last executing test programs: 1m23.226524326s ago: executing program 0 (id=1100): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c00)=@bpf_tracing={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0), 0x10}, 0x90) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c00000000000000000f883816814100000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b0000000000e000000200000000001c000000000000000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f00000a0000000800"/28, @ANYRES32, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030029000b12d25a80648c2594f90224fc60100c02c000000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 1m22.011034042s ago: executing program 0 (id=1104): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) madvise(&(0x7f0000ffc000/0x4000)=nil, 0xffffffffdf003fff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)={0x40, 0x39, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x05G'}]}, @typed={0x14, 0x2, 0x0, 0x0, @ipv6=@loopback}, @nested={0x8, 0x7, 0x0, 0x1, [@typed={0x4}]}]}, 0x40}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000001100), 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x18, 0x17, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFTA_FLOWTABLE_HOOK={0x4}]}, 0x18}}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000003b00)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) r6 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000000)) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r7}, 0x10) r8 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'vlan0\x00', 0x0}) sendto$packet(r8, &(0x7f00000002c0)="08040800d3fc030000004788031c09102f28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000005c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f200011800e000100636f6e6e6c696d69740000000c0002800800014000000000400000000c0a01020000000000000000010000000900020073797a320000000014000380100000800800034000000002040400800900010073797a30"], 0xe4}}, 0x0) 1m18.956265069s ago: executing program 0 (id=1108): socket$inet_icmp_raw(0x2, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x34}}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000140), 0xff, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, &(0x7f0000000200)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f00000001c0)=0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r7, 0x0, 0x0}) io_uring_enter(r3, 0x7f5f, 0x0, 0x0, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x6400000c) 1m18.69107606s ago: executing program 2 (id=1110): signalfd(0xffffffffffffffff, &(0x7f0000000200)={[0xca]}, 0x8) poll(&(0x7f0000000000), 0x49, 0x2) 1m17.87305601s ago: executing program 1 (id=1111): r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0xa0041) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0x40045731, &(0x7f0000000000)) 1m17.633361023s ago: executing program 2 (id=1113): ftruncate(0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000007bc0), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x80044520, &(0x7f0000000000)=""/85) 1m17.34961362s ago: executing program 1 (id=1114): syz_open_dev$vim2m(0x0, 0x0, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) creat(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) getpgrp(0x0) gettid() timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) r1 = socket(0xb, 0x5, 0x4) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x3f, &(0x7f0000000000)=0x3500, 0x4) bind$inet(r1, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r1, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x58, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8}, @CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_TSOFF={0x8}]}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_LABELS={0x4}]}, 0x58}}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000100)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) r5 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200ff11000000000e1208000f0100810401a80016ea1f0008400304000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) 1m17.1054743s ago: executing program 2 (id=1115): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = getpid() io_setup(0x8, &(0x7f00000001c0)) io_setup(0x2f0, &(0x7f00000000c0)=0x0) io_destroy(r2) io_cancel(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x24000044, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x0, 0x4, 0x12}, 0x48) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00'}, 0x90) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="14010000310001000000000000000000020000800c000000000000"], 0x114}], 0x1}, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map, r5, 0x5}, 0x10) sendmmsg$inet(r4, &(0x7f0000005740)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000400)='B', 0x1}], 0x1}}], 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100)={0xe}, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'tunl0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7e12ddc5a89047bf00"}) 1m15.613716369s ago: executing program 2 (id=1118): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x0, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000200000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[], 0x0, 0x37}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}, @volatile, @func_proto]}}, 0x0, 0x4a}, 0x20) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, 0x0, &(0x7f0000000240), 0xfff, r2}, 0x38) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='jbd2_handle_extend\x00', r4}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=@deltaction={0x14}, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="4000000010003904000000000400000000000000", @ANYRES32=r8, @ANYBLOB="030000007f0000002000128008000100736974001400028008000100", @ANYRES32], 0x40}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[], 0x40}}, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_subtree(r5, &(0x7f00000002c0)=ANY=[], 0x7) write$cgroup_int(r10, &(0x7f0000000200), 0x43400) r11 = socket$key(0xf, 0x3, 0x2) syz_emit_ethernet(0x5e, &(0x7f0000003680)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00\b', 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x87, 0x0, 0x0, '\x00', @local, @mcast2={0xe}}}}}}}, 0x0) sendmsg$key(r11, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="020300030e000000000000000000000004000900a8000000e9257fb792464e730df1194699dec293ed461dfec300000003000600000000000200000000000000000000000000000002000100000000000000000d00"], 0x70}, 0x1, 0x7}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) 20.373702205s ago: executing program 3 (id=1166): socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001400)=@newtaction={0xef0, 0x30, 0x25, 0x0, 0x0, {}, [{0xedc, 0x1, [@m_pedit={0xed8, 0x1, 0x0, 0x0, {{0xa}, {0xeac, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe68, 0x4, {{{0x0, 0xffffffff}, 0x3, 0x0, [{0x2e, 0x6, 0x0, 0x7, 0x6, 0x5}, {0x2, 0x4, 0x4e000000, 0x5, 0x2, 0x68}, {0x6f, 0x351, 0x1, 0x7ff, 0xffffffff, 0x6}]}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xffff, 0x0, 0x10000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x5}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa6c8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x8}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffc}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}]}}, @TCA_PEDIT_KEYS_EX={0x40, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xef0}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000580)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_FLUSH(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="500000007244cf35089f57d729c826a4857f9647d0a725996626418499e395127294d1d43f0b97ba1b6acb27272a1db059dd4521f9786d7dabaf1b2e4bd43567a5f0ff1c55c4a11d379229fda869fe86d5c1913fbf11ff514f7bd50a7dd4d960b2440dd014d7f3dafd856a91", @ANYRES16=0x0, @ANYBLOB="0200ffffffff00000800110000000000060006000000fcff0280080007000000002008000600050000000000050006000000080006000700000008000600ffff0000080006000c020000"], 0x50}}, 0x48000) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)=ANY=[@ANYBLOB="060000005763d5e26a22cb2825339d5959ae0feb43f47f8be14812b40513580151b5da6f93433a65d394815e2394b150a352f542bfb3445322df71c609c90710a2e57d53115951a9291ff50f44ef02cea333b559f5001ee68981cbf15dc0239e973458b608a179ace127d88fe192698656954cdd807c40fe012c9d047a24f3867cd2decc65d1ea5a32b787ba061679f252f6ccc3bee988753606bd0e0165eaf8347bd746", @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=0x0, @ANYBLOB="22003300d000000008021100000108021100000050505050505000000904000000000000"], 0x40}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000002a000000000000000018512400000e000000000000140000000095000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket(0xa, 0x3, 0x4) ioctl$sock_SIOCBRDELBR(r8, 0x89a2, &(0x7f0000000000)='bridge0\x00') ioctl$F2FS_IOC_MOVE_RANGE(r8, 0xc020f509, &(0x7f00000000c0)={r5, 0x9, 0xfbf0, 0xc319}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r9 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 19.307558832s ago: executing program 4 (id=1167): syz_open_dev$cec(0x0, 0x0, 0x10080) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @empty}, {0xa, 0x0, 0x0, @mcast1}}}, 0x48) 19.290339347s ago: executing program 3 (id=1168): syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@mcast2, 0x1, 0x0, 0x0, 0x2}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r0, 0x8b32, &(0x7f0000000040)) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c}, 0x38) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x9, [@func, @union={0x5, 0x0, 0x0, 0x5, 0x1}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30]}}, 0x0, 0x39}, 0x20) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x68, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2b, 0xe, {{{}, {0x100}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @val={0x3, 0x1, 0x68}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_AUTH_TYPE={0x8}]}, 0x68}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_INIT(r8, &(0x7f0000000340)={0x50}, 0x50) r9 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x12, r9, 0x0) mremap(&(0x7f000090e000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000139000/0x4000)=nil) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0) 18.106884342s ago: executing program 4 (id=1169): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@ipv4={""/10, ""/2, @empty}}, &(0x7f0000000100)=0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00'}) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000180)={@remote, @local}, &(0x7f0000000200)=0xc) getsockname$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000280)=0x14) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000240)={'wg0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@ipv4_newroute={0x2c, 0x18, 0x811, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0xfd, 0x0, 0xfe, 0x2}, [@RTA_OIF={0x8, 0x4, r3}, @RTA_PREFSRC={0x8, 0x7, @multicast2}]}, 0x2c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{}, [@TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x4}]}, @TCA_NETEM_CORRUPT={0xc, 0x2}]}}}]}, 0x70}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_mreq(r8, 0x29, 0x3, 0x0, &(0x7f0000000380)) socket(0xf, 0x2, 0x80000001) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) getsockopt$inet6_mreq(r8, 0x29, 0x15, &(0x7f0000000080)={@private1}, &(0x7f00000000c0)=0x14) r9 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r9, 0x89f0, &(0x7f0000000000)={'syztnl1\x00', 0x0}) 17.97309746s ago: executing program 3 (id=1170): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x3}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x10012, r1, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) recvmmsg(r0, &(0x7f00000075c0)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000001c40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) 17.470740515s ago: executing program 4 (id=1171): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000013c0), 0x4) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000001000810500"/20], 0x20}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00'}) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x128, 0x4c, 0x1a, 0x0, 0x73, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0x5}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@private2, @dev, [], [], 'veth1_macvtap\x00', 'veth0_macvtap\x00'}, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@icmp6={{0x28}, {0x0, "e1f6"}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x388) 17.321012117s ago: executing program 3 (id=1172): syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) socket$kcm(0x11, 0xa, 0x300) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) syz_emit_ethernet(0x42, &(0x7f00000000c0)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@ssrr={0x89, 0x3, 0x3d}]}}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010100}}}}}}, 0x0) 16.406650915s ago: executing program 4 (id=1173): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x10, &(0x7f0000000000)=@ready={0x0, 0x0, 0x8, 'BBBB'}) 16.161221983s ago: executing program 1 (id=1122): mkdir(&(0x7f0000000400)='./file0\x00', 0xfa) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000}) mount$9p_tcp(&(0x7f0000000000), &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x0, &(0x7f0000000700)={'trans=tcp,', {}, 0x2c, {[{@privport}]}}) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r0, 0x4b52, 0x0) 16.145485581s ago: executing program 0 (id=1119): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c000000010a01040000000000000000020000000900030073790032000000000900010073797a30"], 0x2c}}, 0x0) 16.142361133s ago: executing program 3 (id=1174): syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_conn_req={{0x2, 0x7, 0x4}, {0x2, 0x40}}]}}, 0x11) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) r2 = gettid() r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000580)={0x0, 0x0, r6, r7, 0x0, 0x0, 0x0, 0x4, {0xffff, 0x11, 0xbc9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "f9db026ebb1742079ae859fd3c1afda62b4b9e9bc5272dc5b88c696b19b49b8f"}}) process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r8 = userfaultfd(0x80001) ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0)) r9 = fcntl$dupfd(r8, 0x0, r8) ioctl$UFFDIO_ZEROPAGE(r9, 0xc018aa06, &(0x7f0000000240)={{&(0x7f00003ea000/0x400000)=nil, 0x400000}, 0x1}) madvise(&(0x7f00004d2000/0x1000)=nil, 0x1000, 0x8) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x45}, @l2cap_cid_signaling={{0x41}, [@l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0x3, 0xcba8}}, @l2cap_disconn_rsp={{0x7, 0x46, 0x4}, {0x3f}}, @l2cap_cmd_rej_unk={{0x1, 0x9, 0x2}, {0x8001}}, @l2cap_move_chan_req={{0xe, 0x79, 0x3}, {0xe679, 0x1f}}, @l2cap_conf_rsp={{0x5, 0x8, 0x20}, {0x7fff, 0x48, 0x8, [@l2cap_conf_ews={0x7, 0x2}, @l2cap_conf_mtu={0x1, 0x2, 0x9}, @l2cap_conf_efs={0x6, 0x10, {0x40, 0x1, 0x5, 0x0, 0x8, 0x4}}]}}]}}, 0x4a) syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="03c8002c56b35e1dac486695d8718631a6bfb07b981c91c9e912b7e3df1cdda54a2f1df9f47803b2145d93754a41fc717ebea74089d70fffffffff1b"], 0x30) 15.860364975s ago: executing program 1 (id=1175): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000008c0)={0x0, 0xfffffffffffffef6, &(0x7f0000000900)}, &(0x7f0000002100)=0x10) unshare(0x0) socket$alg(0x26, 0x5, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) write$binfmt_script(r0, &(0x7f0000000280)={'#! ', './file0', [], 0xa, "805ee9d2dfd9a0b4631774f9517b11e1a51e0e3ba28621596f205a0292063dd8c010b40e97230fd4588805f469d6a7ca2aaf1385b34ac2"}, 0x42) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x11, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr, @broadcast}, @dest_unreach={0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}}}}}}, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_buf(r3, 0x6, 0x1a, 0x0, &(0x7f00000002c0)) r4 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa0008004500fd840000000000029078ac1e0001cf00000100009078e0000001"], 0x0) sendmsg(r4, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet6(0xa, 0x3, 0x6) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="3400030007"], 0xd) 15.783548823s ago: executing program 0 (id=1176): socket$can_j1939(0x1d, 0x2, 0x7) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newtaction={0x68, 0x30, 0xffff, 0x0, 0x0, {}, [{0x54, 0x1, [@m_ife={0x50, 0x1, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0x8, 0x6, [@IFE_META_TCINDEX={0x4, 0x2, @void}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) 15.363199994s ago: executing program 1 (id=1177): r0 = socket$inet_tcp(0x2, 0x3, 0x6) r1 = socket$inet(0x2, 0x4000000000080001, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000240), 0x1) mlock2(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x1) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000000000000000000030000850000007b00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000600)='tlb_flush\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x6c, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0}, @IPSET_ATTR_PORT={0x6}, @IPSET_ATTR_PORT_TO={0x6}, @IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x6c}}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='tlb_flush\x00', r5}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{r3}, 0x0, &(0x7f0000000780)='%ps \x00'}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x0, 0x8}, 0x48) write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0', [{}]}, 0xc) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@rights={{0x18, 0x117, 0x3, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x18}}], 0x1, 0x0) r6 = creat(&(0x7f0000000080)='./file0\x00', 0x1de) close(r6) execve(0x0, &(0x7f00000005c0)=[&(0x7f0000000040)='\x00', &(0x7f0000000500)='^&}.: ^-\\\x00', &(0x7f0000000540)=']\x00', &(0x7f0000000580)=')/!,\x00'], 0x0) r7 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r7, &(0x7f00000000c0)='./file0\x00') mkdirat(r7, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r8 = socket$inet(0x2, 0x3, 0x2) getsockopt$inet_buf(r8, 0x0, 0x29, &(0x7f0000000040)=""/185, 0x0) execveat(r6, &(0x7f0000000300)='./file0\x00', &(0x7f0000000380)=[&(0x7f0000000600)='\'\xe2\x03c\xc0\xa2\x151\xf1\xda\xca\x00\xdb;\x8c\x01(\xc4\r\xec\"\xd4J=z\xcd\xe0\xccP\n\x17\xee\x8ca\aj\x17\xa7Q\x8e%\xa1\xa25\xfa\xfaa\x9a\xfd\xa1f\xeeZ\xb6[\x86\xe1\x02\xe2<\x9bF\xbe:\x81_[U\xb2\x90\x97\x9d\xb4\'\"\xf1\x8fI#R\x01pl\x88I\xcag\tu\x90A(\xc9\xc4\x8a8\x0f\xae\xb9\xa8\x8e4\xf2\xe5w\xfc\x94\xeaA', &(0x7f0000000140)='\x00', &(0x7f0000000240), &(0x7f00000001c0)=':::%(\']\\\x00', &(0x7f0000000200)='\x00', &(0x7f00000004c0)='#\'[\xa6\x0e\x00\x00\x00\x00\x80\xb8\a_o\xea\xc2k_\xce\'\xfd\x11', &(0x7f0000000280)='Q\x03\x00', &(0x7f00000002c0)='$/\x00', &(0x7f0000000180), &(0x7f0000000340)='^&}.: ^-\\\x00'], &(0x7f0000000480)=[&(0x7f00000000c0)='\x00', &(0x7f0000000440)=']\x00'], 0x1000) 15.299778398s ago: executing program 2 (id=1125): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000006300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003d000b08d25a80648c7494f90324fc600b0002400a000000053582c137153e3719ac018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 15.131291413s ago: executing program 0 (id=1178): fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = syz_io_uring_setup(0x19d3, &(0x7f00000003c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000440)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f0000000300), 0x1) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x24, &(0x7f00000000c0)=0x5, 0x4) bind$inet(r6, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000380)={'macsec0\x00', &(0x7f0000000340)=@ethtool_test={0x1a, 0x7608, 0x56b, 0x2, [0x5e74, 0xfffffffffffff801]}}) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x1}, 0x10, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd=r6, 0x0, 0x0, 0x10001, 0x3, 0x1}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)=0x8, 0x4) io_uring_enter(r0, 0x3ed2, 0x0, 0x0, 0x0, 0x0) fremovexattr(0xffffffffffffffff, &(0x7f0000000040)=@known='system.posix_acl_default\x00') 14.540432134s ago: executing program 2 (id=1179): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) 821.921778ms ago: executing program 1 (id=1180): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r2, @ANYBLOB="20006e80110001"], 0x48}}, 0x0) 681.11681ms ago: executing program 4 (id=1181): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002800)={0xffffffffffffffff}) getsockopt$sock_int(r0, 0x1, 0x8, 0x0, &(0x7f0000002c40)) 680.91318ms ago: executing program 4 (id=1182): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x30}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="380000001000050700bbc0000000010007000000", @ANYRES32=r3, @ANYBLOB="00000000000000001800120008000100736974000c0002000800020006"], 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @sit={{0x8}, {0x4}}}]}, 0x30}}, 0x0) 0s ago: executing program 3 (id=1183): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x17ef, 0x6047, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x57, {0x57, 0x0, "a7ea3163fd3bc518194b120c1e73d54cfc4ad2841ef4f6a3fd7c59ccb785025f2e7b3504ff87cbfd10f3c080b73385a7015d3a32ed6b5217cdbb6fadb2ea7a288982d5337c364daf03bd400d66293b0a2b103dd93f"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): e_1 (retrying later): interface not active [ 546.993528][ T8370] hsr_slave_0: entered promiscuous mode [ 547.010188][ T8370] hsr_slave_1: entered promiscuous mode [ 547.023753][ T8370] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 547.034236][ T8370] Cannot create hsr debugfs directory [ 547.225808][ T29] audit: type=1400 audit(1723581910.379:518): avc: denied { getopt } for pid=8484 comm="syz.3.659" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 549.257101][ T8246] 8021q: adding VLAN 0 to HW filter on device bond0 [ 549.291268][ T8280] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 549.408300][ T8280] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 549.444453][ T8280] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 549.560447][ T8246] 8021q: adding VLAN 0 to HW filter on device team0 [ 549.567666][ T8280] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 549.656849][ T2528] bridge0: port 1(bridge_slave_0) entered blocking state [ 549.664146][ T2528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 549.890890][ T8370] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.967894][ T7144] bridge0: port 2(bridge_slave_1) entered blocking state [ 549.975222][ T7144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 550.122604][ T8370] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.128972][ T29] audit: type=1400 audit(1723581913.369:519): avc: denied { read write } for pid=8504 comm="syz.3.662" name="nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 550.194393][ T29] audit: type=1400 audit(1723581913.369:520): avc: denied { open } for pid=8504 comm="syz.3.662" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 550.300156][ T29] audit: type=1400 audit(1723581913.499:521): avc: denied { map } for pid=8504 comm="syz.3.662" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 550.393909][ T29] audit: type=1400 audit(1723581913.499:522): avc: denied { execute } for pid=8504 comm="syz.3.662" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 550.492461][ T8370] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.540740][ T8510] netlink: 12 bytes leftover after parsing attributes in process `syz.4.663'. [ 550.668029][ T8370] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.937638][ T8280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 552.160708][ T8370] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 552.234575][ T8280] 8021q: adding VLAN 0 to HW filter on device team0 [ 552.252461][ T8370] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 552.371833][ T8370] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 552.495700][ T8370] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 552.794350][ T1101] bridge0: port 1(bridge_slave_0) entered blocking state [ 552.801663][ T1101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 553.097013][ T80] bridge0: port 2(bridge_slave_1) entered blocking state [ 553.104321][ T80] bridge0: port 2(bridge_slave_1) entered forwarding state [ 553.129697][ T8246] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 553.633702][ T8550] netlink: 8 bytes leftover after parsing attributes in process `syz.4.670'. [ 556.188299][ T5312] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 556.415724][ T8559] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=2304 sclass=netlink_xfrm_socket pid=8559 comm=syz.4.672 [ 556.532547][ T8246] veth0_vlan: entered promiscuous mode [ 556.646767][ T8246] veth1_vlan: entered promiscuous mode [ 556.726633][ T8370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 556.810959][ T8246] veth0_macvtap: entered promiscuous mode [ 556.854326][ T8246] veth1_macvtap: entered promiscuous mode [ 556.935071][ T5312] usb 4-1: device descriptor read/64, error -71 [ 557.095229][ T8370] 8021q: adding VLAN 0 to HW filter on device team0 [ 557.696157][ T8246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 557.748230][ T8246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.795866][ T8246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 557.856428][ T8246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.873347][ T8246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 557.892314][ T8246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.915114][ T8246] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 557.936766][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 557.944070][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 557.990902][ T8246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.016473][ T8246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.037607][ T8246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.056799][ T8246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.067596][ T8246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.078285][ T5312] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 558.097769][ T8246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.120368][ T8246] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 558.142162][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 558.149483][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 558.250485][ T8246] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.262777][ T8246] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.272388][ T8246] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.282109][ T8246] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.292125][ T5312] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 558.329893][ T5312] usb 4-1: New USB device found, idVendor=6666, idProduct=8801, bcdDevice= 0.00 [ 558.359193][ T5312] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.411431][ T5312] usb 4-1: config 0 descriptor?? [ 558.436361][ T5312] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 558.502226][ T8280] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 558.867937][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 558.908277][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 559.001058][ T8280] veth0_vlan: entered promiscuous mode [ 559.149405][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 559.164983][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 559.195756][ T8280] veth1_vlan: entered promiscuous mode [ 559.404153][ T8280] veth0_macvtap: entered promiscuous mode [ 559.451322][ T8370] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 559.482480][ T8280] veth1_macvtap: entered promiscuous mode [ 559.644807][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 559.682862][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.697151][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 559.715530][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.731406][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 559.750723][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.770781][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 559.791508][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.809290][ T8280] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 559.852861][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.888215][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.904646][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.916716][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.928423][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.939159][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.950371][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.981873][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.995172][ T8280] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 560.019809][ T8606] netlink: 8 bytes leftover after parsing attributes in process `syz.4.682'. [ 560.050818][ T8280] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.078652][ T8280] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.100878][ T8280] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.128226][ T8280] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.300913][ T8370] veth0_vlan: entered promiscuous mode [ 560.415509][ T8370] veth1_vlan: entered promiscuous mode [ 560.477644][ T1196] usb 4-1: USB disconnect, device number 16 [ 561.012231][ T8625] Bluetooth: MGMT ver 1.23 [ 561.735109][ T8370] veth0_macvtap: entered promiscuous mode [ 561.911564][ T8370] veth1_macvtap: entered promiscuous mode [ 562.659541][ T7144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 562.677938][ T7144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 563.285998][ T8370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 563.324273][ T8370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 563.368348][ T8370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 563.392431][ T8370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 563.423883][ T8370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 563.458548][ T8370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 563.488751][ T8370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 563.549672][ T8370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 563.586383][ T8370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 563.648533][ T8370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 563.694324][ T8370] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 563.819642][ T8370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 563.859965][ T8370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 563.918299][ T8370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 563.965661][ T8370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 563.998787][ T8370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.009767][ T8370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.026439][ T8370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.054040][ T8370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.090929][ T8370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.111818][ T8370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.176538][ T8370] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 564.245860][ T8370] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 564.324997][ T8370] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 564.375165][ T8370] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 564.439316][ T8370] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 564.478377][ T2528] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 564.486253][ T2528] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.266743][ T8668] MTD: Attempt to mount non-MTD device "/dev/nbd4" [ 565.277997][ T8668] cramfs: wrong magic [ 565.360235][ T8668] netlink: 4 bytes leftover after parsing attributes in process `syz.4.686'. [ 566.388765][ T8670] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.687'. [ 566.471008][ T8670] netlink: get zone limit has 8 unknown bytes [ 566.536557][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 566.619670][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 567.408441][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 567.416440][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 567.932562][ T8688] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.691'. [ 567.970526][ T8688] netlink: zone id is out of range [ 567.995131][ T8688] netlink: zone id is out of range [ 568.018695][ T8688] netlink: zone id is out of range [ 568.030046][ T8688] netlink: zone id is out of range [ 568.046467][ T8688] netlink: zone id is out of range [ 568.065474][ T8688] netlink: zone id is out of range [ 568.090145][ T8688] netlink: zone id is out of range [ 568.112292][ T8688] netlink: zone id is out of range [ 568.122984][ T8688] netlink: zone id is out of range [ 568.626274][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.634238][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.656840][ T5296] libceph: connect (1)[c::]:6789 error -101 [ 568.681609][ T5296] libceph: mon0 (1)[c::]:6789 connect error [ 568.745836][ T5296] libceph: connect (1)[c::]:6789 error -101 [ 568.762560][ T5296] libceph: mon0 (1)[c::]:6789 connect error [ 569.037216][ T29] audit: type=1400 audit(1723581932.269:523): avc: denied { mounton } for pid=8697 comm="syz.4.694" path="mnt:[4026533541]" dev="nsfs" ino=4026533541 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 569.132225][ T5296] libceph: connect (1)[c::]:6789 error -101 [ 569.212294][ T8694] could not allocate digest TFM handle sha1_mb [ 569.214795][ T5296] libceph: mon0 (1)[c::]:6789 connect error [ 569.480182][ T8692] ceph: No mds server is up or the cluster is laggy [ 569.765605][ T8722] netlink: 'syz.3.696': attribute type 21 has an invalid length. [ 569.790768][ T8012] libceph: connect (1)[c::]:6789 error -101 [ 569.807086][ T8012] libceph: mon0 (1)[c::]:6789 connect error [ 569.850985][ T8722] netlink: 128 bytes leftover after parsing attributes in process `syz.3.696'. [ 569.914226][ T8722] netlink: 'syz.3.696': attribute type 5 has an invalid length. [ 569.986609][ T8722] netlink: 3 bytes leftover after parsing attributes in process `syz.3.696'. [ 570.708456][ T29] audit: type=1400 audit(1723581933.949:524): avc: denied { connect } for pid=8725 comm="syz.4.697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 571.868451][ T5261] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 571.877357][ T5261] Bluetooth: hci2: Injecting HCI hardware error event [ 571.890002][ T5247] Bluetooth: hci2: hardware error 0x00 [ 571.991301][ T29] audit: type=1400 audit(1723581934.169:525): avc: denied { write } for pid=8725 comm="syz.4.697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 574.748473][ T5247] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 576.953289][ T8786] netlink: 'syz.0.717': attribute type 3 has an invalid length. [ 577.193423][ T8788] netlink: 'syz.3.716': attribute type 30 has an invalid length. [ 577.965047][ T29] audit: type=1400 audit(1723581941.199:526): avc: denied { listen } for pid=8791 comm="syz.4.719" path=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 579.264127][ T29] audit: type=1400 audit(1723581942.509:527): avc: denied { lock } for pid=8801 comm="syz.3.723" path="socket:[28129]" dev="sockfs" ino=28129 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 579.847550][ T8813] netlink: 'syz.4.727': attribute type 32 has an invalid length. [ 579.928419][ T1196] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 580.148399][ T1196] usb 3-1: Using ep0 maxpacket: 8 [ 580.167305][ T1196] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 580.218285][ T1196] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 580.248444][ T1196] usb 3-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00 [ 580.268246][ T1196] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.295990][ T1196] usb 3-1: config 0 descriptor?? [ 580.754952][ T1196] hid-alps 0003:044E:120B.0009: item fetching failed at offset 5/6 [ 580.794113][ T1196] hid-alps 0003:044E:120B.0009: parse failed [ 580.828495][ T1196] hid-alps 0003:044E:120B.0009: probe with driver hid-alps failed with error -22 [ 580.954975][ T9] usb 3-1: USB disconnect, device number 6 [ 581.260819][ T29] audit: type=1400 audit(1723581944.509:528): avc: denied { write } for pid=8841 comm="syz.0.740" path="socket:[28177]" dev="sockfs" ino=28177 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 581.688549][ T1196] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 581.928325][ T1196] usb 2-1: Using ep0 maxpacket: 8 [ 581.956936][ T1196] usb 2-1: New USB device found, idVendor=07ca, idProduct=a868, bcdDevice=c4.d4 [ 581.998368][ T1196] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.018263][ T29] audit: type=1400 audit(1723581945.249:529): avc: denied { write } for pid=8852 comm="syz.3.744" name="usbmon1" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 582.065590][ T1196] usb 2-1: config 0 descriptor?? [ 582.093458][ T1196] dvb-usb: found a 'AVerMedia AVerTVHD Volar (A868R)' in warm state. [ 582.241515][ T8861] Option ' ' to dns_resolver key: bad/missing value [ 582.612391][ T1196] cxusb: set interface failed [ 582.617819][ T1196] dvb-usb: bulk message failed: -22 (1/0) [ 582.699768][ T8012] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 582.755774][ T1196] dvb-usb: AVerMedia AVerTVHD Volar (A868R) error while loading driver (-22) [ 582.772220][ T1196] dvb_usb_cxusb 2-1:0.0: probe with driver dvb_usb_cxusb failed with error -22 [ 582.785880][ T1196] usb 2-1: USB disconnect, device number 11 [ 582.899396][ T8012] usb 1-1: Using ep0 maxpacket: 8 [ 582.944323][ T8012] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 583.256140][ T8012] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 583.266579][ T8012] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 42157, setting to 1024 [ 586.478040][ T8012] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 586.492424][ T8012] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 586.506009][ T8012] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 586.515647][ T8012] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.524006][ T29] audit: type=1400 audit(1723581948.769:530): avc: denied { getopt } for pid=8868 comm="syz.4.750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 586.552307][ T25] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 586.779461][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 586.886669][ T25] usb 4-1: device descriptor read/all, error -71 [ 586.968923][ T8012] usb 1-1: can't set config #16, error -71 [ 587.015440][ T8012] usb 1-1: USB disconnect, device number 7 [ 588.308323][ T8873] Bluetooth: hci4: command 0x0406 tx timeout [ 588.327384][ T8873] Bluetooth: hci1: command 0x0405 tx timeout [ 592.171654][ T29] audit: type=1400 audit(1723581955.379:531): avc: denied { remount } for pid=8906 comm="syz.2.761" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 592.569496][ T29] audit: type=1400 audit(1723581955.799:532): avc: denied { connect } for pid=8919 comm="syz.0.762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 592.591297][ T8923] net_ratelimit: 102 callbacks suppressed [ 592.591321][ T8923] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 592.686545][ T29] audit: type=1400 audit(1723581955.909:533): avc: denied { write } for pid=8919 comm="syz.0.762" name="ppp" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 597.006601][ T8954] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 597.054115][ T8949] xt_CT: You must specify a L4 protocol and not use inversions on it [ 597.090189][ T29] audit: type=1400 audit(1723581960.339:534): avc: denied { nlmsg_read } for pid=8941 comm="syz.0.771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 597.158371][ T29] audit: type=1400 audit(1723581960.339:535): avc: denied { ioctl } for pid=8947 comm="syz.4.773" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x3313 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 597.644974][ T29] audit: type=1400 audit(1723581960.889:536): avc: denied { getopt } for pid=8962 comm="syz.4.778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 597.690180][ T29] audit: type=1400 audit(1723581960.929:537): avc: denied { getopt } for pid=8962 comm="syz.4.778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 597.818528][ T9] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 598.001092][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 598.026043][ T9] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 598.095308][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 598.144419][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 598.180016][ T29] audit: type=1400 audit(1723581961.419:538): avc: denied { setopt } for pid=8962 comm="syz.4.778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 598.213597][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 598.274870][ T9] usb 4-1: New USB device found, idVendor=056a, idProduct=00b3, bcdDevice= 0.00 [ 598.311653][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.347206][ T9] usb 4-1: config 0 descriptor?? [ 599.148024][ T5250] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 599.175861][ T5250] Bluetooth: hci3: unexpected event 0x04 length: 11 > 10 [ 599.184000][ T5250] Bluetooth: unknown link type 5 [ 599.199442][ T5250] Bluetooth: hci3: connection err: -111 [ 599.550115][ T8990] netlink: 24 bytes leftover after parsing attributes in process `syz.1.784'. [ 599.851285][ T9] usbhid 4-1:0.0: can't add hid device: -71 [ 599.859527][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 599.889037][ T9] usb 4-1: USB disconnect, device number 19 [ 599.953981][ T8992] gfs2: path_lookup on c::: returned error -2 [ 602.088509][ T9011] netlink: 4 bytes leftover after parsing attributes in process `syz.1.791'. [ 602.234122][ T9013] syz.4.789: attempt to access beyond end of device [ 602.234122][ T9013] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 602.540804][ T9013] syz.4.789: attempt to access beyond end of device [ 602.540804][ T9013] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 602.558210][ T9013] Mount JFS Failure: -5 [ 602.829234][ T9013] jfs_mount failed w/return code = -5 [ 604.010807][ T9025] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0) [ 604.518755][ T9033] netlink: 348 bytes leftover after parsing attributes in process `syz.0.798'. [ 604.579129][ T9033] netlink: 4 bytes leftover after parsing attributes in process `syz.0.798'. [ 604.843043][ T9038] netlink: 8 bytes leftover after parsing attributes in process `syz.3.800'. [ 605.880115][ T8083] IPVS: starting estimator thread 0... [ 605.976523][ T9048] IPVS: using max 22 ests per chain, 52800 per kthread [ 607.114915][ T5250] Bluetooth: hci1: unexpected event 0x08 length: 78 > 4 [ 607.249380][ T9053] serio: Serial port pts0 [ 607.508992][ T9069] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 607.668881][ T29] audit: type=1804 audit(1723581970.889:539): pid=9066 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.810" name="/newroot/195/bus/file0" dev="overlay" ino=1059 res=1 errno=0 [ 608.240547][ C0] vkms_vblank_simulate: vblank timer overrun [ 608.319573][ T9087] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 608.570243][ C0] vkms_vblank_simulate: vblank timer overrun [ 609.047884][ T9092] netlink: 203516 bytes leftover after parsing attributes in process `syz.4.815'. [ 609.058422][ T9092] netlink: get zone limit has 8 unknown bytes [ 609.106497][ T29] audit: type=1400 audit(1723581972.319:540): avc: denied { write } for pid=9079 comm="syz.0.814" path="socket:[28623]" dev="sockfs" ino=28623 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 609.129984][ C0] vkms_vblank_simulate: vblank timer overrun [ 609.328344][ T5296] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 609.538277][ T5296] usb 2-1: Using ep0 maxpacket: 32 [ 609.549203][ T5296] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 609.591098][ T5296] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=20.79 [ 609.619022][ T29] audit: type=1400 audit(1723581972.859:541): avc: denied { nlmsg_write } for pid=9093 comm="syz.2.818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 609.647536][ T5296] usb 2-1: New USB device strings: Mfr=2, Product=236, SerialNumber=0 [ 609.664281][ T5296] usb 2-1: Product: syz [ 609.675561][ T5296] usb 2-1: Manufacturer: syz [ 609.696681][ T5296] usb 2-1: config 0 descriptor?? [ 609.715097][ T9090] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 610.838252][ T25] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 611.310150][ T4690] usb 2-1: USB disconnect, device number 12 [ 611.388783][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 611.643193][ T25] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 611.667679][ T9113] netlink: 16 bytes leftover after parsing attributes in process `syz.2.822'. [ 611.688666][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 611.709716][ T25] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 611.745716][ T25] usb 1-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=14.a8 [ 611.748712][ T9114] 9pnet: p9_errstr2errno: server reported unknown error œæøýÓ®“Ö¤jê˜ÚUç7µÀúªÅƒ [ 611.758998][ T25] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=24 [ 611.808205][ T25] usb 1-1: Product: syz [ 611.812441][ T25] usb 1-1: SerialNumber: syz [ 611.856360][ T25] usb 1-1: config 0 descriptor?? [ 611.886269][ T25] redrat3 1-1:0.0: Couldn't find all endpoints [ 612.286365][ T25] usb 1-1: USB disconnect, device number 8 [ 613.545100][ T29] audit: type=1400 audit(1723581976.789:542): avc: denied { setopt } for pid=9130 comm="syz.1.830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 613.648424][ T29] audit: type=1400 audit(1723581976.789:543): avc: denied { connect } for pid=9130 comm="syz.1.830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 614.645685][ T29] audit: type=1326 audit(1723581976.869:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9135 comm="syz.0.832" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc69c1799f9 code=0x0 [ 614.735032][ T9149] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 614.790994][ T9146] netlink: 28 bytes leftover after parsing attributes in process `syz.2.834'. [ 615.027065][ T9152] PM: Enabling pm_trace changes system date and time during resume. [ 615.027065][ T9152] PM: Correct system time has to be restored manually after resume. [ 616.460062][ T29] audit: type=1400 audit(1723581979.709:545): avc: denied { create } for pid=9161 comm="syz.4.839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 616.537385][ T29] audit: type=1400 audit(1723581979.779:546): avc: denied { setopt } for pid=9161 comm="syz.4.839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 617.079798][ T9169] netlink: 64 bytes leftover after parsing attributes in process `syz.1.843'. [ 617.095744][ T9169] netlink: 64 bytes leftover after parsing attributes in process `syz.1.843'. [ 617.398900][ T9] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 617.619590][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 617.620680][ T9185] input: syz0 as /devices/virtual/input/input14 [ 617.637192][ T9] usb 4-1: config 0 has an invalid interface number: 141 but max is 0 [ 617.671133][ T9] usb 4-1: config 0 has no interface number 0 [ 617.695808][ T9] usb 4-1: config 0 interface 141 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 617.728083][ T9] usb 4-1: config 0 interface 141 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 617.766770][ T9] usb 4-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 617.792993][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.808551][ T9] usb 4-1: Product: syz [ 617.816481][ T9] usb 4-1: Manufacturer: syz [ 617.837427][ T9] usb 4-1: SerialNumber: syz [ 617.868050][ T9] usb 4-1: config 0 descriptor?? [ 617.999813][ T8012] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 618.148113][ T9] usb 4-1: USB disconnect, device number 20 [ 618.208361][ T8012] usb 5-1: Using ep0 maxpacket: 8 [ 618.228969][ T8012] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 618.247933][ T8012] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.261720][ T8012] usb 5-1: Product: syz [ 618.266871][ T8012] usb 5-1: Manufacturer: syz [ 618.273142][ T8012] usb 5-1: SerialNumber: syz [ 618.285096][ T8012] usb 5-1: config 0 descriptor?? [ 618.375394][ T29] audit: type=1400 audit(1723581981.619:547): avc: denied { read } for pid=9193 comm="syz.2.853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 618.633802][ T8083] usb 5-1: USB disconnect, device number 13 [ 621.758360][ T8083] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 621.998262][ T8083] usb 5-1: Using ep0 maxpacket: 8 [ 622.029440][ T8083] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 622.063436][ T8083] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 622.104245][ T8083] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 622.142553][ T8083] usb 5-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=f6.82 [ 622.158217][ T8083] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.183064][ T8083] usb 5-1: Product: syz [ 622.193090][ T8083] usb 5-1: Manufacturer: syz [ 622.213494][ T8083] usb 5-1: SerialNumber: syz [ 622.248075][ T8083] usb 5-1: config 0 descriptor?? [ 622.449267][ T9226] netlink: 'syz.3.863': attribute type 10 has an invalid length. [ 622.520273][ T9228] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 622.539075][ T29] audit: type=1326 audit(1723581985.789:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9229 comm="syz.0.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69c1799f9 code=0x7ffc0000 [ 622.570830][ T9226] netlink: 4 bytes leftover after parsing attributes in process `syz.3.863'. [ 622.668279][ T29] audit: type=1326 audit(1723581985.789:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9229 comm="syz.0.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69c1799f9 code=0x7ffc0000 [ 622.750257][ T29] audit: type=1326 audit(1723581985.839:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9229 comm="syz.0.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc69c1799f9 code=0x7ffc0000 [ 622.812910][ T29] audit: type=1326 audit(1723581985.839:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9229 comm="syz.0.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69c1799f9 code=0x7ffc0000 [ 622.891005][ T29] audit: type=1326 audit(1723581985.839:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9229 comm="syz.0.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc69c1799f9 code=0x7ffc0000 [ 622.973343][ T29] audit: type=1326 audit(1723581985.839:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9229 comm="syz.0.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69c1799f9 code=0x7ffc0000 [ 623.021075][ T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 623.077570][ T29] audit: type=1326 audit(1723581985.839:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9229 comm="syz.0.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69c1799f9 code=0x7ffc0000 [ 623.174544][ T29] audit: type=1326 audit(1723581985.839:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9229 comm="syz.0.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc69c17b817 code=0x7ffc0000 [ 623.238545][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 623.288219][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.299542][ T29] audit: type=1326 audit(1723581985.839:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9229 comm="syz.0.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69c1799f9 code=0x7ffc0000 [ 623.327023][ T9236] No control pipe specified [ 623.337730][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 623.406616][ T9] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 623.440159][ T29] audit: type=1326 audit(1723581985.839:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9229 comm="syz.0.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69c1799f9 code=0x7ffc0000 [ 623.474569][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.549359][ T9] usb 1-1: config 0 descriptor?? [ 623.960601][ T8083] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 624.031480][ T25] usb 5-1: USB disconnect, device number 14 [ 624.053414][ T9] microsoft 0003:045E:07DA.000A: ignoring exceeding usage max [ 624.109109][ T9] microsoft 0003:045E:07DA.000A: No inputs registered, leaving [ 624.155644][ T9] microsoft 0003:045E:07DA.000A: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 624.172676][ T8083] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 624.210946][ T9] microsoft 0003:045E:07DA.000A: no inputs found [ 624.214480][ T8083] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 204, setting to 64 [ 624.236409][ T9] microsoft 0003:045E:07DA.000A: could not initialize ff, continuing anyway [ 624.286394][ T8083] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 624.300454][ T9241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 624.323554][ T8083] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.333152][ T9241] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 624.391376][ T8083] usb 4-1: config 0 descriptor?? [ 624.423315][ T9238] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 624.610300][ T8012] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 624.738425][ T8083] ath6kl: Failed to submit usb control message: -71 [ 624.758599][ T8083] ath6kl: unable to send the bmi data to the device: -71 [ 624.777658][ T8083] ath6kl: Unable to send get target info: -71 [ 624.814601][ T8012] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 624.832603][ T8083] ath6kl: Failed to init ath6kl core: -71 [ 624.852078][ T8083] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 624.862480][ T8012] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 624.913831][ T8012] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 624.929487][ T8083] usb 4-1: USB disconnect, device number 21 [ 625.005422][ T8012] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 625.063731][ T8012] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.114814][ T8012] usb 5-1: config 0 descriptor?? [ 625.575163][ T8012] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x4 [ 625.634750][ T8012] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 625.669894][ T8012] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 625.677954][ T8012] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 625.725874][ T8012] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 625.794284][ T8012] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 625.894056][ T8012] usb 5-1: USB disconnect, device number 15 [ 625.976421][ T5296] usb 1-1: USB disconnect, device number 9 [ 626.798418][ T9256] netlink: 'syz.4.876': attribute type 8 has an invalid length. [ 627.138368][ T9256] netlink: 161700 bytes leftover after parsing attributes in process `syz.4.876'. [ 627.847702][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 627.847724][ T29] audit: type=1400 audit(1723581991.089:565): avc: denied { write } for pid=9265 comm="syz.2.877" name="ptp0" dev="devtmpfs" ino=1075 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 630.109335][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.117044][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 631.645891][ T9313] fuse: Bad value for 'fd' [ 637.174966][ T29] audit: type=1326 audit(1723582000.419:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9327 comm="syz.4.899" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2b56f799f9 code=0x0 [ 637.296067][ T29] audit: type=1400 audit(1723582000.489:567): avc: denied { append } for pid=9327 comm="syz.4.899" name="event3" dev="devtmpfs" ino=841 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 637.322699][ T9315] team0: Port device team_slave_0 removed [ 637.357168][ T9315] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 637.457133][ T9338] tipc: Started in network mode [ 637.511784][ T29] audit: type=1326 audit(1723582000.749:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9753799f9 code=0x7fc00000 [ 637.543933][ T9338] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 637.601099][ T9338] tipc: Enabling of bearer rejected, failed to enable media [ 638.108460][ T29] audit: type=1326 audit(1723582001.339:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9753799f9 code=0x7fc00000 [ 638.383354][ T29] audit: type=1326 audit(1723582001.339:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fb9753799f9 code=0x7fc00000 [ 638.466256][ T29] audit: type=1326 audit(1723582001.339:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9753799f9 code=0x7fc00000 [ 638.558673][ T29] audit: type=1326 