last executing test programs: 7m31.813838633s ago: executing program 3 (id=37): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080)={0xed, 0x0, 0x90000001}) 7m31.793077399s ago: executing program 3 (id=38): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000180)) write$dsp(0xffffffffffffffff, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$dsp(0xffffffffffffffff, &(0x7f0000000200)="dce480febb0ccd0bcb66ade3495e87b440e5afdc984cc06eb1c91c85a7fec04b2f82e267c1edd1543b79d80c0f949073bdbaa464c040e61ea6e658101100101097a5821b6c0c79d177b96995281707ce6d20a6db", 0x54) write$dsp(0xffffffffffffffff, &(0x7f0000000080)="cd", 0x1) r4 = syz_open_procfs(0x0, &(0x7f0000000680)='net/tcp6\x00') preadv2(r4, &(0x7f0000000380)=[{&(0x7f0000000240)=""/151, 0x97}], 0x1, 0x91, 0x9861, 0x0) ioctl$sock_ax25_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, 0x1, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0xfffffffffffffdf7) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x224}) timer_create(0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0) r6 = mmap$IORING_OFF_SQES(&(0x7f00008ae000/0x4000)=nil, 0x4000, 0x2, 0x4000010, 0xffffffffffffffff, 0x10000000) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000240)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x9e81c3e996f23c95, 0x1, r0, 0x0, 0x0, 0x0, 0x2000, 0x1, {0x2, r7}}) 7m31.121558762s ago: executing program 3 (id=39): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) pipe(&(0x7f0000000080)) socket$key(0xf, 0x3, 0x2) socket$inet_icmp(0x2, 0x2, 0x1) socket$alg(0x26, 0x5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x200000000000011, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) pipe(&(0x7f00000001c0)) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0xfffffc00) 7m30.813606101s ago: executing program 3 (id=41): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f00000000c0)={0x1, 0x100000001, 0x20000005, 0x1, 0x6}) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x36, &(0x7f0000000280)=[{0x2, 0xa6, 0x2, 0x3}, {0x2, 0x8, 0x8, 0xfffc}, {0xaee, 0x2, 0xac, 0x1000}, {0x40, 0xaf, 0x5, 0x2}, {0x6, 0x80, 0x0, 0x2}, {0x0, 0x3, 0x5, 0x9}]}, 0x10) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000480)={'sit0\x00', &(0x7f0000000440)={'syztnl1\x00', 0x0, 0x1, 0x7, 0xb, 0xffffffff, {{0x6, 0x4, 0x2, 0x9, 0x18, 0x67, 0x0, 0x9, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x21}, @remote, {[@end]}}}}}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r3, 0x0) ftruncate(r3, 0xc17a) mbind(&(0x7f0000673000/0x1000)=nil, 0x1000, 0x3, &(0x7f00000009c0)=0x7, 0x3, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) r4 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000100)={'gretap0\x00', r2, 0x7, 0x20, 0xde, 0x4, {{0x10, 0x4, 0x3, 0x3f, 0x40, 0x66, 0x0, 0x2, 0x2f, 0x0, @multicast2, @private=0xa0100fe, {[@lsrr={0x83, 0x27, 0xec, [@multicast2, @dev={0xac, 0x14, 0x14, 0x21}, @rand_addr=0x64010101, @loopback, @empty, @dev={0xac, 0x14, 0x14, 0xb}, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101]}, @noop, @noop]}}}}}) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) syz_open_dev$sg(&(0x7f0000000400), 0x6, 0x248401) userfaultfd(0x800) keyctl$link(0x8, 0x0, 0xfffffffffffffffc) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000180)='hugetlbfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file1\x00') r7 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x300, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000180)={0x0, @initdev, @empty}, &(0x7f00000001c0)=0xc) getpeername$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000240)=0x14) sendmsg$ETHTOOL_MSG_WOL_GET(r1, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x9c, 0x0, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}]}, 0x9c}}, 0x4) 7m30.499639839s ago: executing program 3 (id=42): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) chdir(0x0) syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x82) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$amidi(0x0, 0x2, 0x180) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x40045731, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x48000) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000f80)=@abs={0x1, 0x0, 0x4e20}, 0x6e) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000000c000000bca30000000000002403000020feffff620af8fff8ffffff71a4f8ff000000001f03000000000000e5000200000000002604fdffff02000014010000033800001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000500)=ANY=[@ANYBLOB="180800000000ffffffc000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 7m29.074115297s ago: executing program 3 (id=47): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000180)) write$dsp(0xffffffffffffffff, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$dsp(0xffffffffffffffff, &(0x7f0000000200)="dce480febb0ccd0bcb66ade3495e87b440e5afdc984cc06eb1c91c85a7fec04b2f82e267c1edd1543b79d80c0f949073bdbaa464c040e61ea6e658101100101097a5821b6c0c79d177b96995281707ce6d20a6db", 0x54) write$dsp(0xffffffffffffffff, &(0x7f0000000080)="cd", 0x1) r4 = syz_open_procfs(0x0, &(0x7f0000000680)='net/tcp6\x00') preadv2(r4, &(0x7f0000000380)=[{&(0x7f0000000240)=""/151, 0x97}], 0x1, 0x91, 0x9861, 0x0) ioctl$sock_ax25_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, 0x1, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0xfffffffffffffdf7) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x224}) timer_create(0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0) syz_io_uring_setup(0x1498, &(0x7f0000000400)={0x0, 0x2924, 0x40, 0x1, 0x15d}, &(0x7f0000000100)=0x0, &(0x7f0000000200)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000240)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x9e81c3e996f23c95, 0x1, r0, 0x0, 0x0, 0x0, 0x2000, 0x1, {0x2, r7}}) 7m28.615242804s ago: executing program 32 (id=47): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000180)) write$dsp(0xffffffffffffffff, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$dsp(0xffffffffffffffff, &(0x7f0000000200)="dce480febb0ccd0bcb66ade3495e87b440e5afdc984cc06eb1c91c85a7fec04b2f82e267c1edd1543b79d80c0f949073bdbaa464c040e61ea6e658101100101097a5821b6c0c79d177b96995281707ce6d20a6db", 0x54) write$dsp(0xffffffffffffffff, &(0x7f0000000080)="cd", 0x1) r4 = syz_open_procfs(0x0, &(0x7f0000000680)='net/tcp6\x00') preadv2(r4, &(0x7f0000000380)=[{&(0x7f0000000240)=""/151, 0x97}], 0x1, 0x91, 0x9861, 0x0) ioctl$sock_ax25_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, 0x1, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0xfffffffffffffdf7) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x224}) timer_create(0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0) syz_io_uring_setup(0x1498, &(0x7f0000000400)={0x0, 0x2924, 0x40, 0x1, 0x15d}, &(0x7f0000000100)=0x0, &(0x7f0000000200)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000240)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x9e81c3e996f23c95, 0x1, r0, 0x0, 0x0, 0x0, 0x2000, 0x1, {0x2, r7}}) 1m42.362369597s ago: executing program 4 (id=1066): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000002480), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) rename(0x0, &(0x7f0000000140)='./file0\x00') setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x2, 0x1}, 0x20) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000009440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x14, r2, 0xf691975171ad3b89, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004050) 1m16.4551283s ago: executing program 4 (id=1066): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000002480), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) rename(0x0, &(0x7f0000000140)='./file0\x00') setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x2, 0x1}, 0x20) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000009440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x14, r2, 0xf691975171ad3b89, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004050) 1m2.737618698s ago: executing program 4 (id=1066): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000002480), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) rename(0x0, &(0x7f0000000140)='./file0\x00') setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x2, 0x1}, 0x20) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000009440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x14, r2, 0xf691975171ad3b89, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004050) 41.606499886s ago: executing program 4 (id=1066): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000002480), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) rename(0x0, &(0x7f0000000140)='./file0\x00') setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x2, 0x1}, 0x20) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000009440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x14, r2, 0xf691975171ad3b89, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004050) 26.263013989s ago: executing program 4 (id=1066): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000002480), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) rename(0x0, &(0x7f0000000140)='./file0\x00') setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x2, 0x1}, 0x20) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000009440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x14, r2, 0xf691975171ad3b89, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004050) 10.20566312s ago: executing program 1 (id=1556): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$alg(0x26, 0x5, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)=0x34) syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) syz_open_dev$tty1(0xc, 0x4, 0x2) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bind$rds(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@mask_cswp={0x58, 0x114, 0x9, {{0xe, 0x7}, &(0x7f0000000140)=0x6, 0x0, 0x6, 0x2, 0x7ff, 0x4, 0x22, 0xfffffffffffffffa}}], 0x58, 0x8004}, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000) sendmsg$kcm(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000740)=[{0x0}], 0x1}, 0x40010) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000080ffffff00000000000000ac1e000100000000000000000000000000000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100"], 0x188}}, 0x0) 9.209437264s ago: executing program 1 (id=1559): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10001, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x3, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) r3 = signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r4 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) read$FUSE(r3, &(0x7f0000006380)={0x2020}, 0x2020) fallocate(r4, 0x0, 0x400000000000000, 0x5) r5 = userfaultfd(0x80801) socket$netlink(0x10, 0x3, 0x8) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000100)={0xfffffffc, 0x1, 0xffffffff, 0x0, 0x7, "ff00"}) syz_open_pts(r6, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r5, 0x80189439, &(0x7f00000000c0)) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r7, 0x0, 0x0, 0x0) shutdown(r7, 0x1) getpgid(r1) sendmmsg(0xffffffffffffffff, &(0x7f000000b0c0)=[{{&(0x7f0000000280)=@ieee802154={0x24, @short={0x2, 0x0, 0xaaa0}}, 0x80, 0x0, 0x13}}], 0x1, 0x20040080) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) socket$nl_netfilter(0x10, 0x3, 0xc) 8.661045392s ago: executing program 5 (id=1561): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005f80)=@newtfilter={0x90, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x58, 0x2, [@TCA_FLOW_ACT={0x54, 0x9, 0x0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x20000001, 0x4, 0x2}, 0x1, r3}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}, @TCA_RATE={0x5, 0x5, {0xff, 0x5}}]}, 0x90}, 0x1, 0x200000000000000}, 0x0) 7.99443295s ago: executing program 1 (id=1564): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffff7}, 0x21}}]}, {0x4}, {0xc, 0x7, {0x0, 0xfffff000}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 7.9605126s ago: executing program 5 (id=1566): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socket$kcm(0x10, 0x2, 0x0) dup(0xffffffffffffffff) mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000140)='zonefs\x00', 0x0, 0x0) 7.811801486s ago: executing program 5 (id=1569): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f192ff0006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_SETUP={0x10, 0x70, [@NL80211_MESH_SETUP_USERSPACE_MPM={0x4}, @NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC={0x5}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x8004}, 0x0) 7.450184707s ago: executing program 5 (id=1571): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000cf8bed20d957250040290000e65a090212001f000000000904000000cafb1a00"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000005c0)={0x44, &(0x7f0000000380)={0x20, 0xb, 0x1, "c9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) prlimit64(r1, 0x1b, &(0x7f0000000100)={0x8, 0xd7c}, &(0x7f0000000140)) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000fefffffc00000000000000008500000041000000850000002a00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x2, 0x2}, @array={0x0, 0x0, 0x0, 0xa, 0x3, {0x0, 0x2000000}}]}}, 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000040)={0x1, 0xd4, 0x6, &(0x7f0000000080)={0x20, "42cae8b3df20afbcf8dd178c50e5d84526580489d79a473f112453b228922bd31c"}}) 7.021320898s ago: executing program 1 (id=1573): r0 = inotify_init1(0x0) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)={{0x12, 0x1, 0x0, 0xe2, 0x79, 0x3b, 0x10, 0x5d1, 0x2001, 0x900, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x4d, 0x2f, 0x9c}}]}}]}}, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000300)={0x20, 0x16, 0x2, "fcca"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r2, 0x0, &(0x7f0000000740)={0x34, &(0x7f0000000580)={0x0, 0x15, 0x2, "85a4"}, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') read$msr(r4, &(0x7f0000000180)=""/174, 0xae) shutdown(r4, 0x1) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000300)={'syztnl1\x00', &(0x7f0000000280)={'gretap0\x00', 0x0, 0x708, 0x0, 0xffff8cd2, 0x10000, {{0x13, 0x4, 0x3, 0x6, 0x4c, 0x66, 0x0, 0x8, 0x2f, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x37}, {[@noop, @timestamp_prespec={0x44, 0x34, 0xca, 0x3, 0x3, [{@remote, 0x8}, {@broadcast}, {@private=0xa010102, 0x6}, {@multicast2, 0x100}, {@local, 0x3}, {@rand_addr=0x64010102}]}]}}}}}) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r5 = socket$xdp(0x2c, 0x3, 0x0) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x0, 0x10ffff, 0xfffffffd}) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0x1204000, 0x800, 0x8}, 0x20) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=@newtaction={0x488, 0x30, 0x1, 0x5000000, 0x0, {}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x80000001, 0x0, 0x4a, 0x8, 0xb9, 0x9, 0x8f3, 0x81, 0x1, 0xb37d, 0xede, 0x1, 0x5, 0x4, 0x5, 0x6, 0x7a, 0x4, 0x3, 0x0, 0x7, 0x6, 0x5, 0x14, 0xdfdc, 0x50000, 0x6, 0x3, 0x8, 0x8, 0x1, 0x9, 0x8, 0x5, 0x7f, 0x3, 0x3ff, 0x1, 0x8, 0xa3c, 0x10001, 0x1, 0x800, 0x5, 0x7, 0x1, 0xffffffff, 0x1, 0x7, 0x8, 0xb4, 0x4, 0xe, 0x8, 0x7fe0, 0x4, 0x8, 0xffffffff, 0x2, 0x2, 0x5, 0x80000001, 0x4, 0x60d0, 0x200, 0xf6, 0x7, 0x0, 0xc1, 0x8, 0x0, 0xf8000000, 0x7ec5, 0x6, 0x3, 0xffff7fff, 0x5, 0x400, 0x5bd, 0x6, 0x7fff, 0x4, 0x2, 0x1, 0xfe61, 0xd, 0x0, 0x0, 0x4, 0xffffffff, 0x2d, 0x80, 0x80000001, 0x3, 0x8, 0xd5, 0x4, 0x80000001, 0x59, 0x5, 0x3, 0x8, 0x1ff, 0x80000, 0x8, 0x44ba, 0x7, 0x8, 0xfffffff9, 0x1, 0x9, 0xf, 0x2, 0x0, 0x2, 0xffffffff, 0xe, 0x6, 0x6, 0x9, 0x0, 0x0, 0x5, 0x3200, 0x400, 0x8, 0x1, 0xfffffffc, 0x2, 0x5, 0xd82, 0x7, 0x7, 0x7fff, 0x81, 0x1000, 0x81, 0x3, 0x4, 0x8001, 0x80000001, 0x2, 0x8, 0x8, 0x5b97, 0x8000, 0x1, 0x5, 0x3ff, 0x5, 0x7fff, 0xf, 0x3, 0x100, 0x0, 0x7, 0xa, 0x8000, 0xe, 0x3, 0x9, 0x6, 0xb, 0xa, 0x37, 0x7, 0xf64, 0xa99, 0xffffffff, 0x8, 0x4, 0x9, 0x28000, 0x0, 0x26b, 0x9, 0x0, 0x6, 0x6, 0xfffffff7, 0x4, 0x0, 0x4, 0x6, 0x7f, 0x6, 0x6, 0x3ff, 0x38, 0x3, 0x7fffffff, 0x1ff, 0x7335152c, 0x3, 0xaf8f, 0x0, 0x66, 0x7f, 0x1, 0x9, 0x5, 0x0, 0x83, 0x5, 0xb4, 0x90, 0x10000, 0x1, 0x8, 0xd4, 0xffffff43, 0x2, 0x0, 0xffffffb7, 0x1000, 0x9, 0x1ff, 0xfffffffb, 0x1, 0x5, 0xef, 0x1, 0x9, 0x3, 0x0, 0xfd71, 0xf, 0xff, 0x2, 0x7fffffff, 0x1, 0x8, 0x2c95, 0xa, 0x400, 0x8, 0x5, 0x3, 0x8, 0x2, 0x6, 0x40, 0x3, 0xfff, 0xfffffff9, 0x7f, 0x9, 0x81, 0x5, 0x2, 0x7, 0x0, 0x3, 0xb, 0xe, 0x6]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xffff6b57, 0x3, 0x0, 0x3, 0x5f86, {0x77, 0x2, 0x97d, 0x6, 0x7fff, 0x914}, {0x4c, 0x1, 0xa97, 0x0, 0x8, 0xc10}, 0x9, 0x2, 0x3}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x488}}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000000)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f0000000080)={r6, 0x7, 0xfff}) 6.437520904s ago: executing program 4 (id=1066): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000002480), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) rename(0x0, &(0x7f0000000140)='./file0\x00') setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x2, 0x1}, 0x20) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000009440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x14, r2, 0xf691975171ad3b89, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004050) 4.457646195s ago: executing program 2 (id=1577): syz_init_net_socket$netrom(0x6, 0x5, 0x0) r0 = syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000380)=0x0, &(0x7f0000000200)=0x0) syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) gettid() timer_settime(0x0, 0x0, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fcntl$lock(r6, 0x26, &(0x7f0000000380)={0x1}) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27}) io_uring_enter(r0, 0x567, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) 3.61848268s ago: executing program 0 (id=1579): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x10, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}], {0x95, 0x0, 0x0, 0xff0f0000}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 3.525638012s ago: executing program 0 (id=1580): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="000000020d2e5bf308000300", @ANYRES32=0x0, @ANYBLOB="4800128009000100626f6e64000000003800028004000880080007000600"], 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x0) 3.52088104s ago: executing program 2 (id=1581): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffff7}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0xfffff000) 3.491327864s ago: executing program 1 (id=1582): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="8c00000010001fff000000000000000000000900", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800b000100697036677265000030000280140007002001000000000000000000000000000014000600fc020000000000000000000000000000040012000800280070cf00000c0019800500060014000000080004"], 0x8c}}, 0x0) 3.451036616s ago: executing program 2 (id=1583): socket$kcm(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) ioctl$sock_proto_private(r1, 0x8b15, &(0x7f0000000080)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) setresgid(0xee00, 0xee01, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='adfs\x00', 0x8000, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r5, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r5, 0x84, 0x15, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r5, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) prlimit64(0x0, 