last executing test programs: 5m30.510002823s ago: executing program 3 (id=687): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000091c2f20c81403006c050102030109021b00010000000009040000018ea44300090585da20"], 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x40, 0x80000) syz_usb_disconnect(r0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) 5m28.612200846s ago: executing program 3 (id=696): r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = dup(r0) bind$unix(r1, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0xf5}]}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x8, 0x3a, 0x0, @remote, @local, {[], @echo_reply={0x81, 0x0, 0x0, 0x200}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 5m28.474053272s ago: executing program 3 (id=699): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) r1 = fsopen(&(0x7f00000000c0)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 5m28.370369422s ago: executing program 3 (id=700): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x201081, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 5m28.25024159s ago: executing program 3 (id=702): socket(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={0x0, &(0x7f0000000480)=""/236, 0x0, 0xec, 0x1, 0x400, 0x10000, @value}, 0x28) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r2) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x100000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b36, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x166b1ab5eb710134) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2, 0x1}) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000040)={0x6, 0x646, 0x0, 0x2, 0x50, "01fcffffffffffe7"}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1f, 0x13, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x602, 0x0) writev(r5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0xffffffffffffff2c, &(0x7f0000000580)={&(0x7f0000000880)=ANY=[@ANYBLOB="500000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="05a00200000000002800128009000100766c616e00000000180002800c000200540a000018000000060001000100000008000500", @ANYRES32=r7], 0x50}, 0x1, 0xba01}, 0x0) 5m27.993761124s ago: executing program 3 (id=705): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000440)='wlan0\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x400c8c6, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000005, 0x10012, r1, 0x0) sendto$inet(r0, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 5m27.880434832s ago: executing program 32 (id=705): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000440)='wlan0\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x400c8c6, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000005, 0x10012, r1, 0x0) sendto$inet(r0, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 4m57.602511817s ago: executing program 1 (id=940): bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@o_path={0x0}, 0x18) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000050000f58504"]) 4m57.366526785s ago: executing program 1 (id=943): ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x2, [], [0x2b8], [0x8], [0x400000000000001]}) r0 = syz_io_uring_setup(0x304, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x2, 0xe1}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x102, 0x2}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 4m57.273823252s ago: executing program 1 (id=944): recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x20) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0x3}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80d1}, 0x10040000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4m56.002260447s ago: executing program 1 (id=947): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000200)='./file0/file0\x00', 0x0, 0x89901a, 0x0) umount2(&(0x7f00000001c0)='./file0/file0\x00', 0x9) 4m55.870435955s ago: executing program 1 (id=948): pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r1, 0x0, r0, 0x0, 0x6, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x3ff) fcntl$setstatus(r0, 0x4, 0x7c00) dup3(r1, r0, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)={0x14, 0x2, 0x6, 0x301}, 0x14}}, 0x4000084) 4m55.366487338s ago: executing program 1 (id=951): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000100)="f024bd50", 0x4, 0x4048055, &(0x7f0000000200)={0x11, 0x8100, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) 4m55.102790433s ago: executing program 33 (id=951): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000100)="f024bd50", 0x4, 0x4048055, &(0x7f0000000200)={0x11, 0x8100, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) 3m21.555120021s ago: executing program 2 (id=925): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100)) openat$sysfs(0xffffffffffffff9c, 0x0, 0x383941, 0x11) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 3m20.080888445s ago: executing program 4 (id=903): ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) 2m56.258141837s ago: executing program 4 (id=903): ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) 2m54.519191399s ago: executing program 2 (id=925): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100)) openat$sysfs(0xffffffffffffff9c, 0x0, 0x383941, 0x11) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 2m13.298761723s ago: executing program 4 (id=903): ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) 2m12.390098603s ago: executing program 2 (id=925): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100)) openat$sysfs(0xffffffffffffff9c, 0x0, 0x383941, 0x11) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 1m36.46901542s ago: executing program 4 (id=903): ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) 1m34.96195159s ago: executing program 2 (id=925): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100)) openat$sysfs(0xffffffffffffff9c, 0x0, 0x383941, 0x11) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 1m4.467427918s ago: executing program 4 (id=903): ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) 1m3.078483129s ago: executing program 2 (id=925): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100)) openat$sysfs(0xffffffffffffff9c, 0x0, 0x383941, 0x11) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 17.605497164s ago: executing program 4 (id=903): ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) 16.871694315s ago: executing program 2 (id=925): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100)) openat$sysfs(0xffffffffffffff9c, 0x0, 0x383941, 0x11) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 12.32256765s ago: executing program 0 (id=1540): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder-control\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r4, 0xc1086201, 0x20000000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) connect$inet(r5, &(0x7f0000000300)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10) sendmsg$inet(r5, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000240)}], 0x1}, 0x0) recvmsg(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000500)}, 0x700) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) sendmsg$NFT_BATCH(r0, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000007000)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_DELOBJ={0x20, 0x14, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x3, 0x0, 0x0, {0xa}, [@NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x98}}, 0x0) 10.764655054s ago: executing program 0 (id=1541): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4800) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet_tcp(0x2, 0x1, 0x0) getpid() syz_open_pts(0xffffffffffffffff, 0x141601) socket$xdp(0x2c, 0x3, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) syz_open_dev$vim2m(0x0, 0x2000000f5, 0x2) recvmsg(r1, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) 7.639727799s ago: executing program 6 (id=1545): socket(0x2, 0x80805, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x8, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rseq(0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1) write$UHID_INPUT(r4, &(0x7f0000000d00)={0x8, {"7894e6e62ce0f10fcdce74f21ad5b47c923d4dec90cefd599912070f341d59a8802e33af9869738f25b2f72093dd0ffa688e8e417c6e0e09b99649818d7caca39e142ef69d9101397854c3f51bde013686a626b2120c03d98c0ad981069188fbbddb88bf41a6b29ed43d1244e6025e1e4a2f40577619ccee39385bfc86461023a7906e5c07d16415140f4ab26db004362c885ef2c9ee82d3dd7e2ac42ca05d81ccea87dc0ec4a8f222013d6d4d0b0c828f3d2e3151dce87bfb335c1ad67bb3323564022ab23a6ba54ca117ca592c8d4227922347ea6f7c9d3dbdbc8d235f2d03e688d5ca7718d60e911534f964bf20359a0057847e7d7fd2cc463784aab2b06ba95512cfc427da44aa73634b0797b9baab391aa176d259c047ee9d346e63903860ab3c571d064509a715c5c4c6edffce9e1701e8291c2d937e3ff18691fe9a665b1a3b717a40205f8efa239b37e6b33f5c8ac28e616f788d0294c8d39ff4a63aaca7d4c578a935dd84850432201081bc1b00c5797847eaff8cecf8af8a60f075b5ff1c3dc9e62f9a3cfc4333a7501dd8badfdc691a9d35d3fc2c0e8f1b21a2c619201004a0d82bace1738ba9ca93e6fbf8ebaa78b5423efb19d3337ad050a7a1a634737a0169921911b277ab235f8b186efd60c3eff58e974a856ba460c5fbd91c1b5c999a7f6b4474560e0c5698085e1ff96381999bf7338dddab4499c6ae315245ecc98d3ca2ebc11214a4115e9205e7d1705591be4029a5e92ae06c02ba39ac70cf1ba082ccee070bf2feafa55ac6e863adb6f89a7475c2dc073058b0f8a52151d8c3ced025463656942bfd257ace6c54bd57985a44cef1c20777db47d12bd34371ef6f537e455b7787e3a853713877fa9465937602ceef8b9439507ab802ea4eaf5ee2ecd710b1840d8b8c995b5904434198abd8f0e830857ed1af53f3bcede9d57afb1cd7ad27bf222a6d1c58286c40d22211a3b2b7b7bbf5923a528fa4d781aaec1f67e013392b17197d2f6ff2d0e68bea94ce57cc516daffdf2348333a8dc596894540aa2a79437d95465fc27627b0e26871d5248c39e1a3badb319d449a7d67145418e1a35cb4bf950a5483d6e80763ea676b89d1f1e2cea20c590c76ae9fb228ffd638ccabdb3830cf944e1cccfb7ba8b1d1f0aabc498155ddda8404ebe2e25cfcfa9058af7d66bef79e592a579d556404ea3f28d6ddb3fdead9123247e23827f729eee41540d0f0e94027d65eee4e7c1c913c634f9abf546388cd2e4b351b16bd97faae3b54f5b2750495619ec36d97a1080564fa30a9f8a2700b77340b5bbd9cc377ee35420b5b762935047af7837e973a9da42ef93c11f145704d041054bcc4680363cbbee16a2bc0eaaa49cfa23330a666dff32daa17a6ea425f1ed2354d0c36893c895a0564e100d3e1385467405ca2706cfb62453faf72b1648727faeffb3c934bc4e48e4ce93af11bff3208cb3843da7ed68451b4af747ef72e2fb78a73990c95097c9504aacddffc5caadeb171e95ad113561144907d361fd28695239f6619360b9d0eead653cc83ab13fc7c0c60237e3363b6f319daa38d792426393e2396404a112ed9e70b378f494d4b540bf9b44d76b347a12c8cdaeed350a85698eb71bd126f75b9aa0ff7435926a4a4ce04e4187eae5a80b1ff56aa7f1b005a9a057b6ace4cf08c404f66c0b31974d151e9a2840ebcbfbfd898e6694b89fe78a68b90551c9d33c14914dceff64a699c1cf1570c2d1f53e905abef9f954fbdd100b1b18f10dbd673bd6c7a9693286cf2dc0ab9919466750aa42ccfa27e9ff4190dd784ec6f2e19270521f98561a959152b16a80f0b1e183375d3886936ae03ff4949777d30481c24bbae918d5fdcc8f46ff05e2370095bc85cde086dc1e32423f21c13c42490fb679462f35dd0c4ef06f8c3f24327af47ea2c73a856f112385094fe138022e308c157adb19b94ed0e8d94b805883318b33b22f371d62f0b764b2a44b65018bef417357aa997ea4ef95a2899963e06a3c553943e14d3364b73919f5e6d8395d56d522f1b19ae37d48f1534d92e4248824adb555281aea2fb317bfb30cdc7d4efada900006f45578a061b19e2eeefffdbf1974a1633182501611724079f926122c1c8fd9b1d8e6302d76ed90616abcfcac478e3b8d3be91eee5f9c653f8fed3afc1eb33d9314aaa021e8b53ab7ba3e59b301a6c757efd95c6661d7d3e8a73cdec7833f4608dc238d8e144a5b0196a9aea6fb30efdfdb05f9529c52af93cd78d857e3cc920bf30b2292380c662890f3679c09aea55c77a75dbb4da338c0fb737a5fc31252d9fa798f9dd70947f6cfa0474a7a835c694dfbb5c678216915d1f04c81d5df8f2efde80fdbce8248525d9b639f394847b9a8c2e7f7288b031df91db059eabb750c1bfe732b78001c2cca0f74cd8873cc2a892d26e1dbd48db297853775c21d68ce1daebee4f4d65bf8e448b1c80da35eaff3295ffe0aef68baff15f7585aba741699c3ed9a62f2c18200e40cbb383b844459ca9636d61645470d4f8b04704b84a7986d816c037d368d807ab936faa842a427cc4987ab506f3f08841195c893f39656547ff62730ec43aa78311d57defe4002301f6b9e1f6573f3a46715e2d1f899480e8bc97f5dfe48ad14df280126998d32dc0a63231584b5ee82d5f90d5ccd3eb3923cee0dfe0eb9b1ac54fd97214ad86c6459cf916ba0bfc9d4210a95346d753f4bc7440d78274c4cd1850907a2bf150a1c1b511bf0438494a6aa1a197f787c96b410d866b4cb284f74122ffbb2f5fa7c2c22f935c7e1542ff83f01e3024ee6e3d7fd0fba2754e635c8116a27f15586300d6522979822c1f97038f33c644ef82e9818f4a09388cb9a69514c929e9bc149fd7a26b458d89abb5e3ae1de29ed1f28d613878a24a9296c967339b9c6749f92c720982cb78a120bcf7593c6fbae36f9a06caa384a7e5d3f05442b0a69f72518a76a916968aae56abda54dac318fd726335e95592f80d030ef51aea41d5e348267fcea65e49d8e36e711fedb3fb9ad37d3fdf2185dcc3ff44736d6a0d4b4bd1810f89ec6e0e6b6f58f74d73ddd2a27fcfaf36d1aec6c3769787a1d3b8514487a399e6497bd0bf4c4242868d599aeb2202cae535e8118d478fc43b4c8bfdcf024f36f5d7c9f75c69bc9d4d5414e8bef740bcaf9027dbdb0f47643b984406c9ce1999d7631243c26d6824ae74ab71f536e40e934a5dfea7f5c5d10713c831df6ba168f4080a4b082e94bc23c0807aab7c0bc29f327d185a2a9302cc255aa54764c4eb8ef5b17d640afa30b36572294914d51ac146f87af6f5abd97823724aba25f589e769aa1047e72365e9ee67e7f90e80542cc842aebabc97679dd893075e8a1bd6934ac9e768e20bcf4c2fa29c5f7a103d3ff689c721e08ef1d0ca61ee3e07a815aa943879dd5c406dcff6a946b0a12980620cfb224912e27accbb63b1e2d571c65918c806060dcd08d5cef341e5c5705021ec19605b809a44d2a8f6f27e18f2b8fd268e23706564df5501096fd8f8261e27d5c8b582673f0c76bf78b27f754cddb5b64a33c87841681d8eef2b5abe8a8deabee587189f75b8b518909cd2a6f89910425e8647f25077829f1b400b3abcaeff6f54ccc00f6fb7abeeefe0226e4e2b55fba0925b49be8310fc5a490384e4a5e7216b0fd0c09c00e3327ada8c59eb37443ac9148a9df92b0d4e6851cd93b784d3e0a236d9fe7c483f03d813fc98e632cf6255dc4a70a0458570776509ebfb545f35956c7e32493f6ad886ec858bfc29bffb7f2ae7eed7d83e3075554dd81e72c93f4c2e4dcdb0832e76861b983b17c2a6f887a988e4fd47459fd45134560b5b1bec10c50914f2d7f327a4e68a0c453f067035f243ca01aa22969481d5fb48d1da82f35222c4e8d249625c454159f7b00a85d43414eb5e7c8044922b323f2473af648d1dba5ffff34bd5e023a2fe4860d7568fa4d35ad20c461eb38bced561edcef853dbcdd7b69bb40e9cda525a71a286c956a1268cacad0bc0c79ed7632aedbb8dc78ba1a2adea2b650314072d1ebc08f9753d6d38e53a758ea4700160588e819239711a506f004ec57037cd6efcbb9cee3bba556eaaa008bf8e8390085b85653c7aa006dd836c7ad025bed9dec77a4a00b309776862fca4dd01dff16aa6bd70a876662093b85ffbb07b2f8b4361f5dc635f940571239a71865e8f1a289f449ae9a74266205c8b1fe8a732db502c9ea5e5c379b704d43ef795b40450aa498535803767d2c2cbd2749474d2997e00f37612fcc0ae7322b8c8e2a90cf66ada69bd05b82d5707562b37e40674f0a3f58d9c776a931b8768d5c23f17c5f9135e7a4ce0c6eb356d9fb4a53d112194c19e6f045d2bd44132a70b9ccd7e65d2787899785f7ee9185589136c847347142440e0a405c18ff3f31acb791a805dd281aaf97aee708dcce2f1aa53161b7716fa0978c0d02871637ad7e1af5a158b727a1dfc2ae1aafbb9c516469ee89fa0f1de23a17115ded5e9c560a468c5192943be74aeaba51083ca0379563f1fa78e29eca1eaf849cd00f419ceb59e640248c332c845e68e9a398281b962ae59aa5b18006b6ea6e0c5f1b30665e1fb975da11ed6a47bd44b4241bbf0443f178e8249805cc3f980a4bb2f46baab0a12e9e9b2aaa7e0ca22b2314a9e5ef6412f4efe31381e3d716244af3112444eabbb0c353acafc0f1179ad4c63b81e5f5bfd771591d24e5254fa72e30aa53717c24b49cee71cdd9368e207af5e992a04f06de912cfcfca38732f5c8393d466d209680ebfa5764897f04531138beff3f65691593e334c2ae2825ffa9353e8aeef37b90691ea5c78d7c86124abf6491a068bf03c3467e5e42ca4b58192d17856722207568777141ccbef3f3891708897af9c196be92056527a8da820d28dccaf4dfed4d38fb8fe826b238d31bad751631a0d8b1eabdfa7bffe65241238ff982d21b2222cdd3a536385d0ab2180ccdf4672d0b21156377fe640ee8c8744b9ba1efce91c295e83a4271a34a1f70adbc2ff0aa6ba9e1965061cadcd3d824636bbc1f977c78dde1859d752c86b099705616edf6e94523f108af79ab5073d26f3788c4d56f1b17b764c1bc387e531dab5dd71198c56b02c68552dc1098beec85dc1bbe2dde316e6093a9a33f578d789da9b2a9209ed6e73a0597bc62467afc42f0348c9b885b92f37569a953f6316d5c8b188539474da3836abeae7ec259cf8fd28f02593597e9206e05e8da4f4346aab36f179deb68a9dab9b550d6fe4f0c88563935328a699b9cbb2015be57c28beaf60be499114f04a96a2f7fb3bf3b5b31e422954c96790aa1e49c5bc1946df0df2b4be63c0aac1ddcf187714f6e67a076a823feaeba5db4a99e5f494ec939d1b0ecd23752c08c3b788704612127e7f080ef581b4990accd6dca7ce52844bc7bbc8c8752497c171d8e628c53609a920fb5a1bc740cb05e2035de72f636ef0498ed2f3cccb64d5740afbc30015442ca0511160787b2c763072c70035f7f3bbbd3966bcc80d021ce1482e27681b963a28189c2ee9d64d0622a94eac689d3fc1a4137c4d62a4c73fab4b0175a8ff8fa256118affd94aaeee33b155043f53d9e3d4eb82173df0938c6c3e51c118c1acf187c84f12090ad1dd663013e433455290f87ca88959f9f481e4dd05e6a483abe00f7c974e5ff602a7a6eaa71f8ac06c50afac0c2858b554f59bf88002766a619ae9b0864926d07b273238e1ebd456543f77ea800231dbf4479f0b90fc607", 0x1000}}, 0x1006) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x82, &(0x7f00000001c0), 0x8) ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x5c}, [@ldst={0x6}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 7.344132055s ago: executing program 5 (id=1546): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setparam(r0, &(0x7f0000000080)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xd25d5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) lstat(0x0, &(0x7f0000000340)) memfd_create(&(0x7f0000000100)=';e\x00\x00\xa4\xd8\xe0\x9c\x7f9\x8aZ]3N\xbb\xe1^\x9c\xe1\x9b6s$0Y\xf8\x90\x00\x00\x00\x00\xd2~l\xf6\x12\xde\xdd\xd5\x1d\x96\xb0a\xad\xcd\x16\xd8G\xae\xd9DZm\xabO\xad\x11%\x7f`@\x16c\xc0\xb6\x1f\xe3\x00\x1a_\xc7\xbf\xa7T\xbe\x13\x8b\xb3r\x8fL\xe6\xba\xe7\x18\xb4$BIj\xa3\xc9\xc6|\x9b\x88\xddPx\x02I\xde\xe8\xcd\x02\xc1\xedc2\x06\xcbM\xfb\x13jZ\x96\xeej\x9b\xe4XjN\xb9>\xdf3U\r \x8dh8T/h)\x90\xff\x8d\xd9\x89\xab\xf8P\xacYtk\xa3\xed\xfa*8\x13\b\xce\xf8z\xed\xadnz\x96\xa3\x9a9R\xd9]\xe11We\xfe3\xe06\x1a^\x04^\xef\xa3\x0fU\x9b1\xc6J\x83\x9d[\\a\xfd\xdc\xa1\xcd\xbe\x9b\xc5z7\xe8VP\x89\x16MK`\xe5\x137\b\x00\x00\x00\xd5\x01\xea\x98\xe6Z\x95j\xe3\x0ek>\x14\x80\rXS\xce\xf9\x0e\x89\xc4\xc6\x1bOm4Lla\r\xce\x17\xb5r&\xf3\x96\xbc\xc39\xa7\x95\xd9F\x17', 0x0) r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000002c0)={0x0}) r4 = socket(0x2000000000000021, 0x2, 0x2) shutdown(r4, 0x2) r5 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff) keyctl$clear(0x7, r5) keyctl$read(0xb, r5, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, 0x0, 0x0) sendmsg$NFT_BATCH(r6, 0x0, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x4040}, 