audit(1723582001.389:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9753799f9 code=0x7fc00000 [ 639.367594][ T29] audit: type=1326 audit(1723582001.389:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9753799f9 code=0x7fc00000 [ 639.448041][ T29] audit: type=1326 audit(1723582001.389:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9753799f9 code=0x7fc00000 [ 639.522681][ T29] audit: type=1326 audit(1723582001.399:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9753799f9 code=0x7fc00000 [ 640.618358][ T5296] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 640.838690][ T5296] usb 1-1: Using ep0 maxpacket: 16 [ 640.857214][ T5296] usb 1-1: config 0 has no interfaces? [ 640.893954][ T5296] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 640.924400][ T5296] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 640.928353][ T25] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 641.009076][ T5296] usb 1-1: Manufacturer: syz [ 641.061440][ T5296] usb 1-1: config 0 descriptor?? [ 641.238223][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 641.547432][ T9361] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 641.548760][ T25] usb 5-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=f8.a6 [ 641.572913][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.585422][ T25] usb 5-1: Product: syz [ 641.608483][ T25] usb 5-1: Manufacturer: syz [ 642.038204][ T25] usb 5-1: SerialNumber: syz [ 642.089668][ T25] usb 5-1: config 0 descriptor?? [ 642.130843][ T9361] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 642.169440][ T9361] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 642.178376][ T25] usb 5-1: can't set config #0, error -71 [ 642.191496][ T25] usb 5-1: USB disconnect, device number 16 [ 642.231802][ T9361] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 642.316398][ T9361] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 642.385500][ T5261] Bluetooth: hci0: command 0x0406 tx timeout [ 642.495966][ T9361] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 642.523148][ T5296] usb 1-1: USB disconnect, device number 10 [ 645.620547][ T9436] dccp_v6_rcv: dropped packet with invalid checksum [ 646.909573][ T9444] vivid-007: ================= START STATUS ================= [ 646.918383][ T9444] vivid-007: Enable Output Cropping: true [ 646.924648][ T9444] vivid-007: Enable Output Composing: true [ 646.930636][ T9444] vivid-007: Enable Output Scaler: true [ 646.936205][ T9444] vivid-007: Tx RGB Quantization Range: Automatic [ 646.942743][ T9444] vivid-007: Transmit Mode: HDMI [ 646.947728][ T9444] vivid-007: Hotplug Present: 0x00000000 [ 646.953447][ T9444] vivid-007: RxSense Present: 0x00000000 [ 646.959126][ T9444] vivid-007: EDID Present: 0x00000000 [ 646.965896][ T9444] vivid-007: ================== END STATUS ================== [ 648.700861][ T9448] xt_ipcomp: unknown flags 12 [ 648.828437][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 648.828460][ T29] audit: type=1400 audit(1723582012.059:581): avc: denied { mount } for pid=9453 comm="syz.1.937" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 648.946522][ T29] audit: type=1400 audit(1723582012.079:582): avc: denied { remount } for pid=9453 comm="syz.1.937" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 649.022029][ T29] audit: type=1400 audit(1723582012.199:583): avc: denied { unmount } for pid=8280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 649.178692][ T9459] SELinux: Context system_u:object_r: is not valid (left unmapped). [ 649.188360][ T29] audit: type=1400 audit(1723582012.429:584): avc: denied { relabelto } for pid=9458 comm="syz.2.939" name="" dev="pipefs" ino=30309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:" [ 649.551512][ T29] audit: type=1400 audit(1723582012.779:585): avc: denied { ioctl } for pid=9465 comm="syz.0.942" path="socket:[30333]" dev="sockfs" ino=30333 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 649.614139][ T9469] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 651.191418][ T29] audit: type=1326 audit(1723582013.629:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9478 comm="syz.4.946" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2b56f799f9 code=0x0 [ 652.991134][ T9503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 653.144289][ T29] audit: type=1326 audit(1723582016.129:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9497 comm="syz.1.952" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1fa09799f9 code=0x0 [ 654.528840][ T5297] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 654.541163][ T9517] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 654.577661][ T9514] syz.4.957: attempt to access beyond end of device [ 654.577661][ T9514] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 654.639390][ T9514] EXT4-fs (nbd4): unable to read superblock [ 654.711074][ T9520] ALSA: seq fatal error: cannot create timer (-22) [ 654.747768][ T5297] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 654.761049][ T9520] ALSA: seq fatal error: cannot create timer (-22) [ 654.792460][ T5297] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 654.806937][ T5250] Bluetooth: hci0: unexpected event for opcode 0x0c47 [ 654.818574][ T5297] usb 2-1: Product: syz [ 654.822804][ T5297] usb 2-1: Manufacturer: syz [ 654.827448][ T5297] usb 2-1: SerialNumber: syz [ 654.925091][ T5297] usb 2-1: config 0 descriptor?? [ 654.957530][ T5297] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 013 [ 655.160370][ T9527] netlink: 20 bytes leftover after parsing attributes in process `syz.4.964'. [ 655.186778][ T5297] (null): failure setting delay to 10us [ 655.228330][ T5297] i2c-tiny-usb 2-1:0.0: probe with driver i2c-tiny-usb failed with error -5 [ 655.450544][ T9532] program syz.2.963 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 656.105911][ T5297] usb 2-1: USB disconnect, device number 13 [ 656.561139][ T29] audit: type=1400 audit(1723582019.809:588): avc: denied { getopt } for pid=9531 comm="syz.3.966" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 657.406246][ T9552] autofs: Bad value for 'fd' [ 657.746659][ T5250] Bluetooth: hci3: command 0x0406 tx timeout [ 658.760748][ T29] audit: type=1400 audit(1723582022.009:589): avc: denied { ioctl } for pid=9564 comm="syz.1.975" path="/dev/nullb0" dev="devtmpfs" ino=682 ioctlcmd=0x1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 658.869022][ T5261] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 658.878067][ T5261] Bluetooth: hci0: Injecting HCI hardware error event [ 658.891291][ T5250] Bluetooth: hci0: hardware error 0x00 [ 660.142321][ T29] audit: type=1400 audit(1723582023.379:590): avc: denied { create } for pid=9569 comm="syz.4.978" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 660.254054][ T9579] mkiss: ax0: crc mode is auto. [ 660.280410][ T29] audit: type=1400 audit(1723582023.529:591): avc: denied { setopt } for pid=9569 comm="syz.4.978" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 661.028487][ T5250] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 661.646537][ T9579] IPVS: sh: TCP 172.20.20.170:0 - no destination available [ 661.950089][ T29] audit: type=1400 audit(1723582025.199:592): avc: denied { ioctl } for pid=9572 comm="syz.2.979" path="socket:[30501]" dev="sockfs" ino=30501 ioctlcmd=0x8903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 662.698838][ C1] IPVS: sh: TCP 172.20.20.170:0 - no destination available [ 662.961479][ T29] audit: type=1804 audit(1723582025.569:593): pid=9593 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.1.983" name="/newroot/68/file0" dev="fuse" ino=1 res=1 errno=0 [ 663.553803][ T29] audit: type=1400 audit(1723582026.799:594): avc: denied { cmd } for pid=9603 comm="syz.3.987" path="socket:[30746]" dev="sockfs" ino=30746 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 665.095062][ T29] audit: type=1400 audit(1723582028.339:595): avc: denied { ioctl } for pid=9616 comm="syz.4.992" path="socket:[30557]" dev="sockfs" ino=30557 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 665.725134][ T29] audit: type=1326 audit(1723582028.969:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9626 comm="syz.0.994" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc69c1799f9 code=0x0 [ 666.030810][ T9638] netlink: 'syz.3.998': attribute type 5 has an invalid length. [ 666.089017][ T5297] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 666.171334][ T9640] netlink: 'syz.4.997': attribute type 1 has an invalid length. [ 666.179947][ T9640] netlink: 'syz.4.997': attribute type 2 has an invalid length. [ 666.308230][ T5297] usb 2-1: Using ep0 maxpacket: 8 [ 666.512599][ T5297] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 666.941374][ T5297] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 666.952230][ T5297] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 666.962472][ T5297] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 666.972723][ T5297] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 667.193431][ T5297] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 667.495750][ T5297] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 667.560354][ T5297] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 667.608798][ T5297] usb 2-1: Product: syz [ 667.625830][ T5297] usb 2-1: Manufacturer: syz [ 667.650635][ T5297] usb 2-1: SerialNumber: syz [ 667.777364][ T29] audit: type=1400 audit(1723582031.019:597): avc: denied { ioctl } for pid=9650 comm="syz.0.1002" path="socket:[30845]" dev="sockfs" ino=30845 ioctlcmd=0x8b36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 667.975222][ T5297] cdc_ncm 2-1:1.0: bind() failure [ 668.014437][ T5297] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 668.028791][ T9655] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9655 comm=syz.2.1004 [ 668.045594][ T5297] cdc_ncm 2-1:1.1: bind() failure [ 668.059008][ T29] audit: type=1400 audit(1723582031.309:598): avc: denied { nlmsg_read } for pid=9654 comm="syz.2.1004" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 668.089071][ T5297] usb 2-1: USB disconnect, device number 14 [ 668.140967][ T9655] netlink: 'syz.2.1004': attribute type 1 has an invalid length. [ 668.144101][ T5250] Bluetooth: hci3: unexpected event for opcode 0x0c46 [ 668.604931][ T9674] bridge0: port 3(gretap0) entered blocking state [ 668.618976][ T9674] bridge0: port 3(gretap0) entered disabled state [ 668.630800][ T9674] gretap0: entered allmulticast mode [ 668.647969][ T9674] gretap0: entered promiscuous mode [ 668.671022][ T9674] bridge0: port 3(gretap0) entered blocking state [ 668.679862][ T9674] bridge0: port 3(gretap0) entered forwarding state [ 668.747815][ T9677] gretap0: left allmulticast mode [ 668.768382][ T9677] gretap0: left promiscuous mode [ 668.777032][ T9677] bridge0: port 3(gretap0) entered disabled state [ 669.208302][ T1196] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 669.378379][ T5297] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 669.401426][ T1196] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 669.445012][ T1196] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 669.493955][ T1196] usb 2-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18 [ 669.509575][ T1196] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.528214][ T1196] usb 2-1: Product: syz [ 669.538707][ T1196] usb 2-1: Manufacturer: syz [ 669.551961][ T1196] usb 2-1: SerialNumber: syz [ 669.575158][ T1196] usb 2-1: config 0 descriptor?? [ 669.610925][ T5297] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 669.666897][ T5297] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 669.713692][ T5297] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 669.749952][ T9694] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1018'. [ 669.751295][ T5297] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 669.909631][ T5297] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 669.929839][ T5297] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 669.947609][ T5297] usb 1-1: Manufacturer: syz [ 670.000684][ T1196] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 670.003690][ T5297] usb 1-1: config 0 descriptor?? [ 670.259085][ T1196] usb 2-1: USB disconnect, device number 15 [ 670.548337][ T9701] udevd[9701]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 670.613831][ T5297] appleir 0003:05AC:8243.000C: unknown main item tag 0x0 [ 670.638528][ T9699] netlink: 'syz.3.1019': attribute type 33 has an invalid length. [ 670.697438][ T5297] appleir 0003:05AC:8243.000C: No inputs registered, leaving [ 670.851623][ T5297] appleir 0003:05AC:8243.000C: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 671.109400][ T5297] usb 1-1: USB disconnect, device number 11 [ 672.218377][ T5261] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 672.227300][ T5261] Bluetooth: hci3: Injecting HCI hardware error event [ 673.940006][ T8012] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 674.228011][ T5261] Bluetooth: hci3: command 0x0406 tx timeout [ 674.236127][ T5250] Bluetooth: hci3: hardware error 0x00 [ 674.318782][ T9732] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1025'. [ 674.629024][ T9732] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1025'. [ 675.182500][ T8012] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 675.203911][ T8012] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 675.216735][ T8012] usb 3-1: Product: syz [ 675.221100][ T8012] usb 3-1: Manufacturer: syz [ 675.225744][ T8012] usb 3-1: SerialNumber: syz [ 675.245618][ T8012] usb 3-1: config 0 descriptor?? [ 675.424024][ T29] audit: type=1400 audit(1723647803.676:599): avc: denied { bind } for pid=9737 comm="syz.0.1027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 675.496174][ T8012] usb 3-1: USB disconnect, device number 7 [ 675.872300][ T5297] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 677.050363][ T5297] usb 2-1: Using ep0 maxpacket: 8 [ 677.114010][ T5297] usb 2-1: New USB device found, idVendor=10fd, idProduct=de00, bcdDevice= 0.01 [ 677.178728][ T5250] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 677.186023][ T5297] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.199857][ T5297] usb 2-1: Product: syz [ 677.204151][ T5297] usb 2-1: Manufacturer: syz [ 677.210903][ T5297] usb 2-1: SerialNumber: syz [ 677.228879][ T5297] usb 2-1: config 0 descriptor?? [ 677.244081][ T5297] go7007 2-1:0.0: The Lifeview TV Walker Ultra is not supported. Sorry! [ 677.255698][ T29] audit: type=1400 audit(1723647805.486:600): avc: denied { transfer } for pid=9753 comm="syz.4.1035" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 677.799739][ T29] audit: type=1400 audit(1723647805.996:601): avc: denied { create } for pid=9761 comm="syz.3.1037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 678.304445][ T29] audit: type=1400 audit(1723647806.006:602): avc: denied { ioctl } for pid=9761 comm="syz.3.1037" path="socket:[31011]" dev="sockfs" ino=31011 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 678.441133][ T5312] usb 2-1: USB disconnect, device number 16 [ 679.308376][ T4690] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 679.316790][ T29] audit: type=1400 audit(1723647807.566:603): avc: denied { append } for pid=9776 comm="syz.1.1042" name="sg0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 679.561123][ T4690] usb 3-1: config 0 has an invalid interface number: 61 but max is 0 [ 679.588679][ T4690] usb 3-1: config 0 has no interface number 0 [ 679.627931][ T4690] usb 3-1: New USB device found, idVendor=17cc, idProduct=1010, bcdDevice=fe.09 [ 679.663190][ T4690] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.721179][ T4690] usb 3-1: config 0 descriptor?? [ 679.912759][ T29] audit: type=1400 audit(1723647808.166:604): avc: denied { read } for pid=9782 comm="syz.1.1047" name="nvram" dev="devtmpfs" ino=625 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 680.044269][ T4690] snd-usb-audio 3-1:0.61: probe with driver snd-usb-audio failed with error -71 [ 680.061415][ T29] audit: type=1400 audit(1723647808.166:605): avc: denied { open } for pid=9782 comm="syz.1.1047" path="/dev/nvram" dev="devtmpfs" ino=625 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 680.104719][ T29] audit: type=1400 audit(1723647808.266:606): avc: denied { name_bind } for pid=9782 comm="syz.1.1047" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 680.124419][ T4690] usb 3-1: USB disconnect, device number 8 [ 680.211446][ T9789] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1048'. [ 680.288660][ T5312] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 680.794172][ T9793] vxfs: WRONG superblock magic 00000000 at 1 [ 680.820334][ T9793] vxfs: WRONG superblock magic 00000000 at 8 [ 680.826500][ T9793] vxfs: can't find superblock. [ 682.308218][ T5312] usb 2-1: Using ep0 maxpacket: 8 [ 682.329530][ T5312] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 682.378228][ T5312] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 682.428315][ T5312] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 682.477988][ T5312] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 682.538190][ T5312] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 682.578472][ T5312] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 682.596814][ T5312] usb 2-1: New USB device strings: Mfr=0, Product=64, SerialNumber=0 [ 682.615773][ T5312] usb 2-1: Product: syz [ 682.636974][ T9802] netlink: 2036 bytes leftover after parsing attributes in process `syz.0.1050'. [ 682.660123][ T9802] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1050'. [ 682.860583][ T5312] usb 2-1: usb_control_msg returned -71 [ 682.938072][ T5312] usbtmc 2-1:16.0: can't read capabilities [ 683.500949][ T5312] usb 2-1: USB disconnect, device number 17 [ 683.831024][ T9812] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1054'. [ 684.619674][ T9816] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1055'. [ 684.823608][ T9821] team0: entered promiscuous mode [ 684.865937][ T9821] team_slave_1: entered promiscuous mode [ 684.941303][ T9823] team0: left promiscuous mode [ 685.008324][ T9823] team_slave_1: left promiscuous mode [ 685.032908][ T9816] batadv_slave_1: entered promiscuous mode [ 685.481290][ T9829] No such timeout policy "syz1" [ 685.674581][ T9810] batadv_slave_1: left promiscuous mode [ 685.686433][ T29] audit: type=1326 audit(1723647813.936:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9798 comm="syz.4.