0x3, &(0x7f0000000140)={0x928, 0x200000008b}, 0x0) syz_init_net_socket$llc(0x1a, 0x801, 0x0) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) write$cgroup_int(r6, &(0x7f0000000180)=0x3, 0x12) 3.349547118s ago: executing program 5 (id=1584): prlimit64(0x0, 0xe, &(0x7f0000000580)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r2 = dup(r1) write$binfmt_script(r2, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014800800"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 3.21890776s ago: executing program 0 (id=1585): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b70400000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000600)=ANY=[@ANYBLOB="61124c00000000606113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000fff07006706000020000000170200000ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffbd35010000000000840400000000000014000000100000009500000000000000db13d5d8b741f2cdaabc8383c8f56b8c2b848b00ea6553f304000000815dcf00c3ee7b042d1937ba52037fdedb2150e1918c30b6301f0212feb0cff9fc56357d81b2cc1a9e37d7b75c020b070000003eb22062bafaca036d9cc7db6671573e202e0a92ee4ba12b064981cc32d1ac0b9ecc8f604dcac2563e1c1e7624cc3b88b330ad416c4c1d8c60589b6045a4ffff50df4d34bc5847bebb943a84cb56956931ba9cc39c4a9deea5d77aa843a40000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000), 0xc) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r5}, 0x18) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xfffff) 2.610786029s ago: executing program 1 (id=1586): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0xfffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) dup(0xffffffffffffffff) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000180)={0x8, {"d1347423facc5d1c40c9990badb12af40568dcf49f9a8810b8b798247df29281d071fae787e8ef6eb83481d5060be1bd1d5f4221ee4951277e25aac97f5e4b7765b0408038c6ba8f6fd9c57f3b4ffb6b2762c807cccd0d63c8b7b4e5c66e65bf436355d47d0b07e3afe376c4796d06d228507a9b36640ea5e90f393a5b251138781833fed0b6c3df77ffd6c4d0ce481977b27e84359a45d225231ce0ab05985b65c524dfaf90433e5dc08e663015d86270ce0b7b87a1d7fac3d02279d75b4928bf043317cadd8146b5e3dded47f5f74e7b0cb026dbeacb11eb7001a9e3a974e76e8ae491db04e5e060af7e956306168cb1afed82be4b2e66fc7a47117b49274747d23367c2d65f1b8d7a2b8c28e3b3115bbb90ec09f2add68bad5f9f125572d00249173c1046f043ee0aaadab9700cfc8910820cdd9ff89fbc21b37c708228104471e1b5414b87b3113d6e24d2b5b2515e4aa305cfe4aa0e30a75d682ededddcf5c5df45c1e113eeacba8104313959644fbc8c1813dac5c77314bd35981fdd95b3d46fc3f65e98b8b80c50064cd24e6d99a808cb7573755f97a4f1e771a362b41b2c1383603207c004fbf9e16db9f8fe71f9be9752c496be52bbaafd0722bb0013e33209d56557d5d3c3e76d4d3d2b4c27b0b800691291f31798fe0bf9efc57b83d5444dbcaae41f40ee4944d5b6c5b53ddf03fe6c81cf31809023765bdac31076e91864db9a73b654e7f53375a063ed3a3ca8aba998cddc9e5f9973e0ee8084388f5b8497fa33ff843dbceae13e8ef9e549252aa30d081c11951253f8d8e3b578b3ad02e2ea168c7c9e54f71a8755d7f83e0ad9a3fabb85e3c12a45f3beb48385d26d9dd22c00ead8c9b30a1959d3e345d1ba7ee049f1cba644defff7c3ba2ad549a3130103497efcf5e9c44079dcfaf4f6f55d0c488616de63d6cf659749b31dda2940923002e4395c232d376d0e8917e433e0506e96d078b9e1c050d3783b61c6ce3ba25aa745a2c97f246a0df5e4518d7e696de40b41e50dfe42935f76a4655aaf89b62df109f3ee5cced942083c2e015979e8017d0a435ccef44a6d122a7a61beb38fb0bf2cf20ff6538b343d33de81649f06b29536867760cd8fbec922f26d5373882bdf82bf7b4ce169d73cfb90e9b5366e630b1e6f86e79f935625fc84c9da002f89ed69cc902a755a0f65946466356c4d10501306c4afd04042cf9caa2ba5cdaf021549ff0f4e5329a6cf103e16be76907f038b983768c6608c29d52d5c0ecbc4d18de0d6511f976f03bf433a575680b3faa3069fb0725a46688a206cd6ac37a993fb98534c87a88517e8a8fdc1dff9243c3f328c96c5520c1549044ff729f4c1645d438afabd12f9a937c7f7eedfe11668211b595ffe174347a3a8b8c05175c8069dc44d35144a15e2cc0f4d6d2625fc2b8c89ade5d5ce723bf624694284baacefc181053d3e3cad426c832438f81177256f12e89c0cfe7647355017118a3a055e8869fa6de5ae0aba0bf0d3aa6dbc861a1ff61bbe8746d02f52c0d0d43671e153824c0db8cbbc56590b63dc87c84782ffbb6ef9ef0686501d1fdb7d7dcb1106c0c6a5fafcf82470a33009d953d64f657ddeb3a899822e41a92a089f9a9a5670c37e87c954214a05ee850e1f5387b2d8cdee9f75e8a4187053b838f7e759386bca861fa4f3a78de19c40825f77af4f316519df5a7e927b66399a6e7a6a5eb226252717fc40a1deabdff88ed50a760a3eb330038869f9b5d5b3d30c119b02e0e55fe61e1042243e912042989eae1e5ebd4e1c7b27230479e25f95eae977adb855ff10c5e6d0130d3b80c50e089c22d52943bf3a3ae6fd8f0f257ece4af2749b6c1f6b11db67c0770c6b2b86de957af81f10a06d76f9af780e805f704b823424e9782412e5788d6188d96c80c12a4e1e725e5dc6a9dbad152a688485c49b3b58f8412cad7ef04392bb8d51fe5de21dd2c49cf74c1d5bca87e339c522762cc65f7b45009e2ff57aeb067ea5bbf155d009b97ce1ee0eb0f4b5a02beb09d8fa54b63bc636ba2fa05dfe27d6e71d9f2c54a748bcdd8de453c3e7cfb039eaae05445f5146ae19eea8d1bc21364ad98439e1ee3229b1bf4e6506016ad5b526eae3d53adbcc930654a70169b895f70e64671cb5db886686ce829d6ba71c41ae6f4be6c7f2b8e770c8aecc8991ca0793abc970d2f595329d5cab231f22848415053290e33a87874a34f8f9f63847ed75bc29d48b038e3bc471da7e04bfaf14e447300a42febcd4eda28a44c45ada90acdd71a7314f7602d1f8bb46ff9d7ffdd5c246e5fb0e34df6303e7185a5897eca8bebdadb27d6754144a8aeeb9d9f0dd680fe81d22304c05f2b9020ad442ee2a98cde4e94c7a9a3c1c5db63c4b1b583e768f28c6b15d3cc8efa7d96d4a0eab8ec891a141d6b6f63530a93527ad1b47b2659a6a3d5a680f62d78adc78348affba123d8554aadd30f956b371d713654c3ee9731f9052b2b0b17a1470af0bf0f0e4d4797295ae08c96b09eef9c071bc71cdeef6bea0877f61a80a7975107f07e79fa0261f9a172c0c9841ee5a2a32c32b3882fd0a7c96f71cac2fddfd8acfff1b135a1f7b3ccf966b8b0fb32eadcfaa0c54ff11bf0abaebeaac4b0795180f240148b393668ec8911b38fb11a7042623f0c57a248b2afd30603ce8a20bc88180638d0571e51c0e3fce6f194a01762880d665369b335819d1e879307b0b01fb250577bbfe8ae03d33d0b97ceb697a1855a15f761a0108d3c59ead2194ea18c42487d900a0de473910bb0271cb54ee98b293305263ccf93a18e2a4b320ecc8e23b6d450f48b83d01f75f5b7f3354635b6e5022313f04e4cfefddcf284c2e5dde920a07303f442949ce949fbf2b08264f36dcfabdcece29d1743f839aa94cf7e747a48e6d1a4a65e9445def8c5e3d5ddf3040d24da56a7eec5edb2687eabf174b690d05bdbcdff9aec0a8dcfb94e4fff5a5b441fe3ef5b6189b2971dfb7b4976564a11bb8672d74e54251707acea501c02b66b0b7fe792e8180788b00aade3195f12b837144945e1f9263fd9894c52bea060578933702c85796c618a31243f7af6f6d4c22606fbe5ca70dadea0afa10c0ab3ae9beec09cddffa07be5b072f2dd5f3e54e3de8c232584ac76fa5dcdaeab544225c9c4786d9566eef1f0659e3ae462f9f3bef10117f77a26cf6ef3d0fa6a1d218d555f866da6e4efd5215813d28a54a98e8ef1529515f6a2bfa2cdf88797837d181965905f6878597834699995335fac5a58b5e10a4dfc8a96f2dcfd0fa122ffa0929d858a5cdf8a6347968d672e7dfea5210d2fa145c1d5731d9f8c1d37c97a8f779dc4c31ab5e7123f06c44f0efe58989bb70d4a3bfe2063360d9772653d7328f117607b5f447ea5beaf0df2408a8cb06d6d698915b8d19b9795bd411f4c129ad817bc02b563b3f92da951f952a05195f980e74d15ec221d5ccd1bf13a1bcc36d5de16b29a9465359b580230a34c2f3ed7c247ad15ffa3203d0020b5651c6b85f72c912c063b886b012b1a45c6a19d228cd8164951825de096a07d00b2e1d95d6d622682b515f1b9c72fb3f0acba749d4d4e0d8a30e3f07793d7efc567e47a90f03f01efc16fe174c8e16f84d9eff10d12175a13f064288094e9a873106c82b170858574bbcc16c5d901997b2357f750952e1155a9c2d542668cdcc31e038011b9214b7ca033aec807e07559f65879ed836be06950040fe314ff9939426ccdf47578999a517fe66a1dcadd05f6ef7659faa5cdbf0f9513677b9284dbe54497b18ac415585ef36b4a0a33972207a02c7e76960756eecff183a27be94143adf47179d8dc58c6d8834018d8169257743d77cd48a56516cfab7ce275a81e3359b72aaecf653fc52d88532adae33a1477c492aa307273252c7b61e44d7dc8e6270926560cf4abb2bdf3e821badfe807b9c69b73646e1c5d25e0d06a66c0b00b5069008c0ddaeb89d15fe63816dacd2496395e7f7c6237647dd6ebc286801ae91c05bad19a84ff8aef6628e633249ce60a5041b271ad8ceed29b75c9b9fc039854e55cb01b8bc83a89a7f69a7a6f6717c7920f030bb6617342e3418600681ced7360835323cb58d1b98c344cae84cc88fec716ba5682e786dc16e9370ada8e38e68018f770302a9e8a086b0e08f9a359d3e9c8beba655b1a247688e98650cefb822fa40c4b69221cd5e2208a76cae84fac46802887230846f74bb95da04a7bdfcaad2e9f2db404a985756a1be077e8a8c01a149818487ae896b91ff8d82bf2863712acaa564337d6e925a90b4646d06947ccf2a74d4a1a97d4cb50a53dac0a03c3e09c699a1708a0c26b7c386c97640c2a8f30d2d3bae0db2d018ce658dc3fd9802c308b00a86872fcd8d806dccc46bc763e8292f7d3d681d8cffcc95333e78ebf67bda3e90452a2e08c52957daa98ce0cf2329abda5ccac2b013bde8a4fc75b8258824e14fb87c154b7ac22f58531fcde7082aabd47cbbd0a3a112df521a5391bb047ac4fdb3ea39da1efead0860de63037253708d5e9fd63dc6ee7eacc17b6d9f5a2ea0a27059ec8ec7e696ee05727756fb31ffca4c9261cb8f72023a00d551da0bc08c21174882d5159842aa6316b4624a7d46cecc399bcfce0fca0cc5d3d307194e8bd60a76e43e0b3539ffa23a2b2a58942b1bd21f7c86cd824f4878a7e6dc946db839610f31b24d428cbd0038e314badd51f0f3dc85c3f5df1d08adacdb3553df04803700e53802c67d992e0b7ae12c660fd83cd84fe5ebd2584a5b27db59c948f9793868475b0e1b7a94b4b91555aeb2211f5518883c0f6c9662da5e9271d8e4075a92fae0c013952a947646d84e0d80ea05c6ff5a8308a32b3106e5e0299521d3facc2ab23331054429207bf895d62c949dcca014f136b99d6d42e62cb8ce740c2d10073956a66e95751d3df58e8f8be906baa58720a728ec17bcdca87f8c2e6eb458672b24105a5b4f028fc1c245b129ba99850af1688646eb8df27eb6f1c2804878b5da2280ae9f65416311709304f5e088acbd4ccca49b46ef5a5c256b1c4abd3ca07d9f8f74eefecd736b4fdf1cdfe9bdd084ed472746337afce3b6feadb9923a8b34db65b4e69c933aad7d7fd5648b2ec16c773890483dc2917ca4acd2cb4356aa6ba9769f37c550f0a3ab843d1d9b22b6b4fc6662f63b35f0f81f1b475491aa613f40ff96360ca29d07857f061fb66745caf98f7922ee920f499b56bd8a708df5cce704766ff09dcd49c952c49e1062e9b7b1ffc73982a20c71747015bcdac7fba9da1b8d9447f923b550e27a4e68f8d3b74c138e1291ead6637db271daa182cff002e3d78040378ac4b1aa3802ea70290bcd36efac75a2944ac63d0aaedca5d35f29ef168fa6c9f1f6f00a624fdee74ef2a110fe5b61e0af026b9e33a76639753b85326292a1b866b158576ae797509d6b0d1292afeed41e4d770f6b3df73140a699868ad2aa492f5f2d33447c86cbd65b02ea2fc0ac6f6741c6cb0aab6e0213ff77ad7290eb77edbcd538d7ee9d62d231382cc6e8af6d37cc37193c777faa5468023ef21ff6741905b3fd6d37476e2f2535201d9ee4b87ed35b65838757b74d7eccc00c1351fa0cf076026695c749dcdbb8ba5cc0cb17792712124b3ed779a945c5cd795ced3bb7611f26913512f34f38b946b1f06fa68c948d34ead4e162d893cae23e2389d8c22570fe9c76a0a1dc53f8a50f08872517b459d27e32ce15225c3dd27b19cdf09a2921f2d2a77b7db9c595e38d84d18cf5aac564168f", 0x1000}}, 0x1006) memfd_create(&(0x7f0000001300)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9^sA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x95\xc1\x8c2\x16\xc3\xb1h\xaf\xe0v\xb1\xf5\xb4\x1e\xcc\x05Y\xca!Y\xfd\xed\x8f\xb6\xaaj\xca\xbb{p#\xbd\xd2\xb9\x90\xe1\xb7.\xdfs\xb6\x10bX\xbcu\xe2\xb4\x8d\xcb9\x92U\xd1\xfaMk\xfd\xac\xf9\x9c\x82z\'\x9e\xd6\x91HK>\xfc\xe2A\xfcI\xfc\xd3?\xfd\xa0\x1f\x89#`\xc4\xce\xa9,\xb3,\xa8\xbe\x06\x11>\xd8\a\xfb\x0e/\x9dp?\xe7\xa8\xd1s\xda\xaa$\x90\xce\x80\x18\xfe; ^\xcd\xc5\x9a\xa5[L\xe8l\xde', 0x3) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x48380, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x80000000) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ptrace(0x10, 0x1) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') write$cgroup_pid(r3, &(0x7f0000003400), 0x12) io_uring_setup(0x2ef1, 0x0) r4 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r4, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0x1}], 0x1, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0xff00) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r5, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc) sendmsg$inet6(r5, &(0x7f0000000440)={0x0, 0x24, &(0x7f0000000080)=[{&(0x7f00000011c0)="de8da5825cdaaee3897d3755f5bf52866cf8542206e6f20cb9a54d4666bb442f5ff3ef450147bd45abc6a418cb63fd4baf09a4b597de28588eadce82167c6c07aa6bb4bd594c9f25dd86632c2a58c3b8634304f01ff89bfb90bdf64f5b6410bf731aee130b7098b84b1a5695064640b2d1d982a3d55116ccaec8e7b9cd78e73f4672258869b29a93e4573ecd08f11531b27b7e2dc74d52453149a66127f8c3210588ab31cbeefa5391edd7a4a4788291220d242b7ef18c8a04", 0xb9}], 0x1}, 0x48010) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x1, 0x20}, 0xc) syz_usb_connect$printer(0x0, 0x36, 0x0, 0x0) 2.425587895s ago: executing program 2 (id=1587): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="1400000010000100000000000000000000f5ff0a20000000000a03000000000000000000010000000900010073797a30000000006c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000021300011800b00010074617267657400002000028005000300c400000008000240000000000a0001004155444954"], 0xb4}}, 0x0) 1.621554371s ago: executing program 0 (id=1588): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10001, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x3, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) r3 = signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r4 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) read$FUSE(r3, &(0x7f0000006380)={0x2020}, 0x2020) fallocate(r4, 0x0, 0x400000000000000, 0x5) r5 = userfaultfd(0x80801) socket$netlink(0x10, 0x3, 0x8) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000100)={0xfffffffc, 0x1, 0xffffffff, 0x0, 0x7, "ff00"}) syz_open_pts(r6, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r5, 0x80189439, &(0x7f00000000c0)) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r7, 0x0, 0x0, 0x0) shutdown(r7, 0x1) getpgid(r1) sendmmsg(0xffffffffffffffff, &(0x7f000000b0c0)=[{{&(0x7f0000000280)=@ieee802154={0x24, @short={0x2, 0x0, 0xaaa0}}, 0x80, 0x0, 0x13}}], 0x1, 0x20040080) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) socket$nl_netfilter(0x10, 0x3, 0xc) 1.607691026s ago: executing program 5 (id=1589): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000100)=0x14) r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000280), 0x210000, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'syztnl2\x00', &(0x7f0000000300)={'ip6_vti0\x00', 0x0, 0x2, 0xff, 0x4, 0x2, 0x48, @dev={0xfe, 0x80, '\x00', 0x32}, @mcast1, 0x1, 0x37, 0x4, 0x1}}) sendmsg$nl_route(r0, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000500)=ANY=[@ANYBLOB="780000001300000426bd7000fbdbdf2507000000", @ANYRES32=r1, @ANYBLOB="200000005b00000014001400697054654765727370616e30000000000000050021000200000008002c0007000000080054fbe820c2c975708d16b80b1f022f56516fd27fe292faffa7cd45dd19ddba951f19bcbf78da70f189d01dccf1707c047b7b0d9f812b9271a05c67720cdffb21d2ef215a1568c96d0a1a4aa3e5041987480669e109ad58ad1463fbd993ff9f544ad7023ed448c96237e3c50b4630b39be3082e00920dd06cbb2c0bdf594c9867e0092656176dd68be069f02faffcced00e712250b66855db7017ac1d378e72caae421c3bf19a175c77fdf53d0e0d355cb9f5d6aa91abe3d8156d0c906c0469e81bd2730c", @ANYRES32=r2, @ANYBLOB="080025000100000008000500", @ANYRES32=r3, @ANYBLOB="080020000100000008002000d9ffffff050024003500000004003480"], 0x78}, 0x1, 0x0, 0x0, 0x8800}, 0x4010) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f00000004c0), r2) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00') exit(0x7) pwritev(r5, &(0x7f00000002c0)=[{&(0x7f0000000000)='\x00', 0x1}], 0x1, 0xfffe, 0x4000000) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140100001600010028bd7000fddbdf25e0000002000000000000000000000000fe80000000000000000000000000002e4e2200024e2400000a0000a02c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc000000000000000000000000000000000004d233000000fe8000000000000000000000000000aaffffffff0600000001040000000000000400000000000000dbc60000000000000101000000000000cedd19790000000007000000000000000200000000000000ea7b000000000000000400000000000009000000000000000500000000000000050000000443284d964bfa97c9bd7000023500000a0000081c0000000000000003000000010000800c0015005b0735000600000008001600"], 0x114}}, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x2, 0x0) dup(0xffffffffffffffff) ioperm(0x0, 0x8, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) 969.37064ms ago: executing program 2 (id=1590): socket(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc1400000047888137", 0xe, 0x4, &(0x7f0000000140)={0x11, 0x1a, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) r3 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r6, &(0x7f00000002c0)=ANY=[], 0x15) write$binfmt_misc(r5, &(0x7f0000000200), 0xfffffecc) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r8 = accept$alg(r7, 0x0, 0x0) write$binfmt_script(r8, &(0x7f0000000600), 0xfec8) recvmmsg(r8, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000300)=""/225, 0xe1}], 0x1, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, 0x0) splice(r4, 0x0, r6, 0x0, 0x100000006, 0x2) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000001040)={'sit0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x0, 0x4, 0x0, @empty, @rand_addr=0x3}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000080)={'erspan0\x00', &(0x7f0000000000)={'syztnl1\x00', r9, 0x8000, 0x8, 0x0, 0x4, {{0x5, 0x4, 0x3, 0xf, 0x14, 0x67, 0x0, 0x7, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}}}}) r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) pread64(r10, &(0x7f00000001c0)=""/200, 0xc8, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) r11 = userfaultfd(0x80001) ioctl$UFFDIO_API(r11, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r11, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r11, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) lseek(r10, 0x0, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280050019"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYRESDEC=0x0], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) 545.634439ms ago: executing program 0 (id=1591): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="0203000910000000010000000000000005000600000000000a00000000080000000000000000000000000000000000000000000000000000020001000000000000000702000000ff05000500000000000a00000000000000ff17000580ffffffff8000000000000100000000000000000200080008"], 0x80}}, 0x0) 4.486368ms ago: executing program 0 (id=1592): r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000180)={r0, 0x20, &(0x7f0000000140)={&(0x7f0000000080)=""/54, 0x36, 0x0, &(0x7f00000000c0)=""/88, 0x58}}, 0x10) syz_usb_connect(0x2, 0x9a2, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x80040, 0x0) (fail_nth: 10) ioctl$I2C_FUNCS(r1, 0x705, &(0x7f0000000480)=0xfffffffffffffff5) 0s ago: executing program 2 (id=1593): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf200000000000000700000008ffffffbd0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d8b570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91f0eb18e21dfdab3c84ec11377fbbfd1e000000000000"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) kernel console output (not intermixed with test programs): pcode 0x0c1a failed: -4 [ 413.761062][T10674] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 413.785605][T10674] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 413.812527][ T5186] Dev loop2: unable to read RDB block 7 [ 413.832817][ T5186] loop2: unable to read partition table [ 413.842860][ T5186] loop2: partition table beyond EOD, truncated [ 413.895795][ T5186] Dev loop2: unable to read RDB block 7 [ 413.902046][ T5186] loop2: unable to read partition table [ 413.907847][ T5186] loop2: partition table beyond EOD, truncated [ 414.001459][ T5186] Dev loop2: unable to read RDB block 7 [ 414.007073][ T5186] loop2: unable to read partition table [ 414.039685][ T5186] loop2: partition table beyond EOD, truncated [ 414.183809][ T30] audit: type=1400 audit(1747291632.500:460): avc: denied { create } for pid=10693 comm="syz.2.1220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 414.362017][T10702] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1223'. [ 414.549139][ T30] audit: type=1400 audit(1747291632.870:461): avc: denied { ioctl } for pid=10704 comm="syz.5.1224" path="socket:[29665]" dev="sockfs" ino=29665 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 415.790272][ T5820] Bluetooth: hci3: command 0x0c1a tx timeout [ 415.796284][ T5820] Bluetooth: hci0: command 0x0c1a tx timeout [ 415.803515][ T5827] Bluetooth: hci1: command 0x0406 tx timeout [ 415.810274][ T5821] Bluetooth: hci4: command 0x0c1a tx timeout [ 415.816262][ T5821] Bluetooth: hci2: command 0x0419 tx timeout [ 417.953882][ T55] Bluetooth: hci2: command 0x0419 tx timeout [ 418.001786][ T5186] Dev loop2: unable to read RDB block 7 [ 418.007404][ T5186] loop2: unable to read partition table [ 418.040046][T10613] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 418.049159][ T5186] loop2: partition table beyond EOD, truncated [ 418.414322][T10613] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 418.465396][T10613] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 418.486619][T10613] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 419.546782][T10739] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1232'. [ 419.584886][T10613] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.724001][T10613] 8021q: adding VLAN 0 to HW filter on device team0 [ 419.781983][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.789084][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.990062][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.997192][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 420.028600][ T55] Bluetooth: hci2: command 0x0419 tx timeout [ 420.119215][ T5186] Dev loop2: unable to read RDB block 7 [ 420.129661][ T5186] loop2: unable to read partition table [ 420.135978][ T5186] loop2: partition table beyond EOD, truncated [ 420.655880][ T5186] Dev loop2: unable to read RDB block 7 [ 420.667337][ T5186] loop2: unable to read partition table [ 420.682372][ T9] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 420.693306][ T5186] loop2: partition table beyond EOD, truncated [ 420.842734][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 420.864732][T10613] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 420.871089][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 420.936067][ T9] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 421.036692][ T9] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 421.055498][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.108519][T10613] veth0_vlan: entered promiscuous mode [ 421.123388][T10613] veth1_vlan: entered promiscuous mode [ 421.145672][T10613] veth0_macvtap: entered promiscuous mode [ 421.173725][T10613] veth1_macvtap: entered promiscuous mode [ 421.183236][ T9] usb 1-1: config 0 descriptor?? [ 421.218272][ T5186] Dev loop2: unable to read RDB block 7 [ 421.227810][T10613] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 421.241192][T10613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.247562][ T5186] loop2: unable to read partition table [ 421.253569][T10613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.283229][ T5186] loop2: partition table beyond EOD, truncated [ 421.283685][T10613] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 421.306410][T10613] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.316407][T10613] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.336099][T10613] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.347623][T10613] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.099667][ T9] usb 1-1: string descriptor 0 read error: -71 [ 422.107060][T10710] Bluetooth: hci2: command 0x0419 tx timeout [ 422.117889][ T9] usb 1-1: USB disconnect, device number 22 [ 422.202531][ T3001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 422.223680][ T3001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 422.254885][ T6241] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 422.263510][ T6241] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 422.505366][ T5186] Dev loop2: unable to read RDB block 7 [ 422.513774][ T5186] loop2: unable to read partition table [ 422.519586][ T5186] loop2: partition table beyond EOD, truncated [ 422.764260][ T30] audit: type=1400 audit(1747291641.090:462): avc: denied { create } for pid=10800 comm="syz.1.1246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 422.940558][ T9] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 422.988430][T10794] netlink: 'syz.2.1242': attribute type 5 has an invalid length. [ 422.989048][T10804] vxfs: WRONG superblock magic 00000000 at 1 [ 423.005744][T10804] vxfs: WRONG superblock magic 00000000 at 8 [ 423.013483][T10804] vxfs: can't find superblock. [ 423.360325][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 423.380933][ T9] usb 1-1: New USB device found, idVendor=10d2, idProduct=2865, bcdDevice=a4.c9 [ 423.413963][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.461780][ T9] usb 1-1: config 0 descriptor?? [ 423.495941][ T5186] Dev loop2: unable to read RDB block 7 [ 423.507202][ T9] usblcd 1-1:0.0: USBLCD model not supported. [ 423.519243][ T5186] loop2: unable to read partition table [ 423.535207][ T5186] loop2: partition table beyond EOD, truncated [ 423.716204][ T9] usb 1-1: USB disconnect, device number 23 [ 423.998544][T10819] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 424.786948][T10817] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1248'. [ 424.823900][T10817] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10817 comm=syz.2.1248 [ 424.927650][T10823] FAULT_INJECTION: forcing a failure. [ 424.927650][T10823] name failslab, interval 1, probability 0, space 0, times 0 [ 424.942474][T10823] CPU: 1 UID: 0 PID: 10823 Comm: syz.1.1250 Not tainted 6.15.0-rc6-syzkaller-00080-g1a80a098c606 #0 PREEMPT(full) [ 424.942497][T10823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 424.942506][T10823] Call Trace: [ 424.942511][T10823] [ 424.942517][T10823] dump_stack_lvl+0x16c/0x1f0 [ 424.942544][T10823] should_fail_ex+0x512/0x640 [ 424.942565][T10823] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 424.942583][T10823] should_failslab+0xc2/0x120 [ 424.942599][T10823] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 424.942614][T10823] ? getname_flags.part.0+0x4c/0x550 [ 424.942638][T10823] getname_flags.part.0+0x4c/0x550 [ 424.942661][T10823] getname_flags+0x93/0xf0 [ 424.942683][T10823] do_sys_openat2+0xb8/0x1d0 [ 424.942701][T10823] ? __pfx_do_sys_openat2+0x10/0x10 [ 424.942722][T10823] ? __fget_files+0x20e/0x3c0 [ 424.942741][T10823] __x64_sys_openat+0x174/0x210 [ 424.942759][T10823] ? __pfx___x64_sys_openat+0x10/0x10 [ 424.942777][T10823] ? ksys_write+0x1b9/0x240 [ 424.942800][T10823] ? rcu_is_watching+0x12/0xc0 [ 424.942826][T10823] do_syscall_64+0xcd/0x260 [ 424.942849][T10823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.942864][T10823] RIP: 0033:0x7f9b8738e969 [ 424.942877][T10823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.942891][T10823] RSP: 002b:00007f9b881f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 424.942906][T10823] RAX: ffffffffffffffda RBX: 00007f9b875b5fa0 RCX: 00007f9b8738e969 [ 424.942916][T10823] RDX: 0000000000080040 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 424.942926][T10823] RBP: 00007f9b881f0090 R08: 0000000000000000 R09: 0000000000000000 [ 424.942935][T10823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 424.942943][T10823] R13: 0000000000000000 R14: 00007f9b875b5fa0 R15: 00007ffdf5bff498 [ 424.942965][T10823] [ 425.165256][ T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.201356][ T5186] Dev loop2: unable to read RDB block 7 [ 425.214831][ T5186] loop2: unable to read partition table [ 425.224403][ T5186] loop2: partition table beyond EOD, truncated [ 425.263114][ T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.311560][ T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.372117][ T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.494441][ T13] bridge_slave_1: left allmulticast mode [ 425.500420][ T13] bridge_slave_1: left promiscuous mode [ 425.506185][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.514838][ T13] bridge_slave_0: left allmulticast mode [ 425.521617][ T13] bridge_slave_0: left promiscuous mode [ 425.527373][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 426.309363][ T5186] Dev loop2: unable to read RDB block 7 [ 426.315252][ T5186] loop2: unable to read partition table [ 426.321607][ T5186] loop2: partition table beyond EOD, truncated [ 426.636401][ T974] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 427.075137][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 427.092695][ T5816] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 427.106105][ T5816] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 427.114103][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 427.123021][ T5816] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 427.134232][ T5816] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 427.142033][ T5816] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 427.152767][ T974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 427.153610][ T13] bond0 (unregistering): Released all slaves [ 427.164412][ T974] usb 3-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00 [ 427.179771][ T974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.192662][ T974] usb 3-1: config 0 descriptor?? [ 427.671421][ T974] logitech 0003:046D:C50C.000A: unbalanced collection at end of report description [ 427.737568][ T974] logitech 0003:046D:C50C.000A: parse failed [ 427.763207][ T974] logitech 0003:046D:C50C.000A: probe with driver logitech failed with error -22 [ 427.919208][T10861] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 427.971045][T10842] hfsplus: unable to find HFS+ superblock [ 427.977873][ T30] audit: type=1400 audit(1747291646.300:463): avc: denied { wake_alarm } for pid=10840 comm="syz.2.1254" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 428.184541][T10866] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1259'. [ 428.931163][T10710] Bluetooth: hci1: command 0x0406 tx timeout [ 428.961313][T10861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 428.970042][T10861] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 429.230520][ T55] Bluetooth: hci2: command tx timeout [ 429.441738][ T5899] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 429.472559][ T13] hsr_slave_0: left promiscuous mode [ 430.042751][ T5899] usb 2-1: device descriptor read/64, error -71 [ 430.064486][ T974] usb 3-1: USB disconnect, device number 24 [ 430.101788][ T13] hsr_slave_1: left promiscuous mode [ 430.135172][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 430.144250][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 430.332867][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 430.341563][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 430.391412][ T5899] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 430.453466][ T5186] Dev loop2: unable to read RDB block 7 [ 430.459062][ T5186] loop2: unable to read partition table [ 430.482510][ T5186] loop2: partition table beyond EOD, truncated [ 430.496160][ T13] veth1_macvtap: left promiscuous mode [ 430.520343][ T13] veth0_macvtap: left promiscuous mode [ 430.525997][ T13] veth1_vlan: left promiscuous mode [ 430.553155][ T13] veth0_vlan: left promiscuous mode [ 430.591950][ T5899] usb 2-1: device descriptor read/64, error -71 [ 430.710673][ T5899] usb usb2-port1: attempt power cycle [ 430.842608][ T5814] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 431.138334][ T5814] usb 6-1: Using ep0 maxpacket: 32 [ 431.149440][ T5899] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 431.150831][ T5814] usb 6-1: config 0 has no interfaces? [ 431.163447][ T5814] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 431.172762][ T5814] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.184252][ T5814] usb 6-1: config 0 descriptor?? [ 431.192948][ T5899] usb 2-1: device descriptor read/8, error -71 [ 431.302357][ T55] Bluetooth: hci2: command tx timeout [ 431.549609][T10896] loop6: detected capacity change from 0 to 524287999 [ 431.573164][ T5814] usb 6-1: USB disconnect, device number 25 [ 431.590953][ T5899] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 431.613084][ T5899] usb 2-1: device descriptor read/8, error -71 [ 431.733728][ T5899] usb usb2-port1: unable to enumerate USB device [ 432.266980][ T13] team0 (unregistering): Port device team_slave_1 removed [ 432.269056][T10904] xt_hashlimit: size too large, truncated to 1048576 [ 432.318204][ T13] team0 (unregistering): Port device team_slave_0 removed [ 432.473907][T10907] netlink: 'syz.1.1272': attribute type 10 has an invalid length. [ 432.528248][T10908] netlink: 'syz.1.1272': attribute type 3 has an invalid length. [ 432.639123][T10902] netlink: 'syz.0.1270': attribute type 2 has an invalid length. [ 432.647427][T10907] veth1_macvtap: left promiscuous mode [ 432.656301][T10907] team0: Device veth1_macvtap failed to register rx_handler [ 432.766822][T10845] chnl_net:caif_netlink_parms(): no params data found [ 432.948109][T10845] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.957241][T10845] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.966679][T10845] bridge_slave_0: entered allmulticast mode [ 432.994144][T10845] bridge_slave_0: entered promiscuous mode [ 433.374119][T10845] bridge0: port 2(bridge_slave_1) entered blocking state [ 433.381683][T10845] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.390158][T10845] bridge_slave_1: entered allmulticast mode [ 433.394328][ T55] Bluetooth: hci2: command tx timeout [ 433.414478][T10845] bridge_slave_1: entered promiscuous mode [ 433.454262][T10845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 433.481505][T10845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 433.513596][T10922] trusted_key: encrypted_key: keyword 'loadTwÂñyK¾s' not recognized [ 433.565108][T10924] FAULT_INJECTION: forcing a failure. [ 433.565108][T10924] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 433.610376][T10924] CPU: 0 UID: 0 PID: 10924 Comm: syz.5.1276 Not tainted 6.15.0-rc6-syzkaller-00080-g1a80a098c606 #0 PREEMPT(full) [ 433.610404][T10924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 433.610415][T10924] Call Trace: [ 433.610421][T10924] [ 433.610428][T10924] dump_stack_lvl+0x16c/0x1f0 [ 433.610458][T10924] should_fail_ex+0x512/0x640 [ 433.610485][T10924] _copy_to_user+0x32/0xd0 [ 433.610513][T10924] simple_read_from_buffer+0xcb/0x170 [ 433.610542][T10924] proc_fail_nth_read+0x197/0x270 [ 433.610570][T10924] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 433.610597][T10924] ? rw_verify_area+0xcf/0x680 [ 433.610620][T10924] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 433.610646][T10924] vfs_read+0x1e1/0xc70 [ 433.610675][T10924] ? __pfx___mutex_lock+0x10/0x10 [ 433.610699][T10924] ? __pfx_vfs_read+0x10/0x10 [ 433.610731][T10924] ? __fget_files+0x20e/0x3c0 [ 433.610757][T10924] ksys_read+0x12a/0x240 [ 433.610782][T10924] ? __pfx_ksys_read+0x10/0x10 [ 433.610817][T10924] do_syscall_64+0xcd/0x260 [ 433.610844][T10924] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.610866][T10924] RIP: 0033:0x7fcd3eb8d37c [ 433.610881][T10924] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 433.610898][T10924] RSP: 002b:00007fcd3fa42030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 433.610914][T10924] RAX: ffffffffffffffda RBX: 00007fcd3edb5fa0 RCX: 00007fcd3eb8d37c [ 433.610926][T10924] RDX: 000000000000000f RSI: 00007fcd3fa420a0 RDI: 0000000000000005 [ 433.610936][T10924] RBP: 00007fcd3fa42090 R08: 0000000000000000 R09: 0000000000000000 [ 433.610946][T10924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 433.610956][T10924] R13: 0000000000000000 R14: 00007fcd3edb5fa0 R15: 00007ffdb107bab8 [ 433.610981][T10924] [ 433.822072][ T5186] Dev loop2: unable to read RDB block 7 [ 433.827685][ T5186] loop2: unable to read partition table [ 433.849940][T10845] team0: Port device team_slave_0 added [ 433.861744][ T5186] loop2: partition table beyond EOD, truncated [ 434.023364][T10845] team0: Port device team_slave_1 added [ 434.155661][T10845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 434.180334][ T5814] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 434.189949][T10845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 434.317261][T10845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 434.330619][ T5814] usb 3-1: Using ep0 maxpacket: 32 [ 434.342657][ T5814] usb 3-1: config 0 has no interfaces? [ 434.348379][ T5814] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 434.359320][T10845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 434.366327][ T5814] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.376175][T10845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 434.382385][ T5814] usb 3-1: config 0 descriptor?? [ 434.402625][T10845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 434.419602][T10936] loop8: detected capacity change from 0 to 7 [ 434.429648][T10936] Dev loop8: unable to read RDB block 7 [ 434.436637][T10936] loop8: unable to read partition table [ 434.451332][T10936] loop8: partition table beyond EOD, truncated [ 434.477676][T10936] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 434.569930][T10845] hsr_slave_0: entered promiscuous mode [ 434.591227][T10845] hsr_slave_1: entered promiscuous mode [ 434.599724][T10845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 434.609432][T10845] Cannot create hsr debugfs directory [ 434.765774][T10942] fuse: Bad value for 'fd' [ 434.828050][ T9] usb 3-1: USB disconnect, device number 25 [ 434.834894][T10942] overlayfs: upper fs does not support file handles, falling back to index=off. [ 435.562083][T10710] Bluetooth: hci2: command tx timeout [ 437.104164][ T5186] Dev loop2: unable to read RDB block 7 [ 437.119099][ T5186] loop2: unable to read partition table [ 437.129244][T10969] fuse: Unknown parameter '0x0000000000000004' [ 437.136359][T10966] FAULT_INJECTION: forcing a failure. [ 437.136359][T10966] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 437.168028][ T5186] loop2: partition table beyond EOD, truncated [ 437.174273][T10966] CPU: 0 UID: 0 PID: 10966 Comm: syz.1.1289 Not tainted 6.15.0-rc6-syzkaller-00080-g1a80a098c606 #0 PREEMPT(full) [ 437.174299][T10966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 437.174309][T10966] Call Trace: [ 437.174315][T10966] [ 437.174322][T10966] dump_stack_lvl+0x16c/0x1f0 [ 437.174352][T10966] should_fail_ex+0x512/0x640 [ 437.174380][T10966] strncpy_from_user+0x3b/0x2e0 [ 437.174405][T10966] getname_flags.part.0+0x8f/0x550 [ 437.174431][T10966] getname_flags+0x93/0xf0 [ 437.174456][T10966] do_sys_openat2+0xb8/0x1d0 [ 437.174477][T10966] ? __pfx_do_sys_openat2+0x10/0x10 [ 437.174500][T10966] ? __fget_files+0x20e/0x3c0 [ 437.174521][T10966] __x64_sys_openat+0x174/0x210 [ 437.174542][T10966] ? __pfx___x64_sys_openat+0x10/0x10 [ 437.174561][T10966] ? ksys_write+0x1b9/0x240 [ 437.174585][T10966] ? rcu_is_watching+0x12/0xc0 [ 437.174614][T10966] do_syscall_64+0xcd/0x260 [ 437.174639][T10966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.174655][T10966] RIP: 0033:0x7f9b8738e969 [ 437.174668][T10966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 437.174682][T10966] RSP: 002b:00007f9b881f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 437.174697][T10966] RAX: ffffffffffffffda RBX: 00007f9b875b5fa0 RCX: 00007f9b8738e969 [ 437.174707][T10966] RDX: 0000000000080040 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 