.588775][T11400] bridge0: port 1(bridge_slave_0) entered blocking state [ 1318.606008][T11400] bridge0: port 1(bridge_slave_0) entered disabled state [ 1318.651624][T11400] bridge_slave_0: entered allmulticast mode [ 1318.734965][T11400] bridge_slave_0: entered promiscuous mode [ 1319.170545][T11400] bridge0: port 2(bridge_slave_1) entered blocking state [ 1319.181894][T11400] bridge0: port 2(bridge_slave_1) entered disabled state [ 1319.195228][T11400] bridge_slave_1: entered allmulticast mode [ 1319.206569][T11400] bridge_slave_1: entered promiscuous mode [ 1319.304752][T11393] hsr_slave_0: entered promiscuous mode [ 1319.331431][T11393] hsr_slave_1: entered promiscuous mode [ 1319.339681][T11393] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1319.349011][T11393] Cannot create hsr debugfs directory [ 1319.417555][T11391] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1319.657933][T11391] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1319.729599][T11400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1319.986834][T11400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1320.027027][ T5327] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1320.048136][ T5327] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1320.098022][ T5327] usb 4-1: can't read configurations, error -71 [ 1320.196841][ T5232] Bluetooth: hci0: command 0x040f tx timeout [ 1320.196862][ T7757] Bluetooth: hci1: command 0x040f tx timeout [ 1320.311957][T11391] team0: Port device team_slave_0 added [ 1320.370240][ T5232] Bluetooth: hci4: command 0x040f tx timeout [ 1320.475956][T11400] team0: Port device team_slave_0 added [ 1320.545418][T11391] team0: Port device team_slave_1 added [ 1320.656609][T11400] team0: Port device team_slave_1 added [ 1320.951356][T11400] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1321.030434][T11400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1321.070830][T11400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1321.087501][ T5327] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1321.188382][T11391] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1321.212896][T11391] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1321.239357][T11391] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1321.265845][T11391] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1321.273385][T11391] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1321.301714][T11391] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1321.304536][ T5327] usb 4-1: Using ep0 maxpacket: 16 [ 1321.341266][T11400] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1321.352172][ T5327] usb 4-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=6c.de [ 1321.353109][T11400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1321.477476][T11523] EXT4-fs warning (device sda1): ext4_group_extend:1869: need to use ext2online to resize further [ 1321.606917][T11400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1322.338238][ T5327] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1322.347915][ T5327] usb 4-1: Product: syz [ 1322.354626][ T5327] usb 4-1: Manufacturer: syz [ 1322.359939][ T5327] usb 4-1: SerialNumber: syz [ 1322.401363][ T5327] usb 4-1: config 0 descriptor?? [ 1322.461794][ T5327] ems_usb 4-1:0.0 (unnamed net_device) (uninitialized): couldn't initialize controller: -22 [ 1322.493579][ T5327] ems_usb 4-1:0.0: probe with driver ems_usb failed with error -22 [ 1323.615703][T11400] hsr_slave_0: entered promiscuous mode [ 1323.655587][T11400] hsr_slave_1: entered promiscuous mode [ 1323.674756][T11400] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1323.707495][T11400] Cannot create hsr debugfs directory [ 1323.780280][T11391] hsr_slave_0: entered promiscuous mode [ 1323.809034][T11391] hsr_slave_1: entered promiscuous mode [ 1323.839594][T11391] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1323.875233][T11391] Cannot create hsr debugfs directory [ 1324.033416][ T5319] usb 4-1: USB disconnect, device number 27 [ 1324.457730][T11554] EXT4-fs warning (device sda1): ext4_group_extend:1869: need to use ext2online to resize further [ 1327.092377][T11393] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1327.141546][T11393] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1327.151603][ T941] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 1327.242520][ T7126] bridge_slave_1: left allmulticast mode [ 1327.248217][ T7126] bridge_slave_1: left promiscuous mode [ 1327.273662][ T7126] bridge0: port 2(bridge_slave_1) entered disabled state [ 1327.289948][ T7126] bridge_slave_0: left allmulticast mode [ 1327.296751][ T7126] bridge_slave_0: left promiscuous mode [ 1327.304312][ T7126] bridge0: port 1(bridge_slave_0) entered disabled state [ 1327.331214][ T7126] bridge_slave_1: left allmulticast mode [ 1327.338497][ T7126] bridge_slave_1: left promiscuous mode [ 1327.344636][ T7126] bridge0: port 2(bridge_slave_1) entered disabled state [ 1327.371131][ T941] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1327.371311][ T7126] bridge_slave_0: left allmulticast mode [ 1327.385842][ T7126] bridge_slave_0: left promiscuous mode [ 1327.396638][ T941] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1327.399012][ T7126] bridge0: port 1(bridge_slave_0) entered disabled state [ 1327.418867][ T941] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1327.432023][ T941] usb 5-1: too many endpoints for config 1 interface 0 altsetting 48: 49, using maximum allowed: 30 [ 1327.443629][ T941] usb 5-1: config 1 interface 0 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 49 [ 1327.464883][ T941] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1327.485330][ T941] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1327.506294][ T941] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1327.516439][ T941] usb 5-1: Product: syz [ 1327.520880][ T941] usb 5-1: Manufacturer: syz [ 1329.094808][ T941] usb 5-1: USB disconnect, device number 25 [ 1331.135789][ T941] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 1331.182542][ T7126] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1331.582885][ T941] usb 5-1: Using ep0 maxpacket: 16 [ 1331.862000][ T7126] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1332.221162][ T941] usb 5-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=6c.de [ 1332.653312][ T941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1333.033265][ T7126] bond0 (unregistering): Released all slaves [ 1333.242068][ T941] usb 5-1: Product: syz [ 1333.246333][ T941] usb 5-1: Manufacturer: syz [ 1333.305133][ T941] usb 5-1: SerialNumber: syz [ 1333.322202][ T941] usb 5-1: config 0 descriptor?? [ 1333.513656][ T941] usb 5-1: can't set config #0, error -71 [ 1333.557038][ T941] usb 5-1: USB disconnect, device number 26 [ 1333.934343][ T7126] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1333.988608][ T7126] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1334.066822][ T7126] bond0 (unregistering): Released all slaves [ 1334.135335][T11393] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1334.173473][T11393] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1335.673754][ T7126] hsr_slave_0: left promiscuous mode [ 1335.686443][ T7126] hsr_slave_1: left promiscuous mode [ 1335.715785][ T7126] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1335.751626][ T7126] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1335.774936][ T7126] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1335.825964][ T7126] hsr_slave_0: left promiscuous mode [ 1335.853102][ T7126] hsr_slave_1: left promiscuous mode [ 1335.869868][ T7126] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1335.888533][ T7126] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1336.135368][ T7126] veth1_macvtap: left promiscuous mode [ 1336.141107][ T7126] veth0_macvtap: left promiscuous mode [ 1336.152707][ T7126] veth1_vlan: left promiscuous mode [ 1336.158310][ T7126] veth0_vlan: left promiscuous mode [ 1337.300570][ T5232] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 1337.595732][ T5367] usb 5-1: new full-speed USB device number 27 using dummy_hcd [ 1338.234275][ T29] audit: type=1400 audit(1727178689.082:430): avc: denied { setopt } for pid=11602 comm="syz.3.1057" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1339.437632][ T5232] Bluetooth: hci3: command 0x0406 tx timeout [ 1340.400253][ T46] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1340.922205][ T46] usb 4-1: Using ep0 maxpacket: 16 [ 1341.458502][ T46] usb 4-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=6c.de [ 1341.658440][ T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1341.666558][ T46] usb 4-1: Product: syz [ 1341.723363][ T46] usb 4-1: Manufacturer: syz [ 1341.728094][ T46] usb 4-1: SerialNumber: syz [ 1341.770492][ T46] usb 4-1: config 0 descriptor?? [ 1341.836370][ T46] usb 4-1: can't set config #0, error -71 [ 1341.857088][ T46] usb 4-1: USB disconnect, device number 28 [ 1341.961473][T11611] capability: warning: `syz.3.1059' uses deprecated v2 capabilities in a way that may be insecure [ 1342.003824][ T7126] team0 (unregistering): Port device team_slave_1 removed [ 1342.106719][ T7126] team0 (unregistering): Port device team_slave_0 removed [ 1342.654820][T11615] blktrace: Concurrent blktraces are not allowed on loop3 [ 1343.285771][ T5367] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1343.325694][ T5367] usb 5-1: unable to read config index 0 descriptor/start: -32 [ 1343.338069][ T5367] usb 5-1: chopping to 0 config(s) [ 1343.343286][ T5367] usb 5-1: can't read configurations, error -32 [ 1343.522242][ T5367] usb 5-1: new full-speed USB device number 28 using dummy_hcd [ 1343.684629][ T5367] usb 5-1: device descriptor read/64, error -32 [ 1343.911060][ T5367] usb usb5-port1: attempt power cycle [ 1345.062741][ T5367] usb 5-1: new full-speed USB device number 29 using dummy_hcd [ 1345.772535][ T5367] usb 5-1: device descriptor read/8, error -32 [ 1346.029659][ T7126] team0 (unregistering): Port device team_slave_1 removed [ 1346.079581][ T5367] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 1346.127377][ T7126] team0 (unregistering): Port device team_slave_0 removed [ 1346.135868][ T5367] usb 5-1: device descriptor read/8, error -32 [ 1346.284280][ T5367] usb usb5-port1: unable to enumerate USB device [ 1347.432716][T11628] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 1347.438700][T11628] [U] J"—e:ÀÆ" [ 1347.700566][T11393] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1347.848298][T11627] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1063'. [ 1347.857742][T11627] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1063'. [ 1347.980893][T11393] 8021q: adding VLAN 0 to HW filter on device team0 [ 1348.139676][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 1348.146914][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1348.169413][T11621] [U] f½Bq38²ú)…b¯ò¼öLð(ÈL–{®2§Ÿ¿-A¦"ÀúŠ®OúUß^Çë°p»aHòÍæÑ(Šú…˜ú)¬€Æd-RÆö¹yèþ^¾vÊÃ+ÅA³öšI [ 1348.224123][ T1121] bridge0: port 2(bridge_slave_1) entered blocking state [ 1348.232046][ T1121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1349.028400][ T5232] Bluetooth: hci6: ACL packet for unknown connection handle 200 [ 1349.052831][T11400] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1349.134458][T11400] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1349.317489][T11400] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1349.364909][T11400] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1349.786328][T11391] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1349.839951][T11391] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1349.893408][T11391] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1349.963341][T11391] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1350.056366][T11393] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1350.541209][T11393] veth0_vlan: entered promiscuous mode [ 1350.649251][T11400] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1350.731064][T11393] veth1_vlan: entered promiscuous mode [ 1350.897083][T11400] 8021q: adding VLAN 0 to HW filter on device team0 [ 1350.950632][T11391] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1351.049328][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 1351.056605][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1351.188874][ T5367] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 1351.269807][ T5232] Bluetooth: hci6: command 0x0406 tx timeout [ 1351.392700][T11393] veth0_macvtap: entered promiscuous mode [ 1351.416862][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 1351.424121][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1351.449854][T11393] veth1_macvtap: entered promiscuous mode [ 1351.555936][T11391] 8021q: adding VLAN 0 to HW filter on device team0 [ 1351.561519][ T5367] usb 5-1: Using ep0 maxpacket: 32 [ 1351.623231][ T5367] usb 5-1: config 1 interface 0 altsetting 7 endpoint 0x81 has invalid maxpacket 16706, setting to 1024 [ 1351.689630][ T5367] usb 5-1: config 1 interface 0 altsetting 7 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1351.724220][ T5367] usb 5-1: config 1 interface 0 altsetting 7 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1351.794704][ T5367] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1351.846767][ T5367] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1351.876720][ T5367] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1351.884845][ T5367] usb 5-1: Product: syz [ 1351.913856][ T5367] usb 5-1: Manufacturer: syz [ 1351.935957][ T5367] usb 5-1: SerialNumber: syz [ 1351.936601][ T7126] bridge0: port 1(bridge_slave_0) entered blocking state [ 1351.947930][ T7126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1351.997914][T11658] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1352.022363][ T7126] bridge0: port 2(bridge_slave_1) entered blocking state [ 1352.029712][ T7126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1352.096984][T11393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1352.121356][T11673] netlink: 'syz.3.1071': attribute type 1 has an invalid length. [ 1352.139262][T11673] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1071'. [ 1352.156775][T11393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1352.190955][T11393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1352.221766][T11393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1352.267047][T11393] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1352.377052][ T5367] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 1352.404872][T11393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1352.428341][ T5367] usb 5-1: USB disconnect, device number 31 [ 1352.445521][T11393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1352.484888][T11393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1352.498097][T11393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1352.513690][T11393] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1352.620174][T11393] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1352.665563][T11393] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1352.709253][T11393] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1352.735708][T11393] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1353.281202][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1353.305492][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1353.518470][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1353.545679][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1353.731873][T11400] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1353.811955][ T5232] Bluetooth: hci6: ACL packet for unknown connection handle 200 [ 1354.017606][T11400] veth0_vlan: entered promiscuous mode [ 1354.225771][T11400] veth1_vlan: entered promiscuous mode [ 1354.288311][T11391] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1354.483995][T11400] veth0_macvtap: entered promiscuous mode [ 1354.557265][T11400] veth1_macvtap: entered promiscuous mode [ 1354.847818][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1354.889162][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.908107][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1354.923570][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1354.934437][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1354.947167][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1355.053322][T11722] EXT4-fs warning (device sda1): ext4_group_extend:1869: need to use ext2online to resize further [ 1355.944726][T11400] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1355.992699][ T5232] Bluetooth: hci6: command 0x0406 tx timeout [ 1356.155448][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1356.266486][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1356.278505][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1356.297957][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1356.325070][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1356.336621][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1356.401326][T11400] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1362.536462][T11400] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1362.604307][T11400] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1362.621761][T11400] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1362.691268][T11400] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1363.597507][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1363.605708][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1363.905580][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1363.924879][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1364.344670][T11751] netlink: 'syz.1.1080': attribute type 1 has an invalid length. [ 1364.363718][T11751] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1080'. [ 1364.931002][ T5232] Bluetooth: hci6: command 0x0406 tx timeout [ 1366.182844][ T5238] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1366.196755][ T5238] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1366.206438][ T5238] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1366.259843][ T5238] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1366.270632][ T5238] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1366.284940][ T5238] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1368.437675][ T29] audit: type=1400 audit(1727178716.957:431): avc: denied { append } for pid=11800 comm="syz.3.1090" name="dlm-control" dev="devtmpfs" ino=94 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1368.682994][ T5232] Bluetooth: hci0: command tx timeout [ 1369.512236][ T11] bridge_slave_1: left allmulticast mode [ 1369.527979][ T11] bridge_slave_1: left promiscuous mode [ 1369.533950][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1369.641158][ T11] bridge_slave_0: left allmulticast mode [ 1369.652434][ T11] bridge_slave_0: left promiscuous mode [ 1369.676138][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1369.967560][ T5232] Bluetooth: hci1: command 0x040f tx timeout [ 1370.240829][T11395] udevd[11395]: Failed to create symlink /run/udev/watch/928: File exists [ 1370.984913][ T5232] Bluetooth: hci0: command tx timeout [ 1371.905655][T11825] netlink: 'syz.4.1095': attribute type 1 has an invalid length. [ 1371.933908][T11825] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1095'. [ 1372.381515][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1372.396963][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1372.426890][ T11] bond0 (unregistering): Released all slaves [ 1372.832110][ T11] hsr_slave_0: left promiscuous mode [ 1372.904074][ T11] hsr_slave_1: left promiscuous mode [ 1372.985645][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1373.067579][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1373.329136][ T5232] Bluetooth: hci0: command tx timeout [ 1375.588539][ T5232] Bluetooth: hci0: command tx timeout [ 1377.075405][ T29] audit: type=1400 audit(1727178724.931:432): avc: denied { listen } for pid=11871 comm="syz.0.1104" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1377.878385][ T5232] Bluetooth: hci3: Unable to find connection with handle 0x00c8 [ 1378.356772][T11891] netlink: 'syz.0.1107': attribute type 1 has an invalid length. [ 1378.367337][T11891] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1107'. [ 1378.644641][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1379.402681][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1381.606084][T11902] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1381.682506][T11902] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1381.734039][T11902] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1381.768002][T11772] chnl_net:caif_netlink_parms(): no params data found [ 1381.807881][T11902] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1381.845611][T11902] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1381.852446][T11902] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1381.892462][T11902] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1381.920010][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 1381.926403][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 1382.943103][T11772] bridge0: port 1(bridge_slave_0) entered blocking state [ 1382.968918][T11772] bridge0: port 1(bridge_slave_0) entered disabled state [ 1382.997010][T11772] bridge_slave_0: entered allmulticast mode [ 1383.087526][T11772] bridge_slave_0: entered promiscuous mode [ 1383.140129][T11772] bridge0: port 2(bridge_slave_1) entered blocking state [ 1383.183250][T11772] bridge0: port 2(bridge_slave_1) entered disabled state [ 1383.220189][T11772] bridge_slave_1: entered allmulticast mode [ 1383.252700][T11772] bridge_slave_1: entered promiscuous mode [ 1383.705332][T11772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1383.814744][ T7757] Bluetooth: hci6: command 0x0406 tx timeout [ 1383.850993][T11772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1383.901257][ T7757] Bluetooth: hci1: command 0x040f tx timeout [ 1383.905264][ T5232] Bluetooth: hci3: command 0x0406 tx timeout [ 1383.991737][ T5232] Bluetooth: hci4: command 0x040f tx timeout [ 1384.074459][ T5232] Bluetooth: hci0: command 0x0c1a tx timeout [ 1384.321269][T11772] team0: Port device team_slave_0 added [ 1384.473449][T11772] team0: Port device team_slave_1 added [ 1384.542114][T11953] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 1384.548086][T11953] [U] J"—e:ÀÆ" [ 1385.727250][T11772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1385.948694][T11772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1386.000102][T11942] [U] f½Bq38²ú)…b¯ò¼öLð(ÈL–{®2§Ÿ¿-A¦"ÀúŠ®OúUß^Çë°p»aHòÍæÑ(Šú…˜ú)¬€Æd-RÆö¹yèþ^¾vÊÃ+ÅA³öšI [ 1386.084080][T11772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1386.209131][T11966] netlink: 'syz.0.1120': attribute type 1 has an invalid length. [ 1386.231561][T11772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1386.238574][T11772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1386.274116][T11966] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1120'. [ 1386.327963][ T5232] Bluetooth: hci0: command 0x0c1a tx timeout [ 1386.389172][T11772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1386.643960][T11975] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 1386.649941][T11975] [U] J"—e:ÀÆ" [ 1387.869644][T11982] 9pnet_fd: Insufficient options for proto=fd [ 1388.581428][ T5232] Bluetooth: hci0: command 0x0c1a tx timeout [ 1388.640252][T11772] hsr_slave_0: entered promiscuous mode [ 1388.714900][T11772] hsr_slave_1: entered promiscuous mode [ 1388.730473][T11967] [U] f½Bq38²ú)…b¯ò¼öLð(ÈL–{®2§Ÿ¿-A¦"ÀúŠ®OúUß^Çë°p»aHòÍæÑ(Šú…˜ú)¬€Æd-RÆö¹yèþ^¾vÊÃ+ÅA³öšI [ 1393.797717][T11772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1393.841759][T11986] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11986 comm=syz.3.1125 [ 1393.843784][T11772] Cannot create hsr debugfs directory [ 1394.677611][T11999] 9pnet_fd: Insufficient options for proto=fd [ 1395.842475][T12009] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 262144 (only 8 groups) [ 1401.477887][T12024] netlink: 'syz.4.1130': attribute type 12 has an invalid length. [ 1401.858956][ T29] audit: type=1800 audit(1727178747.803:433): pid=12035 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.1134" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1401.961178][ T29] audit: type=1804 audit(1727178747.812:434): pid=12035 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.0.1134" name="/newroot/15/file0" dev="fuse" ino=1 res=1 errno=0 [ 1402.308486][ T5327] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 1402.803743][ T5327] usb 5-1: Using ep0 maxpacket: 32 [ 1402.823302][ T5327] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 1402.832035][ T5327] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1402.861056][ T5327] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1402.874286][T12049] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12049 comm=syz.0.1137 [ 1403.015946][ T5327] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1403.025989][ T5327] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1403.035938][ T5327] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1403.049369][ T5327] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1403.059075][ T5327] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1403.154329][T12054] 9pnet_fd: Insufficient options for proto=fd [ 1403.507705][T12051] vivid-001: kernel_thread() failed [ 1403.806045][ T5327] usb 5-1: config 0 descriptor?? [ 1403.818846][T12045] netlink: 'syz.1.1136': attribute type 1 has an invalid length. [ 1403.890245][T12045] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1136'. [ 1404.295545][ T29] audit: type=1400 audit(1727178750.037:435): avc: denied { setopt } for pid=12058 comm="syz.3.1139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 1409.947979][ T5327] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 32 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1410.186961][ T5327] usb 5-1: USB disconnect, device number 32 [ 1410.372912][ T5327] usblp0: removed [ 1410.903882][T11772] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1410.959601][T11772] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1411.051095][T11772] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1411.125702][T11772] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1411.914695][T11772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1412.057571][T11772] 8021q: adding VLAN 0 to HW filter on device team0 [ 1412.197859][ T1121] bridge0: port 1(bridge_slave_0) entered blocking state [ 1412.205290][ T1121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1412.283594][ T1121] bridge0: port 2(bridge_slave_1) entered blocking state [ 1412.290907][ T1121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1413.657005][T11772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1413.731042][T12086] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1413.793940][T12086] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1413.805093][ T5232] Bluetooth: hci6: command 0x0406 tx timeout [ 1413.931677][T12086] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1413.973212][T12086] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1414.017428][T12086] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1414.470173][T11772] veth0_vlan: entered promiscuous mode [ 1414.571293][T11772] veth1_vlan: entered promiscuous mode [ 1414.839530][ T7757] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1414.857481][ T7757] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1414.887958][T11772] veth0_macvtap: entered promiscuous mode [ 1414.900254][ T7757] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1414.953985][ T7757] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1415.000659][ T5238] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1415.010449][T11772] veth1_macvtap: entered promiscuous mode [ 1415.010702][ T5238] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1415.162472][T11772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1415.281784][T11772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1415.334243][T11772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1415.402834][T11772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1415.456675][T11772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1415.509209][T11772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1415.540490][T11772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1415.789128][T11772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1415.959489][T12130] 9pnet_fd: Insufficient options for proto=fd [ 1416.063138][ T5238] Bluetooth: hci3: command 0x0406 tx timeout [ 1416.143824][ T5238] Bluetooth: hci4: command 0x040f tx timeout [ 1416.154792][ T5232] Bluetooth: hci1: command 0x040f tx timeout [ 1416.232386][ T5232] Bluetooth: hci0: command 0x0c1a tx timeout [ 1416.669353][T11772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1416.769542][T11772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1416.884438][T11772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1416.947123][T11772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1416.988859][T11772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1416.989607][T12137] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12137 comm=syz.0.1149 [ 1416.998748][T11772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1416.998779][T11772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1417.213227][T11772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1417.257666][T12144] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 1417.263654][T12144] [U] J"—e:ÀÆ" [ 1417.281584][T11772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1417.290912][ T7757] Bluetooth: hci2: command tx timeout [ 1417.323523][T11772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1417.519211][T11772] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1417.574035][T11772] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1417.664363][T12152] EXT4-fs warning (device sda1): ext4_group_extend:1869: need to use ext2online to resize further [ 1418.506780][ T7757] Bluetooth: hci0: command 0x0c1a tx timeout [ 1418.528780][T11772] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1418.537687][T11772] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1418.563042][T12134] [U] f½Bq38²ú)…b¯ò¼öLð(ÈL–{®2§Ÿ¿-A¦"ÀúŠ®OúUß^Çë°p»aHòÍæÑ(Šú…˜ú)¬€Æd-RÆö¹yèþ^¾vÊÃ+ÅA³öšI [ 1419.524107][ T7757] Bluetooth: hci2: command tx timeout [ 1421.777586][ T7757] Bluetooth: hci2: command tx timeout [ 1424.031045][ T7757] Bluetooth: hci2: command tx timeout [ 1424.897467][ T7126] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1424.953110][ T7126] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1425.187253][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1425.245253][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1425.356625][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1425.414512][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1425.454669][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1425.503706][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1425.526097][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1425.789496][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1425.798660][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1425.808182][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1425.815622][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1425.829974][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1426.043723][T12181] 9pnet_fd: Insufficient options for proto=fd [ 1426.423541][T12180] vivid-000: kernel_thread() failed [ 1426.753211][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1426.760677][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1426.806050][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1426.813504][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1426.866255][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1426.882288][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1426.922424][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1426.929494][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1426.992635][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1427.965481][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1427.975703][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1427.983347][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1427.992853][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1428.026136][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1428.103288][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1428.127895][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1428.168323][T12118] chnl_net:caif_netlink_parms(): no params data found [ 1428.175563][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1428.242809][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1428.270396][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1428.343123][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1428.356962][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1428.408347][ T8] hid-generic 0000:0000:0002.0003: unknown main item tag 0x0 [ 1428.505842][ T8] hid-generic 0000:0000:0002.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1429.950309][T12204] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12204 comm=syz.0.1160 [ 1430.187714][T12118] bridge0: port 1(bridge_slave_0) entered blocking state [ 1430.209514][T12118] bridge0: port 1(bridge_slave_0) entered disabled state [ 1430.217073][T12118] bridge_slave_0: entered allmulticast mode [ 1430.262389][T12118] bridge_slave_0: entered promiscuous mode [ 1430.308354][T12118] bridge0: port 2(bridge_slave_1) entered blocking state [ 1430.345595][T12118] bridge0: port 2(bridge_slave_1) entered disabled state [ 1431.339325][T12118] bridge_slave_1: entered allmulticast mode [ 1431.346208][T12199] 9pnet_fd: Insufficient options for proto=fd [ 1431.367097][T12118] bridge_slave_1: entered promiscuous mode [ 1432.171182][T12220] EXT4-fs warning (device sda1): ext4_group_extend:1869: need to use ext2online to resize further [ 1433.114987][T12118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1433.277846][T12118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1434.834799][T12118] team0: Port device team_slave_0 added [ 1434.926788][T12118] team0: Port device team_slave_1 added [ 1436.221121][T12238] vivid-002: kernel_thread() failed [ 1436.775690][T12118] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1436.812390][T12118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1437.013872][T12118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1437.051080][T12118] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1437.106629][T12118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1437.256010][T12118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1437.350445][T12253] blktrace: Concurrent blktraces are not allowed on loop3 [ 1442.986544][ T5232] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1443.017933][ T5232] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1443.028217][ T5232] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1443.056195][ T5232] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1443.067078][ T5232] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1443.076247][ T5232] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1443.310310][T12118] hsr_slave_0: entered promiscuous mode [ 1443.371366][T12265] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12265 comm=syz.1.1170 [ 1443.388115][T12118] hsr_slave_1: entered promiscuous mode [ 1443.414456][T12118] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1443.422104][T12118] Cannot create hsr debugfs directory [ 1443.499461][T12267] 9pnet_fd: Insufficient options for proto=fd [ 1443.808824][T12275] EXT4-fs warning (device sda1): ext4_group_extend:1869: need to use ext2online to resize further [ 1444.992405][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1445.374809][ T5232] Bluetooth: hci5: command tx timeout [ 1445.496809][T12292] 9pnet_fd: Insufficient options for proto=fd [ 1446.206911][T12278] sp0: Synchronizing with TNC [ 1446.422044][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1446.658468][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1447.691899][T12302] vivid-004: kernel_thread() failed [ 1447.942541][ T5232] Bluetooth: hci5: command tx timeout [ 1448.123417][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1448.252735][T12311] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12311 comm=syz.0.1180 [ 1448.479385][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 1448.562573][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 1450.132051][ T5232] Bluetooth: hci5: command tx timeout [ 1451.292010][T12323] 9pnet_fd: Insufficient options for proto=fd [ 1452.375291][ T5232] Bluetooth: hci5: command tx timeout [ 1453.951781][ T29] audit: type=1400 audit(1727178795.042:436): avc: denied { ioctl } for pid=12326 comm="syz.0.1183" path="/dev/vhost-net" dev="devtmpfs" ino=1084 ioctlcmd=0xaf00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 1454.135000][T12330] netlink: 'syz.1.1184': attribute type 12 has an invalid length. [ 1454.181203][T12330] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1184'. [ 1454.343853][ T11] bridge_slave_1: left allmulticast mode [ 1454.360508][ T11] bridge_slave_1: left promiscuous mode [ 1454.377518][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1454.421514][ T5232] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 1454.453073][ T11] bridge_slave_0: left allmulticast mode [ 1454.458999][ T11] bridge_slave_0: left promiscuous mode [ 1454.470451][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1456.401150][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1456.417835][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1456.434588][ T11] bond0 (unregistering): Released all slaves [ 1456.488823][T12259] chnl_net:caif_netlink_parms(): no params data found [ 1457.210465][T12353] sp0: Synchronizing with TNC [ 1457.642274][T12353] 9pnet_fd: Insufficient options for proto=fd [ 1458.948998][ T11] hsr_slave_0: left promiscuous mode [ 1458.956360][ T11] hsr_slave_1: left promiscuous mode [ 1458.979683][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1458.989799][T12363] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12363 comm=syz.1.1190 [ 1459.014107][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1459.029677][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1459.067731][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1459.097298][T12365] 9pnet_fd: Insufficient options for proto=fd [ 1459.191613][ T11] veth1_macvtap: left promiscuous mode [ 1459.210730][ T11] veth0_macvtap: left promiscuous mode [ 1459.251000][ T11] veth1_vlan: left promiscuous mode [ 1459.264881][ T11] veth0_vlan: left promiscuous mode [ 1464.083841][T12377] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1194'. [ 1465.882156][T12387] FAULT_INJECTION: forcing a failure. [ 1465.882156][T12387] name failslab, interval 1, probability 0, space 0, times 0 [ 1465.959453][T12387] CPU: 0 UID: 0 PID: 12387 Comm: syz.0.1197 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1465.971070][T12387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1465.981280][T12387] Call Trace: [ 1465.984701][T12387] [ 1465.987792][T12387] dump_stack_lvl+0x16c/0x1f0 [ 1465.992612][T12387] should_fail_ex+0x497/0x5b0 [ 1465.997484][T12387] ? fs_reclaim_acquire+0xae/0x160 [ 1466.002750][T12387] should_failslab+0xc2/0x120 [ 1466.007536][T12387] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1466.013871][T12387] ? __alloc_skb+0x2b1/0x380 [ 1466.018722][T12387] __alloc_skb+0x2b1/0x380 [ 1466.023333][T12387] ? __pfx___alloc_skb+0x10/0x10 [ 1466.028467][T12387] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 1466.035460][T12387] ? __import_iovec+0x1fd/0x6e0 [ 1466.040417][T12387] pfkey_sendmsg+0x16e/0x840 [ 1466.045104][T12387] ____sys_sendmsg+0xaaf/0xc90 [ 1466.049987][T12387] ? copy_msghdr_from_user+0x10b/0x160 [ 1466.055531][T12387] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1466.060985][T12387] ? __pfx___lock_acquire+0x10/0x10 [ 1466.066268][T12387] ___sys_sendmsg+0x135/0x1e0 [ 1466.071228][T12387] ? __pfx____sys_sendmsg+0x10/0x10 [ 1466.076513][T12387] ? find_held_lock+0x2d/0x110 [ 1466.081456][T12387] ? ksys_write+0x21c/0x260 [ 1466.086346][T12387] ? __fget_light+0x173/0x210 [ 1466.091359][T12387] __sys_sendmsg+0x117/0x1f0 [ 1466.096475][T12387] ? __pfx___sys_sendmsg+0x10/0x10 [ 1466.101749][T12387] do_syscall_64+0xcd/0x250 [ 