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b56f799f9 code=0x7fc00000 [ 687.138233][ T9853] netlink: 'syz.1.1064': attribute type 30 has an invalid length. [ 687.565736][ T9851] netlink: 'syz.2.1065': attribute type 1 has an invalid length. [ 687.614404][ T9851] netlink: 512 bytes leftover after parsing attributes in process `syz.2.1065'. [ 687.648792][ T9851] netlink: 'syz.2.1065': attribute type 11 has an invalid length. [ 687.660528][ T9851] netlink: 211132 bytes leftover after parsing attributes in process `syz.2.1065'. [ 687.727819][ T9855] 9pnet_fd: Insufficient options for proto=fd [ 688.010477][ T5261] Bluetooth: hci6: sending frame failed (-49) [ 688.018578][ T5250] Bluetooth: hci6: Opcode 0x1003 failed: -49 [ 688.489956][ T9869] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1068'. [ 690.704234][ T9861] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1068'. [ 691.519396][ T9890] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 691.539462][ T9890] cramfs: wrong magic [ 691.666029][ T9890] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1076'. [ 691.790007][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 692.352708][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 693.396244][ T9904] No such timeout policy "syz1" [ 695.662987][ T29] audit: type=1400 audit(1723647823.916:608): avc: denied { setopt } for pid=9928 comm="syz.0.1091" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 695.680734][ T5250] Bluetooth: hci1: unexpected event for opcode 0x204e [ 696.604634][ T29] audit: type=1400 audit(1723647824.736:609): avc: denied { mount } for pid=9935 comm="syz.0.1093" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 697.551379][ T29] audit: type=1400 audit(1723647824.786:610): avc: denied { search } for pid=9935 comm="syz.0.1093" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 697.608708][ T29] audit: type=1400 audit(1723647825.486:611): avc: denied { unmount } for pid=8246 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 698.486396][ T9946] No such timeout policy "syz1" [ 699.438944][ T29] audit: type=1400 audit(1723647827.676:612): avc: denied { write } for pid=9954 comm="syz.3.1099" name="card0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 700.072506][ T9963] netlink: 3084 bytes leftover after parsing attributes in process `syz.0.1100'. [ 700.116921][ T9963] netlink: 'syz.0.1100': attribute type 1 has an invalid length. [ 700.189370][ T9963] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.1100'. [ 701.724300][ T9977] netlink: 'syz.0.1104': attribute type 2 has an invalid length. [ 701.748457][ T9977] : entered promiscuous mode [ 702.139832][ T9981] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1104'. [ 702.148970][ T9981] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1104'. [ 703.482819][ T29] audit: type=1400 audit(1723647831.636:613): avc: denied { bind } for pid=9984 comm="syz.2.1107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 703.640231][ T29] audit: type=1400 audit(1723647831.896:614): avc: denied { execute } for pid=9986 comm="syz.1.1106" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=32139 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 704.531055][ T8012] IPVS: starting estimator thread 0... [ 704.628395][ T9997] IPVS: using max 17 ests per chain, 40800 per kthread [ 705.883102][T10013] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1115'. [ 706.868985][ T9] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 707.479395][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 708.369420][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 714.244073][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 714.255534][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 714.534610][ T9] usb 5-1: string descriptor 0 read error: -71 [ 714.548808][ T9] usb 5-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=14.a8 [ 714.636218][ T9] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=24 [ 714.749702][ T9] usb 5-1: config 0 descriptor?? [ 714.815243][ T9] usb 5-1: can't set config #0, error -71 [ 714.902709][ T9] usb 5-1: USB disconnect, device number 17 [ 715.189361][T10025] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1118'. [ 717.179734][ T5261] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 717.218860][ T5261] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 717.238641][ T5261] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 717.266712][ T5261] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 717.281038][ T5261] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 717.288932][ T8873] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 717.309229][ T5261] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 717.317937][ T8873] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 717.328603][ T8873] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 717.358334][ T5261] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 717.379297][ T5250] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 717.387230][ T5250] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 717.628422][ T5260] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 717.639138][ T5260] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 717.659162][ T5260] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 717.728574][ T5260] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 717.759972][ T5260] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 717.769190][ T5260] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 718.274287][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.799507][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.909655][ T5260] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 718.929866][ T5260] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 718.942874][ T5260] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 718.953835][ T5260] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 718.966417][ T5260] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 718.978572][ T5260] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 719.227965][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.433504][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.498769][ T5261] Bluetooth: hci1: command tx timeout [ 719.507339][ T5261] Bluetooth: hci0: command tx timeout [ 719.899005][ T5261] Bluetooth: hci6: command tx timeout [ 720.351992][ T35] bridge_slave_1: left allmulticast mode [ 720.357717][ T35] bridge_slave_1: left promiscuous mode [ 720.385313][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 720.416280][ T35] bridge_slave_0: left allmulticast mode [ 720.447123][ T35] bridge_slave_0: left promiscuous mode [ 720.467244][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 721.018875][ T5261] Bluetooth: hci2: command tx timeout [ 721.581249][ T5261] Bluetooth: hci0: command tx timeout [ 721.586828][ T5261] Bluetooth: hci1: command tx timeout [ 721.624847][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 721.640972][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 721.653169][ T35] bond0 (unregistering): Released all slaves [ 721.743720][T10061] sp0: Synchronizing with TNC [ 721.850405][T10040] chnl_net:caif_netlink_parms(): no params data found [ 721.872243][ T35] : left promiscuous mode [ 721.978914][ T5261] Bluetooth: hci6: command tx timeout [ 722.196627][T10043] chnl_net:caif_netlink_parms(): no params data found [ 722.291263][T10038] chnl_net:caif_netlink_parms(): no params data found [ 722.338265][ T8012] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 722.387127][T10040] bridge0: port 1(bridge_slave_0) entered blocking state [ 722.397330][T10040] bridge0: port 1(bridge_slave_0) entered disabled state [ 722.408859][T10040] bridge_slave_0: entered allmulticast mode [ 722.417356][T10040] bridge_slave_0: entered promiscuous mode [ 722.531691][ T8012] usb 5-1: Using ep0 maxpacket: 16 [ 722.537682][T10040] bridge0: port 2(bridge_slave_1) entered blocking state [ 722.560132][ T8012] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 722.574547][T10040] bridge0: port 2(bridge_slave_1) entered disabled state [ 722.585054][T10040] bridge_slave_1: entered allmulticast mode [ 722.594758][ T8012] usb 5-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82 [ 722.606170][T10040] bridge_slave_1: entered promiscuous mode [ 722.612062][ T8012] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 722.628308][ T8012] usb 5-1: Product: syz [ 722.632525][ T8012] usb 5-1: Manufacturer: syz [ 722.637147][ T8012] usb 5-1: SerialNumber: syz [ 722.646396][ T8012] usb 5-1: config 0 descriptor?? [ 722.655874][ T8012] kobil_sct 5-1:0.0: KOBIL USB smart card terminal converter detected [ 722.697304][ T8012] usb 5-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 722.989927][ T8012] usb 5-1: USB disconnect, device number 18 [ 723.019726][ T8012] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 723.034570][ T8012] kobil_sct 5-1:0.0: device disconnected [ 723.072170][T10040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 723.099800][ T5261] Bluetooth: hci2: command tx timeout [ 723.144387][ T35] hsr_slave_0: left promiscuous mode [ 723.154902][ T35] hsr_slave_1: left promiscuous mode [ 723.162107][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 723.169732][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 723.178060][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 723.185773][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 723.225716][ T35] veth1_macvtap: left promiscuous mode [ 723.231535][ T35] veth0_macvtap: left promiscuous mode [ 723.237228][ T35] veth1_vlan: left promiscuous mode [ 723.242816][ T35] veth0_vlan: left promiscuous mode [ 723.658428][ T5260] Bluetooth: hci0: command tx timeout [ 723.664066][ T5261] Bluetooth: hci1: command tx timeout [ 724.058416][ T5261] Bluetooth: hci6: command tx timeout [ 724.602788][ T35] team0 (unregistering): Port device team_slave_1 removed [ 724.758735][ T35] team0 (unregistering): Port device team_slave_0 removed [ 725.182819][ T5261] Bluetooth: hci2: command tx timeout [ 725.676413][T10045] chnl_net:caif_netlink_parms(): no params data found [ 725.717031][T10040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 725.727811][T10089] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1134'. [ 725.748377][ T5260] Bluetooth: hci0: command tx timeout [ 725.755409][ T5261] Bluetooth: hci1: command tx timeout [ 725.979512][T10040] team0: Port device team_slave_0 added [ 726.288349][ T5261] Bluetooth: hci6: command tx timeout [ 726.305951][T10038] bridge0: port 1(bridge_slave_0) entered blocking state [ 726.333698][T10038] bridge0: port 1(bridge_slave_0) entered disabled state [ 726.348838][T10038] bridge_slave_0: entered allmulticast mode [ 726.383247][T10038] bridge_slave_0: entered promiscuous mode [ 726.791862][T10099] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11) [ 726.799366][T10099] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 726.811082][T10099] vhci_hcd vhci_hcd.0: Device attached [ 726.952129][T10100] usbip_core: unknown command [ 726.956965][T10100] vhci_hcd: unknown pdu 1777943252 [ 726.983073][T10100] usbip_core: unknown command [ 727.045374][ T62] vhci_hcd: stop threads [ 727.077347][ T62] vhci_hcd: release socket [ 727.351528][ T5261] Bluetooth: hci2: command tx timeout [ 727.502677][ T62] vhci_hcd: disconnect device [ 727.512555][ T5296] usb 17-1: new low-speed USB device number 2 using vhci_hcd [ 727.542920][ T5296] usb 17-1: enqueue for inactive port 0 [ 727.607385][T10043] bridge0: port 1(bridge_slave_0) entered blocking state [ 727.639802][T10043] bridge0: port 1(bridge_slave_0) entered disabled state [ 727.664172][ T5296] vhci_hcd: vhci_device speed not set [ 727.679447][T10043] bridge_slave_0: entered allmulticast mode [ 727.851758][T10043] bridge_slave_0: entered promiscuous mode [ 727.928945][T10040] team0: Port device team_slave_1 added [ 728.019294][T10038] bridge0: port 2(bridge_slave_1) entered blocking state [ 728.026558][T10038] bridge0: port 2(bridge_slave_1) entered disabled state [ 728.077729][T10038] bridge_slave_1: entered allmulticast mode [ 728.118359][T10038] bridge_slave_1: entered promiscuous mode [ 728.296524][T10043] bridge0: port 2(bridge_slave_1) entered blocking state [ 728.319411][T10043] bridge0: port 2(bridge_slave_1) entered disabled state [ 728.345544][T10043] bridge_slave_1: entered allmulticast mode [ 728.360984][T10043] bridge_slave_1: entered promiscuous mode [ 728.409804][ T29] audit: type=1400 audit(1723647856.666:615): avc: denied { accept } for pid=10107 comm="syz.4.1136" lport=54229 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 728.463456][ T29] audit: type=1400 audit(1723647856.686:616): avc: denied { setopt } for pid=10107 comm="syz.4.1136" lport=54229 faddr=fc00:: scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 728.665854][T10038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 728.775692][T10040] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 728.783669][T10040] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 728.810008][T10040] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 728.826467][T10040] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 728.834731][T10040] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 728.861622][T10040] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 728.883971][T10038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 728.977385][T10043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 729.084474][T10045] bridge0: port 1(bridge_slave_0) entered blocking state [ 729.092260][T10045] bridge0: port 1(bridge_slave_0) entered disabled state [ 729.100203][T10045] bridge_slave_0: entered allmulticast mode [ 729.108025][T10045] bridge_slave_0: entered promiscuous mode [ 729.127940][T10043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 729.333553][T10038] team0: Port device team_slave_0 added [ 729.357134][T10045] bridge0: port 2(bridge_slave_1) entered blocking state [ 729.368699][T10045] bridge0: port 2(bridge_slave_1) entered disabled state [ 729.386427][T10045] bridge_slave_1: entered allmulticast mode [ 729.408732][T10045] bridge_slave_1: entered promiscuous mode [ 729.582097][T10040] hsr_slave_0: entered promiscuous mode [ 729.676390][T10127] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 730.110692][T10040] hsr_slave_1: entered promiscuous mode [ 730.185036][T10038] team0: Port device team_slave_1 added [ 730.274890][T10045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 730.330526][T10043] team0: Port device team_slave_0 added [ 730.369598][T10043] team0: Port device team_slave_1 added [ 730.497944][T10045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 730.635127][T10043] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 730.663466][T10043] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 730.698817][T10043] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 730.846663][T10045] team0: Port device team_slave_0 added [ 730.857329][T10043] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 730.865929][T10043] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 730.896136][T10043] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 730.952798][T10038] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 730.966799][T10038] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 730.997108][T10038] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 731.014175][T10045] team0: Port device team_slave_1 added [ 731.147337][T10038] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 731.167797][T10038] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 731.235526][T10038] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 731.737922][ T35] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.800214][T10045] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 731.828788][T10045] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 731.866282][T10045] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 731.995966][ T35] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.146272][T10038] hsr_slave_0: entered promiscuous mode [ 732.160866][T10038] hsr_slave_1: entered promiscuous mode [ 732.169996][T10038] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 732.177612][T10038] Cannot create hsr debugfs directory [ 732.354678][T10045] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 732.362012][T10045] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 732.389913][T10045] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 732.476236][ T35] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.553624][T10043] hsr_slave_0: entered promiscuous mode [ 732.587607][T10043] hsr_slave_1: entered promiscuous mode [ 732.615172][T10043] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 732.633388][T10043] Cannot create hsr debugfs directory [ 732.646629][ T29] audit: type=1400 audit(1723647860.896:617): avc: denied { read } for pid=10155 comm="syz.4.1141" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 732.825677][ T35] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 734.049300][T10040] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 734.184655][T10045] hsr_slave_0: entered promiscuous mode [ 734.206396][T10045] hsr_slave_1: entered promiscuous mode [ 734.228190][T10045] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 734.262626][T10045] Cannot create hsr debugfs directory [ 734.342541][ T29] audit: type=1400 audit(1723647862.596:618): avc: denied { write } for pid=10163 comm="syz.4.1144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 734.428522][T10040] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 734.814394][T10040] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.237143][T10040] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 736.503249][ T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 736.671031][ T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 736.730667][ T8083] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 736.800832][ T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 736.924479][ T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 736.931146][ T8083] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 736.957516][ T8083] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 736.977595][ T8083] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 736.985840][T10040] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 736.997789][ T8083] usb 5-1: SerialNumber: syz [ 737.069281][T10040] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 737.123138][T10040] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 737.157174][T10040] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 737.387524][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.478796][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.486358][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.523607][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.559091][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.577483][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.607392][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.609810][ T35] bridge_slave_1: left allmulticast mode [ 737.633990][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.655599][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.666795][ T35] bridge_slave_1: left promiscuous mode [ 737.676219][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.688025][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.702537][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.703950][ T35] bridge_slave_0: left allmulticast mode [ 737.715877][ T35] bridge_slave_0: left promiscuous mode [ 737.723981][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.724481][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.756866][ T35] bridge_slave_1: left allmulticast mode [ 737.759934][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.773118][ T35] bridge_slave_1: left promiscuous mode [ 737.778238][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.786585][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.788614][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.805838][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.814184][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.827651][ T35] bridge_slave_0: left allmulticast mode [ 737.837183][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.843592][ T35] bridge_slave_0: left promiscuous mode [ 737.850840][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.859131][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.866589][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.889296][ T35] bridge_slave_1: left allmulticast mode [ 737.890152][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.900811][ T35] bridge_slave_1: left promiscuous mode [ 737.918264][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.920615][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.925699][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.950512][ T35] bridge_slave_0: left allmulticast mode [ 737.966590][ T35] bridge_slave_0: left promiscuous mode [ 737.968693][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.977035][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.985035][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 737.995959][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.018848][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.026317][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.047226][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.069884][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.077347][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.099011][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.107306][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.124942][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.133597][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.142083][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.152696][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.161466][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.169405][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.176948][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.185379][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.193322][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.208282][ T9] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 738.231016][ T9] hid-generic 0000:0000:0000.000D: hidraw0: HID v0.00 Device [syz0] on syz0 [ 738.293022][ T25] usb 5-1: USB disconnect, device number 19 [ 739.020832][ T29] audit: type=1326 audit(1723647867.266:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.4.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b56f799f9 code=0x7ffc0000 [ 739.055618][ T29] audit: type=1326 audit(1723647867.266:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.4.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2b56f799f9 code=0x7ffc0000 [ 739.090230][ T29] audit: type=1326 audit(1723647867.266:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.4.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b56f799f9 code=0x7ffc0000 [ 739.122326][ T29] audit: type=1326 audit(1723647867.266:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.4.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b56f799f9 code=0x7ffc0000 [ 739.176048][ T29] audit: type=1326 audit(1723647867.266:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.4.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f2b56f799f9 code=0x7ffc0000 [ 739.218598][ T29] audit: type=1326 audit(1723647867.266:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.4.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b56f799f9 code=0x7ffc0000 [ 739.258014][ T29] audit: type=1326 audit(1723647867.266:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.4.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b56f799f9 code=0x7ffc0000 [ 739.315444][ T29] audit: type=1326 audit(1723647867.276:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.4.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f2b56f799f9 code=0x7ffc0000 [ 739.342457][ T29] audit: type=1326 audit(1723647867.276:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.4.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b56f799f9 code=0x7ffc0000 [ 739.366639][ T29] audit: type=1326 audit(1723647867.276:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.4.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b56f799f9 code=0x7ffc0000 [ 740.094698][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 740.110602][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 740.123495][ T35] bond0 (unregistering): Released all slaves [ 740.359719][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 740.373093][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 740.389818][ T35] bond0 (unregistering): Released all slaves [ 740.636014][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 740.650380][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 740.663055][ T35] bond0 (unregistering): Released all slaves [ 740.995995][ T35] tipc: Left network mode [ 741.373945][T10040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 741.764266][T10040] 8021q: adding VLAN 0 to HW filter on device team0 [ 742.731484][ T1065] bridge0: port 1(bridge_slave_0) entered blocking state [ 742.738996][ T1065] bridge0: port 1(bridge_slave_0) entered forwarding state [ 742.792168][ T7144] bridge0: port 2(bridge_slave_1) entered blocking state [ 742.799493][ T7144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 747.079693][T10224] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1154'. [ 747.614739][ T35] hsr_slave_0: left promiscuous mode [ 747.621915][ T35] hsr_slave_1: left promiscuous mode [ 747.629391][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 747.636843][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 747.653399][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 747.666332][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 747.690748][ T35] hsr_slave_0: left promiscuous mode [ 747.699712][ T35] hsr_slave_1: left promiscuous mode [ 747.717736][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 747.729274][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 747.741625][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 747.769666][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 747.801247][ T35] hsr_slave_0: left promiscuous mode [ 747.817691][ T35] hsr_slave_1: left promiscuous mode [ 747.823163][T10227] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10227 comm=syz.4.1155 [ 747.898690][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 747.906209][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 747.925187][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 747.936118][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 748.057849][ T35] veth1_macvtap: left promiscuous mode [ 748.063690][ T35] veth0_macvtap: left promiscuous mode [ 748.070777][ T35] veth1_vlan: left promiscuous mode [ 748.077155][ T35] veth0_vlan: left promiscuous mode [ 748.096254][ T35] veth1_macvtap: left promiscuous mode [ 748.102196][ T35] veth0_macvtap: left promiscuous mode [ 748.108322][ T35] veth1_vlan: left promiscuous mode [ 748.114167][ T35] veth0_vlan: left promiscuous mode [ 748.128932][ T35] veth1_macvtap: left promiscuous mode [ 748.134664][ T35] veth0_macvtap: left promiscuous mode [ 748.142719][ T35] veth1_vlan: left promiscuous mode [ 748.148521][ T35] veth0_vlan: left promiscuous mode [ 749.283199][ T29] audit: type=1326 audit(1723647877.536:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10228 comm="syz.4.1156" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2b56f799f9 code=0x0 [ 750.072641][ T35] team0 (unregistering): Port device team_slave_1 removed [ 750.156866][ T35] team0 (unregistering): Port device team_slave_0 removed [ 751.694668][ T35] team0 (unregistering): Port device team_slave_1 removed [ 751.767630][ T35] team0 (unregistering): Port device team_slave_0 removed [ 752.955037][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.961911][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 753.247977][ T35] team0 (unregistering): Port device team_slave_1 removed [ 754.793812][T10040] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 754.845269][T10043] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 754.894678][T10043] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 754.932045][T10238] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1157'. [ 754.946518][T10043] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 754.990655][T10043] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 755.115813][T10238] Êü: entered promiscuous mode [ 755.594511][T10040] veth0_vlan: entered promiscuous mode [ 755.635522][T10038] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 755.703553][T10038] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 755.747282][T10038] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 755.867406][T10038] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 755.983790][T10040] veth1_vlan: entered promiscuous mode [ 757.430624][T10045] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 757.454308][T10045] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 757.575465][T10040] veth0_macvtap: entered promiscuous mode [ 757.601281][T10045] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 757.631942][T10045] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 757.695928][T10043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 757.747415][T10040] veth1_macvtap: entered promiscuous mode [ 757.770157][T10246] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 757.834447][ T35] IPVS: stop unused estimator thread 0... [ 757.856650][ T35] IPVS: stop unused estimator thread 0... [ 757.865599][T10246] CIFS mount error: No usable UNC path provided in device string! [ 757.865599][T10246] [ 757.889240][T10246] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 757.942118][T10038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 758.003418][T10043] 8021q: adding VLAN 0 to HW filter on device team0 [ 758.086159][ T2528] bridge0: port 1(bridge_slave_0) entered blocking state [ 758.093455][ T2528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 758.122866][T10040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 758.148364][T10040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 758.158385][T10040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 758.168886][T10040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 758.189874][T10040] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 758.225720][ T2528] bridge0: port 2(bridge_slave_1) entered blocking state [ 758.232984][ T2528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 758.271007][T10038] 8021q: adding VLAN 0 to HW filter on device team0 [ 758.322247][T10040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 758.335196][T10040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 758.346193][T10040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 758.358002][T10040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 758.382401][T10040] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 758.406665][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 758.413909][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 758.511512][ T1101] bridge0: port 2(bridge_slave_1) entered blocking state [ 758.518808][ T1101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 758.576164][T10040] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 758.604346][T10040] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 758.614592][T10040] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 758.641729][T10040] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 759.256721][T10045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 759.458871][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 759.466753][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 759.691140][T10045] 8021q: adding VLAN 0 to HW filter on device team0 [ 759.860778][ T2528] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 759.920456][ T2528] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 760.367231][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 760.374598][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 760.561177][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 760.568524][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 760.777593][T10038] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 761.570729][T10043] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 761.623920][T10273] netlink: 456 bytes leftover after parsing attributes in process `syz.4.1164'. [ 761.669406][T10273] unsupported nlmsg_type 40 [ 761.772649][T10271] serio: Serial port pts0 [ 761.903441][T10038] veth0_vlan: entered promiscuous mode [ 762.008537][T10043] veth0_vlan: entered promiscuous mode [ 762.033251][T10038] veth1_vlan: entered promiscuous mode [ 762.287251][T10043] veth1_vlan: entered promiscuous mode [ 762.333894][T10287] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17522 sclass=netlink_route_socket pid=10287 comm=syz.3.1166 [ 762.570089][T10038] veth0_macvtap: entered promiscuous mode [ 762.596838][T10038] veth1_macvtap: entered promiscuous mode [ 762.635147][T10045] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 762.721749][T10043] veth0_macvtap: entered promiscuous mode [ 762.751686][T10043] veth1_macvtap: entered promiscuous mode [ 762.767200][T10038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 762.779452][T10038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 762.796945][T10038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 762.808254][T10038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 762.822989][T10038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 762.835080][T10038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 762.851593][T10038] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 762.893661][T10038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 762.905852][T10038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 762.916069][T10038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 762.927333][T10038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 762.939084][T10038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 762.965359][T10038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 762.979420][T10038] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 763.005334][T10043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 763.038591][T10043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.088139][T10043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 763.131444][T10043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.153055][T10043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 763.167952][T10043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.204058][T10043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 763.217314][T10043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.233942][T10043] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 763.285008][T10038] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 763.310841][T10038] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 763.321134][T10038] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 763.330282][T10038] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 763.401191][T10043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 763.417569][T10043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.433648][T10043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 763.543073][T10293] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1168'. [ 763.560853][T10043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.616032][T10043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 763.719709][T10043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.834542][T10043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 763.940714][T10043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 764.112294][T10043] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 764.297094][T10043] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.334240][T10043] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.351129][T10043] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.366048][T10043] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.572153][T10045] veth0_vlan: entered promiscuous mode [ 764.603933][T10302] netem: incorrect ge model size [ 764.614363][T10302] netem: change failed [ 764.749796][T10045] veth1_vlan: entered promiscuous mode [ 764.820589][ T7144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 764.843422][ T7144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 764.982395][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 765.008687][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 765.138178][ T1065] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 765.165911][ T1065] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 765.185266][T10045] veth0_macvtap: entered promiscuous mode [ 765.318874][T10045] veth1_macvtap: entered promiscuous mode [ 765.364364][ T2528] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 765.384627][ T2528] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 765.429033][T10310] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 765.497609][T10045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.510489][T10045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.530861][T10045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.551306][T10045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.589818][T10045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.609561][T10045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.630585][T10045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.641980][T10045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.666507][T10045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.684658][T10045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.707728][T10045] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 