0x0) 5.99738979s ago: executing program 6 (id=1547): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000100)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x80001, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x18, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000140)={0x8000, 0x1, 0x4}) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r4, r6, 0x0, 0x2) getsockopt$nfc_llcp(0xffffffffffffffff, 0x113, 0x4, 0x0, 0x20000024) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000040)=0x1) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYRES16, @ANYBLOB="010000000000000000003b000000080003", @ANYRES32, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8], 0x3c}}, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 5.198912064s ago: executing program 5 (id=1548): socket$inet(0x2, 0x80001, 0x84) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) sendmmsg(r0, 0x0, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x882) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) sendmsg$AUDIT_TTY_GET(r0, 0x0, 0x24000101) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) prlimit64(r1, 0xe, &(0x7f0000000140)={0x8, 0x1000008d}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000), 0x0) io_uring_enter(r2, 0x2d3e, 0x0, 0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="0f000000040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000200000000000000000818110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000009c0)={r4, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4.928307234s ago: executing program 6 (id=1549): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0xae44, 0x1) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='sched_switch\x00', r1, 0x0, 0x3a}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x1b, 0x0, @local}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') lseek(r6, 0x4, 0x0) 4.050983137s ago: executing program 5 (id=1550): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) 3.889366885s ago: executing program 5 (id=1551): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000280)={0xffffffffffffff39, 0x0, 0x0, 0xbbbbbbbb}) prlimit64(0x0, 0xe, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4030582b, &(0x7f00000001c0)={0x1100, 0x2, 0x3, 0x9}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) socket$packet(0x11, 0x3, 0x300) r2 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) creat(&(0x7f00000000c0)='./file0\x00', 0x80) ioctl$VIDIOC_S_HW_FREQ_SEEK(r2, 0x40305652, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x1, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$TIOCL_UNBLANKSCREEN(0xffffffffffffffff, 0x541c, 0x0) io_uring_setup(0x39e5, &(0x7f0000000300)={0x0, 0x1d6, 0x80, 0x3, 0x2ab}) r3 = shmget$private(0x0, 0x3000, 0x1, &(0x7f0000ffd000/0x3000)=nil) shmat(r3, &(0x7f0000ffc000/0x3000)=nil, 0x4000) shmctl$IPC_RMID(r3, 0x0) remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) 3.878488747s ago: executing program 6 (id=1552): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) gettid() r3 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fsmount(r3, 0x0, 0x0) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x9}) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000000c0)='sysfs\x00', &(0x7f0000000180)='ns/pid\x00', 0x0) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c0000000f06030000000000000000000a000008050001000700000006000b000400"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x4000) r4 = epoll_create1(0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000200)={0xa000000a}) finit_module(r5, 0x0, 0x0) 3.604906899s ago: executing program 0 (id=1553): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000300)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r2, 0x40806685, &(0x7f00000000c0)={0x1, 0x3, 0x1000, 0x18, &(0x7f0000000040)="13760989bad5d9b8ca0fc8796caa950f48fbc143b4b09022", 0x25, 0x0, &(0x7f0000000080)="ae28a3988e85210ac5a713cbfd25bf7a22d3a02176fc78ffc935f3147f943b0ecf19514a1b"}) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x107, 0x15, 0x0, 0x20000000) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x100000000000000, &(0x7f0000000200)="ee"}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000640)={0x20, 0x0, &(0x7f0000000e00)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) r6 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r7, &(0x7f0000007e40)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x5dc, @ipv4={'\x00', '\xff\xff', @multicast1=0xe0000010}}, 0x1c, 0x0}}], 0x6c00, 0x0) 2.286787515s ago: executing program 6 (id=1554): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00'}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) ioctl$TUNGETFILTER(r5, 0x801054db, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x2c) setuid(0xee00) setfsuid(0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r6) sendmsg$IEEE802154_START_REQ(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)={0x1c, r7, 0x1, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x30040844}, 0x4000018) mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='.\x00', &(0x7f0000002280)='vxfs\x00', 0x8000, 0x0) 2.126622503s ago: executing program 0 (id=1555): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000001600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000040002850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_init_net_socket$netrom(0x6, 0x5, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x10) socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c40)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = syz_open_procfs(0x0, &(0x7f0000000580)='mountinfo\x00') epoll_create1(0x0) r5 = io_uring_setup(0x203c, &(0x7f00000000c0)={0x0, 0xd4b5, 0x2, 0x3}) r6 = syz_io_uring_setup(0x6f7f, &(0x7f00000003c0)={0x0, 0xf92c, 0x10100, 0x2, 0x1df, 0x0, r4}, &(0x7f0000000300)=0x0, &(0x7f0000000040)=0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_queued\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, r8, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0xb, 0x0, {0x0, 0x0, r5}}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)) write$UHID_CREATE2(r9, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r6, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1.619746405s ago: executing program 0 (id=1556): syz_init_net_socket$ax25(0x3, 0x2, 0x3a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000340)='1', 0x1) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x1}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r3) r5 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r5, 0x88, 0x68, &(0x7f00000002c0), 0x4) sendmsg$NET_DM_CMD_STOP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r4, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x0) syz_io_uring_setup(0x4fa, &(0x7f0000000540)={0x0, 0xffffffff, 0x10100, 0x1}, &(0x7f0000000180), &(0x7f0000000240)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[], 0x30}}, 0x0) bpf$ENABLE_STATS(0x20, &(0x7f0000000040), 0x4) r6 = socket$rxrpc(0x21, 0x2, 0xa) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef) bind$rxrpc(r6, &(0x7f00000002c0)=@in6={0x21, 0xc, 0x2, 0xd, {0xa, 0x4e20, 0x6, @empty, 0x7}}, 0x24) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)=ANY=[@ANYBLOB="2800000012000101000000000001000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001f"], 0x28}}, 0x0) 1.283294463s ago: executing program 5 (id=1557): r0 = socket$can_j1939(0x1d, 0x2, 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000140), 0x1ff, 0x40000) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000001440)={0xa00000, 0x1ff, 0xc, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98091b, 0x5, '\x00', @value64=0xc}}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, 0x0, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1f, 0x2, 0x1}) setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, &(0x7f0000000580), 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) r6 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r6, 0xc0305602, &(0x7f0000000100)={0x0, 0x1, 0x2022}) 386.399738ms ago: executing program 6 (id=1558): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b"], 0xfc) bind$bt_l2cap(r4, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) symlink(&(0x7f0000000580)='.\x02/file1\x00', &(0x7f00000002c0)='.\x02\x00') open(0x0, 0x0, 0x0) r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r5, 0x402, 0x36) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x2, 0x6, 0xf9, 0x7, 0x2, 0x0, 0x0, 0x25dfdbff}, 0x10}}, 0x4004000) 179.842629ms ago: executing program 5 (id=1559): syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a3281) gettid() setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff2e) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b6a, &(0x7f0000000000)={0xfeff, 0x0, 0x3, 0x1d, 0x100, 0x0}) bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000540)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10, 0x0, 0x0, &(0x7f0000001300)}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00!', @ANYBLOB="05000000000000800000000000000500000e00000000000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000400000018000000090000000000000003b38fcbcf450000fdffffff00000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x36, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x23, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_open_dev$video4linux(0x0, 0x7, 0x0) ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r1, 0x3b71, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f00000002c0)={0x48, 0x2, r2}) 0s ago: executing program 0 (id=1560): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x401d031, 0xffffffffffffffff, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) close(r3) r4 = timerfd_create(0x0, 0x0) r5 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) timerfd_settime(r4, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xb, 0x8000000}) kernel console output (not intermixed with test programs): 477774][ T2960] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.585161][ T2960] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.648167][ T5823] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 283.658780][ T5823] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 283.669640][ T5823] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 283.681647][ T5823] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 283.691674][ T5823] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 283.700167][ T5823] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 283.771620][ T2960] bridge_slave_1: left allmulticast mode [ 283.786461][ T2960] bridge_slave_1: left promiscuous mode [ 283.792541][ T2960] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.802760][ T2960] bridge_slave_0: left allmulticast mode [ 283.825907][ T2960] bridge_slave_0: left promiscuous mode [ 283.833605][ T2960] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.774516][ T5129] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 284.799244][ T5129] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 284.818133][ T5129] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 284.841264][ T5129] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 284.849631][ T5129] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 284.857815][ T5129] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 284.987850][T10467] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 285.284135][ T2960] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 285.635041][ T2960] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 285.645303][ T2960] bond0 (unregistering): Released all slaves [ 285.870708][ T5823] Bluetooth: hci1: command tx timeout [ 286.063129][T10475] syz.5.1266: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 286.063414][T10475] CPU: 1 UID: 0 PID: 10475 Comm: syz.5.1266 Not tainted 6.13.0-rc1-syzkaller-00378-g62b5a46999c7 #0 [ 286.063439][T10475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 286.063449][T10475] Call Trace: [ 286.063455][T10475] [ 286.063463][T10475] dump_stack_lvl+0x16c/0x1f0 [ 286.063495][T10475] warn_alloc+0x24d/0x3a0 [ 286.063523][T10475] ? __pfx_warn_alloc+0x10/0x10 [ 286.063545][T10475] ? __pfx_stack_trace_save+0x10/0x10 [ 286.063582][T10475] ? kasan_save_stack+0x42/0x60 [ 286.063604][T10475] ? kasan_save_stack+0x33/0x60 [ 286.063625][T10475] ? kasan_save_track+0x14/0x30 [ 286.063645][T10475] ? __kasan_kmalloc+0xaa/0xb0 [ 286.063665][T10475] ? xskq_create+0x52/0x1d0 [ 286.063685][T10475] ? do_sock_setsockopt+0x222/0x480 [ 286.063708][T10475] ? __sys_setsockopt+0x1a0/0x230 [ 286.063727][T10475] ? __x64_sys_setsockopt+0xbd/0x160 [ 286.063752][T10475] __vmalloc_node_range_noprof+0x10df/0x1530 [ 286.063784][T10475] ? xskq_create+0xfb/0x1d0 [ 286.063811][T10475] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 286.063841][T10475] ? xskq_create+0xfb/0x1d0 [ 286.063862][T10475] vmalloc_user_noprof+0x6b/0x90 [ 286.063883][T10475] ? xskq_create+0xfb/0x1d0 [ 286.063902][T10475] xskq_create+0xfb/0x1d0 [ 286.063924][T10475] xsk_setsockopt+0x757/0xa10 [ 286.063946][T10475] ? __pfx_xsk_setsockopt+0x10/0x10 [ 286.063984][T10475] ? selinux_socket_setsockopt+0x6a/0x80 [ 286.064013][T10475] ? __pfx_xsk_setsockopt+0x10/0x10 [ 286.064036][T10475] do_sock_setsockopt+0x222/0x480 [ 286.064061][T10475] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 286.064087][T10475] ? lock_acquire+0x2f/0xb0 [ 286.064124][T10475] __sys_setsockopt+0x1a0/0x230 [ 286.064151][T10475] __x64_sys_setsockopt+0xbd/0x160 [ 286.064170][T10475] ? do_syscall_64+0x91/0x250 [ 286.064197][T10475] ? lockdep_hardirqs_on+0x7c/0x110 [ 286.064222][T10475] do_syscall_64+0xcd/0x250 [ 286.064251][T10475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.064279][T10475] RIP: 0033:0x7ff47577fed9 [ 286.064297][T10475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.064315][T10475] RSP: 002b:00007ff4765a1058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 286.064335][T10475] RAX: ffffffffffffffda RBX: 00007ff475946080 RCX: 00007ff47577fed9 [ 286.064349][T10475] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000003 [ 286.064362][T10475] RBP: 00007ff4757f3cc8 R08: 0000000000000020 R09: 0000000000000000 [ 286.064374][T10475] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 286.064387][T10475] R13: 0000000000000001 R14: 00007ff475946080 R15: 00007fffaa422588 [ 286.064414][T10475] [ 286.064423][T10475] Mem-Info: [ 286.064432][T10475] active_anon:8877 inactive_anon:0 isolated_anon:0 [ 286.064432][T10475] active_file:11551 inactive_file:38569 isolated_file:0 [ 286.064432][T10475] unevictable:768 dirty:341 writeback:0 [ 286.064432][T10475] slab_reclaimable:11666 slab_unreclaimable:107338 [ 286.064432][T10475] mapped:29807 shmem:1439 pagetables:1153 [ 286.064432][T10475] sec_pagetables:0 bounce:0 [ 286.064432][T10475] kernel_misc_reclaimable:0 [ 286.064432][T10475] free:1310892 free_pcp:553 free_cma:0 [ 286.064483][T10475] Node 0 active_anon:35508kB inactive_anon:0kB active_file:46204kB inactive_file:154204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119228kB dirty:1364kB writeback:0kB shmem:4220kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12196kB pagetables:4612kB sec_pagetables:0kB all_unreclaimable? no [ 286.064536][T10475] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 286.064586][T10475] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 286.064637][T10475] lowmem_reserve[]: 0 2459 2459 0 0 [ 286.064679][T10475] Node 0 DMA32 free:1325204kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:35508kB inactive_anon:0kB active_file:46204kB inactive_file:154104kB unevictable:1536kB writepending:1360kB present:3129332kB managed:2547168kB mlocked:0kB bounce:0kB free_pcp:2204kB local_pcp:1516kB free_cma:0kB [ 286.064746][T10475] lowmem_reserve[]: 0 0 0 0 0 [ 286.064789][T10475] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:100kB unevictable:0kB writepending:4kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 286.064844][T10475] lowmem_reserve[]: 0 0 0 0 0 [ 286.064885][T10475] Node 1 Normal free:3903004kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 286.064937][T10475] lowmem_reserve[]: 0 0 0 0 0 [ 286.064983][T10475] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 286.065175][T10475] Node 0 DMA32: 3*4kB (E) 67*8kB (ME) 137*16kB (ME) 258*32kB (M) 239*64kB (UME) 45*128kB (UM) 31*256kB (UME) 20*512kB (UME) 11*1024kB (UME) 9*2048kB (UME) 304*4096kB (UM) = 1325108kB [ 286.065356][T10475] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 286.065467][T10475] Node 1 Normal: 217*4kB (UE) 55*8kB (UME) 34*16kB (UME) 199*32kB (UME) 92*64kB (UME) 36*128kB (UME) 19*256kB (UME) 9*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 943*4096kB (M) = 3903004kB [ 286.065650][T10475] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 286.065666][T10475] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 286.065683][T10475] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 286.065699][T10475] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 286.065714][T10475] 51561 total pagecache pages [ 286.065721][T10475] 0 pages in swap cache [ 286.065729][T10475] Free swap = 124468kB [ 286.065736][T10475] Total swap = 124996kB [ 286.065745][T10475] 2097051 pages RAM [ 286.065752][T10475] 0 pages HighMem/MovableOnly [ 286.065759][T10475] 428601 pages reserved [ 286.065766][T10475] 0 pages cma reserved [ 286.571835][ T2960] hsr_slave_0: left promiscuous mode [ 286.575392][ T2960] hsr_slave_1: left promiscuous mode [ 286.590554][ T2960] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 286.590970][ T2960] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 286.596698][ T2960] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 286.596780][ T2960] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 286.687630][ T2960] veth1_macvtap: left promiscuous mode [ 286.687782][ T2960] veth0_macvtap: left promiscuous mode [ 286.687980][ T2960] veth1_vlan: left promiscuous mode [ 286.688148][ T2960] veth0_vlan: left promiscuous mode [ 287.106154][ T5823] Bluetooth: hci3: command tx timeout [ 287.497925][ C0] vkms_vblank_simulate: vblank timer overrun [ 287.601850][ C0] vkms_vblank_simulate: vblank timer overrun [ 287.668143][ C0] vkms_vblank_simulate: vblank timer overrun [ 287.695395][ C0] vkms_vblank_simulate: vblank timer overrun [ 288.195462][ T5823] Bluetooth: hci1: command tx timeout [ 289.568722][ T5823] Bluetooth: hci3: command tx timeout [ 289.854928][ T2960] team0 (unregistering): Port device team_slave_1 removed [ 289.960571][ T2960] team0 (unregistering): Port device team_slave_0 removed [ 290.405102][ T5823] Bluetooth: hci1: command tx timeout [ 290.928285][ T5867] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 291.113218][ T5867] usb 1-1: Using ep0 maxpacket: 16 [ 291.120703][ T5867] usb 1-1: config 0 has too many interfaces: 255, using maximum allowed: 32 [ 291.129891][ T5867] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 255 [ 291.140776][ T5867] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 291.156800][ T5867] usb 1-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 291.166555][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.179835][ T5867] usb 1-1: config 0 descriptor?? [ 291.785798][ T5823] Bluetooth: hci3: command tx timeout [ 292.106490][T10520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.153960][T10434] chnl_net:caif_netlink_parms(): no params data found [ 292.253512][T10520] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.281739][ T5867] wacom 0003:056A:00D0.001C: Unknown device_type for 'HID 056a:00d0'. Assuming pen. [ 292.296217][ T5867] wacom 0003:056A:00D0.001C: hidraw0: USB HID v0.36 Device [HID 056a:00d0] on usb-dummy_hcd.0-1/input0 [ 292.318939][ T5867] input: Wacom Bamboo 2FG Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:00D0.001C/input/input27 [ 292.644950][ T5823] Bluetooth: hci1: command tx timeout [ 293.339816][T10461] chnl_net:caif_netlink_parms(): no params data found [ 293.526300][ T5867] usb 1-1: USB disconnect, device number 27 [ 293.644956][T10434] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.662686][T10434] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.295967][ T5823] Bluetooth: hci3: command tx timeout [ 294.312758][T10434] bridge_slave_0: entered allmulticast mode [ 294.320711][T10434] bridge_slave_0: entered promiscuous mode [ 294.368640][T10434] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.376526][T10434] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.384235][T10434] bridge_slave_1: entered allmulticast mode [ 294.391323][T10434] bridge_slave_1: entered promiscuous mode [ 295.589732][T10434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 296.005431][T10434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 296.133836][T10461] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.178966][T10461] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.186602][T10461] bridge_slave_0: entered allmulticast mode [ 296.197265][T10461] bridge_slave_0: entered promiscuous mode [ 296.386556][T10577] virtio-fs: tag <(null)> not found [ 296.984445][T10434] team0: Port device team_slave_0 added [ 297.001976][T10434] team0: Port device team_slave_1 added [ 297.201446][ T5823] Bluetooth: hci2: command 0x040f tx timeout [ 297.450457][T10461] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.499410][T10461] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.523582][T10461] bridge_slave_1: entered allmulticast mode [ 297.530142][T10461] bridge_slave_1: entered promiscuous mode [ 297.588047][ T5867] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 298.150789][ T5867] usb 1-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 298.295346][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.358539][T10434] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 298.360971][ T5867] usb 1-1: config 0 descriptor?? [ 298.396712][T10434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.475322][T10434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 298.797376][ T5867] usb 1-1: selecting invalid altsetting 3 [ 298.824074][ T5867] comedi comedi0: could not set alternate setting 3 in high speed [ 298.848642][ T5867] usbduxsigma 1-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 298.877444][ T5867] usbduxsigma 1-1:0.0: probe with driver usbduxsigma failed with error -22 [ 299.047890][T10599] netlink: 696 bytes leftover after parsing attributes in process `syz.6.1289'. [ 299.209267][ T2960] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.252145][T10461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 299.274589][T10434] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 299.284595][T10434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.316386][T10434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 299.356590][T10461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 299.420826][ T2960] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.454814][T10461] team0: Port device team_slave_0 added [ 299.465153][T10461] team0: Port device team_slave_1 added [ 300.224679][ T5867] usb 1-1: USB disconnect, device number 28 [ 300.415016][ T2960] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.370986][T10434] hsr_slave_0: entered promiscuous mode [ 301.396058][T10434] hsr_slave_1: entered promiscuous mode [ 301.410881][T10434] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 301.431073][T10434] Cannot create hsr debugfs directory [ 301.614845][ T2960] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.639090][T10461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 301.646580][T10461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.686465][T10461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 301.734435][T10461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 301.741862][ T866] usb 1-1: new full-speed USB device number 29 using dummy_hcd [ 301.765411][T10461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.804246][T10461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 301.995584][T10461] hsr_slave_0: entered promiscuous mode [ 302.423635][T10461] hsr_slave_1: entered promiscuous mode [ 302.434313][T10461] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 302.500744][ T866] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 302.521838][ T866] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 302.531256][ T866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.536913][T10461] Cannot create hsr debugfs directory [ 302.539527][ T866] usb 1-1: Product: syz [ 302.539552][ T866] usb 1-1: Manufacturer: syz [ 302.539568][ T866] usb 1-1: SerialNumber: syz [ 302.559294][T10627] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 303.243699][ T866] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 29 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 303.307841][ T2960] bridge_slave_1: left allmulticast mode [ 303.314059][ T2960] bridge_slave_1: left promiscuous mode [ 303.321524][ T2960] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.340361][ T2960] bridge_slave_0: left allmulticast mode [ 303.346254][ T2960] bridge_slave_0: left promiscuous mode [ 303.352228][ T2960] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.585915][ T8] usb 1-1: USB disconnect, device number 29 [ 303.676206][T10627] usblp0: removed [ 303.810905][T10667] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 303.969222][ T2960] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 303.980224][ T2960] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 304.612924][ T2960] bond0 (unregistering): Released all slaves [ 304.967658][T10679] tipc: Started in network mode [ 304.975596][T10679] tipc: Node identity 4, cluster identity 4711 [ 304.982029][T10679] tipc: Node number set to 4 [ 304.986867][ T29] audit: type=1400 audit(1733697646.257:500): avc: denied { write } for pid=10682 comm="syz.0.1302" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 307.790532][ T2960] hsr_slave_0: left promiscuous mode [ 307.844996][ T2960] hsr_slave_1: left promiscuous mode [ 307.856344][ T2960] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 308.000284][ T2960] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 308.095780][ T2960] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 308.103850][ T2960] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 308.120289][ T2960] veth1_macvtap: left promiscuous mode [ 308.125975][ T2960] veth0_macvtap: left promiscuous mode [ 308.132057][ T2960] veth1_vlan: left promiscuous mode [ 308.137791][ T2960] veth0_vlan: left promiscuous mode [ 308.882547][ T29] audit: type=1400 audit(1733697649.905:501): avc: denied { watch } for pid=10717 comm="syz.6.1309" path="/109/file0" dev="tmpfs" ino=609 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 309.046308][ T29] audit: type=1400 audit(1733697649.905:502): avc: denied { watch_sb watch_reads } for pid=10717 comm="syz.6.1309" path="/109/file0" dev="tmpfs" ino=609 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 310.324108][ T29] audit: type=1804 audit(1733697651.252:503): pid=10731 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.6.1311" name="/newroot/110/bus/file0" dev="overlay" ino=624 res=1 errno=0 [ 310.972000][T10734] Process accounting resumed [ 311.076277][ T2960] team0 (unregistering): Port device team_slave_1 removed [ 311.230730][ T2960] team0 (unregistering): Port device team_slave_0 removed [ 311.677918][ T29] audit: type=1400 audit(1733697652.253:504): avc: denied { ioctl } for pid=10735 comm="syz.5.1313" path="socket:[36415]" dev="sockfs" ino=36415 ioctlcmd=0x894c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 315.136381][T10760] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1318'. [ 316.082534][T10434] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 316.172533][T10434] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 316.202635][T10434] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 316.281697][T10434] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 316.287344][T10773] random: crng reseeded on system resumption [ 316.288619][ T29] audit: type=1400 audit(1733697656.827:505): avc: denied { write } for pid=10771 comm="syz.5.1322" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 316.349003][ T29] audit: type=1400 audit(1733697656.827:506): avc: denied { open } for pid=10771 comm="syz.5.1322" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 316.690762][T10434] 8021q: adding VLAN 0 to HW filter on device bond0 [ 316.731379][T10434] 8021q: adding VLAN 0 to HW filter on device team0 [ 316.833628][T10434] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 316.844168][T10434] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 316.900224][ T2960] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.907396][ T2960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 316.919949][ T2960] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.927305][ T2960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.185474][ T29] audit: type=1400 audit(1733697657.669:507): avc: denied { append } for pid=10777 comm="syz.6.1324" name="event3" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 317.242976][T10434] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 317.337932][T10784] tipc: Started in network mode [ 317.342851][T10784] tipc: Node identity aaaaaaaaaa32, cluster identity 4711 [ 317.448224][T10784] tipc: Enabled bearer , priority 10 [ 317.547536][T10792] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input30 [ 318.397472][T10461] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 318.426318][T10461] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 318.478092][T10461] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 318.511676][T10461] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 318.582407][T10434] veth0_vlan: entered promiscuous mode [ 318.624338][T10434] veth1_vlan: entered promiscuous mode [ 318.641083][ T9] tipc: Node number set to 10005162 [ 318.773736][T10434] veth0_macvtap: entered promiscuous mode [ 318.809950][T10434] veth1_macvtap: entered promiscuous mode [ 318.949711][ T29] audit: type=1400 audit(1733697659.324:508): avc: denied { append } for pid=10815 comm="syz.6.1327" name="sg0" dev="devtmpfs" ino=743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 319.301499][T10434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.374911][T10434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.384886][T10434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.402582][T10434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.425239][T10434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.435804][T10434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.448432][T10434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.458983][T10434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.469955][T10434] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 319.488032][T10461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 319.496452][T10434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.518365][T10434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.631572][T10434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.673786][T10434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.690199][T10434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.703409][T10434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.715041][T10434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.726776][T10434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.879983][T10434] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 319.908393][T10434] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.921867][T10434] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.604585][T10434] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.613429][T10434] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.845265][T10461] 8021q: adding VLAN 0 to HW filter on device team0 [ 320.954720][ T1095] bridge0: port 1(bridge_slave_0) entered blocking state [ 320.961863][ T1095] bridge0: port 1(bridge_slave_0) entered forwarding state [ 321.133132][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.140289][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state [ 321.730437][ T9537] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.738996][ T9537] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.777490][T10461] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 321.788609][T10461] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 322.293540][ T9] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 322.304035][ T1095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 322.388884][ T1095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 322.710567][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 322.852709][T10848] serio: Serial port ptm0 [ 323.031250][ T29] audit: type=1400 audit(1733697662.823:509): avc: denied { mounton } for pid=10434 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 323.094198][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 323.152460][ T9] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 323.167694][ T9] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 323.176387][ T9] usb 1-1: Product: syz [ 323.180924][ T9] usb 1-1: Manufacturer: syz [ 323.185818][ T9] usb 1-1: SerialNumber: syz [ 323.198408][ T9] usb 1-1: config 0 descriptor?? [ 323.206176][T10835] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 323.296360][T10461] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 323.357545][T10461] veth0_vlan: entered promiscuous mode [ 323.367494][T10461] veth1_vlan: entered promiscuous mode [ 323.386196][T10461] veth0_macvtap: entered promiscuous mode [ 323.395752][T10461] veth1_macvtap: entered promiscuous mode [ 323.408920][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 323.419727][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.429872][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 323.440560][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.450613][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 323.461097][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.471151][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 323.482042][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.492276][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 323.502981][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.520219][T10461] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 323.530494][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 323.541053][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.551411][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 323.562132][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.572153][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 323.583355][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.818683][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 323.970590][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 324.010205][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 324.043996][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 324.098473][T10461] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 324.225602][ T25] usb 1-1: USB disconnect, device number 30 [ 324.253880][T10461] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.292643][T10461] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.312451][T10461] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.346330][T10461] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.548023][ T9537] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 324.585726][ T9537] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.627229][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 324.677802][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.711392][T10879] kvm: pic: non byte read [ 324.737707][ T2960] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.915500][ T2960] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.062868][ T2960] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.192673][ T2960] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.343521][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e238400: rx timeout, send abort [ 325.352134][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e238c00: rx timeout, send abort [ 325.360595][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805e238400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 325.376997][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805e238c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 325.500123][ T2960] bridge_slave_1: left allmulticast mode [ 325.511392][ T2960] bridge_slave_1: left promiscuous mode [ 325.517136][ T2960] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.531557][ T2960] bridge_slave_0: left allmulticast mode [ 325.539657][ T2960] bridge_slave_0: left promiscuous mode [ 325.570357][ T2960] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.875290][ T51] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 325.889411][ T5823] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 325.913053][ T5823] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 325.923657][ T5823] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 325.944238][ T5823] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 325.957286][ T5823] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 325.978350][ T5823] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 326.076277][ T51] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 326.099474][ T51] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 326.111654][ T51] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 326.121320][ T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.134023][ T51] usb 1-1: config 0 descriptor?? [ 326.280976][ T2960] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 326.296697][ T2960] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 326.313008][ T2960] bond0 (unregistering): Released all slaves [ 327.950320][T10959] binder: 10958:10959 ioctl c0306201 200002c0 returned -14 [ 328.205440][ T5129] Bluetooth: hci1: command tx timeout [ 329.497129][ T51] usbhid 1-1:0.0: can't add hid device: -71 [ 329.642643][ T5823] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 329.652702][ T51] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 329.663286][ T5823] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 329.674519][ T51] usb 1-1: USB disconnect, device number 31 [ 329.681194][ T5823] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 329.786894][ T5823] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 329.797878][ T5823] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 329.840833][ T5823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 330.429259][ T5823] Bluetooth: hci1: command tx timeout [ 330.438992][T10986] bridge0: port 3(erspan0) entered blocking state [ 330.446400][T10986] bridge0: port 3(erspan0) entered disabled state [ 330.453143][T10986] erspan0: entered allmulticast mode [ 330.460859][T10986] erspan0: entered promiscuous mode [ 330.472517][T10986] bridge0: port 3(erspan0) entered blocking state [ 330.479127][T10986] bridge0: port 3(erspan0) entered forwarding state [ 331.221348][T11003] netlink: 'syz.6.1346': attribute type 4 has an invalid length. [ 331.251599][ T2960] hsr_slave_0: left promiscuous mode [ 331.258830][ T2960] hsr_slave_1: left promiscuous mode [ 331.265712][ T2960] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 331.274186][ T2960] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 331.283675][ T2960] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 331.291836][ T2960] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 331.313803][ T2960] veth1_macvtap: left promiscuous mode [ 331.319620][ T2960] veth0_macvtap: left promiscuous mode [ 331.325404][ T2960] veth1_vlan: left promiscuous mode [ 331.460471][ T2960] veth0_vlan: left promiscuous mode [ 332.396394][ T5823] Bluetooth: hci3: command tx timeout [ 332.673800][T11012] ntfs3(nbd5): try to read out of volume at offset 0x0 [ 332.686388][ T5823] Bluetooth: hci1: command tx timeout [ 333.284918][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 333.291589][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 333.433912][ T29] audit: type=1326 audit(1733697672.878:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11018 comm="syz.5.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47577fed9 code=0x7ffc0000 [ 333.473296][ T29] audit: type=1326 audit(1733697672.878:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11018 comm="syz.5.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47577fed9 code=0x7ffc0000 [ 333.912089][ T29] audit: type=1326 audit(1733697672.897:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11018 comm="syz.5.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7ff47577fed9 code=0x7ffc0000 [ 333.935469][ C1] vkms_vblank_simulate: vblank timer overrun [ 333.946412][ T29] audit: type=1326 audit(1733697672.897:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11018 comm="syz.5.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47577fed9 code=0x7ffc0000 [ 333.969987][ C1] vkms_vblank_simulate: vblank timer overrun [ 333.976247][ T29] audit: type=1326 audit(1733697672.897:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11018 comm="syz.5.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47577fed9 code=0x7ffc0000 [ 334.000710][ T29] audit: type=1326 audit(1733697672.897:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11018 comm="syz.5.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7ff47577fed9 code=0x7ffc0000 [ 334.024098][ C1] vkms_vblank_simulate: vblank timer overrun [ 334.030705][ T29] audit: type=1326 audit(1733697672.897:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11018 comm="syz.5.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47577fed9 code=0x7ffc0000 [ 334.054338][ T29] audit: type=1326 audit(1733697672.897:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11018 comm="syz.5.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47577fed9 code=0x7ffc0000 [ 334.077717][ C1] vkms_vblank_simulate: vblank timer overrun [ 334.084043][ T29] audit: type=1326 audit(1733697672.906:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11018 comm="syz.5.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7ff47577fed9 code=0x7ffc0000 [ 334.107898][ T29] audit: type=1326 audit(1733697672.906:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11018 comm="syz.5.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47577fed9 code=0x7ffc0000 [ 334.131487][ C1] vkms_vblank_simulate: vblank timer overrun [ 334.793954][ T5823] Bluetooth: hci3: command tx timeout [ 334.904810][ T5823] Bluetooth: hci1: command tx timeout [ 335.566188][ T2960] team0 (unregistering): Port device team_slave_1 removed [ 335.656173][ T2960] team0 (unregistering): Port device team_slave_0 removed [ 336.916926][T10923] chnl_net:caif_netlink_parms(): no params data found [ 337.014574][ T5823] Bluetooth: hci3: command tx timeout [ 338.415061][T11057] Falling back ldisc for ttyS3. [ 338.685560][T10977] chnl_net:caif_netlink_parms(): no params data found [ 338.999935][T10923] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.007496][T10923] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.016388][T10923] bridge_slave_0: entered allmulticast mode [ 339.024078][T10923] bridge_slave_0: entered promiscuous mode [ 339.032220][T10923] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.039881][T10923] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.047468][T10923] bridge_slave_1: entered allmulticast mode [ 339.055151][T10923] bridge_slave_1: entered promiscuous mode [ 339.080278][T10923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 339.113026][T10923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 339.212543][T10923] team0: Port device team_slave_0 added [ 339.238168][ T5823] Bluetooth: hci3: command tx timeout [ 339.328929][T10923] team0: Port device team_slave_1 added [ 339.566246][T10923] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 339.576971][T10923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.609049][T10923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 339.622597][T10923] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 339.633322][T10923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.676825][T10923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 339.704190][T10977] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.717106][T10977] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.726224][T11069] loop2: detected capacity change from 0 to 7 [ 339.733949][T11069] Dev loop2: unable to read RDB block 7 [ 339.740047][T11069] loop2: unable to read partition table [ 339.746133][T11069] loop2: partition table beyond EOD, truncated [ 339.752448][T11069] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 339.806099][T10977] bridge_slave_0: entered allmulticast mode [ 339.842309][T10977] bridge_slave_0: entered promiscuous mode [ 339.862541][T10977] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.906560][T10977] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.933581][T10977] bridge_slave_1: entered allmulticast mode [ 339.940428][T10977] bridge_slave_1: entered promiscuous mode [ 340.487711][T10923] hsr_slave_0: entered promiscuous mode [ 340.566521][T10923] hsr_slave_1: entered promiscuous mode [ 340.723770][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 340.723811][ T29] audit: type=1400 audit(1733697679.688:530): avc: denied { getopt } for pid=11096 comm="syz.6.1363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 340.900774][T10923] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 341.204252][T10923] Cannot create hsr debugfs directory [ 341.425314][T11107] random: crng reseeded on system resumption [ 341.568980][T11095] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 342.025864][T11095] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 342.036866][T11095] bond0 (unregistering): Released all slaves [ 342.062932][T10977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 342.091087][T10977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 342.141355][ T2960] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.398618][ T2960] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.464684][T10977] team0: Port device team_slave_0 added [ 342.693385][T10977] team0: Port device team_slave_1 added [ 342.713610][T10977] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 343.109948][T10977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.136965][T10977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 343.194935][ T2960] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.232120][T10977] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.239394][T10977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.275074][T10977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 343.347116][ T2960] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.531391][T11131] xt_hashlimit: max too large, truncated to 1048576 [ 343.659183][T10977] hsr_slave_0: entered promiscuous mode [ 343.737376][T10977] hsr_slave_1: entered promiscuous mode [ 343.747608][T10977] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 343.771096][T10977] Cannot create hsr debugfs directory [ 345.277720][T11151] input: syz0 as /devices/virtual/input/input31 [ 345.605545][ T9] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 345.984003][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 346.003560][ T2960] bridge_slave_1: left allmulticast mode [ 346.011444][ T2960] bridge_slave_1: left promiscuous mode [ 346.017165][ T9] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 346.025390][ T9] usb 1-1: config 0 has no interface number 0 [ 346.036862][ T2960] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.044659][ T9] usb 1-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 346.080866][ T9] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 346.093317][ T2960] bridge_slave_0: left allmulticast mode [ 346.098967][ T2960] bridge_slave_0: left promiscuous mode [ 346.108006][ T2960] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.116014][ T9] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 346.150978][ T9] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 346.272577][T11166] xt_CT: You must specify a L4 protocol and not use inversions on it [ 346.681478][ T9] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 346.690021][ T9] usb 1-1: Product: syz [ 346.694210][ T9] usb 1-1: SerialNumber: syz [ 346.701055][ T9] usb 1-1: config 0 descriptor?? [ 346.707140][T11153] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 346.726202][ T9] cm109 1-1:0.8: invalid payload size 1024, expected 4 [ 346.734646][ T9] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input32 [ 346.994907][ C0] cm109 1-1:0.8: cm109_urb_irq_callback: urb status -71 [ 347.213865][ T2960] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 347.218749][ T29] audit: type=1400 audit(1733697685.768:531): avc: denied { ioctl } for pid=11152 comm="syz.0.1372" path="socket:[39744]" dev="sockfs" ino=39744 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 347.283565][ T2960] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 347.379438][ T2960] bond0 (unregistering): Released all slaves [ 348.537013][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 348.537100][ T51] usb 1-1: USB disconnect, device number 32 [ 348.544267][ C0] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 348.621251][ T51] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 348.678525][ T2960] hsr_slave_0: left promiscuous mode [ 348.684705][ T2960] hsr_slave_1: left promiscuous mode [ 348.691460][ T2960] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 348.763743][ T2960] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 348.772907][ T2960] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 348.794989][ T2960] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 348.824496][ T2960] veth1_macvtap: left promiscuous mode [ 348.830577][ T2960] veth0_macvtap: left promiscuous mode [ 348.836218][ T2960] veth1_vlan: left promiscuous mode [ 348.843644][ T2960] veth0_vlan: left promiscuous mode [ 349.433908][ T2960] team0 (unregistering): Port device team_slave_1 removed [ 349.442227][ T51] usb 1-1: new low-speed USB device number 33 using dummy_hcd [ 349.564575][ T2960] team0 (unregistering): Port device team_slave_0 removed [ 349.641732][ T51] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 349.657976][ T51] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 349.668626][ T51] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10 [ 349.694230][ T51] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 349.704613][ T51] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 349.725655][ T51] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 349.735253][ T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.900428][ T51] usb 1-1: config 0 descriptor?? [ 349.908563][T11179] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 350.258956][ T9] hid (null): unknown global tag 0x3c [ 350.270533][ T9] hid-generic 0000:80000001:0040.001D: unknown main item tag 0x5 [ 350.290064][ T9] hid-generic 0000:80000001:0040.001D: unknown main item tag 0x1 [ 350.304570][ T9] hid-generic 0000:80000001:0040.001D: unknown main item tag 0x0 [ 350.334429][ T9] hid-generic 0000:80000001:0040.001D: unknown main item tag 0x1 [ 350.390055][ T9] hid-generic 0000:80000001:0040.001D: unexpected long global item [ 350.411966][ T9] hid-generic 0000:80000001:0040.001D: probe with driver hid-generic failed with error -22 [ 350.607502][T11182] bond0: (slave bond_slave_0): Releasing backup interface [ 350.839890][ T9] usb 1-1: USB disconnect, device number 33 [ 350.904648][T10923] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 350.945560][T10923] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 350.992942][ T29] audit: type=1400 audit(1733697689.285:532): avc: denied { setattr } for pid=11193 comm="syz.6.1384" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 351.307490][T10923] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 351.346337][T10923] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 351.755862][T10923] 8021q: adding VLAN 0 to HW filter on device bond0 [ 351.776691][T10923] 8021q: adding VLAN 0 to HW filter on device team0 [ 351.808644][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.816040][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 351.852624][T11214] VFS: could not find a valid V7 on nullb0. [ 352.581361][T11215] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1386'. [ 352.911894][ T2960] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.919156][ T2960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 352.968720][T10923] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 352.979442][T10923] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 354.096046][T10977] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 354.223314][T10977] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 354.256935][T10923] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 354.285226][T10977] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 354.905852][T10977] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 355.220117][T11262] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1393'. [ 356.055527][T11262] slcan: can't register candev [ 356.060548][T11262] Falling back ldisc for ttyS3. [ 356.319303][T10977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 356.343618][T10977] 8021q: adding VLAN 0 to HW filter on device team0 [ 356.369183][ T2960] bridge0: port 1(bridge_slave_0) entered blocking state [ 356.376364][ T2960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 356.771971][ T2960] bridge0: port 2(bridge_slave_1) entered blocking state [ 356.779111][ T2960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 356.779168][ T29] audit: type=1400 audit(1733697694.701:533): avc: denied { bind } for pid=11271 comm="syz.5.1396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 356.838182][ T29] audit: type=1400 audit(1733697694.701:534): avc: denied { connect } for pid=11271 comm="syz.5.1396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 356.874572][T10923] veth0_vlan: entered promiscuous mode [ 356.918440][T10977] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 356.940034][T10977] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 356.979177][T11272] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1396'. [ 356.991786][T10923] veth1_vlan: entered promiscuous mode [ 357.068530][T10923] veth0_macvtap: entered promiscuous mode [ 357.080780][ T29] audit: type=1400 audit(1733697694.991:535): avc: denied { write } for pid=11271 comm="syz.5.1396" path="socket:[40357]" dev="sockfs" ino=40357 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 357.121114][T10923] veth1_macvtap: entered promiscuous mode [ 357.136482][ T29] audit: type=1400 audit(1733697694.991:536): avc: denied { nlmsg_read } for pid=11271 comm="syz.5.1396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 357.157510][ C1] vkms_vblank_simulate: vblank timer overrun [ 357.193882][T10923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 357.210349][T10923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.221009][T10923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 357.252792][T10923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.295211][T10923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 357.322753][T10923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.355345][T10923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 357.383752][T10923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.422573][T10923] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 357.457655][T10923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.519833][T10923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.556835][T10923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.657920][T10923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.736169][T10923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.747130][T10923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.757489][T10923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.775604][T10923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.797451][T10923] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 358.474125][ T29] audit: type=1400 audit(1733697695.889:537): avc: denied { write } for pid=11302 comm="syz.5.1398" path="socket:[40394]" dev="sockfs" ino=40394 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 358.603526][T10977] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 358.648633][T10923] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.658653][T10923] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.674356][T10923] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.683156][T10923] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.817314][T10977] veth0_vlan: entered promiscuous mode [ 358.830717][T10977] veth1_vlan: entered promiscuous mode [ 358.871034][ T866] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 358.958876][T11314] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1400'. [ 358.971305][T11314] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1400'. [ 359.102847][ T866] usb 1-1: Using ep0 maxpacket: 16 [ 359.137484][ T866] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 359.159175][ T866] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 359.203308][ T866] usb 1-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=9a.1d [ 359.209620][T10977] veth0_macvtap: entered promiscuous mode [ 359.250672][ T866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.253993][T10977] veth1_macvtap: entered promiscuous mode [ 359.307122][ T866] usb 1-1: Product: syz [ 359.319691][ T866] usb 1-1: Manufacturer: syz [ 359.324329][ T866] usb 1-1: SerialNumber: syz [ 359.330509][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.357851][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.375667][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.380625][ T866] usb 1-1: config 0 descriptor?? [ 359.397444][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.422116][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.447315][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.471774][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.495967][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.506378][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.574468][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.589530][T11330] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1401'. [ 359.906320][T10977] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 360.113244][ T2960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 360.125835][ T2960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 360.229090][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 360.242144][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.266222][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 360.279763][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.408858][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 360.503162][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.579261][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 360.607604][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.659419][T10977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 360.679913][T10977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.709986][ T5867] usb 1-1: USB disconnect, device number 34 [ 360.722489][T11340] netlink: 13 bytes leftover after parsing attributes in process `syz.6.1402'. [ 360.750206][T10977] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 360.765976][T10977] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.776390][T10977] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.838535][T10977] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.850265][T10977] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.048384][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 361.065454][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 361.330665][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 361.348932][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 361.569502][ T1095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 361.590479][ T1095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 361.650725][ T29] audit: type=1400 audit(1733697699.266:538): avc: denied { read } for pid=11357 comm="syz.5.1405" lport=33881 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 362.065316][ T9532] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.079906][T11365] binder: 11355:11365 ioctl 4018620d 0 returned -22 [ 362.316834][ T9532] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.609383][ T9532] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.761598][ T9532] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.043457][ T9532] bridge_slave_1: left allmulticast mode [ 363.053267][ T9532] bridge_slave_1: left promiscuous mode [ 363.064525][ T9532] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.081259][ T9532] bridge_slave_0: left allmulticast mode [ 363.092148][ T9532] bridge_slave_0: left promiscuous mode [ 363.097937][ T9532] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.181567][ T5129] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 363.207875][ T5129] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 363.223180][ T5129] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 363.248536][ T5129] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 363.273126][ T5129] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 363.297710][ T5129] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 363.559628][ T9532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 363.573419][ T9532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 363.583050][ T9532] bond0 (unregistering): Released all slaves [ 363.869984][ T9532] hsr_slave_0: left promiscuous mode [ 363.883680][ T9532] hsr_slave_1: left promiscuous mode [ 363.897305][ T9532] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 363.907082][ T9532] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 363.915855][ T9532] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 363.924237][ T9532] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 364.194307][ T9532] veth1_macvtap: left promiscuous mode [ 364.200104][ T9532] veth0_macvtap: left promiscuous mode [ 365.227865][ T9532] veth1_vlan: left promiscuous mode [ 365.233384][ T9532] veth0_vlan: left promiscuous mode [ 365.494752][T11410] hub 2-0:1.0: USB hub found [ 365.502054][T11410] hub 2-0:1.0: 1 port detected [ 365.527846][ T5129] Bluetooth: hci1: command tx timeout [ 365.819357][ T5823] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 365.829672][ T5823] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 365.839901][ T5823] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 365.858657][ T5823] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 365.868638][ T5823] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 365.878415][ T5823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 366.060160][T11422] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 367.438035][ T29] audit: type=1400 audit(1733697704.663:539): avc: denied { read } for pid=11431 comm="syz.6.1413" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 367.638892][ T9532] team0 (unregistering): Port device team_slave_1 removed [ 367.689807][ T9532] team0 (unregistering): Port device team_slave_0 removed [ 367.724823][ T5823] Bluetooth: hci1: command tx timeout [ 368.065390][ T5823] Bluetooth: hci3: command tx timeout [ 368.239367][T11382] chnl_net:caif_netlink_parms(): no params data found [ 368.350602][T11432] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 368.365915][T11432] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 368.396728][T11432] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 368.450733][T11432] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 368.475414][T11432] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 368.498149][T11432] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 368.504999][T11432] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 368.786190][T11432] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 369.040762][T11382] bridge0: port 1(bridge_slave_0) entered blocking state [ 369.058543][T11382] bridge0: port 1(bridge_slave_0) entered disabled state [ 369.086523][T11382] bridge_slave_0: entered allmulticast mode [ 369.119253][T11382] bridge_slave_0: entered promiscuous mode [ 369.155913][T11382] bridge0: port 2(bridge_slave_1) entered blocking state [ 369.186945][T11382] bridge0: port 2(bridge_slave_1) entered disabled state [ 369.200353][T11382] bridge_slave_1: entered allmulticast mode [ 369.207456][T11382] bridge_slave_1: entered promiscuous mode [ 370.385452][T11382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 370.399897][ T29] audit: type=1400 audit(1733697707.441:540): avc: denied { bind } for pid=11450 comm="syz.0.1415" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 370.402185][T11382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 370.454840][ T5129] Bluetooth: hci2: command 0x040f tx timeout [ 370.508866][T11382] team0: Port device team_slave_0 added [ 370.515389][T11419] chnl_net:caif_netlink_parms(): no params data found [ 370.541237][T11382] team0: Port device team_slave_1 added [ 370.544078][ T5129] Bluetooth: hci1: command 0x0419 tx timeout [ 370.564049][ T9] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 370.632808][ T9532] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.852316][T11482] o2cb: This node has not been configured. [ 370.858397][T11482] o2cb: Cluster check failed. Fix errors before retrying. [ 370.865619][T11482] (syz.6.1420,11482,1):user_dlm_register:674 ERROR: status = -22 [ 370.873437][T11482] (syz.6.1420,11482,1):dlmfs_mkdir:436 ERROR: Error -22 could not register domain "bus" [ 371.363449][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 371.394145][ T5129] Bluetooth: hci3: command 0x040f tx timeout [ 371.454975][ T9532] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.459873][ T29] audit: type=1400 audit(1733697707.862:541): avc: denied { write } for pid=11473 comm="syz.6.1420" name="/" dev="ocfs2_dlmfs" ino=41812 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 371.484828][ T9] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 371.488898][ T29] audit: type=1400 audit(1733697707.862:542): avc: denied { add_name } for pid=11473 comm="syz.6.1420" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 371.503702][ T9] usb 6-1: config 0 has no interface number 0 [ 371.517586][ T29] audit: type=1400 audit(1733697707.862:543): avc: denied { create } for pid=11473 comm="syz.6.1420" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 371.517623][ T29] audit: type=1400 audit(1733697707.872:544): avc: denied { associate } for pid=11473 comm="syz.6.1420" name="bus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 371.687535][ T9] usb 6-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x4F, changing to 0xF [ 371.847705][ T9] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0xF has invalid maxpacket 31896, setting to 1024 [ 371.859453][ T9] usb 6-1: config 0 interface 8 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 371.937091][ T9] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 371.946702][ T9] usb 6-1: New USB device strings: Mfr=0, Product=8, SerialNumber=3 [ 371.948302][T11382] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 371.971452][ T9] usb 6-1: Product: syz [ 371.983535][ T9] usb 6-1: SerialNumber: syz [ 371.990513][T11382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 371.995665][ T9] usb 6-1: config 0 descriptor?? [ 372.026056][T11382] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 372.213624][T11459] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 372.223568][ T9] usbhid 6-1:0.8: couldn't find an input interrupt endpoint [ 372.401206][ T9532] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.417482][T11382] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 372.679515][ T5129] Bluetooth: hci2: command 0x040f tx timeout [ 372.764400][ T5129] Bluetooth: hci1: command 0x0419 tx timeout [ 373.124734][T11382] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 373.138274][ T9] usb 6-1: USB disconnect, device number 19 [ 373.174033][T11382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 373.522915][T11419] bridge0: port 1(bridge_slave_0) entered blocking state [ 373.550231][T11419] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.650851][ T5129] Bluetooth: hci3: command 0x040f tx timeout [ 373.651065][T11419] bridge_slave_0: entered allmulticast mode [ 374.267012][T11419] bridge_slave_0: entered promiscuous mode [ 374.311433][ T29] audit: type=1400 audit(1733697710.603:545): avc: denied { mounton } for pid=11498 comm="syz.6.1424" path="/153/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 374.533190][ T9532] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.635492][T11419] bridge0: port 2(bridge_slave_1) entered blocking state [ 374.644866][T11419] bridge0: port 2(bridge_slave_1) entered disabled state [ 374.714413][T11419] bridge_slave_1: entered allmulticast mode [ 374.836257][T11419] bridge_slave_1: entered promiscuous mode [ 374.973922][T11507] block nbd0: NBD_DISCONNECT [ 374.988462][ T5129] Bluetooth: hci1: command 0x0419 tx timeout [ 375.202074][T11382] hsr_slave_0: entered promiscuous mode [ 375.208561][T11382] hsr_slave_1: entered promiscuous mode [ 375.221111][T11382] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 375.232942][T11382] Cannot create hsr debugfs directory [ 375.241456][T11419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 375.275043][T11419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 375.333557][ T29] audit: type=1400 audit(1733697712.062:546): avc: denied { setopt } for pid=11511 comm="syz.0.1428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 375.373300][T11512] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1428'. [ 375.379623][T11419] team0: Port device team_slave_0 added [ 375.407427][T11419] team0: Port device team_slave_1 added [ 375.508802][T11419] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 375.519647][T11419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 375.546297][T11419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 375.605356][T11419] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 375.619531][T11419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 375.665577][T11419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 375.853531][ T5129] Bluetooth: hci3: command 0x040f tx timeout [ 375.906068][ T9532] bridge_slave_1: left allmulticast mode [ 375.921376][ T9532] bridge_slave_1: left promiscuous mode [ 375.946058][ T9532] bridge0: port 2(bridge_slave_1) entered disabled state [ 375.988131][ T9532] bridge_slave_0: left allmulticast mode [ 376.006902][ T9532] bridge_slave_0: left promiscuous mode [ 376.012886][ T9532] bridge0: port 1(bridge_slave_0) entered disabled state [ 377.801473][ T5129] Bluetooth: hci1: command 0x0419 tx timeout [ 378.024619][ T29] audit: type=1400 audit(1733697714.513:547): avc: denied { setopt } for pid=11544 comm="syz.6.1433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 378.118813][ T5129] Bluetooth: hci3: command 0x040f tx timeout [ 378.216696][ T51] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 378.424506][ T51] usb 6-1: Using ep0 maxpacket: 8 [ 378.442639][ T51] usb 6-1: config index 0 descriptor too short (expected 6427, got 27) [ 378.450955][ T51] usb 6-1: config 0 has an invalid interface number: 21 but max is 0 [ 378.515486][ T51] usb 6-1: config 0 has no interface number 0 [ 378.521765][ T51] usb 6-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 378.543665][ T51] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 378.555278][ T51] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 378.570228][ T51] usb 6-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 378.596110][ T51] usb 6-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0 [ 378.604778][ T51] usb 6-1: Product: syz [ 378.609046][ T51] usb 6-1: Manufacturer: syz [ 378.620464][ T51] usb 6-1: config 0 descriptor?? [ 378.778459][ T9532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 378.791138][ T9532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 378.821408][ T9532] bond0 (unregistering): Released all slaves [ 378.868256][ T866] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 379.062064][ T866] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 379.114746][ T866] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 379.116689][T11419] hsr_slave_0: entered promiscuous mode [ 379.124634][ T866] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 379.167665][ T866] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 379.177222][T11419] hsr_slave_1: entered promiscuous mode [ 379.189148][ T866] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.208206][ T866] usb 7-1: config 0 descriptor?? [ 379.213398][T11419] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 379.230340][T11419] Cannot create hsr debugfs directory [ 379.772981][ T51] usb 6-1: USB disconnect, device number 20 [ 379.930260][T11561] can0: slcan on ptm0. [ 380.129929][ T29] audit: type=1400 audit(1733697716.524:548): avc: denied { mount } for pid=11564 comm="syz.0.1438" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 380.169387][T11561] can0 (unregistered): slcan off ptm0. [ 380.293579][ T5129] Bluetooth: hci3: command 0x040f tx timeout [ 380.476995][ T9532] hsr_slave_0: left promiscuous mode [ 380.538464][ T9532] hsr_slave_1: left promiscuous mode [ 380.568706][ T9532] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 380.626056][ T9532] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 380.654704][ T9532] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 380.675841][ T9532] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 380.680079][ T866] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 380.691253][ T866] plantronics 0003:047F:FFFF.001E: No inputs registered, leaving [ 380.706330][ T866] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 380.734763][ T9532] veth1_macvtap: left promiscuous mode [ 380.742657][ T9532] veth0_macvtap: left promiscuous mode [ 380.748691][ T9532] veth1_vlan: left promiscuous mode [ 380.761067][ T9532] veth0_vlan: left promiscuous mode [ 380.910377][ T29] audit: type=1400 audit(1733697717.263:549): avc: denied { unmount } for pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 381.231007][ T5855] usb 1-1: new full-speed USB device number 35 using dummy_hcd [ 381.461645][T11574] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 381.490586][ T29] audit: type=1400 audit(1733697717.778:550): avc: denied { read append } for pid=11570 comm="syz.5.1440" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 381.711136][ T29] audit: type=1400 audit(1733697717.778:551): avc: denied { open } for pid=11570 comm="syz.5.1440" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 381.865068][ T5864] usb 7-1: USB disconnect, device number 15 [ 381.889521][ T5855] usb 1-1: config 1 interface 0 has no altsetting 0 [ 381.917761][ T5855] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 381.943555][ T5855] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.952795][ T5855] usb 1-1: Product: syz [ 381.965070][ T5855] usb 1-1: Manufacturer: syz [ 381.983027][ T5855] usb 1-1: SerialNumber: syz [ 382.390593][ T9532] team0 (unregistering): Port device team_slave_1 removed [ 382.990058][ T9532] team0 (unregistering): Port device team_slave_0 removed [ 383.305558][ T5855] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 35 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 385.370291][ T5855] usb 1-1: USB disconnect, device number 35 [ 385.389557][ T5855] usblp0: removed [ 385.423613][T11382] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 385.588198][T11382] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 385.901282][ T3537] Bluetooth: hci5: Frame reassembly failed (-84) [ 386.083627][T11382] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 386.147025][T11382] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 386.383230][T11382] 8021q: adding VLAN 0 to HW filter on device bond0 [ 386.435370][T11382] 8021q: adding VLAN 0 to HW filter on device team0 [ 386.461794][ T9077] bridge0: port 1(bridge_slave_0) entered blocking state [ 386.468986][ T9077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 386.554001][ T6397] bridge0: port 2(bridge_slave_1) entered blocking state [ 386.561369][ T6397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 386.757734][T11419] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 386.818564][ T5855] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 386.834431][T11419] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 386.856503][T11419] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 386.880147][T11419] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 386.998552][ T5855] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 387.019272][T11382] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 387.023718][ T5855] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.065082][ T5855] usb 7-1: Product: syz [ 387.077094][ T5855] usb 7-1: Manufacturer: syz [ 387.099639][ T5855] usb 7-1: SerialNumber: syz [ 387.131602][ T5855] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 387.148851][ T5864] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 387.170279][T11419] 8021q: adding VLAN 0 to HW filter on device bond0 [ 387.223442][T11419] 8021q: adding VLAN 0 to HW filter on device team0 [ 387.274087][ T9077] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.281238][ T9077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 387.300235][ T9077] bridge0: port 2(bridge_slave_1) entered blocking state [ 387.307464][ T9077] bridge0: port 2(bridge_slave_1) entered forwarding state [ 387.412180][T11419] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 387.675569][T11632] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 387.734405][T11382] veth0_vlan: entered promiscuous mode [ 387.783173][T11602] netlink: 'syz.6.1448': attribute type 4 has an invalid length. [ 387.840306][T11382] veth1_vlan: entered promiscuous mode [ 387.887464][T11633] netlink: 'syz.6.1448': attribute type 4 has an invalid length. [ 387.989830][ T5129] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 388.338463][ T5864] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 388.400000][ T5864] ath9k_htc: Failed to initialize the device [ 388.425152][T11382] veth0_macvtap: entered promiscuous mode [ 388.460849][T11382] veth1_macvtap: entered promiscuous mode [ 388.477270][ T5864] usb 7-1: ath9k_htc: USB layer deinitialized [ 388.505807][T11382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 388.525239][T11382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 388.536984][T11382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 388.548150][T11382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 388.626278][T11382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 388.658768][T11382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 388.683266][T11382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 388.694617][T11382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 388.709151][T11382] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 389.623381][T11382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 389.637029][T11382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 389.647879][T11382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 389.670687][ T866] usb 7-1: USB disconnect, device number 16 [ 389.759847][T11382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 389.770281][T11382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 389.780935][T11382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 389.815385][T11382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 389.828164][T11382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 389.893438][T11382] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 389.980804][T11382] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.019597][T11382] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.034689][T11382] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.051243][T11382] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.161411][T11419] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 390.306646][T11419] veth0_vlan: entered promiscuous mode [ 390.324572][ T9537] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 390.342319][ T9537] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 390.418233][T11419] veth1_vlan: entered promiscuous mode [ 390.424384][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 390.508947][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 390.546072][T11419] veth0_macvtap: entered promiscuous mode [ 391.319980][T11419] veth1_macvtap: entered promiscuous mode [ 391.626994][T11419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 391.637724][T11419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.647666][T11419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 391.658411][T11419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.668702][T11419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 391.718505][T11419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.730549][T11419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 391.741261][T11419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.751347][T11419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 391.761879][T11419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.780008][T11419] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 391.933377][T11419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 391.946876][T11419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.970662][T11419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 392.119264][T11419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.129798][T11419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 392.205313][T11686] trusted_key: encrypted_key: insufficient parameters specified [ 392.792711][T11419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.792735][T11419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 392.792750][T11419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.792770][T11419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 392.792782][T11419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.793607][T11419] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 392.942806][T11419] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.952221][T11419] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.961224][T11419] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.971063][T11419] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.182166][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 393.221642][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 393.820876][ T62] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 393.922738][ T51] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 393.992828][ T9537] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.007545][ T9537] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.098501][ T51] usb 6-1: Using ep0 maxpacket: 16 [ 394.110916][ T62] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.123150][ T51] usb 6-1: config 0 has too many interfaces: 255, using maximum allowed: 32 [ 394.134360][ T51] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 394.144674][ T51] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 255 [ 394.157392][ T51] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 394.171278][ T51] usb 6-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 394.192564][ T51] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.239732][ T51] usb 6-1: config 0 descriptor?? [ 394.267091][ T62] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.270188][ T51] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 394.396952][ T62] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.607242][ T62] bridge_slave_1: left allmulticast mode [ 394.613063][ T62] bridge_slave_1: left promiscuous mode [ 394.619841][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.632856][ T62] bridge_slave_0: left allmulticast mode [ 394.662097][ T62] bridge_slave_0: left promiscuous mode [ 394.669416][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 395.328578][ T29] audit: type=1400 audit(1733697730.583:552): avc: denied { getopt } for pid=11738 comm="syz.6.1459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 397.510022][ T5129] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 397.522121][ T5129] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 397.532744][ T5129] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 397.615813][T11764] input: syz0 as /devices/virtual/input/input34 [ 398.134803][ T5821] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 398.145483][ T5821] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 398.164206][ T5821] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 398.173995][T11767] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 398.181579][ T5821] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 398.189223][ T5821] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 398.233485][T11767] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 398.253643][ T5864] usb 6-1: USB disconnect, device number 21 [ 398.269849][T11767] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 398.287422][T11767] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 398.624911][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 398.637455][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 398.648468][ T62] bond0 (unregistering): Released all slaves [ 399.063749][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 399.071791][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 399.783776][T11806] fuse: Unknown parameter 'group_i00000000000000000000' [ 399.947219][T11808] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 400.602713][ T5129] Bluetooth: hci1: command tx timeout [ 400.609565][ T5129] Bluetooth: hci3: command tx timeout [ 400.669451][T11761] chnl_net:caif_netlink_parms(): no params data found [ 401.329195][ T62] hsr_slave_0: left promiscuous mode [ 401.445029][ T62] hsr_slave_1: left promiscuous mode [ 401.471127][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 401.478748][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 401.718826][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 401.967273][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 402.504456][ T62] veth1_macvtap: left promiscuous mode [ 402.525930][T11830] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1470'. [ 402.535412][ T62] veth0_macvtap: left promiscuous mode [ 402.553461][ T62] veth1_vlan: left promiscuous mode [ 402.571108][ T62] veth0_vlan: left promiscuous mode [ 402.784143][T11767] Bluetooth: hci3: command tx timeout [ 402.790411][ T5129] Bluetooth: hci1: command tx timeout [ 403.365707][ T62] team0 (unregistering): Port device team_slave_1 removed [ 403.432906][ T62] team0 (unregistering): Port device team_slave_0 removed [ 404.983283][T11759] chnl_net:caif_netlink_parms(): no params data found [ 405.114445][T11767] Bluetooth: hci3: command tx timeout [ 405.120007][T11767] Bluetooth: hci1: command tx timeout [ 405.894069][T11856] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1475'. [ 406.431814][T11761] bridge0: port 1(bridge_slave_0) entered blocking state [ 406.440044][T11761] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.447796][T11761] bridge_slave_0: entered allmulticast mode [ 406.469388][T11761] bridge_slave_0: entered promiscuous mode [ 406.519443][T11761] bridge0: port 2(bridge_slave_1) entered blocking state [ 406.561018][T11761] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.575808][T11761] bridge_slave_1: entered allmulticast mode [ 406.598000][T11761] bridge_slave_1: entered promiscuous mode [ 406.838761][T11761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 407.102138][ T29] audit: type=1326 audit(1733697741.761:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11860 comm="syz.6.1476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b317fed9 code=0x7ffc0000 [ 407.137161][T11761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 407.198342][ T29] audit: type=1326 audit(1733697741.780:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11860 comm="syz.6.1476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b317fed9 code=0x7ffc0000 [ 407.252521][T11759] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.269430][T11759] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.285891][ T29] audit: type=1400 audit(1733697741.958:555): avc: denied { create } for pid=11867 comm="syz.5.1478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 407.290082][T11759] bridge_slave_0: entered allmulticast mode [ 407.417949][ T5823] Bluetooth: hci3: command tx timeout [ 407.428583][ T5823] Bluetooth: hci1: command tx timeout [ 407.470234][ T29] audit: type=1400 audit(1733697741.976:556): avc: denied { connect } for pid=11867 comm="syz.5.1478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 