last executing test programs: 33.832177933s ago: executing program 0: syz_emit_ethernet(0x7e, &(0x7f0000000140)={@local, @random="00006d9000", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @private, @rand_addr, {[@lsrr={0x83, 0xf, 0x0, [@initdev={0xac, 0x1e, 0x0, 0x0}, @local, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ra={0x94, 0x4}, @lsrr={0x83, 0x1b, 0x0, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @private, @remote, @remote, @loopback]}, @ssrr={0x89, 0xf, 0x0, [@broadcast, @loopback, @broadcast]}]}}}}}}}, 0x0) 32.292562749s ago: executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = inotify_init1(0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r3 = dup3(r1, r2, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000140)={0x100000, 0x0, 0x0, {r3}}, 0x20) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bind$xdp(0xffffffffffffffff, &(0x7f0000000100), 0x10) socket$netlink(0x10, 0x3, 0x400000000000004) r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r5, &(0x7f0000000100)=ANY=[@ANYBLOB='VOLUME\nSYNTH \'Synth Capture\' 004'], 0x32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r6, r5, 0x0) close(r4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @dev={0xfe, 0x80, '\x00', 0x3d}}}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002800000028000000020000000100000000000001e5ff0000200700000000000001000084060000000000000001"], 0x0, 0x42}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r3) sendmsg$DEVLINK_CMD_SB_POOL_SET(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xc0200}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)={0xd0, r7, 0x2, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x40000000}, {0x6, 0x11, 0x400}, {0x8, 0x13, 0x9}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}, {0x6}, {0x8, 0x13, 0x1}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x2d}, {0x8, 0x13, 0x9}, {0x5}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4081}, 0x81) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd6372ce22fdb911"], 0xfdef) 14.563314295s ago: executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000040)='./file1\x00', 0x2808000, &(0x7f0000000240)={[{@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@shortname_winnt}, {@shortname_win95}, {@uni_xlateno}, {@shortname_mixed}, {@fat=@codepage={'codepage', 0x3d, '865'}}, {@fat=@check_normal}, {@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'iso8859-15'}}, {@shortname_mixed}, {@shortname_lower}, {@utf8no}, {@uni_xlate}]}, 0x1, 0x297, &(0x7f00000007c0)="$eJzs3U9rI2UYAPBn0iRNVUgOnkRwQA+ewnY/wQapsJiTkoNedHG7IElYaCDgH4w9eRc8+R38Jl78Bh48Ct7cgziSzEySttNtg2kq4fe75Mk77/P+y1sKhT757M3x8OnzybPzb36LViuJ2qN4FC+S6EQtSt8FALBPXmRZ/Jnlbupbj2ZEZO3iXW0HywMA7sAmv/8BgP3w0ceffNDr908+TNNWxPj76SCJ/DV/3nsWX8QoTuNBtOPviGwpj1973D+JepqWfwyYHsUgYvzpL8X73h8Ri/zjaEfnav77j/snx2ku3hnPpoP5zPPXRrySRPSyJB/oYbTj9YisEcUgq/yHFfkxaMa7b/9UrP+f0+hGO379PJ7HKJ4uhljlf3ucpu9lP/71db6DQUQymw4OF/1WsoOdfSgAAAAAAAAAAAAAAAAAAAAAAOy9brrUWa+fU1YD7Harn19bH6io8DNbq6/zIE3TsozPdNCIPL8eb9ST+9s4AAAAAAAAAAAAAAAAAAAA/I9Mvvxq+GQ0Oj3Lg6OiOVu23Dqor7XUi2E2SL8QDH+O2DzrNkEcLBZ2nlcpyC70KasRbGOuw006H1VNGrXrzrA+imRxPj9svrC3trXBlwbl7Ro+SeKGzq3qS7J2M8s7eTZJqi9tZZBVHN3BtVnNLe29+eqVR/FfBpzvuLE8zIt9WvNPcq2lseWflEvU6gAAAAAAAAAAAAAAAAAAgLu2+qff+P3Kw/N7WRIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7Nzq+/+XQXQut1wOZkXyy/qUweHZpGLazo63CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ77NwAA//+FHl9c") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchmod(r1, 0x170) socket$inet6_sctp(0xa, 0x0, 0x84) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f0000004400)=ANY=[@ANYBLOB="290000000300000000000000000000000100000000367b733d51"], 0x29) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) openat$ttynull(0xffffffffffffff9c, &(0x7f0000002c00), 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_GET_DAEMON(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)={0x14, r3, 0x30d, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) 13.466067586s ago: executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x1, 0x1, 0x1}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x7, 0x8, 0xc}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000080021850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0xd) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000025c0)={{r3}, &(0x7f0000002540), &(0x7f0000002580)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r3}, &(0x7f00000005c0), &(0x7f0000000600)}, 0x20) listen(r2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, 0x0, 0x0}, 0x90) syz_emit_ethernet(0x4e, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0000ce", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@sack_perm={0x2, 0x4}]}}}}}}}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_TARGET={0x8}, @TCA_CODEL_ECN={0x8}]}}]}, 0x44}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000001c0)={'ip_vti0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x40, 0x8, 0x6, 0x7, {{0x41, 0x4, 0x2, 0xb, 0x104, 0x65, 0x0, 0x3f, 0x2f, 0x0, @empty, @loopback, {[@cipso={0x86, 0x4b, 0x1, [{0x6, 0x6, "6ee363b3"}, {0x0, 0x6, "9657562f"}, {0x5, 0x8, "c5418e64d0cb"}, {0x2, 0x7, "2eef64bd88"}, {0x7, 0x10, "fad40c6d03902104ec3ddfa1f5c7"}, {0x0, 0x2}, {0x1, 0x4, "df8a"}, {0x7, 0x6, "41de27a3"}, {0x1, 0x7, "7224274bcd"}, {0x1, 0x7, "84c3c4ceec"}]}, @ssrr={0x89, 0x13, 0xf8, [@empty, @remote, @loopback, @remote]}, @ssrr={0x89, 0x1b, 0x88, [@multicast1, @empty, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x18}, @private=0xa010101]}, @cipso={0x86, 0x4f, 0x3, [{0x7, 0x10, "3bbfe3744c49378d771e20686d7e"}, {0x0, 0xe, "fcadd81a546deda85c2952e3"}, {0x1, 0xd, "400cc098c68c3b18062685"}, {0x6, 0xd, "523ae2e4ede80e387d8cc0"}, {0x28c990d6b7672da, 0x8, "bc48feb63367"}, {0x0, 0x9, "223c97b1f4ed37"}]}, @timestamp={0x44, 0x24, 0x6f, 0x0, 0x3, [0x0, 0x1, 0xfffeffff, 0xffff, 0x3, 0x1000, 0x81, 0x8001]}, @noop]}}}}}) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vxcan0\x00'}) getpeername$packet(r1, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000400)=0x14) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r0, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0], 0x0, 0x43, &(0x7f0000000500)=[{}, {}], 0x10, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0xf6, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$RTC_UIE_ON(r6, 0x7003) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000005c0)='GPL\x00'}, 0x90) ioctl$RTC_SET_TIME(r6, 0x4024700a, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x14, 0x0, 0xf6}) 12.881460144s ago: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@ipv4_newnexthop={0x1c, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e00000000000000001801"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$nl_route(r0, &(0x7f0000000840)={0x0, 0x60ff, &(0x7f0000000800)={&(0x7f00000007c0)=@delnexthop={0x20, 0x69, 0x1, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000d40)={0x24, 0x0, 0x0, &(0x7f0000000cc0)={0x0, 0x22, 0xf, {[@local=@item_012={0x2, 0x2, 0x6, "f5d8"}, @main=@item_012={0x1, 0x0, 0x0, 'Q'}, @local=@item_4={0x3, 0x2, 0x2, "6453c9a6"}, @global=@item_4={0x3, 0x1, 0x0, "3b600224"}]}}, 0x0}, 0x0) 11.258026344s ago: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x24}, {0x6}]}) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x4000010) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x408000, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETSNDBUF(r2, 0x400454d4, &(0x7f0000000100)=0x3) write$cgroup_devices(r1, &(0x7f00000012c0)=ANY=[], 0xffdd) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) unshare(0x26020480) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x3}, 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10) sendto$inet6(r4, &(0x7f0000000140)="b00cb62659905b29c9ebb411769f155864ae", 0x12, 0x8040, &(0x7f000005ffe4)={0xa, 0x4e23, 0x9, @dev={0xfe, 0x80, '\x00', 0x2f}}, 0x1c) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_IIF={0x8}}]}, 0x30}}, 0x0) r5 = socket(0x10, 0x0, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r5, 0x0, &(0x7f0000000040)) syz_emit_ethernet(0x0, 0x0, &(0x7f0000000080)={0x1, 0x1, [0x8d1, 0x311, 0x48e, 0xd24]}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006970365a6e6c0000140002800500090004000000080001", @ANYRES32, @ANYBLOB="080004007fff0000"], 0x4c}}, 0x0) 8.860167691s ago: executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@ipv4_newnexthop={0x1c, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e00000000000000001801"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$nl_route(r0, &(0x7f0000000840)={0x0, 0x60ff, &(0x7f0000000800)={&(0x7f00000007c0)=@delnexthop={0x20, 0x69, 0x1, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000d40)={0x24, 0x0, 0x0, &(0x7f0000000cc0)={0x0, 0x22, 0xf, {[@local=@item_012={0x2, 0x2, 0x6, "f5d8"}, @main=@item_012={0x1, 0x0, 0x0, 'Q'}, @local=@item_4={0x3, 0x2, 0x2, "6453c9a6"}, @global=@item_4={0x3, 0x1, 0x0, "3b600224"}]}}, 0x0}, 0x0) 6.474475306s ago: executing program 4: r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000400)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x17) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x1}, 0x1c}}, 0x0) 5.551388648s ago: executing program 4: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="2c0100003d000b00e53b71a1000000000200000004000000110101"], 0x12c}}, 0x0) 5.474690783s ago: executing program 4: r0 = socket$kcm(0x2, 0x3, 0x84) socket$inet_smc(0x2b, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000000a00)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000280)="ef831dc56dc3a0a4cc9fdc66", 0xc}], 0x1}, 0x0) 5.263244455s ago: executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x18}}, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000480)={0x2020}, 0x2020) lseek(r1, 0xfffffffffffffff5, 0x1) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)={0x24, 0x11, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x4}, @nested={0x8, 0x0, 0x0, 0x1, [@typed={0x4, 0x3}]}]}, 0x24}], 0x1}, 0x0) open(&(0x7f0000000000)='.\x00', 0x0, 0x0) socket$inet6(0xa, 0x80002, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x7fff7ffc}]}) listxattr(0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b7000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) getpid() fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@bloom_filter={0x1e, 0x0, 0x100008, 0x253}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001980)={r5, 0x0, &(0x7f00000018c0)=""/188}, 0x20) 5.24495334s ago: executing program 2: ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)={[{@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@codepage={'codepage', 0x3d, 'macturkish'}}, {@gid}, {}, {@file_umask={'file_umask', 0x3d, 0x108}}, {}, {@part={'part', 0x3d, 0x4}}, {@uid={'uid', 0x3d, 0xee00}}]}, 0x5, 0x2d1, &(0x7f0000000600)="$eJzs3T9v00AYx/HfOUmb/lExbRESC6hQCZaKAgNiCUJZ2ZkQ0KRSRVREWyRgoSBGxAtg5y3wIlhAvAGYmHgB3YzufHGdxnEaaOKm/X6kRM757vyczo7vsdRGAE6te/Wfn2/+ti8jlVSSdEcKJFWlsqRzOl99sbmzsdNqNvI6KrkW9mUUtzRdddY2m1lNbTvXwgvtp7Jm02UYjiiK7v4qOggUzl39GQJp0l+Hbn91xHENy650segYRi09wWZPe3qpuQLDAQAcA/7+H/jbxKwrMgoCadnf9k/U/X+v6ACO1q1WV1GU2yB1/3eru8jY+T3jdu3ney6Fs/uDdpZ4mGAqBz5PKD6zOhaYpl9W6WIJptY3ylpZe6tGoHeqealqi+69EZ+6bX2iXcrITXP07q2i+9PxaNyK8qB2SOsbreak3ciIf2GwI/4/89V8Nw9NqE9qJOu/cmTsNLmZCg/MVFCx8V/v3eOMa2Vryaf9tVot6Khy1h3kgj+C12eU1eyMJN1n+wHBbhJBXpzu2PPqfKwQj261T6uFrFZh8qlHq8WOViV/JqysPWvlPkoZjvYQzUfzwCzpj76onlr/Bza+ZaWuzLyveuNq+jMjHs9Eds2yqxl23Tn2L5dLSQTe5MBjgzTg07IPeqLbmtt+9fppqdVqbtmNxxkbz2e3jC+pvJcy6wx/o6ScOtrdL4msN1F02J6jYQZ/7Ug7tN8fSYm9fLIq26ssKQlGPU2nZaP+TXkn5PhsRJHUY9fQvqdwjGyb9qT7gqmCA8Ko2XWXifM/t5L3qzqXItm3MGednp9kqqPH1SSD61wKzrv36YEyuJneGVzqiDd65Iwu57p8VbqSKjTKPWLo4zwhTF0/9Ijn/wAAAAAAAAAAAAAAAAAAAONmFH9pUPQYAQAAAAAAAAAAAAAAAAAAAAAYd//0+79Z/yPe/f5vyO//AmPkbwAAAP//FSp4xw==") sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000000a01010000000000000000050000000900010073797a30000000000c00044000000000000000040c0004400000000000000005bc000000030a01030000000000000000050000000900010073797a300000000008000540000000004c0008800c00014000000000000000010c0002400000000000f6ff000c00024000000000000016cc0c21014000000000000100010c00024000000000000000140c00014000000000000000090900030073797a32000000000b00070066696c746572000030000480080002406b10a61d140003007465616d5f736c6176655f3000000000080002404e73b858080001"], 0x130}}, 0x0) 5.189473414s ago: executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x42, 0x0) syz_mount_image$fuse(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40841, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x5}]}, 0x1c}}, 0x0) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000005000000ffffaaaaaac1aaaa86dd6017785c00482c"], 0x82) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000726b000000000000004000000000000000000000000000000000000000000038"], 0x78) ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000240)={0x5, 0x80, 0x4c000}) close(r0) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000180)={&(0x7f00000000c0)="3859211f2672473b463bbeaf105ec5837fc2b5d7067de371d5cb73b1742555c80eb152cda1df32a105fa0c8d2b49f0937ffdcfc254475baed9dfd11afd58469e190f171fd6db300a8fb1a99f5a340fa1afda83ef6732595d720bb4b52d461b0a7e87eff256c12e8d5c1c9d67d1b575baf70b97897ae8289401637437e1ecfb5f1fe48146a881dee4fe4a37c3f4c7e0ff1e3b6e4283f9df9de7ba6ad951f8253f851c4b29416e773cdc2a45a6e42148a01905ff72bad80ccaeb", 0xb9, 0x0}) ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r0, 0xc00464be, &(0x7f00000002c0)={r4}) ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r0, 0xc01064ac, &(0x7f0000000200)={r4, 0x24, &(0x7f00000001c0)=""/36}) close_range(r0, r0, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) shutdown(r5, 0x414247e4f7261916) accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @empty}, &(0x7f0000000040)=0x10) openat$full(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) 5.123159056s ago: executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000008000000f7fffff700"}) r1 = syz_open_pts(r0, 0x0) r2 = syz_io_uring_setup(0x189d, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000240)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x6256, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000280)=0x3) 4.617716154s ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000010000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a891588d818a0afc0b3116a130974cac0615232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f3ca1664fe2f3ced8416dc180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8070000001fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491d04aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f84e4272d2cc72d4e771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de457f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5bfc182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291a76456cd7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124ee3df3a35e8014d6cb5fd6c054a10bb2146174c1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba5187fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4db5a5df9d62ea6d805dfce568b885a50ed8e2eaf8a932287a1d3bfac17774e58875a63b77e07298e4b4f515189c6fcac3cd35dac9240e633219bb6a5a25865e6ed8e16caa5406b56702afe0befcabbc9a2a772a1a087f0d633d457bceb695b2cba3a1a2daa2dda796373cc0fe0a53236d028fc1076bb746b2717c8b6052f58c91bb8cc19474ab9d4d2160773829f078727f6c684ca749136a7f46ca28b00bb4237695b4"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x2e0, 0xfe, 0x60000004, &(0x7f0000000100)="b9ff03076044238cb89e14f008000de0ffff00184000632f77fbac14140ce000006a62079f4b4d2f87e505ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x25, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f91731dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x2c) 4.14225419s ago: executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_COALESCE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x20, r1, 0x405, 0x0, 0x0, {{}, {@void, @void, @val={0xc}}}}, 0x20}}, 0x10) r3 = socket(0x11, 0x3, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_CONNECT(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x20, 0x0, 0x0, 0x0, 0x0, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0x20}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r6 = socket(0x1e, 0x1, 0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(r6, &(0x7f0000000080)={&(0x7f00000000c0), 0x41, &(0x7f0000000000)={&(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, 0x0, {{}, {}, {0x8}}, ["", "", "", ""]}, 0x24}}, 0x0) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), r3) sendmsg$TIPC_CMD_SET_NETID(r6, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r7, 0x200, 0x70bd2d, 0x25dfdbfd, {{}, {}, {0x8, 0x2, 0x5}}, ["", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) sendmsg$NL80211_CMD_NEW_INTERFACE(r9, &(0x7f0000000640)={&(0x7f0000000500), 0xc, &(0x7f0000000600)={0x0}}, 0x0) r10 = socket(0x11, 0x3, 0x0) recvmsg$can_bcm(r10, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x2020) sendmsg$NBD_CMD_STATUS(r4, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xd8, 0x0, 0x800, 0x70bd27, 0x25dfdbfe, {}, [@NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8, 0x1, r3}, {0x8, 0x1, r3}, {0x8, 0x1, r3}, {0x8, 0x1, r3}, {0x8, 0x1, r3}, {0x8, 0x1, r5}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x5}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x5ff6}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_SOCKETS={0x44, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8, 0x1, r6}, {0x8, 0x1, r8}, {0x8, 0x1, r3}, {0x8, 0x1, r9}, {0x8, 0x1, r3}, {0x8, 0x1, r3}, {0x8, 0x1, r10}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x4c890}, 0x4000040) ioctl$sock_inet_udp_SIOCINQ(r3, 0x89a0, &(0x7f0000000000)) accept4$vsock_stream(r3, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r1, 0x8, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x1d}, @val={0x8, 0x3, r11}, @val={0xc, 0x99, {0xffffd639, 0x1a}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0xc010}, 0x4000) r12 = socket(0x18, 0x0, 0x1) connect$can_bcm(r12, &(0x7f00000001c0), 0x10) getsockopt$XDP_MMAP_OFFSETS(r12, 0x111, 0x1, 0x0, 0x0) 3.558262361s ago: executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1b) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000140), 0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x11a, 0x4, 0x0, 0x0) 3.359262713s ago: executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$squashfs(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x4, &(0x7f0000000040)=ANY=[], 0x2, 0x1b4, &(0x7f0000000f40)="$eJzsVU+L00AU/71k2jQexKsieFC0PbRN45+rnqQfwA9gaWMtpqhNQVs8xFO/hwj9Gh7Er+BB2Uv3sCzsYfe6LFkm8yZN2sKyLGzLMj9If7/3ezOZN5ny5n30OXIAnFno4hVS2LiNf0QQAB6Q8l47ig/LihscHwjFNfZ/MP9njibTD50wDEYbRVIFio6NVedioVUdl5p2wwRtSMW41jL+OFg7ghjATnyf7QswiilYWy3M3fpnyQkSBce56guX4cvvFo7SXvb3+FtXircAkiRJpNdTD+XHyE70W41xpXdPpA/ZSLIxsvnJ4AmA05/DT81oMq0Php1+0A/I95++8J553nO/+W4QBp76pdwSFv8hJNcAyJ7q5vIlAHvcYG9hHbp8zpO7Ur5G9eFSE6+n5yYsCL+yudzbId/xBo9RAfAlpqWrC0e6pTYINkQatERuHbW3SppodD+GvRkIxCO9OQQsPW2BUhb4WSAK250Bd2VpjzhuM8+ZF8z6ztJ3kZA9CPscVWOgjK+d8XjUkpZSqadrVp5/J0bugOSqJ+Xi5u47G07FwMDAwMDAwGCncR4AAP//mMZQbw==") sendmsg$nl_route(0xffffffffffffffff, 0x0, 0xc040094) open$dir(&(0x7f0000001200)='./file2\x00', 0x0, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0xe0701, 0x0) ioctl$EXT4_IOC_GETSTATE(r2, 0x80045105, 0x0) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x60, 0x60, 0xb, [@struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x0, [{0xb, 0x5, 0x7}]}, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{0x1, 0x5}, {}, {0x7}, {0xf, 0x5}, {0x6, 0x3}, {0x0, 0x3}]}, @volatile={0x8, 0x0, 0x0, 0x9, 0x1}]}, {0x0, [0x61, 0x2e, 0x0, 0x0, 0x2e, 0x2e, 0x0, 0x61, 0x0]}}, &(0x7f0000000540)=""/241, 0x83, 0xf1}, 0x20) r4 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1c, 0xfffffffd, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r3, 0xfffffdfd}, 0x48) r5 = getpid() r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r6}, 0x10) setgid(0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000ec0)={{0x1, 0x1, 0x18, r0, {0xee01, 0xee00}}, './file2\x00'}) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/schedstat\x00', 