765.762420][T10045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.787444][T10045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.821783][T10045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.839812][T10045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.872286][T10045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.892002][T10045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.935221][T10045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.966845][T10045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.990170][T10045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 766.008972][T10045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.028909][T10045] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 766.089011][T10045] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.109658][T10045] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.126167][T10045] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.139669][T10045] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.408412][ T5296] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 766.443943][T10319] 9pnet_fd: p9_fd_create_tcp (10319): problem binding to privport [ 766.603417][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 766.625000][ T5296] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 766.625903][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 766.655233][ T5296] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 766.688192][ T5296] usb 5-1: Product: syz [ 766.702720][ T5296] usb 5-1: Manufacturer: syz [ 766.718327][ T5296] usb 5-1: SerialNumber: syz [ 766.759230][ T5296] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 766.853221][ T1065] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 766.872883][ T1065] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 766.929046][ T8012] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 767.373360][T10332] netlink: 'syz.2.1125': attribute type 1 has an invalid length. [ 767.416499][T10332] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1125'. [ 768.718411][T10342] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 768.853862][T10342] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 769.052832][T10345] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1180'. [ 770.380377][ C0] hrtimer: interrupt took 16447452 ns [ 773.708459][ T4690] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 773.924744][ T4690] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 773.945048][ T4690] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 773.966126][ T4690] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 773.987707][ T4690] usb 4-1: config 0 descriptor?? [ 774.504151][ T4690] lenovo 0003:17EF:6047.000E: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.3-1/input0 [ 774.684804][ T4690] lenovo 0003:17EF:6047.000E: Failed to switch F7/9/11 mode: -71 [ 774.705891][ T4690] lenovo 0003:17EF:6047.000E: Failed to switch middle button: -71 [ 774.725082][ T4690] lenovo 0003:17EF:6047.000E: Fn-lock setting failed: -71 [ 774.743850][ T4690] lenovo 0003:17EF:6047.000E: Sensitivity setting failed: -71 [ 774.765923][ T4690] usb 4-1: USB disconnect, device number 22 [ 778.342535][ T5260] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 778.356776][ T5260] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 778.367221][ T5260] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 778.377771][ T5260] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 778.389321][ T5260] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 778.398805][ T5260] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 780.478332][ T5260] Bluetooth: hci3: command tx timeout [ 780.687487][ T5261] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 780.714003][ T5261] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 780.724058][ T5261] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 780.733704][ T5261] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 780.743197][ T5261] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 780.753869][ T5261] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 782.169434][ T5260] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 782.185549][ T5260] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 782.196423][ T5260] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 782.206197][ T5260] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 782.214945][ T5260] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 782.223389][ T5260] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 782.327992][ T5261] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 782.340949][ T5261] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 782.353367][ T5261] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 782.363001][ T5261] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 782.371435][ T5261] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 782.389483][ T5261] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 782.538499][ T5260] Bluetooth: hci3: command tx timeout [ 782.859307][ T5260] Bluetooth: hci7: command tx timeout [ 784.300197][ T5260] Bluetooth: hci8: command tx timeout [ 784.459304][ T5260] Bluetooth: hci9: command tx timeout [ 784.618465][ T5260] Bluetooth: hci3: command tx timeout [ 784.943437][ T5260] Bluetooth: hci7: command tx timeout [ 786.387840][ T5260] Bluetooth: hci8: command tx timeout [ 786.512209][ T5261] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 786.532095][ T5261] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 786.540057][ T5250] Bluetooth: hci9: command tx timeout [ 786.608554][ T5261] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 786.620741][ T5261] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 786.634263][ T5261] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 786.653852][ T5261] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 786.698485][ T5261] Bluetooth: hci3: command tx timeout [ 787.024412][ T5261] Bluetooth: hci7: command tx timeout [ 788.458987][ T5261] Bluetooth: hci8: command tx timeout [ 788.622054][ T5261] Bluetooth: hci9: command tx timeout [ 788.699059][ T5261] Bluetooth: hci10: command tx timeout [ 789.115828][ T5261] Bluetooth: hci7: command tx timeout [ 790.552025][ T5261] Bluetooth: hci8: command tx timeout [ 790.708208][ T5261] Bluetooth: hci9: command tx timeout [ 790.781540][ T5261] Bluetooth: hci10: command tx timeout [ 792.859629][ T5261] Bluetooth: hci10: command tx timeout [ 794.943085][ T5261] Bluetooth: hci10: command tx timeout [ 814.889991][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.896374][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 838.979805][ T5260] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 839.002810][ T5260] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 839.019733][ T5260] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 839.030220][ T5260] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 839.038506][ T5260] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 839.047755][ T5260] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 841.105850][ T5260] Bluetooth: hci1: command tx timeout [ 841.190326][ T5250] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 841.208450][ T5250] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 841.227874][ T5250] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 841.236891][ T5250] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 841.245965][ T5250] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 841.255770][ T5250] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 842.232400][ T5250] Bluetooth: hci0: command 0x0406 tx timeout [ 842.802375][ T8873] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 842.815252][ T8873] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 842.831988][ T8873] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 842.843410][ T8873] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 842.853301][ T8873] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 842.878759][ T8873] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 842.889675][ T8873] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 842.897338][ T8873] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 842.909614][ T8873] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 842.917500][ T8873] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 842.925329][ T8873] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 842.933155][ T8873] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 843.178657][ T5260] Bluetooth: hci1: command tx timeout [ 843.348420][ T5260] Bluetooth: hci2: command tx timeout [ 845.100001][ T5260] Bluetooth: hci5: command tx timeout [ 845.107359][ T5260] Bluetooth: hci6: command tx timeout [ 845.258517][ T5260] Bluetooth: hci1: command tx timeout [ 845.418718][ T5260] Bluetooth: hci2: command tx timeout [ 846.620795][ T5261] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 846.632989][ T5261] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 846.643266][ T5261] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 846.655306][ T5261] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 846.666159][ T5261] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 846.673984][ T5261] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 847.178621][ T5260] Bluetooth: hci5: command tx timeout [ 847.188460][ T5261] Bluetooth: hci6: command tx timeout [ 847.338621][ T5261] Bluetooth: hci1: command tx timeout [ 847.498346][ T5261] Bluetooth: hci2: command tx timeout [ 848.798121][ T5261] Bluetooth: hci11: command tx timeout [ 849.270643][ T5261] Bluetooth: hci6: command tx timeout [ 849.276128][ T5261] Bluetooth: hci5: command tx timeout [ 849.598377][ T5261] Bluetooth: hci2: command tx timeout [ 850.868588][ T5261] Bluetooth: hci11: command tx timeout [ 851.338623][ T5260] Bluetooth: hci6: command tx timeout [ 851.344230][ T5261] Bluetooth: hci5: command tx timeout [ 852.953806][ T5261] Bluetooth: hci11: command tx timeout [ 855.028593][ T5261] Bluetooth: hci11: command tx timeout [ 876.733485][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 876.743110][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 899.089832][ T5260] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 899.112031][ T5260] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 899.122109][ T5260] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 899.133873][ T5260] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 899.143592][ T5260] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 899.153307][ T5260] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 901.102866][ T5260] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 901.115255][ T5260] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 901.126002][ T5260] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 901.149201][ T5260] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 901.159737][ T5260] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 901.169132][ T5260] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 901.278221][ T5261] Bluetooth: hci12: command tx timeout [ 903.094801][ T5250] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 903.129999][ T5250] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 903.140990][ T5250] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 903.180596][ T5250] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 903.198904][ T5250] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 903.208765][ T5250] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 903.268380][ T5250] Bluetooth: hci13: command tx timeout [ 903.330287][ T8873] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 903.342744][ T8873] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 903.350238][T10387] Bluetooth: hci12: command tx timeout [ 903.358997][ T8873] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 903.367987][ T8873] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 903.378872][ T8873] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 903.408069][ T8873] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 903.514910][ T8873] Bluetooth: hci3: command 0x0406 tx timeout [ 903.521927][ T5250] Bluetooth: hci7: command 0x0406 tx timeout [ 905.268542][ T5261] Bluetooth: hci14: command tx timeout [ 905.338616][ T5261] Bluetooth: hci13: command tx timeout [ 905.428670][ T5261] Bluetooth: hci12: command tx timeout [ 905.508719][ T5261] Bluetooth: hci15: command tx timeout [ 906.840533][ T8873] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 906.852823][ T8873] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 906.861740][ T8873] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 906.873731][ T8873] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 906.882139][ T8873] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 906.889916][ T8873] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 907.348259][ T8873] Bluetooth: hci14: command tx timeout [ 907.428549][ T8873] Bluetooth: hci13: command tx timeout [ 907.513903][ T8873] Bluetooth: hci12: command tx timeout [ 907.595273][ T8873] Bluetooth: hci15: command tx timeout [ 908.641045][ T5261] Bluetooth: hci8: command 0x0406 tx timeout [ 908.647260][ T8873] Bluetooth: hci9: command 0x0406 tx timeout [ 908.948859][ T8873] Bluetooth: hci16: command tx timeout [ 909.431996][ T5250] Bluetooth: hci14: command tx timeout [ 909.508506][ T5250] Bluetooth: hci13: command tx timeout [ 909.668711][ T5250] Bluetooth: hci15: command tx timeout [ 911.028253][ T5260] Bluetooth: hci16: command tx timeout [ 911.509742][ T5260] Bluetooth: hci14: command tx timeout [ 911.748719][ T8873] Bluetooth: hci15: command tx timeout [ 913.108457][ T8873] Bluetooth: hci16: command tx timeout [ 913.754122][ T8873] Bluetooth: hci10: command 0x0406 tx timeout [ 915.188557][ T5260] Bluetooth: hci16: command tx timeout [ 927.678075][ T30] INFO: task khugepaged:37 blocked for more than 143 seconds. [ 927.709479][ T30] Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0 [ 927.717196][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 927.768151][ T30] task:khugepaged state:D stack:28168 pid:37 tgid:37 ppid:2 flags:0x00004000 [ 927.798661][ T30] Call Trace: [ 927.802001][ T30] [ 927.804967][ T30] __schedule+0xe37/0x5490 [ 927.811571][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 927.816837][ T30] ? hlock_class+0x4e/0x130 [ 927.828196][ T30] ? __pfx___schedule+0x10/0x10 [ 927.833119][ T30] ? schedule+0x298/0x350 [ 927.837497][ T30] ? __pfx_lock_release+0x10/0x10 [ 927.850784][ T30] ? mark_lock+0xb5/0xc60 [ 927.855182][ T30] ? hlock_class+0x4e/0x130 [ 927.862835][ T30] ? __pfx_mark_lock+0x10/0x10 [ 927.867673][ T30] schedule+0xe7/0x350 [ 927.877636][ T30] schedule_timeout+0x258/0x2a0 [ 927.897109][ T30] ? __pfx_schedule_timeout+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 927.928506][ T30] ? mark_held_locks+0x9f/0xe0 [ 927.933354][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 927.958048][ T30] __wait_for_common+0x3de/0x5f0 [ 927.978648][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 927.984098][ T30] ? __pfx___wait_for_common+0x10/0x10 [ 928.013539][ T30] ? touch_wq_lockdep_map+0x6e/0x120 [ 928.058167][ T30] __flush_work+0x5bd/0xc60 [ 928.064396][ T30] ? __pfx___flush_work+0x10/0x10 [ 928.178101][ T30] ? __pfx_lock_release+0x10/0x10 [ 928.183236][ T30] ? __pfx_wq_barrier_func+0x10/0x10 [ 928.223034][ T30] ? mark_held_locks+0x9f/0xe0 [ 928.227905][ T30] ? __pfx___might_resched+0x10/0x10 [ 928.234243][ T30] ? queue_work_on+0xc6/0x140 [ 928.249841][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 928.255197][ T30] __lru_add_drain_all+0x52c/0x740 [ 928.270667][ T30] khugepaged+0x108/0x1600 [ 928.275174][ T30] ? __pfx_khugepaged+0x10/0x10 [ 928.283532][ T30] ? __kthread_parkme+0xb7/0x220 [ 928.293024][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 928.304696][ T30] ? __kthread_parkme+0x148/0x220 [ 928.335844][ T30] ? __pfx_khugepaged+0x10/0x10 [ 928.343491][ T30] kthread+0x2c1/0x3a0 [ 928.347616][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 928.363237][ T30] ? __pfx_kthread+0x10/0x10 [ 928.373449][ T30] ret_from_fork+0x45/0x80 [ 928.377961][ T30] ? __pfx_kthread+0x10/0x10 [ 928.382995][ T30] ret_from_fork_asm+0x1a/0x30 [ 928.387835][ T30] [ 928.402584][ T30] [ 928.402584][ T30] Showing all locks held in the system: [ 928.412730][ T30] 1 lock held by khungtaskd/30: [ 928.417627][ T30] #0: ffffffff8ddb5ce0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 928.433656][ T30] 1 lock held by khugepaged/37: [ 928.441836][ T30] #0: ffffffff8ded4cc8 (lock#3){+.+.