last executing test programs: 49.238438946s ago: executing program 0 (id=1255): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r1, r0, 0x2, 0x0, 0x4000, @void, @value}, 0x10) socket$inet_dccp(0x2, 0x6, 0x0) 49.050320194s ago: executing program 0 (id=1256): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000000)=0x7f, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4) sendto$packet(r0, &(0x7f00000000c0)="3f030e0033e6120306001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe94f, 0x0, &(0x7f0000000540)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 48.572290379s ago: executing program 0 (id=1258): ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000140)={&(0x7f0000362000/0x2000)=nil, &(0x7f0000fea000/0x1000)=nil, 0x2000}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001800010000000000f8dbdf2102200008000000090000000008000100e000000206001c004e20000008000700e000000208000200ffffffff080001"], 0x4c}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3400000050000104002ff827a754c3549faa7bb2", @ANYRES32=0x0, @ANYBLOB="00000000201200001400128009000100626f6e640000000004000280"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x0) 37.250315985s ago: executing program 0 (id=1258): ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000140)={&(0x7f0000362000/0x2000)=nil, &(0x7f0000fea000/0x1000)=nil, 0x2000}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001800010000000000f8dbdf2102200008000000090000000008000100e000000206001c004e20000008000700e000000208000200ffffffff080001"], 0x4c}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3400000050000104002ff827a754c3549faa7bb2", @ANYRES32=0x0, @ANYBLOB="00000000201200001400128009000100626f6e640000000004000280"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x0) 23.871009621s ago: executing program 2 (id=1408): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = memfd_secret(0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r2, r1, 0x2e, 0x4608, @void}, 0x10) bpf$LINK_DETACH(0x22, &(0x7f0000000080)=r3, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 23.793835729s ago: executing program 0 (id=1258): ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000140)={&(0x7f0000362000/0x2000)=nil, &(0x7f0000fea000/0x1000)=nil, 0x2000}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001800010000000000f8dbdf2102200008000000090000000008000100e000000206001c004e20000008000700e000000208000200ffffffff080001"], 0x4c}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3400000050000104002ff827a754c3549faa7bb2", @ANYRES32=0x0, @ANYBLOB="00000000201200001400128009000100626f6e640000000004000280"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x0) 23.57699469s ago: executing program 2 (id=1410): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xf, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x4009}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000840)='virtio_transport_alloc_pkt\x00', r1}, 0x18) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) 23.500222414s ago: executing program 2 (id=1411): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000440)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}}) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0) ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, 0x0) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000180)=0x5) 22.020202175s ago: executing program 2 (id=1419): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x2001442, 0x0) mount$9p_virtio(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x20000, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 21.823669588s ago: executing program 2 (id=1420): r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f00000002c0)=0x8d, 0x4) r1 = socket(0x40000000002, 0x3, 0x80000000002) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000140)='veth1_virt_wifi\x00', 0x10) recvfrom$inet6(r0, 0x0, 0x0, 0x20, 0x0, 0x0) sendto$unix(r1, 0x0, 0x0, 0x0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) 20.779397694s ago: executing program 2 (id=1427): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) recvmmsg(r0, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) 20.553105773s ago: executing program 32 (id=1427): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) recvmmsg(r0, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) 10.297831434s ago: executing program 0 (id=1258): ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000140)={&(0x7f0000362000/0x2000)=nil, &(0x7f0000fea000/0x1000)=nil, 0x2000}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001800010000000000f8dbdf2102200008000000090000000008000100e000000206001c004e20000008000700e000000208000200ffffffff080001"], 0x4c}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3400000050000104002ff827a754c3549faa7bb2", @ANYRES32=0x0, @ANYBLOB="00000000201200001400128009000100626f6e640000000004000280"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x0) 4.788588421s ago: executing program 5 (id=1516): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) rt_sigtimedwait(&(0x7f0000000080)={[0x3]}, 0x0, &(0x7f0000000180)={0x0, 0x989680}, 0x8) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=ANY=[@ANYBLOB="14000000"], 0x14}}, 0x0) socket$tipc(0x1e, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000001c0)={'wg0\x00', &(0x7f0000000880)=@ethtool_per_queue_op={0x4b, 0xe, [0x3, 0x42e, 0x5, 0x157, 0x17, 0x3, 0x5, 0xa, 0xe, 0xa, 0x4, 0x1, 0x3, 0x5, 0x2, 0x3d358996, 0x6, 0x5, 0x466a, 0x3, 0xdd4, 0x8, 0x3, 0x0, 0x2, 0x403, 0x3, 0x3, 0xfffffffe, 0xb45, 0x2, 0x1c, 0x2, 0x80000001, 0x5f6d, 0x7, 0x81, 0x345d, 0x8000, 0x80000000, 0x0, 0xffff8ecf, 0x3, 0x8, 0xde, 0xfff, 0x9, 0x1c68ed8f, 0x5, 0x7, 0x7, 0x6, 0x747, 0x7f, 0x20000, 0x7, 0x2, 0x0, 0x6ab536bd, 0x0, 0x2, 0x1000, 0x4, 0xff, 0x8, 0x4, 0x7, 0x3, 0x5, 0x6, 0x7, 0x0, 0x0, 0x5, 0xe, 0x1, 0xb31, 0x8, 0xe6ce, 0x80000000, 0x1, 0xf0a4, 0x88, 0x7, 0x4, 0x9, 0x8, 0x5, 0x40, 0x3, 0x6, 0xda, 0x4, 0x0, 0x2, 0x1000, 0xff, 0x7, 0x5, 0xe3, 0x1000, 0x10, 0x8, 0x8, 0x1, 0x8, 0x0, 0xffffffff, 0x2, 0xed, 0xd66, 0x0, 0x4, 0xcbb, 0xff, 0x36, 0x1, 0x1, 0x922, 0x7fffffff, 0xfffffffd, 0x3, 0x10001, 0x9, 0x5021, 0x3, 0x7fffffff, 0x7], "a23a1653f002c6796074e0e93235d0a2"}}) r4 = io_uring_setup(0x523e, &(0x7f0000000000)) close_range(r4, 0xffffffffffffffff, 0x0) eventfd(0x7) r5 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x8, 0x0, 0x0) sendmsg$tipc(r5, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) r6 = fsopen(&(0x7f0000000000)='exfat\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000001100)='iocharset', &(0x7f0000001140)='\xe0^@&&}\'\x00', 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'netdevsim0\x00'}) 3.111875446s ago: executing program 5 (id=1524): pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x1100000000f336, 0x0) 2.8636986s ago: executing program 3 (id=1528): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffd) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001000), 0x581, 0x40000000, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040)={0xfe, 0x9, 0x2, 0xff, 0xa7, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2, 0x20}, 0xe) 2.573998321s ago: executing program 3 (id=1529): pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r1, 0x0, 0x4b, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) splice(r1, 0x0, r0, 0x0, 0x406f413, 0xc) 2.466664981s ago: executing program 3 (id=1531): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000010446ca9e1a4a2baae728dd5800", @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c00028008001f"], 0x3c}}, 0x0) write$evdev(0xffffffffffffffff, &(0x7f00000001c0)=[{{}, 0x11, 0x8, 0x4}], 0x18) r0 = socket(0x10, 0x3, 0x0) sendto(r0, &(0x7f0000000480)="8530ce1e1b06463bb45cf25b103f7856b285", 0x12, 0x844, 0x0, 0x0) write(r0, &(0x7f0000000100)="140000001a004f7fb3e45f2024d2f1c9fb470000", 0x14) recvmmsg(r0, &(0x7f0000005c80), 0x1b, 0x10122, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0000000000000002a6fbc6920400000005000000c8611994fc88bb4a089299cd657fb50fa19ac0e3a70e4bfaf965727c5317f0551f182112e2dbabfb473e07c9faffffffffffffff32b66719f4961b4d42d9cee69f68ed7229933025e6adeab8ac24f6cb24c7fecc15358039ce6c9595", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x14, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000ff7f00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002520732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r3}, 0xc) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)={0x2, 0x1, 0x0, 0x2, 0x2}, 0x10}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x38, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}}], 0x400000000000077, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'ip_vti0\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000400)={@private2, 0x5d, r7}) ioctl$KVM_RUN(r5, 0xae80, 0x0) r8 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0) write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x918) read$msr(r8, 0x0, 0x0) r9 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(r9, 0xc0285628, &(0x7f0000000380)={0x0, 0x7, 0x8, '\x00', &(0x7f0000000340)=0x1}) r10 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r10, &(0x7f0000000140), 0x4924b68, 0x0) 2.242465879s ago: executing program 1 (id=1533): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x38, 0x55, 0xe5, 0x0, 0x0, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r4, 0x1, 0x0, 0x3, {@ip4=@local, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0) 2.132939028s ago: executing program 1 (id=1534): syz_io_uring_setup(0x0, &(0x7f0000000140), &(0x7f0000000040), 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000200), 0x3, r1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000500)={0x0, 0x1, &(0x7f0000000180)=[r1], &(0x7f00000000c0)=[0x2], &(0x7f0000000280)=[r2], &(0x7f0000000040)}) 2.125964613s ago: executing program 5 (id=1535): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000040)={0x24, @long={0x3, 0xffff, {0xaaaaaaaaaaaa0302}}}, 0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) rt_sigtimedwait(&(0x7f0000000080)={[0x3]}, 0x0, &(0x7f0000000180)={0x0, 0x989680}, 0x8) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=ANY=[@ANYBLOB="14000000"], 0x14}}, 0x0) socket$tipc(0x1e, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000001c0)={'wg0\x00', &(0x7f0000000880)=@ethtool_per_queue_op={0x4b, 0xe, [0x3, 0x42e, 0x5, 0x157, 0x17, 0x3, 0x5, 0xa, 0xe, 0xa, 0x4, 0x1, 0x3, 0x5, 0x2, 0x3d358996, 0x6, 0x5, 0x466a, 0x3, 0xdd4, 0x8, 0x3, 0x0, 0x2, 0x403, 0x3, 0x3, 0xfffffffe, 0xb45, 0x2, 0x1c, 0x2, 0x80000001, 0x5f6d, 0x7, 0x81, 0x345d, 0x8000, 0x80000000, 0x0, 0xffff8ecf, 0x3, 0x8, 0xde, 0xfff, 0x9, 0x1c68ed8f, 0x5, 0x7, 0x7, 0x6, 0x747, 0x7f, 0x20000, 0x7, 0x2, 0x0, 0x6ab536bd, 0x0, 0x2, 0x1000, 0x4, 0xff, 0x8, 0x4, 0x7, 0x3, 0x5, 0x6, 0x7, 0x0, 0x0, 0x5, 0xe, 0x1, 0xb31, 0x8, 0xe6ce, 0x80000000, 0x1, 0xf0a4, 0x88, 0x7, 0x4, 0x9, 0x8, 0x5, 0x40, 0x3, 0x6, 0xda, 0x4, 0x0, 0x2, 0x1000, 0xff, 0x7, 0x5, 0xe3, 0x1000, 0x10, 0x8, 0x8, 0x1, 0x8, 0x0, 0xffffffff, 0x2, 0xed, 0xd66, 0x0, 0x4, 0xcbb, 0xff, 0x36, 0x1, 0x1, 0x922, 0x7fffffff, 0xfffffffd, 0x3, 0x10001, 0x9, 0x5021, 0x3, 0x7fffffff, 0x7], "a23a1653f002c6796074e0e93235d0a2"}}) r4 = io_uring_setup(0x523e, &(0x7f0000000000)) close_range(r4, 0xffffffffffffffff, 0x0) eventfd(0x7) r5 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x8, 0x0, 0x0) sendmsg$tipc(r5, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) r6 = fsopen(&(0x7f0000000000)='exfat\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000001100)='iocharset', &(0x7f0000001140)='\xe0^@&&}\'\x00', 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'netdevsim0\x00'}) 1.975071224s ago: executing program 1 (id=1536): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000280)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000004c0)={"e8565e6fd9c77478f7b32bafa196ea1fc0f1d9627d4cbf0b72f836c759f6233b9e6608be31182de1b8990731f65f0e04e8370495155b28037e6cf4b2f38fa45e52c005e6735c1510e381f30c935deb90a2f2f19067ea1bb8040ba17d708ec8d9b3bc8f52ed867ef1850ebff82eed3a8d99422cbb610a0ffcf5d696bacc8781b07abf155c10b7658351b916cc2d0127fdcd1d327f83def1847a9c81d89e486e564846a247fd08dfcd5e05e7371958ff292cc1945b5c54a4ab28fba147641336c14b1ab87112dcac1df7596b86438d931c28ac2e63e0bfb0fa97233a9d895850d1fd1b758f03486f6043389fcea371e6869cc39a1963454f986419e7faf6495d101e5b71930aa0b4d98fcd1e67f69d200494d52c9a6c232af8b4dfa25642cb0fb537e84723968201ce814b7087527d4d0c84d2a6ecebf33623574fbf5a404091c94878d09f00e7ef54b0d3e3bac5502c8e3aa4b426f80400009cb7d266007e2cebf11af9bdb01569ba622a6a89d41206d865ab1913fa09b6d7069426b866e07879df5ee2ced61c694fb9d47879cbe261e0d1c5d19089b35608638505920cd45ab3364c1562ab3135039d89a35100171a96729bb148de7e3cd0c160d140cfb0daa31afa57ad1c002fd8e34ca65a8ce90e765be7bcbe9b4d8da22bd04012d37c3c6d54031142bd8f036627761eb9aac2b927bdb94ff2beb0657ee8624f2037d12348bbc2e059cefe5718c9ce43ab9b3e8f1c6d65c9cc73f686a3a962cf81dcf86631a035b68ba1bc2e5df9cacf2e965ab86b22cee87a0491e38921e284c5fa3d9f6879fea7754dd1bca380adcaea07ab3ac7b3bcf7b8f65f56c91b244bdb6df000ce2424c3750b5fe9a7385bc2445f374685e214569723b8d49ad2900c2323db44fd3774af024aff9ecb332e98a4245a936c0983bc358edb03dcabcee55bfbbfeef43dbd5673827a44bdf37e3e099ead52ca42fe26c81f3a84228a1b7b295fc0104884ad284b8b0b3a9ddbd05cc617656ba62b9babd16c325d3f8f48cff713a2b53b7883e589dbcdcd10811c54bbaf5454dab5c25a5a8860d6017307437dbf92f9d380bde37bb3530bc1d28d0e781cd919885bf1832c74876f69f476eb3a0506c5d2a90081f278a25966635a5d66a51695ef89f026b3a6164c32a5692a136736285cdc0854853d9eab46ce717be8dee23795b2d70fc6d1bf65c644358659b726123064d3c18b8d23f9c3ed46fb249780f34be5aa931faa51579e87dab205106fec7d6e2a37ed1a258755e643185fa071e8c8d0de619af58022f61bf288d8e5b524dbe4d923bd1c7e30b3b08e89aaac274d2898f1e3b8faac66e174c5e53f88ca9943e53bbcd6dd88f5e74df4a54f3c269875f39dc0235442e340320188c3a68fde4a040e6a81eed581161408c29bd97582860149136e00"}) 1.327204976s ago: executing program 3 (id=1538): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='io_uring_link\x00', r0, 0x0, 0x4}, 0x18) r1 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfffffffc}, &(0x7f00000007c0)=0x0, &(0x7f0000000800)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x44, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40000022}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.280407771s ago: executing program 1 (id=1540): r0 = memfd_create(&(0x7f0000000140)='\x103q}2\x9a\xce\xaf\x03\x86\xe7\xc0\x14\x8f^\xd5\xfd\xa9\r\xac7A\x94\xeb\xcd\t\x00\x90k\xd6\x05\r\x84\x87\x1c\b\x8c`\xea\x13A\x90m\xb6&\xd0\x9daA\xc5\xb8_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2_\xdb\xc0\x8b\x19\x17\xb7Rvd\xcb\x00\b\xeeC0\xa3\xa6\xcf\x00\x00\xac\xc5h&+\t\x98\'\xfd|\x11\x99\xa2*6{\xd2C>2\x0e\"\xbc\xda\xee\xb0\xd8\xbf\xaf)\xf58c\x189K\x82\xd1(\xceY*\xcb\x9b\xbdn\x8e\x98m\x10L\xec\xfdWF\x7fj\x1a\xdb\xeb\xad\xaaE\b\xa9\xf8\xa9s\xc4d\xd4\x03\xf1\xb7xO\x99\x804m[Ai\x13\x02\xf0\x84c2s\xd5P\t`\x9b\x12&\x8cx\x8eg\x9d\xe6gmH\xbf\x9c\xd3\x94\x9a\x96\xe1n\x98\xb2\xdcq\xab\xd40\x86\xf5\xea\"\x9f\xd7\x01:\x1f\xfa\x04\xc6J\xe1|\xad\xef\xc2\xdf\x96\xe9|\xa4.