407.670278][T11759] bridge_slave_0: entered promiscuous mode [ 407.676916][ T29] audit: type=1400 audit(1733697742.154:557): avc: denied { listen } for pid=11867 comm="syz.5.1478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 407.708812][T11759] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.750344][T11759] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.762431][T11759] bridge_slave_1: entered allmulticast mode [ 407.815898][T11759] bridge_slave_1: entered promiscuous mode [ 407.896252][T11761] team0: Port device team_slave_0 added [ 407.904098][ T5867] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 407.943694][T11761] team0: Port device team_slave_1 added [ 408.044955][T11759] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 408.075808][ T5867] usb 6-1: Using ep0 maxpacket: 8 [ 408.089114][T11759] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 408.109235][ T5867] usb 6-1: config 0 has no interfaces? [ 408.114791][ T5867] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 408.126698][T11761] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 408.149890][T11761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 408.192922][ T5867] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.214846][ T5867] usb 6-1: config 0 descriptor?? [ 408.265760][T11761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 408.478195][ T62] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.539967][ T29] audit: type=1400 audit(1733697743.118:558): avc: denied { read } for pid=11867 comm="syz.5.1478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 408.569300][ T866] usb 6-1: USB disconnect, device number 22 [ 408.607694][T11761] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 408.641664][T11761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 408.705785][T11761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 408.798467][T11759] team0: Port device team_slave_0 added [ 408.813418][T11759] team0: Port device team_slave_1 added [ 408.981596][ T62] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.744919][T11761] hsr_slave_0: entered promiscuous mode [ 409.760510][T11761] hsr_slave_1: entered promiscuous mode [ 409.771622][T11761] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 409.785801][T11761] Cannot create hsr debugfs directory [ 409.874350][ T62] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.956227][T11759] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 409.972064][T11759] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 409.998383][T11759] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 410.226214][T11759] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 410.295350][T11759] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 410.532907][T11759] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 410.594764][ T62] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.973411][ T866] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 411.207505][ T866] usb 7-1: Using ep0 maxpacket: 8 [ 411.217716][ T866] usb 7-1: config 0 has an invalid interface number: 224 but max is 0 [ 411.334977][ T866] usb 7-1: config 0 has no interface number 0 [ 411.388439][ T29] audit: type=1400 audit(1733697745.783:559): avc: denied { map } for pid=11912 comm="syz.0.1484" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 411.407842][ T866] usb 7-1: New USB device found, idVendor=0abf, idProduct=3370, bcdDevice= 3.0e [ 411.468864][ T866] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.493996][ T866] usb 7-1: config 0 descriptor?? [ 411.651955][ T29] audit: type=1400 audit(1733697745.783:560): avc: denied { execute } for pid=11912 comm="syz.0.1484" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 411.900818][T11759] hsr_slave_0: entered promiscuous mode [ 411.931197][T11759] hsr_slave_1: entered promiscuous mode [ 411.957298][ T5867] hid-generic 000F:0008:0F34.001F: unknown main item tag 0x5 [ 411.966121][T11759] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 411.973997][ T5867] hid-generic 000F:0008:0F34.001F: unknown main item tag 0x3 [ 412.106133][T11759] Cannot create hsr debugfs directory [ 412.138984][T11905] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1483'. [ 412.141046][ T5867] hid-generic 000F:0008:0F34.001F: unknown main item tag 0x4 [ 412.325240][T11925] ntfs3(nbd5): try to read out of volume at offset 0x0 [ 413.134752][ T5867] hid-generic 000F:0008:0F34.001F: unknown main item tag 0x1 [ 413.591545][ T5867] hid-generic 000F:0008:0F34.001F: hidraw0: HID vab.67 Device [syz0] on syz0 [ 413.869310][ T29] audit: type=1400 audit(1733697748.085:561): avc: denied { write } for pid=11929 comm="syz.5.1486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 414.063901][ T29] audit: type=1400 audit(1733697748.197:562): avc: denied { create } for pid=11929 comm="syz.5.1486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 414.492417][ T866] usb 7-1: USB disconnect, device number 17 [ 414.733911][T11940] input: syz0 as /devices/virtual/input/input35 [ 414.992289][ T866] IPVS: starting estimator thread 0... [ 415.089750][T11943] IPVS: using max 26 ests per chain, 62400 per kthread [ 415.299716][ T29] audit: type=1400 audit(1733697749.450:563): avc: denied { ioctl } for pid=11939 comm="syz.5.1488" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 415.906533][ T62] bridge_slave_1: left allmulticast mode [ 415.917100][ T62] bridge_slave_1: left promiscuous mode [ 415.926453][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.005393][ T29] audit: type=1400 audit(1733697750.947:564): avc: denied { read write } for pid=11950 comm="syz.0.1490" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 417.030670][ T29] audit: type=1400 audit(1733697750.956:565): avc: denied { open } for pid=11950 comm="syz.0.1490" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 417.056122][ T62] bridge_slave_0: left allmulticast mode [ 417.062031][ T62] bridge_slave_0: left promiscuous mode [ 417.091471][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 419.367440][T11980] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1495'. [ 420.522186][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 420.539265][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 420.549175][ T62] bond0 (unregistering): Released all slaves [ 420.579660][T11980] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1495'. [ 421.338104][ T62] hsr_slave_0: left promiscuous mode [ 421.652437][ T62] hsr_slave_1: left promiscuous mode [ 421.742513][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 421.815059][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 421.938188][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 421.975664][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 422.075765][ T62] veth1_macvtap: left promiscuous mode [ 422.112657][ T62] veth0_macvtap: left promiscuous mode [ 422.132583][ T62] veth1_vlan: left promiscuous mode [ 422.165365][ T62] veth0_vlan: left promiscuous mode [ 424.295819][T12018] syz.6.1501 (12018): drop_caches: 2 [ 425.661798][ T62] team0 (unregistering): Port device team_slave_1 removed [ 425.745328][ T62] team0 (unregistering): Port device team_slave_0 removed [ 426.049604][T12041] Falling back ldisc for ptm0. [ 427.024513][T12054] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 429.671517][ T29] audit: type=1400 audit(1733697762.892:566): avc: denied { accept } for pid=12077 comm="syz.5.1514" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 430.456484][ T29] audit: type=1400 audit(1733697763.135:567): avc: denied { connect } for pid=12085 comm="syz.5.1516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 430.476338][ T29] audit: type=1400 audit(1733697763.135:568): avc: denied { write } for pid=12085 comm="syz.5.1516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 430.707204][ T5895] usb 6-1: new full-speed USB device number 23 using dummy_hcd [ 430.894191][ T5895] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 431.025086][ T5895] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 431.165053][ T5895] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 431.175643][ T5895] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.186167][ T5895] usb 6-1: config 0 descriptor?? [ 431.193808][ T5895] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 431.209119][ T5895] dvb-usb: bulk message failed: -22 (3/0) [ 431.231666][ T5895] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 431.260629][ T5895] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 431.283127][ T5895] usb 6-1: media controller created [ 431.308902][ T5895] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 431.365072][ T5895] dvb-usb: bulk message failed: -22 (6/0) [ 431.383934][ T5895] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 431.404044][T11761] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 431.405516][ T5895] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input36 [ 431.427045][T12087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 431.453017][T12087] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 431.457785][T11761] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 431.462448][ T5895] dvb-usb: schedule remote query interval to 150 msecs. [ 431.488524][ T5895] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 431.502163][ T5895] usb 6-1: USB disconnect, device number 23 [ 431.518502][T11761] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 431.564492][T11761] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 431.588386][ T5895] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 431.715531][T11759] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 431.729033][T11759] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 431.756303][T11759] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 431.774917][T11759] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 431.906763][T11761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 431.960328][T11761] 8021q: adding VLAN 0 to HW filter on device team0 [ 431.995934][ T3537] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.003413][ T3537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 432.029801][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state [ 432.036984][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state [ 432.091512][T11759] 8021q: adding VLAN 0 to HW filter on device bond0 [ 432.171907][T11759] 8021q: adding VLAN 0 to HW filter on device team0 [ 432.517604][ T6397] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.524814][ T6397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 432.624900][ T6397] bridge0: port 2(bridge_slave_1) entered blocking state [ 432.632313][ T6397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 432.999894][T11761] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 433.156962][T11761] veth0_vlan: entered promiscuous mode [ 433.203222][T11761] veth1_vlan: entered promiscuous mode [ 433.230165][T11761] veth0_macvtap: entered promiscuous mode [ 433.239481][T11761] veth1_macvtap: entered promiscuous mode [ 433.301621][T11761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 433.312224][T11761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.322348][T11761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 433.333408][T11761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.343405][T11761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 433.353962][T11761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.364015][T11761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 433.374693][T11761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.386401][T11761] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 433.404408][T11759] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 433.422656][T11761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 433.433323][T11761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.443373][T11761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 433.454057][T11761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.464112][T11761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 433.475966][T11761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.486998][T11761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 433.498008][T11761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 433.509824][T11761] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 433.553916][T11761] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.573223][T11761] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.591837][T11761] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.618714][T11761] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.335140][ T9532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 434.343609][ T9532] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 434.588084][ T9] usb 6-1: new full-speed USB device number 24 using dummy_hcd [ 435.192222][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 435.211063][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 435.497041][ T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 435.801516][ T9] usb 6-1: New USB device found, idVendor=0c10, idProduct=0000, bcdDevice=c8.43 [ 435.810711][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.849241][ T9] usb 6-1: Product: syz [ 435.853545][ T9] usb 6-1: Manufacturer: syz [ 435.881465][ T9] usb 6-1: SerialNumber: syz [ 435.970936][ T9] usb 6-1: config 0 descriptor?? [ 436.453374][T11759] veth0_vlan: entered promiscuous mode [ 436.464746][T11759] veth1_vlan: entered promiscuous mode [ 436.499235][T11759] veth0_macvtap: entered promiscuous mode [ 436.520372][T11759] veth1_macvtap: entered promiscuous mode [ 436.570803][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.587861][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.598353][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.609618][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.619863][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.630999][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.668706][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.715427][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.725559][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.737454][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.592800][T11759] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 437.603873][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 437.615379][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.635639][ T6639] usb 6-1: USB disconnect, device number 24 [ 437.663832][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 437.688116][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.698214][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 437.708821][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.718921][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 437.729722][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.748298][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 437.760524][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.781212][T11759] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 437.920867][T11759] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.944919][T11759] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.960513][T11759] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.248441][T11759] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.777092][ T3537] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 438.794584][ T3537] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 439.212439][ T6397] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 439.629019][ T6397] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 440.459926][ T9532] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.468838][T12239] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1533'. [ 440.500746][T12239] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1533'. [ 440.526167][T12239] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1533'. [ 440.558611][T12239] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1533'. [ 440.614265][ T9532] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.755553][ T9532] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.880605][ T9532] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.067825][ T9532] bridge_slave_1: left allmulticast mode [ 441.073639][ T9532] bridge_slave_1: left promiscuous mode [ 441.081867][ T9532] bridge0: port 2(bridge_slave_1) entered disabled state [ 441.090748][ T9532] bridge_slave_0: left allmulticast mode [ 441.096711][ T9532] bridge_slave_0: left promiscuous mode [ 441.142888][ T9532] bridge0: port 1(bridge_slave_0) entered disabled state [ 441.247236][ T5823] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 441.257691][ T5823] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 441.268712][ T5823] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 441.296398][ T5823] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 441.307621][ T5823] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 441.319090][ T5823] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 441.705377][ T9532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 441.717006][ T9532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 441.728387][ T9532] bond0 (unregistering): Released all slaves [ 442.023231][T12243] chnl_net:caif_netlink_parms(): no params data found [ 442.095496][ T9532] hsr_slave_0: left promiscuous mode [ 442.101965][ T9532] hsr_slave_1: left promiscuous mode [ 442.116049][ T9532] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 442.123626][ T9532] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 442.138765][ T9532] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 442.146717][ T9532] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 442.160839][ T9532] veth1_macvtap: left promiscuous mode [ 442.166403][ T9532] veth0_macvtap: left