last executing test programs: 1m37.718579216s ago: executing program 3 (id=971): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) pipe(0x0) io_setup(0x9, &(0x7f0000000400)) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000600)=0x6) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000003c0)="386d178529a39dea18dd3f87d7a5", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000100)={0x0, @in6={{0xa, 0x0, 0x0, @dev}}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbaa5]}, &(0x7f0000000000)=0x100) r1 = socket$inet(0x2, 0x3, 0x33) getsockopt$inet_mreqsrc(r1, 0x0, 0x41, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f00000004c0)=0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x3, 0x200, 0x2, 0xae, 0x400, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x2, 0x0, @void, @value, @void, @value}, 0x48) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={0x0, 0x38}}, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000340), 0x400000, 0x0) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000500)={0x7, 0x81, 0x0, 0xf9}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb01001800000000000000740000007400000008000000000000000000000300000000028000000200000000000000000000000000000105000000080000000000000001000005000000000000000001000000000000000100000005000006040000000b000000f7ffffff07000000ff070000200000000080000006000000050000000d000000050b00000000302e3e5f0000"], 0x0, 0x94, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000"], &(0x7f0000002040)=""/4099, 0x26, 0x1003, 0x1, 0x0, 0x0, @void, @value}, 0x20) syz_clone(0x80000000, &(0x7f0000000080)="bfd0c67fc21a71ed2447fff8e2de76fff17818c7ec5b0ac815042df68427070ee7b059267eed9dfc13cd0635fd0460", 0x2f, &(0x7f0000000200), &(0x7f0000000480), &(0x7f00000007c0)="8480ff37a7e2c702940615dcbdf2d1fc4c6c371860e3cf114a96d40b885328317b98f04a56cf5c659a1c75d5598507ed765d2adfd008e8517bdc1808161dcec5cfb0323e2b1e50bbf99a0a193f7ea156aec5fea0cb890b52257f9120f0200a959006ad5b40b1d42ab7dd7752a1fe20378fc5796f4a5af27be75cb3e133cf53adc3d472cc14bc0ec596a6ddba89373ed7b1e2560b1c09aff3730c3791053c6dc24b2fce165ba86737b75de80ffc8f") ioperm(0x0, 0x0, 0x7) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x80000000, 0xfffffffffffffffc) 1m36.731758096s ago: executing program 3 (id=972): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000003c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, r4}) ioctl$PTP_PIN_SETFUNC(r1, 0x40603d07, &(0x7f0000000100)) r5 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r5, 0x1, 0x1e, &(0x7f0000caaffb), 0x0) r6 = socket$key(0xf, 0x3, 0x2) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) shmat(0x0, &(0x7f0000fa4000/0x4000)=nil, 0x6000) sendmsg$key(r6, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x2, 0x3, 0x0, 0x9, 0x9, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_key={0x2, 0x8, 0x8, 0x0, '4'}]}, 0x48}, 0x1, 0x7}, 0x0) socket$igmp(0x2, 0x3, 0x2) r7 = dup(0xffffffffffffffff) write$cgroup_pid(r7, &(0x7f0000000000)=0xffffffffffffffff, 0x12) 1m36.070401575s ago: executing program 3 (id=974): socket$nl_route(0x10, 0x3, 0x0) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) socket$inet6(0xa, 0x4, 0x800) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='veno\x00', 0x5) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r1, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0x46, 0x407006}, 0x104) mkdir(&(0x7f00000004c0)='./bus\x00', 0x5) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x400, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r3, r2, 0x0) 1m32.378604431s ago: executing program 3 (id=975): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f0000000000)={r4, @in={{0x2, 0x0, @empty}}, 0x0, 0x7ffe}, 0x90) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000340)={r4, @in={{0x2, 0x13, @empty}}, 0x0, 0xfffe, 0x4, 0x0, 0x2c}, 0x9c) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_io_uring_setup(0x34b6, &(0x7f0000000180)={0x0, 0x0, 0x30c0}, &(0x7f0000000100), &(0x7f0000000140)) r7 = epoll_create(0xaf2) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r6, 0xc, 0x0, 0x0) epoll_pwait2(r7, &(0x7f0000000240)=[{}], 0x1, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000080)) r8 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x18, r8, 0x300, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x240048c0) syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) 1m30.158180876s ago: executing program 3 (id=977): socket$nl_generic(0x10, 0x3, 0x10) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x0) socket$can_raw(0x1d, 0x3, 0x1) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r1, &(0x7f0000000300)='1\x00', 0xffffff4a) write$sysctl(r1, &(0x7f0000000000)='2\x00', 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r2 = syz_open_dev$media(&(0x7f0000000400), 0x0, 0x0) ioctl$MEDIA_IOC_G_TOPOLOGY(r2, 0xc0487c04, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000003080)=[{}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) writev(0xffffffffffffffff, &(0x7f00000010c0)=[{&(0x7f0000000140)="5832b113e20ef2a80611015dcbbee21557854650d326be5e8c0d83738ce384b49d9991faffff8e53f45df0cec25e27881102cf5c68593321686ac36cc5fcb40e1125043c5431b3a0238681ad4a26ca97480df472394905de8138b03661c3fc1d30261919fb44cc1b36cd9eacefdc0ded22040405444f6954425df6c27e0dc9b64de842204b8e9320b8a37e1a860b6edad92345a123148643a89a87c23693dedbfa0a8a7d629f621c78482700ae60c5b2508e5f", 0xb3}], 0x1) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) 1m23.814411114s ago: executing program 3 (id=981): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000003c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, r6}) ioctl$PTP_PIN_SETFUNC(r3, 0x40603d07, &(0x7f0000000100)) r7 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r7, 0x1, 0x1e, &(0x7f0000caaffb), 0x0) r8 = socket$key(0xf, 0x3, 0x2) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) shmat(0x0, &(0x7f0000fa4000/0x4000)=nil, 0x6000) sendmsg$key(r8, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x2, 0x3, 0x0, 0x9, 0x9, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_key={0x2, 0x8, 0x8, 0x0, '4'}]}, 0x48}, 0x1, 0x7}, 0x0) socket$igmp(0x2, 0x3, 0x2) r9 = dup(0xffffffffffffffff) write$cgroup_pid(r9, &(0x7f0000000000)=0xffffffffffffffff, 0x12) 17.571606494s ago: executing program 1 (id=1064): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) fadvise64(r0, 0x0, 0x2, 0x0) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x0, 0x1) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = fsopen(&(0x7f0000000380)='rpc_pipefs\x00', 0x0) r4 = fsopen(&(0x7f0000000380)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x8, 0x0, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x0, 0x0, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000400000000000000125eb7e5002a", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 17.218038476s ago: executing program 2 (id=1066): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) sendfile(0xffffffffffffffff, r0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f00000000c0)={'wg0\x00', 0x0}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', r4, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) bpf$PROG_LOAD(0x5, 0x0, 0x54) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000003000/0x1000)=nil, 0x1000, 0x0) ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6) r5 = socket$inet6(0xa, 0x2, 0x3a) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e21, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0904000000000000000002000000400004803c0001800e000100696d6d656469617465000000280002801c000280180002800900020073797a320000000008000180fffffffc08000140000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x94}}, 0x0) 15.624819018s ago: executing program 2 (id=1069): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140)) syz_open_dev$vim2m(0x0, 0x7, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000080000000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_open_dev$vim2m(&(0x7f0000000440), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x4}) ioctl$vim2m_VIDIOC_EXPBUF(r1, 0xc0405668, &(0x7f00000004c0)={0x0, 0x3, 0x2}) 15.222362267s ago: executing program 2 (id=1070): syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_setup(0x15ccd, &(0x7f0000000440)={0x0, 0x0, 0x80, 0xfffffff6, 0xc6}, &(0x7f0000000240), &(0x7f0000000140)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='f2fs_file_write_iter\x00', r0}, 0x66) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)=ANY=[@ANYBLOB='T\x00', @ANYBLOB="fa7f0000000000000002001c9fda594786a3a754f3eec550cbdca9468a498b64efc7e553593db23f86b50c37fe0920ece76afecfea8005b4f2578eab5daf4e3cb8fd7f07c3000000000000000000000000f492793852f8b1466c8722f5f687ce026177c9f716bd6485ee69b73a720fd4467d7e57d35622254434b86250ae5a6f7bbfa4122711d6d1135dda20d27cb1a8d7ed3ebbcb6b", @ANYRES32=r3, @ANYBLOB], 0x54}}, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000080)={0xf0f040, 0x4}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = socket(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000240)={'macvlan0\x00', 0x0}) setsockopt$MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000000)={0x4, 0x0, 0x0, r7}, 0xc) setsockopt$MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x0, 0x0, r7}, 0xc) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc1004111, &(0x7f0000000440)={0x9, [0x4, 0x5, 0x1c5], [{0xd0, 0x9, 0x0, 0x1, 0x0, 0x1}, {0x1, 0xd, 0x1, 0x1, 0x1}, {0x5, 0x6, 0x0, 0x0, 0x1}, {0x0, 0x7, 0x1}, {0xf, 0x800, 0x1}, {0x4d37, 0x400, 0x0, 0x0, 0x1, 0x1}, {0x8, 0x400, 0x0, 0x1}, {0x500, 0x8}, {0x8001, 0x7, 0x0, 0x0, 0x1, 0x1}, {0x6, 0x7}, {0x5, 0x3, 0x1, 0x0, 0x1, 0x1}, {0x0, 0x1, 0x0, 0x1, 0x0, 0x1}], 0x8}) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r8 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x10, 0xffffffffffffffff, 0x0) 14.959586016s ago: executing program 1 (id=1071): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x0, 0x2}) openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000), 0x0) listen(r1, 0xfffffffc) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)}, &(0x7f00000002c0)=0x10) getpid() pipe2$9p(&(0x7f0000000240), 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCGPTLCK(r3, 0x5420, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000440)={0x2, &(0x7f0000000040)=[{0x81}, {0x6}]}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x1) r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40) r6 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r7, 0x0, 0x80, &(0x7f0000000300)=@nat={'nat\x00', 0x19, 0x5, 0x146, [], 0x0, 0x0, 0x0}, 0x1be) syz_usb_control_io(r6, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$SG_IO(r5, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffc, 0x6, 0x0, @scatter={0x2, 0x3, &(0x7f0000000540)=[{&(0x7f0000000380)=""/204, 0xcc}, {0x0}]}, &(0x7f0000000240)="008d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0}) 12.475464549s ago: executing program 0 (id=1073): socket$inet6_sctp(0xa, 0x801, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sysvipc/shm\x00', 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mmap(&(0x7f00005a3000/0x2000)=nil, 0x2000, 0x0, 0x8010, r1, 0x74f5000) r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f00000000c0), 0x12) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWRULE={0x24, 0x6, 0xa, 0x409, 0x0, 0x0, {}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x4c}}, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000140)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x0) sendfile(r5, r6, 0x0, 0x3c) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/syz0\x00', 0x1ff) pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r9 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) readv(r7, &(0x7f0000000540)=[{0x0}], 0x1) keyctl$KEYCTL_WATCH_KEY(0x20, r9, r8, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r9, r7, 0xffffffff) openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0585609, &(0x7f0000000040)) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ext4\x00', 0x0, 0x0) 11.83191533s ago: executing program 0 (id=1075): sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x14, 0x0, 0x401, 0x0, 0xfffffffd, {0x2}}, 0x14}}, 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x2, r0, 0x0}]) prlimit64(0x0, 0xb, &(0x7f0000000140), 0x0) r2 = gettid() rt_sigqueueinfo(r2, 0x21, &(0x7f0000001500)) 11.812308642s ago: executing program 2 (id=1076): sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000003c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, r6}) ioctl$PTP_PIN_SETFUNC(r3, 0x40603d07, &(0x7f0000000100)) r7 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r7, 0x1, 0x1e, &(0x7f0000caaffb), 0x0) r8 = socket$key(0xf, 0x3, 0x2) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) shmat(0x0, &(0x7f0000fa4000/0x4000)=nil, 0x6000) sendmsg$key(r8, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x2, 0x3, 0x0, 0x9, 0x9, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_key={0x2, 0x8, 0x8, 0x0, '4'}]}, 0x48}, 0x1, 0x7}, 0x0) socket$igmp(0x2, 0x3, 0x2) r9 = dup(0xffffffffffffffff) write$cgroup_pid(r9, &(0x7f0000000000)=0xffffffffffffffff, 0x12) 11.30957275s ago: executing program 0 (id=1077): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_S_STD(r2, 0xc008561b, &(0x7f0000000100)) ioctl$sock_inet_SIOCDARP(r1, 0x8953, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) getpid() r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000000)=@framed={{}, [@printk={@lld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000000)=r5, 0x4) sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000001640)={0x18, 0x2, 0x1, 0x101, 0x0, 0x0, {}, [@CTA_TUPLE_REPLY={0x4}]}, 0x18}}, 0x0) mkdir(&(0x7f00000003c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) lchown(&(0x7f0000000340)='./bus\x00', 0x0, 0x0) sendmsg$NFNL_MSG_ACCT_GET(r0, 0x0, 0x200040c4) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x2, 0x4, 0x40018000, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="92", 0x1}], 0x1}}], 0x2, 0x34008004) 9.630569584s ago: executing program 1 (id=1080): mkdir(&(0x7f0000000440)='./file0\x00', 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) clock_getres(0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) write$FUSE_NOTIFY_POLL(r2, &(0x7f0000000340)={0x18}, 0x18) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r5 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r6 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x3}, 0x0, 0x0, r5) add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r6) write$FUSE_ENTRY(r2, &(0x7f0000000380)={0x90}, 0x90) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) socket(0x10, 0x400000000080803, 0x0) r7 = fanotify_init(0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) fanotify_mark(r7, 0x101, 0x20, r8, 0x0) r9 = fanotify_init(0x0, 0x0) ioctl$VIDIOC_S_JPEGCOMP(0xffffffffffffffff, 0x408c563e, &(0x7f0000000480)={0xffffffff, 0x4, 0x37, "533720412b006f2019d23eb4d7aabbe327d537ac29b86ae922406aca674c8d386a356d6ebdd2b7799eb1495892bc7b66f9ef8cbaaccc7cf91f9ca753", 0x2c, "105f077209cf04c74ab075a62d59437a084cdbacd46f9907c79ad3d9365802742e2096ef75a56bc52900327da05e5a8998e4fb9b66dbbaf762642990", 0xc0}) fanotify_mark(r9, 0x101, 0x20, 0xffffffffffffffff, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 8.677503781s ago: executing program 0 (id=1082): openat$dir(0xffffff9c, 0x0, 0x10100, 0x20) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(0x0, r0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r1, &(0x7f0000000340)="05000000", 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) r3 = socket$inet(0x2b, 0x801, 0x0) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @empty}, 0x10) ioctl$sock_inet_udp_SIOCOUTQ(r3, 0x8905, &(0x7f0000000000)) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) r4 = syz_io_uring_setup(0x232, &(0x7f0000000080)={0x0, 0x200000, 0x1, 0x1, 0xffffffff}, &(0x7f0000000000), &(0x7f0000000140)) io_uring_enter(r4, 0x7a98, 0x0, 0x0, 0x0, 0x0) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_UIE_ON(r5, 0x7003) ioctl$RTC_AIE_ON(r5, 0x7001) ioctl$RTC_SET_TIME(r5, 0x4024700a, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4) r7 = dup(r6) ioctl$SIOCSIFHWADDR(r7, 0x800442d2, &(0x7f0000000080)={'macsec0\x00', @dev}) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000000c0)={'vlan0\x00', 0x0}) 8.026883255s ago: executing program 4 (id=1083): syz_open_dev$evdev(&(0x7f00000003c0), 0x0, 0x440282) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) shmget(0x2, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil) ptrace$peek(0x2, r0, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'}) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) io_setup(0x0, &(0x7f0000000280)) r5 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x0, 0x0) finit_module(r5, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0x62, 0x0, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="020400030e000000000700000000000004000900a0000000e9255bb992464e73a02159d3720df19f7a1dfec30000000003000600000000000200000000000000000000000000000002000100000000fffffffb0d00000000030005000000000002"], 0x70}, 0x1, 0x7}, 0x0) 6.903302185s ago: executing program 4 (id=1084): r0 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x0, &(0x7f0000000000)=0x400, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = creat(&(0x7f0000000280)='./file1\x00', 0x170) close(r2) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) memfd_create(0x0, 0x3) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) connect$unix(r3, &(0x7f0000008700)=@abs, 0x6e) lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000400)=ANY=[], 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x3}], {0x14}}, 0x68}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c0000003b0007010000000000000000027c0000040000001400018006000600884700"], 0x2c}}, 0x0) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x3) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) 6.673582591s ago: executing program 1 (id=1085): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000088b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) userfaultfd(0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000080)={'ip6erspan0\x00', @random="201a4847569b"}) socket$tipc(0x1e, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00') read$FUSE(0xffffffffffffffff, &(0x7f00000082c0)={0x2020}, 0x2020) ioperm(0x7, 0x81, 0x2) futex_waitv(0x0, 0x0, 0x2, 0x0, 0x4ff34a6875a50887) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x35, &(0x7f0000000140)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x2004c840}, 0x4000044) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x40000000015, 0x5, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000000)={0x27}, 0x74) bind$nfc_llcp(r2, &(0x7f0000000280)={0x27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, "d929849825e65735160e000000007760760beeab91e81597c80004da000000210000000000002400", 0x200000000000003}, 0x60) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="180600000000000000000000000000001830000000000000000000000020000095"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x90, &(0x7f0000000100)=""/144, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,') 6.381853974s ago: executing program 4 (id=1086): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x2, r0, 0x0}]) prlimit64(0x0, 0xb, &(0x7f0000000140), 0x0) r2 = gettid() rt_sigqueueinfo(r2, 0x21, &(0x7f0000001500)) 5.163848579s ago: executing program 4 (id=1087): r0 = socket$unix(0x1, 0x1, 0x0) listen(r0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) dup3(r0, 0xffffffffffffffff, 