\xa2\xdb?', 0x0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x2, 0x2012, r0, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000100)={{&(0x7f000030f000/0x2000)=nil, 0x2000}, 0x1}) 1.193151967s ago: executing program 5 (id=1541): r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') preadv(r3, &(0x7f0000000340)=[{&(0x7f0000000180)=""/109, 0x6d}], 0x1, 0x0, 0x0) 1.045331964s ago: executing program 1 (id=1542): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x380}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) 1.044347742s ago: executing program 3 (id=1543): r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt(0xffffffffffffffff, 0x84, 0x81, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="010700000000000000002000000008000300", @ANYRES32=r2], 0x1c}}, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x40000000000011a, 0x0, 0x0) 1.012865029s ago: executing program 4 (id=1544): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00'}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000002c0)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB='-'], 0x9) 871.701994ms ago: executing program 5 (id=1545): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1d00000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 853.08284ms ago: executing program 4 (id=1546): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000040)='hrtimer_init\x00', r0}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r1}, 0x10) socketpair(0xa, 0x1, 0x0, &(0x7f0000000000)) 690.283616ms ago: executing program 5 (id=1547): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b", 0xe}], 0x1}, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x11) ioctl$UI_DEV_CREATE(r6, 0x5501) preadv(r5, &(0x7f0000003780)=[{&(0x7f0000001300)=""/170, 0xaa}], 0x1, 0xffff, 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000001c0)='\x00', &(0x7f0000000240)='{}k%@\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) gettid() fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) readv(r4, &(0x7f0000000200)=[{&(0x7f0000000080)=""/3, 0x3}], 0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x10) 608.432558ms ago: executing program 4 (id=1548): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000c40), 0x310decfa, 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r1, 0x0) ioctl$USBDEVFS_CONTROL(r0, 0x80045510, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0}) 397.113944ms ago: executing program 4 (id=1549): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0) ioctl$VHOST_VDPA_GET_VQS_COUNT(r0, 0x8004af80, &(0x7f0000001140)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000900)) 222.010509ms ago: executing program 4 (id=1550): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'team_slave_0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)={0x5c, r3, 0x1, 0x0, 0x0, {0x1, 0x6c00000000000000}, [{{0x8, 0x1, r4}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}]}}]}, 0x5c}, 0x1, 0xf000, 0x0, 0x4044040}, 0x0) 203.628851ms ago: executing program 1 (id=1551): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r1}, 0x10) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 86.489739ms ago: executing program 3 (id=1552): r0 = socket$kcm(0x2, 0x5, 0x84) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000000), 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848360000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) 0s ago: executing program 4 (id=1553): r0 = syz_io_uring_setup(0x2cd7, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x34, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xff44}}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f00000000c0), 0x10f) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000005, 0x10012, r3, 0x0) io_uring_enter(r0, 0x5b43, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): ation 0003:054C:0DF2.000A: Failed to retrieve feature with reportID 9: -71 [ 374.363351][ T5866] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 374.368827][ T5863] playstation 0003:054C:0DF2.000A: Failed to retrieve DualSense pairing info: -71 [ 374.379148][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.401601][ T5863] playstation 0003:054C:0DF2.000A: Failed to get MAC address from DualSense [ 374.420551][ T5866] usb 5-1: Product: syz [ 374.435216][ T5863] playstation 0003:054C:0DF2.000A: Failed to create dualsense. [ 374.442415][ T5866] usb 5-1: Manufacturer: syz [ 374.457388][ T5866] usb 5-1: SerialNumber: syz [ 374.478293][ T5866] usb 5-1: config 0 descriptor?? [ 374.491785][ T5866] gspca_main: se401-2.14.0 probing 047d:5003 [ 374.582494][ T5863] playstation 0003:054C:0DF2.000A: probe with driver playstation failed with error -71 [ 374.604830][ T5863] usb 3-1: USB disconnect, device number 10 [ 374.709993][ T9982] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9982 comm=syz.1.1113 [ 375.183392][ T9987] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1117'. [ 375.343989][ T5866] input: se401 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input40 [ 375.387839][ T9993] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 375.404173][ T9] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 375.510611][T10000] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 375.585027][ T9] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a [ 375.602141][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.634427][ T5863] usb 5-1: USB disconnect, device number 18 [ 375.636856][ T9] usb 1-1: Product: syz [ 375.667312][ T9] usb 1-1: Manufacturer: syz [ 375.672365][ T9] usb 1-1: SerialNumber: syz [ 375.683052][ T9] usb 1-1: config 0 descriptor?? [ 375.913352][ T9] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 375.923651][ T9] dvb_usb_af9035 1-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 375.945470][ T9] usb 1-1: USB disconnect, device number 21 [ 375.981177][ T25] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 376.096262][ T5866] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 376.106244][T10020] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10020 comm=syz.1.1131 [ 376.305964][ T5866] usb 4-1: Using ep0 maxpacket: 16 [ 376.351073][ T5866] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 376.474283][ T5866] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 376.521158][ T5866] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 376.544902][ T5866] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.565665][ T5866] usb 4-1: config 0 descriptor?? [ 376.609010][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 376.615819][ T25] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 376.768612][ T25] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 376.788866][ T25] usb 3-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 376.802842][ T25] usb 3-1: config 0 interface 0 has no altsetting 0 [ 376.810479][ T25] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 376.824258][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.847984][ T25] usb 3-1: config 0 descriptor?? [ 377.357336][ T5866] appleir 0003:05AC:8241.000B: unknown main item tag 0x0 [ 377.364424][ T5866] appleir 0003:05AC:8241.000B: unknown main item tag 0x0 [ 377.371664][ T5866] appleir 0003:05AC:8241.000B: unknown main item tag 0x0 [ 377.379281][ T5866] appleir 0003:05AC:8241.000B: unknown main item tag 0x0 [ 377.386381][ T5866] appleir 0003:05AC:8241.000B: unknown main item tag 0x0 [ 377.393814][ T5866] appleir 0003:05AC:8241.000B: No inputs registered, leaving [ 377.404703][ T5866] appleir 0003:05AC:8241.000B: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0 [ 377.420222][ T5866] usb 4-1: USB disconnect, device number 15 [ 377.455378][ T9] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 377.469424][T10030] ceph: No mds server is up or the cluster is laggy [ 377.566951][ T25] input: HID 0458:5010 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5010.000C/input/input42 [ 377.606976][ T9] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 61, using maximum allowed: 30 [ 377.622826][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 377.637254][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 61 [ 377.650960][ T9] usb 5-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00 [ 377.662322][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.676552][ T25] kye 0003:0458:5010.000C: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.2-1/input0 [ 377.685248][ T9] usb 5-1: config 0 descriptor?? [ 377.712130][ T25] usb 3-1: USB disconnect, device number 11 [ 377.743181][T10043] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1139'. [ 377.754828][T10043] netlink: 'syz.1.1139': attribute type 7 has an invalid length. [ 377.763230][T10043] netlink: 'syz.1.1139': attribute type 8 has an invalid length. [ 377.771311][T10043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1139'. [ 377.796955][T10043] gretap0: entered promiscuous mode [ 377.809464][T10043] batadv_slave_1: entered promiscuous mode [ 378.124340][ T9] logitech 0003:046D:C298.000D: unknown main item tag 0x2 [ 378.126187][ T5867] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 378.134004][ T9] logitech 0003:046D:C298.000D: unknown main item tag 0x0 [ 378.151347][ T9] logitech 0003:046D:C298.000D: unknown main item tag 0x0 [ 378.158589][ T9] logitech 0003:046D:C298.000D: unknown main item tag 0x0 [ 378.169143][ T9] logitech 0003:046D:C298.000D: hidraw0: USB HID v0.00 Device [HID 046d:c298] on usb-dummy_hcd.4-1/input0 [ 378.180788][ T9] logitech 0003:046D:C298.000D: no inputs found [ 378.287288][ T5867] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 378.312099][ T5867] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 378.343325][ T5867] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 378.380234][ T25] usb 5-1: USB disconnect, device number 19 [ 378.392825][ T5867] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 378.457346][ T5867] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 378.481081][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.505432][ T5867] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 378.519936][ T5867] usb 1-1: invalid MIDI out EP 0 [ 378.555012][ T5867] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 378.583938][ T6207] udevd[6207]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 378.659732][ T1293] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 378.669727][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.793169][ T9] usb 1-1: USB disconnect, device number 22 [ 378.943285][T10066] block nbd1: server does not support multiple connections per device. [ 378.967027][T10065] block nbd1: shutting down sockets [ 379.006466][ T29] audit: type=1400 audit(1734314715.692:619): avc: denied { name_bind } for pid=10067 comm="syz.3.1149" src=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 379.378277][T10081] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10081 comm=syz.3.1152 [ 380.074532][T10088] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 380.082250][T10088] CPU: 1 UID: 0 PID: 10088 Comm: syz.4.1156 Not tainted 6.13.0-rc2-syzkaller-00382-gdccbe2047a5b #0 [ 380.093014][T10088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 380.103069][T10088] Call Trace: [ 380.106335][T10088] [ 380.109264][T10088] dump_stack_lvl+0x16c/0x1f0 [ 380.113944][T10088] sysfs_warn_dup+0x7f/0xa0 [ 380.118442][T10088] sysfs_do_create_link_sd+0x124/0x140 [ 380.123893][T10088] sysfs_create_link+0x61/0xc0 [ 380.128651][T10088] device_add+0x62e/0x1a70 [ 380.133060][T10088] ? __pfx_device_add+0x10/0x10 [ 380.137902][T10088] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 380.143789][T10088] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 380.149767][T10088] wiphy_register+0x1cab/0x2860 [ 380.154605][T10088] ? __pfx__dev_printk+0x10/0x10 [ 380.159534][T10088] ? __pfx_wiphy_register+0x10/0x10 [ 380.164725][T10088] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 380.170808][T10088] ieee80211_register_hw+0x2aa2/0x41a0 [ 380.176297][T10088] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 380.182114][T10088] ? net_generic+0xea/0x2a0 [ 380.186619][T10088] ? __asan_memset+0x23/0x50 [ 380.191198][T10088] ? __hrtimer_init+0x106/0x2c0 [ 380.196042][T10088] mac80211_hwsim_new_radio+0x304e/0x54d0 [ 380.201770][T10088] ? __kmalloc_node_track_caller_noprof+0x240/0x510 [ 380.208352][T10088] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 380.214429][T10088] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 380.219724][T10088] ? __asan_memcpy+0x3c/0x60 [ 380.224319][T10088] hwsim_new_radio_nl+0xb42/0x12b0 [ 380.229431][T10088] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 380.234974][T10088] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 380.242343][T10088] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 380.249712][T10088] genl_family_rcv_msg_doit+0x202/0x2f0 [ 380.255253][T10088] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 380.261322][T10088] ? bpf_lsm_capable+0x9/0x10 [ 380.265983][T10088] ? security_capable+0x7e/0x260 [ 380.270908][T10088] ? ns_capable+0xd7/0x110 [ 380.275315][T10088] genl_rcv_msg+0x565/0x800 [ 380.279817][T10088] ? __pfx_genl_rcv_msg+0x10/0x10 [ 380.284937][T10088] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 380.290473][T10088] ? kasan_check_range+0x124/0x1a0 [ 380.295579][T10088] netlink_rcv_skb+0x16b/0x440 [ 380.300332][T10088] ? __pfx_genl_rcv_msg+0x10/0x10 [ 380.305352][T10088] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 380.310636][T10088] ? down_read+0xc9/0x330 [ 380.314959][T10088] ? __pfx_down_read+0x10/0x10 [ 380.319715][T10088] ? rcu_is_watching+0x12/0xc0 [ 380.324473][T10088] genl_rcv+0x28/0x40 [ 380.328444][T10088] netlink_unicast+0x53c/0x7f0 [ 380.333201][T10088] ? __pfx_netlink_unicast+0x10/0x10 [ 380.338477][T10088] ? security_netlink_send+0x13/0x210 [ 380.343839][T10088] netlink_sendmsg+0x8b8/0xd70 [ 380.348600][T10088] ? __pfx_netlink_sendmsg+0x10/0x10 [ 380.353883][T10088] ____sys_sendmsg+0xaaf/0xc90 [ 380.358654][T10088] ? copy_msghdr_from_user+0x10b/0x160 [ 380.364122][T10088] ? __pfx_____sys_sendmsg+0x10/0x10 [ 380.369461][T10088] ___sys_sendmsg+0x135/0x1e0 [ 380.374137][T10088] ? __pfx____sys_sendmsg+0x10/0x10 [ 380.379429][T10088] ? __pfx_lock_release+0x10/0x10 [ 380.384465][T10088] ? trace_lock_acquire+0x14e/0x1f0 [ 380.389669][T10088] ? __fget_files+0x206/0x3a0 [ 380.394342][T10088] __sys_sendmsg+0x16e/0x220 [ 380.398920][T10088] ? __pfx___sys_sendmsg+0x10/0x10 [ 380.404017][T10088] ? __x64_sys_futex+0x1e1/0x4c0 [ 380.408972][T10088] do_syscall_64+0xcd/0x250 [ 380.413470][T10088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.419354][T10088] RIP: 0033:0x7f096ab85d19 [ 380.423761][T10088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.443355][T10088] RSP: 002b:00007f096b909038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 380.452016][T10088] RAX: ffffffffffffffda RBX: 00007f096ad76160 RCX: 00007f096ab85d19 [ 380.459977][T10088] RDX: 0000000000000004 RSI: 0000000020000040 RDI: 0000000000000009 [ 380.467957][T10088] RBP: 00007f096ac01a20 R08: 0000000000000000 R09: 0000000000000000 [ 380.475912][T10088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 380.483869][T10088] R13: 0000000000000000 R14: 00007f096ad76160 R15: 00007ffd71f093c8 [ 380.491837][T10088] [ 380.546691][T10088] netlink: 348 bytes leftover after parsing attributes in process `syz.4.1156'. [ 381.353448][T10105] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10105 comm=syz.2.1161 [ 382.923163][ T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 383.008697][ T25] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 383.067818][ T29] audit: type=1400 audit(1734314719.750:620): avc: denied { map } for pid=10160 comm="syz.3.1187" path="socket:[25233]" dev="sockfs" ino=25233 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 383.128546][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 383.141476][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 383.168620][ T29] audit: type=1400 audit(1734314719.750:621): avc: denied { read } for pid=10160 comm="syz.3.1187" path="socket:[25233]" dev="sockfs" ino=25233 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 383.198820][ T9] usb 2-1: config 0 has no interfaces? [ 383.204149][ T25] usb 1-1: Using ep0 maxpacket: 16 [ 383.204602][ T9] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 383.214831][ T25] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 383.219298][ T29] audit: type=1400 audit(1734314719.750:622): avc: denied { connect } for pid=10160 comm="syz.3.1187" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 383.228342][ T25] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 383.248005][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.268317][ T9] usb 2-1: config 0 descriptor?? [ 383.273497][ T25] usb 1-1: Product: syz [ 383.283947][ T25] usb 1-1: Manufacturer: syz [ 383.288652][ T25] usb 1-1: SerialNumber: syz [ 383.295106][ T25] usb 1-1: config 0 descriptor?? [ 383.419130][ T5863] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 383.493092][T10171] netlink: 'syz.3.1192': attribute type 1 has an invalid length. [ 383.542376][ T29] audit: type=1400 audit(1734314720.229:623): avc: denied { read } for pid=10172 comm="syz.2.1193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 383.598523][ T9] usb 1-1: USB disconnect, device number 23 [ 383.702203][T10143] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 383.711135][ T5863] usb 5-1: Using ep0 maxpacket: 32 [ 383.713340][ T5863] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 383.721762][T10143] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 383.727661][ T5863] usb 5-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00 [ 383.744747][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.934822][ T5863] usb 5-1: config 0 descriptor?? [ 383.992803][ T25] libceph: connect (1)[c::]:6789 error -101 [ 384.006916][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 384.257501][ T5867] usb 2-1: USB disconnect, device number 16 [ 384.399766][T10179] ceph: No mds server is up or the cluster is laggy [ 384.502833][ T5863] logitech 0003:046D:CA03.000E: item fetching failed at offset 0/3 [ 384.531367][ T5863] logitech 0003:046D:CA03.000E: parse failed [ 384.544277][ T29] audit: type=1400 audit(1734314721.229:624): avc: denied { getopt } for pid=10189 comm="syz.0.1197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 384.546305][ T5863] logitech 0003:046D:CA03.000E: probe with driver logitech failed with error -22 [ 384.604080][ T29] audit: type=1400 audit(1734314721.289:625): avc: denied { write } for pid=10191 comm="syz.3.1198" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 384.714591][ T9] usb 5-1: USB disconnect, device number 20 [ 384.767242][ T29] audit: type=1400 audit(1734314721.449:626): avc: denied { map } for pid=10203 comm="syz.2.1203" path="socket:[25357]" dev="sockfs" ino=25357 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 384.838720][ T29] audit: type=1400 audit(1734314721.489:627): avc: denied { read } for pid=10203 comm="syz.2.1203" path="socket:[25357]" dev="sockfs" ino=25357 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 385.273296][T10229] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10229 comm=syz.2.1212 [ 386.030642][ T29] audit: type=1400 audit(1734314722.708:628): avc: denied { bind } for pid=10243 comm="syz.2.1220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 386.136729][ T29] audit: type=1326 audit(1734314722.768:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.0.