0x0, 0x0) read$FUSE(r10, &(0x7f0000004100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) fchown(r9, 0x0, r11) sendmsg$netlink(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001240)={0x1f04, 0x2c, 0x8, 0x70bd26, 0x25dfdbfc, "", [@nested={0x1dd2, 0x89, 0x0, 0x1, [@typed={0x8, 0xf6, 0x0, 0x0, @fd=r4}, @generic="c112def0b826d4507db160546e537b469685394e8931108f129bfa730bca39f9ef4ae1dcaca7969c603822760fd813a30c41deb8a3a46d76fc655f670f7338a364831186a9b6d28627c5ca4a30899a3b8992aec5cee37029aaeb21ec99106fee1eb960e32db20374ecb308359e0adf510f", @generic="edeccbbf679ecd84376e99d2810a902a08730a05e0a4a44a429ebf7577ee9e63d4d5926b901a14265dcc9d7f7923d02500194a42067ad84724f24638e8259ee265738d91ecb5532c6084cea1bb35e91aac8e187556b56fbd707e80508e", @generic="baa879d2662690feb0fecb3ada93bb3aa68620abce8bda60567d4736f174fc8c8b4b3acd887d3ca7be020b03f91f6f3f4ef578013a9e0c38e6a3390372f0b1767bac54768c1ae34151998d7572a69cf4aa599766754cc8729d85338e7baf0a601c520a076df84d3df959ca473b", @generic="1b87bd8241c13e465f8c232bb7704fd7482650a2fa1a0e10e87e42ac38fb9a255a651c1d29d8cf66fda3fef0886c6cb1bf2be48dfd0876e7dc561b3ff9135c19975bab14834c2dc07b5c616b1a472d26854a239b249facd6b1f37c29fbac77cbf62504b17cd582817921595eedc89d48d9e2995ca9589bbc0fe0ebae9e682e11cb95da42e760185dd7323b9e05a00491f36c15b06adf85f34351192b38aa590b2c7ffa510b7624a48b07de14622fa5cb2cd833f7b49f02750e11551b4cc0fcbe2a8bd6ae51d66d8389c91ddd79dd795580f17e564ac936624d0a818045758781df3455d42a08e37e76b8ac5a7cf4c3b91fdc196c082f395588ff556a607ac2b6dad851e0853f445c6f2600e243ab70cb0a5c719df402d41c3617b3f87c3522af2bb77acbe890a0485f72b0533c4a979498652f56161923b142a94b948de8a48f28cf04f8310a4a549f7ffb88b5f579bc81a6cee4b8e8cf3e47241233f2410df870b6d4bdd7ae315a9c7fd7ed53a59798b78f3673a09b8fe264a7d35cd3d97ca57d78ed79adb97b331ffcccb66e0607fc9602037415696aa888dfa546a3e544a9dc350bd525e2cd23561726ac97c8c56d328a4b98d18499f5ca8c21295769a97e1250cb792f9cc4a0587484e3ac39764fea8b0fa54f0c0c569e36583553d092e812f06fffa6d8a1712026f082be9ae2422a5907bbfaba07947d42f287ee372e69403f88e7f7e38f90d2d03546df5c074e0214a6da5dc2e7025f7b29fa01b2ebbec1835eac3b003bbabf701a26e92eab9e5c7f2d06e5cbd2f1e1ede722f9d83f42ed30cca5a3de8cc0367638c6449849c1e132d672f17e4743ae69c7376c0d9794433e2910a5f62e2eca6a50c9a44218561ec158ced7e5bf1ad9de2c0fe8edcbf1fed3ad604c6f018c8663985cc9408b3cd06206ea8124a057893a3bc6c9ca1f9e57411787c04229e604ea4bc08ed10bc9f3ffd13075d1b87e17d34122580e93bc93363bc86d5405131623eb0ef1f4b18360acac74d2cb59d4814422234bda4a41e5c4cef705686ae389dad45dd55762865528a0dade2ccbe5c23951292c18a50fc124ab12321f5f929c5b5655b694025a4273363c87fa599ea128eb8207db1a32d9d8c3f7b0ca4570cc7c59a3d77b076baf3fd9a875726388c541f0609b71af8bd2b154580fc94a48a98e476316bc925e1e079dd4d5dd3415bf8ce19841064e239a32125cb135dbb76aaf4b0ae2dcd8a2f1b5db1e13791365467e63ccffc6f2440d998c415f772d1e8c8931685a808264572e2ac47a6f214436d1f826456dcfb30bd55a37f4cb7940d784c3f1bb4386a1452525d0708f81700a171d3d019cc97c80c8bda8dea62c54feefc094c8f0a74b4bc9aadb63fd376abae980bee86e992ffc4d255a2d4dfe78d04dfa902a53d6e144e939e3607010f3c32e2078431a003ebb60fec6bcab5022fce9e6e9f1f285d8990cbc7d97cc14291ebd84aebe601314ab0ded66d94b9ab213260b97bb7d2b04bde97e1304bd21e4a625b2ac736a641a5b1f3e808116e483afb6c4affa7db3d9e5da6d4e13165ec88a9c15369b4525d29da7ee94b8656d07e5f5d2c0f549555138400c701e98383a3293a94dbccd9b99254f61171f4e34d3d660a44cfaaa644ec43b9f720d31690f0b74ac2a419ac2709524d4cda3062f58bb6f983cbe8e2fb0e6e2474bb63b0f28a99ebb30ff53d8cadf6f36cbc69ebe4bdb5be1c17f1af2e83dd997958e9dc106332affa98293e2a61ff829f64b658abdce534549fe74ab6a910238a77fcea488b30c14c45b4af22d225c70f9258a5615dd0eeeaf494fe3f43e8c907398742a68f63e0b3ef885ae180fd4d52ad29ddf2b4d09cc76a270e474c05882bf31321f1bf6354a577206bf10c98be1837b6fa1aabe7a838804d6f0b943fcfa1cac4cfca7bd01dff1c7a08c74fe91eca06e72a9fa23e1f1cccb9da06746d4e4768f11040e2fd077d99c0f7b2e2afb38bd3b640905b78b3681c8c4384bd9fff7d68a82d7f915c6c13fbeaa3637001893ae3c587a139e53d8c3e7d3f8e17732f9aaaad71befe49c07da420db1c9e2f83ef98091f279d7f5a89e0dd7f6c97fbb8d4a45da0405c93f27e088715e0081ca1af70dbcbb4e906493592905f839d549bca3656da9c08fc6798ab7cd27b63fec392c73f80e7b0c77fecf07e2eb3853482ce089a6fa612dfb4bf04b13cb63bdfb356e1ac5c92957b7d2d32e9fd0fae2b9b0382809079a15cec7b4e53c9fe0c2e6b2b00c30abf069f1c674ab49e704f9026e42f38c6264d9dff2c6a20514ac1941c3b6c8fd6ff890a3ead1e34c782681bb0f846c839cc7b8a88fb02ddeb24b75333abdc129c317353b683357c7143818a80e3d7a5c49af2a6938aaec2cde946a177f79ed6e0586b0d975bcbc71841c116d67a6c59a2005afb48a73080da6968866c7b11017de01e5b65dfc23985eea0aef695d91b9cc240c8142646ba8711b18e0d2ac9879adda666e8c218becc0223b213d282876ccc7c23c8fd4f3ec758d5eaa165faa95c5642f27023719e67d0d998737ef678220b819c8a8fd23dfaccaa78a14f37f48f2d6bc0ebccb0a3dfc093d5491c40bdbcbfc54566055671146eff20bb0fc9db2c6d5ed5b18c62890a631e2fa8e317eb1b85efd7db622be9d760a606afc94cc49a23f73c88e3c1586fa5239a9b55b2bf36565369be2e257926588fb56e6e1214baeead1841e3221115273a4f7f26cefe145ba4d7f93da3917d7ddc4f92b8aac1b06082aaef23d80dde6219164342cc5e915c3878fca3d5c49e682adfe0dd5196e9544e6a1815511a974ec6a6cdc56c314260ed25d90f90c9ec689e542ada4c29abe83b043030b28a4f44b1b10b75d2e7073c3a127ad4accc224c03bced07980a3896a1a9a0077a8eccdedbf5754c037c685a90137014544caaf6006d880b8815afbf7aec166b5d519a92b8634d459cd844dbc15e4ee453d693d7dd4574b9e80c7295b61e8af8a5a5f4b1b38afaf16694672569c66e5cf935047e61d1c26012a8d2dc4d6fc4dbd04a9d6ca528c4b853bc7abcf3bbeb8d94fe1eab74e6f18cf20f41dbc1c096f1182278c4742ab8e0eea28e6c3b89939046ec1f1145a56a7ff9c9bd2aeab14f43e23201bd1e0333b1f160e80e0e71d7494439589ff63541bfd2935e2a5677261ae8ad570673ebc827a58b6364dec7652ae34c4f5ea20a52a9e7f862c5b4a3a90e8c020d7df31f47f28010b4ae9ede9eeef3807395f629b89a4cb34f6239d17e369bb50de362da2759514a0a8381ea50e09844e825554860864d816c76a605e3425dda3b5ba4f6f3511714d7e0879f126d25e4735c10c59e06dd27b5fb32aa1067a32fd8c789f117f74144c8feb98f1bca376d0eca9c64f0f5aac2eaba27e9e9effb6105ee06d550b8e834a46478d7efa719db0747d556780cacd2e9d67def88ac3174beb270cdf3323aaebf171127d5fd722c9177f53f2a72cc1b1fed31ed05f629415f2d40ee88826b154f9d02c6136b2dc9a2b7b3cdcc80869b94ef3a876598a1a3de8c3a918b046f08f9a19414954b840ef5d6bbe259ea4c507a007d20ba973c0863799e112111a80c54179dadd15caff98fd9bd95d7f2b4408147497df266fcc1e29cbc397c74f8de1f87eb3675440b3a2d38b343b788e03a9e48fda9ffa1fb2f93becc231dccc79fe2599c8f15740c3a42d9bfcfd14f8ac30d02f4c7cfc4e77529250d1c3b60fdd463e00dbd8ecd23c56bdc7476f8a00179eb7a9869868658f44beac001a10472031d8add97fe3e3ca667164b9ed0d8ce87f42f409f433cf8a47dcfab129c04d4f1bebb34bcc3dc72d54c9c07e587eb4ebd3475259c208b9376de5502f0308117334079a3a04a0f3b2dcfb10f035e9b3b3de19d0cc7a1f3b5cb3657e08876103cf148989b26150a96c05f53732c1e7d03b0d4bb722b15ad7e0cc37a0174d3489cdaccb59a10b0f1734b19b91f08912aeb55373ec8dce1c39ea1b6adecf157d953ac4e8fb910c736904561e8c20df94f18470875ff01416de16230a1148b7b5d0443af7d1062c4e2ee3a7e35b92ecd05c53a5596fd458d918609a835f8f7c251504f719bd183b6b3556b1b1f5eb5b688244d469dc18be42a8221a8ceb6abd049fa1c0d7d54e95a1ecb312991232097fe85de79c380b0ea4c0867f20c1d4eeff7fd96788bbe52fc79217c008e953929693c9aece155551476fc5b9cd68d1fecc92007abfdf4416667e8a2417ab9f3f5db43f1ed68539d803570411bd6865fcc46dfdf925a64ec6ebbdecd030bae588512f326d7b67813d2467f4582c021765e592bc2c7f5e3581897da0f74c8b92bf79f53acb7fea29016ea42d2686aa7a78b0c302af23a04ec481f9d31697a6ba971de64f89b89071eb978ea6ed1ac7a5d02584801f89c9a845cd56cd748fc836e75b7bd8e541cadcaf9f0eb51b40c56ea3075021941f344de922d9b15e365cbd0ea8691e186bb19c3eaa38537f7c758db3aaf6633c521d446cfff54af5a6c126e24b0848864fb17549b554e6eeff5c440fd5f9e68281642a634e6865b41a1dbee9e7acafaa96d537e17e3ee4aa11daac0aa274d908afa9ee412483c6828115d75cffe430b7244578ad7bf5c249d017c5af867de617cbb0051dbbcebd757676567288aced40ee2e9b82967504c8cbe2e4a5d6a04b1d21c734bf0551bcbe18ab5a9519d065047fd8203d3bc0ea86487b8e9bd0ec294266b9eecaf42181283676df642b64a11c7ff01a6dffddac39949f2d1c9becfad8126af2c19403949c244c898da06192ccd6ac7a031dad230514a6166b702827a33ee3d6ecc7d4c051ad304f8051bca49580ad036a220df41b3c06723aa4e22e0614fdbd10a8af8f720c9c5421a52e66ea9b43325a4a15195407ef79dcb29042405755dec37899fbc9499149146c299f40f255bc037caf03e813aa99e3ffeca3c967af10a317d4f095a0fd36148ce64843e4c76830ea469e536debd2dcfba0a4088d73db1a9a2f075c5c03214597e3658250d7beaade424dde364b6555f2621476fbd35d6214ae360db11f757a399f4f1a3376197b2fca0b8a27e9aa27281a4b24e3c4ef86bcc6e40131e7baec500f0b00c8a092f221f8323e919b72a3d1295dc7c3ceb7052bebaeddf379287f4ccd5a763f94a71729895cc09e3bb26e1f5d8d112a0c2d0380bea57090a6659060aaf4a78d68e44491f4fa46fb27a9ff44546bc735cf718464f6238bc2f79d8f20f46be69785e9549f4f9ca93ab16c7aa6264eefb34489ffb11889a81d3ed6d4588b76840a34057ed12eb43c8fb73550658dbdbe743f3edfdc2d0e3a45d0b9414d1d040e7a04eebbdb6a536c0b2db0e00bef239b6028336825343c441494cd1ee44426f4b903bd906e801d06b8a013f73e7e66e6e67a3b0d1343f667fbf5344c01a10dab4b33b5dca0f85847e85e2917ef12a8fec421b83dfef54d8c9ffe46a90b59d26f6a5c716a7c7f0fb519f797406a3627d7b0cebd4ec0df6da8b4e70efb50bf694cf55e504d7b30b47abfd71fff2097ea7b3d7353ad69e548746bf9d0cc3f85610dea4b4969c46b44edeb1f42357d89ed5b617c33d865121c31bcdb", @generic="ddbe583ca37eb7bc162b091294d83338a56b755a5cd6ccb0908ef9441e73b5fd37568cc52c51a2849d49bb7872db4149b06160e245770b9a84db6bb93b3c2f24cfb977af6f799b900ebda4f31a3d005e6435651f53c064fcb13d66993452589f6fb11df157ef827774706f5e1520f8e78aa945d1d9d20530a86d76d5a60b93448889b5fbf46e54d19850aecd2f7e5dfec1ad33b96f55685d11ee2331546f5f06d6910c12f9a07107b4f48afba8315e6b694a1d30c932c9645245ae44b3c409f1f127bb1d4c24b1c04dd87a8a16dd7cdb79d1590ddefc0e57105c0c42dd472b528f61bb9ef58db5e50614171176daf47b5d618d036792349707e7a7810b62ca0b25ab8fb14f159864dea6d91fcd521a0ddd9c33987a825be5cb5071dacbd626513db3e67a4817b23704fd9926f5fe7ea520d2b7b4f99577d7c0e15d4f4590c08670a51a63a0d6e58bb78b940bcc327bae8bb69ff2ea7c8cde8776b99928673fa26b0f8198d42f615d55f926c5c34c416b476d753eaa95ee78c4010f6ea4bf2c51b9f914a242444e843f5e876d6ce775ca6c603a84b8422f343e410595dc2bcf1d680da29209bdd198118baefb50538ff7f051cf8066a609564f295f83cb7470e3cc7734687a33f634a94031ce87e94193df4d893750248ac3dd7f955516eb41624b6489a94a4f5e1f87c888fb5516c3461f0db345e673e6e8d0c709da5083b62d6e82fdbc4c0e4009b5a536db2a525f4a39da136fd21c672ae34013b758545f23311b08ab43db6f2c2f169129e429faa17556c01f8fdf821d146406f9744b0ef07fdfb14a377813b6600416ebc1c640e70aedefb22ad5ff50d51f2396c04c53586ce4f24370a239a20a91884e725ca0e40ee16ade6fa1e0f2eb4e3e4438794a79c1d333a2904d1a8bc17f798249e609ddb21adc5a194eded360ab17c2aa9c0c4583e310aafd54d23ef2e2351fd3dd8a3452ce2cf6526eb983d67825e34da9f3ffa90e43266fe91d7ec6be8875a3c45bfa8d12480e3b7f639fa21f15d7d91a2eca1d95487da6a5f522148b4cc5d473ea020f7f1ef9ffb2ad6f0eaaf9dc6bb51c99d72b20ace5577a9adc5ac2b10cafef20778bb3c6ee1572924f64eaea9f34445172f5f75f9483dcb5025ecb2a95d42fd8f58a29e6a751337f893b586f70107c890330f5b5ac44c488312b767cd469c76b510de318dd6c0f1b9d0785214e8bd265929a9f3fc8c23adef7ae3ff1e9da5931f5a07c6dc5cb8805f37c6b542498addd98f45bb3f621d8e5ef85743343b71e6b4c78882d380724db6d1fcfbf13096c7982cd7d7c30ffd9965ef5b6e3f5254a97fc23d5fa2789325ab4ab7c5d87127ff643d4660126b4cb0e7cfc3de82f8f143a6c1e4dedbb5d61e27fd62c2d34d01515f4a2b48b528a04a3fd298d82bf4fe49a2b581901bfd6d934631a2129f0a490530fb21128b6d04bbefbbca54a30faad0deba6ac8752efaec9c43cde8e267c93bb97abf42dfae44a1cd2803271d3e1c7239efb2c48831f47ba3497b3e115d6377a3d7f3373360671ba481137ae8534569c97b675db28922d95503b06c6008a9735ee4eca2f261d75c4c1d3e2b073aed50b40a50a715b2fed1d1f0a66974549fe8a4dfd4bc04935f7b71b84a5507e1e3a23335813ea92783fec49f67fe97e51a79e4afdc3c0a54bbd84df830b908553f07767727fa752304fafb6828b7730497eb77bef66459d602c3deb3df9eeba27f68dd7aeb2d6a206a6b75cbb4176627909d50ea0c1dd3ad6e82361f95876133dadc82fd1fccdd9315d644e14ec371ecb95677d3b0216559214cb17983af4067bd8e3213ca864966f532237209ff3f324f9561b2fcd1b706f6d75884cb28152817720cedfba2fad5e83ec3be8580c8c01ace5b8e779d3ed79425c45805c885500d947fa5b783326e376806542eea264a2ce2dc7b7625b33a32d09f012ed1276efaa0ec1a115b84599afc528abbd82e4b7ff480138059ef538e5ef7bea35fb6c7421f31576e4f2117db481f274f31660faa73d53280ec02f56017018bf73545345bdf9ac2e15a02cb4675a8c65a4591c58b9831106b1476a8c0e465ef5737552897a7357f85c2c1125661fb956911d8768048e823361a8f77beb963dd1ee852d81e4554e96cdf9e45fb1554231b86c7f80b73095ac4e2dcdb3c7bc5905f8e25d6962928b5336299f88ecc97693f6c10785721cb8883ece18627ed01f7409cf83085e6675691c8879d251ed4bb579e65268966cc2836b0cbab1018016c86a185c709bd73dd1e839a9c7aea67667aa4d2ce653e9f90b832e0372a2713d0a8c1f9d11b0b9d4743eb54ae16df246cea1138f09ab42bab5cf109c8fb582465b1d9164abdb9e442d8188be3df219872fcb4ad2a3ef5f7249ea1af98337fd932923794ab7963ff4c90437535cec51ac1f8674deea7bab48765e3cbda279282e6f151807f263f9291c780d7757aa2e51c48db8be5014c771a3b8a66109dc81a45fa70f3cc18b38e7951df3213768358cbdba6dd7d51f2f5311577345a2e490d94dc23ebf70f81ea21554a15d1c637d3fe57c282bdc21de81f199d38accc6d7067082b0e8fe1349ca6b5ee1d5be1ada8b60eb6c488ddd6d073646575e62f5b3e6a42b8d24ff31c53ebf50453d17165095020089e3f1d819133fe83ecbbd93c53fb05cb0c904ca7525a26f1a9e5794d992ddfe80439767cbe8a18faf24b856f63ef850f495072a7a2174e57c6e207bf16a9e67a99210919385bd006f020099389ae4b8214baceae9bbeb7c10fd6f039c3f81cc871c18e45ef6572537da8166dc639a31fd6489f93c4d5e2ea3d66c67a1d3ecf2f9d0063a64322ebb6d455c47261886c0f92ce0442a3e5596ca23168acff69875070ae3ffdf61f5564d4a22a880f500110db394cfcc5e69b28327acfd70f57ea6de9679f40a24545dbe2e6c63c173b25bcfb2a55079d7de1daaf9f0ec802e978d0918ed8d957c2c14565cc15458ab7ae519ed2de22c03d5302bb610b837e49f11aa0ddc30c7728cec1df905d470558ee45ef24683636d496888c7b8870a59357263363b2182fd6471887d1c27b44e9cac8188a2fedc35052a098176a5a2abb8dfa25d2c73edfd8d819f2e70a191bad4b7c3192ee8ce656ef6aa36b0a60f9f4432e5079f95e4f53f197f839fe041a7cca16a99ccd2b9d2350c70184873acaa05aec1060fcbb4f21c6ecb338cefadfcf07d56a5aba57f92b3b779aa3776cf56e4d1939d1c3fb773286f8f4d5b131df91912c0bea123f3a8662ca9a9367354a07b74f0f82e401742bca56f25a0d52ce00a96aed1fa731d269d62d415d89bb586006b191fc76dc21c8f847fb4d67290dfd5a7c9caa425742b9a1f358dc4f6e11566e7bcee0d5c353e5b4876ce9aa09185a6ded01b06fad2dcc62e4a3a5c831356d2b60f3a13240555061df2548d908d7adce65a624a85ebed5b45474697f6b2143908f40f660f05137b5d896b762a8c47d64504a18ef1b2ac4dd2bfb744c03794bb5d9ab5f147fb0d4dacc268ca76e5c0fcf5fce9d214bb876559b7d61779731ea64ce5010198ba5a62e431286f3eb2a5fbf943c83089ed29d899dcecaf7d594c64990f66363e2a3c9322ba7a437010b30f051d3f8805faa2ef396dfe51f8529fc6a12ed8a300194ace9d072a1013d7eed278d87af26b8e7571607bdc8c42a818d20466b50c5fa54ce10aa7315dffb33b47f998f963f1ac17b25aa8953ea6682955ddb2adc983876a81e86a573545ebe227749b51bdd9ba9ff0de7023cb0b960f2b8574490f101e273a845cb79e1ef7c6b1a169b58b8cfce373b117e3400dbe2508e5fe47efdf021701b1a1089befa22dfa52f521f19313db44a7139923ae0e2b588153e0d155643f996bcbc48bb515c5781950e03955b54576d6737befd4d01b32602b370b54111ff9edd6d4fecbc80fca28d587ffddcdc0846b66a7ce12e96a849d566f3c1d867aab78c74d8d41382e0327b33e4f04a498333d596b21530f54e6f40dbcd56cfb39bc6ebc0ddf92a01f41303bfbab5cd34f563eb64f9ebdbedc9c937fe845a65eaae43c9408cb3a3f999628aa115a8bf259045bb5dfa72c56980ddb96b4381b64d48741a804a85c9f823b159b53d0bd2ced962b91a0cb8ae56757176cca92d51b", @generic="67af89b1f04b6796b2e17f4fd32ff897a564bd91c3a3b0df47b0bdd57e9302b0c77930a06d95dcc0faf31b1b48a7f92964d2a68463d5dd1f386ae2492386b73ca4e24122de5760fe80666bf2d856e962cfc376ee570fe000776fcc1400d139d6e19bc5a422c933c7eaf4a2f43337cc86c09e9af7c7ee3b977b20ed061c300255d322c078a72159cd1d5db8675043f6578cf5a44a0b", @typed={0xc, 0xde, 0x0, 0x0, @u64=0x6}, @generic="b79a0038ea", @generic="424841bd284ff3f844562fc10568db777e1864312b6c191892f7c77752b535583219248ebf6003a7de9a7d0e4beea47306713e242b057280746755b3049e65a5196c715293cc9ef660ffde3daae38423166d49db93d28438a28ab7220f973e3fa5e49501be1e3cc197062097c78710796ef84668acce8b87581877ae97865f728bc2f276ca050edb29e6363267894bb6b31f614aedb749aa25cff58966d2f0e69a331b2ca63a562054bc14bb266e5f122a94c2ea5016b8595037a901c2889c69b1d341d202730f73f09123d890d61b41a09cf34a2aeb6b8bd0831438516cb4feabf08596de"]}, @typed={0x8, 0x0, 0x0, 0x0, @uid}, @nested={0x117, 0x0, 0x0, 0x1, [@generic="eef3585f163779c91519ced70fc791444702a0ddcdeb7ffa7b76a5dcf3bfde6f7c7360ca4af30a582936801daa65634036", @typed={0x10, 0x4d, 0x0, 0x0, @str='@:\xb2*!*%\xd2\xb9%*\x00'}, @typed={0x4, 0x47}, @generic="ec393dbacc88ded87f49485873147dd8b3c7854e4abdcc1cf2a1edd2353b638f5566f7b88f5254aef4c797a000f57e7f558b4c302a04e13f9850d06de3ac3e2038d044a5724278ad00c88bc33b665d5bd823f0a28e31a87535a9b5f14c014db7e9ef16f4e657320d3cc0f60dd3fac68abe3bf1959c64cbe4a042300cd99a25222a25e5d6d513c0dc07096e8ae87e4b6332a332a00e40722397feaa101c96d6cdb65722d7e9afa334b6a21ad5788edee2049de1e8802f", @typed={0x14, 0xa3, 0x0, 0x0, @ipv6=@remote}, @typed={0x4, 0xe8, 0x0, 0x0, @binary}]}]}, 0x1f04}, {&(0x7f0000000940)={0x2d8, 0x12, 0x0, 0x70bd25, 0x25dfdbfb, "", [@nested={0xc, 0xf8, 0x0, 0x1, [@typed={0x8, 0x2d, 0x0, 0x0, @u32=0x9}]}, @typed={0x13, 0x7f, 0x0, 0x0, @str='/dev/cpu/#/msr\x00'}, @typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @typed={0x5, 0xce, 0x0, 0x0, @str='\x00'}, @nested={0xd4, 0x65, 0x0, 0x1, [@typed={0x4}, @typed={0x4, 0xf1}, @typed={0x8, 0xb9, 0x0, 0x0, @u32=0x6}, @generic="fec97208fe1ace09c7aae2a365ee9603c960ebeb6f6341a7b18eadaae6ad0d720aa0abcd5da2133b021b19ff805d8cefcc6a031889e9c1e25f9a23d21aab8760a2b9db77c8ddcade3b115253abf70996f367631313f7934db472643cf0545d762e7ebcab1bfeb153374df7fdb4a0fd2eba19300c4fbfb13b33daf2827ab8979efc740a7b252c83373f5250e718f5f572c5e9632e10da242dc866992c91972db0e6a96102003a6b74ca10e6448830049772ae554f11ad009eb16109b323ab4c1b"]}, @nested={0x1bd, 0x64, 0x0, 0x1, [@generic, @generic="a58064bdc049349f866595c644aa72f9a4991de666fb53572b1a585ef8233b9a1c97cff594004015084daa98eb7d97d2f448a209bb1486d34dd5fea5a8c8f1072ff1dbc37d9372425613aa04d60b604f5fa3966675138439e8fba0d4fd8ba4eb06ecc59d4778a5249a73a20e1c6ef7349ed193b16ad2e996d8c58f4294b0a1a9cfe466734701137a24b9217cdb5a4cabde3de56c134badf072096857ba49548d411f3527352b612ae812d1f50cda9b4066f945c1c6bb99b1a4d0f17234", @typed={0xf9, 0xcb, 0x0, 0x0, @binary="2499552aedc89f715b4142a1fad1f8ba423ba19fa4256ceae20ca6fec6ec2c0374d156d2f5733842f7d4fd580b25b6f11bab6e233bac87a113b6f9afa03cd43f1269d4096d7bcfe560164e37324fc269f4a791631c2805a93b6bad9738b56fc3fd3ace7f47f5fced9b86070733373cb1cec2b33357a65d88377ec1a5451cf716a1ec4c555b3198955b0b487bc5845ff30d66292e558b36ae192bd66c7430534e968b3ca698dd947f0b4f1a00bd30942c1788d663f66c939d75f04aed9262be09368dd6792f3fc36abadadc3426258235ee6ca634da147a57c1b5596311f04b8a004059215d4c2d0f3ef16f30104c62f3c8c315a369"}]}, @typed={0x4, 0x119}]}, 0x2d8}], 0x2, &(0x7f0000003900)=[@rights={{0x20, 0x1, 0x1, [r7, 0xffffffffffffffff, r2, r4]}}, @cred={{0x1c, 0x1, 0x2, {r5}}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r5}}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, r8, r11}}}], 0xf8, 0x42010}, 0x8) write$proc_mixer(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, &(0x7f0000000380)='syzkaller\x00'}, 0x90) prctl$PR_GET_TSC(0x43, &(0x7f0000000040)) prctl$PR_MCE_KILL(0x43, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='smaps_rollup\x00') 3.174017307s ago: executing program 1: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='t\x00\x00\x00VQ/>\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="000000000000000008000c00040007004c001a804800048014000700ff01000000000000000000000000000114000700fc01000000000000000000000000000014000700fe80000000000000000000000000000005000b"], 0x74}}, 0x0) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x3c, 0x0, 0x0, 0x0, 0x0, {}, [@IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x3c}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10001100", 0x33fe0}], 0x1}, 0x0) 2.961886587s ago: executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) syz_read_part_table(0x5f1, &(0x7f0000000000)="$eJzs3DGIk1cAB/CX9MihRcTNzWCGiBQiZKtE0BA/JGBCsOjQ2rp5Q5ZzcoixGBCH5pbIURcdlIMz1UEnEUEQMXEQMh2KdqjKcUM5uCVwHCmh33W6Qu9oBuH3g4+8l/d//F/I/L7AFy0Z/hyNRokQwspv29/93WLp5Kl09XjtTAiJ8EMI4Y/s7K/jlUScGE3//Xkwnn+I5/mnU/M/LkbX2509+x+n118n4/Wr8fO5f+v8v/cufb39szIJhy4dfn5gONj3pBzu9I71ju6un7vYzRab3TfVRyfupRc2//fchPofFl7uvdaajdqXCzNLUeNjtJxcW41Oz9/OpeaatezKkTj304T66xtnU/fvvii2Pu3KvypXKp0H725mGqVnrSuDfubt8MaFOPd+ekIHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgf3Xo0uHnB4aDfU/K4U7vWO/o7vq5i91ssdl9U3104l564WCcy02o/2Hh5d5rrdmofbkwsxQ1PkbLybXV6PT87VxqrlnLrhyJc4kt9v4cRqPmTkoXpv4Z1jfOpu7ffVFsfdqVf1WuVDoP3t3MNErPWlcG/czb4Y0Lce799E6KAAAAAAAAAAAAAAAAAAAA4L8pnTyVrh6vnRmPvw8hfDPz7dx4PIrvu2/eu998D8CH8ffJEPJPp+q/LEbX2509+x+n11//Huevxs/n/q3zW/V9NfmfxDb8FQAA//8hjI7g") syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000020ac050f0222000182830109022400010100000009040000020301020009210005000122000009058103"], 