0x0) setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f00000000c0)=0x81, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) mknod(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe55, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={0x0, r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r3, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r5 = socket(0x848000000015, 0x805, 0x0) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f0000000400)={0xa, 0x0, 0xa2, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x3}}, 0x1c) close_range(r4, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(0xffffffffffffffff, 0x8) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$sndctrl(0x0, 0x0, 0x0) 5.124808626s ago: executing program 1 (id=1088): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0xffffffff, @empty, 0x5bb}, 0x1c) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000480)={'syztnl1\x00', &(0x7f0000000400)={'ip6tnl0\x00', 0x0, 0x29, 0x4, 0x0, 0x2d, 0x4, @private0, @private0, 0x8, 0x7800, 0x9, 0x613dd50d}}) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000cc0)=ANY=[], &(0x7f0000000840)=""/151, 0x68, 0x97, 0x1, 0x5, 0x10000, @value}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x1b, 0x9, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000001000000000000020000004f04009568ffffcd430400fbffffff85200000010000009500000000000000851000000800000085ae4bf0880000009500000000000000"], &(0x7f0000000c80)='syzkaller\x00', 0x9, 0x38, &(0x7f0000000340)=""/56, 0x40f00, 0x3, '\x00', r3, @fallback=0x2c, r4, 0x8, &(0x7f0000000940)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000980)={0x1, 0x1, 0x3, 0x8}, 0x10, 0x0, 0xffffffffffffffff, 0x2, 0x0, &(0x7f0000000b80)=[{0x1, 0x5, 0x9}, {0x2, 0x1, 0x3, 0x2}], 0x10, 0xd, @void, @value}, 0x94) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/sem\x00', 0x0, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000140)={0x8, 0x8b}, 0x0) epoll_create1(0x0) pipe2$9p(0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) 3.534597377s ago: executing program 1 (id=1089): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) sendmsg$tipc(r3, &(0x7f0000000140)={0x0, 0x20d302, 0x0}, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f0000000000), 0x4) r4 = dup3(r2, r3, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, 0x0, 0x0) setsockopt$TIPC_GROUP_LEAVE(r3, 0x10f, 0x88) r5 = epoll_create(0x208000) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f00000000c0)) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340), 0xc901, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r7 = dup(r1) write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r8 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) ftruncate(r9, 0x2000009) sendfile(r8, r9, 0x0, 0x7ffff000) chown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 3.426915779s ago: executing program 0 (id=1090): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, 0x0, 0x0) dup(0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, &(0x7f0000000340)) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100008b}, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) clock_gettime(0x0, &(0x7f0000000000)) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x19) mremap(&(0x7f00000a7000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000469000/0x4000)=nil) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r2, &(0x7f0000000780)=[{&(0x7f00000004c0)='4', 0x1}], 0x1) r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x121301, 0x0) ioctl$TCSETS(r3, 0x5402, 0x0) write$binfmt_aout(r3, 0x0, 0xff2e) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)) r4 = syz_open_pts(r3, 0x0) r5 = dup(r4) read$FUSE(r5, &(0x7f0000000380)={0x2020}, 0x2020) socket$inet6(0xa, 0x3, 0x7) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 2.998531347s ago: executing program 2 (id=1091): pipe2(&(0x7f0000000040), 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4) socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet(r5, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) recvmmsg(r5, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000004ac0)=""/102389, 0x18ff5}], 0x1}}], 0x3fffffff, 0x0, 0x0) write$binfmt_elf64(r5, &(0x7f00000000c0)=ANY=[], 0xc63b9e35) 2.245554964s ago: executing program 4 (id=1092): r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) close(r0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, '\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r5 = syz_io_uring_setup(0x12fd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000240)=0x0) r8 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) close(r8) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_READ=@use_registered_buffer) io_uring_enter(r5, 0x49f7, 0x0, 0x0, 0x0, 0x0) r9 = syz_io_uring_setup(0x320e, &(0x7f0000000280), &(0x7f0000000180), &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r10, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r9, &(0x7f0000000400)={0x20000004}) fcntl$setlease(r1, 0x400, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x8, [@fwd={0x2}, @ptr={0x0, 0x0, 0x0, 0x2, 0x3}, @func={0x6}]}, {0x0, [0x0, 0x61, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) execveat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0) 1.374648456s ago: executing program 2 (id=1093): socketpair$unix(0x1, 0x2, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x20], [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa90d]}, 0x45c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000400)=@mangle={'mangle\x00', 0x44, 0x6, 0x390, 0x0, 0x260, 0x0, 0x98, 0x260, 0x2f8, 0x2f8, 0x2f8, 0x2f8, 0x2f8, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00', {}, {}, 0x6, 0x0, 0x56}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x10}}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'ip6tnl0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f0) ioprio_get$uid(0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x14}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4) r5 = dup(r4) ioctl$SIOCSIFHWADDR(r5, 0x800442d2, &(0x7f0000000080)={'macsec0\x00', @dev}) 360.174145ms ago: executing program 4 (id=1094): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$vim2m(&(0x7f0000000140), 0x10001, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f15852323460608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdir(0x0, 0x0) syz_io_uring_setup(0x7b, &(0x7f00000003c0)={0x0, 0x0, 0x10100}, 0x0, &(0x7f0000000100)) r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) ioctl$vim2m_VIDIOC_G_FMT(r5, 0xc0d05604, &(0x7f0000001080)={0x2, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) syz_emit_ethernet(0x7a, &(0x7f0000000180)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x40, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private1, [@hopopts={0x29}, @routing]}}}}}}}, 0x0) r6 = io_uring_setup(0x8a8, &(0x7f00000005c0)={0x0, 0xd046, 0x100, 0x2, 0x18}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0xa, 0x700, 0x0) mq_open(&(0x7f000084dff0)='!senin\xd58\xd9\x03+\t\xe1\xabx\x00', 0x6e93ebbbcc0884f2, 0x88, &(0x7f0000000300)={0x0, 0xfffffffffffffffd, 0x10000007, 0x9}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=1095): socket$nl_generic(0x10, 0x3, 0x10) r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) r2 = gettid() r3 = gettid() tkill(r2, 0x2d) tkill(r3, 0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000, @void, @value}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup2(r7, r7) unshare(0x2a020400) unshare(0x2a020400) r8 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0) io_uring_enter(r8, 0x82ded, 0x0, 0x0, 0x0, 0x5ee5da97e0afaeeb) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0) kernel console output (not intermixed with test programs): 1307.918897][T12267] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1307.924929][T12267] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1307.944616][T12267] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1307.979207][T12267] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1307.985321][T12267] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1307.995247][T12267] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1308.003604][T12267] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1308.010401][T12267] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1308.135928][T12206] chnl_net:caif_netlink_parms(): no params data found [ 1308.164471][T12267] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1308.194783][T12267] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1308.201185][T12267] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1308.217258][T12267] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1308.232767][T12267] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1308.240721][T12267] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1308.250328][T12267] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1308.762309][T12286] usb usb8: usbfs: process 12286 (syz.3.850) did not claim interface 0 before use [ 1309.040072][T12286] Bluetooth: MGMT ver 1.23 [ 1309.067779][ T2513] bridge_slave_1: left allmulticast mode [ 1309.073454][ T2513] bridge_slave_1: left promiscuous mode [ 1309.090049][ T2513] bridge0: port 2(bridge_slave_1) entered disabled state [ 1309.112675][ T2513] bridge_slave_0: left allmulticast mode [ 1309.124203][ T2513] bridge_slave_0: left promiscuous mode [ 1309.139654][ T2513] bridge0: port 1(bridge_slave_0) entered disabled state [ 1309.377057][ T9359] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 1309.803849][ T9359] usb 2-1: too many configurations: 65, using maximum allowed: 8 [ 1310.080933][ T5225] Bluetooth: hci1: command 0x0c1a tx timeout [ 1310.087376][ T5225] Bluetooth: hci6: command 0x0c1a tx timeout [ 1310.094638][ T5225] Bluetooth: hci2: command 0x0c1a tx timeout [ 1310.243172][ T9111] Bluetooth: hci0: command 0x0c1a tx timeout [ 1310.362322][ T5225] Bluetooth: hci4: command 0x0405 tx timeout [ 1310.514241][ T9359] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 1310.523515][ T9359] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1310.978460][T12288] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1311.029319][T12288] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1312.156569][ T9111] Bluetooth: hci2: command 0x0c1a tx timeout [ 1312.162742][ T9111] Bluetooth: hci6: command 0x0c1a tx timeout [ 1312.163138][ T5225] Bluetooth: hci1: command 0x0c1a tx timeout [ 1312.322082][ T5225] Bluetooth: hci0: command 0x0c1a tx timeout [ 1312.397922][ T5225] Bluetooth: hci4: command 0x0405 tx timeout [ 1312.424931][ T2513] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1312.459943][ T2513] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1312.492959][ T2513] bond0 (unregistering): Released all slaves [ 1313.934430][ T5313] usb 2-1: USB disconnect, device number 6 [ 1314.236856][ T9110] Bluetooth: hci6: command 0x0c1a tx timeout [ 1314.238123][ T9111] Bluetooth: hci2: command 0x0c1a tx timeout [ 1314.249123][ T5225] Bluetooth: hci1: command 0x0c1a tx timeout [ 1314.657768][ T5225] Bluetooth: hci4: command 0x0405 tx timeout [ 1314.664099][ T9111] Bluetooth: hci0: command 0x0c1a tx timeout [ 1315.197700][ T25] IPVS: starting estimator thread 0... [ 1315.289192][T12313] IPVS: using max 16 ests per chain, 38400 per kthread [ 1315.843572][T12326] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1316.617033][T12206] bridge0: port 1(bridge_slave_0) entered blocking state [ 1316.627103][T12206] bridge0: port 1(bridge_slave_0) entered disabled state [ 1316.634344][T12206] bridge_slave_0: entered allmulticast mode [ 1316.653629][T12206] bridge_slave_0: entered promiscuous mode [ 1316.699475][T12206] bridge0: port 2(bridge_slave_1) entered blocking state [ 1316.742556][T12206] bridge0: port 2(bridge_slave_1) entered disabled state [ 1316.769007][T12206] bridge_slave_1: entered allmulticast mode [ 1316.800499][T12206] bridge_slave_1: entered promiscuous mode [ 1316.866762][T12342] ubi: mtd0 is already attached to ubi0 [ 1316.874487][T12342] netlink: 12 bytes leftover after parsing attributes in process `syz.1.868'. [ 1317.219374][T12342] netlink: 32 bytes leftover after parsing attributes in process `syz.1.868'. [ 1317.673571][ T29] audit: type=1326 audit(1727199029.106:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12336 comm="syz.2.861" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1e40b7def9 code=0x0 [ 1318.073200][T12206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1318.123705][ T2513] hsr_slave_0: left promiscuous mode [ 1318.133103][ T2513] hsr_slave_1: left promiscuous mode [ 1318.196266][ T2513] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1318.232860][ T2513] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1318.260166][ T2513] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1318.302904][ T2513] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1323.989684][ T2513] veth1_macvtap: left promiscuous mode [ 1324.020042][ T2513] veth0_macvtap: left promiscuous mode [ 1324.025958][ T2513] veth1_vlan: left promiscuous mode [ 1324.031614][ T2513] veth0_vlan: left promiscuous mode [ 1327.703069][ T29] audit: type=1400 audit(1727199037.776:842): avc: denied { mount } for pid=12370 comm="syz.2.865" name="/" dev="pstore" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 1328.221525][ T29] audit: type=1400 audit(1727199039.646:843): avc: denied { unmount } for pid=11792 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 1330.463993][T12395] netlink: 191416 bytes leftover after parsing attributes in process `syz.2.870'. [ 1331.654384][ T5225] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1331.690231][ T5225] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1331.699408][ T5225] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1331.725440][ T5225] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1331.737382][ T5225] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1331.745674][ T5225] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1332.195906][ T2513] team0 (unregistering): Port device team_slave_1 removed [ 1332.272370][ T2513] team0 (unregistering): Port device team_slave_0 removed [ 1333.243667][T12206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1333.772333][T12206] team0: Port device team_slave_0 added [ 1333.863766][ T5225] Bluetooth: hci3: command tx timeout [ 1333.913955][T12213] chnl_net:caif_netlink_parms(): no params data found [ 1334.283386][T12405] netlink: 'syz.3.872': attribute type 4 has an invalid length. [ 1334.687279][T12206] team0: Port device team_slave_1 added [ 1334.764314][T12405] syz.3.872 (12405) used greatest stack depth: 20576 bytes left [ 1334.809637][T12397] lo speed is unknown, defaulting to 1000 [ 1335.050303][T12409] lo speed is unknown, defaulting to 1000 [ 1335.188679][T12206] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1335.195679][T12206] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1335.319932][T12206] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1335.916717][ T5225] Bluetooth: hci3: command tx timeout [ 1336.265346][T12206] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1336.301660][T12206] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1336.383230][T12206] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1336.609279][T12213] bridge0: port 1(bridge_slave_0) entered blocking state [ 1336.624738][T12213] bridge0: port 1(bridge_slave_0) entered disabled state [ 1336.642154][T12213] bridge_slave_0: entered allmulticast mode [ 1336.652672][T12213] bridge_slave_0: entered promiscuous mode [ 1336.715621][T12213] bridge0: port 2(bridge_slave_1) entered blocking state [ 1336.739328][T12213] bridge0: port 2(bridge_slave_1) entered disabled state [ 1336.759775][T12213] bridge_slave_1: entered allmulticast mode [ 1336.779539][T12213] bridge_slave_1: entered promiscuous mode [ 1336.871255][T12434] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1337.329879][T12213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1337.352184][T12213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1337.475971][ T2513] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1337.517793][T12206] hsr_slave_0: entered promiscuous mode [ 1337.536382][T12206] hsr_slave_1: entered promiscuous mode [ 1337.649574][ T2513] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1337.813564][T12213] team0: Port device team_slave_0 added [ 1337.841873][T12213] team0: Port device team_slave_1 added [ 1337.894312][ T2513] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1337.998676][ T5225] Bluetooth: hci3: command tx timeout [ 1338.090906][ T2513] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1338.150641][T12213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1338.159104][T12213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1338.186028][T12213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1338.240113][T12213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1338.247513][T12213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1338.275500][T12213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1340.111360][ T5225] Bluetooth: hci3: command tx timeout [ 1342.133868][T12213] hsr_slave_0: entered promiscuous mode [ 1342.156901][T12213] hsr_slave_1: entered promiscuous mode [ 1342.179519][T12213] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1342.201564][T12213] Cannot create hsr debugfs directory [ 1343.120250][T12466] netlink: 'syz.3.879': attribute type 21 has an invalid length. [ 1343.128515][T12466] netlink: 'syz.3.879': attribute type 6 has an invalid length. [ 1343.136186][T12466] netlink: 132 bytes leftover after parsing attributes in process `syz.3.879'. [ 1343.641594][ T2513] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1345.448608][T12397] chnl_net:caif_netlink_parms(): no params data found [ 1345.639285][ T2513] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1345.900249][T12489] xt_bpf: check failed: parse error [ 1346.147752][T12494] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 1346.154319][T12494] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1346.188790][T12491] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1346.293317][ T2513] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1346.335329][T12494] vhci_hcd vhci_hcd.0: Device attached [ 1346.354155][T12495] vhci_hcd: connection closed [ 1346.377679][ T147] vhci_hcd: stop threads [ 1346.417177][ T147] vhci_hcd: release socket [ 1346.423383][ T147] vhci_hcd: disconnect device [ 1346.733707][ T2513] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1347.158139][T12397] bridge0: port 1(bridge_slave_0) entered blocking state [ 1347.165517][T12397] bridge0: port 1(bridge_slave_0) entered disabled state [ 1347.188188][T12397] bridge_slave_0: entered allmulticast mode [ 1347.224621][T12397] bridge_slave_0: entered promiscuous mode [ 1347.366699][T12397] bridge0: port 2(bridge_slave_1) entered blocking state [ 1347.389745][T12397] bridge0: port 2(bridge_slave_1) entered disabled state [ 1347.446168][T12397] bridge_slave_1: entered allmulticast mode [ 1347.500312][T12397] bridge_slave_1: entered promiscuous mode [ 1347.821696][T12397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1347.872259][T12397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1347.884565][T12504] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1347.923767][T12502] smc: net device batadv_slave_1 applied user defined pnetid SYZ2 [ 1348.245910][ T29] audit: type=1400 audit(1727199059.676:844): avc: denied { name_bind } for pid=12501 comm="syz.2.884" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 1348.890543][ T2513] bridge_slave_1: left allmulticast mode [ 1348.896327][ T2513] bridge_slave_1: left