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539c185d19 code=0x7ffc0000 [ 386.160519][ T29] audit: type=1326 audit(1734314722.768:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.0.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539c185d19 code=0x7ffc0000 [ 386.184136][ T29] audit: type=1326 audit(1734314722.768:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.0.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f539c185d19 code=0x7ffc0000 [ 386.207834][ T29] audit: type=1326 audit(1734314722.768:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.0.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539c185d19 code=0x7ffc0000 [ 386.231799][ T29] audit: type=1326 audit(1734314722.768:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.0.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f539c185d19 code=0x7ffc0000 [ 387.582034][T10282] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10282 comm=syz.4.1231 [ 388.151276][ T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 388.302025][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 388.320353][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 388.331873][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 388.361375][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 388.391435][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 388.434013][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 388.471706][ T9] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 388.499308][ T9] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 388.507490][ T9] usb 3-1: Manufacturer: syz [ 388.515771][ T9] usb 3-1: config 0 descriptor?? [ 389.305842][T10317] vlan3: entered promiscuous mode [ 389.311402][T10317] bond0: entered promiscuous mode [ 389.316589][ T9] rc_core: IR keymap rc-hauppauge not found [ 389.332505][ T9] Registered IR keymap rc-empty [ 389.342012][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 389.349245][T10317] bond_slave_0: entered promiscuous mode [ 389.371614][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 389.373552][T10317] bond_slave_1: entered promiscuous mode [ 389.390246][T10317] bond0: left promiscuous mode [ 389.401361][T10317] bond_slave_0: left promiscuous mode [ 389.410966][T10317] bond_slave_1: left promiscuous mode [ 389.419976][ T8] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 389.443337][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 389.462519][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input44 [ 389.516189][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 389.561974][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 389.581798][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 389.604047][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 389.621993][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 389.641831][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 389.652063][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 389.660435][ T8] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=a6.13 [ 389.669599][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 389.676868][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.691886][ T5867] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 389.738392][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 389.770024][T10331] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 389.777734][T10331] CPU: 1 UID: 0 PID: 10331 Comm: syz.3.1253 Not tainted 6.13.0-rc2-syzkaller-00382-gdccbe2047a5b #0 [ 389.788519][T10331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 389.798575][T10331] Call Trace: [ 389.801855][T10331] [ 389.804792][T10331] dump_stack_lvl+0x16c/0x1f0 [ 389.809563][T10331] sysfs_warn_dup+0x7f/0xa0 [ 389.814067][T10331] sysfs_do_create_link_sd+0x124/0x140 [ 389.819521][T10331] sysfs_create_link+0x61/0xc0 [ 389.824286][T10331] device_add+0x62e/0x1a70 [ 389.828706][T10331] ? __pfx_device_add+0x10/0x10 [ 389.833563][T10331] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 389.839450][T10331] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 389.845438][T10331] wiphy_register+0x1cab/0x2860 [ 389.850284][T10331] ? __pfx_wiphy_register+0x10/0x10 [ 389.855475][T10331] ? ieee80211_register_hw+0x276c/0x41a0 [ 389.861109][T10331] ieee80211_register_hw+0x2aa2/0x41a0 [ 389.866589][T10331] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 389.872402][T10331] ? __asan_memset+0x23/0x50 [ 389.876981][T10331] ? __hrtimer_init+0x106/0x2c0 [ 389.881829][T10331] mac80211_hwsim_new_radio+0x304e/0x54d0 [ 389.887550][T10331] ? __kmalloc_node_track_caller_noprof+0x240/0x510 [ 389.894476][T10331] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 389.900531][T10331] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 389.905835][T10331] ? __asan_memcpy+0x3c/0x60 [ 389.910421][T10331] hwsim_new_radio_nl+0xb42/0x12b0 [ 389.915531][T10331] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 389.921074][T10331] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 389.928463][T10331] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 389.935922][T10331] genl_family_rcv_msg_doit+0x202/0x2f0 [ 389.941468][T10331] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 389.947544][T10331] genl_rcv_msg+0x565/0x800 [ 389.952050][T10331] ? __pfx_genl_rcv_msg+0x10/0x10 [ 389.957081][T10331] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 389.962618][T10331] ? hlock_class+0x4e/0x130 [ 389.967115][T10331] netlink_rcv_skb+0x16b/0x440 [ 389.971872][T10331] ? __pfx_genl_rcv_msg+0x10/0x10 [ 389.976892][T10331] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 389.982179][T10331] ? down_read+0xc9/0x330 [ 389.986505][T10331] ? __pfx_down_read+0x10/0x10 [ 389.991261][T10331] ? rcu_is_watching+0x12/0xc0 [ 389.996033][T10331] genl_rcv+0x28/0x40 [ 390.000013][T10331] netlink_unicast+0x53c/0x7f0 [ 390.004776][T10331] ? __pfx_netlink_unicast+0x10/0x10 [ 390.010058][T10331] netlink_sendmsg+0x8b8/0xd70 [ 390.014823][T10331] ? __pfx_netlink_sendmsg+0x10/0x10 [ 390.020113][T10331] ____sys_sendmsg+0xaaf/0xc90 [ 390.024869][T10331] ? copy_msghdr_from_user+0x10b/0x160 [ 390.030316][T10331] ? __pfx_____sys_sendmsg+0x10/0x10 [ 390.035606][T10331] ___sys_sendmsg+0x135/0x1e0 [ 390.040276][T10331] ? __pfx____sys_sendmsg+0x10/0x10 [ 390.045491][T10331] ? __fget_files+0x206/0x3a0 [ 390.050162][T10331] __sys_sendmsg+0x16e/0x220 [ 390.054741][T10331] ? __pfx___sys_sendmsg+0x10/0x10 [ 390.059840][T10331] ? __x64_sys_futex+0x1e1/0x4c0 [ 390.064784][T10331] do_syscall_64+0xcd/0x250 [ 390.069280][T10331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.075163][T10331] RIP: 0033:0x7f5d53d85d19 [ 390.079584][T10331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 390.099176][T10331] RSP: 002b:00007f5d54bfb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 390.107575][T10331] RAX: ffffffffffffffda RBX: 00007f5d53f76160 RCX: 00007f5d53d85d19 [ 390.115532][T10331] RDX: 0000000000000004 RSI: 0000000020000040 RDI: 0000000000000009 [ 390.123492][T10331] RBP: 00007f5d53e01a20 R08: 0000000000000000 R09: 0000000000000000 [ 390.131445][T10331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 390.139401][T10331] R13: 0000000000000000 R14: 00007f5d53f76160 R15: 00007ffee6fcbbb8 [ 390.147371][T10331] [ 390.551602][ T5867] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 390.565989][ T5867] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 390.595876][ T5867] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 390.629206][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 390.643557][ T8] usb 2-1: Product: syz [ 390.645932][ T5867] usb 5-1: SerialNumber: syz [ 390.647719][ T8] usb 2-1: Manufacturer: syz [ 390.647737][ T8] usb 2-1: SerialNumber: syz [ 390.662523][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 390.672474][ T8] usb 2-1: config 0 descriptor?? [ 390.680348][ T8] pvrusb2: Hardware description: Terratec Grabster AV400 [ 390.687507][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 390.694702][ T8] pvrusb2: ********** [ 390.698681][ T8] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 390.709081][ T8] pvrusb2: Important functionality might not be entirely working. [ 390.734869][ T9] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 390.755448][ T8] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 390.772794][ T9] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 390.794764][ T9] usb 3-1: USB disconnect, device number 12 [ 390.801351][ T8] pvrusb2: ********** [ 390.889312][ T2324] pvrusb2: Invalid write control endpoint [ 390.913047][ T8] usb 2-1: USB disconnect, device number 17 [ 390.983085][ T5867] usb 5-1: 0:2 : does not exist [ 391.000505][ T2324] pvrusb2: Invalid write control endpoint [ 391.003482][ T5867] usb 5-1: USB disconnect, device number 21 [ 391.009981][ T2324] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 391.028678][ T2324] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 391.105099][T10338] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10338 comm=syz.3.1257 [ 391.324809][ T2324] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 391.491403][ T2324] pvrusb2: Device being rendered inoperable [ 391.499080][ T2324] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 391.507290][ T2324] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 391.549283][ T2324] pvrusb2: Attached sub-driver cx25840 [ 391.554776][ T7093] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.580167][ T2324] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 391.602705][ T2324] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 391.856978][T10343] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 391.871032][ T6206] udevd[6206]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 391.929563][T10347] netlink: 'syz.4.1262': attribute type 34 has an invalid length. [ 392.043902][ T7093] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 392.165269][T10357] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 392.187349][T10357] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 392.232389][T10363] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1269'. [ 392.250310][T10357] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 392.286846][T10357] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 392.299915][ T7093] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 392.312846][T10357] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 392.313543][T10367] sctp: [Deprecated]: syz.1.1267 (pid 10367) Use of int in max_burst socket option deprecated. [ 392.313543][T10367] Use struct sctp_assoc_value instead [ 392.338495][T10357] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 392.360464][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 392.378672][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 392.392294][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 392.443444][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 392.450963][ T5829] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 392.458935][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 392.472677][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 392.472690][ T29] audit: type=1400 audit(1734314729.155:644): avc: denied { mounton } for pid=10355 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 392.482637][ T7093] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 392.516244][T10375] binder: 10373:10375 ioctl 4018620d 0 returned -22 [ 392.543738][T10355] batadv0 speed is unknown, defaulting to 1000 [ 392.664487][ T7093] bridge_slave_1: left allmulticast mode [ 392.684922][ T7093] bridge_slave_1: left promiscuous mode [ 392.701313][ T7093] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.722161][ T7093] bridge_slave_0: left allmulticast mode [ 392.734477][ T7093] bridge_slave_0: left promiscuous mode [ 392.753459][ T7093] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.336509][ T7093] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 393.371611][ T7093] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 393.401607][ T7093] bond0 (unregistering): Released all slaves [ 393.415752][ T7093] bond1 (unregistering): Released all slaves [ 393.693833][ T29] audit: type=1400 audit(1734314730.374:645): avc: denied { relabelfrom } for pid=10417 comm="syz.3.1283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 393.726959][ T29] audit: type=1400 audit(1734314730.374:646): avc: denied { relabelto } for pid=10417 comm="syz.3.1283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 393.822067][T10355] chnl_net:caif_netlink_parms(): no params data found [ 393.853736][ T9] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 393.894040][ T8] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 393.933783][ T5863] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 393.948374][ T7093] hsr_slave_0: left promiscuous mode [ 393.954876][ T7093] hsr_slave_1: left promiscuous mode [ 393.960929][ T7093] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 393.978671][ T7093] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 393.987326][ T7093] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 394.000203][ T7093] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 394.015430][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.029064][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 394.032960][ T7093] vlan0: left allmulticast mode [ 394.044693][ T9] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00e, bcdDevice= 0.00 [ 394.047608][ T7093] veth0_vlan: left allmulticast mode [ 394.059744][ T7093] vlan0: left promiscuous mode [ 394.060736][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.074535][ T7093] veth1_macvtap: left promiscuous mode [ 394.079016][ T8] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 394.080617][ T7093] veth0_macvtap: left promiscuous mode [ 394.091676][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.105201][ T7093] veth1_vlan: left promiscuous mode [ 394.112704][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 394.118108][ T7093] veth0_vlan: left promiscuous mode [ 394.124105][ T9] usb 5-1: config 0 descriptor?? [ 394.135008][ T5863] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 394.140665][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 394.161288][ T8] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 394.161581][ T5863] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 394.170577][ T8] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 394.188767][ T5863] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 394.205435][ T5863] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 394.213125][ T8] usb 2-1: Manufacturer: syz [ 394.232906][ T8] usb 2-1: config 0 descriptor?? [ 394.237693][ T5863] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 394.258476][ T5863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.283494][ T5863] usb 3-1: config 0 descriptor?? [ 394.357141][ T7093] team0 (unregistering): Port device vlan2 removed [ 394.505152][T10357] Bluetooth: hci2: command tx timeout [ 394.549140][ T9] aquacomputer_d5next 0003:0C70:F00E.000F: unknown main item tag 0x0 [ 394.565339][ T9] aquacomputer_d5next 0003:0C70:F00E.000F: hidraw0: USB HID vff.ff Device [HID 0c70:f00e] on usb-dummy_hcd.4-1/input0 [ 394.652633][ T8] appleir 0003:05AC:8243.0010: unknown main item tag 0x0 [ 394.674549][ T8] appleir 0003:05AC:8243.0010: No inputs registered, leaving [ 394.697213][ T8] appleir 0003:05AC:8243.0010: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 394.711123][ T5863] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 394.730533][ T5863] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving [ 394.781919][ T9] usb 5-1: USB disconnect, device number 22 [ 394.804307][ T5863] plantronics 0003:047F:FFFF.0011: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 394.826400][ T7093] team0 (unregistering): Port device team_slave_1 removed [ 394.900273][ T7093] team0 (unregistering): Port device team_slave_0 removed [ 394.950221][ T5863] usb 2-1: USB disconnect, device number 18 [ 394.957134][ T5892] usb 3-1: USB disconnect, device number 13 [ 395.014809][ T8] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 395.214930][ T8] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 395.228775][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.237831][ T8] usb 4-1: Product: syz [ 395.242012][ T8] usb 4-1: Manufacturer: syz [ 395.247057][ T8] usb 4-1: SerialNumber: syz [ 395.253576][ T8] usb 4-1: config 0 descriptor?? [ 395.262087][ T8] ch341 4-1:0.0: ch341-uart converter detected [ 395.339086][T10355] bridge0: port 1(bridge_slave_0) entered blocking state [ 395.352586][T10355] bridge0: port 1(bridge_slave_0) entered disabled state [ 395.362175][T10355] bridge_slave_0: entered allmulticast mode [ 395.372088][T10355] bridge_slave_0: entered promiscuous mode [ 395.395920][T10355] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.404482][T10355] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.431040][T10355] bridge_slave_1: entered allmulticast