promiscuous mode [ 442.172309][ T9532] veth1_vlan: left promiscuous mode [ 442.177616][ T9532] veth0_vlan: left promiscuous mode [ 443.565931][T12278] syz.0.1535 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 443.751024][T11767] Bluetooth: hci1: command tx timeout [ 445.235254][ T5823] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 445.299943][ T5823] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 445.367279][ T5823] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 445.485843][ T5823] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 445.498049][ T5823] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 445.582889][ T5823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 445.863541][ T29] audit: type=1400 audit(1733697778.036:569): avc: denied { bind } for pid=12288 comm="syz.5.1539" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 446.573277][ T5823] Bluetooth: hci1: command tx timeout [ 447.086069][T12294] tty tty30: ldisc open failed (-12), clearing slot 29 [ 447.331440][ T9532] team0 (unregistering): Port device team_slave_1 removed [ 447.383237][ T9532] team0 (unregistering): Port device team_slave_0 removed [ 447.986136][T11767] Bluetooth: hci2: unexpected event for opcode 0x1001 [ 448.796467][T11767] Bluetooth: hci1: command tx timeout [ 448.831698][T12297] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1539'. [ 448.897902][T12305] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1541'. [ 448.918769][T12299] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1541'. [ 449.055407][T12243] bridge0: port 1(bridge_slave_0) entered blocking state [ 449.083579][T12243] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.137810][T12243] bridge_slave_0: entered allmulticast mode [ 449.153495][T12243] bridge_slave_0: entered promiscuous mode [ 449.161668][T12243] bridge0: port 2(bridge_slave_1) entered blocking state [ 449.169072][T12243] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.176486][T12243] bridge_slave_1: entered allmulticast mode [ 449.183235][T12243] bridge_slave_1: entered promiscuous mode [ 449.311132][T11767] Bluetooth: hci3: command tx timeout [ 449.342349][T12243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 449.354013][T12243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 449.499087][T12243] team0: Port device team_slave_0 added [ 449.536022][T12243] team0: Port device team_slave_1 added [ 449.692631][T12243] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 449.811338][T12243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 450.302062][T12243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 450.317077][T12243] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 450.339240][T12243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 450.365627][ C0] vkms_vblank_simulate: vblank timer overrun [ 450.430954][T12243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 450.623359][T12284] chnl_net:caif_netlink_parms(): no params data found [ 451.019248][T11767] Bluetooth: hci1: command tx timeout [ 451.465873][ T29] audit: type=1400 audit(1733697783.265:570): avc: denied { shutdown } for pid=12337 comm="syz.5.1546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 451.587431][T11767] Bluetooth: hci3: command tx timeout [ 452.058963][T12243] hsr_slave_0: entered promiscuous mode [ 452.263240][T12352] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 452.784635][T12243] hsr_slave_1: entered promiscuous mode [ 452.799349][T12243] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 452.815582][T12243] Cannot create hsr debugfs directory [ 452.959115][ T9532] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.093404][ T9532] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.836899][ T5129] Bluetooth: hci3: command tx timeout [ 453.896221][T12284] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.903464][T12284] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.917505][T12284] bridge_slave_0: entered allmulticast mode [ 453.938000][T12284] bridge_slave_0: entered promiscuous mode [ 454.013897][ T9532] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.041661][T12284] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.088316][T12284] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.126560][T12284] bridge_slave_1: entered allmulticast mode [ 454.133548][T12284] bridge_slave_1: entered promiscuous mode [ 454.454557][ T29] audit: type=1400 audit(1733697786.052:571): avc: denied { mount } for pid=12369 comm="syz.6.1552" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 454.885031][ T9532] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.959320][T12384] binder: 12379:12384 ioctl 4018620d 0 returned -22 [ 455.855160][T12284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 455.949488][T12284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 455.961730][ T29] audit: type=1400 audit(1733697787.446:572): avc: denied { sqpoll } for pid=12388 comm="syz.0.1555" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 456.075948][ T5129] Bluetooth: hci3: command tx timeout [ 456.279971][T12397] syz.6.1554: attempt to access beyond end of device [ 456.279971][T12397] nbd6: rw=0, sector=2, nr_sectors = 2 limit=0 [ 456.294669][T12397] syz.6.1554: attempt to access beyond end of device [ 456.294669][T12397] nbd6: rw=0, sector=16, nr_sectors = 2 limit=0 [ 456.773696][T12284] team0: Port device team_slave_0 added [ 457.695450][T12284] team0: Port device team_slave_1 added [ 458.144216][ T9532] bridge_slave_1: left allmulticast mode [ 458.150218][ T9532] bridge_slave_1: left promiscuous mode [ 458.162975][ T9532] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.434318][T12417] 9pnet_fd: Insufficient options for proto=fd [ 570.764585][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 570.771664][ C1] rcu: 0-...!: (25 ticks this GP) idle=555c/1/0x4000000000000000 softirq=66479/66512 fqs=0 [ 570.783168][ C1] rcu: (detected by 1, t=10506 jiffies, g=52825, q=131 ncpus=2) [ 570.790939][ C1] Sending NMI from CPU 1 to CPUs 0: [ 570.790966][ C0] NMI backtrace for cpu 0 [ 570.790974][ C0] CPU: 0 UID: 0 PID: 12416 Comm: syz.0.1560 Not tainted 6.13.0-rc1-syzkaller-00378-g62b5a46999c7 #0 [ 570.790990][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 570.791003][ C0] RIP: 0010:kasan_check_range+0x10e/0x1a0 [ 570.791027][ C0] Code: 00 7c 0b 44 89 c2 e8 e1 ea ff ff 83 f0 01 5b 5d 41 5c c3 cc cc cc cc 48 85 d2 74 4f 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 41 <80> 38 00 74 f2 eb b2 41 bc 08 00 00 00 45 29 dc 49 8d 14 2c eb 0c [ 570.791039][ C0] RSP: 0018:ffffc90000007d78 EFLAGS: 00000086 [ 570.791051][ C0] RAX: ffffed10170c5940 RBX: ffffed10170c5941 RCX: ffffffff8177272e [ 570.791059][ C0] RDX: ffffed10170c5941 RSI: 0000000000000004 RDI: ffff8880b862ca00 [ 570.791067][ C0] RBP: ffffed10170c5940 R08: 0000000000000001 R09: ffffed10170c5940 [ 570.791076][ C0] R10: ffff8880b862ca03 R11: 0000000000000001 R12: ffff8880b862ca08 [ 570.791084][ C0] R13: ffff8880b862ca10 R14: ffff8880b862ca00 R15: ffffffff8941ef70 [ 570.791092][ C0] FS: 00007f929b9e56c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 570.791107][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 570.791115][ C0] CR2: 0000001b2f118ff8 CR3: 0000000029612000 CR4: 00000000003526f0 [ 570.791124][ C0] DR0: 0000000000000000 DR1: 0000000000000097 DR2: 0000000000000000 [ 570.791131][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 570.791139][ C0] Call Trace: [ 570.791145][ C0] [ 570.791152][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 570.791169][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 570.791183][ C0] ? nmi_handle+0x1ac/0x5d0 [ 570.791198][ C0] ? kasan_check_range+0x10e/0x1a0 [ 570.791216][ C0] ? default_do_nmi+0x6a/0x160 [ 570.791229][ C0] ? exc_nmi+0x170/0x1e0 [ 570.791242][ C0] ? end_repeat_nmi+0xf/0x53 [ 570.791260][ C0] ? __pfx_advance_sched+0x10/0x10 [ 570.791277][ C0] ? do_raw_spin_lock+0x11e/0x2c0 [ 570.791296][ C0] ? kasan_check_range+0x10e/0x1a0 [ 570.791314][ C0] ? kasan_check_range+0x10e/0x1a0 [ 570.791331][ C0] ? kasan_check_range+0x10e/0x1a0 [ 570.791349][ C0] [ 570.791353][ C0] [ 570.791358][ C0] do_raw_spin_lock+0x11e/0x2c0 [ 570.791375][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 570.791398][ C0] ? lock_acquire+0x2f/0xb0 [ 570.791411][ C0] ? __hrtimer_run_queues+0x2be/0xae0 [ 570.791430][ C0] __hrtimer_run_queues+0x2be/0xae0 [ 570.791450][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 570.791466][ C0] ? read_tsc+0x9/0x20 [ 570.791486][ C0] hrtimer_interrupt+0x392/0x8e0 [ 570.791507][ C0] __sysvec_apic_timer_interrupt+0x10f/0x400 [ 570.791524][ C0] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 570.791540][ C0] [ 570.791544][ C0] [ 570.791549][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 570.791567][ C0] RIP: 0010:pid_vnr+0xa8/0x220 [ 570.791587][ C0] Code: 04 49 8d 44 24 0e 48 c1 e0 04 48 8d 7c 03 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 53 01 00 00 <49> c1 e4 04 49 8b 9c 1c e8 00 00 00 e8 07 e3 35 00 48 85 ed 0f 84 [ 570.791599][ C0] RSP: 0018:ffffc900035b7808 EFLAGS: 00000246 [ 570.791611][ C0] RAX: dffffc0000000000 RBX: ffff8880121bedc0 RCX: ffffc9000e610000 [ 570.791620][ C0] RDX: 1ffff11002437dd7 RSI: ffffffff816422cd RDI: ffff8880121beeb8 [ 570.791628][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 570.791636][ C0] R10: ffffc900035b7938 R11: 0000000000000001 R12: 0000000000000001 [ 570.791645][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888025496028 [ 570.791657][ C0] ? pid_vnr+0x4d/0x220 [ 570.791676][ C0] ? pid_vnr+0x4d/0x220 [ 570.791693][ C0] __unix_dgram_recvmsg+0x5ef/0xe50 [ 570.791715][ C0] ? __pfx___unix_dgram_recvmsg+0x10/0x10 [ 570.791733][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 570.791751][ C0] ? find_held_lock+0x2d/0x110 [ 570.791770][ C0] ? __might_fault+0x13b/0x190 [ 570.791789][ C0] unix_dgram_recvmsg+0xd0/0x110 [ 570.791807][ C0] ____sys_recvmsg+0x5f8/0x6b0 [ 570.791826][ C0] ? __pfx_____sys_recvmsg+0x10/0x10 [ 570.791846][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 570.791861][ C0] ___sys_recvmsg+0x115/0x1a0 [ 570.791874][ C0] ? __pfx____sys_recvmsg+0x10/0x10 [ 570.791887][ C0] ? find_held_lock+0x2d/0x110 [ 570.791909][ C0] ? __pfx___might_resched+0x10/0x10 [ 570.791924][ C0] ? __might_fault+0xe3/0x190 [ 570.791941][ C0] do_recvmmsg+0x2f8/0x740 [ 570.791956][ C0] ? __pfx_do_recvmmsg+0x10/0x10 [ 570.791969][ C0] ? __pfx_lock_release+0x10/0x10 [ 570.791983][ C0] ? do_futex+0x123/0x350 [ 570.792005][ C0] ? __x64_sys_futex+0x1e1/0x4c0 [ 570.792018][ C0] __x64_sys_recvmmsg+0x239/0x290 [ 570.792032][ C0] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 570.792048][ C0] do_syscall_64+0xcd/0x250 [ 570.792065][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.792082][ C0] RIP: 0033:0x7f929ab7fed9 [ 570.792093][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 570.792104][ C0] RSP: 002b:00007f929b9e5058 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 570.792115][ C0] RAX: ffffffffffffffda RBX: 00007f929ad46080 RCX: 00007f929ab7fed9 [ 570.792124][ C0] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000003 [ 570.792132][ C0] RBP: 00007f929abf3cc8 R08: 0000000000000000 R09: 0000000000000000 [ 570.792140][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 570.792148][ C0] R13: 0000000000000000 R14: 00007f929ad46080 R15: 00007fff4d569f88 [ 570.792160][ C0] [ 570.792961][ C1] rcu: rcu_preempt kthread starved for 10506 jiffies! g52825 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 571.358613][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 571.369159][ C1] rcu: RCU grace-period kthread stack dump: [ 571.375240][ C1] task:rcu_preempt state:R running task stack:27104 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 571.387187][ C1] Call Trace: [ 571.390500][ C1] [ 571.393556][ C1] __schedule+0xe58/0x5ad0 [ 571.398019][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 571.403514][ C1] ? __pfx___schedule+0x10/0x10 [ 571.408380][ C1] ? schedule+0x298/0x350 [ 571.412751][ C1] ? __pfx_lock_release+0x10/0x10 [ 571.417793][ C1] ? lock_acquire+0x2f/0xb0 [ 571.422406][ C1] ? schedule+0x1fd/0x350 [ 571.426755][ C1] schedule+0xe7/0x350 [ 571.431037][ C1] schedule_timeout+0x124/0x280 [ 571.436034][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 571.441588][ C1] ? __pfx_process_timeout+0x10/0x10 [ 571.447054][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 571.452998][ C1] ? prepare_to_swait_event+0xf3/0x470 [ 571.458826][ C1] rcu_gp_fqs_loop+0x1eb/0xb00 [ 571.463652][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 571.468970][ C1] ? rcu_gp_init+0xc82/0x1630 [ 571.473941][ C1] ? lock_acquire+0x2f/0xb0 [ 571.479100][ C1] ? finish_swait+0xc5/0x280 [ 571.483833][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 571.489686][ C1] rcu_gp_kthread+0x271/0x380 [ 571.494424][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 571.499825][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 571.505144][ C1] ? __kthread_parkme+0x148/0x220 [ 571.510201][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 571.515447][ C1] kthread+0x2c1/0x3a0 [ 571.519533][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 571.524757][ C1] ? __pfx_kthread+0x10/0x10 [ 571.529727][ C1] ret_from_fork+0x45/0x80 [ 571.534193][ C1] ? __pfx_kthread+0x10/0x10 [ 571.538834][ C1] ret_from_fork_asm+0x1a/0x30 [ 571.543664][ C1] [ 571.546701][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 571.553049][ C1] CPU: 1 UID: 0 PID: 62 Comm: kworker/u8:4 Not tainted 6.13.0-rc1-syzkaller-00378-g62b5a46999c7 #0 [ 571.563946][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 571.574054][ C1] Workqueue: events_unbound toggle_allocation_gate [ 571.580618][ C1] RIP: 0010:smp_call_function_many_cond+0x475/0x1300 [ 571.587306][ C1] Code: 49 01 c4 83 c5 03 e8 aa 0d 0c 00 f3 90 41 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31 ff 83 e0 01 41 89 c5 <89> c6 e8 c4 0f 0c 00 45 85 ed 75 d0 e8 7a 0d 0c 00 e8 75 0d 0c 00 [ 571.607027][ C1] RSP: 0018:ffffc9000213f998 EFLAGS: 00000202 [ 571.613129][ C1] RAX: 0000000000000001 RBX: ffff8880b86469c0 RCX: ffffffff818df8bc [ 571.621209][ C1] RDX: ffff88801cba8000 RSI: ffffffff818df896 RDI: 0000000000000000 [ 571.629337][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 571.637315][ C1] R10: 0000000000000001 R11: 0000000000000006 R12: ffffed10170c8d39 [ 571.645719][ C1] R13: 0000000000000001 R14: ffff8880b86469c8 R15: ffff8880b873fe40 [ 571.654500][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 571.663665][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 571.670586][ C1] CR2: 0000001b2f0f6ff8 CR3: 000000000df7e000 CR4: 00000000003526f0 [ 571.678675][ C1] DR0: fffffffffffffffe DR1: 0000000000000000 DR2: 0000000080000000 [ 571.686690][ C1] DR3: 0000000020000004 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 571.695056][ C1] Call Trace: [ 571.698439][ C1] [ 571.701336][ C1] ? rcu_check_gp_kthread_starvation+0x31b/0x450 [ 571.707884][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 571.713317][ C1] ? rcu_sched_clock_irq+0x247a/0x3310 [ 571.718806][ C1] ? timekeeping_advance+0x70a/0xa60 [ 571.724216][ C1] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 571.729965][ C1] ? __asan_memcpy+0x3c/0x60 [ 571.734594][ C1] ? rcu_is_watching+0x12/0xc0 [ 571.739382][ C1] ? update_process_times+0x178/0x2d0 [ 571.744790][ C1] ? __pfx_update_process_times+0x10/0x10 [ 571.750634][ C1] ? update_wall_time+0x1c/0x40 [ 571.755511][ C1] ? tick_nohz_handler+0x376/0x530 [ 571.760650][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 571.766132][ C1] ? __hrtimer_run_queues+0x5fb/0xae0 [ 571.771567][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 571.777323][ C1] ? read_tsc+0x9/0x20 [ 571.781437][ C1] ? hrtimer_interrupt+0x392/0x8e0 [ 571.786685][ C1] ? __sysvec_apic_timer_interrupt+0x10f/0x400 [ 571.792896][ C1] ? sysvec_apic_timer_interrupt+0x9f/0xc0 [ 571.798829][ C1] [ 571.801781][ C1] [ 571.804738][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 571.811453][ C1] ? smp_call_function_many_cond+0x47c/0x1300 [ 571.817543][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 571.823740][ C1] ? smp_call_function_many_cond+0x475/0x1300 [ 571.829839][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 571.835911][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 571.840964][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 571.846041][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 571.851271][ C1] text_poke_bp_batch+0x22b/0x760 [ 571.856341][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 571.862035][ C1] ? __jump_label_patch+0x1db/0x400 [ 571.867260][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 571.873516][ C1] text_poke_finish+0x30/0x40 [ 571.878213][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 571.884202][ C1] jump_label_update+0x1d7/0x400 [ 571.889190][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 571.895129][ C1] static_key_enable+0x1a/0x20 [ 571.899941][ C1] toggle_allocation_gate+0xfc/0x260 [ 571.905423][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 571.911340][ C1] ? trace_lock_acquire+0x14e/0x1f0 [ 571.916559][ C1] ? process_one_work+0x921/0x1ba0 [ 571.922041][ C1] ? lock_acquire+0x2f/0xb0 [ 571.926749][ C1] ? process_one_work+0x921/0x1ba0 [ 571.931904][ C1] process_one_work+0x9c5/0x1ba0 [ 571.936964][ C1] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 571.943223][ C1] ? __pfx_process_one_work+0x10/0x10 [ 571.948617][ C1] ? rcu_is_watching+0x12/0xc0 [ 571.953601][ C1] ? assign_work+0x1a0/0x250 [ 571.958234][ C1] worker_thread+0x6c8/0xf00 [ 571.962859][ C1] ? __pfx_worker_thread+0x10/0x10 [ 571.967997][ C1] kthread+0x2c1/0x3a0 [ 571.972161][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 571.977361][ C1] ? __pfx_kthread+0x10/0x10 [ 571.981984][ C1] ret_from_fork+0x45/0x80 [ 571.986408][ C1] ? __pfx_kthread+0x10/0x10 [ 571.991013][ C1] ret_from_fork_asm+0x1a/0x30 [ 571.995801][ C1]