promiscuous mode [ 1348.919083][ T2513] bridge0: port 2(bridge_slave_1) entered disabled state [ 1348.949046][ T2513] bridge_slave_0: left allmulticast mode [ 1348.954759][ T2513] bridge_slave_0: left promiscuous mode [ 1348.964488][ T2513] bridge0: port 1(bridge_slave_0) entered disabled state [ 1348.978981][ T2513] bridge_slave_1: left allmulticast mode [ 1348.984712][ T2513] bridge_slave_1: left promiscuous mode [ 1348.991173][ T2513] bridge0: port 2(bridge_slave_1) entered disabled state [ 1349.011766][ T2513] bridge_slave_0: left allmulticast mode [ 1349.017767][ T2513] bridge_slave_0: left promiscuous mode [ 1349.023587][ T2513] bridge0: port 1(bridge_slave_0) entered disabled state [ 1349.272376][ T9111] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1349.283990][ T9111] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1349.307163][ T9111] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1349.335199][ T9111] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1349.372113][ T9111] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1349.380262][ T9111] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1350.027015][ T2513] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1350.040077][ T2513] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1350.051964][ T2513] bond0 (unregistering): Released all slaves [ 1350.234560][ T2513] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1350.252818][ T2513] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1350.266283][ T2513] bond0 (unregistering): Released all slaves [ 1350.401417][T12397] team0: Port device team_slave_0 added [ 1350.433417][T12397] team0: Port device team_slave_1 added [ 1350.497170][T12511] lo speed is unknown, defaulting to 1000 [ 1351.446821][ T9111] Bluetooth: hci1: command tx timeout [ 1351.899730][T12397] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1351.945437][T12397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1352.014032][T12397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1352.054006][T12513] lo speed is unknown, defaulting to 1000 [ 1352.357712][T12397] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1352.377479][T12397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1352.413721][T12397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1353.190480][T12397] hsr_slave_0: entered promiscuous mode [ 1353.198905][T12397] hsr_slave_1: entered promiscuous mode [ 1353.205719][T12397] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1354.330560][ T9111] Bluetooth: hci1: command tx timeout [ 1354.406953][T12397] Cannot create hsr debugfs directory [ 1356.288128][ T2513] hsr_slave_0: left promiscuous mode [ 1356.305052][ T2513] hsr_slave_1: left promiscuous mode [ 1356.325008][ T2513] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1356.344600][ T2513] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1356.368394][ T2513] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1356.375789][ T2513] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1356.396617][ T9111] Bluetooth: hci1: command tx timeout [ 1356.439415][ T2513] hsr_slave_0: left promiscuous mode [ 1356.457755][ T2513] hsr_slave_1: left promiscuous mode [ 1356.479049][ T2513] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1356.562628][ T2513] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1356.578088][ T5225] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1356.589445][ T5225] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1356.598463][ T5225] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1356.616744][ T5225] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1356.625117][ T2513] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1356.634467][ T5225] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1356.642593][ T5225] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1356.687729][ T2513] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1356.809953][ T2513] veth1_macvtap: left promiscuous mode [ 1356.815546][ T2513] veth0_macvtap: left promiscuous mode [ 1356.837044][ T2513] veth1_vlan: left promiscuous mode [ 1356.842521][ T2513] veth0_vlan: left promiscuous mode [ 1356.857825][ T2513] veth1_macvtap: left promiscuous mode [ 1356.863459][ T2513] veth0_macvtap: left promiscuous mode [ 1356.876394][ T2513] veth1_vlan: left promiscuous mode [ 1356.881872][ T2513] veth0_vlan: left promiscuous mode [ 1357.957126][ T2513] team0 (unregistering): Port device team_slave_1 removed [ 1358.024852][ T2513] team0 (unregistering): Port device team_slave_0 removed [ 1358.476533][ T9111] Bluetooth: hci1: command tx timeout [ 1358.654471][ T5225] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1358.665036][ T5225] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1358.679106][ T5225] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1358.720282][ T5225] Bluetooth: hci0: command tx timeout [ 1358.720510][ T9110] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1358.755616][ T9110] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1358.772308][ T9110] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1359.515306][ T2513] team0 (unregistering): Port device team_slave_1 removed [ 1359.584681][ T2513] team0 (unregistering): Port device team_slave_0 removed [ 1360.364017][ T8] lo speed is unknown, defaulting to 1000 [ 1360.806581][ T9111] Bluetooth: hci0: command tx timeout [ 1360.878359][ T9111] Bluetooth: hci5: command tx timeout [ 1361.569154][T12513] chnl_net:caif_netlink_parms(): no params data found [ 1362.750826][T12513] bridge0: port 1(bridge_slave_0) entered blocking state [ 1362.760717][T12513] bridge0: port 1(bridge_slave_0) entered disabled state [ 1362.768638][T12513] bridge_slave_0: entered allmulticast mode [ 1362.776221][T12513] bridge_slave_0: entered promiscuous mode [ 1362.785880][T12513] bridge0: port 2(bridge_slave_1) entered blocking state [ 1362.794135][T12513] bridge0: port 2(bridge_slave_1) entered disabled state [ 1362.806149][T12513] bridge_slave_1: entered allmulticast mode [ 1362.814135][T12513] bridge_slave_1: entered promiscuous mode [ 1362.876550][ T9111] Bluetooth: hci0: command tx timeout [ 1362.966640][ T9111] Bluetooth: hci5: command tx timeout [ 1362.989322][T12513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1363.035851][T12513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1363.221270][T12513] team0: Port device team_slave_0 added [ 1363.231844][T12513] team0: Port device team_slave_1 added [ 1363.239936][T12561] chnl_net:caif_netlink_parms(): no params data found [ 1363.255008][T12397] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1363.348605][T12397] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1363.362177][T12397] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1363.381485][T12397] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1363.465556][T12513] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1363.475298][T12513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1363.502315][T12513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1363.545370][T12513] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1363.553694][T12513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1363.581059][T12513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1363.596862][T12568] chnl_net:caif_netlink_parms(): no params data found [ 1363.656849][T12561] bridge0: port 1(bridge_slave_0) entered blocking state [ 1363.664131][T12561] bridge0: port 1(bridge_slave_0) entered disabled state [ 1363.671431][T12561] bridge_slave_0: entered allmulticast mode [ 1363.681085][T12561] bridge_slave_0: entered promiscuous mode [ 1363.754289][T12561] bridge0: port 2(bridge_slave_1) entered blocking state [ 1363.773132][T12561] bridge0: port 2(bridge_slave_1) entered disabled state [ 1363.782750][T12561] bridge_slave_1: entered allmulticast mode [ 1363.790634][T12561] bridge_slave_1: entered promiscuous mode [ 1363.975152][T12561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1364.058362][T12561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1364.108409][T12513] hsr_slave_0: entered promiscuous mode [ 1364.115277][T12513] hsr_slave_1: entered promiscuous mode [ 1364.122549][T12513] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1364.130342][T12513] Cannot create hsr debugfs directory [ 1364.164887][T12568] bridge0: port 1(bridge_slave_0) entered blocking state [ 1364.172129][T12568] bridge0: port 1(bridge_slave_0) entered disabled state [ 1364.179459][T12568] bridge_slave_0: entered allmulticast mode [ 1364.188047][T12568] bridge_slave_0: entered promiscuous mode [ 1364.229741][T12561] team0: Port device team_slave_0 added [ 1364.264009][T12568] bridge0: port 2(bridge_slave_1) entered blocking state [ 1364.271270][T12568] bridge0: port 2(bridge_slave_1) entered disabled state [ 1364.279129][T12568] bridge_slave_1: entered allmulticast mode [ 1364.288891][T12568] bridge_slave_1: entered promiscuous mode [ 1364.353158][T12561] team0: Port device team_slave_1 added [ 1364.504799][T12568] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1364.556308][T12561] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1364.575507][T12561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1364.615939][T12561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1364.660154][T12568] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1364.730198][T12561] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1364.740031][T12561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1364.767111][T12561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1364.914704][T12568] team0: Port device team_slave_0 added [ 1364.956566][ T9111] Bluetooth: hci0: command tx timeout [ 1365.022753][T12568] team0: Port device team_slave_1 added [ 1365.037001][ T9111] Bluetooth: hci5: command tx timeout [ 