0x0) syz_open_dev$evdev(&(0x7f0000001180), 0x75c, 0x0) close(r0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f332460916e6e893f1eeb0b723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6fb6db714e4b94bdae214fa68a0557eb3c5c2683a4b6fc89398f2b9000f224891060017cfa6fa26fa7a34700458c60897d4a6148a1c11428607c40de60beac671e8e8fdecb03598aa623fa71f31bf0f871ab5c2ff88afc6002084e5b52710aee410e3e554d090d95983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed00000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) close_range(r1, 0xffffffffffffffff, 0x0) 1.158413435s ago: executing program 1: r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000400)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x17) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x1}, 0x1c}}, 0x0) 922.601888ms ago: executing program 1: ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)={[{@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@codepage={'codepage', 0x3d, 'macturkish'}}, {@gid}, {}, {@file_umask={'file_umask', 0x3d, 0x108}}, {}, {@part={'part', 0x3d, 0x4}}, {@uid={'uid', 0x3d, 0xee00}}]}, 0x5, 0x2d1, &(0x7f0000000600)="$eJzs3T9v00AYx/HfOUmb/lExbRESC6hQCZaKAgNiCUJZ2ZkQ0KRSRVREWyRgoSBGxAtg5y3wIlhAvAGYmHgB3YzufHGdxnEaaOKm/X6kRM757vyczo7vsdRGAE6te/Wfn2/+ti8jlVSSdEcKJFWlsqRzOl99sbmzsdNqNvI6KrkW9mUUtzRdddY2m1lNbTvXwgvtp7Jm02UYjiiK7v4qOggUzl39GQJp0l+Hbn91xHENy650segYRi09wWZPe3qpuQLDAQAcA/7+H/jbxKwrMgoCadnf9k/U/X+v6ACO1q1WV1GU2yB1/3eru8jY+T3jdu3ney6Fs/uDdpZ4mGAqBz5PKD6zOhaYpl9W6WIJptY3ylpZe6tGoHeqealqi+69EZ+6bX2iXcrITXP07q2i+9PxaNyK8qB2SOsbreak3ciIf2GwI/4/89V8Nw9NqE9qJOu/cmTsNLmZCg/MVFCx8V/v3eOMa2Vryaf9tVot6Khy1h3kgj+C12eU1eyMJN1n+wHBbhJBXpzu2PPqfKwQj261T6uFrFZh8qlHq8WOViV/JqysPWvlPkoZjvYQzUfzwCzpj76onlr/Bza+ZaWuzLyveuNq+jMjHs9Eds2yqxl23Tn2L5dLSQTe5MBjgzTg07IPeqLbmtt+9fppqdVqbtmNxxkbz2e3jC+pvJcy6wx/o6ScOtrdL4msN1F02J6jYQZ/7Ug7tN8fSYm9fLIq26ssKQlGPU2nZaP+TXkn5PhsRJHUY9fQvqdwjGyb9qT7gqmCA8Ko2XWXifM/t5L3qzqXItm3MGednp9kqqPH1SSD61wKzrv36YEyuJneGVzqiDd65Iwu57p8VbqSKjTKPWLo4zwhTF0/9Ijn/wAAAAAAAAAAAAAAAAAAAONmFH9pUPQYAQAAAAAAAAAAAAAAAAAAAAAYd//0+79Z/yPe/f5vyO//AmPkbwAAAP//FSp4xw==") sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000000a01010000000000000000050000000900010073797a30000000000c00044000000000000000040c0004400000000000000005bc000000030a01030000000000000000050000000900010073797a300000000008000540000000004c0008800c00014000000000000000010c0002400000000000f6ff000c00024000000000000016cc0c21014000000000000100010c00024000000000000000140c00014000000000000000090900030073797a32000000000b00070066696c746572000030000480080002406b10a61d140003007465616d5f736c6176655f3000000000080002404e73b858080001"], 0x130}}, 0x0) 686.834431ms ago: executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) getpid() socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c001a800800028008000200080000003e127a5108000200104013"], 0x44}}, 0x0) 660.955539ms ago: executing program 1: r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000006800)={&(0x7f00000001c0)={0x30, r1, 0x615, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x12}]}]}, 0x30}}, 0x0) 431.710437ms ago: executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x11000) vmsplice(r1, &(0x7f0000000280)=[{&(0x7f0000000680)="85", 0x1}], 0x1, 0x0) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000001780), 0x0, &(0x7f0000001c00)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 358.67752ms ago: executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x3c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_LABELS={0x4}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x3c}}, 0x0) 305.744098ms ago: executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r1}, 0x10) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = getpid() r3 = io_uring_setup(0x77f, &(0x7f0000000180)) r4 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="0002020000000000ff020000000006000000000000000001"], 0x18) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x1e, &(0x7f0000000300), 0x8) setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f0000000000)=ANY=[@ANYBLOB="adc0c3e4"], 0x8) close_range(r3, 0xffffffffffffffff, 0x0) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000100)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet_sctp(r5, &(0x7f0000000500)=[{&(0x7f0000000040)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000080)="cd", 0x1}], 0x1, &(0x7f0000000400)=[@prinfo={0x18}, @init={0x18, 0x84, 0x0, {0x7ff}}, @sndinfo={0x20}], 0x50}], 0x1, 0x4044040) recvmsg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x40000000008b}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, &(0x7f0000000340)={{0x5, 0x3, 0x3, 0xb346, 'syz0\x00', 0x1}, 0x1, 0x40, 0x0, r2, 0x5, 0xb1, 'syz0\x00', &(0x7f0000000200)=['\x00', '\x00', 'veth0_to_hsr\x00', '\x00', '\x00'], 0x11}) sched_setscheduler(0x0, 0x0, 0x0) mmap(&(0x7f00007ad000/0x1000)=nil, 0x1000, 0x0, 0x4000010, r1, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000140)='veth0_to_hsr\x00', 0x10) 276.037443ms ago: executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x2}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x1}}]}}, 0x0, 0x46}, 0x20) 69.837734ms ago: executing program 3: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000080)=0xffff7b6e, 0x4) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f00000001c0)=0x7, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000400)={r1, &(0x7f0000000080)}, 0x20) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000001500)=""/3, &(0x7f0000000240)=0x3) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='nr_inodes=6']) chdir(&(0x7f0000000140)='./file0\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000008000000000002e00000008000300", @ANYRES32=r4], 0x2c}}, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0xe860c42ced148432) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f0000000340)={0x0, 0x2, {0x1, 0x1, 0x4, 0x1, 0xabac}, 0x20}) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x0) r7 = socket$unix(0x1, 0x1, 0x0) bind$unix(r7, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) 0s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="21f2fe03000549703d5356daace8bd95024b41141bc3f7237f5ccad9a16e112dda18d9347164898908e9ed8ff46cccd2be5b67309b4d4ae13da19a54231984f4c165c400f67d3d6503a07894b87367149b565d791819ac", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = add_key$keyring(&(0x7f0000000400), &(0x7f0000000540)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8) r3 = epoll_create(0x40) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r4, &(0x7f0000000040)) add_key$fscrypt_v1(&(0x7f0000000280), &(0x7f00000002c0)={'fscrypt:', @desc1}, &(0x7f00000004c0)={0x0, "9b02e8311235f71f35c94c7ff8827b9f3d6a1e092fc6190618d9cd3b3d99ae2b93b4b37ebba53895d87b560a52e1bb1fa3e0e6077e2a12f0f2086fff9d1699db", 0x23}, 0x48, r2) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x10, 0x8, 0x3, 0xe733, {{0x9, 0x4, 0x1, 0x2, 0x24, 0x65, 0x0, 0x6, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0x41}, @rand_addr=0x64010102, {[@rr={0x7, 0xf, 0x2, [@loopback, @loopback, @broadcast]}]}}}}}) r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)={0x141802, 0x0, 0x4}, 0x18) getdents64(r6, &(0x7f0000000600)=""/40, 0x28) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000200)={'sit0\x00', &(0x7f00000001c0)={'syztnl0\x00', r5, 0x7, 0x80, 0x6c, 0x1, {{0x6, 0x4, 0x1, 0x3, 0x18, 0x67, 0x0, 0x45, 0x0, 0x0, @private=0xa010100, @multicast2, {[@ra={0x94, 0x4}]}}}}}) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.events\x00', 0x26e1, 0x0) close(r8) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x1a1282, 0x0) ioctl$TUNSETOFFLOAD(r8, 0xc004743e, 0x20001400) write$cgroup_pid(r8, 0x0, 0x7ffffffff000) kernel console output (not intermixed with test programs): 718906082.862:554): avc: denied { map } for pid=8825 comm="syz-executor.4" path="/dev/nullb0" dev="devtmpfs" ino=681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 499.040509][ T8830] loop4: detected capacity change from 0 to 256 [ 499.857826][ T4479] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 500.132545][ T4479] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 500.817529][ T4479] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 500.829389][ T4479] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 500.839468][ T4479] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 500.850546][ T4479] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 500.872728][ T8830] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 501.017865][ T8661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 501.037131][ T1054] bridge_slave_1: left allmulticast mode [ 501.072678][ T1054] bridge_slave_1: left promiscuous mode [ 501.092770][ T1054] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.128480][ T1054] bridge_slave_0: left allmulticast mode [ 501.139694][ T1054] bridge_slave_0: left promiscuous mode [ 501.145800][ T1054] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.938289][ T1054] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 501.957367][ T1054] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 501.970335][ T1054] bond0 (unregistering): Released all slaves [ 501.994574][ T8530] veth1_vlan: entered promiscuous mode [ 502.310288][ T29] audit: type=1400 audit(1718906086.442:555): avc: denied { ioctl } for pid=8838 comm="syz-executor.1" path="socket:[20597]" dev="sockfs" ino=20597 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 502.500526][ T8661] 8021q: adding VLAN 0 to HW filter on device team0 [ 502.835341][ T8425] bridge0: port 1(bridge_slave_0) entered blocking state [ 502.842668][ T8425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 502.923301][ T5111] Bluetooth: hci2: command tx timeout [ 503.044007][ T1054] hsr_slave_0: left promiscuous mode [ 503.064899][ T1054] hsr_slave_1: left promiscuous mode [ 503.093846][ T1054] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 503.101474][ T1054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 503.123339][ T1054] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 503.130824][ T1054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 503.222897][ T29] audit: type=1400 audit(1718906087.352:556): avc: denied { read } for pid=8843 comm="syz-executor.1" lport=43322 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 503.249153][ T1054] veth1_macvtap: left promiscuous mode [ 503.260748][ T1054] veth0_macvtap: left promiscuous mode [ 503.285887][ T1054] veth1_vlan: left promiscuous mode [ 503.291507][ T1054] veth0_vlan: left promiscuous mode [ 503.592209][ T4479] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 503.608023][ T4479] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 503.630326][ T4479] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 503.653213][ T4479] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 503.665705][ T4479] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 503.676542][ T4479] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 503.922011][ T8854] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 503.938001][ T8854] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 503.986214][ T8854] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 504.005371][ T29] audit: type=1400 audit(1718906088.142:557): avc: denied { ioctl } for pid=8853 comm="syz-executor.1" path="socket:[20359]" dev="sockfs" ino=20359 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 504.076180][ T29] audit: type=1400 audit(1718906088.212:558): avc: denied { getopt } for pid=8853 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 504.628632][ T1054] team0 (unregistering): Port device team_slave_1 removed [ 504.720449][ T1054] team0 (unregistering): Port device team_slave_0 removed [ 505.008874][ T4479] Bluetooth: hci2: command tx timeout [ 505.580624][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 505.587880][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 505.626625][ T8530] veth0_macvtap: entered promiscuous mode [ 505.730269][ T8530] veth1_macvtap: entered promiscuous mode [ 505.809822][ T4479] Bluetooth: hci3: command tx timeout [ 506.161842][ T8530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 506.185718][ T8530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 506.202078][ T8530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 506.214807][ T8530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 506.226994][ T8530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 506.237800][ T8530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 506.263628][ T8530] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 506.518144][ T8869] binder_alloc: 8867: binder_install_single_page failed to insert page at offset 0 with -14 [ 506.568430][ T8530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 506.588855][ T8530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 506.600358][ T8530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 506.619932][ T8530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 506.631201][ T8530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 506.642015][ T8530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 506.656660][ T8530] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 506.735031][ T8530] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 506.744008][ T8530] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 506.754245][ T8530] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 506.764409][ T8530] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 506.780081][ T8833] chnl_net:caif_netlink_parms(): no params data found [ 506.870980][ T8851] chnl_net:caif_netlink_parms(): no params data found [ 507.084730][ T4479] Bluetooth: hci2: command tx timeout [ 507.768462][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.785770][ T29] audit: type=1800 audit(1718906091.862:559): pid=8882 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="sda1" ino=1941 res=0 errno=0 [ 509.266470][ T5111] Bluetooth: hci2: command tx timeout [ 509.275331][ T4479] Bluetooth: hci3: command tx timeout [ 510.428787][ T8833] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.450818][ T8833] bridge0: port 1(bridge_slave_0) entered disabled state [ 510.475254][ T8833] bridge_slave_0: entered allmulticast mode [ 510.492926][ T8833] bridge_slave_0: entered promiscuous mode [ 510.566587][ T8833] bridge0: port 2(bridge_slave_1) entered blocking state [ 510.581987][ T8833] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.590217][ T8833] bridge_slave_1: entered allmulticast mode [ 510.599481][ T8833] bridge_slave_1: entered promiscuous mode [ 510.726180][ T8851] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.745761][ T8851] bridge0: port 1(bridge_slave_0) entered disabled state [ 510.766010][ T8851] bridge_slave_0: entered allmulticast mode [ 510.777225][ T8851] bridge_slave_0: entered promiscuous mode [ 510.879051][ T1054] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.900725][ T8898] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 510.977367][ T8833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 511.030539][ T8833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 511.040535][ T8898] loop1: detected capacity change from 0 to 256 [ 511.047865][ T8851] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.060884][ T8898] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ01777777777777777777777' [ 511.072965][ T8851] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.080473][ T8851] bridge_slave_1: entered allmulticast mode [ 511.101957][ T8851] bridge_slave_1: entered promiscuous mode [ 511.162267][ T1054] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.427557][ T1054] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.520167][ T8833] team0: Port device team_slave_0 added [ 511.688666][ T1054] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.742143][ T8833] team0: Port device team_slave_1 added [ 511.804916][ T8851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 511.824109][ T8851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 511.966691][ T8833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 511.990064][ T8833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.022752][ T8833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 512.052932][ T5111] Bluetooth: hci3: command tx timeout [ 512.152090][ T8833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 512.181770][ T8833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.238558][ T8833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 512.291311][ T8851] team0: Port device team_slave_0 added [ 512.306887][ T8851] team0: Port device team_slave_1 added [ 512.324900][ T8661] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 512.372004][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 512.403025][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 512.625543][ T8851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 512.633203][ T8851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.660067][ T8851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 512.689859][ T8851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 512.699509][ T8851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.729447][ T8851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 512.921233][ T8833] hsr_slave_0: entered promiscuous mode [ 512.957439][ T8833] hsr_slave_1: entered promiscuous mode [ 512.983358][ T8833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 512.991075][ T8833] Cannot create hsr debugfs directory [ 513.001767][ T8902] loop1: detected capacity change from 0 to 64 [ 513.026304][ T8902] hfs: creator requires a 4 character value [ 513.050571][ T8902] hfs: unable to parse mount options [ 513.441514][ T8851] hsr_slave_0: entered promiscuous mode [ 513.459410][ T8851] hsr_slave_1: entered promiscuous mode [ 513.471776][ T8851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 513.480993][ T8851] Cannot create hsr debugfs directory [ 513.793322][ T8902] loop1: detected capacity change from 0 to 32768 [ 513.870512][ T8904] I/O error, dev loop1, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 514.124342][ T5111] Bluetooth: hci3: command tx timeout [ 514.573174][ T1054] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 514.589258][ T1054] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 514.600945][ T1054] bond0 (unregistering): Released all slaves [ 514.758886][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 514.768630][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 516.744319][ T8661] veth0_vlan: entered promiscuous mode [ 516.859377][ T1054] hsr_slave_0: left promiscuous mode [ 516.867130][ T1054] hsr_slave_1: left promiscuous mode [ 516.875148][ T1054] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 516.883695][ T1054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 516.892311][ T1054] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 516.902754][ T1054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 516.967008][ T1054] veth1_macvtap: left promiscuous mode [ 516.980266][ T1054] veth0_macvtap: left promiscuous mode [ 516.987499][ T1054] veth1_vlan: left promiscuous mode [ 516.996364][ T1054] veth0_vlan: left promiscuous mode [ 518.404054][ T8936] loop1: detected capacity change from 0 to 2048 [ 518.456535][ T8936] EXT4-fs error (device loop1): ext4_orphan_get:1420: comm syz-executor.1: bad orphan inode 8192 [ 518.475040][ T8936] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 518.478009][ T1054] team0 (unregistering): Port device team_slave_1 removed [ 518.568683][ T8936] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 518.583615][ T1054] team0 (unregistering): Port device team_slave_0 removed [ 518.703019][ T29] audit: type=1400 audit(1718906102.832:560): avc: denied { getopt } for pid=8935 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 