1466.106416][T12387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1466.112469][T12387] RIP: 0033:0x7fb525b7def9 [ 1466.117044][T12387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1466.136926][T12387] RSP: 002b:00007fb5268ab038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1466.145414][T12387] RAX: ffffffffffffffda RBX: 00007fb525d35f80 RCX: 00007fb525b7def9 [ 1466.153639][T12387] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 1466.161645][T12387] RBP: 00007fb5268ab090 R08: 0000000000000000 R09: 0000000000000000 [ 1466.169827][T12387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1466.178035][T12387] R13: 0000000000000000 R14: 00007fb525d35f80 R15: 00007ffe9d284a18 [ 1466.186278][T12387] [ 1466.189459][ C0] vkms_vblank_simulate: vblank timer overrun [ 1466.728503][ T29] audit: type=1400 audit(1727178807.678:437): avc: denied { read } for pid=12392 comm="syz.1.1199" name="fb0" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1466.814916][ T29] audit: type=1400 audit(1727178807.678:438): avc: denied { open } for pid=12392 comm="syz.1.1199" path="/dev/fb0" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1466.839306][ C0] vkms_vblank_simulate: vblank timer overrun [ 1467.385751][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1467.583497][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1468.322345][T12405] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12405 comm=syz.0.1200 [ 1469.110544][ T5232] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 1469.485201][ T7757] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1469.501692][ T7757] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1469.529756][ T7757] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1469.549292][ T7757] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1469.558973][ T7757] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1469.567021][ T7757] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1470.536392][ T11] lo (unregistering): left allmulticast mode [ 1471.095123][ T7757] Bluetooth: hci4: command 0x040f tx timeout [ 1471.214683][T12259] bridge0: port 1(bridge_slave_0) entered blocking state [ 1471.254941][T12259] bridge0: port 1(bridge_slave_0) entered disabled state [ 1471.286893][T12259] bridge_slave_0: entered allmulticast mode [ 1471.314300][T12259] bridge_slave_0: entered promiscuous mode [ 1471.385379][T12259] bridge0: port 2(bridge_slave_1) entered blocking state [ 1471.422361][T12259] bridge0: port 2(bridge_slave_1) entered disabled state [ 1471.449226][T12259] bridge_slave_1: entered allmulticast mode [ 1471.486440][T12259] bridge_slave_1: entered promiscuous mode [ 1471.886110][ T7757] Bluetooth: hci3: command tx timeout [ 1472.540706][T12259] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1472.603288][T12259] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1473.000247][T12259] team0: Port device team_slave_0 added [ 1473.030750][T12259] team0: Port device team_slave_1 added [ 1473.049713][T12118] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1473.198048][T12118] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1473.264329][T12118] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1473.503770][T12118] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1473.560029][T12259] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1473.592795][T12259] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1473.619977][ C0] vkms_vblank_simulate: vblank timer overrun [ 1473.678685][T12259] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1473.735856][T12259] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1473.760241][T12259] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1473.812550][T12259] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1474.122954][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1474.137003][ T7757] Bluetooth: hci3: command tx timeout [ 1474.350258][T12259] hsr_slave_0: entered promiscuous mode [ 1474.378569][T12259] hsr_slave_1: entered promiscuous mode [ 1474.578122][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1474.947778][T12441] 9pnet_fd: Insufficient options for proto=fd [ 1475.458766][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1475.529813][T12444] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12444 comm=syz.0.1210 [ 1475.911952][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1476.135915][ T5213] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 1476.481187][ T7757] Bluetooth: hci3: command tx timeout [ 1476.584110][ T5213] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1476.713213][ T5213] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1476.891532][ T5213] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1476.938810][ T5213] usb 1-1: too many endpoints for config 1 interface 0 altsetting 48: 49, using maximum allowed: 30 [ 1477.022418][ T5213] usb 1-1: config 1 interface 0 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 49 [ 1477.057674][ T5213] usb 1-1: config 1 interface 0 has no altsetting 0 [ 1477.075811][ T5213] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1477.097018][ T5213] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1477.105197][ T5213] usb 1-1: Product: syz [ 1477.110630][ T5213] usb 1-1: Manufacturer: syz [ 1477.157519][T12413] chnl_net:caif_netlink_parms(): no params data found [ 1477.422293][ T5367] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1477.520599][ T5213] usb 1-1: USB disconnect, device number 23 [ 1477.594423][T12259] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1477.641010][ T5367] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1477.680762][ T5367] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1477.704738][ T5367] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1477.713959][ T5367] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1477.822325][ T5367] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1477.845532][ T5367] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1477.853814][ T5367] usb 2-1: Product: syz [ 1477.881872][ T5367] usb 2-1: Manufacturer: syz [ 1477.900659][ T5367] cdc_wdm 2-1:1.0: skipping garbage [ 1477.905984][ T5367] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1478.023998][T12259] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1478.109916][T12413] bridge0: port 1(bridge_slave_0) entered blocking state [ 1478.125561][T12413] bridge0: port 1(bridge_slave_0) entered disabled state [ 1478.374901][T12413] bridge_slave_0: entered allmulticast mode [ 1478.630406][T12413] bridge_slave_0: entered promiscuous mode [ 1478.733389][ T7757] Bluetooth: hci3: command tx timeout [ 1478.856775][T12413] bridge0: port 2(bridge_slave_1) entered blocking state [ 1478.892484][T12413] bridge0: port 2(bridge_slave_1) entered disabled state [ 1478.907678][T12413] bridge_slave_1: entered allmulticast mode [ 1478.916982][T12413] bridge_slave_1: entered promiscuous mode [ 1479.023759][ T9] usb 2-1: USB disconnect, device number 8 [ 1479.039605][T12259] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1479.532222][T12259] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1479.674591][T12413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1479.758418][T12413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1479.914091][ T5327] usb 2-1: new low-speed USB device number 9 using dummy_hcd [ 1480.189588][ T5327] usb 2-1: device descriptor read/64, error -71 [ 1480.397793][T12413] team0: Port device team_slave_0 added [ 1480.522582][ T5327] usb 2-1: new low-speed USB device number 10 using dummy_hcd [ 1480.558000][T12413] team0: Port device team_slave_1 added [ 1480.737502][ T5327] usb 2-1: device descriptor read/64, error -71 [ 1480.851345][ T5232] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1481.268771][ T5232] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1481.282218][ T5327] usb usb2-port1: attempt power cycle [ 1481.284184][ T5232] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1481.303361][ T5232] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1481.321216][ T5232] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1481.380154][ T5232] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1481.482408][ T11] bridge_slave_1: left allmulticast mode [ 1481.523577][ T11] bridge_slave_1: left promiscuous mode [ 1481.548117][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1481.599481][ T11] bridge_slave_0: left allmulticast mode [ 1481.628088][ T11] bridge_slave_0: left promiscuous mode [ 1481.634237][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1481.668674][ T11] bridge_slave_1: left allmulticast mode [ 1481.675748][ T11] bridge_slave_1: left promiscuous mode [ 1481.687265][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1481.740451][ T11] bridge_slave_0: left allmulticast mode [ 1481.749000][ T11] bridge_slave_0: left promiscuous mode [ 1481.807863][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1481.853692][ T5327] usb 2-1: new low-speed USB device number 11 using dummy_hcd [ 1481.919362][ T5327] usb 2-1: device descriptor read/8, error -71 [ 1482.223001][ T5327] usb 2-1: new low-speed USB device number 12 using dummy_hcd [ 1482.283946][ T5327] usb 2-1: device descriptor read/8, error -71 [ 1482.428321][ T5327] usb usb2-port1: unable to enumerate USB device [ 1482.857338][T12494] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12494 comm=syz.1.1219 [ 1483.741755][ T5232] Bluetooth: hci0: command tx timeout [ 1483.868954][T12501] 9pnet_fd: Insufficient options for proto=fd [ 1484.747227][T12505] blktrace: Concurrent blktraces are not allowed on loop3 [ 1484.985850][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1485.020184][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1485.037610][ T11] bond0 (unregistering): Released all slaves [ 1485.494123][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1485.519636][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1485.534980][ T11] bond0 (unregistering): Released all slaves [ 1485.804140][T12413] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1485.815820][T12413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1485.879500][T12413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1485.893877][T12413] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1485.912614][T12413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1485.956706][T12413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1486.004051][ T5232] Bluetooth: hci0: command tx timeout [ 1486.055613][T12483] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1218'. [ 1486.075035][T12483] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1218'. [ 1487.758527][ T5367] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1488.257275][ T5232] Bluetooth: hci0: command tx timeout [ 1488.968524][ T5367] usb 2-1: Using ep0 maxpacket: 16 [ 1489.665387][ T5367] usb 2-1: device descriptor read/all, error -71 [ 1489.831337][T12413] hsr_slave_0: entered promiscuous mode [ 1489.854745][T12413] hsr_slave_1: entered promiscuous mode [ 1489.884531][T12413] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1489.901815][T12413] Cannot create hsr debugfs directory [ 1490.510000][ T5232] Bluetooth: hci0: command tx timeout [ 1490.869979][T12526] mkiss: ax0: crc mode is auto. [ 1490.875238][T12259] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1491.262329][T12259] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1492.057106][T12259] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1492.377211][T12259] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1494.756398][ T11] hsr_slave_0: left promiscuous mode [ 1494.775464][ T11] hsr_slave_1: left promiscuous mode [ 1494.791462][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1494.799122][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1494.845634][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1494.853149][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1494.887087][ T11] hsr_slave_0: left promiscuous mode [ 1494.896044][ T11] hsr_slave_1: left promiscuous mode [ 1494.913654][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1494.930988][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1494.949626][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1494.963158][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1494.984778][T12558] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1228'. [ 1495.058122][ T11] veth1_macvtap: left promiscuous mode [ 1495.063910][ T11] veth0_macvtap: left promiscuous mode [ 1495.069671][ T11] veth1_vlan: left promiscuous mode [ 1495.075306][ T11] veth0_vlan: left promiscuous mode [ 1495.085513][ T11] veth1_macvtap: left promiscuous mode [ 1495.091214][ T11] veth0_macvtap: left promiscuous mode [ 1495.098302][ T11] veth1_vlan: left promiscuous mode [ 1495.104266][ T11] veth0_vlan: left promiscuous mode [ 1496.384749][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1496.488489][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1498.275398][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1498.364139][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1499.741457][T12563] trusted_key: encrypted_key: insufficient parameters specified [ 1499.922472][T12566] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1230'. [ 1500.329695][T12568] gfs2: path_lookup on c::: returned error -2 [ 1500.386965][ T29] audit: type=1400 audit(1727178838.737:439): avc: denied { connect } for pid=12565 comm="syz.0.1230" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 1501.918559][ T5367] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 