1365.070824][T12561] hsr_slave_0: entered promiscuous mode [ 1365.079937][T12561] hsr_slave_1: entered promiscuous mode [ 1365.086398][T12561] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1365.095216][T12561] Cannot create hsr debugfs directory [ 1365.332899][T12568] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1365.340052][T12568] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1365.375950][T12568] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1365.391523][T12568] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1365.398918][T12568] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1365.426801][T12568] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1365.566658][ T2513] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1365.718590][ T2513] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1365.766023][T12568] hsr_slave_0: entered promiscuous mode [ 1365.780189][T12568] hsr_slave_1: entered promiscuous mode [ 1365.787465][T12568] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1365.795055][T12568] Cannot create hsr debugfs directory [ 1365.844724][ T2513] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1365.991142][T12397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1366.022915][ T2513] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1366.446988][T12397] 8021q: adding VLAN 0 to HW filter on device team0 [ 1366.605807][ T147] bridge0: port 1(bridge_slave_0) entered blocking state [ 1366.613077][ T147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1366.661459][ T2513] bridge_slave_1: left allmulticast mode [ 1366.694376][ T2513] bridge_slave_1: left promiscuous mode [ 1366.709602][ T2513] bridge0: port 2(bridge_slave_1) entered disabled state [ 1366.720730][ T2513] bridge_slave_0: left allmulticast mode [ 1366.736810][ T2513] bridge_slave_0: left promiscuous mode [ 1366.742661][ T2513] bridge0: port 1(bridge_slave_0) entered disabled state [ 1366.774222][ T2513] bridge_slave_1: left allmulticast mode [ 1366.786540][ T2513] bridge_slave_1: left promiscuous mode [ 1366.792366][ T2513] bridge0: port 2(bridge_slave_1) entered disabled state [ 1366.814544][ T2513] bridge_slave_0: left allmulticast mode [ 1366.826567][ T2513] bridge_slave_0: left promiscuous mode [ 1366.832388][ T2513] bridge0: port 1(bridge_slave_0) entered disabled state [ 1366.856687][ T2513] bridge_slave_1: left allmulticast mode [ 1366.862370][ T2513] bridge_slave_1: left promiscuous mode [ 1366.877226][ T2513] bridge0: port 2(bridge_slave_1) entered disabled state [ 1366.899556][ T2513] bridge_slave_0: left allmulticast mode [ 1366.905257][ T2513] bridge_slave_0: left promiscuous mode [ 1366.921834][ T2513] bridge0: port 1(bridge_slave_0) entered disabled state [ 1367.134879][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 1367.141600][ T9111] Bluetooth: hci5: command tx timeout [ 1368.017418][ T2513] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1368.039742][ T2513] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1368.064283][ T2513] bond0 (unregistering): Released all slaves [ 1368.337535][ T2513] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1368.359524][ T2513] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1368.373178][ T2513] bond0 (unregistering): Released all slaves [ 1368.405027][ T2513] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1368.425354][ T2513] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1368.454462][ T2513] bond0 (unregistering): Released all slaves [ 1368.551286][ T147] bridge0: port 2(bridge_slave_1) entered blocking state [ 1368.558569][ T147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1369.042927][T12513] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1369.068863][T12513] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1369.126383][T12513] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1369.181520][T12513] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1369.222980][ T2513] hsr_slave_0: left promiscuous mode [ 1369.239343][ T2513] hsr_slave_1: left promiscuous mode [ 1369.253124][ T2513] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1369.261810][ T2513] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1369.281981][ T2513] hsr_slave_0: left promiscuous mode [ 1369.288846][ T2513] hsr_slave_1: left promiscuous mode [ 1369.295014][ T2513] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1369.302920][ T2513] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1369.312544][ T2513] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1369.321285][ T2513] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1369.335462][ T2513] hsr_slave_0: left promiscuous mode [ 1369.341685][ T2513] hsr_slave_1: left promiscuous mode [ 1369.350013][ T2513] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1369.359214][ T2513] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1369.398271][ T2513] veth1_macvtap: left promiscuous mode [ 1369.403840][ T2513] veth0_macvtap: left promiscuous mode [ 1369.416945][ T2513] veth1_vlan: left promiscuous mode [ 1369.422306][ T2513] veth0_vlan: left promiscuous mode [ 1369.870025][ T2513] team0 (unregistering): Port device team_slave_1 removed [ 1369.913589][ T2513] team0 (unregistering): Port device team_slave_0 removed [ 1370.766476][ T2513] team0 (unregistering): Port device team_slave_1 removed [ 1370.825213][ T2513] team0 (unregistering): Port device team_slave_0 removed [ 1371.720983][ T2513] team0 (unregistering): Port device team_slave_1 removed [ 1371.768065][ T2513] team0 (unregistering): Port device team_slave_0 removed [ 1372.533674][T12397] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1372.803671][T12513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1372.933670][T12513] 8021q: adding VLAN 0 to HW filter on device team0 [ 1372.955298][T12397] veth0_vlan: entered promiscuous mode [ 1373.060889][ T147] bridge0: port 1(bridge_slave_0) entered blocking state [ 1373.068140][ T147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1373.114581][ T147] bridge0: port 2(bridge_slave_1) entered blocking state [ 1373.121809][ T147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1373.161812][T12397] veth1_vlan: entered promiscuous mode [ 1373.362313][T12397] veth0_macvtap: entered promiscuous mode [ 1373.416184][T12397] veth1_macvtap: entered promiscuous mode [ 1373.645215][T12397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1373.667107][T12397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1373.689467][T12397] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1373.743642][T12397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1373.775235][T12397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1373.788444][T12397] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1373.820364][T12568] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1373.839937][T12568] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1373.861289][T12568] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1373.895636][T12397] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1373.924182][T12397] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1373.939084][T12397] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1373.951702][T12397] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1373.973088][T12568] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1374.302389][T12561] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1374.326255][T12561] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1374.363870][T12561] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1374.466233][T12561] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1374.531497][T12513] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1374.557997][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1374.569682][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1374.692795][ T147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1374.714837][ T147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1375.307434][T12561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1375.351855][T12513] veth0_vlan: entered promiscuous mode [ 1376.354842][T12513] veth1_vlan: entered promiscuous mode [ 1376.560540][ T29] audit: type=1400 audit(1727199087.986:845): avc: denied { read } for pid=12702 comm="syz.2.899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 1376.568859][T12561] 8021q: adding VLAN 0 to HW filter on device team0 [ 1376.732479][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 1376.739667][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1376.842130][T12568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1376.932962][T12513] veth0_macvtap: entered promiscuous mode [ 1377.024390][ T5540] bridge0: port 2(bridge_slave_1) entered blocking state [ 1377.031685][ T5540] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1377.082490][T12513] veth1_macvtap: entered promiscuous mode [ 1377.149793][T12713] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 1377.271589][T12568] 8021q: adding VLAN 0 to HW filter on device team0 [ 1377.368943][T12513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1377.391149][T12513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1377.417406][T12513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1377.444040][T12513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1377.466152][T12513] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1377.521734][T12513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1377.546295][T12513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1377.564871][T12513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1377.578128][T12513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1377.628672][T12513] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1377.684553][T12513] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1377.696562][T12513] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1377.705287][T12513] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1377.714109][T12513] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1377.805199][ T2513] bridge0: port 1(bridge_slave_0) entered blocking state [ 1377.812416][ T2513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1377.870622][ T2513] bridge0: port 2(bridge_slave_1) entered blocking state [ 1377.877825][ T2513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1378.661391][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1378.691704][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1378.709711][T12719] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1378.867803][ T147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1378.889354][ T147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1379.190971][T12561] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1379.265890][T12732] 9pnet_virtio: no channels available for device syz [ 1381.907415][T12568] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1382.351282][ T29] audit: type=1400 audit(1727199093.786:846): avc: denied { setopt } for pid=12729 comm="syz.0.831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 1382.508788][T12568] veth0_vlan: entered promiscuous mode [ 1382.643975][T12568] veth1_vlan: entered promiscuous mode [ 1382.979955][T12568] veth0_macvtap: entered promiscuous mode [ 1383.014511][T12568] veth1_macvtap: entered promiscuous mode [ 1383.121585][T12568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1383.153932][T12568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1383.179908][T12568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1383.396465][T12568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1383.426269][T12568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1383.833719][T12568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1383.916335][T12568] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1384.338853][T12568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1384.366490][T12568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1384.376348][T12568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1384.394580][T12568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1384.411090][T12568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1384.422082][T12568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1384.447948][T12568] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1384.512540][T12568] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1384.550345][T12568] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1384.560836][T12568] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1384.570360][T12568] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1384.612814][ T29] audit: type=1400 audit(1727199096.036:847): avc: denied { write } for pid=12750 comm="syz.1.898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 1385.201268][T12561] veth0_vlan: entered promiscuous mode [ 1385.588910][T12561] veth1_vlan: entered promiscuous mode [ 1387.836025][T12561] veth0_macvtap: entered promiscuous mode [ 1387.941473][T11021] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1387.989914][T11021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1388.017578][ T5291] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1388.042056][T12561] veth1_macvtap: entered promiscuous mode [ 1388.186535][ T29] audit: type=1400 audit(1727199099.606:848): avc: denied { setopt } for pid=12772 comm="syz.2.903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1391.826535][ T5291] usb 1-1: Using ep0 maxpacket: 32 [ 1391.834483][ T5291] usb 1-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 1391.846516][ T5291] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1391.941656][ T5291] usb 1-1: New USB device found, idVendor=0004, idProduct=0001, bcdDevice=4a.fe [ 1392.318859][ T5291] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1392.327041][ T5291] usb 1-1: Product: syz [ 1392.331258][ T5291] usb 1-1: Manufacturer: syz [ 1392.335910][ T5291] usb 1-1: SerialNumber: syz [ 1392.336241][T12561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1392.355192][ T5291] usb 1-1: config 0 descriptor?? [ 1392.413463][T12561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1392.446754][T12561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1392.836629][T12561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1392.889817][T12561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1392.937214][T12561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1393.019590][T12561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1393.078706][T12561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1393.082820][T12784] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1393.152274][T12561] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1393.250018][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1393.303074][T12561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1393.337368][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1393.430736][ T5291] usb 1-1: USB disconnect, device number 5 [ 1393.436989][T12561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1393.500521][T12561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1393.536961][T12561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1393.584383][T12561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1393.684953][T12561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1393.710038][T12561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1393.738428][T12561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1393.775284][T12561] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1393.885321][T12561] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1393.986555][T12561] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1394.038104][T12561] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1394.116941][T12561] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1394.915114][T12791] vivid-000: disconnect [ 1395.371804][T12788] vivid-000: reconnect [ 1395.759110][ T147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1396.576538][ T147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1396.961258][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1396.989597][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1399.532172][T12807] netlink: 'syz.0.908': attribute type 21 has an invalid length. [ 1399.540081][T12807] netlink: 'syz.0.908': attribute type 6 has an invalid length. [ 1399.547795][T12807] netlink: 132 bytes leftover after parsing attributes in process `syz.0.908'. [ 1402.265527][T12821] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1403.067569][ T29] audit: type=1800 audit(1727199114.486:849): pid=12823 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.914" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1403.818440][T12825] netlink: 40 bytes leftover after parsing attributes in process `syz.1.911'. [ 1404.926225][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1406.497637][T12846] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1406.634696][ T9110] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1406.645968][ T9110] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1406.664393][ T9110] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1406.705888][ T9110] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1406.716959][ T9110] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1406.724478][ T9110] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1408.298793][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1408.806622][ T29] audit: type=1326 audit(1727199120.036:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1409.171660][ T9111] Bluetooth: hci2: command tx timeout [ 1409.417215][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1409.430692][ T29] audit: type=1326 audit(1727199120.036:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1409.481171][ T29] audit: type=1326 audit(1727199120.036:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1409.517881][ T29] audit: type=1326 audit(1727199120.036:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1409.563920][ T29] audit: type=1326 audit(1727199120.036:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1409.820886][ T29] audit: type=1326 audit(1727199120.036:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1410.810750][ T29] audit: type=1326 audit(1727199120.036:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1410.870888][ T29] audit: type=1326 audit(1727199120.036:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1410.941679][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1411.043797][ T29] audit: type=1326 audit(1727199120.036:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1411.157531][ T29] audit: type=1326 audit(1727199120.046:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa9fa17c9df code=0x7ffc0000 [ 1411.196602][ T9111] Bluetooth: hci2: command tx timeout [ 1411.256553][T12875] program syz.4.924 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1411.610536][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1413.208159][ T9111] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 1413.218713][ T9111] Bluetooth: hci3: Injecting HCI hardware error event [ 1413.235440][ T9111] Bluetooth: hci3: hardware error 0x00 [ 1413.381207][ T9110] Bluetooth: hci2: command tx timeout [ 1416.473534][ T9111] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1416.480722][ T9111] Bluetooth: hci2: command tx timeout [ 1417.103572][T12853] chnl_net:caif_netlink_parms(): no params data found [ 1417.466925][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 1417.466970][ T29] audit: type=1326 