}-{3:3}, at: __lru_add_drain_all+0x69/0x740 [ 928.466454][ T30] 3 locks held by kworker/u8:3/52: [ 928.485349][ T30] #0: ffff88802b2f0148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 928.528241][ T30] #1: ffffc90000bd7d80 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 928.543865][ T30] #2: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x12/0x30 [ 928.563307][ T30] 4 locks held by kworker/u8:7/1101: [ 928.569138][ T30] #0: ffff8880166e3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 928.589952][ T30] #1: ffffc90004247d80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 928.624761][ T30] #2: ffffffff8fa0c6d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xbb/0xbf0 [ 928.636667][ T30] #3: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1b/0x230 [ 928.672127][ T30] 3 locks held by kworker/u8:11/2528: [ 928.680270][ T30] #0: ffff888015889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 928.704211][ T30] #1: ffffc900091d7d80 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 928.717511][ T30] #2: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0x51/0xc0 [ 928.734840][ T30] 3 locks held by kworker/1:3/4690: [ 928.740676][ T30] #0: ffff888015881948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 928.753332][ T30] #1: ffffc900020ffd80 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 928.773043][ T30] #2: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x84/0x1140 [ 928.785838][ T30] 2 locks held by getty/4980: [ 928.824842][ T30] #0: ffff88802b7a60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 928.848227][ T30] #1: ffffc90002ef62f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc8/0x1490 [ 928.878207][ T30] 5 locks held by kworker/0:3/5296: [ 928.888562][ T30] 2 locks held by kworker/0:7/8012: [ 928.893907][ T30] 6 locks held by syz.0.1178/10334: [ 928.988090][ T30] 1 lock held by syz.2.1179/10341: [ 928.993273][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x250 [ 929.029316][ T30] 1 lock held by syz.1.1180/10345: [ 929.034493][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x250 [ 929.057778][ T30] 2 locks held by syz.4.1182/10350: [ 929.067034][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x250 [ 929.081810][ T30] #1: ffffffff8dc59a90 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x53b/0x1e40 [ 929.103150][ T30] 1 lock held by syz-executor/10354: [ 929.115082][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.146557][ T30] 1 lock held by syz-executor/10359: [ 929.189545][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.226489][ T30] 1 lock held by syz-executor/10361: [ 929.240190][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.254924][ T30] 1 lock held by syz-executor/10363: [ 929.263269][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.278046][ T30] 1 lock held by syz-executor/10366: [ 929.283383][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.328622][ T30] 1 lock held by syz-executor/10376: [ 929.334090][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.356844][ T30] 1 lock held by syz-executor/10381: [ 929.362614][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.380499][ T30] 1 lock held by syz-executor/10383: [ 929.385941][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.406281][ T30] 1 lock held by syz-executor/10384: [ 929.417603][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.428922][ T30] 1 lock held by syz-executor/10389: [ 929.434256][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.452874][ T30] 1 lock held by syz-executor/10392: [ 929.460492][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.486239][ T30] 1 lock held by syz-executor/10395: [ 929.495923][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.519096][ T30] 1 lock held by syz-executor/10399: [ 929.524653][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.538044][ T30] 1 lock held by syz-executor/10401: [ 929.543395][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.571680][ T30] 1 lock held by syz-executor/10404: [ 929.577927][ T30] #0: ffffffff8fa21e28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 929.598882][ T30] [ 929.601255][ T30] ============================================= [ 929.601255][ T30] [ 929.617925][ T30] NMI backtrace for cpu 1 [ 929.622303][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0 [ 929.632849][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 929.642956][ T30] Call Trace: [ 929.646265][ T30] [ 929.649225][ T30] dump_stack_lvl+0x116/0x1f0 [ 929.653974][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 929.658962][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 929.665003][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 929.671040][ T30] watchdog+0xf4e/0x1280 [ 929.675344][ T30] ? __pfx_watchdog+0x10/0x10 [ 929.680159][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 929.685403][ T30] ? __kthread_parkme+0x148/0x220 [ 929.690527][ T30] ? __pfx_watchdog+0x10/0x10 [ 929.695257][ T30] kthread+0x2c1/0x3a0 [ 929.699372][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 929.705053][ T30] ? __pfx_kthread+0x10/0x10 [ 929.709683][ T30] ret_from_fork+0x45/0x80 [ 929.714162][ T30] ? __pfx_kthread+0x10/0x10 [ 929.718798][ T30] ret_from_fork_asm+0x1a/0x30 [ 929.723624][ T30] [ 929.729109][ T30] Sending NMI from CPU 1 to CPUs 0: [ 929.741326][ C0] NMI backtrace for cpu 0 [ 929.741341][ C0] CPU: 0 UID: 0 PID: 10334 Comm: syz.0.1178 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0 [ 929.741374][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 929.741389][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x0/0x20 [ 929.741434][ C0] Code: 0c 24 89 f2 89 fe bf 05 00 00 00 e9 2a fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 0c 24 48 89 f2 48 89 fe bf 07 00 00 00 e9 f8 fd [ 929.741461][ C0] RSP: 0018:ffffc90000006a98 EFLAGS: 00000046 [ 929.741481][ C0] RAX: ffffffff8b11b45a RBX: ffffffff8b11b45a RCX: ffffffff813cd8b7 [ 929.741500][ C0] RDX: ffff88807a6bda00 RSI: ffffffff8b11b45a RDI: 0000000000000000 [ 929.741517][ C0] RBP: ffffc90000006b38 R08: 0000000000000005 R09: 0000000000000000 [ 929.741533][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc90000006aa8 [ 929.741550][ C0] R13: ffffffff81761520 R14: ffffc90000006b68 R15: ffff88807a6bda00 [ 929.741568][ C0] FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 929.741593][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 929.741612][ C0] CR2: 0000001b2dd0aff8 CR3: 000000000db7c000 CR4: 00000000003506f0 [ 929.741629][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 929.741645][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 929.741661][ C0] Call Trace: [ 929.741669][ C0] [ 929.741677][ C0] ? show_regs+0x8c/0xa0 [ 929.741718][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 929.741753][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 929.741791][ C0] ? nmi_handle+0x1a9/0x5c0 [ 929.741816][ C0] ? __pfx___sanitizer_cov_trace_const_cmp8+0x10/0x10 [ 929.741854][ C0] ? default_do_nmi+0x6a/0x160 [ 929.741896][ C0] ? exc_nmi+0x170/0x1e0 [ 929.741918][ C0] ? end_repeat_nmi+0xf/0x53 [ 929.741941][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 929.741969][ C0] ? do_syscall_64+0xda/0x250 [ 929.742003][ C0] ? do_syscall_64+0xda/0x250 [ 929.742043][ C0] ? unwind_get_return_address+0x87/0xe0 [ 929.742070][ C0] ? do_syscall_64+0xda/0x250 [ 929.742103][ C0] ? __pfx___sanitizer_cov_trace_const_cmp8+0x10/0x10 [ 929.742141][ C0] ? __pfx___sanitizer_cov_trace_const_cmp8+0x10/0x10 [ 929.742180][ C0] ? __pfx___sanitizer_cov_trace_const_cmp8+0x10/0x10 [ 929.742218][ C0] [ 929.742226][ C0] [ 929.742234][ C0] arch_stack_walk+0xce/0x170 [ 929.742264][ C0] ? do_syscall_64+0xda/0x250 [ 929.742298][ C0] stack_trace_save+0x95/0xd0 [ 929.742323][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 929.742349][ C0] ? hlock_class+0x4e/0x130 [ 929.742400][ C0] ? __lock_acquire+0x1620/0x3cb0 [ 929.742431][ C0] kasan_save_stack+0x33/0x60 [ 929.742459][ C0] ? kasan_save_stack+0x33/0x60 [ 929.742486][ C0] ? kasan_save_track+0x14/0x30 [ 929.742513][ C0] ? __kasan_kmalloc+0xaa/0xb0 [ 929.742539][ C0] ? dummy_urb_enqueue+0x8d/0x8a0 [ 929.742563][ C0] ? usb_hcd_submit_urb+0x2d1/0x2090 [ 929.742590][ C0] ? usb_submit_urb+0x87c/0x1730 [ 929.742620][ C0] ? ath9k_hif_usb_rx_cb+0xb53/0x16a0 [ 929.742654][ C0] ? __usb_hcd_giveback_urb+0x389/0x6e0 [ 929.742678][ C0] ? usb_hcd_giveback_urb+0x396/0x450 [ 929.742703][ C0] ? dummy_timer+0x17c3/0x38d0 [ 929.742726][ C0] ? __hrtimer_run_queues+0x20c/0xcc0 [ 929.742763][ C0] ? hrtimer_interrupt+0x31b/0x800 [ 929.742820][ C0] ? __sysvec_apic_timer_interrupt+0x10f/0x450 [ 929.742846][ C0] ? sysvec_apic_timer_interrupt+0x43/0xb0 [ 929.742876][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 929.742918][ C0] ? write_comp_data+0x24/0x90 [ 929.742950][ C0] ? unwind_next_frame+0x46/0x23a0 [ 929.742975][ C0] ? arch_stack_walk+0x100/0x170 [ 929.743001][ C0] ? stack_trace_save+0x95/0xd0 [ 929.743025][ C0] ? kasan_save_stack+0x33/0x60 [ 929.743057][ C0] ? kasan_save_track+0x14/0x30 [ 929.743085][ C0] ? kasan_save_free_info+0x3b/0x60 [ 929.743125][ C0] ? poison_slab_object+0xf7/0x160 [ 929.743153][ C0] ? __kasan_slab_free+0x32/0x50 [ 929.743183][ C0] ? kmem_cache_free+0x12f/0x3a0 [ 929.743210][ C0] ? skb_free_head+0x18a/0x1d0 [ 929.743248][ C0] ? skb_release_data+0x75c/0x980 [ 929.743272][ C0] ? consume_skb+0xd0/0x170 [ 929.743298][ C0] ? mac80211_hwsim_tx_frame+0x1f3/0x2a0 [ 929.743338][ C0] ? mac80211_hwsim_beacon_tx+0x592/0xa00 [ 929.743364][ C0] ? __iterate_interfaces+0x2d0/0x5d0 [ 929.743417][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 929.743458][ C0] ? mac80211_hwsim_beacon+0x105/0x200 [ 929.743494][ C0] ? __hrtimer_run_queues+0x20c/0xcc0 [ 929.743531][ C0] ? hrtimer_run_softirq+0x17d/0x350 [ 929.743569][ C0] ? handle_softirqs+0x216/0x8f0 [ 929.743606][ C0] ? irq_exit_rcu+0xbb/0x120 [ 929.743643][ C0] ? sysvec_apic_timer_interrupt+0x95/0xb0 [ 929.743673][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 929.743716][ C0] ? lock_release+0x170/0x6f0 [ 929.743757][ C0] ? _raw_spin_unlock+0x16/0x50 [ 929.743785][ C0] ? unmap_page_range+0xbb8/0x3c10 [ 929.743832][ C0] ? unmap_single_vma+0x194/0x2b0 [ 929.743861][ C0] ? unmap_vmas+0x22f/0x490 [ 929.743889][ C0] ? exit_mmap+0x1b8/0xb20 [ 929.743922][ C0] ? __mmput+0x12a/0x480 [ 929.743958][ C0] ? mmput+0x62/0x70 [ 929.743993][ C0] ? do_exit+0x9bf/0x2bb0 [ 929.744019][ C0] ? do_group_exit+0xd3/0x2a0 [ 929.744051][ C0] ? get_signal+0x25fd/0x2770 [ 929.744089][ C0] ? arch_do_signal_or_restart+0x90/0x7e0 [ 929.744123][ C0] ? syscall_exit_to_user_mode+0x150/0x2a0 [ 929.744159][ C0] kasan_save_track+0x14/0x30 [ 929.744188][ C0] __kasan_kmalloc+0xaa/0xb0 [ 929.744217][ C0] dummy_urb_enqueue+0x8d/0x8a0 [ 929.744254][ C0] ? usb_hcd_map_urb_for_dma+0x39e/0x1190 [ 929.744283][ C0] usb_hcd_submit_urb+0x2d1/0x2090 [ 929.744331][ C0] ? __pfx_usb_hcd_submit_urb+0x10/0x10 [ 929.744372][ C0] ? lock_acquire+0x1b1/0x560 [ 929.744420][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 929.744451][ C0] ? find_held_lock+0x2d/0x110 [ 929.744491][ C0] ? ath9k_hif_usb_rx_cb+0xb46/0x16a0 [ 929.744526][ C0] usb_submit_urb+0x87c/0x1730 [ 929.744560][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 929.744610][ C0] ath9k_hif_usb_rx_cb+0xb53/0x16a0 [ 929.744645][ C0] ? find_held_lock+0x2d/0x110 [ 929.744684][ C0] ? usb_unanchor_urb+0x93/0xc0 [ 929.744713][ C0] ? __pfx_ath9k_hif_usb_rx_cb+0x10/0x10 [ 929.744749][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 929.744785][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 929.744817][ C0] __usb_hcd_giveback_urb+0x389/0x6e0 [ 929.744845][ C0] usb_hcd_giveback_urb+0x396/0x450 [ 929.744872][ C0] dummy_timer+0x17c3/0x38d0 [ 929.744897][ C0] ? debug_object_deactivate+0x1f0/0x370 [ 929.744932][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 929.744965][ C0] ? __hrtimer_run_queues+0x5a7/0xcc0 [ 929.745002][ C0] ? __pfx_lock_release+0x10/0x10 [ 929.745037][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 929.745061][ C0] ? timerqueue_del+0x83/0x150 [ 929.745091][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 929.745115][ C0] __hrtimer_run_queues+0x20c/0xcc0 [ 929.745155][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 929.745192][ C0] ? ktime_get_update_offsets_now+0x201/0x310 [ 929.745225][ C0] hrtimer_interrupt+0x31b/0x800 [ 929.745267][ C0] __sysvec_apic_timer_interrupt+0x10f/0x450 [ 929.745293][ C0] sysvec_apic_timer_interrupt+0x43/0xb0 [ 929.745323][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 929.745365][ C0] RIP: 0010:write_comp_data+0x24/0x90 [ 929.745399][ C0] Code: 90 90 90 90 90 90 49 89 d2 49 89 f8 49 89 f1 65 48 8b 15 2f 5e 79 7e 65 8b 05 30 5e 79 7e a9 00 01 ff 00 74 1d f6 c4 01 74 67 00 00 0f 00 75 60 a9 00 00 f0 00 75 59 8b 82 1c 16 00 00 85 c0 [ 929.745424][ C0] RSP: 0018:ffffc90000007718 EFLAGS: 00000202 [ 929.745442][ C0] RAX: 0000000000000101 RBX: ffffc900000077a0 RCX: ffffffff813cdf46 [ 929.745459][ C0] RDX: ffff88807a6bda00 RSI: 0000000000000000 RDI: 0000000000000005 [ 929.745475][ C0] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 929.745491][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc900000077a0 [ 929.745507][ C0] R13: ffffffff81761520 R14: ffffc90000007860 R15: ffff88807a6bda00 [ 929.745526][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 929.745554][ C0] ? unwind_next_frame+0x46/0x23a0 [ 929.745580][ C0] unwind_next_frame+0x46/0x23a0 [ 929.745605][ C0] ? _raw_spin_unlock+0x16/0x50 [ 929.745632][ C0] ? unmap_page_range+0xbb8/0x3c10 [ 929.745660][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 929.745687][ C0] arch_stack_walk+0x100/0x170 [ 929.745715][ C0] ? unmap_page_range+0xbb8/0x3c10 [ 929.745744][ C0] ? skb_free_head+0x18a/0x1d0 [ 929.745780][ C0] stack_trace_save+0x95/0xd0 [ 929.745805][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 929.745830][ C0] ? hlock_class+0x4e/0x130 [ 929.745868][ C0] ? __pfx_mark_lock+0x10/0x10 [ 929.745896][ C0] ? mark_lock+0xb5/0xc60 [ 929.745924][ C0] kasan_save_stack+0x33/0x60 [ 929.745951][ C0] ? kasan_save_stack+0x33/0x60 [ 929.745978][ C0] ? kasan_save_track+0x14/0x30 [ 929.746005][ C0] ? kasan_save_free_info+0x3b/0x60 [ 929.746049][ C0] ? poison_slab_object+0xf7/0x160 [ 929.746076][ C0] ? __kasan_slab_free+0x32/0x50 [ 929.746104][ C0] ? kmem_cache_free+0x12f/0x3a0 [ 929.746131][ C0] ? skb_free_head+0x18a/0x1d0 [ 929.746166][ C0] ? skb_release_data+0x75c/0x980 [ 929.746190][ C0] ? consume_skb+0xd0/0x170 [ 929.746214][ C0] ? mac80211_hwsim_tx_frame+0x1f3/0x2a0 [ 929.746241][ C0] ? mac80211_hwsim_beacon_tx+0x592/0xa00 [ 929.746285][ C0] ? __iterate_interfaces+0x2d0/0x5d0 [ 929.746319][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 929.746360][ C0] ? mac80211_hwsim_beacon+0x105/0x200 [ 929.746396][ C0] ? __hrtimer_run_queues+0x20c/0xcc0 [ 929.746434][ C0] ? hrtimer_run_softirq+0x17d/0x350 [ 929.746471][ C0] ? handle_softirqs+0x216/0x8f0 [ 929.746508][ C0] ? irq_exit_rcu+0xbb/0x120 [ 929.746545][ C0] ? sysvec_apic_timer_interrupt+0x95/0xb0 [ 929.746575][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 929.746616][ C0] ? lock_release+0x170/0x6f0 [ 929.746646][ C0] ? _raw_spin_unlock+0x16/0x50 [ 929.746673][ C0] ? unmap_page_range+0xbb8/0x3c10 [ 929.746712][ C0] kasan_save_track+0x14/0x30 [ 929.746740][ C0] kasan_save_free_info+0x3b/0x60 [ 929.746781][ C0] poison_slab_object+0xf7/0x160 [ 929.746811][ C0] __kasan_slab_free+0x32/0x50 [ 929.746842][ C0] kmem_cache_free+0x12f/0x3a0 [ 929.746870][ C0] ? skb_free_head+0x18a/0x1d0 [ 929.746909][ C0] skb_free_head+0x18a/0x1d0 [ 929.746948][ C0] skb_release_data+0x75c/0x980 [ 929.746974][ C0] ? mac80211_hwsim_tx_frame+0x1f3/0x2a0 [ 929.747001][ C0] ? rcu_is_watching+0x12/0xc0 [ 929.747040][ C0] consume_skb+0xd0/0x170 [ 929.747067][ C0] mac80211_hwsim_tx_frame+0x1f3/0x2a0 [ 929.747096][ C0] mac80211_hwsim_beacon_tx+0x592/0xa00 [ 929.747126][ C0] ? find_held_lock+0x2d/0x110 [ 929.747167][ C0] __iterate_interfaces+0x2d0/0x5d0 [ 929.747202][ C0] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 929.747232][ C0] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 929.747260][ C0] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 929.747298][ C0] ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 929.747341][ C0] mac80211_hwsim_beacon+0x105/0x200 [ 929.747380][ C0] __hrtimer_run_queues+0x20c/0xcc0 [ 929.747421][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 929.747478][ C0] ? ktime_get_update_offsets_now+0x201/0x310 [ 929.747510][ C0] hrtimer_run_softirq+0x17d/0x350 [ 929.747548][ C0] handle_softirqs+0x216/0x8f0 [ 929.747586][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 929.747625][ C0] irq_exit_rcu+0xbb/0x120 [ 929.747661][ C0] sysvec_apic_timer_interrupt+0x95/0xb0 [ 929.747691][ C0] [ 929.747699][ C0] [ 929.747706][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 929.747747][ C0] RIP: 0010:lock_release+0x170/0x6f0 [ 929.747778][ C0] Code: f6 0f 85 8e 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 80 3c 02 00 0f 85 fa 04 00 00 49 81 3c 24 a0 51 26 93 <0f> 84 65 02 00 00 9c 8f 04 24 fa 48 c7 c7 c0 c7 4c 8b e8 39 b5 a9 [ 929.747802][ C0] RSP: 0018:ffffc900032675c0 EFLAGS: 00000287 [ 929.747820][ C0] RAX: dffffc0000000000 RBX: 1ffff9200064ceba RCX: ffffffff81686999 [ 929.747836][ C0] RDX: 1ffff1100fd6399b RSI: 0000000000000000 RDI: ffff88807a6be4dc [ 929.747853][ C0] RBP: ffffffff90130ef8 R08: 0000000000000000 R09: fffffbfff2025bc3 [ 929.747869][ C0] R10: ffffffff9012de1f R11: 0000000000000000 R12: ffff88807eb1ccd8 [ 929.747886][ C0] R13: dffffc0000000000 R14: ffff88807a6bda00 R15: 00007f69965da000 [ 929.747906][ C0] ? lock_release+0xa9/0x6f0 [ 929.747937][ C0] ? unmap_page_range+0xbb8/0x3c10 [ 929.747966][ C0] ? __pfx_lock_release+0x10/0x10 [ 929.747997][ C0] ? __mod_node_page_state+0xde/0x1d0 [ 929.748049][ C0] _raw_spin_unlock+0x16/0x50 [ 929.748082][ C0] unmap_page_range+0xbb8/0x3c10 [ 929.748123][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 929.748160][ C0] ? uprobe_munmap+0x20/0x5d0 [ 929.748205][ C0] unmap_single_vma+0x194/0x2b0 [ 929.748243][ C0] unmap_vmas+0x22f/0x490 [ 929.748277][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 929.748307][ C0] ? __pfx_lock_release+0x10/0x10 [ 929.748341][ C0] exit_mmap+0x1b8/0xb20 [ 929.748376][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 929.748417][ C0] __mmput+0x12a/0x480 [ 929.748453][ C0] mmput+0x62/0x70 [ 929.748488][ C0] do_exit+0x9bf/0x2bb0 [ 929.748515][ C0] ? get_signal+0x8f2/0x2770 [ 929.748551][ C0] ? __pfx_do_exit+0x10/0x10 [ 929.748577][ C0] ? do_raw_spin_lock+0x12d/0x2c0 [ 929.748611][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 929.748648][ C0] do_group_exit+0xd3/0x2a0 [ 929.748676][ C0] get_signal+0x25fd/0x2770 [ 929.748714][ C0] ? __pfx___schedule+0x10/0x10 [ 929.748743][ C0] ? up_write+0x209/0x520 [ 929.748775][ C0] ? __pfx_get_signal+0x10/0x10 [ 929.748813][ C0] ? vm_mmap_pgoff+0xf2/0x360 [ 929.748847][ C0] arch_do_signal_or_restart+0x90/0x7e0 [ 929.748880][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 929.748915][ C0] ? vm_mmap_pgoff+0x275/0x360 [ 929.748947][ C0] ? ksys_mmap_pgoff+0x85/0x5d0 [ 929.748980][ C0] syscall_exit_to_user_mode+0x150/0x2a0 [ 929.749013][ C0] do_syscall_64+0xda/0x250 [ 929.749051][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 929.749090][ C0] RIP: 0033:0x7f6997f79a33 [ 929.749108][ C0] Code: Unable to access opcode bytes at 0x7f6997f79a09. [ 929.749118][ C0] RSP: 002b:00007ffedaeb4d58 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 929.749141][ C0] RAX: 00007f69979df000 RBX: 00007f69962006c0 RCX: 00007f6997f79a33 [ 929.749158][ C0] RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000 [ 929.749174][ C0] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 929.749190][ C0] R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffedaeb4eb0 [ 929.749206][ C0] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 929.749226][ C0] [ 931.301323][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 931.308238][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0 [ 931.318972][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 931.329066][ T30] Call Trace: [ 931.332377][ T30] [ 931.335341][ T30] dump_stack_lvl+0x3d/0x1f0 [ 931.339997][ T30] panic+0x6f5/0x7a0 [ 931.343941][ T30] ? __pfx_panic+0x10/0x10 [ 931.348404][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 931.353828][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 931.359867][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 931.365284][ T30] ? watchdog+0xd8a/0x1280 [ 931.369753][ T30] ? watchdog+0xd7d/0x1280 [ 931.374310][ T30] watchdog+0xd9b/0x1280 [ 931.378615][ T30] ? __pfx_watchdog+0x10/0x10 [ 931.383348][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 931.388595][ T30] ? __kthread_parkme+0x148/0x220 [ 931.393689][ T30] ? __pfx_watchdog+0x10/0x10 [ 931.398419][ T30] kthread+0x2c1/0x3a0 [ 931.402530][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 931.407865][ T30] ? __pfx_kthread+0x10/0x10 [ 931.412676][ T30] ret_from_fork+0x45/0x80 [ 931.417153][ T30] ? __pfx_kthread+0x10/0x10 [ 931.421790][ T30] ret_from_fork_asm+0x1a/0x30 [ 931.426615][ T30] [ 931.435282][ T30] Kernel Offset: disabled [ 931.439656][ T30] Rebooting in 86400 seconds..