519.511248][ T8925] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 519.524424][ T8925] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 519.634898][ T8942] loop3: detected capacity change from 0 to 256 [ 519.677758][ T8661] veth1_vlan: entered promiscuous mode [ 519.731657][ T5105] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 520.160959][ T8661] veth0_macvtap: entered promiscuous mode [ 520.227453][ T29] audit: type=1400 audit(1718906104.362:561): avc: denied { write } for pid=8946 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 520.232839][ T8661] veth1_macvtap: entered promiscuous mode [ 520.401162][ T8661] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 520.430116][ T8942] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 520.432487][ T8661] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.471564][ T8942] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 520.493640][ T8661] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 520.499869][ T8942] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 520.524473][ T8661] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.542132][ T8661] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 520.548166][ T29] audit: type=1800 audit(1718906104.672:562): pid=8942 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz-executor.3" name="file1" dev="loop3" ino=1048699 res=0 errno=0 [ 520.560673][ T8661] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.598383][ T8661] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 520.978090][ T8661] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.019436][ T8661] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.050630][ T8661] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.070672][ T8661] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.082311][ T8661] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.093205][ T8661] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.107879][ T8661] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 521.673928][ T8661] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.694031][ T8661] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.703121][ T8661] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.713126][ T8661] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.235602][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 522.279387][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 522.503348][ T5294] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 522.511244][ T5294] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 522.642575][ T29] audit: type=1400 audit(1718906106.742:563): avc: denied { create } for pid=8965 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 522.689969][ T8833] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 522.752145][ T29] audit: type=1400 audit(1718906106.752:564): avc: denied { ioctl } for pid=8965 comm="syz-executor.1" path="socket:[21205]" dev="sockfs" ino=21205 ioctlcmd=0x8b2c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 522.825407][ T8833] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 522.940435][ T8833] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 523.574872][ T8833] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 524.128682][ T29] audit: type=1804 audit(1718906108.252:565): pid=8978 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir804174960/syzkaller.QJ96nJ/8/file0" dev="sda1" ino=1948 res=1 errno=0 [ 524.313239][ T8851] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 524.354705][ T8983] loop1: detected capacity change from 0 to 256 [ 524.366467][ T8851] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 524.442041][ T8851] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 524.469559][ T8851] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 525.148449][ T8833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 525.275673][ T29] audit: type=1400 audit(1718906109.412:566): avc: denied { append } for pid=8992 comm="syz-executor.2" name="userio" dev="devtmpfs" ino=830 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 525.884819][ T8983] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 525.921872][ T8983] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 525.956283][ T8983] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 525.979096][ T8833] 8021q: adding VLAN 0 to HW filter on device team0 [ 526.034214][ T29] audit: type=1800 audit(1718906110.162:567): pid=8983 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz-executor.1" name="file1" dev="loop1" ino=1048704 res=0 errno=0 [ 526.167119][ T8851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 526.205665][ T5160] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.212999][ T5160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 526.338528][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.345869][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 526.413233][ T8851] 8021q: adding VLAN 0 to HW filter on device team0 [ 526.477105][ T5160] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.484485][ T5160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 526.547785][ T8425] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.555150][ T8425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 526.847037][ T8] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 527.238244][ T29] audit: type=1804 audit(1718906111.252:568): pid=9005 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir4003971644/syzkaller.pQOuh1/283/file0" dev="sda1" ino=1953 res=1 errno=0 [ 527.308845][ T9004] fuse: Bad value for 'fd' [ 527.575545][ T8851] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 527.586372][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 527.660517][ T8] usb 4-1: config index 0 descriptor too short (expected 4114, got 18) [ 527.725046][ T8] usb 4-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=20.8a [ 527.773750][ T8] usb 4-1: New USB device strings: Mfr=25, Product=9, SerialNumber=2 [ 527.781939][ T8] usb 4-1: Product: syz [ 527.941748][ T8] usb 4-1: Manufacturer: syz [ 527.966221][ T9008] loop2: detected capacity change from 0 to 64 [ 527.981014][ T8] usb 4-1: SerialNumber: syz [ 528.014515][ T8] usb 4-1: config 0 descriptor?? [ 528.056309][ T8] gspca_main: STV06xx-2.14.0 probing 046d:08f6 [ 528.093663][ T8] gspca_stv06xx: st6422 sensor detected [ 528.145190][ T8904] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 528.392993][ T8] STV06xx 4-1:0.0: probe with driver STV06xx failed with error -71 [ 528.400303][ T9017] binder_alloc: 9016: binder_install_single_page failed to insert page at offset 0 with -14 [ 528.401679][ T8] usb 4-1: Found UVC 0.00 device syz (046d:08f6) [ 528.469724][ T8833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 528.481128][ T8] usb 4-1: No valid video chain found. [ 528.499358][ T8] usb 4-1: USB disconnect, device number 2 [ 528.724413][ T9025] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 528.770286][ T8851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 528.846707][ T8833] veth0_vlan: entered promiscuous mode [ 528.951625][ T8833] veth1_vlan: entered promiscuous mode [ 528.974085][ T9028] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 529.167988][ T8833] veth0_macvtap: entered promiscuous mode [ 529.227559][ T8833] veth1_macvtap: entered promiscuous mode [ 529.418287][ T8833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.472214][ T8833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.517504][ T8833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.562233][ T8833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.573450][ T8833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.584218][ T8833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.594890][ T8833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.606524][ T8833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.619567][ T8833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 529.647293][ T8833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 529.691108][ T8833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.722748][ T8833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 529.748062][ T8833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.761221][ T8833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 529.804886][ T8833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.836441][ T8833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 529.890393][ T8833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.955544][ T8833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 530.125725][ T9047] ptrace attach of "/root/syz-executor.3 exec"[8530] was attempted by ""[9047] [ 530.161817][ T9047] loop3: detected capacity change from 0 to 1024 [ 531.790426][ T8833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 532.236485][ T8833] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.745125][ T8833] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.769948][ T8833] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 534.738645][ T5643] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 534.817471][ T5643] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 535.816002][ T9057] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 535.870428][ T9068] loop2: detected capacity change from 0 to 256 [ 535.916559][ T9068] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 535.996025][ T6100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 536.022616][ T6100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 536.076558][ T9068] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 536.139491][ T8851] veth0_vlan: entered promiscuous mode [ 536.201816][ T8851] veth1_vlan: entered promiscuous mode [ 536.253019][ T29] audit: type=1400 audit(1718906120.342:569): avc: denied { shutdown } for pid=9071 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 536.595539][ T29] audit: type=1400 audit(1718906120.712:570): avc: denied { bind } for pid=9066 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 537.108186][ T29] audit: type=1400 audit(1718906121.222:571): avc: denied { ioctl } for pid=9069 comm="syz-executor.3" path="socket:[22797]" dev="sockfs" ino=22797 ioctlcmd=0x4944 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 537.344992][ T8851] veth0_macvtap: entered promiscuous mode [ 537.399759][ T8851] veth1_macvtap: entered promiscuous mode [ 537.540760][ T29] audit: type=1804 audit(1718906121.672:572): pid=9083 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3154692819/syzkaller.q63sxR/0/file0" dev="sda1" ino=1961 res=1 errno=0 [ 537.574435][ T8851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 537.601635][ T8851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.666307][ T8851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 537.712535][ T8851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.780643][ T8851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 537.822523][ T8851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.853058][ T8851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 537.879266][ T8851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.920026][ T8851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 537.937695][ T9083] loop0: detected capacity change from 0 to 2048 [ 537.952060][ T8851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.964121][ T9083] EXT4-fs: Ignoring removed nobh option [ 538.034508][ T8851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 538.096042][ T9083] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 538.222666][ T8851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.256150][ T8851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.271826][ T8851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.289825][ T8851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.300066][ T8851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.322139][ T8851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.358101][ T8851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.412700][ T8851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.434442][ T8851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 538.453593][ T8851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.472900][ T9090] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm ext4lazyinit: bg 0: block 2: invalid block bitmap [ 538.513311][ T8851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 538.552903][ T29] audit: type=1326 audit(1718906122.692:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9093 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6973a7cf29 code=0x0 [ 538.590324][ T8851] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.644346][ T8851] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.658907][ T8851] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.676198][ T8851] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.834817][ T8833] EXT4-fs error (device loop0): ext4_read_inline_dir:1559: inode #12: block 5: comm syz-executor.0: path /root/syzkaller-testdir3154692819/syzkaller.q63sxR/0/file1/file0/file0: bad entry in directory: directory entry overrun - offset=24, inode=13, rec_len=7952, size=80 fake=0 [ 538.881560][ T8833] EXT4-fs error (device loop0): ext4_read_inline_dir:1559: inode #12: block 5: comm syz-executor.0: path /root/syzkaller-testdir3154692819/syzkaller.q63sxR/0/file1/file0/file0: bad entry in directory: directory entry overrun - offset=24, inode=13, rec_len=7952, size=80 fake=0 [ 538.941568][ T9099] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 539.271452][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 539.315519][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 539.469116][ T8833] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 539.661332][ T5645] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 539.698980][ T5645] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 539.717862][ T9103] loop2: detected capacity change from 0 to 64 [ 539.861011][ T9103] hfs: keylen 9474 too large [ 539.867188][ T9103] hfs: inconsistency in B*Tree (1,0,1,0,3) [ 539.874087][ T9103] hfs: get root inode failed [ 539.963639][ T3929] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.233416][ T8425] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 540.374421][ T3929] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.473516][ T8425] usb 2-1: Using ep0 maxpacket: 8 [ 540.501745][ T8425] usb 2-1: unable to get BOS descriptor or descriptor too short [ 540.545702][ T8425] usb 2-1: config index 0 descriptor too short (expected 16914, got 18) [ 540.573426][ T29] audit: type=1400 audit(1718906124.712:574): avc: denied { getopt } for pid=9110 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 540.648527][ T8425] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 540.712483][ T8425] usb 2-1: config 0 has no interfaces? [ 540.744677][ T8425] usb 2-1: New USB device found, idVendor=0bb4, idProduct=0a9b, bcdDevice=30.9b [ 540.822969][ T8425] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.879321][ T3929] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.891571][ T8425] usb 2-1: Product: syz [ 540.904416][ T8425] usb 2-1: Manufacturer: syz [ 540.940015][ T8425] usb 2-1: SerialNumber: syz [ 541.027804][ T8425] usb 2-1: config 0 descriptor?? [ 541.182088][ T3929] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.313277][ T9115] loop4: detected capacity change from 0 to 4096 [ 541.340537][ T5157] usb 2-1: USB disconnect, device number 3 [ 541.381440][ T9115] ntfs3: loop4: Primary boot: start of MFT 0xffffffff (0xff) is out of volume 0x1ff. [ 541.447789][ T9115] ntfs3: loop4: try to read out of volume at offset 0x1ffe00 [ 542.084707][ T3929] bridge_slave_1: left allmulticast mode [ 542.090527][ T3929] bridge_slave_1: left promiscuous mode [ 542.130198][ T3929] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.253971][ T4479] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 542.303457][ T3929] bridge_slave_0: left allmulticast mode [ 542.312012][ T4479] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 542.323342][ T4479] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 542.332580][ T4479] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 542.340486][ T3929] bridge_slave_0: left promiscuous mode [ 542.364823][ T4479] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 542.374818][ T4479] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 542.382865][ T3929] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.401560][ T29] audit: type=1326 audit(1718906126.532:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9126 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa530e7cf29 code=0x0 [ 544.220941][ T3929] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 544.253309][ T3929] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 544.274522][ T3929] bond0 (unregistering): Released all slaves [ 544.285724][ T29] audit: type=1400 audit(1718906128.412:576): avc: denied { getopt } for pid=9152 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 544.352086][ T9139] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 544.523017][ T4479] Bluetooth: hci2: command tx timeout [ 544.638373][ T9159] loop2: detected capacity change from 0 to 64 [ 544.723720][ T9161] xt_limit: Overflow, try lower: 0/0 [ 544.879191][ T29] audit: type=1400 audit(1718906129.012:577): avc: denied { create } for pid=9154 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 545.287073][ T9170] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 545.316970][ T9173] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 545.384944][ T9174] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 545.402874][ T9174] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 545.429013][ T9174] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 545.914108][ T3929] hsr_slave_0: left promiscuous mode [ 545.984048][ T3929] hsr_slave_1: left promiscuous mode [ 546.004698][ T9180] cifs: Unknown parameter 'no'‘a£Nð[G¶zob,erèèµ;%j¸¼ [ 546.004698][ T9180] ‡üzæ,€@q¬Ú÷ôÐåéJ#³"ŽÚh/.W1ȱ¨nNCº"†CÙ׈¡E)Ð8+€î¶á÷™¿1®ðÚ<“™+`# ÷Ž¢k²–' [ 546.097509][ T3929] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 546.130817][ T3929] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 546.145103][ T3929] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 546.155263][ T3929] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 546.233191][ T3929] veth1_macvtap: left promiscuous mode [ 546.268726][ T3929] veth0_macvtap: left promiscuous mode [ 546.294242][ T3929] veth1_vlan: left promiscuous mode [ 546.308489][ T3929] veth0_vlan: left promiscuous mode [ 546.604290][ T4479] Bluetooth: hci2: command tx timeout [ 547.295971][ T29] audit: type=1804 audit(1718906131.432:578): pid=9206 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir4003971644/syzkaller.pQOuh1/304/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0 [ 547.741119][ T9209] loop3: detected capacity change from 0 to 4096 [ 547.776290][ T9209] ntfs3: loop3: Primary boot: start of MFT 0xffffffff (0xff) is out of volume 0x1ff. [ 547.799311][ T9209] ntfs3: loop3: try to read out of volume at offset 0x1ffe00 [ 548.150063][ T29] audit: type=1326 audit(1718906132.282:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9212 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f833767cf29 code=0x0 [ 548.408734][ T3929] team0 (unregistering): Port device team_slave_1 removed [ 548.513150][ T3929] team0 (unregistering): Port device team_slave_0 removed [ 548.682805][ T4479] Bluetooth: hci2: command tx timeout [ 549.377745][ T9219] loop3: detected capacity change from 0 to 1024 [ 549.557731][ T9219] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 549.928544][ T29] audit: type=1400 audit(1718906133.802:580): avc: denied { create } for pid=9216 comm="syz-executor.3" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:iso9660_t tclass=chr_file permissive=1 [ 550.614281][ T9222] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 550.764024][ T4479] Bluetooth: hci2: command tx timeout [ 551.977347][ T9234] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 552.147185][ T9128] chnl_net:caif_netlink_parms(): no params data found [ 552.163181][ T9237] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 552.268762][ T9237] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 552.297707][ T9237] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 552.326026][ T9237] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 552.806049][ T29] audit: type=1800 audit(1718906136.862:581): pid=9249 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="sda1" ino=1949 res=0 errno=0 [ 554.812514][ T29] audit: type=1804 audit(1718906138.942:582): pid=9243 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir804174960/syzkaller.QJ96nJ/30/cgroup.controllers" dev="sda1" ino=1958 res=1 errno=0 [ 554.976406][ T9128] bridge0: port 1(bridge_slave_0) entered blocking state [ 555.012747][ T9128] bridge0: port 1(bridge_slave_0) entered disabled state [ 555.043400][ T9128] bridge_slave_0: entered allmulticast mode [ 555.051854][ T9128] bridge_slave_0: entered promiscuous mode [ 555.102914][ T9128] bridge0: port 2(bridge_slave_1) entered blocking state [ 555.149602][ T9128] bridge0: port 2(bridge_slave_1) entered disabled state [ 555.183078][ T9128] bridge_slave_1: entered allmulticast mode [ 555.251296][ T9128] bridge_slave_1: entered promiscuous mode [ 555.262813][ T9260] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 555.451980][ T9260] loop2: detected capacity change from 0 to 256 [ 555.514028][ T9260] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ01777777777777777777777' [ 555.625204][ T9128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 555.727079][ T9128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 556.146833][ T9128] team0: Port device team_slave_0 added [ 556.195084][ T9128] team0: Port device team_slave_1 added [ 556.457741][ T9277] IPv4: Oversized IP packet from 172.20.20.24 [ 556.469565][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 556.477840][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 556.496329][ T9128] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 556.555876][ T9128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 556.659699][ T9128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 556.711242][ T9128] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 556.727188][ T9128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 556.822657][ T9128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 557.204593][ T29] audit: type=1800 audit(1718906141.312:583): pid=9289 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="sda1" ino=1962 res=0 errno=0 [ 560.575738][ T9128] hsr_slave_0: entered promiscuous mode [ 560.618077][ T9128] hsr_slave_1: entered promiscuous mode [ 560.645445][ T9128] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 560.681105][ T9128] Cannot create hsr debugfs directory [ 560.726303][ T51] bridge_slave_1: left allmulticast mode [ 560.770106][ T51] bridge_slave_1: left promiscuous mode [ 560.824733][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.868713][ T51] bridge_slave_0: left allmulticast mode [ 560.886511][ T51] bridge_slave_0: left promiscuous mode [ 560.892481][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.693572][ T9309] loop1: detected capacity change from 0 to 2048 [ 561.983165][ T29] audit: type=1400 audit(1718906146.112:584): avc: denied { block_suspend } for pid=9313 comm="syz-executor.3" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 562.100759][ T9314] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 562.279575][ T51] ip6gretap0 (unregistering): left allmulticast mode [ 562.348782][ T29] audit: type=1400 audit(1718906146.482:585): avc: denied { write } for pid=9307 comm="syz-executor.1" name="file2" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 562.437884][ T9309] NILFS (loop1): error -2 truncating bmap (ino=16) [ 562.447041][ T29] audit: type=1400 audit(1718906146.542:586): avc: denied { open } for pid=9307 comm="syz-executor.1" name="file2" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 562.521012][ T9314] NILFS (loop1): vblocknr = 15 has abnormal lifetime: start cno (= 4128770) > current cno (= 3) [ 562.558742][ T9314] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=16) [ 562.579503][ T9314] Remounting filesystem read-only [ 562.664758][ T5105] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 562.682203][ T5105] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 562.690366][ T5105] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 562.698629][ T5105] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 562.725568][ T5105] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 562.746656][ T5105] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 562.777247][ T5105] NILFS (loop1): discard dirty page: offset=0, ino=5 [ 562.798034][ T5105] NILFS (loop1): discard dirty block: blocknr=41, size=1024 [ 562.842642][ T5105] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 562.871263][ T5105] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 562.906628][ T5105] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 562.950713][ T5105] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 563.000577][ T5105] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 563.038030][ T5105] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 563.047212][ T5105] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 563.058800][ T5105] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 564.582579][ T29] audit: type=1800 audit(1718906147.702:587): pid=9331 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="sda1" ino=1939 res=0 errno=0 [ 564.931793][ T9337] loop1: detected capacity change from 0 to 256 [ 565.073925][ T785] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 565.167370][ T9342] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 565.266309][ T9336] kvm: emulating exchange as write [ 565.282661][ T785] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 565.302078][ T785] usb 4-1: language id specifier not provided by device, defaulting to English [ 565.323732][ T9342] loop2: detected capacity change from 0 to 256 [ 565.350258][ T785] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.40 [ 565.359736][ T785] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.368331][ T785] usb 4-1: Product: syz [ 565.394509][ T9342] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ01777777777777777777777' [ 565.398371][ T785] usb 4-1: Manufacturer: é°ï»¥å‚–ᅅ㞴岼먊ߧᚨ筨鴴ã®î¡ˆë ƒèˆŠé™Œç¬Ù¶å¯¥æ·´é§–켧ἲ㯩譅㯂֫凑ᶜ鎣䟒ᣇ邛྽ⰨꢅŦꂙ섾倞ࡢᅗ힋䒺⿰挱 [ 565.452847][ T785] usb 4-1: SerialNumber: syz [ 565.552238][ T785] usbhid 4-1:1.0: couldn't find an input interrupt endpoint [ 565.747260][ T9335] loop3: detected capacity change from 0 to 512 [ 565.836989][ T9335] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 565.924314][ T9335] ext4 filesystem being mounted at /root/syzkaller-testdir804174960/syzkaller.QJ96nJ/39/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 567.470520][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 567.511646][ T5157] usb 4-1: USB disconnect, device number 3 [ 567.571305][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 567.628766][ T51] bond0 (unregistering): Released all slaves [ 568.128836][ T8530] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 568.781818][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.791604][ T29] audit: type=1400 audit(1718906153.922:588): avc: denied { mount } for pid=9365 comm="syz-executor.4" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 570.058748][ T29] audit: type=1400 audit(1718906154.192:589): avc: denied { unmount } for pid=8851 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 570.226268][ T51] hsr_slave_0: left promiscuous mode [ 570.260840][ T51] hsr_slave_1: left promiscuous mode [ 570.285310][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 570.319209][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 570.364684][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 570.383231][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 570.550612][ T51] veth1_macvtap: left promiscuous mode [ 570.578926][ T51] veth0_macvtap: left promiscuous mode [ 570.599628][ T51] veth1_vlan: left promiscuous mode [ 570.618285][ T51] veth0_vlan: left promiscuous mode [ 571.210221][ T29] audit: type=1400 audit(1718906155.342:590): avc: denied { write } for pid=9385 comm="syz-executor.2" name="nullb0" dev="devtmpfs" ino=681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 571.972022][ T29] audit: type=1800 audit(1718906155.352:591): pid=9387 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1961 res=0 errno=0 [ 572.072976][ T9395] ubi1: attaching mtd0 [ 572.584246][ T29] audit: type=1400 audit(1718906156.212:592): avc: denied { ioctl } for pid=9385 comm="syz-executor.2" path="/dev/nullb0" dev="devtmpfs" ino=681 ioctlcmd=0x125f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 575.098259][ T9408] loop2: detected capacity change from 0 to 1024 [ 575.227443][ T29] audit: type=1400 audit(1718906159.362:593): avc: denied { append } for pid=9406 comm="syz-executor.2" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 575.407017][ T29] audit: type=1400 audit(1718906159.532:594): avc: denied { create } for pid=9406 comm="syz-executor.2" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:dosfs_t tclass=chr_file permissive=1 [ 575.828446][ T29] audit: type=1400 audit(1718906159.962:595): avc: denied { write } for pid=9421 comm="syz-executor.4" name="ppp" dev="devtmpfs" ino=694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 575.960034][ T51] team0 (unregistering): Port device virt_wifi0 removed [ 576.038148][ T9424] loop2: detected capacity change from 0 to 1764 [ 577.540630][ T51] team0 (unregistering): Port device team_slave_1 removed [ 577.801973][ T51] team0 (unregistering): Port device team_slave_0 removed [ 578.940438][ T29] audit: type=1400 audit(1718906163.062:596): avc: denied { mounton } for pid=9444 comm="syz-executor.4" path="/root/syzkaller-testdir4200009235/syzkaller.bUgWVe/28/file1/file0" dev="autofs" ino=24774 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 579.080962][ T9447] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 580.472570][ T9414] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 581.386396][ T9466] input: syz0 as /devices/virtual/input/input15 [ 581.408027][ T9465] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 582.866452][ T29] audit: type=1400 audit(1718906167.002:597): avc: denied { setopt } for pid=9479 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 583.140381][ T9487] loop2: detected capacity change from 0 to 1024 [ 583.145549][ T9128] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 583.199325][ T9128] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 583.245066][ T9128] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 583.282353][ T9128] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 583.755330][ T9128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 583.891464][ T9128] 8021q: adding VLAN 0 to HW filter on device team0 [ 584.114836][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 584.122110][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 584.227905][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state [ 584.235241][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 584.606143][ T9507] loop1: detected capacity change from 0 to 64 [ 584.816457][ T29] audit: type=1400 audit(1718906168.952:598): avc: denied { ioctl } for pid=9506 comm="syz-executor.1" path="/root/syzkaller-testdir4003971644/syzkaller.pQOuh1/335/file0/file0" dev="loop1" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 584.907627][ T29] audit: type=1400 audit(1718906168.952:599): avc: denied { read } for pid=9506 comm="syz-executor.1" path="/root/syzkaller-testdir4003971644/syzkaller.pQOuh1/335/file0/file0" dev="loop1" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 584.986637][ T9510] loop3: detected capacity change from 0 to 2048 [ 585.002733][ T29] audit: type=1400 audit(1718906169.032:600): avc: denied { append } for pid=9506 comm="syz-executor.1" path="/root/syzkaller-testdir4003971644/syzkaller.pQOuh1/335/file0/cpu.stat" dev="loop1" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 585.084258][ T9510] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 585.123044][ T29] audit: type=1400 audit(1718906169.082:601): avc: denied { map } for pid=9506 comm="syz-executor.1" path="/root/syzkaller-testdir4003971644/syzkaller.pQOuh1/335/file0/cpu.stat" dev="loop1" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 585.285320][ T29] audit: type=1400 audit(1718906169.082:602): avc: denied { execute } for pid=9506 comm="syz-executor.1" path="/root/syzkaller-testdir4003971644/syzkaller.pQOuh1/335/file0/cpu.stat" dev="loop1" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 586.729489][ T9128] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 586.894352][ T9530] loop1: detected capacity change from 0 to 1024 [ 587.094591][ T9128] veth0_vlan: entered promiscuous mode [ 587.216895][ T9128] veth1_vlan: entered promiscuous mode [ 588.626779][ T9546] syz-executor.3[9546] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 588.627031][ T9546] syz-executor.3[9546] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 588.669285][ T9128] veth0_macvtap: entered promiscuous mode [ 588.758140][ T9128] veth1_macvtap: entered promiscuous mode [ 588.920703][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 588.960078][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.011478][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 589.029945][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.092106][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 589.142450][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.152350][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 589.185139][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.227068][ T9128] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 589.341680][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.367069][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.377698][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.414005][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.444608][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.474405][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.506565][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.539617][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.559477][ T9128] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 589.600553][ T9558] tipc: Started in network mode [ 589.622662][ T9558] tipc: Node identity 7273969f95de, cluster identity 4711 [ 589.650947][ T9558] tipc: Enabled bearer , priority 0 [ 589.827187][ T9568] loop3: detected capacity change from 0 to 16 [ 589.948046][ T9568] erofs: (device loop3): mounted with root inode @ nid 36. [ 589.990644][ T9559] tipc: Resetting bearer [ 590.149669][ T29] audit: type=1400 audit(1718906174.282:603): avc: denied { module_load } for pid=9567 comm="syz-executor.3" path="/root/syzkaller-testdir804174960/syzkaller.QJ96nJ/52/file0/file1" dev="loop3" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=system permissive=1 [ 590.149830][ T9568] Invalid ELF header len 10 [ 590.439390][ T5157] tipc: Resetting bearer [ 590.550970][ T9557] tipc: Resetting bearer [ 590.694318][ T5157] tipc: Node number set to 3886913183 [ 591.380063][ T9580] binder: 9579:9580 ioctl ae41 0 returned -22 [ 592.044273][ T9583] hub 9-0:1.0: USB hub found [ 592.052825][ T9583] hub 9-0:1.0: 8 ports detected [ 593.814609][ T9597] fuse: Bad value for 'fd' [ 593.904605][ T9598] binder: 9596:9598 unknown command 0 [ 593.942682][ T9598] binder: 9596:9598 ioctl c0306201 20000640 returned -22 [ 594.406950][ T9604] syz-executor.3[9604] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 594.407196][ T9604] syz-executor.3[9604] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 594.872201][ T9612] gadgetfs: Unknown parameter 'acl' [ 594.994471][ T9612] loop1: detected capacity change from 0 to 16 [ 595.094411][ T9612] erofs: (device loop1): mounted with root inode @ nid 36. [ 595.246315][ T9612] syz-executor.1: attempt to access beyond end of device [ 595.246315][ T9612] loop1: rw=0, sector=3489784, nr_sectors = 8 limit=16 [ 595.359346][ T9612] syz-executor.1: attempt to access beyond end of device [ 595.359346][ T9612] loop1: rw=0, sector=3489784, nr_sectors = 8 limit=16 [ 596.362570][ T5111] Bluetooth: hci4: command 0x0406 tx timeout [ 597.887729][ T9557] tipc: Disabling bearer [ 597.926522][ T9128] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 597.936755][ T9128] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 597.946199][ T9128] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 597.962857][ T9128] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 597.994317][ T9600] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 598.260658][ T9615] loop2: detected capacity change from 0 to 64 [ 598.615537][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 598.656873][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 598.875839][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 598.897756][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 599.341055][ T9631] ptrace attach of "/root/syz-executor.4 exec"[8851] was attempted by ""[9631] [ 601.600000][ T9628] Process accounting resumed [ 601.624122][ T9637] loop2: detected capacity change from 0 to 64 [ 601.924862][ T9649] syz-executor.0[9649] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 601.925119][ T9649] syz-executor.0[9649] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 601.966990][ T9643] loop1: detected capacity change from 0 to 2048 [ 602.033618][ T8661] hfs: request for non-existent node 131072 in B*Tree [ 602.079832][ T9643] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 602.336122][ T9657] loop3: detected capacity change from 0 to 64 [ 602.520914][ T5105] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 603.029073][ T9665] loop3: detected capacity change from 0 to 256 [ 603.112526][ T29] audit: type=1400 audit(1718906187.242:604): avc: denied { create } for pid=9662 comm="syz-executor.3" name="file4" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 604.076956][ T9663] loop1: detected capacity change from 0 to 32768 [ 604.314446][ T9663] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 604.415007][ T9669] loop0: detected capacity change from 0 to 8192 [ 604.589237][ T9687] xt_CONNSECMARK: invalid mode: 0 [ 604.692267][ T9669] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 604.844962][ T9669] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 604.895484][ T9669] loop0: p2 p3 p4 [ 604.921580][ T9669] loop0: partition table partially beyond EOD, truncated [ 604.969588][ T9669] loop0: p2 start 452985600 is beyond EOD, truncated [ 605.024171][ T9663] XFS (loop1): Ending clean mount [ 605.032213][ T9669] loop0: p3 size 33554432 extends beyond EOD, truncated [ 605.039745][ T5157] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 605.080964][ T9669] loop0: p4 start 8388607 is beyond EOD, truncated [ 605.152232][ T4535] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 605.171977][ T5105] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 605.189770][ T4535] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 605.203612][ T4535] loop0: p2 p3 p4 [ 605.207428][ T4535] loop0: partition table partially beyond EOD, truncated [ 605.225718][ T4535] loop0: p2 start 452985600 is beyond EOD, truncated [ 605.236742][ T4535] loop0: p3 size 33554432 extends beyond EOD, truncated [ 605.253004][ T4535] loop0: p4 start 8388607 is beyond EOD, truncated [ 605.283108][ T5157] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 605.316627][ T5157] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 605.346030][ T5157] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 605.362455][ T5157] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.387288][ T9688] Process accounting