1502.105219][T12477] chnl_net:caif_netlink_parms(): no params data found [ 1502.181235][ T5367] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1502.199979][ T5367] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1502.259989][ T5367] usb 1-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 1502.299306][ T5367] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1502.347118][ T5367] usb 1-1: config 0 descriptor?? [ 1502.457117][T12413] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1502.664540][T12413] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1502.751172][T12413] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1502.809727][ T7757] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1502.834802][ T7757] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1502.845362][ T7757] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1502.863917][ T7757] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1502.894500][ T7757] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1502.902667][ T7757] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1503.022774][T12477] bridge0: port 1(bridge_slave_0) entered blocking state [ 1503.061992][T12477] bridge0: port 1(bridge_slave_0) entered disabled state [ 1503.101557][T12477] bridge_slave_0: entered allmulticast mode [ 1503.109573][T12477] bridge_slave_0: entered promiscuous mode [ 1503.204409][T12413] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1503.263711][T12477] bridge0: port 2(bridge_slave_1) entered blocking state [ 1503.537399][T12477] bridge0: port 2(bridge_slave_1) entered disabled state [ 1503.546191][T12477] bridge_slave_1: entered allmulticast mode [ 1503.562919][T12477] bridge_slave_1: entered promiscuous mode [ 1503.571367][ T29] audit: type=1400 audit(1727178841.672:440): avc: denied { ioctl } for pid=12587 comm="syz.1.1232" path="/dev/fb0" dev="devtmpfs" ino=631 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1503.583355][T12591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1503.588090][T12591] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1503.635539][ C1] vkms_vblank_simulate: vblank timer overrun [ 1504.098682][T12477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1504.159584][T12477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1504.179358][ T29] audit: type=1400 audit(1727178842.245:441): avc: denied { accept } for pid=12569 comm="syz.0.1231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 1505.246280][ T5232] Bluetooth: hci2: command tx timeout [ 1505.315923][T12477] team0: Port device team_slave_0 added [ 1505.361810][T12477] team0: Port device team_slave_1 added [ 1505.565917][ T5327] usb 1-1: USB disconnect, device number 24 [ 1505.882038][T12477] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1505.894656][T12477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1505.967695][T12477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1506.087939][T12477] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1506.108259][T12477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1506.155940][T12477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1506.312785][ T29] audit: type=1400 audit(1727178844.220:442): avc: denied { read append } for pid=12613 comm="syz.1.1235" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 1506.497319][T12622] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1236'. [ 1508.315507][ T5232] Bluetooth: hci2: command tx timeout [ 1508.430423][T12477] hsr_slave_0: entered promiscuous mode [ 1508.484491][T12477] hsr_slave_1: entered promiscuous mode [ 1508.875374][T12477] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1508.883026][T12477] Cannot create hsr debugfs directory [ 1510.158539][ T29] audit: type=1800 audit(1727178847.773:443): pid=12648 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.1240" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1510.248509][ T29] audit: type=1804 audit(1727178847.801:444): pid=12648 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.1.1240" name="/newroot/53/file0" dev="fuse" ino=1 res=1 errno=0 [ 1510.476158][T12413] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1510.542425][ T7757] Bluetooth: hci2: command tx timeout [ 1511.218279][T12583] chnl_net:caif_netlink_parms(): no params data found [ 1512.795974][ T7757] Bluetooth: hci2: command tx timeout [ 1513.351277][T12413] 8021q: adding VLAN 0 to HW filter on device team0 [ 1513.791133][T12583] bridge0: port 1(bridge_slave_0) entered blocking state [ 1513.807399][T12583] bridge0: port 1(bridge_slave_0) entered disabled state [ 1513.816442][T12583] bridge_slave_0: entered allmulticast mode [ 1513.837040][T12583] bridge_slave_0: entered promiscuous mode [ 1513.856715][ T7071] bridge0: port 1(bridge_slave_0) entered blocking state [ 1513.864220][ T7071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1514.064824][T12583] bridge0: port 2(bridge_slave_1) entered blocking state [ 1514.072124][T12583] bridge0: port 2(bridge_slave_1) entered disabled state [ 1514.128895][T12583] bridge_slave_1: entered allmulticast mode [ 1514.132987][T12682] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1244'. [ 1514.137512][T12583] bridge_slave_1: entered promiscuous mode [ 1514.657527][ T7071] bridge0: port 2(bridge_slave_1) entered blocking state [ 1514.664969][ T7071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1514.728278][T12583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1514.808508][T12583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1514.926047][T12692] Cannot find del_set index 0 as target [ 1514.940554][T12692] fuse: Unknown parameter 'use00000000000000000000' [ 1514.960662][T12692] bio_check_eod: 2 callbacks suppressed [ 1514.960693][T12692] syz.1.1246: attempt to access beyond end of device [ 1514.960693][T12692] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 1515.013964][T12692] syz.1.1246: attempt to access beyond end of device [ 1515.013964][T12692] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 1515.046705][T12692] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 1515.047971][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 1515.071737][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 1515.104594][T12692] syz.1.1246: attempt to access beyond end of device [ 1515.104594][T12692] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 1515.130126][T12692] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 1515.146961][T12692] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 1515.154600][T12692] UDF-fs: Scanning with blocksize 512 failed [ 1515.187580][T12692] syz.1.1246: attempt to access beyond end of device [ 1515.187580][T12692] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 1515.219758][T12692] syz.1.1246: attempt to access beyond end of device [ 1515.219758][T12692] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 1515.244940][T12692] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 1515.269319][T12692] syz.1.1246: attempt to access beyond end of device [ 1515.269319][T12692] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 1515.288499][T12692] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 1515.320541][T12692] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 1515.328337][T12692] UDF-fs: Scanning with blocksize 1024 failed [ 1515.356083][T12692] syz.1.1246: attempt to access beyond end of device [ 1515.356083][T12692] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 1515.382459][T12692] syz.1.1246: attempt to access beyond end of device [ 1515.382459][T12692] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 1515.401593][T12692] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 1515.678284][T12692] syz.1.1246: attempt to access beyond end of device [ 1515.678284][T12692] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 1515.691690][T12692] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 1515.714360][T12583] team0: Port device team_slave_0 added [ 1515.757443][T12583] team0: Port device team_slave_1 added [ 1515.981149][T12692] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 1516.035859][T12692] UDF-fs: Scanning with blocksize 2048 failed [ 1516.042667][T12692] syz.1.1246: attempt to access beyond end of device [ 1516.042667][T12692] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1516.112387][ T8] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 1516.121391][T12692] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 1516.139303][T12692] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 1516.149230][T12692] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 1516.184235][T12692] UDF-fs: Scanning with blocksize 4096 failed [ 1516.196663][T12692] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 1516.312461][T12583] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1516.338895][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 1516.348488][ T8] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 1516.354318][T12583] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1516.394024][ T8] usb 1-1: config 0 has no interface number 0 [ 1516.400354][ T8] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1516.425619][ T8] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1516.434760][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1516.462286][ T8] usb 1-1: config 0 descriptor?? [ 1516.511550][ T8] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1516.557587][T12583] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1516.710270][ T8] usb 1-1: USB disconnect, device number 25 [ 1516.742958][ T8] iowarrior 1-1:0.1: I/O-Warror #0 now disconnected [ 1516.799246][ T11] bridge_slave_1: left allmulticast mode [ 1516.838197][ T11] bridge_slave_1: left promiscuous mode [ 1516.844297][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1516.890607][ T11] bridge_slave_0: left allmulticast mode [ 1516.899802][ T11] bridge_slave_0: left promiscuous mode [ 1516.912261][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1516.962984][ T11] bridge_slave_1: left allmulticast mode [ 1516.974282][ T11] bridge_slave_1: left promiscuous mode [ 1516.993500][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1517.048019][ T11] bridge_slave_0: left allmulticast mode [ 1517.065888][ T11] bridge_slave_0: left promiscuous mode [ 1517.092729][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1519.398301][T12719] EXT4-fs warning (device sda1): ext4_group_extend:1869: need to use ext2online to resize further [ 1519.845258][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1520.100673][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1520.327591][ T11] bond0 (unregistering): Released all slaves [ 1520.456620][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1520.499675][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1520.565289][ T11] bond0 (unregistering): Released all slaves [ 1520.598514][T12583] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1520.605597][T12583] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1520.709212][T12583] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1520.726745][T12724] Cannot find del_set index 0 as target [ 1520.744139][T12724] fuse: Unknown parameter 'use00000000000000000000' [ 1520.807730][T12724] bio_check_eod: 2 callbacks suppressed [ 1520.807759][T12724] syz.1.1250: attempt to access beyond end of device [ 1520.807759][T12724] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 1520.838021][T12724] syz.1.1250: attempt to access beyond end of device [ 1520.838021][T12724] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 1520.920028][T12724] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 1520.976483][T12724] syz.1.1250: attempt to access beyond end of device [ 1520.976483][T12724] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 1521.019467][T12724] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 1521.029149][T12724] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 1521.087520][T12724] UDF-fs: Scanning with blocksize 512 failed [ 1521.126547][T12724] syz.1.1250: attempt to access beyond end of device [ 1521.126547][T12724] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 1521.169283][T12724] syz.1.1250: attempt to access beyond end of device [ 1521.169283][T12724] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 1521.184806][T12724] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 1521.229634][T12724] syz.1.1250: attempt to access beyond end of device [ 1521.229634][T12724] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 1521.275648][T12724] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 1521.291702][T12724] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 1521.307685][T12724] UDF-fs: Scanning with blocksize 1024 failed [ 1521.315838][T12724] syz.1.1250: attempt to access beyond end of device [ 1521.315838][T12724] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 1521.383224][T12724] syz.1.1250: attempt to access beyond end of device [ 1521.383224][T12724] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 1521.474246][T12724] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 1521.505044][T12724] syz.1.1250: attempt to access beyond end of device [ 1521.505044][T12724] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 1521.535916][ T11] hsr_slave_0: left promiscuous mode [ 1521.585051][T12724] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 1521.602199][ T11] hsr_slave_1: left promiscuous mode [ 1521.609176][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1521.622814][T12724] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 