mode [ 395.441684][T10355] bridge_slave_1: entered promiscuous mode [ 395.536252][T10355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 395.692412][T10355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.701714][ T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 395.846149][T10355] team0: Port device team_slave_0 added [ 395.860878][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 396.068592][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 396.088125][T10355] team0: Port device team_slave_1 added [ 396.181716][ T9] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 396.204778][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.219802][ T9] usb 5-1: config 0 descriptor?? [ 396.247674][T10355] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 396.263616][T10355] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 396.304411][T10355] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 396.320597][ T8] usb 4-1: failed to send control message: -71 [ 396.327672][ T8] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 396.336625][T10355] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 396.336639][T10355] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 396.336662][T10355] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 396.384970][ T8] usb 4-1: USB disconnect, device number 16 [ 396.391726][ T8] ch341 4-1:0.0: device disconnected [ 396.561280][T10355] hsr_slave_0: entered promiscuous mode [ 396.568864][T10355] hsr_slave_1: entered promiscuous mode [ 396.586658][T10357] Bluetooth: hci2: command tx timeout [ 396.786351][T10483] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 396.794018][T10483] CPU: 0 UID: 0 PID: 10483 Comm: syz.1.1294 Not tainted 6.13.0-rc2-syzkaller-00382-gdccbe2047a5b #0 [ 396.804788][T10483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 396.814829][T10483] Call Trace: [ 396.818103][T10483] [ 396.821023][T10483] dump_stack_lvl+0x16c/0x1f0 [ 396.825787][T10483] sysfs_warn_dup+0x7f/0xa0 [ 396.830283][T10483] sysfs_do_create_link_sd+0x124/0x140 [ 396.835824][T10483] sysfs_create_link+0x61/0xc0 [ 396.840586][T10483] device_add+0x62e/0x1a70 [ 396.845002][T10483] ? __pfx_device_add+0x10/0x10 [ 396.849857][T10483] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 396.855744][T10483] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 396.861818][T10483] wiphy_register+0x1cab/0x2860 [ 396.866664][T10483] ? __pfx_wiphy_register+0x10/0x10 [ 396.871856][T10483] ? rtnl_unlock+0x9/0x10 [ 396.876263][T10483] ieee80211_register_hw+0x2aa2/0x41a0 [ 396.881728][T10483] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 396.887529][T10483] ? rcu_is_watching+0x12/0xc0 [ 396.892285][T10483] ? __asan_memset+0x23/0x50 [ 396.896864][T10483] ? __hrtimer_init+0x106/0x2c0 [ 396.901705][T10483] mac80211_hwsim_new_radio+0x304e/0x54d0 [ 396.907429][T10483] ? __kmalloc_node_track_caller_noprof+0x240/0x510 [ 396.914006][T10483] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 396.920068][T10483] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 396.925344][T10483] ? __asan_memcpy+0x3c/0x60 [ 396.929924][T10483] hwsim_new_radio_nl+0xb42/0x12b0 [ 396.935029][T10483] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 396.940570][T10483] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 396.947932][T10483] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 396.955315][T10483] genl_family_rcv_msg_doit+0x202/0x2f0 [ 396.960856][T10483] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 396.966923][T10483] ? bpf_lsm_capable+0x9/0x10 [ 396.971582][T10483] ? security_capable+0x7e/0x260 [ 396.976508][T10483] ? ns_capable+0xd7/0x110 [ 396.981011][T10483] genl_rcv_msg+0x565/0x800 [ 396.985515][T10483] ? __pfx_genl_rcv_msg+0x10/0x10 [ 396.990619][T10483] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 396.996154][T10483] ? __pfx___lock_acquire+0x10/0x10 [ 397.001345][T10483] netlink_rcv_skb+0x16b/0x440 [ 397.006100][T10483] ? __pfx_genl_rcv_msg+0x10/0x10 [ 397.011117][T10483] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 397.016401][T10483] ? down_read+0xc9/0x330 [ 397.020727][T10483] ? __pfx_down_read+0x10/0x10 [ 397.025479][T10483] ? netlink_deliver_tap+0x1ae/0xd30 [ 397.030756][T10483] genl_rcv+0x28/0x40 [ 397.034728][T10483] netlink_unicast+0x53c/0x7f0 [ 397.039484][T10483] ? __pfx_netlink_unicast+0x10/0x10 [ 397.044765][T10483] netlink_sendmsg+0x8b8/0xd70 [ 397.049524][T10483] ? __pfx_netlink_sendmsg+0x10/0x10 [ 397.054898][T10483] ____sys_sendmsg+0xaaf/0xc90 [ 397.059652][T10483] ? copy_msghdr_from_user+0x10b/0x160 [ 397.065105][T10483] ? __pfx_____sys_sendmsg+0x10/0x10 [ 397.070390][T10483] ___sys_sendmsg+0x135/0x1e0 [ 397.075055][T10483] ? __pfx____sys_sendmsg+0x10/0x10 [ 397.080248][T10483] ? __pfx_lock_release+0x10/0x10 [ 397.085263][T10483] ? trace_lock_acquire+0x14e/0x1f0 [ 397.090460][T10483] ? __fget_files+0x206/0x3a0 [ 397.095130][T10483] __sys_sendmsg+0x16e/0x220 [ 397.099707][T10483] ? __pfx___sys_sendmsg+0x10/0x10 [ 397.104802][T10483] ? __x64_sys_futex+0x1e1/0x4c0 [ 397.109739][T10483] do_syscall_64+0xcd/0x250 [ 397.114235][T10483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.120133][T10483] RIP: 0033:0x7f63f2185d19 [ 397.124534][T10483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 397.144127][T10483] RSP: 002b:00007f63f2f92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 397.152528][T10483] RAX: ffffffffffffffda RBX: 00007f63f2376160 RCX: 00007f63f2185d19 [ 397.160483][T10483] RDX: 0000000000000004 RSI: 0000000020000040 RDI: 0000000000000009 [ 397.168438][T10483] RBP: 00007f63f2201a20 R08: 0000000000000000 R09: 0000000000000000 [ 397.176392][T10483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 397.184350][T10483] R13: 0000000000000000 R14: 00007f63f2376160 R15: 00007ffce706c8c8 [ 397.192317][T10483] [ 397.195362][ C0] vkms_vblank_simulate: vblank timer overrun [ 397.463823][ T9] usb 5-1: language id specifier not provided by device, defaulting to English [ 397.585719][ T5867] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 397.677144][ T9] letsketch 0003:6161:4D15.0012: Device info: ㉠[ 397.776005][ T5867] usb 3-1: Using ep0 maxpacket: 32 [ 397.798625][ T5867] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 397.816322][ T5867] usb 3-1: config 0 has no interface number 0 [ 397.836526][ T5867] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 397.851118][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.864748][ T5867] usb 3-1: Product: syz [ 397.869723][ T5867] usb 3-1: Manufacturer: syz [ 397.874403][ T5867] usb 3-1: SerialNumber: syz [ 397.888714][ T5867] usb 3-1: config 0 descriptor?? [ 397.906018][ T5867] smsc95xx v2.0.0 [ 397.908468][ T9] usb 5-1: Max retries (5) exceeded reading string descriptor 201 [ 397.918429][ T9] letsketch 0003:6161:4D15.0012: probe with driver letsketch failed with error -71 [ 397.932727][ T9] usb 5-1: USB disconnect, device number 23 [ 398.140321][T10355] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 398.156116][T10355] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 398.171892][T10355] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 398.181301][T10355] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 398.267664][T10355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 398.288920][T10355] 8021q: adding VLAN 0 to HW filter on device team0 [ 398.299920][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 398.306984][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 398.315056][ T5867] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 398.326313][ T5867] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 398.343338][ T9839] bridge0: port 2(bridge_slave_1) entered blocking state [ 398.351706][ T9839] bridge0: port 2(bridge_slave_1) entered forwarding state [ 398.542782][ T5867] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 398.574623][ T5867] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -61 [ 398.612665][T10355] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 398.670163][T10357] Bluetooth: hci2: command tx timeout [ 398.700999][T10355] veth0_vlan: entered promiscuous mode [ 398.730844][T10355] veth1_vlan: entered promiscuous mode [ 398.761768][T10355] veth0_macvtap: entered promiscuous mode [ 398.775846][ T9] usb 3-1: USB disconnect, device number 14 [ 398.799194][T10355] veth1_macvtap: entered promiscuous mode [ 398.868945][T10355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 398.883080][T10355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.047147][T10355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 399.072806][T10355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.151204][T10546] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10546 comm=syz.1.1306 [ 399.205693][T10355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 399.319063][T10355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.502506][T10355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 399.590676][T10355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.627742][T10355] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 399.650708][T10355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 399.687947][T10355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.710746][T10355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 399.722282][T10355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.732591][T10355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 399.743823][T10355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.794572][T10355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 399.820119][T10355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.833174][T10355] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 399.846226][ T5866] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 399.853580][T10355] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.870636][T10355] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.886252][T10355] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.905177][T10355] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.027778][ T5866] usb 3-1: Using ep0 maxpacket: 32 [ 400.048462][ T5866] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 400.062384][ T5866] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.133607][ T5866] usb 3-1: config 0 descriptor?? [ 400.154707][ T5866] gspca_main: sunplus-2.14.0 probing 041e:400b [ 400.522057][ T7093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.530249][ T7093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.589262][ T3463] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.597942][ T3463] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.632528][ T29] audit: type=1400 audit(1734314737.311:647): avc: denied { mounton } for pid=10355 comm="syz-executor" path="/root/syzkaller.ylB8o0/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 400.696245][ T29] audit: type=1400 audit(1734314737.311:648): avc: denied { mounton } for pid=10355 comm="syz-executor" path="/root/syzkaller.ylB8o0/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=26420 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 400.747412][T10357] Bluetooth: hci2: command tx timeout [ 400.762905][ T29] audit: type=1400 audit(1734314737.361:649): avc: denied { mount } for pid=10355 comm="syz-executor" name="/" dev="gadgetfs" ino=6020 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 400.822936][ T29] audit: type=1400 audit(1734314737.361:650): avc: denied { mount } for pid=10355 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 400.900843][ T29] audit: type=1400 audit(1734314737.361:651): avc: denied { mounton } for pid=10355 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 401.223770][ T5866] gspca_sunplus: reg_w_riv err -71 [ 401.229556][ T5866] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 401.248485][ T5866] usb 3-1: USB disconnect, device number 15 [ 401.678701][T10631] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10631 comm=syz.4.1324 [ 402.447342][ T5863] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 402.497267][ T5892] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 402.628326][ T5863] usb 4-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 402.672062][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 402.673601][ T5863] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.698045][ T9839] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.719534][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 402.736791][ T5892] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 402.744875][ T5863] usb 4-1: config 0 descriptor?? [ 402.809122][ T5892] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 402.840491][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.877836][T10668] team0: left allmulticast mode [ 402.879000][ T5892] usb 3-1: config 0 descriptor?? [ 402.885028][T10668] team_slave_0: left allmulticast mode [ 402.905123][T10668] team_slave_1: left allmulticast mode [ 402.919418][T10668] bridge0: port 3(team0) entered disabled state [ 402.972292][T10668] bridge_slave_0: left allmulticast mode [ 402.988029][T10668] bridge_slave_0: left promiscuous mode [ 402.995230][T10668] bridge0: port 1(bridge_slave_0) entered disabled state [ 403.024310][T10668] bridge_slave_1: left allmulticast mode [ 403.030658][T10668] bridge_slave_1: left promiscuous mode [ 403.036415][T10668] bridge0: port 2(bridge_slave_1) entered disabled state [ 403.053060][T10668] bond0: (slave bond_slave_1): Releasing backup interface [ 403.088021][T10668] team_slave_0: left promiscuous mode [ 403.140120][T10668] team0: Port device team_slave_0 removed [ 403.163749][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 403.169203][T10668] team_slave_1: left promiscuous mode [ 403.179749][ T5866] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 403.180627][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 403.202821][T10668] team0: Port device team_slave_1 removed [ 403.207711][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 403.217197][T10668] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 403.229014][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 403.240482][ T5829] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 403.247860][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 403.256934][T10668] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 403.274705][T10668] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 403.284333][T10668] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 403.316485][ T5892] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 403.339693][ T5892] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 403.343466][T10678] batadv0 speed is unknown, defaulting to 1000 [ 403.360833][ T5866] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 403.384336][ T5892] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 403.402767][ T5866] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 403.412955][ T5866] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 403.457343][ T5866] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10 [ 403.474552][T10678] chnl_net:caif_netlink_parms(): no params data found [ 403.482439][ T5866] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.505346][ T5866] usb 2-1: config 0 descriptor?? [ 403.560257][T10678] bridge0: port 1(bridge_slave_0) entered blocking state [ 403.567955][T10678] bridge0: port 1(bridge_slave_0) entered disabled state [ 403.575133][T10678] bridge_slave_0: entered allmulticast mode [ 403.582317][T10678] bridge_slave_0: entered promiscuous mode [ 403.590732][T10678] bridge0: port 2(bridge_slave_1) entered blocking state [ 403.598069][T10678] bridge0: port 2(bridge_slave_1) entered disabled state [ 403.605273][T10678] bridge_slave_1: entered allmulticast mode [ 403.606980][ T5892] usb 3-1: USB disconnect, device number 16 [ 403.612310][T10678] bridge_slave_1: entered promiscuous mode [ 403.657360][T10678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 403.672168][T10678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 403.706809][T10678] team0: Port device team_slave_0 added [ 403.719956][T10678] team0: Port device team_slave_1 added [ 403.756830][T10678] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 403.764263][T10678] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 403.798816][ T5863] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 403.799434][T10678] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 403.808838][ T5863] asix 4-1:0.0: probe with driver asix failed with error -71 [ 403.823927][ T5863] usb 4-1: USB disconnect, device number 17 [ 403.847227][T10678] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 403.857135][T10678] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 403.883432][T10678] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 403.914416][ T9839] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.935563][ T5866] prodikeys 0003:041E:2801.0014: unknown main item tag 0x0 [ 403.952636][ T5866] prodikeys 0003:041E:2801.0014: unknown main item tag 0x0 [ 403.960359][ T5866] prodikeys 0003:041E:2801.0014: unknown main item tag 0x0 [ 403.967573][ T5866] prodikeys 