resumed [ 605.457447][ T5157] usb 4-1: config 0 descriptor?? [ 605.485755][ T5157] hub 4-1:0.0: USB hub found [ 605.690936][ T5157] hub 4-1:0.0: 1 port detected [ 606.080542][ T9680] loop2: detected capacity change from 0 to 32768 [ 606.124625][ T5157] usb 4-1: USB disconnect, device number 4 [ 606.331272][ T9698] read_mapping_page failed! [ 606.394809][ T9698] bread failed! [ 606.398456][ T9698] jfs_create: dtInsert returned -EIO [ 606.419679][ T9698] ERROR: (device loop2): txAbort: [ 606.419679][ T9698] [ 606.431195][ T9698] ERROR: (device loop2): remounting filesystem as read-only [ 606.467244][ T9680] ERROR: (device loop2): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 [ 606.467244][ T9680] [ 606.483611][ T9703] loop0: detected capacity change from 0 to 64 [ 606.518601][ T9680] ERROR: (device loop2): __get_metapage: using a discarded metapage [ 606.518601][ T9680] [ 606.768927][ T9710] loop1: detected capacity change from 0 to 64 [ 606.841705][ T9712] loop3: detected capacity change from 0 to 128 [ 606.915977][ T9712] befs: (loop3): invalid magic header [ 607.057878][ T5105] hfs: request for non-existent node 131072 in B*Tree [ 608.215159][ T9726] xt_CONNSECMARK: invalid mode: 0 [ 608.895625][ T9719] Process accounting resumed [ 609.306931][ T9716] loop0: detected capacity change from 0 to 32768 [ 609.409323][ T9716] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 609.879979][ T9716] XFS (loop0): Ending clean mount [ 610.022614][ T9128] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 610.028204][ T9750] loop1: detected capacity change from 0 to 256 [ 610.073725][ T9750] FAT-fs (loop1): Directory bread(block 1285) failed [ 610.108121][ T5072] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 610.327456][ T5072] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 610.351788][ T5072] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 610.389517][ T5072] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 610.431264][ T5072] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.466821][ T5072] usb 4-1: config 0 descriptor?? [ 610.502056][ T5072] hub 4-1:0.0: USB hub found [ 610.614444][ T29] audit: type=1400 audit(1718906194.752:605): avc: denied { ioctl } for pid=9755 comm="syz-executor.1" path="socket:[26115]" dev="sockfs" ino=26115 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 610.757294][ T5072] hub 4-1:0.0: 1 port detected [ 611.194033][ T5072] usb 4-1: USB disconnect, device number 5 [ 611.722617][ T5111] Bluetooth: hci1: command 0x0406 tx timeout [ 612.721377][ T9773] loop1: detected capacity change from 0 to 128 [ 612.831254][ T9773] befs: (loop1): invalid magic header [ 612.910496][ T9020] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 613.387108][ T9784] loop1: detected capacity change from 0 to 256 [ 613.409317][ T9788] loop0: detected capacity change from 0 to 256 [ 613.473130][ T9788] FAT-fs (loop0): Directory bread(block 1285) failed [ 613.506714][ T9776] loop3: detected capacity change from 0 to 8192 [ 613.724153][ T9790] xt_CONNSECMARK: invalid mode: 0 [ 614.089466][ T9776] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 614.168565][ T9776] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 614.202580][ T9776] loop3: p2 p3 p4 [ 614.235016][ T9776] loop3: partition table partially beyond EOD, truncated [ 614.259902][ T9776] loop3: p2 start 452985600 is beyond EOD, truncated [ 614.302851][ T9776] loop3: p3 size 33554432 extends beyond EOD, truncated [ 614.312597][ T9776] loop3: p4 start 8388607 is beyond EOD, truncated [ 615.082082][ T9793] input: syz1 as /devices/virtual/input/input16 [ 615.435924][ T5160] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 615.660715][ T5160] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 615.679793][ T9812] loop0: detected capacity change from 0 to 128 [ 615.697749][ T9814] loop1: detected capacity change from 0 to 256 [ 615.708398][ T5160] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 615.740214][ T9812] befs: (loop0): invalid magic header [ 615.755335][ T5160] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 615.757780][ T9814] FAT-fs (loop1): Directory bread(block 1285) failed [ 615.775023][ T5160] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 615.803638][ T5160] usb 4-1: config 0 descriptor?? [ 615.835083][ T5160] hub 4-1:0.0: USB hub found [ 616.087725][ T5160] hub 4-1:0.0: 1 port detected [ 616.155761][ T9816] loop0: detected capacity change from 0 to 256 [ 616.703849][ T5160] usb 4-1: USB disconnect, device number 6 [ 616.939711][ T9828] xt_CONNSECMARK: invalid mode: 0 [ 618.742048][ T9838] input: syz1 as /devices/virtual/input/input17 [ 618.820333][ T9846] loop1: detected capacity change from 0 to 128 [ 618.851698][ T9846] befs: (loop1): invalid magic header [ 619.099163][ T9839] Process accounting resumed [ 619.638758][ T9856] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 619.922527][ T8425] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 620.006514][ T9860] loop3: detected capacity change from 0 to 8192 [ 620.049292][ T9860] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 620.074341][ T9860] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 620.091942][ T9860] loop3: p2 p3 p4 [ 620.101479][ T9860] loop3: partition table partially beyond EOD, truncated [ 620.127693][ T9860] loop3: p2 start 452985600 is beyond EOD, truncated [ 620.135155][ T9860] loop3: p3 size 33554432 extends beyond EOD, truncated [ 620.157212][ T9860] loop3: p4 start 8388607 is beyond EOD, truncated [ 620.170073][ T29] audit: type=1804 audit(1718906204.302:606): pid=9844 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4200009235/syzkaller.bUgWVe/66/bus" dev="sda1" ino=1976 res=1 errno=0 [ 620.443316][ T8425] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 620.462564][ T8425] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 620.482475][ T8425] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 620.491601][ T8425] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 620.513951][ T8425] usb 2-1: config 0 descriptor?? [ 620.580445][ T9862] xt_CONNSECMARK: invalid mode: 0 [ 620.770220][ T9850] loop0: detected capacity change from 0 to 32768 [ 621.077004][ T8425] hub 2-1:0.0: USB hub found [ 621.089800][ T9850] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 621.337633][ T8425] hub 2-1:0.0: 1 port detected [ 621.676448][ T9850] XFS (loop0): Ending clean mount [ 621.765482][ T9880] loop3: detected capacity change from 0 to 2048 [ 621.831709][ T8425] usb 2-1: USB disconnect, device number 4 [ 621.862926][ T9881] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 621.907581][ T9128] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 621.934004][ T9880] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 622.977484][ T9893] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 623.412899][ T9884] Process accounting resumed [ 623.575460][ T9895] input: syz1 as /devices/virtual/input/input18 [ 623.687918][ T29] audit: type=1400 audit(1718906207.822:607): avc: denied { read } for pid=9903 comm="syz-executor.3" laddr=fe80::11 lport=8 faddr=ff01::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 623.941546][ T9907] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 624.037593][ T9907] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.4'. [ 624.056465][ T29] audit: type=1800 audit(1718906208.182:608): pid=9909 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1972 res=0 errno=0 [ 624.107784][ T9907] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 624.142736][ T29] audit: type=1800 audit(1718906208.242:609): pid=9909 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1972 res=0 errno=0 [ 624.165219][ T9907] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.4'. [ 624.222650][ T29] audit: type=1400 audit(1718906208.352:610): avc: denied { bind } for pid=9908 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 624.252888][ T29] audit: type=1400 audit(1718906208.362:611): avc: denied { getopt } for pid=9908 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 624.346003][ T29] audit: type=1400 audit(1718906208.472:612): avc: denied { getopt } for pid=9908 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 624.686025][ T9917] loop3: detected capacity change from 0 to 64 [ 625.381488][ T9906] loop1: detected capacity change from 0 to 32768 [ 625.455092][ T9906] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 625.515224][ T29] audit: type=1800 audit(1718906209.652:613): pid=9940 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="sda1" ino=1964 res=0 errno=0 [ 625.566512][ T29] audit: type=1804 audit(1718906209.672:614): pid=9940 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir804174960/syzkaller.QJ96nJ/84/file1" dev="sda1" ino=1964 res=1 errno=0 [ 625.826624][ T9906] XFS (loop1): Ending clean mount [ 626.050955][ T9947] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 626.125546][ T5105] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 626.862896][ T9954] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 626.872269][ T9954] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.4'. [ 626.904052][ T9954] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 626.912195][ T9954] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.4'. [ 626.980949][ T29] audit: type=1800 audit(1718906211.112:615): pid=9956 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1967 res=0 errno=0 [ 627.023850][ T29] audit: type=1800 audit(1718906211.162:616): pid=9956 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1967 res=0 errno=0 [ 627.083451][ T4479] Bluetooth: hci3: command 0x0406 tx timeout [ 630.131654][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 631.600309][ T9971] loop0: detected capacity change from 0 to 512 [ 631.728549][ T9971] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 631.780692][ C1] Unknown status report in ack skb [ 633.213712][ T9989] Process accounting resumed [ 633.408674][ T29] audit: type=1400 audit(1718906217.532:617): avc: denied { remount } for pid=10002 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 635.308681][T10056] loop0: detected capacity change from 0 to 64 [ 635.591812][ T4479] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 635.621026][ T4479] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 635.630988][ T4479] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 635.646969][ T4479] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 635.664763][ T4479] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 635.673142][ T4479] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 636.603192][T10068] loop3: detected capacity change from 0 to 32768 [ 636.912303][T10068] read_mapping_page failed! [ 636.936205][T10068] bread failed! [ 636.951340][T10068] jfs_create: dtInsert returned -EIO [ 636.972453][T10068] ERROR: (device loop3): txAbort: [ 636.972453][T10068] [ 636.997035][T10068] ERROR: (device loop3): remounting filesystem as read-only [ 637.047295][T10062] chnl_net:caif_netlink_parms(): no params data found [ 637.056689][T10099] ERROR: (device loop3): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 [ 637.056689][T10099] [ 637.097010][T10099] ERROR: (device loop3): __get_metapage: using a discarded metapage [ 637.097010][T10099] [ 637.306717][T10103] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 637.638300][T10062] bridge0: port 1(bridge_slave_0) entered blocking state [ 637.666630][T10062] bridge0: port 1(bridge_slave_0) entered disabled state [ 637.692990][T10062] bridge_slave_0: entered allmulticast mode [ 637.731355][T10062] bridge_slave_0: entered promiscuous mode [ 637.733009][ T4479] Bluetooth: hci5: command tx timeout [ 637.784343][T10062] bridge0: port 2(bridge_slave_1) entered blocking state [ 637.832175][T10062] bridge0: port 2(bridge_slave_1) entered disabled state [ 637.876837][T10062] bridge_slave_1: entered allmulticast mode [ 637.916893][T10062] bridge_slave_1: entered promiscuous mode [ 637.948562][T10127] loop1: detected capacity change from 0 to 512 [ 638.016437][T10127] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 638.044161][T10127] EXT4-fs (loop1): orphan cleanup on readonly fs [ 638.047789][ T29] audit: type=1400 audit(1718906222.182:618): avc: denied { ioctl } for pid=10128 comm="syz-executor.0" path="/dev/vhost-net" dev="devtmpfs" ino=1084 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 638.103622][T10127] Quota error (device loop1): v2_read_file_info: Block with free entry 32513 out of range (1, 6). [ 638.124359][T10127] EXT4-fs warning (device loop1): ext4_enable_quotas:7074: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 638.191103][T10062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 638.192659][T10127] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 638.214056][ T29] audit: type=1800 audit(1718906222.202:619): pid=10132 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1970 res=0 errno=0 [ 638.221988][T10062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 638.258352][T10127] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #16: comm syz-executor.1: casefold flag without casefold feature [ 638.281978][T10127] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz-executor.1: couldn't read orphan inode 16 (err -117) [ 638.302702][T10127] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 638.402565][T10127] TCP segment has incorrect auth options set for [fe80::bb].0->[ff02::1].20002 [FSP.] [ 638.455113][ T29] audit: type=1400 audit(1718906222.582:620): avc: denied { view } for pid=10128 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 638.477667][T10062] team0: Port device team_slave_0 added [ 638.477964][ T5105] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 638.519285][T10062] team0: Port device team_slave_1 added [ 638.739862][T10062] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 638.769210][T10062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.815643][T10062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 638.868219][T10062] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 638.877561][T10062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.922897][T10062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 639.225943][T10157] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 639.326989][T10062] hsr_slave_0: entered promiscuous mode [ 639.360419][T10062] hsr_slave_1: entered promiscuous mode [ 639.418949][T10062] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 639.442455][T10062] Cannot create hsr debugfs directory [ 639.802710][ T4479] Bluetooth: hci5: command tx timeout [ 640.129015][T10062] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.190404][T10170] netlink: 'syz-executor.0': attribute type 5 has an invalid length. [ 640.252237][T10173] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 640.272074][T10173] netlink: 'syz-executor.4': attribute type 30 has an invalid length. [ 640.421933][T10062] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.599845][T10062] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.803024][T10062] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.967039][T10185] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 641.412981][T10195] loop1: detected capacity change from 0 to 256 [ 641.471124][T10062] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 641.499402][T10062] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 641.549560][T10062] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 641.571451][T10062] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 641.888560][ T4479] Bluetooth: hci5: command tx timeout [ 642.120950][T10062] 8021q: adding VLAN 0 to HW filter on device bond0 [ 642.252565][T10062] 8021q: adding VLAN 0 to HW filter on device team0 [ 642.359784][ T8425] bridge0: port 1(bridge_slave_0) entered blocking state [ 642.367151][ T8425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 642.462656][ T8425] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.469884][ T8425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 642.693029][T10215] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 642.778202][T10062] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 642.902968][T10218] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 642.988390][T10218] netlink: 'syz-executor.1': attribute type 30 has an invalid length. [ 643.317254][T10226] loop0: detected capacity change from 0 to 2048 [ 643.355446][T10226] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 643.430063][T10229] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 643.441547][T10226] syz-executor.0: attempt to access beyond end of device [ 643.441547][T10226] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 643.534221][T10062] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 643.740102][T10062] veth0_vlan: entered promiscuous mode [ 643.813581][T10062] veth1_vlan: entered promiscuous mode [ 643.923802][ T29] audit: type=1800 audit(1718906228.062:621): pid=10235 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1955 res=0 errno=0 [ 643.949887][T10062] veth0_macvtap: entered promiscuous mode [ 643.974208][ T4479] Bluetooth: hci5: command tx timeout [ 644.004837][T10062] veth1_macvtap: entered promiscuous mode [ 644.036036][ T29] audit: type=1800 audit(1718906228.132:622): pid=10235 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1955 res=0 errno=0 [ 644.116543][ T29] audit: type=1400 audit(1718906228.222:623): avc: denied { write } for pid=10236 comm="syz-executor.4" name="/" dev="configfs" ino=1213 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 644.497484][T10062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 644.973754][T10062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.168765][T10062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 645.307227][T10062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.398960][T10062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 645.417081][T10062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.442087][T10062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 645.464543][T10062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.482976][T10062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 645.545150][ T29] audit: type=1400 audit(1718906229.672:624): avc: denied { write } for pid=10247 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 645.564988][T10062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.567983][T10062] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 645.648926][T10062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 645.683570][T10062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.770187][T10062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 645.803065][T10062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.825549][T10062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 645.852547][T10062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.882805][T10062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 645.908364][T10062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.942557][T10062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 645.960582][T10062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 646.034869][T10062] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 646.064892][T10252] bridge0: port 3(team0) entered blocking state [ 646.071523][T10252] bridge0: port 3(team0) entered disabled state [ 646.092926][T10252] team0: entered allmulticast mode [ 646.098133][T10252] team_slave_0: entered allmulticast mode [ 646.114639][T10252] team_slave_1: entered allmulticast mode [ 646.146930][T10252] team0: entered promiscuous mode [ 646.165091][T10252] team_slave_0: entered promiscuous mode [ 646.184932][T10252] team_slave_1: entered promiscuous mode [ 646.220662][T10252] bridge0: port 3(team0) entered blocking state [ 646.227234][T10252] bridge0: port 3(team0) entered forwarding state [ 646.321889][T10258] loop1: detected capacity change from 0 to 2048 [ 646.338405][T10062] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 