437.174716][T10966] RBP: 00007f9b881f0090 R08: 0000000000000000 R09: 0000000000000000 [ 437.174725][T10966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 437.174734][T10966] R13: 0000000000000000 R14: 00007f9b875b5fa0 R15: 00007ffdf5bff498 [ 437.174755][T10966] [ 437.296369][ C1] vkms_vblank_simulate: vblank timer overrun [ 437.407017][ T5186] Dev loop2: unable to read RDB block 7 [ 437.414208][ T5186] loop2: unable to read partition table [ 437.423735][ T5186] loop2: partition table beyond EOD, truncated [ 437.620635][T10710] Bluetooth: hci2: command 0x0405 tx timeout [ 437.651372][ T5186] Dev loop2: unable to read RDB block 7 [ 437.762266][ T5186] loop2: unable to read partition table [ 437.768676][ T5186] loop2: partition table beyond EOD, truncated [ 437.826911][T10845] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 437.900512][T10977] netlink: 'syz.2.1294': attribute type 4 has an invalid length. [ 437.943982][T10845] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 438.248140][T10845] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 438.257419][T10980] ALSA: mixer_oss: invalid OSS volume 'uq['q¨rbP[‘~sÊŠô&2' [ 438.276733][T10845] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 438.469458][T10845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 438.562992][T10845] 8021q: adding VLAN 0 to HW filter on device team0 [ 438.614253][T10986] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1291'. [ 438.996956][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.004157][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 439.111792][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.118954][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 439.150562][ T5186] Dev loop2: unable to read RDB block 7 [ 439.227881][ T5186] loop2: unable to read partition table [ 439.279296][ T5186] loop2: partition table beyond EOD, truncated [ 439.605657][ T5186] Dev loop2: unable to read RDB block 7 [ 440.411495][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.437947][ T5186] loop2: unable to read partition table [ 440.445131][ T5186] loop2: partition table beyond EOD, truncated [ 440.616333][T10845] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 440.660551][T10845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 440.768380][T11006] fuse: Unknown parameter '0x0000000000000004' [ 440.842231][ T5186] Dev loop2: unable to read RDB block 7 [ 440.870568][ T5186] loop2: unable to read partition table [ 440.877581][ T5186] loop2: partition table beyond EOD, truncated [ 441.457475][ T5186] Dev loop2: unable to read RDB block 7 [ 441.958265][ T5186] loop2: unable to read partition table [ 441.974671][T10845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 441.988982][ T5186] loop2: partition table beyond EOD, truncated [ 442.223008][ T5186] Dev loop2: unable to read RDB block 7 [ 442.228627][ T5186] loop2: unable to read partition table [ 442.240779][ T5186] loop2: partition table beyond EOD, truncated [ 442.300677][T11034] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1309'. [ 442.592694][T11041] befs: (nbd5): No write support. Marking filesystem read-only [ 442.601135][T11041] syz.5.1308: attempt to access beyond end of device [ 442.601135][T11041] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0 [ 442.614163][T11041] befs: (nbd5): unable to read superblock [ 443.012354][ T5186] Dev loop2: unable to read RDB block 7 [ 443.037129][ T5186] loop2: unable to read partition table [ 443.098562][T11042] loop6: detected capacity change from 0 to 524287999 [ 443.439112][ T5186] loop2: partition table beyond EOD, truncated [ 443.639224][ T5186] Dev loop2: unable to read RDB block 7 [ 443.670321][ T5186] loop2: unable to read partition table [ 443.676366][ T5186] loop2: partition table beyond EOD, truncated [ 443.854586][T10845] veth0_vlan: entered promiscuous mode [ 443.868674][T10845] veth1_vlan: entered promiscuous mode [ 443.877011][T11058] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 444.437781][T11058] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 444.865775][T10845] veth0_macvtap: entered promiscuous mode [ 444.887348][ T30] audit: type=1400 audit(1747291663.210:464): avc: denied { write } for pid=11056 comm="syz.2.1315" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 444.927174][T10845] veth1_macvtap: entered promiscuous mode [ 445.975950][T10845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 446.013623][ T5186] Dev loop2: unable to read RDB block 7 [ 446.026543][T10845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 446.040115][ T5186] loop2: unable to read partition table [ 446.057200][ T5186] loop2: partition table beyond EOD, truncated [ 446.080247][T10845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.191226][T10845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 446.212294][T10845] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.226362][T10845] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.235821][T10845] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.249754][T10845] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.815785][ T5186] Dev loop2: unable to read RDB block 7 [ 446.827735][ T5186] loop2: unable to read partition table [ 446.875988][ T5186] loop2: partition table beyond EOD, truncated [ 448.300485][T11090] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1324'. [ 448.548434][ T6646] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 448.583258][ T6646] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 448.955353][ T3001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 449.040345][ T3001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 449.182445][ T30] audit: type=1400 audit(1747291667.510:465): avc: denied { listen } for pid=11106 comm="syz.0.1329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 449.212795][ T5186] Dev loop2: unable to read RDB block 7 [ 449.221504][ T5186] loop2: unable to read partition table [ 449.230292][ T30] audit: type=1400 audit(1747291667.510:466): avc: denied { accept } for pid=11106 comm="syz.0.1329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 449.266022][ T5186] loop2: partition table beyond EOD, truncated [ 449.385332][ T30] audit: type=1326 audit(1747291667.560:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 449.422017][ T30] audit: type=1326 audit(1747291667.560:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 449.457541][ T30] audit: type=1326 audit(1747291667.580:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 449.563766][ T30] audit: type=1326 audit(1747291667.580:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 449.613149][ T5186] Dev loop2: unable to read RDB block 7 [ 449.626717][ T5186] loop2: unable to read partition table [ 449.666989][ T5186] loop2: partition table beyond EOD, truncated [ 449.677102][ T30] audit: type=1326 audit(1747291667.580:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 449.797970][ T30] audit: type=1326 audit(1747291667.580:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 449.839813][ T5186] Dev loop2: unable to read RDB block 7 [ 449.842277][ T30] audit: type=1326 audit(1747291667.580:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 449.971314][ T30] audit: type=1326 audit(1747291667.580:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 449.995153][ T30] audit: type=1326 audit(1747291667.580:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fcbc458e9a3 code=0x7ffc0000 [ 450.606666][T11127] netlink: 'syz.5.1334': attribute type 4 has an invalid length. [ 450.955196][ T30] audit: type=1326 audit(1747291667.580:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fcbc458e9a3 code=0x7ffc0000 [ 450.983888][ T5186] loop2: unable to read partition table [ 450.989920][ T5186] loop2: partition table beyond EOD, truncated [ 451.187872][ T30] audit: type=1326 audit(1747291667.580:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 451.211246][ C0] vkms_vblank_simulate: vblank timer overrun [ 451.221619][ T30] audit: type=1326 audit(1747291667.590:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 451.249223][ T30] audit: type=1326 audit(1747291667.590:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 451.272634][ C0] vkms_vblank_simulate: vblank timer overrun [ 451.332528][ T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.355967][ T30] audit: type=1326 audit(1747291667.590:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11106 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 451.547304][ T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.600491][ T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.645848][ T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.757421][ T13] bridge_slave_1: left allmulticast mode [ 451.764923][ T13] bridge_slave_1: left promiscuous mode [ 451.771118][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.779498][ T13] bridge_slave_0: left allmulticast mode [ 451.786180][ T13] bridge_slave_0: left promiscuous mode [ 451.791986][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.073006][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 452.086164][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 452.098040][ T13] bond0 (unregistering): Released all slaves [ 452.107308][T11135] overlayfs: failed to resolve 'obj_role=,/': -2 [ 452.124247][T11135] zonefs (nullb0) ERROR: Not a zoned block device [ 452.439835][T11142] overlayfs: failed to resolve './file1': -2 [ 452.778017][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 452.791389][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 453.360509][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 453.384400][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 453.392341][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 453.586885][ T5186] Dev loop2: unable to read RDB block 7 [ 453.592650][ T5186] loop2: unable to read partition table [ 454.060579][ T5186] loop2: partition table beyond EOD, truncated [ 454.289280][ T30] audit: type=1400 audit(2000000000.000:481): avc: denied { ioctl } for pid=11139 comm="syz.5.1338" path="socket:[34598]" dev="sockfs" ino=34598 ioctlcmd=0x5618 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 454.380695][T11166] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1342'. [ 454.381398][T11167] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11167 comm=syz.2.1342 [ 454.563156][ T13] hsr_slave_0: left promiscuous mode [ 454.579165][ T13] hsr_slave_1: left promiscuous mode [ 454.589296][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 454.613370][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 454.737806][ T5186] Dev loop2: unable to read RDB block 7 [ 454.743642][ T5186] loop2: unable to read partition table [ 454.749340][ T5186] loop2: partition table beyond EOD, truncated [ 454.766863][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 455.285794][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 455.850474][ T55] Bluetooth: hci2: command tx timeout [ 456.083337][ T13] veth1_macvtap: left promiscuous mode [ 456.089235][ T13] veth0_macvtap: left promiscuous mode [ 456.097523][ T13] veth1_vlan: left promiscuous mode [ 456.105916][ T13] veth0_vlan: left promiscuous mode [ 456.608899][T11188] overlayfs: failed to resolve 'obj_role=,/': -2 [ 456.648868][T11191] zonefs (nullb0) ERROR: Not a zoned block device [ 457.391625][ T5186] Dev loop2: unable to read RDB block 7 [ 457.402700][ T5186] loop2: unable to read partition table [ 457.415477][ T5186] loop2: partition table beyond EOD, truncated [ 457.427700][ T13] team0 (unregistering): Port device team_slave_1 removed [ 457.860262][ T55] Bluetooth: hci2: command tx timeout [ 458.275464][T11202] xt_cgroup: invalid path, errno=-2 [ 458.337244][ T5186] Dev loop2: unable to read RDB block 7 [ 458.349255][ T5186] loop2: unable to read partition table [ 458.356985][ T13] team0 (unregistering): Port device team_slave_0 removed [ 458.358197][ T5186] loop2: partition table beyond EOD, truncated [ 459.239697][T11193] netlink: 'syz.0.1347': attribute type 2 has an invalid length. [ 459.256312][T11200] netlink: 'syz.1.1351': attribute type 4 has an invalid length. [ 459.676683][T11149] chnl_net:caif_netlink_parms(): no params data found [ 459.700588][ T24] usb 1-1: new low-speed USB device number 24 using dummy_hcd [ 459.761541][T11149] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.768981][T11149] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.776768][T11149] bridge_slave_0: entered allmulticast mode [ 459.785408][T11149] bridge_slave_0: entered promiscuous mode [ 459.797194][T11149] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.808492][T11149] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.816717][T11149] bridge_slave_1: entered allmulticast mode [ 459.824972][T11149] bridge_slave_1: entered promiscuous mode [ 459.848712][T11149] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 459.859823][T11149] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 459.870759][ T24] usb 1-1: Invalid ep0 maxpacket: 64 [ 459.886594][ T30] audit: type=1400 audit(2000000005.590:482): avc: denied { map } for pid=11230 comm="syz.5.1359" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 459.895639][T11149] team0: Port device team_slave_0 added [ 459.918792][T11149] team0: Port device team_slave_1 added [ 459.940560][ T55] Bluetooth: hci2: command tx timeout [ 459.946303][ T5814] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 459.972692][T11149] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 459.981144][T11149] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.008768][T11149] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 460.020287][ T24] usb 1-1: new low-speed USB device number 25 using dummy_hcd [ 460.026848][T11149] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 460.036192][T11149] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.069689][T11149] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 460.110345][ T5814] usb 2-1: Using ep0 maxpacket: 16 [ 460.124816][T11149] hsr_slave_0: entered promiscuous mode [ 460.131925][T11149] hsr_slave_1: entered promiscuous mode [ 460.138308][T11149] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 460.148214][T11149] Cannot create hsr debugfs directory [ 460.333293][ T5814] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 460.346388][ T5814] usb 2-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 460.355581][ T24] usb 1-1: Invalid ep0 maxpacket: 64 [ 460.361157][ T24] usb usb1-port1: attempt power cycle [ 460.368742][ T5814] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.377251][ T5814] usb 2-1: Product: syz [ 460.383399][ T5814] usb 2-1: Manufacturer: syz [ 460.388994][ T5814] usb 2-1: SerialNumber: syz [ 460.397088][ T5814] usb 2-1: config 0 descriptor?? [ 460.638137][ T5814] usb 2-1: USB disconnect, device number 49 [ 460.694940][T11149] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 460.706547][T11149] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 460.710265][ T24] usb 1-1: new low-speed USB device number 26 using dummy_hcd [ 460.725736][T11149] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 460.737338][T11149] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 460.753354][ T24] usb 1-1: Invalid ep0 maxpacket: 64 [ 460.811046][T11149] 8021q: adding VLAN 0 to HW filter on device bond0 [ 460.842031][T11149] 8021q: adding VLAN 0 to HW filter on device team0 [ 460.855013][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.862140][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 460.877217][ T2917] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.884347][ T2917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 460.900343][ T24] usb 1-1: new low-speed USB device number 27 using dummy_hcd [ 460.931010][ T24] usb 1-1: Invalid ep0 maxpacket: 64 [ 460.939485][ T24] usb usb1-port1: unable to enumerate USB device [ 461.085757][T11149] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 461.240406][ T974] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 461.315581][T11149] veth0_vlan: entered promiscuous mode [ 461.335259][T11149] veth1_vlan: entered promiscuous mode [ 461.394227][ T974] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 461.409109][T11149] veth0_macvtap: entered promiscuous mode [ 461.418597][T11149] veth1_macvtap: entered promiscuous mode [ 461.428782][ T974] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 461.442683][T11149] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 461.450777][ T5186] Dev loop2: unable to read RDB block 7 [ 461.455334][T11149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 461.466487][ T974] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 461.467309][T11149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 461.475767][ T5186] loop2: unable to read partition table [ 461.487042][T11149] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 461.498682][ T974] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 461.512584][ T5186] loop2: partition table beyond EOD, truncated [ 461.519379][ T974] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 461.561719][T11149] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.564457][ T974] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 461.573109][T11149] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.584208][ T974] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 461.591924][T11149] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.605770][T11149] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.614603][ T974] usb 6-1: Product: syz [ 461.629688][ T974] usb 6-1: Manufacturer: syz [ 461.638622][ T974] cdc_wdm 6-1:1.0: skipping garbage [ 461.650438][ T974] cdc_wdm 6-1:1.0: skipping garbage [ 461.668200][ T974] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 461.682393][ T974] cdc_wdm 6-1:1.0: Unknown control protocol [ 462.061326][ T55] Bluetooth: hci2: command tx timeout [ 462.302414][ T9] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 462.313280][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.331926][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.358682][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.371798][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.509036][ T9] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 462.525385][ T5186] Dev loop2: unable to read RDB block 7 [ 462.533862][ T5186] loop2: unable to read partition table [ 462.545421][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.553700][ T5186] loop2: partition table beyond EOD, truncated [ 462.566131][ T9] usb 2-1: config 0 descriptor?? [ 462.656275][ T5186] Dev loop2: unable to read RDB block 7 [ 462.664446][ T5186] loop2: unable to read partition table [ 462.671166][ T5186] loop2: partition table beyond EOD, truncated [ 462.749199][ T5186] Dev loop2: unable to read RDB block 7 [ 462.756729][ T5186] loop2: unable to read partition table [ 462.764706][ T5186] loop2: partition table beyond EOD, truncated [ 462.797687][T11277] 9pnet_fd: Insufficient options for proto=fd [ 462.832747][ T5186] Dev loop2: unable to read RDB block 7 [ 462.838464][ T5186] loop2: unable to read partition table [ 462.847039][ T5186] loop2: partition table beyond EOD, truncated [ 462.925908][T11282] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'. [ 463.001731][ T9] [drm] vendor