0003:041E:2801.0014: unknown main item tag 0x0 [ 403.977358][ T5866] prodikeys 0003:041E:2801.0014: unknown main item tag 0x0 [ 403.994957][ T5866] prodikeys 0003:041E:2801.0014: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.1-1/input0 [ 404.024032][ T9839] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.035336][ T29] audit: type=1400 audit(1734314740.710:652): avc: denied { getopt } for pid=10692 comm="syz.4.1338" lport=49778 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 404.100202][T10678] hsr_slave_0: entered promiscuous mode [ 404.112360][T10678] hsr_slave_1: entered promiscuous mode [ 404.121208][T10678] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 404.152381][ T5866] usb 2-1: USB disconnect, device number 19 [ 404.161234][T10678] Cannot create hsr debugfs directory [ 404.254913][ T9839] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.509865][T10705] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10705 comm=syz.2.1341 [ 405.119203][ T9839] bridge_slave_1: left allmulticast mode [ 405.124916][ T9839] bridge_slave_1: left promiscuous mode [ 405.137677][ T9839] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.162145][ T29] audit: type=1400 audit(1734314741.820:653): avc: denied { read } for pid=10707 comm="syz.1.1346" lport=35393 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 405.256597][ T9839] bridge_slave_0: left allmulticast mode [ 405.266261][ T9839] bridge_slave_0: left promiscuous mode [ 405.284036][ T9839] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.288443][ T5866] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 405.310574][T10357] Bluetooth: hci2: command tx timeout [ 405.467207][ T5866] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 405.489868][ T5866] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 405.516350][ T5866] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 405.543424][ T5866] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 405.557478][ T5866] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 405.559598][ T5867] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 405.566827][ T5866] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.616322][ T5866] usb 5-1: config 0 descriptor?? [ 405.631353][T10711] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 405.750151][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 405.766062][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 405.776504][ T5867] usb 3-1: New USB device found, idVendor=0b43, idProduct=0003, bcdDevice= 0.00 [ 405.793085][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.813360][ T5867] usb 3-1: config 0 descriptor?? [ 405.984459][ T9839] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 406.002659][ T9839] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 406.018217][ T9839] bond0 (unregistering): Released all slaves [ 406.080667][ T5866] plantronics 0003:047F:FFFF.0015: unknown main item tag 0xd [ 406.089978][ T5866] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving [ 406.112984][ T5866] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 406.237049][ T5867] smartjoyplus 0003:0B43:0003.0016: unknown main item tag 0x0 [ 406.259563][ T5867] smartjoyplus 0003:0B43:0003.0016: unknown main item tag 0x0 [ 406.269427][ T5867] smartjoyplus 0003:0B43:0003.0016: unknown main item tag 0x0 [ 406.294795][ T5867] smartjoyplus 0003:0B43:0003.0016: unknown main item tag 0x0 [ 406.325206][ T5867] smartjoyplus 0003:0B43:0003.0016: unknown main item tag 0x0 [ 406.350279][ T5867] smartjoyplus 0003:0B43:0003.0016: hidraw1: USB HID v0.00 Device [HID 0b43:0003] on usb-dummy_hcd.2-1/input0 [ 406.407733][ T5867] smartjoyplus 0003:0B43:0003.0016: no output reports found [ 406.445837][ T8] usb 5-1: USB disconnect, device number 24 [ 406.449456][ T5867] usb 3-1: USB disconnect, device number 17 [ 406.653291][ T9839] hsr_slave_0: left promiscuous mode [ 406.661999][ T9839] hsr_slave_1: left promiscuous mode [ 406.667760][ T9839] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 406.686678][ T9839] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 406.723290][ T9839] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 406.760071][T10760] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10760 comm=syz.3.1357 [ 406.809420][ T9839] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.167346][ T9839] veth1_macvtap: left promiscuous mode [ 407.190138][ T9839] veth0_macvtap: left promiscuous mode [ 407.210808][ T9839] veth1_vlan: left promiscuous mode [ 407.218741][ T9839] veth0_vlan: left promiscuous mode [ 407.399182][T10357] Bluetooth: hci2: command tx timeout [ 407.497805][T10774] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10774 comm=syz.2.1360 [ 408.053036][T10779] input: syz1 as /devices/virtual/input/input47 [ 408.497342][ T9839] team0 (unregistering): Port device team_slave_1 removed [ 408.535195][T10795] raw_sendmsg: syz.1.1369 forgot to set AF_INET. Fix it! [ 408.565193][ T29] audit: type=1326 audit(1734314745.238:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10796 comm="syz.4.1371" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f096ab85d19 code=0x0 [ 408.600089][ T9839] team0 (unregistering): Port device team_slave_0 removed [ 408.998739][T10678] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 409.034358][T10678] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 409.114669][T10678] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 409.143898][T10678] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 409.307632][T10678] 8021q: adding VLAN 0 to HW filter on device bond0 [ 409.367296][T10678] 8021q: adding VLAN 0 to HW filter on device team0 [ 409.470020][T10357] Bluetooth: hci2: command tx timeout [ 409.485388][ T6255] bridge0: port 1(bridge_slave_0) entered blocking state [ 409.492551][ T6255] bridge0: port 1(bridge_slave_0) entered forwarding state [ 409.499896][ T5867] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 409.503686][ T5866] libceph: connect (1)[c::]:6789 error -101 [ 409.544292][ T5866] libceph: mon0 (1)[c::]:6789 connect error [ 409.565425][ T6255] bridge0: port 2(bridge_slave_1) entered blocking state [ 409.572591][ T6255] bridge0: port 2(bridge_slave_1) entered forwarding state [ 409.681109][T10678] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 409.691564][T10678] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 409.782344][T10830] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10830 comm=syz.4.1379 [ 410.216830][ T5892] libceph: connect (1)[c::]:6789 error -101 [ 410.273064][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 410.277855][ T5892] libceph: mon0 (1)[c::]:6789 connect error [ 410.288465][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 411.205311][T10837] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 411.213067][T10837] CPU: 1 UID: 0 PID: 10837 Comm: syz.3.1380 Not tainted 6.13.0-rc2-syzkaller-00382-gdccbe2047a5b #0 [ 411.223839][T10837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 411.233909][T10837] Call Trace: [ 411.237200][T10837] [ 411.240142][T10837] dump_stack_lvl+0x16c/0x1f0 [ 411.244839][T10837] sysfs_warn_dup+0x7f/0xa0 [ 411.249361][T10837] sysfs_do_create_link_sd+0x124/0x140 [ 411.254845][T10837] sysfs_create_link+0x61/0xc0 [ 411.259625][T10837] device_add+0x62e/0x1a70 [ 411.264054][T10837] ? __pfx_device_add+0x10/0x10 [ 411.268910][T10837] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 411.274800][T10837] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 411.280788][T10837] wiphy_register+0x1cab/0x2860 [ 411.285631][T10837] ? __pfx__dev_printk+0x10/0x10 [ 411.290565][T10837] ? __pfx_wiphy_register+0x10/0x10 [ 411.295766][T10837] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 411.301827][T10837] ieee80211_register_hw+0x2aa2/0x41a0 [ 411.307291][T10837] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 411.313087][T10837] ? net_generic+0xea/0x2a0 [ 411.317579][T10837] ? lockdep_init_map_type+0x16d/0x7d0 [ 411.323032][T10837] ? __asan_memset+0x23/0x50 [ 411.327609][T10837] ? __hrtimer_init+0x106/0x2c0 [ 411.332453][T10837] mac80211_hwsim_new_radio+0x304e/0x54d0 [ 411.338172][T10837] ? __kmalloc_node_track_caller_noprof+0x240/0x510 [ 411.344748][T10837] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 411.350802][T10837] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 411.356081][T10837] ? __asan_memcpy+0x3c/0x60 [ 411.360659][T10837] hwsim_new_radio_nl+0xb42/0x12b0 [ 411.365764][T10837] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 411.371304][T10837] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 411.378664][T10837] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 411.386032][T10837] genl_family_rcv_msg_doit+0x202/0x2f0 [ 411.391572][T10837] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 411.397637][T10837] ? bpf_lsm_capable+0x9/0x10 [ 411.402296][T10837] ? security_capable+0x7e/0x260 [ 411.407221][T10837] ? ns_capable+0xd7/0x110 [ 411.411626][T10837] genl_rcv_msg+0x565/0x800 [ 411.416125][T10837] ? __pfx_genl_rcv_msg+0x10/0x10 [ 411.421140][T10837] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 411.426677][T10837] ? __pfx___lock_acquire+0x10/0x10 [ 411.431866][T10837] netlink_rcv_skb+0x16b/0x440 [ 411.436618][T10837] ? __pfx_genl_rcv_msg+0x10/0x10 [ 411.441633][T10837] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 411.446915][T10837] ? down_read+0xc9/0x330 [ 411.451234][T10837] ? __pfx_down_read+0x10/0x10 [ 411.455989][T10837] ? netlink_deliver_tap+0x1ae/0xd30 [ 411.461268][T10837] genl_rcv+0x28/0x40 [ 411.465241][T10837] netlink_unicast+0x53c/0x7f0 [ 411.469996][T10837] ? __pfx_netlink_unicast+0x10/0x10 [ 411.475274][T10837] netlink_sendmsg+0x8b8/0xd70 [ 411.480029][T10837] ? __pfx_netlink_sendmsg+0x10/0x10 [ 411.485311][T10837] ____sys_sendmsg+0xaaf/0xc90 [ 411.490063][T10837] ? copy_msghdr_from_user+0x10b/0x160 [ 411.495503][T10837] ? __pfx_____sys_sendmsg+0x10/0x10 [ 411.500797][T10837] ___sys_sendmsg+0x135/0x1e0 [ 411.505463][T10837] ? __pfx____sys_sendmsg+0x10/0x10 [ 411.510655][T10837] ? __pfx_lock_release+0x10/0x10 [ 411.515666][T10837] ? trace_lock_acquire+0x14e/0x1f0 [ 411.520860][T10837] ? __fget_files+0x206/0x3a0 [ 411.525542][T10837] __sys_sendmsg+0x16e/0x220 [ 411.530131][T10837] ? __pfx___sys_sendmsg+0x10/0x10 [ 411.535242][T10837] ? __x64_sys_futex+0x1e1/0x4c0 [ 411.540202][T10837] do_syscall_64+0xcd/0x250 [ 411.544709][T10837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.550595][T10837] RIP: 0033:0x7f5d53d85d19 [ 411.555006][T10837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.574612][T10837] RSP: 002b:00007f5d54c1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 411.583015][T10837] RAX: ffffffffffffffda RBX: 00007f5d53f76080 RCX: 00007f5d53d85d19 [ 411.590986][T10837] RDX: 0000000000000004 RSI: 0000000020000040 RDI: 0000000000000009 [ 411.598947][T10837] RBP: 00007f5d53e01a20 R08: 0000000000000000 R09: 0000000000000000 [ 411.606905][T10837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 411.614867][T10837] R13: 0000000000000000 R14: 00007f5d53f76080 R15: 00007ffee6fcbbb8 [ 411.622841][T10837] [ 411.636676][ T5867] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 411.645843][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.655522][ T5867] usb 3-1: config 0 descriptor?? [ 411.666577][T10814] ceph: No mds server is up or the cluster is laggy [ 411.691801][T10357] Bluetooth: hci2: command tx timeout [ 411.768345][ T5892] libceph: connect (1)[c::]:6789 error -101 [ 411.774710][ T5892] libceph: mon0 (1)[c::]:6789 connect error [ 411.843475][T10678] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 412.073743][ T5867] cm6533_jd 0003:0D8C:0022.0017: unknown main item tag 0x0 [ 412.088324][ T5867] cm6533_jd 0003:0D8C:0022.0017: unknown main item tag 0x0 [ 412.114403][ T5867] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0017/input/input48 [ 412.136826][T10855] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10855 comm=syz.4.1384 [ 412.199388][ T5867] cm6533_jd 0003:0D8C:0022.0017: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 412.529071][T10678] veth0_vlan: entered promiscuous mode [ 412.580492][T10678] veth1_vlan: entered promiscuous mode [ 412.601265][ T5867] usb 3-1: USB disconnect, device number 18 [ 412.687294][T10678] veth0_macvtap: entered promiscuous mode [ 412.733959][T10678] veth1_macvtap: entered promiscuous mode [ 412.805664][T10678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.830572][T10678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.857259][T10678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.991143][T10678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.049167][T10678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 413.123403][T10887] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10887 comm=syz.4.1388 [ 413.217019][T10678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.499310][T10678] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 413.617099][T10678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 413.698023][T10678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.763750][T10678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 413.789113][T10678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.815638][T10678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 413.839965][T10678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.852097][T10678] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 413.875836][T10900] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1396'. [ 413.914639][T10678] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.994915][T10678] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.101248][T10678] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.279753][T10678] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.459681][T10902] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 414.467335][T10902] CPU: 1 UID: 0 PID: 10902 Comm: syz.1.1393 Not tainted 6.13.0-rc2-syzkaller-00382-gdccbe2047a5b #0 [ 414.478110][T10902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 414.488171][T10902] Call Trace: [ 414.491449][T10902] [ 414.494383][T10902] dump_stack_lvl+0x16c/0x1f0 [ 414.499074][T10902] sysfs_warn_dup+0x7f/0xa0 [ 414.503596][T10902] sysfs_do_create_link_sd+0x124/0x140 [ 414.509066][T10902] sysfs_create_link+0x61/0xc0 [ 414.513829][T10902] device_add+0x62e/0x1a70 [ 414.518239][T10902] ? __pfx_device_add+0x10/0x10 [ 414.523076][T10902] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 414.528959][T10902] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 414.534936][T10902] wiphy_register+0x1cab/0x2860 [ 414.539772][T10902] ? __pfx__dev_printk+0x10/0x10 [ 414.544703][T10902] ? __pfx_wiphy_register+0x10/0x10 [ 414.549892][T10902] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 414.555953][T10902] ieee80211_register_hw+0x2aa2/0x41a0 [ 414.561418][T10902] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 414.567221][T10902] ? net_generic+0xea/0x2a0 [ 414.571712][T10902] ? lockdep_init_map_type+0x16d/0x7d0 [ 414.577159][T10902] ? __asan_memset+0x23/0x50 [ 414.581734][T10902] ? __hrtimer_init+0x106/0x2c0 [ 414.586577][T10902] mac80211_hwsim_new_radio+0x304e/0x54d0 [ 414.592299][T10902] ? __kmalloc_node_track_caller_noprof+0x240/0x510 [ 414.598893][T10902] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 414.604960][T10902] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 414.610242][T10902] ? __asan_memcpy+0x3c/0x60 [ 414.614851][T10902] hwsim_new_radio_nl+0xb42/0x12b0 [ 414.619958][T10902] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 414.625502][T10902] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 414.632870][T10902] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 414.640323][T10902] genl_family_rcv_msg_doit+0x202/0x2f0 [ 414.645862][T10902] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 414.651927][T10902] ? bpf_lsm_capable+0x9/0x10 [ 414.656586][T10902] ? security_capable+0x7e/0x260 [ 414.661508][T10902] ? ns_capable+0xd7/0x110 [ 414.665914][T10902] genl_rcv_msg+0x565/0x800 [ 414.670411][T10902] ? __pfx_genl_rcv_msg+0x10/0x10 [ 414.675425][T10902] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 414.680961][T10902] ? __pfx___lock_acquire+0x10/0x10 [ 414.686149][T10902] netlink_rcv_skb+0x16b/0x440 [ 414.690900][T10902] ? __pfx_genl_rcv_msg+0x10/0x10 [ 414.695926][T10902] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 414.701209][T10902] ? down_read+0xc9/0x330 [ 414.705529][T10902] ? __pfx_down_read+0x10/0x10 [ 414.710281][T10902] ? netlink_deliver_tap+0x1ae/0xd30 [ 414.715558][T10902] genl_rcv+0x28/0x40 [ 414.719535][T10902] netlink_unicast+0x53c/0x7f0 [ 414.724293][T10902] ? __pfx_netlink_unicast+0x10/0x10 [ 414.729575][T10902] netlink_sendmsg+0x8b8/0xd70 [ 414.734337][T10902] ? __pfx_netlink_sendmsg+0x10/0x10 [ 414.739641][T10902] ____sys_sendmsg+0xaaf/0xc90 [ 414.744483][T10902] ? copy_msghdr_from_user+0x10b/0x160 [ 414.749930][T10902] ? __pfx_____sys_sendmsg+0x10/0x10 [ 414.755222][T10902] ___sys_sendmsg+0x135/0x1e0 [ 414.759973][T10902] ? __pfx____sys_sendmsg+0x10/0x10 [ 414.765163][T10902] ? __pfx_lock_release+0x10/0x10 [ 414.770175][T10902] ? trace_lock_acquire+0x14e/0x1f0 [ 414.775373][T10902] ? __fget_files+0x206/0x3a0 [ 414.780042][T10902] __sys_sendmsg+0x16e/0x220 [ 414.784618][T10902] ? __pfx___sys_sendmsg+0x10/0x10 [ 414.789717][T10902] ? __x64_sys_futex+0x1e1/0x4c0 [ 414.794661][T10902] do_syscall_64+0xcd/0x250 [ 414.799154][T10902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.805037][T10902] RIP: 0033:0x7f63f2185d19 [ 414.809454][T10902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.829048][T10902] RSP: 002b:00007f63f2f92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 414.837446][T10902] RAX: ffffffffffffffda RBX: 00007f63f2376160 RCX: 00007f63f2185d19 [ 414.845402][T10902] RDX: 0000000000000004 RSI: 0000000020000040 RDI: 0000000000000009 [ 414.853358][T10902] RBP: 00007f63f2201a20 R08: 0000000000000000 R09: 0000000000000000 [ 414.861313][T10902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.869266][T10902] R13: 0000000000000000 R14: 00007f63f2376160 R15: 00007ffce706c8c8 [ 414.877335][T10902] [ 415.029672][ T9839] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 415.055286][ T9839] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 415.082897][ T9839] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 415.091010][ T9839] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 415.304664][ T5867] libceph: connect (1)[c::]:6789 error -101 [ 415.310952][ T5867] libceph: mon0 (1)[c::]:6789 connect error [ 415.378956][T10924] input: syz1 as /devices/virtual/input/input49 [ 415.559946][T10928] netlink: 200 bytes leftover after parsing attributes in process `syz.2.1404'. [ 415.582212][T10928] netlink: 'syz.2.1404': attribute type 8 has an invalid length. [ 415.602212][ T5899] libceph: connect (1)[c::]:6789 error -101 [ 415.608203][ T5899] libceph: mon0 (1)[c::]:6789 connect error [ 415.855254][T10916] ceph: No mds server is up or the cluster is laggy [ 416.047836][ T1151] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.157390][ T1151] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.322564][T10946] loop6: detected capacity change from 0 to 524287999 [ 416.354604][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.363965][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 416.372798][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.373212][ T1151] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.381958][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 416.421580][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.430760][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 416.496731][ T29] audit: type=1400 audit(1734314753.176:655): avc: denied { ioctl } for pid=10945 comm="syz.2.1411" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x127d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 416.521641][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.530919][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 416.540420][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.549596][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 416.559728][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.568916][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 416.580230][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.589537][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 416.598055][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.607217][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 416.616536][T10946] ldm_validate_partition_table(): Disk read failed. [ 416.631695][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 416.633142][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.648036][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 416.685010][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.687058][ T1151] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.694188][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 416.700279][T10946] Dev loop6: unable to read RDB block 0 [ 416.705145][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 416.730144][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 416.742717][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 416.751458][ T5829] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 416.756182][T10946] loop6: unable to read partition table [ 416.764389][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 416.816981][T10946] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 416.840000][ T29] audit: type=1400 audit(1734314753.516:656): avc: denied { write } for pid=10955 comm="syz.4.1414" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 416.881614][T10951] batadv0 speed is unknown, defaulting to 1000 [ 416.965520][T10947] ldm_validate_partition_table(): Disk read failed. [ 417.033219][T10947] Dev loop6: unable to read RDB block 0 [ 417.069138][T10947] loop6: unable to read partition table [ 417.106023][T10947] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 417.122115][ T1151] bridge_slave_1: left allmulticast mode [ 417.176452][ T1151] bridge_slave_1: left promiscuous mode [ 417.188187][ T1151] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.198372][T10966] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10966 comm=syz.4.1416 [ 418.370909][ T1151] bridge_slave_0: left allmulticast mode [ 418.377566][ T1151] bridge_slave_0: left promiscuous mode [ 418.383465][ T1151] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.710424][ T1151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 418.721299][ T1151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 418.735828][ T1151] bond0 (unregistering): Released all slaves [ 418.837035][T10357] Bluetooth: hci2: command tx timeout [ 419.132211][T10951] chnl_net:caif_netlink_parms(): no params data found [ 419.183022][ T8] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 419.244308][ T1151] hsr_slave_0: left promiscuous mode [ 419.260058][ T1151] hsr_slave_1: left promiscuous mode [ 419.273825][ T1151] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 419.281344][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 419.305624][ T1151] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 419.323355][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 419.349729][ T8] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 419.351627][ T29] audit: type=1400 audit(1734314756.025:657): avc: denied { audit_write } for pid=11010 comm="syz.3.1429" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 419.373684][ T8] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11 [ 419.393819][ T29] audit: type=1400 audit(1734314756.075:658): avc: denied { watch watch_reads } for pid=11010 comm="syz.3.1429" path=2F6D656D66643A2D42D54E49C570430A202864656C6574656429 dev="tmpfs" ino=1206 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 419.437232][ T1151] veth1_macvtap: left promiscuous mode [ 419.442762][ T1151] veth0_macvtap: left promiscuous mode [ 419.453365][ T8] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024 [ 419.486473][ T1151] veth1_vlan: left promiscuous mode [ 419.491755][ T1151] veth0_vlan: left promiscuous mode [ 419.498557][ T8] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 419.508489][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.531974][T10996] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 419.565438][ T8] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 419.604155][ T5829] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 419.614741][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 419.624303][ T5829] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 419.637282][ T5829] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 419.658473][ T5829] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 419.665990][ T5829] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 419.865542][ T5899] usb 5-1: USB disconnect, device number 25 [ 419.917677][ T29] audit: type=1400 audit(1734314756.595:659): avc: denied { name_connect } for pid=11029 comm="syz.1.1432" dest=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 420.116239][ T5863] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 420.238616][ T1151] team0 (unregistering): Port device team_slave_1 removed [ 420.284847][ T1151] team0 (unregistering): Port device team_slave_0 removed [ 420.292965][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 420.329146][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 420.339956][ T5863] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 420.358023][ T5863] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.385328][ T5863] usb 4-1: config 0 descriptor?? [ 420.528758][ T29] audit: type=1400 audit(1734314757.205:660): avc: denied { read } for pid=11042 comm="syz.1.1439" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 420.817979][ T5863] hid-thrustmaster 0003:044F:B65D.0018: unknown main item tag 0x0 [ 420.829607][ T5863] hid-thrustmaster 0003:044F:B65D.0018: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.3-1/input0 [ 420.842397][ T5863] hid-thrustmaster 0003:044F:B65D.0018: Wrong number of endpoints? [ 420.906812][T11019] batadv0 speed is unknown, defaulting to 1000 [ 420.914569][T10357] Bluetooth: hci2: command tx timeout [ 421.006683][T10951] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.014410][T10951] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.021635][T10951] bridge_slave_0: entered allmulticast mode [ 421.028444][T10951] bridge_slave_0: entered promiscuous mode [ 421.055057][T10951] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.062787][T10951] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.077377][T10951] bridge_slave_1: entered allmulticast mode [ 421.097644][T10951] bridge_slave_1: entered promiscuous mode [ 421.130837][T10951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 421.145040][ C1] hid-thrustmaster 0003:044F:B65D.0018: URB to get model id failed with error -71 [ 421.145794][ T5866] usb 4-1: USB disconnect, device number 18 [ 421.177384][T10951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 421.265185][T10951] team0: Port device team_slave_0 added [ 421.275941][T10951] team0: Port device team_slave_1 added [ 421.358486][T10951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 421.383572][T10951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 421.410697][T10951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 421.422826][T10951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 421.429952][T10951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 421.459570][T10951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 421.566456][T11019] chnl_net:caif_netlink_parms(): no params data found [ 421.660504][T10951] hsr_slave_0: entered promiscuous mode [ 421.677404][T10951] hsr_slave_1: entered promiscuous mode [ 421.713895][T10357] Bluetooth: hci1: command tx timeout [ 421.829655][ T5866] libceph: connect (1)[c::]:6789 error -101 [ 421.862822][ T5866] libceph: mon0 (1)[c::]:6789 connect error [ 421.922967][T11019] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.930981][T11019] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.943343][T11019] bridge_slave_0: entered allmulticast mode [ 421.950585][T11019] bridge_slave_0: entered promiscuous mode [ 421.961199][T11019] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.968399][T11019] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.976734][T11019] bridge_slave_1: entered allmulticast mode [ 421.983172][T11019] bridge_slave_1: entered promiscuous mode [ 422.017377][T11019] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 422.031077][T11019] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 422.069485][T11019] team0: Port device team_slave_0 added [ 422.088359][T11019] team0: Port device team_slave_1 added [ 422.124670][ T5863] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 422.144757][ T5866] libceph: connect (1)[c::]:6789 error -101 [ 422.160571][ T5866] libceph: mon0 (1)[c::]:6789 connect error [ 422.170183][T11019] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 422.186091][T11019] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.218883][T11019] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 422.272696][T11019] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 422.289538][T11019] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.307303][T11078] ceph: No mds server is up or the cluster is laggy [ 422.321462][T11019] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 422.347425][ T5863] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 422.367787][ T5863] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.384274][ T5863] usb 4-1: config 0 descriptor?? [ 422.421990][ T5863] cp210x 4-1:0.0: cp210x converter detected [ 422.580814][T11019] hsr_slave_0: entered promiscuous mode [ 422.588064][T11019] hsr_slave_1: entered promiscuous mode [ 422.597341][T11019] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 422.605232][T11019] Cannot create hsr debugfs directory [ 422.795392][ T8] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 422.804843][T11019] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 422.834806][ T5863] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 422.841949][T11019] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 422.870724][ T5863] usb 4-1: cp210x converter now attached to ttyUSB0 [ 422.887873][T11019] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 422.917297][T11019] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 422.964741][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 422.978409][T10951] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 422.993558][ T8] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 423.004059][T10357] Bluetooth: hci2: command tx timeout [ 423.029167][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.039877][T10951] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 423.057027][ T8] usb 5-1: Product: syz [ 423.064376][ T8] usb 5-1: Manufacturer: syz [ 423.069103][ T8] usb 5-1: SerialNumber: syz [ 423.077651][ T8] usb 5-1: config 0 descriptor?? [ 423.082975][ T5866] usb 4-1: USB disconnect, device number 19 [ 423.092186][ T5866] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 423.093339][T10951] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 423.117258][ T5866] cp210x 4-1:0.0: device disconnected [ 423.168473][T10951] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 423.231373][T11019] 8021q: adding VLAN 0 to HW filter on device bond0 [ 423.273944][T11019] 8021q: adding VLAN 0 to HW filter on device team0 [ 423.298614][ T8] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 423.305113][ T4464] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.305190][ T4464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 423.332419][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 423.339534][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 423.376320][T11132] syzkaller1: entered promiscuous mode [ 423.381829][T11132] syzkaller1: entered allmulticast mode [ 423.406679][T10951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 423.423875][T11019] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 423.484447][T10951] 8021q: adding VLAN 0 to HW filter on device team0 [ 423.512812][ T959] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.519974][ T959] bridge0: port 1(bridge_slave_0) entered forwarding state [ 423.541891][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 423.549009][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 423.572760][T11136] syzkaller1: left promiscuous mode [ 423.579596][T11136] syzkaller1: left allmulticast mode [ 423.642598][T10951] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 423.712839][T11019] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 423.794766][T10357] Bluetooth: hci1: command tx timeout [ 423.935671][T10951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 424.025189][T10951] veth0_vlan: entered promiscuous mode [ 424.076913][T10951] veth1_vlan: entered promiscuous mode [ 424.152670][T10951] veth0_macvtap: entered promiscuous mode [ 424.181858][T10951] veth1_macvtap: entered promiscuous mode [ 424.221060][T10951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.253743][T10951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.270777][T10951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.281730][T10951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.300665][T10951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.313586][T10951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.334040][T10951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 424.347203][ T8] gspca_sunplus: reg_w_riv err -71 [ 424.359933][ T8] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 424.370167][ T8] usb 5-1: USB disconnect, device number 26 [ 424.381529][T10951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.403856][T10951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.434169][T10951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.454653][T10951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.464686][ T5867] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 