646.363242][T10258] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 646.373374][T10062] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 646.382221][T10062] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 646.419094][T10062] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 646.468651][T10261] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 646.473380][T10258] syz-executor.1: attempt to access beyond end of device [ 646.473380][T10258] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 646.890630][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 646.934844][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 647.126303][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 647.138723][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 647.149453][T10272] loop1: detected capacity change from 0 to 128 [ 648.126431][T10283] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 648.138816][T10283] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 649.520581][T10274] Process accounting resumed [ 650.084679][T10295] loop0: detected capacity change from 0 to 40427 [ 650.121280][T10295] F2FS-fs (loop0): invalid crc value [ 650.219972][T10295] F2FS-fs (loop0): Found nat_bits in checkpoint [ 650.334088][T10295] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 650.425191][ T35] bond0: (slave bond_slave_0): interface is now down [ 650.452050][ T35] bond0: (slave bond_slave_1): interface is now down [ 650.561471][ T35] bond0: now running without any active interface! [ 650.826962][T10310] blktrace: Concurrent blktraces are not allowed on sg0 [ 652.700087][T10321] Process accounting resumed [ 652.791975][T10327] input: syz0 as /devices/virtual/input/input19 [ 652.905755][ T29] audit: type=1800 audit(1718906237.042:625): pid=10333 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=1963 res=0 errno=0 [ 653.043148][T10337] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 653.159971][T10335] loop1: detected capacity change from 0 to 4096 [ 653.228232][T10343] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 653.543891][T10337] bridge0: port 2(bridge_slave_1) entered disabled state [ 653.555552][T10337] bridge0: port 1(bridge_slave_0) entered disabled state [ 653.757242][ T29] audit: type=1804 audit(1718906237.892:626): pid=10352 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir4003971644/syzkaller.pQOuh1/430/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 653.882680][ T29] audit: type=1804 audit(1718906237.952:627): pid=10352 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir4003971644/syzkaller.pQOuh1/430/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 654.622593][T10337] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 654.692782][T10337] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 655.246905][T10337] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.274696][T10337] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.295919][T10337] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.307018][T10337] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.893133][T10373] bridge0: port 3(team0) entered blocking state [ 655.899606][T10373] bridge0: port 3(team0) entered disabled state [ 655.941719][T10373] team0: entered allmulticast mode [ 655.965709][T10373] team_slave_0: entered allmulticast mode [ 655.982529][T10373] team_slave_1: entered allmulticast mode [ 656.051269][T10373] team0: entered promiscuous mode [ 656.222673][T10373] team_slave_0: entered promiscuous mode [ 657.714365][T10377] loop0: detected capacity change from 0 to 131072 [ 657.884566][T10373] team_slave_1: entered promiscuous mode [ 658.210631][T10377] F2FS-fs (loop0): Found nat_bits in checkpoint [ 658.312717][T10377] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 658.862289][T10396] input: syz0 as /devices/virtual/input/input20 [ 659.308523][T10400] loop1: detected capacity change from 0 to 4096 [ 659.451956][T10401] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 659.649053][T10403] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 659.762871][ T29] audit: type=1804 audit(1718906243.882:628): pid=10404 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir4003971644/syzkaller.pQOuh1/434/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 659.863387][ T29] audit: type=1804 audit(1718906244.002:629): pid=10404 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir4003971644/syzkaller.pQOuh1/434/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 660.088213][T10411] bridge0: port 3(team0) entered blocking state [ 660.108275][T10411] bridge0: port 3(team0) entered disabled state [ 660.131061][T10411] team0: entered allmulticast mode [ 660.162749][T10411] team_slave_0: entered allmulticast mode [ 660.185759][T10411] team_slave_1: entered allmulticast mode [ 660.243988][T10411] team0: entered promiscuous mode [ 660.265704][T10411] team_slave_0: entered promiscuous mode [ 660.457796][T10411] team_slave_1: entered promiscuous mode [ 660.493822][T10411] bridge0: port 3(team0) entered blocking state [ 660.500341][T10411] bridge0: port 3(team0) entered forwarding state [ 661.871959][T10423] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 662.708577][T10434] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 663.338087][T10434] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.345853][T10434] bridge0: port 1(bridge_slave_0) entered disabled state [ 664.244241][T10434] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 665.376820][T10434] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 665.845284][ T29] audit: type=1400 audit(1718906249.982:630): avc: denied { write } for pid=10456 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 666.360597][T10434] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 666.382501][T10434] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 666.391458][T10434] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 666.472436][T10434] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 667.080182][ T29] audit: type=1400 audit(1718906251.142:631): avc: denied { execmem } for pid=10465 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 667.338305][T10475] loop1: detected capacity change from 0 to 512 [ 667.378747][T10469] loop0: detected capacity change from 0 to 40427 [ 667.423219][T10469] F2FS-fs (loop0): invalid crc value [ 667.492089][T10469] F2FS-fs (loop0): Found nat_bits in checkpoint [ 667.618697][T10469] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 667.668576][T10484] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 669.327762][ T5111] Bluetooth: hci2: command 0x0406 tx timeout [ 669.953870][ T5111] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 669.967621][ T5111] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 669.985206][ T5111] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 670.010515][ T5111] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 670.020113][ T5111] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 670.032924][ T5111] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 670.613850][T10513] loop1: detected capacity change from 0 to 128 [ 670.752059][T10516] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 672.124286][ T5111] Bluetooth: hci6: command tx timeout [ 672.301590][T10516] bridge0: port 3(team0) entered disabled state [ 672.308557][T10516] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.317156][T10516] bridge0: port 1(bridge_slave_0) entered disabled state [ 672.894659][T10516] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 672.942543][T10516] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 674.203841][ T5111] Bluetooth: hci6: command tx timeout [ 674.440408][T10516] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.472453][T10516] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.513896][T10516] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.532934][T10516] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 675.398205][ T29] audit: type=1400 audit(1718906259.532:632): avc: denied { create } for pid=10550 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 675.504575][ T29] audit: type=1400 audit(1718906259.572:633): avc: denied { write } for pid=10550 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 675.561827][ T29] audit: type=1400 audit(1718906259.572:634): avc: denied { nlmsg_write } for pid=10550 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 675.615848][T10499] chnl_net:caif_netlink_parms(): no params data found [ 675.932071][ T5111] block nbd1: Receive control failed (result -32) [ 675.940632][T10543] block nbd1: shutting down sockets [ 676.136714][T10499] bridge0: port 1(bridge_slave_0) entered blocking state [ 676.192806][T10499] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.200203][T10499] bridge_slave_0: entered allmulticast mode [ 676.228138][T10499] bridge_slave_0: entered promiscuous mode [ 676.259590][T10499] bridge0: port 2(bridge_slave_1) entered blocking state [ 676.283013][ T5111] Bluetooth: hci6: command tx timeout [ 676.302280][T10499] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.344382][T10499] bridge_slave_1: entered allmulticast mode [ 676.397320][T10499] bridge_slave_1: entered promiscuous mode [ 676.613092][T10499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 676.678991][T10499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 677.007073][T10499] team0: Port device team_slave_0 added [ 677.058038][ T29] audit: type=1400 audit(1718906261.162:635): avc: denied { bind } for pid=10568 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 677.649847][T10499] team0: Port device team_slave_1 added [ 677.717130][ T29] audit: type=1400 audit(1718906261.252:636): avc: denied { setopt } for pid=10568 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 678.089209][T10556] loop0: detected capacity change from 0 to 32768 [ 678.362481][ T5111] Bluetooth: hci6: command tx timeout [ 678.395423][T10499] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 679.367116][T10556] read_mapping_page failed! [ 679.542686][T10556] jfs_mount: diMount failed w/rc = -5 [ 680.147176][T10499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 680.151168][T10556] Mount JFS Failure: -5 [ 680.173116][ C1] vkms_vblank_simulate: vblank timer overrun [ 680.249326][T10556] jfs_mount failed w/return code = -5 [ 680.300211][T10499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 680.350328][T10499] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 680.374943][T10499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 680.428820][T10499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 680.717586][T10499] hsr_slave_0: entered promiscuous mode [ 680.783270][T10499] hsr_slave_1: entered promiscuous mode [ 680.812781][T10499] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 680.820509][T10499] Cannot create hsr debugfs directory [ 680.921314][T10598] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 682.970432][T10499] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.051508][ T9293] bond0: (slave bond_slave_0): interface is now down [ 683.073154][ T9293] bond0: (slave bond_slave_1): interface is now down [ 683.111043][ T9293] bond0: now running without any active interface! [ 683.331875][T10499] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.626639][T10499] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.700965][T10644] loop1: detected capacity change from 0 to 8 [ 684.803569][T10650] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 686.022151][T10499] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.605604][ T29] audit: type=1400 audit(1718906270.742:637): avc: denied { getopt } for pid=10660 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 688.007784][T10499] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 688.126766][T10499] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 688.180777][T10499] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 688.252518][T10499] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 690.349559][T10499] 8021q: adding VLAN 0 to HW filter on device bond0 [ 690.492013][T10499] 8021q: adding VLAN 0 to HW filter on device team0 [ 690.521232][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state [ 690.528585][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 690.567293][ T29] audit: type=1400 audit(1718906274.702:638): avc: denied { open } for pid=10703 comm="syz-executor.2" path="/dev/ptyq8" dev="devtmpfs" ino=129 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 690.659370][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 690.666733][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 690.693444][ T29] audit: type=1400 audit(1718906274.702:639): avc: denied { ioctl } for pid=10703 comm="syz-executor.2" path="/dev/ptyq8" dev="devtmpfs" ino=129 ioctlcmd=0x5431 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 691.317841][T10724] loop0: detected capacity change from 0 to 2048 [ 691.409654][T10724] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 691.604783][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 692.064188][T10738] UDF-fs: error (device loop0): udf_read_inode: (ino 1345) failed !bh [ 692.467940][T10740] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 692.498566][T10499] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 692.881382][T10499] veth0_vlan: entered promiscuous mode [ 693.198241][T10499] veth1_vlan: entered promiscuous mode [ 694.630089][T10499] veth0_macvtap: entered promiscuous mode [ 694.825271][T10499] veth1_macvtap: entered promiscuous mode [ 694.855987][T10499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.874127][T10499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.904954][T10499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.943308][T10499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.959217][ T29] audit: type=1400 audit(1718906279.082:640): avc: denied { accept } for pid=10754 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 694.991718][T10499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 695.006230][T10755] loop0: detected capacity change from 0 to 1024 [ 695.024160][T10499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.036149][T10757] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57222 sclass=netlink_route_socket pid=10757 comm=syz-executor.2 [ 695.070846][T10499] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 695.190997][T10755] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 695.254195][ T29] audit: type=1400 audit(1718906279.392:641): avc: denied { read write } for pid=10752 comm="syz-executor.0" name="file0" dev="loop0" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 695.321336][T10757] geneve2: entered promiscuous mode [ 695.342945][ T29] audit: type=1400 audit(1718906279.432:642): avc: denied { open } for pid=10752 comm="syz-executor.0" path="/root/syzkaller-testdir1464932851/syzkaller.1Ojfed/85/file1/file0/file0" dev="loop0" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 695.345850][T10757] geneve2: entered allmulticast mode [ 695.623865][T10499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 695.656795][T10499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.710812][T10499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 695.746388][T10755] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 695.779620][T10499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.806661][T10499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 695.817657][T10499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.830308][T10499] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 695.846133][T10499] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.855031][T10499] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.863983][T10499] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.874359][T10499] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.145563][ T9128] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 696.537817][ T5645] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 696.607411][ T5645] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 696.816488][ T5646] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 696.847104][ T5646] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 697.237342][T10780] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 699.408447][T10806] loop0: detected capacity change from 0 to 512 [ 699.560061][T10806] EXT4-fs error (device loop0): ext4_orphan_get:1420: comm syz-executor.0: bad orphan inode 15 [ 699.571715][T10806] ext4_test_bit(bit=14, block=5) = 0 [ 699.588656][T10806] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 700.818126][ T29] audit: type=1326 audit(1718906284.952:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10805 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a5507cf29 code=0x7fc00000 [ 701.165796][ T9128] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 701.479237][ T29] audit: type=1400 audit(1718906285.572:644): avc: denied { create } for pid=10819 comm="syz-executor.3" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 701.801610][ T29] audit: type=1400 audit(1718906285.672:645): avc: denied { append } for pid=10829 comm="syz-executor.0" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 703.540311][T10846] loop1: detected capacity change from 0 to 128 [ 703.591171][T10846] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 703.656553][T10846] sysv_count_free_blocks: cannot read free-list block [ 703.786162][T10848] nbd: must specify at least one socket [ 704.076748][T10846] sysv_count_free_inodes: unable to read inode table [ 704.083750][T10847] sysv_count_free_blocks: cannot read free-list block [ 704.092909][T10847] sysv_count_free_inodes: unable to read inode table [ 704.210079][T10823] syzkaller0: entered promiscuous mode [ 704.215977][T10823] syzkaller0: entered allmulticast mode [ 704.239215][T10843] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 704.514081][ T5105] sysv_free_block: trying to free block not in datazone [ 704.561075][ T5105] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 704.628038][ T29] audit: type=1400 audit(1718906288.762:646): avc: denied { setopt } for pid=10851 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 704.832251][T10856] loop1: detected capacity change from 0 to 256 [ 707.559696][T10871] loop1: detected capacity change from 0 to 512 [ 707.772594][T10871] EXT4-fs error (device loop1): ext4_orphan_get:1420: comm syz-executor.1: bad orphan inode 15 [ 707.794985][T10871] ext4_test_bit(bit=14, block=5) = 0 [ 707.813043][T10871] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 708.182511][T10873] EXT4-fs error (device loop1): ext4_validate_block_bitmap:431: comm ext4lazyinit: bg 0: block 13: invalid block bitmap [ 708.855990][ T29] audit: type=1326 audit(1718906292.992:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10870 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa530e7cf29 code=0x7fc00000 [ 708.946495][ T29] audit: type=1326 audit(1718906292.992:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10870 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa530e7cf29 code=0x7fc00000 [ 709.194142][ T5105] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 709.213483][ T29] audit: type=1326 audit(1718906292.992:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10870 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa530e7cf29 code=0x7fc00000 [ 709.259399][ T29] audit: type=1326 audit(1718906292.992:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10870 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa530e7cf29 code=0x7fc00000 [ 709.292062][ T29] audit: type=1326 audit(1718906292.992:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10870 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa530e7cf29 code=0x7fc00000 [ 709.344964][ T29] audit: type=1326 audit(1718906292.992:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10870 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa530e7cf29 code=0x7fc00000 [ 712.491765][T10868] tc_dump_action: action bad kind [ 