descriptor length:b9 data:07 0d 7d 27 60 4f e5 00 00 00 00 [ 463.022362][ T9] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 463.023211][T11261] netlink: 'syz.5.1361': attribute type 12 has an invalid length. [ 463.038610][ T9] [drm:udl_init] *ERROR* Selecting channel failed [ 463.058502][T11261] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1361'. [ 463.090073][T11261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 463.093379][ T9] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 463.120810][ T9] [drm] Initialized udl on minor 2 [ 463.128562][ T9] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 463.151870][T11261] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 463.161167][ T9] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 463.171490][ T974] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 463.179769][ T974] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 463.189142][ T9] usb 2-1: USB disconnect, device number 50 [ 463.294224][T11286] xt_hashlimit: size too large, truncated to 1048576 [ 463.346876][T11289] xt_HMARK: proto mask must be zero with L3 mode [ 463.359435][ T30] audit: type=1400 audit(2000000009.060:483): avc: denied { getopt } for pid=11283 comm="syz.0.1374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 463.681820][ T47] usb 6-1: USB disconnect, device number 26 [ 463.718025][ T3001] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.847954][T11283] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 463.961858][ T5186] Dev loop2: unable to read RDB block 7 [ 463.967445][ T5186] loop2: unable to read partition table [ 463.975953][ T5186] loop2: partition table beyond EOD, truncated [ 465.055365][ T3001] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.130325][ T974] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 465.166388][ T3001] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.273594][T10710] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 465.295287][T10710] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 465.300422][ T974] usb 6-1: Using ep0 maxpacket: 32 [ 465.308926][T10710] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 465.311651][ T3001] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.334952][ T974] usb 6-1: config 0 has no interfaces? [ 465.404334][T10710] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 465.412255][T10710] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 465.458569][ T5186] Dev loop2: unable to read RDB block 7 [ 465.466464][ T974] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 465.503016][ T5186] loop2: unable to read partition table [ 465.520055][ T974] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.534997][ T3001] bridge_slave_1: left allmulticast mode [ 465.537392][ T5186] loop2: partition table beyond EOD, [ 465.540850][ T3001] bridge_slave_1: left promiscuous mode [ 465.541015][ T3001] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.561493][ T3001] bridge_slave_0: left allmulticast mode [ 465.567141][ T3001] bridge_slave_0: left promiscuous mode [ 465.573086][ T3001] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.578443][ T974] usb 6-1: config 0 descriptor?? [ 465.580887][ T5186] truncated [ 465.687337][ T5186] Dev loop2: unable to read RDB block 7 [ 465.800320][ T5186] loop2: unable to read partition table [ 465.806162][ T5186] loop2: partition table beyond EOD, truncated [ 465.817474][ T24] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 465.972617][T11319] Bluetooth: MGMT ver 1.23 [ 466.389633][ T974] usb 6-1: USB disconnect, device number 27 [ 466.393089][ T24] usb 1-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 466.406405][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.414595][ T24] usb 1-1: Product: syz [ 466.418904][ T24] usb 1-1: Manufacturer: syz [ 466.425551][ T24] usb 1-1: SerialNumber: syz [ 466.434936][ T24] usb 1-1: config 0 descriptor?? [ 466.446352][ T24] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 466.510855][ T3001] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 466.521427][ T3001] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 466.546163][T11319] slcan: can't register candev [ 466.551333][T11319] Falling back ldisc for ptm0. [ 466.624514][ T5186] Dev loop2: unable to read RDB block 7 [ 466.626883][ T3001] bond0 (unregistering): Released all slaves [ 466.630104][ T5186] loop2: unable to read partition table [ 466.645562][ T5186] loop2: partition table beyond EOD, truncated [ 466.646291][T11312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 466.680613][T11312] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 466.692856][ T30] audit: type=1400 audit(2000000012.400:484): avc: denied { getopt } for pid=11322 comm="syz.2.1383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 466.792483][ T24] gspca_sq905c: sq905c_command: usb_control_msg failed (-71) [ 466.799897][ T24] sq905c 1-1:0.0: Get version command failed [ 466.856974][ T24] sq905c 1-1:0.0: probe with driver sq905c failed with error -71 [ 466.870085][T11331] netlink: 'syz.0.1384': attribute type 1 has an invalid length. [ 466.879633][ T5186] Dev loop2: unable to read RDB block 7 [ 466.891306][ T24] usb 1-1: USB disconnect, device number 28 [ 466.902724][ T5186] loop2: unable to read partition table [ 466.912534][ T5186] loop2: partition table beyond EOD, truncated [ 467.306237][T11331] 8021q: adding VLAN 0 to HW filter on device bond2 [ 467.347836][T11307] chnl_net:caif_netlink_parms(): no params data found [ 467.381070][ T5186] Dev loop2: unable to read RDB block 7 [ 467.404180][ T5186] loop2: unable to read partition table [ 467.414007][ T5186] loop2: partition table beyond EOD, truncated [ 467.460497][ T55] Bluetooth: hci2: command tx timeout [ 468.088477][ T5186] Dev loop2: unable to read RDB block 7 [ 468.101731][ T5186] loop2: unable to read partition table [ 468.118858][ T5186] loop2: partition table beyond EOD, truncated [ 468.183030][ T3001] hsr_slave_0: left promiscuous mode [ 468.192254][ T3001] hsr_slave_1: left promiscuous mode [ 468.198555][ T3001] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 468.207293][ T3001] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 468.217341][ T5186] Dev loop2: unable to read RDB block 7 [ 468.228512][ T3001] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 468.237696][ T3001] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 468.239012][ T5186] loop2: unable to read partition table [ 468.269762][ T5186] loop2: partition table beyond EOD, truncated [ 468.375574][ T3001] veth1_macvtap: left promiscuous mode [ 468.382317][T11366] overlayfs: failed to resolve 'obj_role=,/': -2 [ 468.399199][ T3001] veth0_macvtap: left promiscuous mode [ 468.409130][ T3001] veth1_vlan: left promiscuous mode [ 468.425226][ T3001] veth0_vlan: left promiscuous mode [ 468.435094][T11367] zonefs (nullb0) ERROR: Not a zoned block device [ 469.317700][T11377] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1394'. [ 469.628147][ T55] Bluetooth: hci2: command tx timeout [ 469.646497][ T24] IPVS: starting estimator thread 0... [ 469.670964][T11381] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1395'. [ 469.740540][T11379] IPVS: using max 41 ests per chain, 98400 per kthread [ 469.955076][ T3001] team0 (unregistering): Port device team_slave_1 removed [ 469.999526][ T3001] team0 (unregistering): Port device team_slave_0 removed [ 470.334644][ T5186] Dev loop2: unable to read RDB block 7 [ 470.369053][T11369] IPv6: Can't replace route, no match found [ 470.377658][T11307] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.385062][ T5186] loop2: unable to read partition table [ 470.397305][ T5186] loop2: partition table beyond EOD, truncated [ 470.403766][T11307] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.414292][T11307] bridge_slave_0: entered allmulticast mode [ 470.424466][T11387] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1396'. [ 470.431445][T11307] bridge_slave_0: entered promiscuous mode [ 470.460344][T11378] netlink: 'syz.0.1393': attribute type 2 has an invalid length. [ 470.495913][T11307] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.513840][T11307] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.531480][T11307] bridge_slave_1: entered allmulticast mode [ 470.568844][T11307] bridge_slave_1: entered promiscuous mode [ 470.680438][ T5186] Dev loop2: unable to read RDB block 7 [ 470.686185][ T5186] loop2: unable to read partition table [ 470.742649][ T5186] loop2: partition table beyond EOD, truncated [ 471.126574][T11307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 471.177926][T11307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 471.188005][ T5186] Dev loop2: unable to read RDB block 7 [ 471.197108][ T5186] loop2: unable to read partition table [ 471.207306][ T5186] loop2: partition table beyond EOD, truncated [ 471.254255][T11404] overlayfs: failed to resolve 'obj_role=,/': -2 [ 471.323778][T11399] zonefs (nullb0) ERROR: Not a zoned block device [ 471.702122][ T55] Bluetooth: hci2: command tx timeout [ 472.249495][T11307] team0: Port device team_slave_0 added [ 472.339033][T11307] team0: Port device team_slave_1 added [ 472.417997][T11412] trusted_key: encrypted_key: keyword 'loadTwÂñyK¾s' not recognized [ 472.626975][T11307] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 472.643639][ T5186] Dev loop2: unable to read RDB block 7 [ 472.644776][T11307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 472.676542][ T5186] loop2: unable to read partition table [ 472.688949][ T5186] loop2: partition table beyond EOD, truncated [ 472.807404][T11307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 472.819815][T11307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 472.827031][T11307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 472.854070][T11307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 473.829545][T11425] befs: (nbd2): No write support. Marking filesystem read-only [ 473.837282][T11425] syz.2.1405: attempt to access beyond end of device [ 473.837282][T11425] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 473.850104][T11425] befs: (nbd2): unable to read superblock [ 473.873819][ T55] Bluetooth: hci2: command tx timeout [ 474.035071][T11307] hsr_slave_0: entered promiscuous mode [ 474.041969][ T5186] Dev loop2: unable to read RDB block 7 [ 474.047527][ T5186] loop2: unable to read partition table [ 474.147927][T11307] hsr_slave_1: entered promiscuous mode [ 474.158028][T11307] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 474.169421][T11307] Cannot create hsr debugfs directory [ 474.181030][T11433] netlink: 'syz.0.1407': attribute type 2 has an invalid length. [ 474.192205][ T5186] loop2: partition table beyond EOD, truncated [ 475.143470][ T30] audit: type=1400 audit(2000000020.780:485): avc: denied { setopt } for pid=11440 comm="syz.5.1412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 475.473152][ T5186] Dev loop2: unable to read RDB block 7 [ 475.490399][ T5186] loop2: unable to read partition table [ 475.496279][ T5186] loop2: partition table beyond EOD, truncated [ 475.855598][ T974] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 476.022227][ T974] usb 6-1: Using ep0 maxpacket: 16 [ 476.075186][ T974] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 476.179733][ T974] usb 6-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 476.202415][ T974] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.221673][ T974] usb 6-1: Product: syz [ 476.226032][ T974] usb 6-1: Manufacturer: syz [ 476.231017][ T974] usb 6-1: SerialNumber: syz [ 476.244779][ T974] usb 6-1: config 0 descriptor?? [ 476.252287][ T974] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 476.361884][T11307] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 476.371389][T11307] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 476.382580][T11307] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 476.401405][T11307] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 476.445594][ T5186] Dev loop2: unable to read RDB block 7 [ 476.465136][ T5186] loop2: unable to read partition table [ 476.481742][ T5186] loop2: partition table beyond EOD, truncated [ 476.483842][ T24] usb 6-1: USB disconnect, device number 28 [ 476.559619][T11460] trusted_key: encrypted_key: keyword 'loadTwÂñyK¾s' not recognized [ 476.885905][T11307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 476.898319][T11464] netlink: 'syz.1.1418': attribute type 1 has an invalid length. [ 476.906575][ T5186] Dev loop2: unable to read RDB block 7 [ 477.009786][T11465] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 477.392425][ T5186] loop2: unable to read partition table [ 477.398266][ T5186] loop2: partition table beyond EOD, truncated [ 477.524180][T11464] 8021q: adding VLAN 0 to HW filter on device bond6 [ 477.772447][T11307] 8021q: adding VLAN 0 to HW filter on device team0 [ 477.815439][ T1049] bridge0: port 1(bridge_slave_0) entered blocking state [ 477.822573][ T1049] bridge0: port 1(bridge_slave_0) entered forwarding state [ 477.832416][ T1049] bridge0: port 2(bridge_slave_1) entered blocking state [ 477.839558][ T1049] bridge0: port 2(bridge_slave_1) entered forwarding state [ 478.160302][ T9] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 478.225597][T11485] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1423'. [ 478.237003][T11485] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1423'. [ 478.246898][T11485] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1423'. [ 478.256089][T11485] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1423'. [ 478.312148][T11485] tmpfs: Unknown parameter 'grpquota¸ü' [ 478.352442][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 478.382292][ T30] audit: type=1400 audit(2000000024.090:486): avc: denied { mount } for pid=11484 comm="syz.1.1423" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 478.460601][ T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 480.851825][T11307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 480.862226][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 481.298981][ T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 29216, setting to 1024 [ 481.316075][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 481.334546][ T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 481.366245][ T5186] Dev loop2: unable to read RDB block 7 [ 481.381469][ T5186] loop2: unable to read partition table [ 481.387283][ T5186] loop2: partition table beyond EOD, truncated [ 481.453217][ T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 481.484558][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.544993][ T9] usb 6-1: can't set config #16, error -71 [ 481.585325][ T9] usb 6-1: USB disconnect, device number 29 [ 481.609035][ T5186] Dev loop2: unable to read RDB block 7 [ 481.622058][ T5186] loop2: unable to read partition table [ 481.652938][ T5186] loop2: partition table beyond EOD, truncated [ 481.752452][T11511] trusted_key: encrypted_key: keyword 'loadTwÂñyK¾s' not recognized [ 481.770398][ T5814] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 482.043962][ T5186] Dev loop2: unable to read RDB block 7 [ 482.049573][ T5186] loop2: unable to read partition table [ 482.062085][ T5186] loop2: partition table beyond EOD, truncated [ 482.099953][T11515] netlink: 'syz.5.1427': attribute type 2 has an invalid length. [ 482.141940][T11515] netlink: 'syz.5.1427': attribute type 2 has an invalid length. [ 482.152550][T11515] netlink: 'syz.5.1427': attribute type 2 has an invalid length. [ 482.166052][ T5814] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.177424][ T5814] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.177503][T11515] netlink: 'syz.5.1427': attribute type 2 has an invalid length. [ 482.187696][ T5814] usb 1-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 482.214584][T11515] netlink: 'syz.5.1427': attribute type 2 has an invalid length. [ 482.227351][T11515] netlink: 'syz.5.1427': attribute type 2 has an invalid length. [ 482.232648][ T5814] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.250583][T11515] netlink: 'syz.5.1427': attribute type 2 has an invalid length. [ 482.260323][T11515] netlink: 'syz.5.1427': attribute type 2 has an invalid length. [ 482.270293][T11515] netlink: 'syz.5.1427': attribute type 2 has an invalid length. [ 482.278482][T11515] netlink: 'syz.5.1427': attribute type 2 has an invalid length. [ 482.312458][ T5814] usb 1-1: config 0 descriptor?? [ 482.747829][T11307] veth0_vlan: entered promiscuous mode [ 482.781393][T11307] veth1_vlan: entered promiscuous mode [ 482.907541][ T5814] thrustmaster 0003:044F:B304.000B: unknown main item tag 0x0 [ 482.917178][ T5814] thrustmaster 0003:044F:B304.000B: unknown main item tag 0x0 [ 482.949791][ T5814] thrustmaster 0003:044F:B304.000B: hidraw0: USB HID v0.00 Device [HID 044f:b304] on usb-dummy_hcd.0-1/input0 [ 482.962062][ T5814] thrustmaster 0003:044F:B304.000B: no inputs found [ 483.016975][T11307] veth0_macvtap: entered promiscuous mode [ 483.065749][T11307] veth1_macvtap: entered promiscuous mode [ 483.132180][T11307] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 483.164963][T11307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.287021][T11307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.287546][ T5186] Dev loop2: unable to read RDB block 7 [ 483.298263][T11307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 483.335489][T11307] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.347360][ T5186] loop2: unable to read partition table [ 483.361132][T11307] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.365219][ T5186] loop2: partition table beyond EOD, truncated [ 483.562269][T11529] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1432'. [ 483.642971][T11307] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.652188][T11307] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.768985][ T5186] Dev loop2: unable to read RDB block 7 [ 483.774876][ T5186] loop2: unable to read partition table [ 483.785370][ T5186] loop2: partition table beyond EOD, truncated [ 483.921132][ T1049] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.929221][ T1049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.942614][ T5186] Dev loop2: unable to read RDB block 7 [ 483.962445][ T5186] loop2: unable to read partition table [ 483.975279][ T5934] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.985636][ T5186] loop2: partition table beyond EOD, truncated [ 483.992198][ T5934] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 484.001451][T11535] overlayfs: failed to resolve './file1': -2 [ 484.096758][ T5186] Dev loop2: unable to read RDB block 7 [ 484.105237][ T5186] loop2: unable to read partition table [ 484.113530][ T5186] loop2: partition table beyond EOD, truncated [ 484.183801][T11541] FAULT_INJECTION: forcing a failure. [ 484.183801][T11541] name failslab, interval 1, probability 0, space 0, times 0 [ 484.235855][T11541] CPU: 1 UID: 0 PID: 11541 Comm: syz.2.1438 Not tainted 6.15.0-rc6-syzkaller-00080-g1a80a098c606 #0 PREEMPT(full) [ 484.235883][T11541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 484.235892][T11541] Call Trace: [ 484.235896][T11541] [ 484.235906][T11541] dump_stack_lvl+0x16c/0x1f0 [ 484.235927][T11541] should_fail_ex+0x512/0x640 [ 