1521.625579][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1521.645808][T12724] UDF-fs: Scanning with blocksize 2048 failed [ 1521.687119][T12724] syz.1.1250: attempt to access beyond end of device [ 1521.687119][T12724] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1521.700938][ T11] hsr_slave_0: left promiscuous mode [ 1521.707791][ T11] hsr_slave_1: left promiscuous mode [ 1521.715769][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1521.730247][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1521.739634][T12738] 9pnet_fd: Insufficient options for proto=fd [ 1521.749948][T12724] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 1521.762985][T12724] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 1521.805821][T12724] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 1521.847887][T12724] UDF-fs: Scanning with blocksize 4096 failed [ 1521.886558][T12724] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 1522.169545][T12734] Falling back ldisc for ptm0. [ 1522.452995][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1522.511016][T12740] KVM: debugfs: duplicate directory 12740-4 [ 1522.634024][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1524.309412][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1524.478504][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1525.103002][T12583] hsr_slave_0: entered promiscuous mode [ 1525.118245][T12583] hsr_slave_1: entered promiscuous mode [ 1525.147986][T12767] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1261'. [ 1525.165656][T12767] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1261'. [ 1525.389216][T12775] FAULT_INJECTION: forcing a failure. [ 1525.389216][T12775] name failslab, interval 1, probability 0, space 0, times 0 [ 1525.417869][T12775] CPU: 1 UID: 0 PID: 12775 Comm: syz.0.1262 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1525.428410][T12775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1525.438521][T12775] Call Trace: [ 1525.441865][T12775] [ 1525.444847][T12775] dump_stack_lvl+0x16c/0x1f0 [ 1525.449608][T12775] should_fail_ex+0x497/0x5b0 [ 1525.454373][T12775] ? fs_reclaim_acquire+0xae/0x160 [ 1525.455849][T12413] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1525.459598][T12775] should_failslab+0xc2/0x120 [ 1525.471131][T12775] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1525.477030][T12775] ? __alloc_skb+0x2b1/0x380 [ 1525.481709][T12775] __alloc_skb+0x2b1/0x380 [ 1525.486207][T12775] ? __pfx___alloc_skb+0x10/0x10 [ 1525.491228][T12775] ? __pfx_nf_tables_abort+0x10/0x10 [ 1525.496605][T12775] netlink_ack+0x164/0xb90 [ 1525.501097][T12775] ? kasan_save_track+0x14/0x30 [ 1525.506044][T12775] nfnetlink_rcv_batch+0x1626/0x24e0 [ 1525.511431][T12775] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 1525.517170][T12775] ? avc_has_perm_noaudit+0x119/0x3a0 [ 1525.522654][T12775] ? avc_has_perm_noaudit+0x143/0x3a0 [ 1525.528166][T12775] ? __nla_parse+0x40/0x60 [ 1525.532711][T12775] nfnetlink_rcv+0x3c3/0x430 [ 1525.537384][T12775] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1525.542600][T12775] netlink_unicast+0x53c/0x7f0 [ 1525.547421][T12775] ? __pfx_netlink_unicast+0x10/0x10 [ 1525.552802][T12775] netlink_sendmsg+0x8b8/0xd70 [ 1525.557616][T12775] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1525.562941][T12775] ? __import_iovec+0x1fd/0x6e0 [ 1525.567850][T12775] ____sys_sendmsg+0xaaf/0xc90 [ 1525.572656][T12775] ? copy_msghdr_from_user+0x10b/0x160 [ 1525.578177][T12775] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1525.583593][T12775] ? __pfx___lock_acquire+0x10/0x10 [ 1525.588843][T12775] ___sys_sendmsg+0x135/0x1e0 [ 1525.593571][T12775] ? __pfx____sys_sendmsg+0x10/0x10 [ 1525.598823][T12775] ? find_held_lock+0x2d/0x110 [ 1525.603632][T12775] ? ksys_write+0x21c/0x260 [ 1525.608185][T12775] ? __fget_light+0x173/0x210 [ 1525.612916][T12775] __sys_sendmsg+0x117/0x1f0 [ 1525.617648][T12775] ? __pfx___sys_sendmsg+0x10/0x10 [ 1525.622829][T12775] do_syscall_64+0xcd/0x250 [ 1525.627364][T12775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1525.633307][T12775] RIP: 0033:0x7fb525b7def9 [ 1525.637752][T12775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1525.657402][T12775] RSP: 002b:00007fb5268ab038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1525.666197][T12775] RAX: ffffffffffffffda RBX: 00007fb525d35f80 RCX: 00007fb525b7def9 [ 1525.674284][T12775] RDX: 0000000004000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 1525.682283][T12775] RBP: 00007fb5268ab090 R08: 0000000000000000 R09: 0000000000000000 [ 1525.690279][T12775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1525.698272][T12775] R13: 0000000000000000 R14: 00007fb525d35f80 R15: 00007ffe9d284a18 [ 1525.706292][T12775] [ 1525.926185][T12413] veth0_vlan: entered promiscuous mode [ 1526.132553][T12413] veth1_vlan: entered promiscuous mode [ 1526.207851][ T29] audit: type=1400 audit(1727178862.560:445): avc: denied { ioctl } for pid=12779 comm="syz.0.1264" path="socket:[65285]" dev="sockfs" ino=65285 ioctlcmd=0x89f1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 1526.349781][T12787] sctp: [Deprecated]: syz.1.1265 (pid 12787) Use of int in max_burst socket option. [ 1526.349781][T12787] Use struct sctp_assoc_value instead [ 1527.294528][T12477] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1528.386822][T12477] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1528.411578][T12477] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1528.810576][T12413] veth0_macvtap: entered promiscuous mode [ 1528.857433][T12413] veth1_macvtap: entered promiscuous mode [ 1528.999158][T12477] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1529.293786][T12413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1529.312260][T12413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1529.323718][T12413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1529.327639][ T1121] Bluetooth: (null): Invalid header checksum [ 1529.347419][T12413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1529.369172][T12413] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1529.379475][ T1121] Bluetooth: (null): Invalid header checksum [ 1529.432222][T11609] Bluetooth: (null): Invalid header checksum [ 1529.572974][ T12] Bluetooth: (null): Invalid header checksum [ 1529.642040][T12413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1529.668749][T12413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1529.680660][T11609] Bluetooth: (null): Invalid header checksum [ 1529.689970][T12413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1529.716300][T12413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1529.738129][T12413] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1529.796610][ T7071] Bluetooth: (null): Invalid header checksum [ 1529.848772][T12413] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1529.881506][T12413] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1529.890328][T12413] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1529.912037][T12413] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1530.841886][T12583] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1530.926566][T11609] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1530.927702][T12583] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1530.971979][T12583] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1530.991760][T11609] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1531.141201][T12583] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1531.474557][T11609] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1531.530978][T11609] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1531.555034][T12477] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1531.780690][T12477] 8021q: adding VLAN 0 to HW filter on device team0 [ 1531.953891][T11609] bridge0: port 1(bridge_slave_0) entered blocking state [ 1531.961218][T11609] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1532.040751][T11609] bridge0: port 2(bridge_slave_1) entered blocking state [ 1532.048086][T11609] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1532.160623][T12843] sctp: [Deprecated]: syz.0.1273 (pid 12843) Use of int in max_burst socket option. [ 1532.160623][T12843] Use struct sctp_assoc_value instead [ 1532.820539][T12851] 9pnet_fd: Insufficient options for proto=fd [ 1533.042356][T12849] vivid-004: kernel_thread() failed [ 1535.033346][T12583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1535.176652][ T29] audit: type=1400 audit(1727178870.858:446): avc: denied { setopt } for pid=12853 comm="syz.0.1274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 1535.357260][T12583] 8021q: adding VLAN 0 to HW filter on device team0 [ 1535.447942][T11609] bridge0: port 1(bridge_slave_0) entered blocking state [ 1535.455318][T11609] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1535.566150][T11609] bridge0: port 2(bridge_slave_1) entered blocking state [ 1535.573509][T11609] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1537.172633][T12477] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1538.406108][T12583] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1538.931714][T12583] veth0_vlan: entered promiscuous mode [ 1539.031219][T12583] veth1_vlan: entered promiscuous mode [ 1539.296993][T12907] sctp: [Deprecated]: syz.0.1282 (pid 12907) Use of int in max_burst socket option. [ 1539.296993][T12907] Use struct sctp_assoc_value instead [ 1539.336368][T12477] veth0_vlan: entered promiscuous mode [ 1539.387880][T12583] veth0_macvtap: entered promiscuous mode [ 1539.461187][T12583] veth1_macvtap: entered promiscuous mode [ 1539.512174][T12477] veth1_vlan: entered promiscuous mode [ 1539.782773][T12583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1539.805053][T12583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1539.834248][T12583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1539.874376][T12583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1539.908662][T12583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1539.941633][T12583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1539.978186][T12583] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1540.107337][T12477] veth0_macvtap: entered promiscuous mode [ 1540.199617][T12583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1540.211253][T12583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1540.221411][T12583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1540.254813][T12583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1540.304185][T12583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1540.336044][T12583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1540.374828][T12583] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1540.415096][T12477] veth1_macvtap: entered promiscuous mode [ 1540.459030][T12583] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1540.471481][T12583] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1540.482015][T12583] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1540.491191][T12583] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1540.590628][T12477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1540.605724][T12477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1540.623189][T12477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1540.637787][T12477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1540.652516][T12477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1540.668634][T12477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1540.681971][T12477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1540.700118][T12477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1540.728738][T12477] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1540.914919][T12477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1540.988147][T12477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1541.012467][T12477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1541.028864][T12477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1541.039252][T12477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1541.049856][T12477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1541.060025][T12477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1541.070636][T12477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1541.100278][T12477] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1541.179480][T12930] EXT4-fs warning (device sda1): ext4_group_extend:1869: need to use ext2online to resize further [ 1542.149765][T12477] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1542.160324][T12477] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1542.173694][T12477] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1542.185244][T12477] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1542.390031][T12933] Bluetooth: MGMT ver 1.23 [ 1542.397802][T12933] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 1542.877383][T12938] sctp: [Deprecated]: syz.1.1291 (pid 12938) Use of int in max_burst socket option. [ 1542.877383][T12938] Use struct sctp_assoc_value instead [ 1542.997975][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1543.085940][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1543.271601][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1543.290138][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1543.471507][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1543.546123][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1544.130332][T12949] 9pnet_fd: Insufficient options for proto=fd [ 1544.473817][T12947] vivid-002: kernel_thread() failed [ 1544.765073][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1544.809387][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1545.830060][T12962] FAULT_INJECTION: forcing a failure. [ 1545.830060][T12962] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1545.846022][T12962] CPU: 1 UID: 0 PID: 12962 Comm: syz.1.1295 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1545.856702][T12962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1545.866808][T12962] Call Trace: [ 1545.870135][T12962] [ 1545.873109][T12962] dump_stack_lvl+0x16c/0x1f0 [ 1545.877853][T12962] should_fail_ex+0x497/0x5b0 [ 1545.882611][T12962] _copy_from_iter+0x2a1/0x1550 [ 1545.887541][T12962] ? __pfx__copy_from_iter+0x10/0x10 [ 1545.892909][T12962] ? __virt_addr_valid+0x5e/0x590 [ 1545.898021][T12962] ? __phys_addr_symbol+0x30/0x80 [ 1545.903150][T12962] ? __check_object_size+0x497/0x720 [ 1545.908528][T12962] netlink_sendmsg+0x813/0xd70 [ 1545.913371][T12962] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1545.918726][T12962] ? __import_iovec+0x1fd/0x6e0 [ 1545.923679][T12962] ____sys_sendmsg+0xaaf/0xc90 [ 1545.928498][T12962] ? copy_msghdr_from_user+0x10b/0x160 [ 1545.934027][T12962] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1545.939401][T12962] ? __pfx___lock_acquire+0x10/0x10 [ 1545.944690][T12962] ___sys_sendmsg+0x135/0x1e0 [ 1545.949438][T12962] ? __pfx____sys_sendmsg+0x10/0x10 [ 1545.954704][T12962] ? find_held_lock+0x2d/0x110 [ 1545.959554][T12962] ? finish_task_switch.isra.0+0x217/0xcc0 [ 1545.965467][T12962] ? __fget_light+0x173/0x210 [ 1545.970212][T12962] __sys_sendmsg+0x117/0x1f0 [ 1545.974874][T12962] ? __pfx___sys_sendmsg+0x10/0x10 [ 1545.980088][T12962] do_syscall_64+0xcd/0x250 [ 1545.984648][T12962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1545.990609][T12962] RIP: 0033:0x7f286e17def9 [ 1545.995069][T12962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1546.014739][T12962] RSP: 002b:00007f286dbde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1546.023211][T12962] RAX: ffffffffffffffda RBX: 00007f286e336130 RCX: 00007f286e17def9 [ 1546.031234][T12962] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 000000000000000a [ 1546.039252][T12962] RBP: 00007f286dbde090 R08: 0000000000000000 R09: 0000000000000000 [ 1546.047269][T12962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1546.055283][T12962] R13: 0000000000000000 R14: 00007f286e336130 R15: 00007fffef58a3a8 [ 1546.063335][T12962] [ 1547.592193][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1547.673490][ T5232] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1547.688422][ T5232] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1547.700439][ T5232] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1547.709821][ T5232] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1547.720360][ T5232] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1547.734082][ T5232] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1548.068607][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1548.104214][T12978] sctp: [Deprecated]: syz.0.1301 (pid 12978) Use of int in max_burst socket option. [ 1548.104214][T12978] Use struct sctp_assoc_value instead [ 1548.605435][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1549.335586][T12990] [ 1549.337993][T12990] ===================================================== [ 1549.344976][T12990] WARNING: SOFTIRQ-READ-safe -> SOFTIRQ-READ-unsafe lock order detected [ 1549.353348][T12990] 6.11.0-syzkaller-02574-ga430d95c5efa #0 Not tainted [ 1549.360143][T12990] ----------------------------------------------------- [ 1549.367173][T12990] syz.1.1303/12990 [HC0[0]:SC0[8]:HE1:SE0] is trying to acquire: [ 1549.374918][T12990] ffff88807af389e0 (&pch->downl){+.+.}-{2:2}, at: ppp_ioctl+0x1955/0x2590 [ 1549.383503][T12990] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1549.383503][T12990] and this task is already holding: [ 1549.390889][T12990] ffff888033702e10 (&ppp->rlock){+...}-{2:2}, at: ppp_ioctl+0x1942/0x2590 [ 1549.399500][T12990] which would create a new lock dependency: [ 1549.405437][T12990] (&ppp->rlock){+...}-{2:2} -> (&pch->downl){+.+.}-{2:2} [ 1549.412690][T12990] [ 1549.412690][T12990] but this new dependency connects a SOFTIRQ-READ-irq-safe lock: [ 1549.422707][T12990] (&pch->upl){++.-}-{2:2} [ 1549.422763][T12990] [ 1549.422763][T12990] ... which became SOFTIRQ-READ-irq-safe at: [ 1549.435341][T12990] lock_acquire+0x1b1/0x560 [ 1549.439968][T12990] _raw_read_lock_bh+0x3f/0x70 [ 1549.444850][T12990] ppp_input_error+0x5f/0x210 [ 1549.449660][T12990] ppp_sync_process+0x82/0x160 [ 1549.454564][T12990] tasklet_action_common.constprop.0+0x24c/0x3e0 [ 1549.461002][T12990] handle_softirqs+0x216/0x8f0 [ 1549.465892][T12990] irq_exit_rcu+0xbb/0x120 [ 1549.470415][T12990] sysvec_apic_timer_interrupt+0x95/0xb0 [ 1549.476158][T12990] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1549.482249][T12990] preempt_schedule_irq+0x4c/0x90 [ 1549.487383][T12990] irqentry_exit+0x36/0x90 [ 1549.491902][T12990] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1549.497481][T12990] __tasklet_schedule_common+0x10d/0x190 [ 1549.503521][T12990] ppp_sync_receive+0x49a/0x700 [ 1549.508597][T12990] tty_ioctl+0x575/0x15d0 [ 1549.513051][T12990] __x64_sys_ioctl+0x18d/0x210 [ 1549.517911][T12990] do_syscall_64+0xcd/0x250 [ 1549.522514][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1549.528534][T12990] [ 1549.528534][T12990] to a SOFTIRQ-READ-irq-unsafe lock: [ 1549.536028][T12990] (&pch->downl){+.+.}-{2:2} [ 1549.536064][T12990] [ 1549.536064][T12990] ... which became SOFTIRQ-READ-irq-unsafe at: [ 1549.549065][T12990] ... [ 1549.549074][T12990] lock_acquire+0x1b1/0x560 [ 1549.556291][T12990] _raw_spin_lock+0x2e/0x40 [ 1549.560953][T12990] ppp_input+0x104/0xbb0 [ 1549.565307][T12990] pppoe_rcv_core+0x22c/0x320 [ 1549.570089][T12990] __release_sock+0x35f/0x400 [ 1549.574895][T12990] release_sock+0x5a/0x220 [ 1549.579451][T12990] pppoe_sendmsg+0x5e6/0x770 [ 1549.584166][T12990] ____sys_sendmsg+0xaaf/0xc90 [ 1549.589202][T12990] ___sys_sendmsg+0x135/0x1e0 [ 1549.593985][T12990] __sys_sendmmsg+0x1a1/0x450 [ 1549.598768][T12990] __x64_sys_sendmmsg+0x9c/0x100 [ 1549.603834][T12990] do_syscall_64+0xcd/0x250 [ 1549.608444][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1549.614557][T12990] [ 1549.614557][T12990] other info that might help us debug this: [ 1549.614557][T12990] [ 1549.624799][T12990] Chain exists of: [ 1549.624799][T12990] &pch->upl --> &ppp->rlock --> &pch->downl [ 1549.624799][T12990] [ 1549.636642][T12990] Possible interrupt unsafe locking scenario: [ 1549.636642][T12990] [ 1549.644973][T12990] CPU0 CPU1 [ 1549.650336][T12990] ---- ---- [ 1549.655699][T12990] lock(&pch->downl); [ 1549.659777][T12990] local_irq_disable(); [ 1549.666538][T12990] lock(&pch->upl); [ 1549.673080][T12990] lock(&ppp->rlock); [ 1549.679682][T12990] [ 1549.683314][T12990] lock(&pch->upl); [ 1549.687399][T12990] [ 1549.687399][T12990] *** DEADLOCK *** [ 1549.687399][T12990] [ 1549.695554][T12990] 5 locks held by syz.1.1303/12990: [ 1549.700761][T12990] #0: ffffffff8ef17588 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0xc3/0x2590 [ 1549.709434][T12990] #1: ffff8880667c8cc0 (&pn->all_ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0xa5c/0x2590 [ 1549.718984][T12990] #2: ffff88807af38a48 (&pch->upl){++.-}-{2:2}, at: ppp_ioctl+0xa8e/0x2590 [ 1549.727803][T12990] #3: ffff888033702e50 (&ppp->wlock){+...}-{2:2}, at: ppp_ioctl+0x192d/0x2590 [ 1549.736866][T12990] #4: ffff888033702e10 (&ppp->rlock){+...}-{2:2}, at: ppp_ioctl+0x1942/0x2590 [ 1549.745890][T12990] [ 1549.745890][T12990] the dependencies between SOFTIRQ-READ-irq-safe lock and the holding lock: [ 1549.756737][T12990] -> (&pch->upl){++.-}-{2:2} { [ 1549.761715][T12990] HARDIRQ-ON-W at: [ 1549.765879][T12990] lock_acquire+0x1b1/0x560 [ 1549.772406][T12990] _raw_write_lock_bh+0x33/0x40 [ 1549.779290][T12990] ppp_disconnect_channel+0x25/0x340 [ 1549.786603][T12990] ppp_unregister_channel+0xb2/0x380 [ 1549.793911][T12990] ppp_asynctty_close+0xe4/0x1b0 [ 1549.801066][T12990] tty_ldisc_close+0x111/0x1a0 [ 1549.807844][T12990] tty_ldisc_kill+0x8e/0x150 [ 1549.814465][T12990] tty_ldisc_release+0x116/0x2a0 [ 1549.821440][T12990] tty_release_struct+0x23/0xe0 [ 1549.828307][T12990] tty_release+0xe25/0x1410 [ 1549.834844][T12990] __fput+0x3f6/0xb60 [ 1549.840855][T12990] task_work_run+0x14e/0x250 [ 1549.847471][T12990] syscall_exit_to_user_mode+0x27b/0x2a0 [ 1549.855131][T12990] do_syscall_64+0xda/0x250 [ 1549.861647][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1549.869568][T12990] HARDIRQ-ON-R at: [ 1549.873743][T12990] lock_acquire+0x1b1/0x560 [ 1549.880267][T12990] _raw_read_lock_bh+0x3f/0x70 [ 1549.887150][T12990] ppp_input_error+0x5f/0x210 [ 1549.894229][T12990] ppp_sync_process+0x82/0x160 [ 1549.901028][T12990] tasklet_action_common.constprop.0+0x24c/0x3e0 [ 1549.909378][T12990] handle_softirqs+0x216/0x8f0 [ 1549.916160][T12990] irq_exit_rcu+0xbb/0x120 [ 1549.922593][T12990] sysvec_apic_timer_interrupt+0x95/0xb0 [ 1549.930274][T12990] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1549.938308][T12990] preempt_schedule_irq+0x4c/0x90 [ 1549.945381][T12990] irqentry_exit+0x36/0x90 [ 1549.951817][T12990] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1549.959310][T12990] __tasklet_schedule_common+0x10d/0x190 [ 1549.966984][T12990] ppp_sync_receive+0x49a/0x700 [ 1549.973849][T12990] tty_ioctl+0x575/0x15d0 [ 1549.980214][T12990] __x64_sys_ioctl+0x18d/0x210 [ 1549.986986][T12990] do_syscall_64+0xcd/0x250 [ 1549.993502][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.001422][T12990] IN-SOFTIRQ-R at: [ 1550.005581][T12990] lock_acquire+0x1b1/0x560 [ 1550.012105][T12990] _raw_read_lock_bh+0x3f/0x70 [ 1550.018893][T12990] ppp_input_error+0x5f/0x210 [ 1550.025590][T12990] ppp_sync_process+0x82/0x160 [ 1550.032363][T12990] tasklet_action_common.constprop.0+0x24c/0x3e0 [ 1550.040705][T12990] handle_softirqs+0x216/0x8f0 [ 1550.047485][T12990] irq_exit_rcu+0xbb/0x120 [ 1550.053920][T12990] sysvec_apic_timer_interrupt+0x95/0xb0 [ 1550.061621][T12990] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1550.069664][T12990] preempt_schedule_irq+0x4c/0x90 [ 1550.076722][T12990] irqentry_exit+0x36/0x90 [ 1550.083143][T12990] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1550.090625][T12990] __tasklet_schedule_common+0x10d/0x190 [ 1550.098290][T12990] ppp_sync_receive+0x49a/0x700 [ 1550.105176][T12990] tty_ioctl+0x575/0x15d0 [ 1550.111534][T12990] __x64_sys_ioctl+0x18d/0x210 [ 1550.118317][T12990] do_syscall_64+0xcd/0x250 [ 1550.124836][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.132755][T12990] INITIAL USE at: [ 1550.136845][T12990] lock_acquire+0x1b1/0x560 [ 1550.143287][T12990] _raw_write_lock_bh+0x33/0x40 [ 1550.150074][T12990] ppp_disconnect_channel+0x25/0x340 [ 1550.157293][T12990] ppp_unregister_channel+0xb2/0x380 [ 1550.164514][T12990] ppp_asynctty_close+0xe4/0x1b0 [ 1550.171513][T12990] tty_ldisc_close+0x111/0x1a0 [ 1550.178211][T12990] tty_ldisc_kill+0x8e/0x150 [ 1550.184742][T12990] tty_ldisc_release+0x116/0x2a0 [ 1550.191699][T12990] tty_release_struct+0x23/0xe0 [ 1550.198476][T12990] tty_release+0xe25/0x1410 [ 1550.204911][T12990] __fput+0x3f6/0xb60 [ 1550.210830][T12990] task_work_run+0x14e/0x250 [ 1550.217382][T12990] syscall_exit_to_user_mode+0x27b/0x2a0 [ 1550.225059][T12990] do_syscall_64+0xda/0x250 [ 1550.231484][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.239318][T12990] INITIAL READ USE at: [ 1550.243829][T12990] lock_acquire+0x1b1/0x560 [ 1550.250712][T12990] _raw_read_lock_bh+0x3f/0x70 [ 1550.257866][T12990] ppp_input_error+0x5f/0x210 [ 1550.264931][T12990] ppp_sync_process+0x82/0x160 [ 1550.272054][T12990] tasklet_action_common.constprop.0+0x24c/0x3e0 [ 1550.280754][T12990] handle_softirqs+0x216/0x8f0 [ 1550.287910][T12990] irq_exit_rcu+0xbb/0x120 [ 1550.294700][T12990] sysvec_apic_timer_interrupt+0x95/0xb0 [ 1550.302747][T12990] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1550.311366][T12990] preempt_schedule_irq+0x4c/0x90 [ 1550.319197][T12990] irqentry_exit+0x36/0x90 [ 1550.325986][T12990] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1550.333843][T12990] __tasklet_schedule_common+0x10d/0x190 [ 1550.341871][T12990] ppp_sync_receive+0x49a/0x700 [ 1550.349100][T12990] tty_ioctl+0x575/0x15d0 [ 1550.355799][T12990] __x64_sys_ioctl+0x18d/0x210 [ 1550.362945][T12990] do_syscall_64+0xcd/0x250 [ 1550.369821][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.378113][T12990] } [ 1550.380788][T12990] ... key at: [] __key.10+0x0/0x40 [ 1550.388178][T12990] -> (&ppp->wlock){+...