712.827687][T10884] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57222 sclass=netlink_route_socket pid=10884 comm=syz-executor.1 [ 712.852271][T10884] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.916244][T10884] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.946600][T10884] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.977522][T10884] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.012996][T10884] geneve3: entered promiscuous mode [ 713.028746][T10884] geneve3: entered allmulticast mode [ 713.052253][T10894] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 0 (only 8 groups) [ 713.071486][T10884] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 713.093240][T10884] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 713.122291][T10884] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 713.138817][T10884] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 714.381786][ T29] audit: type=1800 audit(1718906298.512:653): pid=10922 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="sda1" ino=1976 res=0 errno=0 [ 714.710357][T10927] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57222 sclass=netlink_route_socket pid=10927 comm=syz-executor.4 [ 714.815335][T10927] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 714.835811][T10927] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 714.858034][T10927] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 714.914431][T10927] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 714.937266][T10927] geneve2: entered promiscuous mode [ 714.962027][T10927] geneve2: entered allmulticast mode [ 715.026423][T10927] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 715.069140][T10927] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 715.100969][T10927] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 715.121393][T10927] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 715.139024][T10943] loop0: detected capacity change from 0 to 128 [ 715.270090][T10942] loop1: detected capacity change from 0 to 1764 [ 715.305943][T10943] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 715.389002][T10943] ext4 filesystem being mounted at /root/syzkaller-testdir1464932851/syzkaller.1Ojfed/98/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 715.514824][T10938] EXT4-fs warning (device loop0): ext4_group_add:1734: No reserved GDT blocks, can't resize [ 715.955136][ T9128] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 716.573501][T10963] loop0: detected capacity change from 0 to 2048 [ 716.673160][ T29] audit: type=1800 audit(1718906300.802:654): pid=10968 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="sda1" ino=1963 res=0 errno=0 [ 716.761001][T10963] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 717.286223][T10979] UDF-fs: error (device loop0): udf_read_inode: (ino 1345) failed !bh [ 718.579763][T10989] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57222 sclass=netlink_route_socket pid=10989 comm=syz-executor.4 [ 718.650990][T10989] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.685152][T10989] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.728016][T10989] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.812430][T10989] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.849566][T10989] geneve2: entered promiscuous mode [ 718.898905][T10989] geneve2: entered allmulticast mode [ 718.986114][T10989] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.013205][T10989] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.052653][T10989] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.144386][T10989] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.371240][T11000] loop0: detected capacity change from 0 to 1764 [ 721.546828][T11015] input: syz0 as /devices/virtual/input/input21 [ 723.181431][T11033] loop0: detected capacity change from 0 to 1024 [ 723.519026][T11033] tc_dump_action: action bad kind [ 725.716457][ T29] audit: type=1400 audit(1718906308.902:655): avc: denied { nlmsg_read } for pid=11034 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 726.181922][ T29] audit: type=1800 audit(1718906309.692:656): pid=11045 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.2" name="file2" dev="sda1" ino=1961 res=0 errno=0 [ 729.052162][ T29] audit: type=1400 audit(1718906313.182:657): avc: denied { shutdown } for pid=11084 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 732.685547][T11106] fuse: Bad value for 'fd' [ 734.419505][ T29] audit: type=1800 audit(1718906318.552:658): pid=11125 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor.4" name="file1" dev="sda1" ino=1969 res=0 errno=0 [ 740.223438][ T29] audit: type=1326 audit(1718906324.362:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11136 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c7127cf29 code=0x7fc00000 [ 740.532723][ T29] audit: type=1400 audit(1718906324.572:660): avc: denied { getopt } for pid=11137 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 740.586639][T11146] gfs2: gfs2 mount does not exist [ 744.161877][T11164] tipc: Enabled bearer , priority 10 [ 744.548861][T11171] loop0: detected capacity change from 0 to 256 [ 744.866773][ T29] audit: type=1400 audit(1718906328.992:661): avc: denied { mounton } for pid=11167 comm="syz-executor.0" path="/root/syzkaller-testdir1464932851/syzkaller.1Ojfed/108/file1/file0" dev="loop0" ino=1048727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 745.341778][ T9128] FAT-fs (loop0): error, corrupted directory (invalid entries) [ 745.372266][ T9128] FAT-fs (loop0): Filesystem has been set read-only [ 745.388339][ T9128] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 747.650178][T11210] loop1: detected capacity change from 0 to 4096 [ 747.888899][T11210] ntfs3: Couldn't remount rw because journal is not replayed. Please umount/remount instead [ 747.888899][T11210] [ 748.275935][T11219] EXT4-fs warning (device sda1): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. [ 749.284857][ T3929] team0: left allmulticast mode [ 749.724305][ T3929] team_slave_0: left allmulticast mode [ 749.751219][ T29] audit: type=1400 audit(1718906333.352:662): avc: denied { write } for pid=11218 comm="syz-executor.3" name="nvram" dev="devtmpfs" ino=625 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 749.779538][ T3929] team_slave_1: left allmulticast mode [ 749.785202][ T3929] team0: left promiscuous mode [ 749.790188][ T3929] team_slave_0: left promiscuous mode [ 749.837742][ T3929] team_slave_1: left promiscuous mode [ 749.843907][ T3929] bridge0: port 3(team0) entered disabled state [ 749.851712][ T29] audit: type=1400 audit(1718906333.372:663): avc: denied { open } for pid=11218 comm="syz-executor.3" path="/dev/nvram" dev="devtmpfs" ino=625 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 749.982761][ T3929] bridge_slave_1: left allmulticast mode [ 749.988489][ T3929] bridge_slave_1: left promiscuous mode [ 750.032850][ T3929] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.097530][ T3929] bridge_slave_0: left allmulticast mode [ 750.128679][T11243] syz-executor.4[11243] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 750.128931][T11243] syz-executor.4[11243] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 750.140759][ T3929] bridge_slave_0: left promiscuous mode [ 750.141067][ T3929] bridge0: port 1(bridge_slave_0) entered disabled state [ 750.213418][ T4479] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 750.236841][ T4479] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 750.250388][ T4479] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 750.259774][ T4479] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 750.268511][ T4479] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 750.277054][ T4479] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 751.524710][ T3929] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 751.562829][ T3929] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 751.584997][ T3929] bond0 (unregistering): Released all slaves [ 752.362672][ T4479] Bluetooth: hci2: command tx timeout [ 753.011854][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 753.028608][T11276] loop1: detected capacity change from 0 to 512 [ 753.102780][T11276] EXT4-fs: Ignoring removed bh option [ 753.152534][T11276] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 753.251774][T11284] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 753.291565][T11276] EXT4-fs (loop1): 1 truncate cleaned up [ 753.336307][T11276] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 753.804489][ T3929] hsr_slave_0: left promiscuous mode [ 753.836728][ T3929] hsr_slave_1: left promiscuous mode [ 753.892717][ T3929] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 753.924391][ T3929] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 754.180478][ T29] audit: type=1400 audit(1718906338.302:664): avc: denied { rename } for pid=11273 comm="syz-executor.1" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 754.256619][ T29] audit: type=1400 audit(1718906338.392:665): avc: denied { setattr } for pid=11273 comm="syz-executor.1" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop1" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 754.452724][ T4479] Bluetooth: hci2: command tx timeout [ 754.689718][ T5105] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 755.513494][ T29] audit: type=1400 audit(1718906339.642:666): avc: denied { setcurrent } for pid=11319 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 755.725639][T11323] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.1'. [ 755.742888][T11323] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4 [ 755.966141][T11326] loop1: detected capacity change from 0 to 2048 [ 756.088933][ T3929] team0 (unregistering): Port device team_slave_1 removed [ 756.274598][ T3929] team0 (unregistering): Port device team_slave_0 removed [ 756.442433][ T25] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 756.533054][ T4479] Bluetooth: hci2: command tx timeout [ 756.642401][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 756.663069][ T25] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 81, changing to 10 [ 756.691338][ T25] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 49302, setting to 1024 [ 756.715309][ T25] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 756.735964][ T25] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 756.745492][ T25] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 756.754624][ T25] usb 2-1: Product: syz [ 756.759092][ T25] usb 2-1: Manufacturer: syz [ 756.764449][ T25] usb 2-1: SerialNumber: syz [ 756.867990][ T25] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input22 [ 757.048472][ T25] usb 2-1: USB disconnect, device number 5 [ 757.212634][ T25] appletouch 2-1:1.0: input: appletouch disconnected [ 757.946660][T11330] loop1: detected capacity change from 0 to 64 [ 758.616995][ T5111] Bluetooth: hci2: command tx timeout [ 758.763045][ T30] INFO: task syz-executor.2:9680 blocked for more than 145 seconds. [ 758.774281][ T30] Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 [ 758.802459][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. 2024/06/20 17:59:02 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 758.811208][ T30] task:syz-executor.2 state:D stack:24736 pid:9680 tgid:9677 ppid:8661 flags:0x00004006 [ 758.822240][T11349] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 758.910749][T11244] chnl_net:caif_netlink_parms(): no params data found [ 758.932383][ T30] Call Trace: [ 758.935719][ T30] [ 758.938697][ T30] __schedule+0xf15/0x5d00 [ 758.972460][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 758.980582][ T30] ? hlock_class+0x4e/0x130 [ 758.992517][ T30] ? mark_lock+0xb5/0xc60 [ 758.998408][ T30] ? llist_add_batch+0x100/0x160 [ 759.012630][ T30] ? __pfx___schedule+0x10/0x10 [ 759.017599][ T30] ? schedule+0x298/0x350 [ 759.021995][ T30] ? __pfx_lock_release+0x10/0x10 [ 759.092431][ T30] schedule+0xe7/0x350 [ 759.096605][ T30] io_schedule+0xbf/0x130 [ 759.100997][ T30] folio_wait_bit_common+0x3d8/0x9b0 [ 759.122799][ T30] ? folio_wait_bit_common+0x13c/0x9b0 [ 759.128363][ T30] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 759.170231][ T30] ? __pfx_wake_page_function+0x10/0x10 [ 759.178495][ T30] ? __pfx___might_resched+0x10/0x10 [ 759.202402][ T30] release_metapage+0x70f/0xdc0 [ 759.207348][ T30] __get_metapage+0xf1a/0x1170 [ 759.212193][ T30] jfs_readdir+0x19f0/0x4310 [ 759.262536][ T30] ? __pfx_jfs_readdir+0x10/0x10 [ 759.267544][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 759.283072][ T30] ? __down_write_common+0x15e/0x13f0 [ 759.288718][ T30] ? __pfx___might_resched+0x10/0x10 [ 759.302356][ T30] ? down_read_killable+0xcc/0x380 [ 759.307537][ T30] ? __pfx_jfs_readdir+0x10/0x10 [ 759.352491][ T30] wrap_directory_iterator+0xa5/0xe0 [ 759.357872][ T30] iterate_dir+0x53e/0xb60 [ 759.372445][ T30] __x64_sys_getdents+0x14f/0x2d0 [ 759.392449][ T30] ? __pfx___x64_sys_getdents+0x10/0x10 [ 759.404753][ T30] ? xfd_validate_state+0x5d/0x180 [ 759.427335][ T30] ? __pfx_filldir+0x10/0x10 [ 759.432017][ T30] do_syscall_64+0xcd/0x250 [ 759.437429][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.443836][ T30] RIP: 0033:0x7f6973a7cf29 [ 759.448299][ T30] RSP: 002b:00007f69747e30c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 759.457468][ T30] RAX: ffffffffffffffda RBX: 00007f6973bb3f80 RCX: 00007f6973a7cf29 [ 759.465913][ T30] RDX: 00000000000000b8 RSI: 0000000020001fc0 RDI: 0000000000000007 [ 759.474614][ T30] RBP: 00007f6973aec074 R08: 0000000000000000 R09: 0000000000000000 [ 759.483111][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 759.493979][ T30] R13: 000000000000000b R14: 00007f6973bb3f80 R15: 00007ffd0a66c158 [ 759.502021][ T30] [ 759.540730][ T30] [ 759.540730][ T30] Showing all locks held in the system: [ 759.548684][ T30] 1 lock held by pool_workqueue_/3: [ 759.566761][ T30] #0: ffffffff8dbbd0b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock+0x1a4/0x3b0 [ 759.585170][ T30] 2 locks held by kworker/1:0/25: [ 759.642034][ T30] 1 lock held by khungtaskd/30: [ 759.647305][ T30] #0: ffffffff8dbb1920 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 759.704096][ T30] 4 locks held by kworker/u8:9/3929: [ 759.709455][ T30] #0: ffff8880162d3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12bf/0x1b60 [ 759.812586][ T30] #1: ffffc9000b377d80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x957/0x1b60 [ 759.882736][ T30] #2: ffffffff8f736c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xbb/0xbf0 [ 759.892191][ T30] #3: ffffffff8dbbcf80 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x48/0x6c0 [ 759.952472][ T30] 3 locks held by kworker/u9:1/4479: [ 759.957913][ T30] #0: ffff888022072148 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work+0x12bf/0x1b60 [ 760.057527][ T30] #1: ffffc9000c0f7d80 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x957/0x1b60 [ 760.124375][ T30] #2: ffff888061c64d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x170/0x410 [ 760.212507][ T5111] Bluetooth: hci5: command 0x0406 tx timeout [ 760.221985][ T30] 2 locks held by getty/4839: [ 760.252564][ T30] #0: ffff88802ada40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 760.342381][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc8/0x1490 [ 760.402366][ T30] 2 locks held by syz-fuzzer/5370: [ 760.407555][ T30] 2 locks held by kworker/u8:11/5294: [ 760.442894][ T30] 1 lock held by syz-executor.4/8851: [ 760.448344][ T30] 2 locks held by syz-executor.2/9680: [ 760.482397][ T30] #0: ffff888046157c48 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xeb/0x180 [ 760.491684][ T30] #1: ffff88805e3d6b40 (&type->i_mutex_dir_key#18){++++}-{3:3}, at: wrap_directory_iterator+0x5a/0xe0 [ 760.532371][ T30] 2 locks held by syz-executor.3/10099: [ 760.538082][ T30] #0: ffff8880239cc848 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xeb/0x180 [ 760.555217][ T30] #1: ffff88807a354f80 (&type->i_mutex_dir_key#18){++++}-{3:3}, at: wrap_directory_iterator+0x5a/0xe0 [ 760.566908][ T30] 3 locks held by kworker/1:14/10367: [ 760.572561][ T30] #0: ffff888015480948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12bf/0x1b60 [ 760.583407][ T30] #1: ffffc9000403fd80 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x957/0x1b60 [ 760.595971][ T30] #2: ffffffff8dbbd0b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock+0x282/0x3b0 [ 760.628272][ T30] 3 locks held by syz-executor.0/11244: [ 760.634340][ T30] #0: ffff88804fb88d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 760.652076][ T30] #1: ffff88804fb88078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x339/0x1100 [ 760.661971][ T30] #2: ffffffff8f9ade68 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xc4/0x260 [ 760.680483][ T30] 3 locks held by syz-executor.1/11344: [ 760.697697][ T30] #0: ffff888061560d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 760.709399][ T30] #1: ffff888061560078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x339/0x1100 [ 760.724603][ T30] #2: ffffffff8f9ade68 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xc4/0x260 [ 760.739198][ T30] 3 locks held by syz-executor.3/11348: [ 760.744972][ T30] #0: ffff88807af50d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 760.754975][ T30] #1: ffff88807af50078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x339/0x1100 [ 760.764855][ T30] #2: ffffffff8f9ade68 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xc4/0x260 [ 760.775355][ T30] [ 760.777814][ T30] ============================================= [ 760.777814][ T30] [ 760.813012][ T30] NMI backtrace for cpu 0 [ 760.817412][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 [ 760.827360][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 760.837476][ T30] Call Trace: [ 760.840790][ T30] [ 760.843752][ T30] dump_stack_lvl+0x116/0x1f0 [ 760.848488][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 760.853447][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 760.859454][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 760.865460][ T30] watchdog+0xf86/0x1240 [ 760.869749][ T30] ? __pfx_watchdog+0x10/0x10 [ 760.874467][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 760.879706][ T30] ? __kthread_parkme+0x148/0x220 [ 760.884761][ T30] ? __pfx_watchdog+0x10/0x10 [ 760.889465][ T30] kthread+0x2c1/0x3a0 [ 760.893567][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 760.898800][ T30] ? __pfx_kthread+0x10/0x10 [ 760.903430][ T30] ret_from_fork+0x45/0x80 [ 760.907885][ T30] ? __pfx_kthread+0x10/0x10 [ 760.912504][ T30] ret_from_fork_asm+0x1a/0x30 [ 760.917312][ T30] [ 760.923064][ T30] Sending NMI from CPU 0 to CPUs 1: [ 760.928354][ C1] NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt+0x1a/0x20 [ 760.941767][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 760.948660][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 [ 760.958611][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 760.968728][ T30] Call Trace: [ 760.972044][ T30] [ 760.975009][ T30] dump_stack_lvl+0x3d/0x1f0 [ 760.979666][ T30] panic+0x6f5/0x7a0 [ 760.983631][ T30] ? __pfx_panic+0x10/0x10 [ 760.988120][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 760.993544][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 760.999596][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 761.005016][ T30] ? watchdog+0xd3d/0x1240 [ 761.009498][ T30] ? watchdog+0xd30/0x1240 [ 761.013963][ T30] watchdog+0xd4e/0x1240 [ 761.018256][ T30] ? __pfx_watchdog+0x10/0x10 [ 761.023071][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 761.028324][ T30] ? __kthread_parkme+0x148/0x220 [ 761.033406][ T30] ? __pfx_watchdog+0x10/0x10 [ 761.038134][ T30] kthread+0x2c1/0x3a0 [ 761.042252][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 761.047600][ T30] ? __pfx_kthread+0x10/0x10 [ 761.052241][ T30] ret_from_fork+0x45/0x80 [ 761.056721][ T30] ? __pfx_kthread+0x10/0x10 [ 761.061365][ T30] ret_from_fork_asm+0x1a/0x30 [ 761.066190][ T30] [ 761.069530][ T30] Kernel Offset: disabled [ 761.073870][ T30] Rebooting in 86400 seconds..