424.474106][T10951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.484893][T10951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.496820][T10951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 424.523967][T11019] veth0_vlan: entered promiscuous mode [ 424.543837][T10951] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.561786][T10951] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.571167][T10951] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.580777][T10951] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.609700][T11019] veth1_vlan: entered promiscuous mode [ 424.626799][ T5867] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 424.644531][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.669543][ T5867] usb 2-1: config 0 descriptor?? [ 424.683085][T11019] veth0_macvtap: entered promiscuous mode [ 424.728085][T11019] veth1_macvtap: entered promiscuous mode [ 424.738442][ T959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 424.749601][ T959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 424.783373][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.801510][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.812306][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.828826][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.840998][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.857705][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.870230][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.883812][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.899858][T11019] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 424.943358][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 424.966520][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.994703][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 425.007836][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.040951][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.072708][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.088500][T10357] Bluetooth: hci2: command tx timeout [ 425.101672][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.117359][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.130320][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.155223][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.209285][T11019] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 425.487098][T11019] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.632745][T11019] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.767854][T11019] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.788855][T11019] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.888369][T10357] Bluetooth: hci1: command tx timeout [ 426.075344][ T29] audit: type=1400 audit(1734314762.723:661): avc: denied { create } for pid=11219 comm="syz.4.1465" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 426.184107][ T5867] usb 2-1: Cannot set autoneg [ 426.190779][ T5867] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 426.213866][ T5867] usb 2-1: USB disconnect, device number 20 [ 426.221335][ T9839] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.254679][ T9839] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.834868][T11233] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 426.843124][T11233] CPU: 0 UID: 0 PID: 11233 Comm: syz.3.1464 Not tainted 6.13.0-rc2-syzkaller-00382-gdccbe2047a5b #0 [ 426.853906][T11233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 426.864065][T11233] Call Trace: [ 426.867353][T11233] [ 426.870293][T11233] dump_stack_lvl+0x16c/0x1f0 [ 426.874985][T11233] sysfs_warn_dup+0x7f/0xa0 [ 426.879507][T11233] sysfs_do_create_link_sd+0x124/0x140 [ 426.885002][T11233] sysfs_create_link+0x61/0xc0 [ 426.889794][T11233] device_add+0x62e/0x1a70 [ 426.894242][T11233] ? __pfx_device_add+0x10/0x10 [ 426.899122][T11233] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 426.905046][T11233] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 426.911063][T11233] wiphy_register+0x1cab/0x2860 [ 426.915941][T11233] ? __pfx__dev_printk+0x10/0x10 [ 426.920912][T11233] ? __pfx_wiphy_register+0x10/0x10 [ 426.926146][T11233] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 426.932246][T11233] ieee80211_register_hw+0x2aa2/0x41a0 [ 426.937754][T11233] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 426.943590][T11233] ? net_generic+0xea/0x2a0 [ 426.948121][T11233] ? __asan_memset+0x23/0x50 [ 426.952736][T11233] ? __hrtimer_init+0x106/0x2c0 [ 426.957617][T11233] mac80211_hwsim_new_radio+0x304e/0x54d0 [ 426.963382][T11233] ? __kmalloc_node_track_caller_noprof+0x240/0x510 [ 426.970002][T11233] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 426.976096][T11233] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 426.981406][T11233] ? __asan_memcpy+0x3c/0x60 [ 426.986017][T11233] hwsim_new_radio_nl+0xb42/0x12b0 [ 426.991151][T11233] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 426.996727][T11233] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 427.004122][T11233] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 427.011522][T11233] genl_family_rcv_msg_doit+0x202/0x2f0 [ 427.017122][T11233] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 427.023201][T11233] ? bpf_lsm_capable+0x9/0x10 [ 427.027865][T11233] ? security_capable+0x7e/0x260 [ 427.032792][T11233] ? ns_capable+0xd7/0x110 [ 427.037305][T11233] genl_rcv_msg+0x565/0x800 [ 427.041808][T11233] ? __pfx_genl_rcv_msg+0x10/0x10 [ 427.046828][T11233] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 427.052362][T11233] ? __pfx___schedule+0x10/0x10 [ 427.057207][T11233] netlink_rcv_skb+0x16b/0x440 [ 427.061964][T11233] ? __pfx_genl_rcv_msg+0x10/0x10 [ 427.066983][T11233] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 427.072267][T11233] ? down_read+0x1a6/0x330 [ 427.076827][T11233] ? __pfx_down_read+0x10/0x10 [ 427.081584][T11233] ? rcu_is_watching+0x12/0xc0 [ 427.086342][T11233] genl_rcv+0x28/0x40 [ 427.090322][T11233] netlink_unicast+0x53c/0x7f0 [ 427.095093][T11233] ? __pfx_netlink_unicast+0x10/0x10 [ 427.100385][T11233] netlink_sendmsg+0x8b8/0xd70 [ 427.105144][T11233] ? __pfx_netlink_sendmsg+0x10/0x10 [ 427.110422][T11233] ? ____sys_sendmsg+0x7f8/0xc90 [ 427.115353][T11233] ____sys_sendmsg+0xaaf/0xc90 [ 427.120106][T11233] ? copy_msghdr_from_user+0x10b/0x160 [ 427.125550][T11233] ? __pfx_____sys_sendmsg+0x10/0x10 [ 427.130834][T11233] ___sys_sendmsg+0x135/0x1e0 [ 427.135496][T11233] ? __pfx____sys_sendmsg+0x10/0x10 [ 427.140689][T11233] ? __pfx_lock_release+0x10/0x10 [ 427.145701][T11233] ? trace_lock_acquire+0x14e/0x1f0 [ 427.150898][T11233] ? __fget_files+0x206/0x3a0 [ 427.155570][T11233] __sys_sendmsg+0x16e/0x220 [ 427.160147][T11233] ? __pfx___sys_sendmsg+0x10/0x10 [ 427.165243][T11233] ? __x64_sys_futex+0x1e1/0x4c0 [ 427.170179][T11233] do_syscall_64+0xcd/0x250 [ 427.174677][T11233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.180560][T11233] RIP: 0033:0x7f5d53d85d19 [ 427.184962][T11233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.204663][T11233] RSP: 002b:00007f5d54bfb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 427.213066][T11233] RAX: ffffffffffffffda RBX: 00007f5d53f76160 RCX: 00007f5d53d85d19 [ 427.221022][T11233] RDX: 0000000000000004 RSI: 0000000020000040 RDI: 0000000000000009 [ 427.228984][T11233] RBP: 00007f5d53e01a20 R08: 0000000000000000 R09: 0000000000000000 [ 427.236943][T11233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 427.244904][T11233] R13: 0000000000000000 R14: 00007f5d53f76160 R15: 00007ffee6fcbbb8 [ 427.252890][T11233] [ 427.394316][ T959] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 427.437931][ T959] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 428.177873][T10357] Bluetooth: hci1: command tx timeout [ 428.535745][ T5867] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 428.541895][T11281] input: syz0 as /devices/virtual/input/input50 [ 428.708588][ T5867] usb 2-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 428.718089][ T5867] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 428.748205][ T5867] usb 2-1: Product: syz [ 428.752413][ T5867] usb 2-1: Manufacturer: syz [ 428.765287][ T29] audit: type=1400 audit(1734314765.432:662): avc: denied { map } for pid=11287 comm="syz.5.1478" path="socket:[31885]" dev="sockfs" ino=31885 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 428.800749][ T5867] usb 2-1: SerialNumber: syz [ 428.819728][ T5867] usb 2-1: config 0 descriptor?? [ 428.881470][T11294] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 429.049592][ T5867] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 429.069563][ T5867] asix 2-1:0.0: probe with driver asix failed with error -32 [ 429.136003][ T5867] usb 2-1: USB disconnect, device number 21 [ 429.335773][ T8] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 429.420527][T11313] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3738224872 (478492783616 ns) > initial count (91121186304 ns). Using initial count to start timer. [ 429.486109][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 429.498819][ T8] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 429.525738][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.557077][ T8] usb 5-1: config 0 descriptor?? [ 429.559959][ T61] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.589247][ T29] audit: type=1400 audit(1734314766.252:663): avc: denied { name_bind } for pid=11316 comm="syz.5.1490" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 429.892230][ T61] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.948353][ T61] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.012857][ T61] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.155359][ T61] bridge_slave_1: left allmulticast mode [ 430.167825][ T61] bridge_slave_1: left promiscuous mode [ 430.176474][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.186217][ T8] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 430.216464][ T8] asix 5-1:0.0: probe with driver asix failed with error -61 [ 430.327896][ T61] bridge_slave_0: left allmulticast mode [ 430.346072][ T61] bridge_slave_0: left promiscuous mode [ 430.384533][ T5863] libceph: connect (1)[c::]:6789 error -101 [ 430.393283][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 430.401083][ T5863] libceph: mon0 (1)[c::]:6789 connect error [ 430.667627][ T5863] libceph: connect (1)[c::]:6789 error -101 [ 430.674424][ T5863] libceph: mon0 (1)[c::]:6789 connect error [ 431.121048][T11325] ceph: No mds server is up or the cluster is laggy [ 431.277148][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 431.288890][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 431.298993][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 431.318797][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 431.331688][ T5829] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 431.341091][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 431.921294][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 431.996193][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 432.082439][ T61] bond0 (unregistering): Released all slaves [ 432.095025][ T9] usb 5-1: USB disconnect, device number 27 [ 432.119359][T11344] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 432.126998][T11344] CPU: 0 UID: 0 PID: 11344 Comm: syz.1.1494 Not tainted 6.13.0-rc2-syzkaller-00382-gdccbe2047a5b #0 [ 432.137759][T11344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 432.147806][T11344] Call Trace: [ 432.151072][T11344] [ 432.153991][T11344] dump_stack_lvl+0x16c/0x1f0 [ 432.158669][T11344] sysfs_warn_dup+0x7f/0xa0 [ 432.163169][T11344] sysfs_do_create_link_sd+0x124/0x140 [ 432.168629][T11344] sysfs_create_link+0x61/0xc0 [ 432.173387][T11344] device_add+0x62e/0x1a70 [ 432.177800][T11344] ? __pfx_device_add+0x10/0x10 [ 432.182643][T11344] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 432.188541][T11344] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 432.194551][T11344] wiphy_register+0x1cab/0x2860 [ 432.199427][T11344] ? __pfx__dev_printk+0x10/0x10 [ 432.204396][T11344] ? __pfx_wiphy_register+0x10/0x10 [ 432.209621][T11344] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 432.215712][T11344] ieee80211_register_hw+0x2aa2/0x41a0 [ 432.221207][T11344] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 432.227029][T11344] ? net_generic+0xea/0x2a0 [ 432.231546][T11344] ? lockdep_init_map_type+0x16d/0x7d0 [ 432.237020][T11344] ? __asan_memset+0x23/0x50 [ 432.241627][T11344] ? __hrtimer_init+0x106/0x2c0 [ 432.246482][T11344] mac80211_hwsim_new_radio+0x304e/0x54d0 [ 432.252203][T11344] ? __kmalloc_node_track_caller_noprof+0x240/0x510 [ 432.258869][T11344] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 432.264928][T11344] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 432.270201][T11344] ? __asan_memcpy+0x3c/0x60 [ 432.274785][T11344] hwsim_new_radio_nl+0xb42/0x12b0 [ 432.279885][T11344] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 432.285426][T11344] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 432.292886][T11344] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 432.300352][T11344] genl_family_rcv_msg_doit+0x202/0x2f0 [ 432.305895][T11344] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 432.311959][T11344] ? bpf_lsm_capable+0x9/0x10 [ 432.316624][T11344] ? security_capable+0x7e/0x260 [ 432.321555][T11344] ? ns_capable+0xd7/0x110 [ 432.325962][T11344] genl_rcv_msg+0x565/0x800 [ 432.330466][T11344] ? __pfx_genl_rcv_msg+0x10/0x10 [ 432.335485][T11344] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 432.341023][T11344] ? __pfx___lock_acquire+0x10/0x10 [ 432.346216][T11344] netlink_rcv_skb+0x16b/0x440 [ 432.350971][T11344] ? __pfx_genl_rcv_msg+0x10/0x10 [ 432.356074][T11344] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 432.361374][T11344] ? down_read+0xc9/0x330 [ 432.365694][T11344] ? __pfx_down_read+0x10/0x10 [ 432.370535][T11344] ? netlink_deliver_tap+0x1ae/0xd30 [ 432.375810][T11344] genl_rcv+0x28/0x40 [ 432.379785][T11344] netlink_unicast+0x53c/0x7f0 [ 432.384541][T11344] ? __pfx_netlink_unicast+0x10/0x10 [ 432.389837][T11344] netlink_sendmsg+0x8b8/0xd70 [ 432.394606][T11344] ? __pfx_netlink_sendmsg+0x10/0x10 [ 432.399899][T11344] ? ____sys_sendmsg+0x600/0xc90 [ 432.404834][T11344] ____sys_sendmsg+0xaaf/0xc90 [ 432.409592][T11344] ? copy_msghdr_from_user+0x10b/0x160 [ 432.415050][T11344] ? __pfx_____sys_sendmsg+0x10/0x10 [ 432.420341][T11344] ___sys_sendmsg+0x135/0x1e0 [ 432.425013][T11344] ? __pfx____sys_sendmsg+0x10/0x10 [ 432.430225][T11344] ? __fget_files+0x206/0x3a0 [ 432.434903][T11344] __sys_sendmsg+0x16e/0x220 [ 432.439505][T11344] ? __pfx___sys_sendmsg+0x10/0x10 [ 432.444603][T11344] ? __x64_sys_futex+0x1e1/0x4c0 [ 432.449543][T11344] do_syscall_64+0xcd/0x250 [ 432.454042][T11344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.459926][T11344] RIP: 0033:0x7f63f2185d19 [ 432.464328][T11344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.483940][T11344] RSP: 002b:00007f63f2f92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 432.492352][T11344] RAX: ffffffffffffffda RBX: 00007f63f2376160 RCX: 00007f63f2185d19 [ 432.500308][T11344] RDX: 0000000000000004 RSI: 0000000020000040 RDI: 0000000000000009 [ 432.508262][T11344] RBP: 00007f63f2201a20 R08: 0000000000000000 R09: 0000000000000000 [ 432.516216][T11344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 432.524172][T11344] R13: 0000000000000000 R14: 00007f63f2376160 R15: 00007ffce706c8c8 [ 432.532145][T11344] [ 432.581053][T11349] batadv0 speed is unknown, defaulting to 1000 [ 432.946847][ T9] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 432.984599][T11349] chnl_net:caif_netlink_parms(): no params data found [ 432.998390][ T5866] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 432.998767][ T29] audit: type=1400 audit(1734314769.661:664): avc: denied { name_connect } for pid=11379 comm="syz.5.1502" dest=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 433.119901][ T9] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 433.136679][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 433.151221][ T9] usb 5-1: Product: syz [ 433.155545][ T9] usb 5-1: Manufacturer: syz [ 433.165744][ T9] usb 5-1: SerialNumber: syz [ 433.176715][ T5866] usb 2-1: Using ep0 maxpacket: 16 [ 433.182816][ T9] usb 5-1: config 0 descriptor?? [ 433.199399][ T9] ch341 5-1:0.0: ch341-uart converter detected [ 433.206770][ T5866] usb 2-1: config 0 has an invalid descriptor of length 107, skipping remainder of the config [ 433.218731][ T5866] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 78, changing to 10 [ 433.239319][ T5866] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 57694, setting to 1024 [ 433.266192][ T61] hsr_slave_0: left promiscuous mode [ 433.267852][ T5866] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 433.284891][ T61] hsr_slave_1: left promiscuous mode [ 433.292491][T11397] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 433.313456][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 433.321133][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 433.337020][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 433.343592][ T5866] usb 2-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b5.89 [ 