}-{2:2} { [ 1550.393344][T12990] HARDIRQ-ON-W at: [ 1550.397421][T12990] lock_acquire+0x1b1/0x560 [ 1550.403780][T12990] _raw_spin_lock_bh+0x33/0x40 [ 1550.410396][T12990] ppp_get_stats64+0xcf/0x3a0 [ 1550.416914][T12990] dev_get_stats+0xae/0x9e0 [ 1550.423281][T12990] rtnl_fill_stats+0x48/0xa90 [ 1550.429844][T12990] rtnl_fill_ifinfo.constprop.0+0x1622/0x4b50 [ 1550.437777][T12990] rtmsg_ifinfo_build_skb+0x151/0x280 [ 1550.445020][T12990] rtmsg_ifinfo+0x9f/0x1a0 [ 1550.451282][T12990] register_netdevice+0x18b5/0x1e90 [ 1550.458346][T12990] ppp_dev_configure+0x9aa/0xc90 [ 1550.465131][T12990] ppp_ioctl+0x17eb/0x2590 [ 1550.471395][T12990] __x64_sys_ioctl+0x18d/0x210 [ 1550.477993][T12990] do_syscall_64+0xcd/0x250 [ 1550.484334][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.492603][T12990] INITIAL USE at: [ 1550.496595][T12990] lock_acquire+0x1b1/0x560 [ 1550.502879][T12990] _raw_spin_lock_bh+0x33/0x40 [ 1550.509444][T12990] ppp_get_stats64+0xcf/0x3a0 [ 1550.515970][T12990] dev_get_stats+0xae/0x9e0 [ 1550.522251][T12990] rtnl_fill_stats+0x48/0xa90 [ 1550.528686][T12990] rtnl_fill_ifinfo.constprop.0+0x1622/0x4b50 [ 1550.536534][T12990] rtmsg_ifinfo_build_skb+0x151/0x280 [ 1550.543669][T12990] rtmsg_ifinfo+0x9f/0x1a0 [ 1550.549845][T12990] register_netdevice+0x18b5/0x1e90 [ 1550.557068][T12990] ppp_dev_configure+0x9aa/0xc90 [ 1550.563769][T12990] ppp_ioctl+0x17eb/0x2590 [ 1550.569978][T12990] __x64_sys_ioctl+0x18d/0x210 [ 1550.577272][T12990] do_syscall_64+0xcd/0x250 [ 1550.583526][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.591733][T12990] } [ 1550.594319][T12990] ... key at: [] __key.0+0x0/0x40 [ 1550.601554][T12990] ... acquired at: [ 1550.605445][T12990] _raw_spin_lock_bh+0x33/0x40 [ 1550.610432][T12990] ppp_ioctl+0x192d/0x2590 [ 1550.615094][T12990] __x64_sys_ioctl+0x18d/0x210 [ 1550.620067][T12990] do_syscall_64+0xcd/0x250 [ 1550.624764][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.630882][T12990] [ 1550.633217][T12990] -> (&ppp->rlock){+...}-{2:2} { [ 1550.638187][T12990] HARDIRQ-ON-W at: [ 1550.642227][T12990] lock_acquire+0x1b1/0x560 [ 1550.648525][T12990] _raw_spin_lock_bh+0x33/0x40 [ 1550.654984][T12990] ppp_get_stats64+0x24/0x3a0 [ 1550.661343][T12990] dev_get_stats+0xae/0x9e0 [ 1550.667531][T12990] rtnl_fill_stats+0x48/0xa90 [ 1550.673873][T12990] rtnl_fill_ifinfo.constprop.0+0x1622/0x4b50 [ 1550.681626][T12990] rtmsg_ifinfo_build_skb+0x151/0x280 [ 1550.688670][T12990] rtmsg_ifinfo+0x9f/0x1a0 [ 1550.694883][T12990] register_netdevice+0x18b5/0x1e90 [ 1550.702038][T12990] ppp_dev_configure+0x9aa/0xc90 [ 1550.708652][T12990] ppp_ioctl+0x17eb/0x2590 [ 1550.714752][T12990] __x64_sys_ioctl+0x18d/0x210 [ 1550.721188][T12990] do_syscall_64+0xcd/0x250 [ 1550.727447][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.735109][T12990] INITIAL USE at: [ 1550.739039][T12990] lock_acquire+0x1b1/0x560 [ 1550.745132][T12990] _raw_spin_lock_bh+0x33/0x40 [ 1550.751495][T12990] ppp_get_stats64+0x24/0x3a0 [ 1550.757780][T12990] dev_get_stats+0xae/0x9e0 [ 1550.763983][T12990] rtnl_fill_stats+0x48/0xa90 [ 1550.770262][T12990] rtnl_fill_ifinfo.constprop.0+0x1622/0x4b50 [ 1550.778101][T12990] rtmsg_ifinfo_build_skb+0x151/0x280 [ 1550.785091][T12990] rtmsg_ifinfo+0x9f/0x1a0 [ 1550.791100][T12990] register_netdevice+0x18b5/0x1e90 [ 1550.797894][T12990] ppp_dev_configure+0x9aa/0xc90 [ 1550.804470][T12990] ppp_ioctl+0x17eb/0x2590 [ 1550.810580][T12990] __x64_sys_ioctl+0x18d/0x210 [ 1550.816984][T12990] do_syscall_64+0xcd/0x250 [ 1550.823098][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.830648][T12990] } [ 1550.833168][T12990] ... key at: [] __key.1+0x0/0x40 [ 1550.840326][T12990] ... acquired at: [ 1550.844139][T12990] _raw_spin_lock_bh+0x33/0x40 [ 1550.849123][T12990] ppp_ioctl+0x274/0x2590 [ 1550.853653][T12990] __x64_sys_ioctl+0x18d/0x210 [ 1550.858706][T12990] do_syscall_64+0xcd/0x250 [ 1550.863427][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.869521][T12990] [ 1550.871844][T12990] [ 1550.871844][T12990] the dependencies between the lock to be acquired [ 1550.871856][T12990] and SOFTIRQ-READ-irq-unsafe lock: [ 1550.885918][T12990] -> (&pch->downl){+.+.}-{2:2} { [ 1550.890891][T12990] HARDIRQ-ON-W at: [ 1550.894877][T12990] lock_acquire+0x1b1/0x560 [ 1550.901070][T12990] _raw_spin_lock_bh+0x33/0x40 [ 1550.907764][T12990] ppp_unregister_channel+0x6d/0x380 [ 1550.914916][T12990] ppp_asynctty_close+0xe4/0x1b0 [ 1550.921592][T12990] tty_ldisc_close+0x111/0x1a0 [ 1550.928052][T12990] tty_ldisc_kill+0x8e/0x150 [ 1550.934314][T12990] tty_ldisc_release+0x116/0x2a0 [ 1550.940951][T12990] tty_release_struct+0x23/0xe0 [ 1550.947495][T12990] tty_release+0xe25/0x1410 [ 1550.953803][T12990] __fput+0x3f6/0xb60 [ 1550.959475][T12990] task_work_run+0x14e/0x250 [ 1550.965748][T12990] syscall_exit_to_user_mode+0x27b/0x2a0 [ 1550.973086][T12990] do_syscall_64+0xda/0x250 [ 1550.979253][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.986827][T12990] SOFTIRQ-ON-W at: [ 1550.990923][T12990] lock_acquire+0x1b1/0x560 [ 1550.997217][T12990] _raw_spin_lock+0x2e/0x40 [ 1551.003593][T12990] ppp_input+0x104/0xbb0 [ 1551.009614][T12990] pppoe_rcv_core+0x22c/0x320 [ 1551.015966][T12990] __release_sock+0x35f/0x400 [ 1551.022322][T12990] release_sock+0x5a/0x220 [ 1551.028434][T12990] pppoe_sendmsg+0x5e6/0x770 [ 1551.034694][T12990] ____sys_sendmsg+0xaaf/0xc90 [ 1551.041119][T12990] ___sys_sendmsg+0x135/0x1e0 [ 1551.047574][T12990] __sys_sendmmsg+0x1a1/0x450 [ 1551.053932][T12990] __x64_sys_sendmmsg+0x9c/0x100 [ 1551.060553][T12990] do_syscall_64+0xcd/0x250 [ 1551.066742][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1551.074327][T12990] INITIAL USE at: [ 1551.078233][T12990] lock_acquire+0x1b1/0x560 [ 1551.084330][T12990] _raw_spin_lock_bh+0x33/0x40 [ 1551.090678][T12990] ppp_unregister_channel+0x6d/0x380 [ 1551.097566][T12990] ppp_asynctty_close+0xe4/0x1b0 [ 1551.104088][T12990] tty_ldisc_close+0x111/0x1a0 [ 1551.110458][T12990] tty_ldisc_kill+0x8e/0x150 [ 1551.116627][T12990] tty_ldisc_release+0x116/0x2a0 [ 1551.123158][T12990] tty_release_struct+0x23/0xe0 [ 1551.129600][T12990] tty_release+0xe25/0x1410 [ 1551.135706][T12990] __fput+0x3f6/0xb60 [ 1551.141272][T12990] task_work_run+0x14e/0x250 [ 1551.147481][T12990] syscall_exit_to_user_mode+0x27b/0x2a0 [ 1551.154722][T12990] do_syscall_64+0xda/0x250 [ 1551.160801][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1551.168293][T12990] } [ 1551.170812][T12990] ... key at: [] __key.11+0x0/0x40 [ 1551.178032][T12990] ... acquired at: [ 1551.181851][T12990] lock_acquire+0x1b1/0x560 [ 1551.186582][T12990] _raw_spin_lock_bh+0x33/0x40 [ 1551.191545][T12990] ppp_ioctl+0x1955/0x2590 [ 1551.196159][T12990] __x64_sys_ioctl+0x18d/0x210 [ 1551.201127][T12990] do_syscall_64+0xcd/0x250 [ 1551.205818][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1551.211909][T12990] [ 1551.214233][T12990] [ 1551.214233][T12990] stack backtrace: [ 1551.220122][T12990] CPU: 1 UID: 0 PID: 12990 Comm: syz.1.1303 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1551.230556][T12990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1551.240625][T12990] Call Trace: [ 1551.243908][T12990] [ 1551.246934][T12990] dump_stack_lvl+0x116/0x1f0 [ 1551.251653][T12990] check_irq_usage+0xe3c/0x1490 [ 1551.256545][T12990] ? __pfx_check_irq_usage+0x10/0x10 [ 1551.261879][T12990] ? hlock_conflict+0x58/0x200 [ 1551.266664][T12990] ? __bfs+0x2fa/0x670 [ 1551.270834][T12990] ? __pfx_hlock_conflict+0x10/0x10 [ 1551.276065][T12990] ? lockdep_lock+0xc6/0x200 [ 1551.280695][T12990] ? __pfx_lockdep_lock+0x10/0x10 [ 1551.285793][T12990] ? __lock_acquire+0x2503/0x3cb0 [ 1551.290846][T12990] __lock_acquire+0x2503/0x3cb0 [ 1551.295735][T12990] ? __pfx___lock_acquire+0x10/0x10 [ 1551.300990][T12990] ? rcu_is_watching+0x12/0xc0 [ 1551.305788][T12990] ? trace_contention_end+0xea/0x140 [ 1551.311104][T12990] lock_acquire+0x1b1/0x560 [ 1551.315696][T12990] ? ppp_ioctl+0x1955/0x2590 [ 1551.320345][T12990] ? __pfx_lock_acquire+0x10/0x10 [ 1551.325399][T12990] ? __pfx_lock_release+0x10/0x10 [ 1551.330545][T12990] ? do_raw_spin_lock+0x12d/0x2c0 [ 1551.335583][T12990] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1551.340969][T12990] ? __radix_tree_lookup+0x21f/0x2c0 [ 1551.346274][T12990] _raw_spin_lock_bh+0x33/0x40 [ 1551.351081][T12990] ? ppp_ioctl+0x1955/0x2590 [ 1551.355695][T12990] ppp_ioctl+0x1955/0x2590 [ 1551.360143][T12990] ? __pfx_ppp_ioctl+0x10/0x10 [ 1551.365020][T12990] ? selinux_file_ioctl+0x180/0x270 [ 1551.370247][T12990] ? selinux_file_ioctl+0xb4/0x270 [ 1551.375737][T12990] ? __pfx_ppp_ioctl+0x10/0x10 [ 1551.380534][T12990] __x64_sys_ioctl+0x18d/0x210 [ 1551.385325][T12990] do_syscall_64+0xcd/0x250 [ 1551.389860][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1551.395895][T12990] RIP: 0033:0x7f286e17def9 [ 1551.400338][T12990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1551.420009][T12990] RSP: 002b:00007f286dbde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1551.428444][T12990] RAX: ffffffffffffffda RBX: 00007f286e336130 RCX: 00007f286e17def9 [ 1551.436438][T12990] RDX: 0000000020000280 RSI: 000000004004743a RDI: 0000000000000005 [ 1551.444427][T12990] RBP: 00007f286e1f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 1551.452438][T12990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1551.460518][T12990] R13: 0000000000000001 R14: 00007f286e336130 R15: 00007fffef58a3a8 [ 1551.468531][T12990] [ 1551.520235][ T5232] Bluetooth: hci0: command tx timeout [ 1551.608156][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1552.937061][ T11] bridge_slave_1: left allmulticast mode [ 1552.942800][ T11] bridge_slave_1: left promiscuous mode [ 1552.968084][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1552.979310][ T11] bridge_slave_0: left allmulticast mode [ 1552.989127][ T11] bridge_slave_0: left promiscuous mode [ 1552.996989][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1553.260131][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1553.272905][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1553.290036][ T11] bond0 (unregistering): Released all slaves [ 1553.696965][ T5232] Bluetooth: hci0: command tx timeout [ 1553.785873][ T11] hsr_slave_0: left promiscuous mode [ 1553.803593][ T11] hsr_slave_1: left promiscuous mode [ 1553.826332][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1553.847798][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1553.856191][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1553.879338][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1553.896591][ T11] veth1_macvtap: left promiscuous mode [ 1553.911842][ T11] veth0_macvtap: left promiscuous mode [ 1553.917930][ T11] veth1_vlan: left promiscuous mode [ 1553.933588][ T11] veth0_vlan: left promiscuous mode [ 1554.524438][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1554.566759][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1555.320987][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1555.409915][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1555.489999][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1555.543282][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1555.779846][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1555.846439][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1555.915636][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1555.984707][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.208489][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.268787][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.345028][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.442707][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.651168][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.739006][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.803613][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.876566][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1557.066082][ T11] bridge_slave_1: left allmulticast mode [ 1557.071799][ T11] bridge_slave_1: left promiscuous mode [ 1557.081521][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1557.092552][ T11] bridge_slave_0: left allmulticast mode [ 1557.100684][ T11] bridge_slave_0: left promiscuous mode [ 1557.106593][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1557.122545][ T11] bridge_slave_1: left allmulticast mode [ 1557.128278][ T11] bridge_slave_1: left promiscuous mode [ 1557.137347][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1557.153415][ T11] bridge_slave_0: left allmulticast mode [ 1557.160894][ T11] bridge_slave_0: left promiscuous mode [ 1557.177420][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1557.190843][ T11] bridge_slave_1: left allmulticast mode [ 1557.198626][ T11] bridge_slave_1: left promiscuous mode [ 1557.204506][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1557.218756][ T11] bridge_slave_0: left allmulticast mode [ 1557.224474][ T11] bridge_slave_0: left promiscuous mode [ 1557.233221][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1557.247665][ T11] bridge_slave_1: left allmulticast mode [ 1557.255646][ T11] bridge_slave_1: left promiscuous mode [ 1557.265322][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1557.279162][ T11] bridge_slave_0: left allmulticast mode [ 1557.287126][ T11] bridge_slave_0: left promiscuous mode [ 1557.296311][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1558.158638][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1558.170329][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1558.181047][ T11] bond0 (unregistering): Released all slaves [ 1558.199760][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1558.211632][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1558.232012][ T11] bond0 (unregistering): Released all slaves [ 1558.251805][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1558.264169][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1558.277614][ T11] bond0 (unregistering): Released all slaves [ 1558.309197][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1558.325941][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1558.338917][ T11] bond0 (unregistering): Released all slaves [ 1558.370934][ T29] audit: type=1400 audit(1727178892.271:447): avc: denied { sys_chroot } for pid=13068 comm="dhcpcd" capability=18 scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1 [ 1558.395416][ T29] audit: type=1400 audit(1727178892.271:448): avc: denied { setgid } for pid=13068 comm="dhcpcd" capability=6 scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1