484.235943][T11541] ? fs_reclaim_acquire+0xae/0x150 [ 484.235960][T11541] ? tomoyo_encode2+0x100/0x3e0 [ 484.235975][T11541] should_failslab+0xc2/0x120 [ 484.235988][T11541] __kmalloc_noprof+0xd2/0x510 [ 484.235999][T11541] ? d_absolute_path+0x136/0x1a0 [ 484.236015][T11541] tomoyo_encode2+0x100/0x3e0 [ 484.236034][T11541] tomoyo_encode+0x29/0x50 [ 484.236049][T11541] tomoyo_realpath_from_path+0x18f/0x6e0 [ 484.236071][T11541] tomoyo_check_open_permission+0x2ab/0x3c0 [ 484.236086][T11541] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 484.236116][T11541] ? do_raw_spin_lock+0x12c/0x2b0 [ 484.236133][T11541] tomoyo_file_open+0x6b/0x90 [ 484.236145][T11541] security_file_open+0x84/0x1e0 [ 484.236163][T11541] do_dentry_open+0x596/0x1c10 [ 484.236186][T11541] vfs_open+0x82/0x3f0 [ 484.236201][T11541] path_openat+0x1e5e/0x2d40 [ 484.236217][T11541] ? __pfx_path_openat+0x10/0x10 [ 484.236231][T11541] do_filp_open+0x20b/0x470 [ 484.236242][T11541] ? __pfx_do_filp_open+0x10/0x10 [ 484.236263][T11541] ? alloc_fd+0x471/0x7d0 [ 484.236277][T11541] do_sys_openat2+0x11b/0x1d0 [ 484.236290][T11541] ? __pfx_do_sys_openat2+0x10/0x10 [ 484.236305][T11541] ? __fget_files+0x20e/0x3c0 [ 484.236318][T11541] __x64_sys_openat+0x174/0x210 [ 484.236332][T11541] ? __pfx___x64_sys_openat+0x10/0x10 [ 484.236345][T11541] ? ksys_write+0x1b9/0x240 [ 484.236362][T11541] ? rcu_is_watching+0x12/0xc0 [ 484.236379][T11541] do_syscall_64+0xcd/0x260 [ 484.236396][T11541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.236408][T11541] RIP: 0033:0x7f1f8118e969 [ 484.236418][T11541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 484.236429][T11541] RSP: 002b:00007f1f82092038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 484.236440][T11541] RAX: ffffffffffffffda RBX: 00007f1f813b5fa0 RCX: 00007f1f8118e969 [ 484.236447][T11541] RDX: 0000000000080040 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 484.236454][T11541] RBP: 00007f1f82092090 R08: 0000000000000000 R09: 0000000000000000 [ 484.236460][T11541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 484.236467][T11541] R13: 0000000000000000 R14: 00007f1f813b5fa0 R15: 00007ffccfc89908 [ 484.236481][T11541] [ 484.236493][T11541] ERROR: Out of memory at tomoyo_realpath_from_path. [ 484.607742][ T974] usb 1-1: USB disconnect, device number 29 [ 484.737819][ T1049] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.843006][ T1049] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.987298][ T1049] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.045222][ T5186] Dev loop2: unable to read RDB block 7 [ 485.053108][ T5186] loop2: unable to read partition table [ 485.058857][ T5186] loop2: partition table beyond EOD, truncated [ 485.124619][ T1049] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.427939][ T1049] bridge_slave_1: left allmulticast mode [ 485.433747][ T1049] bridge_slave_1: left promiscuous mode [ 485.440152][ T1049] bridge0: port 2(bridge_slave_1) entered disabled state [ 485.454701][ T1049] bridge_slave_0: left allmulticast mode [ 485.462416][ T1049] bridge_slave_0: left promiscuous mode [ 485.468050][ T1049] bridge0: port 1(bridge_slave_0) entered disabled state [ 485.809482][ T5186] Dev loop2: unable to read RDB block 7 [ 485.826502][ T5186] loop2: unable to read partition table [ 485.845187][ T1049] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 485.846921][ T5186] loop2: partition table beyond EOD, truncated [ 485.872827][ T1049] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 485.924088][ T1049] bond0 (unregistering): Released all slaves [ 486.864148][T10710] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 486.873780][T10710] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 486.881786][T10710] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 486.890520][T10710] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 486.899840][T10710] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 487.214599][T11570] [U] .ú [ 487.323456][ T5186] Dev loop2: unable to read RDB block 7 [ 487.329065][ T5186] loop2: unable to read partition table [ 487.365895][ T5186] loop2: partition table beyond EOD, truncated [ 487.372902][ T1049] hsr_slave_0: left promiscuous mode [ 487.396061][ T1049] hsr_slave_1: left promiscuous mode [ 487.415323][ T1049] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 487.434602][ T1049] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 487.496242][ T1049] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 487.504969][ T1049] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 487.538696][ T1049] veth1_macvtap: left promiscuous mode [ 487.544901][ T1049] veth0_macvtap: left promiscuous mode [ 487.553103][ T1049] veth1_vlan: left promiscuous mode [ 487.577624][ T1049] veth0_vlan: left promiscuous mode [ 488.308934][ T1049] team0 (unregistering): Port device team_slave_1 removed [ 488.338900][ T1049] team0 (unregistering): Port device team_slave_0 removed [ 488.625616][T11592] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1448'. [ 488.710756][ T5186] Dev loop2: unable to read RDB block 7 [ 488.719554][ T5186] loop2: unable to read partition table [ 488.745231][ T5186] loop2: partition table beyond EOD, truncated [ 488.798908][T11578] chnl_net:caif_netlink_parms(): no params data found [ 488.863600][ T5186] Dev loop2: unable to read RDB block 7 [ 488.880362][ T5186] loop2: unable to read partition table [ 488.886189][ T5186] loop2: partition table beyond EOD, truncated [ 489.173629][T10710] Bluetooth: hci2: command tx timeout [ 489.427746][T11578] bridge0: port 1(bridge_slave_0) entered blocking state [ 489.467735][T11578] bridge0: port 1(bridge_slave_0) entered disabled state [ 489.475637][T11578] bridge_slave_0: entered allmulticast mode [ 489.487337][T11578] bridge_slave_0: entered promiscuous mode [ 489.508907][T11578] bridge0: port 2(bridge_slave_1) entered blocking state [ 489.516162][T11578] bridge0: port 2(bridge_slave_1) entered disabled state [ 489.524504][T11578] bridge_slave_1: entered allmulticast mode [ 489.532091][T11578] bridge_slave_1: entered promiscuous mode [ 489.957707][T11578] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 490.002980][T11578] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 490.115921][T11578] team0: Port device team_slave_0 added [ 490.176727][T11578] team0: Port device team_slave_1 added [ 490.255095][T11578] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 490.264384][T11578] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 490.726651][T11578] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 490.738930][T11578] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 490.810317][T11578] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 490.941665][T11578] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 491.236735][T10710] Bluetooth: hci2: command tx timeout [ 491.541987][ T30] audit: type=1400 audit(2000000037.250:487): avc: denied { read } for pid=11645 comm="syz.1.1462" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 491.593179][T11650] overlay: ./file0 is not a directory [ 491.622032][T11650] dlm: non-version read from control device 235 [ 491.636056][T11578] hsr_slave_0: entered promiscuous mode [ 491.640811][ T30] audit: type=1400 audit(2000000037.300:488): avc: denied { shutdown } for pid=11645 comm="syz.1.1462" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 491.693743][T11578] hsr_slave_1: entered promiscuous mode [ 491.705353][ T30] audit: type=1326 audit(2000000037.300:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11645 comm="syz.1.1462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b8738e969 code=0x7ffc0000 [ 491.715939][T11578] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 491.778795][ T5186] Dev loop2: unable to read RDB block 7 [ 491.780666][T11578] Cannot create hsr debugfs directory [ 491.792235][ T5186] loop2: unable to read partition table [ 491.798048][ T5186] loop2: partition table beyond EOD, truncated [ 491.814860][ T30] audit: type=1326 audit(2000000037.300:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11645 comm="syz.1.1462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f9b8738e969 code=0x7ffc0000 [ 491.905720][ T30] audit: type=1326 audit(2000000037.330:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11645 comm="syz.1.1462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b8738e969 code=0x7ffc0000 [ 491.980466][ T30] audit: type=1326 audit(2000000037.330:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11645 comm="syz.1.1462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f9b8738e969 code=0x7ffc0000 [ 492.007210][ T30] audit: type=1326 audit(2000000037.330:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11645 comm="syz.1.1462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b8738e969 code=0x7ffc0000 [ 492.043085][ T30] audit: type=1326 audit(2000000037.330:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11645 comm="syz.1.1462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f9b8738e969 code=0x7ffc0000 [ 492.105099][ T30] audit: type=1326 audit(2000000037.330:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11645 comm="syz.1.1462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b8738e969 code=0x7ffc0000 [ 492.168529][ T30] audit: type=1326 audit(2000000037.330:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11645 comm="syz.1.1462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9b8738e969 code=0x7ffc0000 [ 492.192306][ T24] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 492.462685][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 492.473144][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 492.487865][ T24] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 492.505940][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.519321][ T24] usb 3-1: config 0 descriptor?? [ 492.529008][ T24] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 492.716160][T11578] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 492.733307][T11578] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 492.751470][T11578] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 492.772381][T11578] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 492.911073][T11578] 8021q: adding VLAN 0 to HW filter on device bond0 [ 492.965115][T11578] 8021q: adding VLAN 0 to HW filter on device team0 [ 492.978238][ T6646] bridge0: port 1(bridge_slave_0) entered blocking state [ 492.985422][ T6646] bridge0: port 1(bridge_slave_0) entered forwarding state [ 493.003190][ T1049] bridge0: port 2(bridge_slave_1) entered blocking state [ 493.010361][ T1049] bridge0: port 2(bridge_slave_1) entered forwarding state [ 493.250873][ T47] usb 2-1: new full-speed USB device number 51 using dummy_hcd [ 493.642211][T10710] Bluetooth: hci2: command tx timeout [ 493.822037][ T47] usb 2-1: config 32 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 493.834906][T11578] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 493.842828][ T47] usb 2-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 493.852486][ T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.305470][T11686] zonefs (nullb0) ERROR: Not a zoned block device [ 494.431260][T11692] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1473'. [ 494.950113][ T9] usb 3-1: USB disconnect, device number 26 [ 494.977035][ T5186] Dev loop2: unable to read RDB block 7 [ 494.982937][ T5186] loop2: unable to read partition table [ 495.002708][ T5186] loop2: partition table beyond EOD, truncated [ 495.019023][ T47] usb 2-1: string descriptor 0 read error: -71 [ 495.073273][ T47] usb 2-1: USB disconnect, device number 51 [ 495.169737][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 495.181435][T11578] veth0_vlan: entered promiscuous mode [ 495.226332][ T5186] Dev loop2: unable to read RDB block 7 [ 495.234938][ T5186] loop2: unable to read partition table [ 495.237707][T11578] veth1_vlan: entered promiscuous mode [ 495.248970][ T5186] loop2: partition table beyond EOD, truncated [ 495.424475][T11578] veth0_macvtap: entered promiscuous mode [ 495.442632][T11578] veth1_macvtap: entered promiscuous mode [ 495.459124][T11578] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 495.478504][T11578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 495.523948][T11578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.624680][T11578] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 495.636880][T11578] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.651024][T11578] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.661955][T11578] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.671173][T11578] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.794184][T10710] Bluetooth: hci2: command tx timeout [ 495.998359][ T5186] Dev loop2: unable to read RDB block 7 [ 496.034612][ T5186] loop2: unable to read partition table [ 496.068964][ T5186] loop2: partition table beyond EOD, truncated [ 496.283445][T11722] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1482'. [ 496.434418][T11722] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11722 comm=syz.1.1482 [ 496.692843][T11727] FAULT_INJECTION: forcing a failure. [ 496.692843][T11727] name failslab, interval 1, probability 0, space 0, times 0 [ 496.744677][T11727] CPU: 0 UID: 0 PID: 11727 Comm: syz.2.1481 Not tainted 6.15.0-rc6-syzkaller-00080-g1a80a098c606 #0 PREEMPT(full) [ 496.744704][T11727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 496.744715][T11727] Call Trace: [ 496.744720][T11727] [ 496.744727][T11727] dump_stack_lvl+0x16c/0x1f0 [ 496.744755][T11727] should_fail_ex+0x512/0x640 [ 496.744778][T11727] ? fs_reclaim_acquire+0xae/0x150 [ 496.744804][T11727] ? tomoyo_encode2+0x100/0x3e0 [ 496.744828][T11727] should_failslab+0xc2/0x120 [ 496.744845][T11727] __kmalloc_noprof+0xd2/0x510 [ 496.744868][T11727] tomoyo_encode2+0x100/0x3e0 [ 496.744895][T11727] tomoyo_encode+0x29/0x50 [ 496.744918][T11727] tomoyo_mount_acl+0x314/0x850 [ 496.744939][T11727] ? kernel_text_address+0x8d/0x100 [ 496.744952][T11727] ? __kernel_text_address+0xd/0x40 [ 496.744967][T11727] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 496.744999][T11727] ? tomoyo_domain+0xbb/0x150 [ 496.745009][T11727] ? tomoyo_profile+0x47/0x60 [ 496.745021][T11727] tomoyo_mount_permission+0x16d/0x420 [ 496.745036][T11727] ? tomoyo_mount_permission+0x14f/0x420 [ 496.745052][T11727] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 496.745077][T11727] security_sb_mount+0x9b/0x260 [ 496.745093][T11727] path_mount+0x128/0x1f20 [ 496.745107][T11727] ? kmem_cache_free+0x2d4/0x4d0 [ 496.745124][T11727] ? __pfx_path_mount+0x10/0x10 [ 496.745138][T11727] ? putname+0x154/0x1a0 [ 496.745153][T11727] __x64_sys_mount+0x28d/0x310 [ 496.745165][T11727] ? __pfx___x64_sys_mount+0x10/0x10 [ 496.745177][T11727] ? rcu_is_watching+0x12/0xc0 [ 496.745195][T11727] do_syscall_64+0xcd/0x260 [ 496.745212][T11727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.745224][T11727] RIP: 0033:0x7f1f8118e969 [ 496.745234][T11727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 496.745245][T11727] RSP: 002b:00007f1f82092038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 496.745256][T11727] RAX: ffffffffffffffda RBX: 00007f1f813b5fa0 RCX: 00007f1f8118e969 [ 496.745263][T11727] RDX: 0000200000004380 RSI: 0000200000000180 RDI: 0000000000000000 [ 496.745270][T11727] RBP: 00007f1f82092090 R08: 0000200000000580 R09: 0000000000000000 [ 496.745276][T11727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 496.745283][T11727] R13: 0000000000000000 R14: 00007f1f813b5fa0 R15: 00007ffccfc89908 [ 496.745297][T11727] [ 496.986451][ C0] vkms_vblank_simulate: vblank timer overrun [ 497.023243][ T3001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 497.032552][ T3001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 497.089721][ T5935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 497.118281][ T5935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 497.151831][ T5186] Dev loop2: unable to read RDB block 7 [ 497.418100][ T5186] loop2: unable to read partition table [ 497.428772][ T5186] loop2: partition table beyond EOD, truncated [ 498.090825][ T47] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 498.370754][ T5186] Dev loop2: unable to read RDB block 7 [ 498.376370][ T5186] loop2: unable to read partition table [ 498.382894][ T5186] loop2: partition table beyond EOD, truncated [ 499.010239][ T47] usb 6-1: Using ep0 maxpacket: 16 [ 499.019401][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 499.019413][ T30] audit: type=1400 audit(2000000044.720:503): avc: denied { getopt } for pid=11758 comm="syz.2.1492" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 499.070606][ T30] audit: type=1400 audit(2000000044.720:504): avc: denied { getopt } for pid=11758 comm="syz.2.1492" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 499.093314][ T47] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 499.103733][ T47] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 499.119907][ T47] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 255 [ 499.132687][ T47] usb 6-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 499.142429][ T47] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 499.180287][ T47] usb 6-1: Product: syz [ 499.184558][ T47] usb 6-1: Manufacturer: syz [ 499.189163][ T47] usb 6-1: SerialNumber: syz [ 499.675253][ T47] usb 6-1: config 0 descriptor?? [ 499.696032][T11751] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 499.722905][ T5186] Dev loop2: unable to read RDB block 7 [ 499.733777][ T5186] loop2: unable to read partition table [ 499.746182][ T5186] loop2: partition table beyond EOD, truncated [ 499.749532][ T47] mcba_usb 6-1:0.0 can0: failed tx_urb -90 [ 499.777519][ T47] mcba_usb 6-1:0.0 can0: Failed to send cmd (169) [ 499.785579][ T47] mcba_usb 6-1:0.0 can0: failed tx_urb -90 [ 499.793891][ T47] mcba_usb 6-1:0.0 can0: Failed to send cmd (169) [ 499.803452][ T47] mcba_usb 6-1:0.0: Microchip CAN BUS Analyzer connected [ 500.519579][ T5935] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.614157][ T5935] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.699677][ T5186] Dev loop2: unable to read RDB block 7 [ 500.721270][ T5186] loop2: unable to read partition table [ 500.728199][ T5186] loop2: partition table beyond EOD, truncated [ 500.764749][ T5935] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.926237][ T5935] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.062868][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.146067][ T5935] bridge_slave_1: left allmulticast mode [ 501.153980][ T5935] bridge_slave_1: left promiscuous mode [ 501.159824][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.169564][ T5935] bridge_slave_0: left allmulticast mode [ 501.177800][ T5935] bridge_slave_0: left promiscuous mode [ 501.185397][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.415845][ T5935] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 501.426213][ T5935] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 501.436760][ T5935] bond0 (unregistering): Released all slaves [ 501.447260][T11786] validate_nla: 41 callbacks suppressed [ 501.447276][T11786] netlink: 'syz.1.1497': attribute type 4 has an invalid length. [ 501.643486][ T5935] hsr_slave_0: left promiscuous mode [ 501.649181][ T5935] hsr_slave_1: left promiscuous mode [ 501.655823][ T5935] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 501.664753][ T5935] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 501.672479][ T5935] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 501.679854][ T5935] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 501.697118][ T5935] veth1_macvtap: left promiscuous mode [ 501.702984][ T5935] veth0_macvtap: left promiscuous mode [ 501.708575][ T5935] veth1_vlan: left promiscuous mode [ 501.713987][ T5935] veth0_vlan: left promiscuous mode [ 501.916098][T11796] xt_cgroup: invalid path, errno=-2 [ 501.938715][ T24] IPVS: starting estimator thread 0... [ 502.087888][T11799] NILFS (nullb0): couldn't find nilfs on the device [ 502.180297][T11798] IPVS: using max 36 ests per chain, 86400 per kthread [ 502.395432][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 502.409453][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 502.419217][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 502.429086][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 502.439291][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 503.189501][ T5186] Dev loop2: unable to read RDB block 7 [ 503.216131][ T5186] loop2: unable to read partition table [ 503.222177][ T5186] loop2: partition table beyond EOD, truncated [ 503.323025][ T10] usb 6-1: USB disconnect, device number 30 [ 503.329736][ T10] mcba_usb 6-1:0.0 can0: device disconnected [ 503.432723][T11811] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1501'. [ 503.932530][ T47] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 504.020005][ T30] audit: type=1400 audit(2000000049.720:505): avc: denied { map } for pid=11817 comm="syz.5.1506" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 504.124247][ T5186] Dev loop2: unable to read RDB block 7 [ 504.134451][ T47] usb 1-1: Using ep0 maxpacket: 32 [ 504.147305][ T5186] loop2: unable to read partition table [ 504.153517][ T5186] loop2: partition table beyond EOD, truncated [ 504.155958][ T47] usb 1-1: config 0 has no interfaces? [ 504.182876][ T47] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 504.213140][ T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.235625][ T47] usb 1-1: config 0 descriptor?? [ 504.329940][ T5935] team0 (unregistering): Port device team_slave_1 removed [ 504.422836][ T5935] team0 (unregistering): Port device team_slave_0 removed [ 504.465143][ T30] audit: type=1400 audit(2000000050.170:506): avc: denied { append } for pid=11808 comm="syz.0.1503" name="card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 504.466540][T11809] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 504.670977][T11809] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 504.680141][T10710] Bluetooth: hci2: command tx timeout [ 504.888714][ T47] usb 1-1: USB disconnect, device number 30 [ 505.205854][ T5186] Dev loop2: unable to read RDB block 7 [ 505.260555][ T5186] loop2: unable to read partition table [ 505.290590][ T5186] loop2: partition table beyond EOD, truncated [ 505.420889][ T30] audit: type=1326 audit(2000000051.120:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11829 comm="syz.2.1509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f8118e969 code=0x7ffc0000 [ 505.450373][ T30] audit: type=1326 audit(2000000051.120:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11829 comm="syz.2.1509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f8118e969 code=0x7ffc0000 [ 505.476835][ T30] audit: type=1326 audit(2000000051.120:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11829 comm="syz.2.1509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f1f8118e969 code=0x7ffc0000 [ 505.503032][ T30] audit: type=1326 audit(2000000051.120:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11829 comm="syz.2.1509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f8118e969 code=0x7ffc0000 [ 505.528108][ T30] audit: type=1326 audit(2000000051.120:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11829 comm="syz.2.1509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f8118e969 code=0x7ffc0000 [ 505.551934][ T30] audit: type=1326 audit(2000000051.120:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11829 comm="syz.2.1509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=198 compat=0 ip=0x7f1f8118e969 code=0x7ffc0000 [ 505.576480][ T30] audit: type=1326 audit(2000000051.120:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11829 comm="syz.2.1509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f8118e969 code=0x7ffc0000 [ 505.600942][ T30] audit: type=1326 audit(2000000051.120:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11829 comm="syz.2.1509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f8118e969 code=0x7ffc0000 [ 505.625136][ T30] audit: type=1326 audit(2000000051.120:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11829 comm="syz.2.1509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1f8118e969 code=0x7ffc0000 [ 506.442336][T11843] zonefs (nullb0) ERROR: Not a zoned block device [ 506.461201][ T5186] Dev loop2: unable to read RDB block 7 [ 506.467372][ T5186] loop2: unable to read partition table [ 506.470926][T11802] chnl_net:caif_netlink_parms(): no params data found [ 506.503905][ T5186] loop2: partition table beyond EOD, truncated [ 506.741598][T10710] Bluetooth: hci2: command tx timeout [ 506.848566][T11854] netlink: 'syz.5.1517': attribute type 1 has an invalid length. [ 506.953435][T11854] 8021q: adding VLAN 0 to HW filter on device bond4 [ 507.032604][ T5186] Dev loop2: unable to read RDB block 7 [ 507.038208][ T5186] loop2: unable to read partition table [ 507.060449][ T5186] loop2: partition table beyond EOD, truncated [ 507.064799][T11854] veth5: entered promiscuous mode [ 507.077006][T11854] bond4: (slave veth5): Enslaving as an active interface with a down link [ 507.090313][ T10] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 507.182237][T11802] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.210120][T11802] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.222061][T11802] bridge_slave_0: entered allmulticast mode [ 507.617774][T11802] bridge_slave_0: entered promiscuous mode [ 507.670335][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 507.673019][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 507.677594][ T10] usb 1-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 507.677621][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.677641][ T10] usb 1-1: Product: syz [ 507.677656][ T10] usb 1-1: Manufacturer: syz [ 507.677670][ T10] usb 1-1: SerialNumber: syz [ 507.681474][ T10] usb 1-1: config 0 descriptor?? [ 507.727295][ T10] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 507.741655][T11802] bridge0: port 2(bridge_slave_1) entered blocking state [ 507.788833][T11802] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.796883][T11802] bridge_slave_1: entered allmulticast mode [ 507.805588][T11802] bridge_slave_1: entered promiscuous mode [ 507.841136][T11802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 507.854224][T11802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 507.898882][T11802] team0: Port device team_slave_0 added [ 507.907393][ T9] usb 1-1: USB disconnect, device number 31 [ 508.024306][T11802] team0: Port device team_slave_1 added [ 508.056393][ T5186] Dev loop2: unable to read RDB block 7 [ 508.069478][ T5186] loop2: unable to read partition table [ 508.075670][ T5186] loop2: partition table beyond EOD, truncated [ 508.084348][T11802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 508.168760][T11878] 9pnet_fd: Insufficient options for proto=fd [ 509.051736][T10710] Bluetooth: hci2: command tx timeout [ 509.074470][T11802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.177717][T11802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 509.253768][T11802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 509.260787][T11802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.286655][ C1] vkms_vblank_simulate: vblank timer overrun [ 509.293041][T11802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 509.309757][ T5186] Dev loop2: unable to read RDB block 7 [ 509.329528][ T5186] loop2: unable to read partition table [ 509.342448][ T5186] loop2: partition table beyond EOD, truncated [ 509.412935][T11884] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.424195][T11884] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.434096][T11884] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.445788][T11884] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.488212][T11890] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1524'. [ 509.497302][T11890] tipc: Started in network mode [ 509.502274][T11890] tipc: Node identity 1, cluster identity 4711 [ 509.508438][T11890] tipc: Node number set to 1 [ 509.621538][T11897] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1527'. [ 509.664080][T11897] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11897 comm=syz.2.1527 [ 510.283784][T11802] hsr_slave_0: entered promiscuous mode [ 510.295148][ T5186] Dev loop2: unable to read RDB block 7 [ 510.305073][T11802] hsr_slave_1: entered promiscuous mode [ 510.313338][ T5186] loop2: unable to read partition table [ 510.319150][ T5186] loop2: partition table beyond EOD, truncated [ 510.325997][T11802] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 510.335801][T11802] Cannot create hsr debugfs directory [ 510.527918][T11912] FAULT_INJECTION: forcing a failure. [ 510.527918][T11912] name failslab, interval 1, probability 0, space 0, times 0 [ 510.541039][T11912] CPU: 0 UID: 0 PID: 11912 Comm: syz.1.1531 Not tainted 6.15.0-rc6-syzkaller-00080-g1a80a098c606 #0 PREEMPT(full) [ 510.541065][T11912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 510.541075][T11912] Call Trace: [ 510.541082][T11912] [ 510.541089][T11912] dump_stack_lvl+0x16c/0x1f0 [ 510.541119][T11912] should_fail_ex+0x512/0x640 [ 510.541146][T11912] ? io_cqring_event_overflow+0xcb/0x6f0 [ 510.541168][T11912] should_failslab+0xc2/0x120 [ 510.541188][T11912] __kmalloc_noprof+0xd2/0x510 [ 510.541213][T11912] io_cqring_event_overflow+0xcb/0x6f0 [ 510.541242][T11912] io_req_cqe_overflow+0x101/0x1e0 [ 510.541264][T11912] ? __pfx___sanitizer_cov_trace_pc+0x10/0x10 [ 510.541287][T11912] __io_submit_flush_completions+0x94a/0x1750 [ 510.541313][T11912] io_submit_sqes+0x9e2/0x25d0 [ 510.541349][T11912] __do_sys_io_uring_enter+0xd6a/0x1630 [ 510.541379][T11912] ? __fget_files+0x20e/0x3c0 [ 510.541396][T11912] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 510.541421][T11912] ? fput+0x70/0xf0 [ 510.541440][T11912] ? ksys_write+0x1b9/0x240 [ 510.541466][T11912] ? __pfx_ksys_write+0x10/0x10 [ 510.541500][T11912] do_syscall_64+0xcd/0x260 [ 510.541527][T11912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.541544][T11912] RIP: 0033:0x7f9b8738e969 [ 510.541559][T11912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.541576][T11912] RSP: 002b:00007f9b8817d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 510.541594][T11912] RAX: ffffffffffffffda RBX: 00007f9b875b6160 RCX: 00007f9b8738e969 [ 510.541605][T11912] RDX: 0000000000000000 RSI: 0000000000000567 RDI: 0000000000000003 [ 510.541615][T11912] RBP: 00007f9b8817d090 R08: 0000000000000000 R09: 0000000000000000 [ 510.541626][T11912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 510.541637][T11912] R13: 0000000000000000 R14: 00007f9b875b6160 R15: 00007ffdf5bff498 [ 510.541663][T11912] [ 510.801337][T11914] xt_cgroup: invalid path, errno=-2 [ 511.060256][T10710] Bluetooth: hci2: command tx timeout [ 511.934420][T11802] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 511.959743][T11802] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 512.094559][T11802] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 512.096630][ T5186] Dev loop2: unable to read RDB block 7 [ 512.124725][T11802] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 512.142909][ T5186] loop2: unable to read partition table [ 512.148870][ T5186] loop2: partition table beyond EOD, truncated [ 512.220099][T11926] 9pnet_fd: Insufficient options for proto=fd [ 512.684303][T11929] syzkaller1: entered promiscuous mode [ 512.689896][T11929] syzkaller1: entered allmulticast mode [ 512.721430][ T5186] Dev loop2: unable to read RDB block 7 [ 512.865835][ T5186] loop2: unable to read partition table [ 512.914599][ T5186] loop2: partition table beyond EOD, truncated [ 513.020644][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 513.020676][ T30] audit: type=1400 audit(2000000058.700:538): avc: denied { map } for pid=11932 comm="syz.2.1540" path="socket:[39773]" dev="sockfs" ino=39773 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 513.456508][T11942] : entered promiscuous mode [ 513.478865][T11802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.624286][ T5186] Dev loop2: unable to read RDB block 7 [ 513.626716][T11802] 8021q: adding VLAN 0 to HW filter on device team0 [ 513.629879][ T5186] loop2: unable to read partition table [ 513.651222][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.658300][ T5935] bridge0: port 1(bridge_slave_0) entered forwarding state [ 513.683627][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.690846][ T5935] bridge0: port 2(bridge_slave_1) entered forwarding state [ 513.698770][ T5186] loop2: partition table beyond EOD, truncated [ 514.365840][T11959] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 514.408406][ T30] audit: type=1400 audit(2000000060.100:539): avc: denied { name_connect } for pid=11947 comm="syz.2.1546" dest=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 514.411821][T11960] vlan2: entered allmulticast mode [ 514.437779][ T30] audit: type=1400 audit(2000000060.110:540): avc: denied { read } for pid=11947 comm="syz.2.1546" lport=51922 faddr=::ffff:172.20.255.187 fport=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 514.513288][T11961] bond7: entered allmulticast mode [ 514.795293][ T30] audit: type=1400 audit(2000000060.170:541): avc: denied { setopt } for pid=11947 comm="syz.2.1546" lport=51922 faddr=::ffff:172.20.255.187 fport=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 515.050011][ T30] audit: type=1400 audit(2000000060.740:542): avc: denied { listen } for pid=11972 comm="syz.5.1551" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 515.056830][T11802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 515.101313][T11983] zonefs (nullb0) ERROR: Not a zoned block device [ 515.246286][T11987] nbd: must specify a size in bytes for the device [ 517.665464][T12014] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1560'. [ 517.687370][T12014] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1560'. [ 517.712905][ T5186] Dev loop2: unable to read RDB block 7 [ 517.718627][ T5186] loop2: unable to read partition table [ 517.719545][T12014] netlink: 'syz.0.1560': attribute type 13 has an invalid length. [ 517.746826][ T5186] loop2: partition table beyond EOD, truncated [ 518.230385][ T30] audit: type=1400 audit(2000000063.460:543): avc: denied { create } for pid=12020 comm="syz.2.1562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 518.272875][ T5186] Dev loop2: unable to read RDB block 7 [ 518.278482][ T5186] loop2: unable to read partition table [ 518.284415][ T30] audit: type=1400 audit(2000000063.470:544): avc: denied { sys_admin } for pid=12020 comm="syz.2.1562" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 518.312363][ T5186] loop2: partition table beyond EOD, truncated [ 518.405323][T12030] zonefs (nullb0) ERROR: Not a zoned block device [ 518.418780][T11802] veth0_vlan: entered promiscuous mode [ 518.444120][T11802] veth1_vlan: entered promiscuous mode [ 518.498967][T11802] veth0_macvtap: entered promiscuous mode [ 518.522052][T11802] veth1_macvtap: entered promiscuous mode [ 518.720529][ T5186] Dev loop2: unable to read RDB block 7 [ 518.741238][T11802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 518.748621][ T5186] loop2: unable to read partition table [ 518.758063][T11802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 518.768805][T11802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 518.790725][ T5186] loop2: partition table beyond EOD, truncated [ 518.791245][T11802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 518.835729][T12042] FAULT_INJECTION: forcing a failure. [ 518.835729][T12042] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 518.858915][T11802] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 518.879586][T11802] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 518.903733][T12042] CPU: 0 UID: 0 PID: 12042 Comm: syz.0.1568 Not tainted 6.15.0-rc6-syzkaller-00080-g1a80a098c606 #0 PREEMPT(full) [ 518.903762][T12042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 518.903772][T12042] Call Trace: [ 518.903778][T12042] [ 518.903785][T12042] dump_stack_lvl+0x16c/0x1f0 [ 518.903815][T12042] should_fail_ex+0x512/0x640 [ 518.903843][T12042] _copy_to_user+0x32/0xd0 [ 518.903871][T12042] simple_read_from_buffer+0xcb/0x170 [ 518.903899][T12042] proc_fail_nth_read+0x197/0x270 [ 518.903926][T12042] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 518.903954][T12042] ? rw_verify_area+0xcf/0x680 [ 518.903976][T12042] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 518.904002][T12042] vfs_read+0x1e1/0xc70 [ 518.904031][T12042] ? __pfx___mutex_lock+0x10/0x10 [ 518.904056][T12042] ? __pfx_vfs_read+0x10/0x10 [ 518.904089][T12042] ? __fget_files+0x20e/0x3c0 [ 518.904114][T12042] ksys_read+0x12a/0x240 [ 518.904139][T12042] ? __pfx_ksys_read+0x10/0x10 [ 518.904163][T12042] ? rcu_is_watching+0x12/0xc0 [ 518.904192][T12042] do_syscall_64+0xcd/0x260 [ 518.904220][T12042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.904237][T12042] RIP: 0033:0x7fcbc458d37c [ 518.904251][T12042] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 518.904268][T12042] RSP: 002b:00007fcbc23d5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 518.904290][T12042] RAX: ffffffffffffffda RBX: 00007fcbc47b6160 RCX: 00007fcbc458d37c [ 518.904301][T12042] RDX: 000000000000000f RSI: 00007fcbc23d50a0 RDI: 0000000000000006 [ 518.904312][T12042] RBP: 00007fcbc23d5090 R08: 0000000000000000 R09: 0000000000000000 [ 518.904322][T12042] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 [ 518.904332][T12042] R13: 0000000000000000 R14: 00007fcbc47b6160 R15: 00007ffde8975fb8 [ 518.904358][T12042] [ 518.905109][T11802] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.188240][T11802] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.230315][ T24] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 519.334996][ T6646] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 519.347224][ T6646] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.380332][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 519.386126][ T24] usb 6-1: too many configurations: 90, using maximum allowed: 8 [ 519.387284][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 519.406087][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.406729][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 31 [ 519.441394][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 31 [ 519.452351][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 31 [ 519.465979][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 31 [ 519.484535][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 