433.363222][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 433.363624][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 433.397042][ T5866] usb 2-1: Product: syz [ 433.406084][ T5866] usb 2-1: Manufacturer: syz [ 433.406801][ T5829] Bluetooth: hci2: command tx timeout [ 433.417354][ T5866] usb 2-1: SerialNumber: syz [ 433.433782][ T5866] usb 2-1: config 0 descriptor?? [ 433.439093][ T61] veth1_macvtap: left promiscuous mode [ 433.445453][ T61] veth0_macvtap: left promiscuous mode [ 433.453583][ T61] veth1_vlan: left promiscuous mode [ 433.458935][ T61] veth0_vlan: left promiscuous mode [ 433.467584][ T5866] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 434.313685][ T5866] input: gspca_pac7302 as /devices/platform/dummy_hcd.1/usb2/2-1/input/input52 [ 434.428680][ T9] ch341-uart ttyUSB0: failed to read break control: -71 [ 434.435700][ T9] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 434.464568][ T9] usb 5-1: USB disconnect, device number 28 [ 434.481549][ T9] ch341 5-1:0.0: device disconnected [ 434.510424][ T61] team0 (unregistering): Port device team_slave_1 removed [ 434.601667][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.608624][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.615476][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.622400][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.629662][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.636510][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.643387][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.651126][ T61] team0 (unregistering): Port device team_slave_0 removed [ 434.651360][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.666151][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.673537][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.681144][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.688303][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.695144][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.701983][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.708827][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.715664][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.722766][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.729600][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.736440][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.743239][ T5866] usb 2-1: USB disconnect, device number 22 [ 434.743293][ C0] gspca_pac7302 2-1:0.0: URB error -71, resubmitting [ 434.755849][ C0] gspca_main: Resubmit URB failed with error -19 [ 435.195640][ T29] audit: type=1400 audit(1734314771.861:665): avc: denied { write } for pid=11429 comm="syz.4.1517" path="socket:[32452]" dev="sockfs" ino=32452 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 435.303565][T11434] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11434 comm=syz.5.1516 [ 435.519824][ T5829] Bluetooth: hci2: command tx timeout [ 435.786791][T11437] input: syz1 as /devices/virtual/input/input53 [ 436.501960][T11349] bridge0: port 1(bridge_slave_0) entered blocking state [ 436.516198][T11349] bridge0: port 1(bridge_slave_0) entered disabled state [ 436.525245][T11349] bridge_slave_0: entered allmulticast mode [ 436.536960][T11349] bridge_slave_0: entered promiscuous mode [ 436.569654][T11349] bridge0: port 2(bridge_slave_1) entered blocking state [ 436.580981][T11349] bridge0: port 2(bridge_slave_1) entered disabled state [ 436.588405][T11349] bridge_slave_1: entered allmulticast mode [ 436.595467][T11349] bridge_slave_1: entered promiscuous mode [ 436.772233][T11349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 436.790876][T11349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 436.919562][ T5899] libceph: connect (1)[c::]:6789 error -101 [ 436.925914][ T5899] libceph: mon0 (1)[c::]:6789 connect error [ 436.971779][T11461] netlink: 176 bytes leftover after parsing attributes in process `syz.5.1524'. [ 436.989352][ T29] audit: type=1400 audit(1734314773.640:666): avc: denied { read } for pid=11471 comm="syz.3.1528" lport=45121 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 437.033889][T11349] team0: Port device team_slave_0 added [ 437.089802][T11349] team0: Port device team_slave_1 added [ 437.194968][ T5863] libceph: connect (1)[c::]:6789 error -101 [ 437.205363][ T5863] libceph: mon0 (1)[c::]:6789 connect error [ 437.216805][T11349] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 437.241822][T11349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.311912][T11349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 437.354820][T11349] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 437.371166][T11349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.397452][T11349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 437.450869][T11349] hsr_slave_0: entered promiscuous mode [ 437.468696][T11349] hsr_slave_1: entered promiscuous mode [ 437.558898][ T5829] Bluetooth: hci2: command tx timeout [ 437.818571][T11463] ceph: No mds server is up or the cluster is laggy [ 437.827983][ T5863] libceph: connect (1)[c::]:6789 error -101 [ 437.834045][ T5863] libceph: mon0 (1)[c::]:6789 connect error [ 437.940917][T11512] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11512 comm=syz.5.1535 [ 438.382737][T11518] netlink: 428 bytes leftover after parsing attributes in process `syz.4.1537'. [ 438.403370][T11518] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1537'. [ 439.109629][T11349] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 439.129484][T11349] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 439.175800][T11349] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 439.199473][T11227] libceph: connect (1)[c::]:6789 error -101 [ 439.234194][T11227] libceph: mon0 (1)[c::]:6789 connect error [ 439.235404][T11349] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 439.359888][T11349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 439.389010][T11349] 8021q: adding VLAN 0 to HW filter on device team0 [ 439.409545][ T4464] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.416645][ T4464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 439.455417][ T4464] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.462540][ T4464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 439.519160][ T5899] libceph: connect (1)[c::]:6789 error -101 [ 439.526010][ T5899] libceph: mon0 (1)[c::]:6789 connect error [ 439.528847][T11349] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 439.586508][T11349] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 439.638368][ T5829] Bluetooth: hci2: command tx timeout [ 439.684666][T11349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 439.740667][T11580] netlink: 'syz.3.1552': attribute type 10 has an invalid length. [ 439.770502][T11349] veth0_vlan: entered promiscuous mode [ 439.806901][T11580] veth0_vlan: left allmulticast mode [ 439.858850][T11580] vlan0: left allmulticast mode [ 439.863750][T11580] vlan0: left promiscuous mode [ 439.882572][T11580] veth0_vlan: left promiscuous mode [ 439.893433][T11580] veth0_vlan: entered promiscuous mode [ 439.912994][T11580] vlan0: entered allmulticast mode [ 439.923477][T11580] veth0_vlan: entered allmulticast mode [ 439.936809][T11580] vlan0: entered promiscuous mode [ 439.952457][T11580] [ 439.954804][T11580] ============================================ [ 439.960941][T11580] WARNING: possible recursive locking detected [ 439.967065][T11580] 6.13.0-rc2-syzkaller-00382-gdccbe2047a5b #0 Not tainted [ 439.974147][T11580] -------------------------------------------- [ 439.980270][T11580] syz.3.1552/11580 is trying to acquire lock: [ 439.986311][T11580] ffff88805dc50e00 (team->team_lock_key#3){+.+.}-{4:4}, at: team_device_event+0x2c7/0x770 [ 439.996224][T11580] [ 439.996224][T11580] but task is already holding lock: [ 440.003565][T11580] ffff88805dc50e00 (team->team_lock_key#3){+.+.}-{4:4}, at: team_add_slave+0x9c/0x20e0 [ 440.013215][T11580] [ 440.013215][T11580] other info that might help us debug this: [ 440.021249][T11580] Possible unsafe locking scenario: [ 440.021249][T11580] [ 440.028674][T11580] CPU0 [ 440.031930][T11580] ---- [ 440.035186][T11580] lock(team->team_lock_key#3); [ 440.040111][T11580] lock(team->team_lock_key#3); [ 440.045045][T11580] [ 440.045045][T11580] *** DEADLOCK *** [ 440.045045][T11580] [ 440.053166][T11580] May be due to missing lock nesting notation [ 440.053166][T11580] [ 440.061459][T11580] 2 locks held by syz.3.1552/11580: [ 440.066631][T11580] #0: ffffffff8fedc048 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x5d9/0x1d60 [ 440.075666][T11580] #1: ffff88805dc50e00 (team->team_lock_key#3){+.+.}-{4:4}, at: team_add_slave+0x9c/0x20e0 [ 440.085747][T11580] [ 440.085747][T11580] stack backtrace: [ 440.091613][T11580] CPU: 1 UID: 0 PID: 11580 Comm: syz.3.1552 Not tainted 6.13.0-rc2-syzkaller-00382-gdccbe2047a5b #0 [ 440.102619][T11580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 440.112654][T11580] Call Trace: [ 440.115912][T11580] [ 440.118828][T11580] dump_stack_lvl+0x116/0x1f0 [ 440.123502][T11580] print_deadlock_bug+0x2e3/0x410 [ 440.128513][T11580] __lock_acquire+0x2117/0x3c40 [ 440.133350][T11580] ? __pfx___lock_acquire+0x10/0x10 [ 440.138530][T11580] ? __local_bh_enable_ip+0xa4/0x120 [ 440.143798][T11580] ? __pfx___lock_acquire+0x10/0x10 [ 440.148978][T11580] ? dev_mc_add+0xd4/0x110 [ 440.153376][T11580] ? __local_bh_enable_ip+0xa4/0x120 [ 440.158645][T11580] lock_acquire.part.0+0x11b/0x380 [ 440.163737][T11580] ? team_device_event+0x2c7/0x770 [ 440.168836][T11580] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 440.174454][T11580] ? rcu_is_watching+0x12/0xc0 [ 440.179210][T11580] ? trace_lock_acquire+0x14e/0x1f0 [ 440.184395][T11580] ? team_device_event+0x2c7/0x770 [ 440.189494][T11580] ? lock_acquire+0x2f/0xb0 [ 440.193980][T11580] ? team_device_event+0x2c7/0x770 [ 440.199078][T11580] __mutex_lock+0x19b/0xa60 [ 440.203576][T11580] ? team_device_event+0x2c7/0x770 [ 440.208673][T11580] ? dev_get_flags+0x1ea/0x250 [ 440.213439][T11580] ? team_device_event+0x2c7/0x770 [ 440.218540][T11580] ? __pfx___mutex_lock+0x10/0x10 [ 440.223556][T11580] ? team_device_event+0x2c7/0x770 [ 440.228656][T11580] team_device_event+0x2c7/0x770 [ 440.233580][T11580] notifier_call_chain+0xb7/0x410 [ 440.238589][T11580] ? __pfx_team_device_event+0x10/0x10 [ 440.244032][T11580] call_netdevice_notifiers_info+0xbe/0x140 [ 440.249907][T11580] __dev_notify_flags+0x12d/0x2e0 [ 440.254916][T11580] ? __pfx___dev_notify_flags+0x10/0x10 [ 440.260466][T11580] ? __pfx___dev_change_flags+0x10/0x10 [ 440.266022][T11580] ? __nla_put+0x27/0x40 [ 440.270272][T11580] dev_change_flags+0x10c/0x160 [ 440.275123][T11580] vlan_device_event+0xdfc/0x2120 [ 440.280140][T11580] ? __pfx_phonet_device_notify+0x10/0x10 [ 440.285853][T11580] ? __pfx_vlan_device_event+0x10/0x10 [ 440.291297][T11580] ? __pfx_br_device_event+0x10/0x10 [ 440.296571][T11580] ? raw_notifier+0xa4/0x860 [ 440.301164][T11580] ? isotp_notifier+0xa4/0x6d0 [ 440.305920][T11580] ? bcm_notifier+0xa8/0x820 [ 440.310502][T11580] ? cgw_notifier+0xa2/0x390 [ 440.315078][T11580] notifier_call_chain+0xb7/0x410 [ 440.320102][T11580] ? __pfx_vlan_device_event+0x10/0x10 [ 440.325553][T11580] call_netdevice_notifiers_info+0xbe/0x140 [ 440.331433][T11580] __dev_notify_flags+0x12d/0x2e0 [ 440.336449][T11580] ? __pfx___dev_notify_flags+0x10/0x10 [ 440.341985][T11580] ? __pfx___dev_change_flags+0x10/0x10 [ 440.347518][T11580] ? __nla_put+0x27/0x40 [ 440.351744][T11580] dev_change_flags+0x10c/0x160 [ 440.356581][T11580] vlan_device_event+0xdfc/0x2120 [ 440.361588][T11580] ? __pfx_phonet_device_notify+0x10/0x10 [ 440.367290][T11580] ? __pfx_vlan_device_event+0x10/0x10 [ 440.372822][T11580] ? __pfx_br_device_event+0x10/0x10 [ 440.378095][T11580] ? raw_notifier+0xa4/0x860 [ 440.382671][T11580] ? isotp_notifier+0xa4/0x6d0 [ 440.387429][T11580] ? bcm_notifier+0xa8/0x820 [ 440.392026][T11580] ? cgw_notifier+0xa2/0x390 [ 440.396611][T11580] notifier_call_chain+0xb7/0x410 [ 440.401631][T11580] ? __pfx_vlan_device_event+0x10/0x10 [ 440.407078][T11580] call_netdevice_notifiers_info+0xbe/0x140 [ 440.412967][T11580] dev_open+0x144/0x160 [ 440.417112][T11580] ? __pfx_dev_open+0x10/0x10 [ 440.421772][T11580] ? __kmalloc_noprof+0x23b/0x510 [ 440.426780][T11580] team_add_slave+0xacd/0x20e0 [ 440.431531][T11580] ? __pfx_team_add_slave+0x10/0x10 [ 440.436713][T11580] ? __pfx_validate_linkmsg+0x10/0x10 [ 440.442072][T11580] ? __pfx_team_add_slave+0x10/0x10 [ 440.447260][T11580] do_set_master+0x1bc/0x230 [ 440.451837][T11580] do_setlink.constprop.0+0xb60/0x3f70 [ 440.457280][T11580] ? __pfx_mark_lock+0x10/0x10 [ 440.462027][T11580] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 440.467904][T11580] ? find_held_lock+0x2d/0x110 [ 440.472652][T11580] ? __mutex_lock+0x2c6/0xa60 [ 440.477314][T11580] ? __pfx_lock_release+0x10/0x10 [ 440.482321][T11580] ? mark_held_locks+0x9f/0xe0 [ 440.487066][T11580] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 440.492859][T11580] ? lockdep_hardirqs_on+0x7c/0x110 [ 440.498039][T11580] ? __mutex_lock+0x1cc/0xa60 [ 440.502700][T11580] ? rtnl_newlink+0x5d9/0x1d60 [ 440.507448][T11580] ? __pfx___mutex_lock+0x10/0x10 [ 440.512454][T11580] ? __pfx___nla_validate_parse+0x10/0x10 [ 440.518153][T11580] ? cap_capable+0x1cf/0x240 [ 440.522729][T11580] rtnl_newlink+0x1303/0x1d60 [ 440.527393][T11580] ? __pfx_rtnl_newlink+0x10/0x10 [ 440.532402][T11580] ? __pfx___lock_acquire+0x10/0x10 [ 440.537582][T11580] ? cred_has_capability.isra.0+0x192/0x2f0 [ 440.543460][T11580] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 440.549685][T11580] ? find_held_lock+0x2d/0x110 [ 440.554434][T11580] ? rtnetlink_rcv_msg+0x93a/0xea0 [ 440.559530][T11580] ? __pfx_lock_release+0x10/0x10 [ 440.564539][T11580] ? trace_lock_acquire+0x14e/0x1f0 [ 440.569724][T11580] ? __pfx_rtnl_newlink+0x10/0x10 [ 440.574732][T11580] rtnetlink_rcv_msg+0x95b/0xea0 [ 440.579673][T11580] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 440.585177][T11580] netlink_rcv_skb+0x16b/0x440 [ 440.589945][T11580] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 440.595484][T11580] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 440.600763][T11580] ? netlink_deliver_tap+0x1ae/0xd30 [ 440.606050][T11580] netlink_unicast+0x53c/0x7f0 [ 440.610810][T11580] ? __pfx_netlink_unicast+0x10/0x10 [ 440.616086][T11580] netlink_sendmsg+0x8b8/0xd70 [ 440.620840][T11580] ? __pfx_netlink_sendmsg+0x10/0x10 [ 440.626118][T11580] ____sys_sendmsg+0xaaf/0xc90 [ 440.630870][T11580] ? copy_msghdr_from_user+0x10b/0x160 [ 440.636313][T11580] ? __pfx_____sys_sendmsg+0x10/0x10 [ 440.641593][T11580] ___sys_sendmsg+0x135/0x1e0 [ 440.646252][T11580] ? __pfx____sys_sendmsg+0x10/0x10 [ 440.651432][T11580] ? __pfx_lock_release+0x10/0x10 [ 440.656436][T11580] ? trace_lock_acquire+0x14e/0x1f0 [ 440.661625][T11580] ? __fget_files+0x206/0x3a0 [ 440.666287][T11580] __sys_sendmsg+0x16e/0x220 [ 440.670862][T11580] ? __pfx___sys_sendmsg+0x10/0x10 [ 440.676042][T11580] ? __x64_sys_futex+0x1e1/0x4c0 [ 440.680968][T11580] do_syscall_64+0xcd/0x250 [ 440.685457][T11580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.691333][T11580] RIP: 0033:0x7f5d53d85d19 [ 440.695731][T11580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 440.715320][T11580] RSP: 002b:00007f5d54c1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 440.723751][T11580] RAX: ffffffffffffffda RBX: 00007f5d53f76080 RCX: 00007f5d53d85d19 [ 440.731703][T11580] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000005 [ 440.739738][T11580] RBP: 00007f5d53e01a20 R08: 0000000000000000 R09: 0000000000000000 [ 440.747687][T11580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 440.755636][T11580] R13: 0000000000000000 R14: 00007f5d53f76080 R15: 00007ffee6fcbbb8 [ 440.763593][T11580] [ 440.766622][ C1] vkms_vblank_simulate: vblank timer overrun [ 440.776124][T11555] ceph: No mds server is up or the cluster is laggy [ 440.783409][ T5863] libceph: connect (1)[c::]:6789 error -101 [ 440.789427][ T5863] libceph: mon0 (1)[c::]:6789 connect error SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 440.879427][ T1293] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 440.888656][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 444.156853][ T5190] udevd[5190]: worker [5805] terminated by signal 33 (Unknown signal 33) [ 444.166620][ T5190] udevd[5190]: worker [5806] terminated by signal 33 (Unknown signal 33) [ 444.175581][ T5190] udevd[5190]: worker [5825] terminated by signal 33 (Unknown signal 33) [ 444.184362][ T5190] udevd[5190]: worker [5827] terminated by signal 33 (Unknown signal 33) [ 444.193188][ T5190] udevd[5190]: worker [5830] terminated by signal 33 (Unknown signal 33) [ 444.202223][ T5190] udevd[5190]: worker [6201] terminated by signal 33 (Unknown signal 33) [ 444.210767][ T5190] udevd[5190]: worker [6202] terminated by signal 33 (Unknown signal 33) [ 444.219278][ T5190] udevd[5190]: worker [6203] terminated by signal 33 (Unknown signal 33) [ 444.227747][ T5190] udevd[5190]: worker [6204] terminated by signal 33 (Unknown signal 33) [ 444.236220][ T5190] udevd[5190]: worker [6205] terminated by signal 33 (Unknown signal 33)