31 [ 519.494868][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 31 [ 519.505191][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 31 [ 519.515562][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 31 [ 519.525987][ T24] usb 6-1: New USB device found, idVendor=57d9, idProduct=0025, bcdDevice=29.40 [ 519.531316][ T9] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 519.535787][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=230 [ 519.574514][ T24] usb 6-1: SerialNumber: syz [ 519.686640][ T24] usb 6-1: config 0 descriptor?? [ 519.894564][ T1049] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.022937][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 520.043712][ T9] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 520.050290][ T1049] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.060045][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.075559][ T9] usb 2-1: Product: syz [ 520.079770][ T9] usb 2-1: Manufacturer: syz [ 520.084900][ T9] usb 2-1: SerialNumber: syz [ 520.099647][ T9] usb 2-1: config 0 descriptor?? [ 520.107962][ T9] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 520.115382][ T5186] Dev loop2: unable to read RDB block 7 [ 520.118786][ T9] usb 2-1: Detected FT232H [ 520.122245][ T5186] loop2: unable to read partition table [ 520.133453][ T5186] loop2: partition table beyond EOD, truncated [ 520.152493][ T1049] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.231815][T12056] batadv1: entered promiscuous mode [ 520.250787][ T30] audit: type=1326 audit(2000000065.920:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12053 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 520.308987][ T1049] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.321017][ T30] audit: type=1326 audit(2000000065.920:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12053 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 520.387085][ T30] audit: type=1326 audit(2000000065.920:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12053 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 520.415880][ T30] audit: type=1326 audit(2000000065.920:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12053 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 520.418929][ T9] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 520.447883][ T30] audit: type=1326 audit(2000000065.920:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12053 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 520.475074][ T30] audit: type=1326 audit(2000000065.920:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12053 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 520.499167][ T30] audit: type=1326 audit(2000000065.920:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12053 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 520.522984][ T30] audit: type=1326 audit(2000000065.920:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12053 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc458e969 code=0x7ffc0000 [ 520.867294][ T9] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 520.934222][ T1049] bridge_slave_1: left allmulticast mode [ 520.939894][ T1049] bridge_slave_1: left promiscuous mode [ 520.947417][ T1049] bridge0: port 2(bridge_slave_1) entered disabled state [ 520.958090][ T1049] bridge_slave_0: left allmulticast mode [ 520.965166][ T1049] bridge_slave_0: left promiscuous mode [ 520.994793][ T1049] bridge0: port 1(bridge_slave_0) entered disabled state [ 521.807490][ T5186] Dev loop2: unable to read RDB block 7 [ 521.817169][ T5186] loop2: unable to read partition table [ 521.829947][ T5186] loop2: partition table beyond EOD, truncated [ 521.987538][ T24] usb 2-1: USB disconnect, device number 52 [ 522.072984][T12073] FAULT_INJECTION: forcing a failure. [ 522.072984][T12073] name failslab, interval 1, probability 0, space 0, times 0 [ 522.085746][T12073] CPU: 0 UID: 0 PID: 12073 Comm: syz.2.1577 Not tainted 6.15.0-rc6-syzkaller-00080-g1a80a098c606 #0 PREEMPT(full) [ 522.085770][T12073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 522.085780][T12073] Call Trace: [ 522.085788][T12073] [ 522.085794][T12073] dump_stack_lvl+0x16c/0x1f0 [ 522.085823][T12073] should_fail_ex+0x512/0x640 [ 522.085850][T12073] ? io_cqring_event_overflow+0xcb/0x6f0 [ 522.085873][T12073] should_failslab+0xc2/0x120 [ 522.085894][T12073] __kmalloc_noprof+0xd2/0x510 [ 522.085919][T12073] io_cqring_event_overflow+0xcb/0x6f0 [ 522.085948][T12073] io_req_cqe_overflow+0x101/0x1e0 [ 522.085974][T12073] __io_submit_flush_completions+0x94a/0x1750 [ 522.086000][T12073] io_submit_sqes+0x9e2/0x25d0 [ 522.086036][T12073] __do_sys_io_uring_enter+0xd6a/0x1630 [ 522.086060][T12073] ? __pfx___schedule+0x10/0x10 [ 522.086082][T12073] ? __fget_files+0x20e/0x3c0 [ 522.086098][T12073] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 522.086123][T12073] ? fput+0x70/0xf0 [ 522.086144][T12073] ? ksys_write+0x1b9/0x240 [ 522.086179][T12073] do_syscall_64+0xcd/0x260 [ 522.086207][T12073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.086225][T12073] RIP: 0033:0x7f1f8118e969 [ 522.086252][T12073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 522.086269][T12073] RSP: 002b:00007f1f8201f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 522.086285][T12073] RAX: ffffffffffffffda RBX: 00007f1f813b6160 RCX: 00007f1f8118e969 [ 522.086296][T12073] RDX: 0000000000000000 RSI: 0000000000000567 RDI: 0000000000000003 [ 522.086306][T12073] RBP: 00007f1f8201f090 R08: 0000000000000000 R09: 0000000000000000 [ 522.086317][T12073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 522.086327][T12073] R13: 0000000000000000 R14: 00007f1f813b6160 R15: 00007ffccfc89908 [ 522.086353][T12073] [ 522.279027][ T24] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 522.311060][ T24] ftdi_sio 2-1:0.0: device disconnected [ 522.573931][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 522.590528][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 522.607058][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 522.624585][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 522.637116][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 522.735806][T12081] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1580'. [ 522.778937][ T5186] Dev loop2: unable to read RDB block 7 [ 522.792745][ T1049] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 522.803837][ T5186] loop2: unable to read partition table [ 522.812283][T12085] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1582'. [ 522.823523][ T5186] loop2: partition table beyond EOD, truncated [ 522.842436][ T1049] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 522.852157][ T5186] Dev loop2: unable to read RDB block 7 [ 522.857772][ T5186] loop2: unable to read partition table [ 522.859315][ T1049] bond0 (unregistering): Released all slaves [ 522.867871][ T5186] loop2: partition table beyond EOD, truncated [ 522.890624][ T24] usb 6-1: USB disconnect, device number 31 [ 522.897479][T12087] warning: `syz.2.1583' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 522.915424][T12081] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 523.113087][T12090] syz.2.1583: attempt to access beyond end of device [ 523.113087][T12090] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0 [ 523.125987][T12090] ADFS-fs (nbd2): error: unable to read block 3, try 0 [ 523.611591][T12091] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 523.875933][ T5186] Dev loop2: unable to read RDB block 7 [ 524.372161][ T5186] loop2: unable to read partition table [ 524.435009][T12101] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[12101] [ 524.437963][ T5186] loop2: partition table beyond EOD, truncated [ 524.464115][T12101] syz.1.1586 (12101): /proc/12101/oom_adj is deprecated, please use /proc/12101/oom_score_adj instead. [ 524.506565][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 524.506614][ T30] audit: type=1400 audit(2000000070.190:586): avc: denied { write } for pid=12098 comm="syz.1.1586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 524.822181][ T55] Bluetooth: hci2: command tx timeout [ 525.329142][ T5186] Dev loop2: unable to read RDB block 7 [ 525.334775][ T5186] loop2: unable to read partition table [ 525.342091][ T5186] loop2: partition table beyond EOD, truncated [ 525.370506][T12115] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1589'. [ 525.573480][ T1049] hsr_slave_0: left promiscuous mode [ 525.597207][ T1049] hsr_slave_1: left promiscuous mode [ 525.619780][ T1049] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 525.631732][ T1049] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 525.692613][ T1049] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 525.706744][ T1049] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 525.753224][ T1049] veth1_macvtap: left promiscuous mode [ 525.766932][ T1049] veth0_macvtap: left promiscuous mode [ 525.778792][ T1049] veth1_vlan: left promiscuous mode [ 525.784385][ T1049] veth0_vlan: left promiscuous mode [ 526.295082][ T5186] Dev loop2: unable to read RDB block 7 [ 526.326692][ T5186] loop2: unable to read partition table [ 526.356043][ T5186] loop2: partition table beyond EOD, truncated [ 526.386198][T12125] FAULT_INJECTION: forcing a failure. [ 526.386198][T12125] name failslab, interval 1, probability 0, space 0, times 0 [ 526.408255][ T30] audit: type=1400 audit(2000000072.110:587): avc: denied { firmware_load } for pid=6241 comm="kworker/u8:12" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 526.413147][T12125] CPU: 0 UID: 0 PID: 12125 Comm: syz.0.1592 Not tainted 6.15.0-rc6-syzkaller-00080-g1a80a098c606 #0 PREEMPT(full) [ 526.413170][T12125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 526.413179][T12125] Call Trace: [ 526.413185][T12125] [ 526.413191][T12125] dump_stack_lvl+0x16c/0x1f0 [ 526.413218][T12125] should_fail_ex+0x512/0x640 [ 526.413238][T12125] ? lockdep_hardirqs_on+0x7c/0x110 [ 526.413262][T12125] should_failslab+0xc2/0x120 [ 526.413280][T12125] __kmalloc_cache_noprof+0x6a/0x3e0 [ 526.413302][T12125] ? do_raw_spin_lock+0x12c/0x2b0 [ 526.413318][T12125] ? find_held_lock+0x2b/0x80 [ 526.413335][T12125] ? async_schedule_node_domain+0x54/0x120 [ 526.413361][T12125] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 526.413384][T12125] async_schedule_node_domain+0x54/0x120 [ 526.413407][T12125] dev_cache_fw_image+0x38e/0x490 [ 526.413431][T12125] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 526.413462][T12125] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 526.413484][T12125] dpm_for_each_dev+0x5d/0xb0 [ 526.413505][T12125] fw_pm_notify+0x81/0x150 [ 526.413524][T12125] notifier_call_chain+0xbc/0x410 [ 526.413545][T12125] ? __pfx_fw_pm_notify+0x10/0x10 [ 526.413570][T12125] blocking_notifier_call_chain_robust+0xc8/0x160 [ 526.413595][T12125] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 526.413621][T12125] ? do_raw_spin_unlock+0x172/0x230 [ 526.413642][T12125] pm_notifier_call_chain_robust+0x27/0x60 [ 526.413666][T12125] snapshot_open+0x189/0x2b0 [ 526.413687][T12125] ? __pfx_snapshot_open+0x10/0x10 [ 526.413708][T12125] misc_open+0x35d/0x420 [ 526.413731][T12125] ? __pfx_misc_open+0x10/0x10 [ 526.413752][T12125] chrdev_open+0x231/0x6a0 [ 526.413770][T12125] ? __pfx_chrdev_open+0x10/0x10 [ 526.413787][T12125] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 526.413816][T12125] do_dentry_open+0x741/0x1c10 [ 526.413840][T12125] ? __pfx_chrdev_open+0x10/0x10 [ 526.413861][T12125] vfs_open+0x82/0x3f0 [ 526.413883][T12125] path_openat+0x1e5e/0x2d40 [ 526.413908][T12125] ? __pfx_path_openat+0x10/0x10 [ 526.413931][T12125] do_filp_open+0x20b/0x470 [ 526.413946][T12125] ? __pfx_do_filp_open+0x10/0x10 [ 526.413980][T12125] ? alloc_fd+0x471/0x7d0 [ 526.414002][T12125] do_sys_openat2+0x11b/0x1d0 [ 526.414021][T12125] ? __pfx_do_sys_openat2+0x10/0x10 [ 526.414042][T12125] ? __fget_files+0x20e/0x3c0 [ 526.414061][T12125] __x64_sys_openat+0x174/0x210 [ 526.414079][T12125] ? __pfx___x64_sys_openat+0x10/0x10 [ 526.414097][T12125] ? ksys_write+0x1b9/0x240 [ 526.414119][T12125] ? rcu_is_watching+0x12/0xc0 [ 526.414149][T12125] do_syscall_64+0xcd/0x260 [ 526.414172][T12125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.414187][T12125] RIP: 0033:0x7fcbc458e969 [ 526.414200][T12125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 526.414214][T12125] RSP: 002b:00007fcbc5323038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 526.414229][T12125] RAX: ffffffffffffffda RBX: 00007fcbc47b5fa0 RCX: 00007fcbc458e969 [ 526.414239][T12125] RDX: 0000000000080040 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 526.414249][T12125] RBP: 00007fcbc5323090 R08: 0000000000000000 R09: 0000000000000000 [ 526.414257][T12125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 526.414267][T12125] R13: 0000000000000000 R14: 00007fcbc47b5fa0 R15: 00007ffde8975fb8 [ 526.414290][T12125] [ 526.417531][T12125] [ 526.766015][T12125] ============================================ [ 526.772145][T12125] WARNING: possible recursive locking detected [ 526.778274][T12125] 6.15.0-rc6-syzkaller-00080-g1a80a098c606 #0 Not tainted [ 526.785358][T12125] -------------------------------------------- [ 526.791501][T12125] syz.0.1592/12125 is trying to acquire lock: [ 526.797543][T12125] ffffffff8f2f1288 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x4e/0x640 [ 526.805448][T12125] [ 526.805448][T12125] but task is already holding lock: [ 526.812790][T12125] ffffffff8f2f1288 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 526.820950][T12125] [ 526.820950][T12125] other info that might help us debug this: [ 526.828988][T12125] Possible unsafe locking scenario: [ 526.828988][T12125] [ 526.836418][T12125] CPU0 [ 526.839679][T12125] ---- [ 526.842941][T12125] lock(fw_lock); [ 526.846646][T12125] lock(fw_lock); [ 526.850349][T12125] [ 526.850349][T12125] *** DEADLOCK *** [ 526.850349][T12125] [ 526.858472][T12125] May be due to missing lock nesting notation [ 526.858472][T12125] [ 526.866770][T12125] 5 locks held by syz.0.1592/12125: [ 526.871946][T12125] #0: ffffffff8f0e1988 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420 [ 526.880380][T12125] #1: ffffffff8e283dc8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 [ 526.890718][T12125] #2: ffffffff8e2c3910 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160 [ 526.902533][T12125] #3: ffffffff8f2f1288 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 526.911130][T12125] #4: ffffffff8f2ebea8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 526.920422][T12125] [ 526.920422][T12125] stack backtrace: [ 526.926291][T12125] CPU: 0 UID: 0 PID: 12125 Comm: syz.0.1592 Not tainted 6.15.0-rc6-syzkaller-00080-g1a80a098c606 #0 PREEMPT(full) [ 526.926310][T12125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 526.926318][T12125] Call Trace: [ 526.926323][T12125] [ 526.926328][T12125] dump_stack_lvl+0x116/0x1f0 [ 526.926349][T12125] print_deadlock_bug+0x1e9/0x240 [ 526.926369][T12125] __lock_acquire+0xff7/0x1ba0 [ 526.926392][T12125] ? __kasan_slab_free+0x51/0x70 [ 526.926407][T12125] lock_acquire+0x179/0x350 [ 526.926428][T12125] ? assign_fw+0x4e/0x640 [ 526.926446][T12125] ? __pfx___might_resched+0x10/0x10 [ 526.926464][T12125] ? do_sys_openat2+0x11b/0x1d0 [ 526.926480][T12125] ? __x64_sys_openat+0x174/0x210 [ 526.926496][T12125] ? do_syscall_64+0xcd/0x260 [ 526.926516][T12125] __mutex_lock+0x199/0xb90 [ 526.926535][T12125] ? assign_fw+0x4e/0x640 [ 526.926554][T12125] ? assign_fw+0x4e/0x640 [ 526.926573][T12125] ? __pfx___mutex_lock+0x10/0x10 [ 526.926595][T12125] ? kasan_quarantine_put+0x10a/0x240 [ 526.926616][T12125] ? lockdep_hardirqs_on+0x7c/0x110 [ 526.926635][T12125] ? assign_fw+0x4e/0x640 [ 526.926653][T12125] assign_fw+0x4e/0x640 [ 526.926671][T12125] ? _request_firmware+0x957/0x1470 [ 526.926692][T12125] _request_firmware+0x988/0x1470 [ 526.926715][T12125] ? __pfx__request_firmware+0x10/0x10 [ 526.926734][T12125] ? dump_stack_lvl+0x197/0x1f0 [ 526.926753][T12125] ? dump_stack_lvl+0x1a3/0x1f0 [ 526.926772][T12125] __async_dev_cache_fw_image+0xb1/0x340 [ 526.926793][T12125] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 526.926815][T12125] ? mark_held_locks+0x49/0x80 [ 526.926835][T12125] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 526.926852][T12125] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 526.926873][T12125] async_schedule_node_domain+0xd4/0x120 [ 526.926894][T12125] dev_cache_fw_image+0x38e/0x490 [ 526.926913][T12125] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 526.926933][T12125] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 526.926952][T12125] dpm_for_each_dev+0x5d/0xb0 [ 526.926970][T12125] fw_pm_notify+0x81/0x150 [ 526.926987][T12125] notifier_call_chain+0xbc/0x410 [ 526.927006][T12125] ? __pfx_fw_pm_notify+0x10/0x10 [ 526.927025][T12125] blocking_notifier_call_chain_robust+0xc8/0x160 [ 526.927046][T12125] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 526.927068][T12125] ? do_raw_spin_unlock+0x172/0x230 [ 526.927084][T12125] pm_notifier_call_chain_robust+0x27/0x60 [ 526.927106][T12125] snapshot_open+0x189/0x2b0 [ 526.927125][T12125] ? __pfx_snapshot_open+0x10/0x10 [ 526.927144][T12125] misc_open+0x35d/0x420 [ 526.927163][T12125] ? __pfx_misc_open+0x10/0x10 [ 526.927182][T12125] chrdev_open+0x231/0x6a0 [ 526.927196][T12125] ? __pfx_chrdev_open+0x10/0x10 [ 526.927210][T12125] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 526.927234][T12125] do_dentry_open+0x741/0x1c10 [ 526.927259][T12125] ? __pfx_chrdev_open+0x10/0x10 [ 526.927274][T12125] vfs_open+0x82/0x3f0 [ 526.927290][T12125] path_openat+0x1e5e/0x2d40 [ 526.927306][T12125] ? __pfx_path_openat+0x10/0x10 [ 526.927321][T12125] do_filp_open+0x20b/0x470 [ 526.927333][T12125] ? __pfx_do_filp_open+0x10/0x10 [ 526.927352][T12125] ? alloc_fd+0x471/0x7d0 [ 526.927367][T12125] do_sys_openat2+0x11b/0x1d0 [ 526.927382][T12125] ? __pfx_do_sys_openat2+0x10/0x10 [ 526.927399][T12125] ? __fget_files+0x20e/0x3c0 [ 526.927413][T12125] __x64_sys_openat+0x174/0x210 [ 526.927429][T12125] ? __pfx___x64_sys_openat+0x10/0x10 [ 526.927446][T12125] ? ksys_write+0x1b9/0x240 [ 526.927466][T12125] ? rcu_is_watching+0x12/0xc0 [ 526.927485][T12125] do_syscall_64+0xcd/0x260 [ 526.927505][T12125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.927520][T12125] RIP: 0033:0x7fcbc458e969 [ 526.927532][T12125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 526.927545][T12125] RSP: 002b:00007fcbc5323038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 526.927558][T12125] RAX: ffffffffffffffda RBX: 00007fcbc47b5fa0 RCX: 00007fcbc458e969 [ 526.927567][T12125] RDX: 0000000000080040 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 526.927576][T12125] RBP: 00007fcbc5323090 R08: 0000000000000000 R09: 0000000000000000 [ 526.927584][T12125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 526.927593][T12125] R13: 0000000000000000 R14: 00007fcbc47b5fa0 R15: 00007ffde8975fb8 [ 526.927606][T12125] [ 527.351985][ T55] Bluetooth: hci2: command tx timeout [ 527.634539][ T5186] Dev loop2: unable to read RDB block 7 [ 527.642985][ T5186] loop2: unable to read partition table [ 527.648716][ T5186] loop2: partition table beyond EOD, truncated [ 529.380218][ T55] Bluetooth: hci2: command tx timeout [ 531.470287][ T55] Bluetooth: hci2: command tx timeout