audit(1727199128.696:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1418.388388][ T29] audit: type=1326 audit(1727199128.696:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1418.495772][T12898] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1418.521123][ T11] bridge_slave_1: left allmulticast mode [ 1418.527390][ T11] bridge_slave_1: left promiscuous mode [ 1418.554543][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1418.564093][ T29] audit: type=1326 audit(1727199128.696:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1418.620459][ T29] audit: type=1326 audit(1727199128.696:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1418.646727][ T11] bridge_slave_0: left allmulticast mode [ 1418.652422][ T11] bridge_slave_0: left promiscuous mode [ 1418.687026][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1418.763417][ T29] audit: type=1326 audit(1727199128.696:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1418.928142][ T29] audit: type=1326 audit(1727199128.696:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1421.358546][ T9110] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1421.369306][ T9110] Bluetooth: hci1: Injecting HCI hardware error event [ 1426.181224][ T9111] Bluetooth: hci1: hardware error 0x00 [ 1426.295323][ T29] audit: type=1326 audit(1727199128.696:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1426.402829][ T29] audit: type=1326 audit(1727199128.696:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1426.587208][ T29] audit: type=1326 audit(1727199128.696:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1426.701424][ T29] audit: type=1326 audit(1727199128.706:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe2b077c9df code=0x7ffc0000 [ 1426.817129][ T29] audit: type=1326 audit(1727199128.706:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1426.896615][ T29] audit: type=1326 audit(1727199128.706:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1427.006974][ T29] audit: type=1326 audit(1727199128.706:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1427.066468][ T29] audit: type=1326 audit(1727199128.706:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1427.156884][ T29] audit: type=1326 audit(1727199128.716:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1427.226504][ T29] audit: type=1326 audit(1727199128.716:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b077def9 code=0x7ffc0000 [ 1428.767771][ T9111] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1428.797365][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 1429.469953][T12951] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1429.725243][ T9110] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1429.747478][ T9110] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1429.765730][ T9110] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1429.777117][ T9110] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1429.786922][ T9110] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1429.804885][ T9110] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1430.178975][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1430.227256][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1430.277356][ T11] bond0 (unregistering): Released all slaves [ 1430.535499][ T9110] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1430.563561][ T9110] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1430.575232][ T9110] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1430.596901][ T9110] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1430.610484][ T9110] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1430.631792][ T9110] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1430.732484][ T5225] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1430.812381][ T5225] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1430.826315][ T5225] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1430.867625][ T5225] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1430.887784][ T5225] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1430.895328][ T5225] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1431.917030][ T9111] Bluetooth: hci4: command tx timeout [ 1431.952591][T12853] bridge0: port 1(bridge_slave_0) entered blocking state [ 1432.026738][T12853] bridge0: port 1(bridge_slave_0) entered disabled state [ 1432.034075][T12853] bridge_slave_0: entered allmulticast mode [ 1432.086599][T12853] bridge_slave_0: entered promiscuous mode [ 1432.486331][T12853] bridge0: port 2(bridge_slave_1) entered blocking state [ 1432.530584][T12853] bridge0: port 2(bridge_slave_1) entered disabled state [ 1432.547930][T12853] bridge_slave_1: entered allmulticast mode [ 1432.558231][T12853] bridge_slave_1: entered promiscuous mode [ 1432.667659][ T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1432.716795][ T9111] Bluetooth: hci5: command tx timeout [ 1432.865134][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1432.904508][ T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1432.943838][ T8] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x92, changing to 0x82 [ 1432.982215][ T9111] Bluetooth: hci6: command tx timeout [ 1433.006813][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1433.032069][ T8] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1433.056944][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1433.065134][ T8] usb 2-1: Product: syz [ 1433.080103][ T8] usb 2-1: Manufacturer: syz [ 1433.086539][ T8] usb 2-1: SerialNumber: syz [ 1433.096929][ T8] usb 2-1: config 0 descriptor?? [ 1433.115002][ T8] redrat3 2-1:0.0: Couldn't find all endpoints [ 1433.232938][T12853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1433.269694][T12853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1433.575081][ T11] hsr_slave_0: left promiscuous mode [ 1433.586179][ T11] hsr_slave_1: left promiscuous mode [ 1433.593869][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1433.601826][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1433.612267][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1433.626188][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1433.666123][ T11] veth1_macvtap: left promiscuous mode [ 1433.673550][ T11] veth0_macvtap: left promiscuous mode [ 1433.683046][ T11] veth1_vlan: left promiscuous mode [ 1433.690555][ T11] veth0_vlan: left promiscuous mode [ 1433.996605][ T9111] Bluetooth: hci4: command tx timeout [ 1434.550377][ T11] smc: removing net device batadv_slave_1 with user defined pnetid SYZ2 [ 1434.695557][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1434.764560][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1434.796796][ T9111] Bluetooth: hci5: command tx timeout [ 1434.874879][T11465] usb 2-1: USB disconnect, device number 7 [ 1435.036694][ T9111] Bluetooth: hci6: command tx timeout [ 1435.804684][ T29] audit: type=1400 audit(1727199147.236:884): avc: denied { accept } for pid=12982 comm="syz.1.942" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1436.078711][ T9111] Bluetooth: hci4: command tx timeout [ 1436.649782][T12853] team0: Port device team_slave_0 added [ 1436.673120][T12853] team0: Port device team_slave_1 added [ 1436.904545][ T9111] Bluetooth: hci5: command tx timeout [ 1437.116506][ T9111] Bluetooth: hci6: command tx timeout [ 1437.465566][T12853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1437.503603][T12853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1437.565100][T12853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1437.601470][T12853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1437.620672][T12853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1437.654923][T12853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1438.158293][ T9111] Bluetooth: hci4: command tx timeout [ 1438.170815][ T29] audit: type=1400 audit(1727199149.566:885): avc: denied { setopt } for pid=12994 comm="syz.1.944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 1438.364393][T12853] hsr_slave_0: entered promiscuous mode [ 1438.401181][T12853] hsr_slave_1: entered promiscuous mode [ 1438.959404][T12955] chnl_net:caif_netlink_parms(): no params data found [ 1438.966606][ T9111] Bluetooth: hci5: command tx timeout [ 1439.076766][ T11] IPVS: stop unused estimator thread 0... [ 1439.197485][ T9111] Bluetooth: hci6: command tx timeout [ 1439.411560][T12961] chnl_net:caif_netlink_parms(): no params data found [ 1439.505619][T12957] chnl_net:caif_netlink_parms(): no params data found [ 1440.891727][T12955] bridge0: port 1(bridge_slave_0) entered blocking state [ 1440.906112][T12955] bridge0: port 1(bridge_slave_0) entered disabled state [ 1440.914558][T12955] bridge_slave_0: entered allmulticast mode [ 1440.933516][T12955] bridge_slave_0: entered promiscuous mode [ 1440.967801][T12955] bridge0: port 2(bridge_slave_1) entered blocking state [ 1440.985545][T12955] bridge0: port 2(bridge_slave_1) entered disabled state [ 1441.002317][T12955] bridge_slave_1: entered allmulticast mode [ 1441.014525][T12955] bridge_slave_1: entered promiscuous mode [ 1441.194800][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1441.322357][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1441.545160][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1441.713252][T12955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1441.733756][T12955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1441.790488][T12957] bridge0: port 1(bridge_slave_0) entered blocking state [ 1441.799509][T12957] bridge0: port 1(bridge_slave_0) entered disabled state [ 1441.807671][T12957] bridge_slave_0: entered allmulticast mode [ 1441.816035][T12957] bridge_slave_0: entered promiscuous mode [ 1441.889577][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1442.064795][T12961] bridge0: port 1(bridge_slave_0) entered blocking state [ 1442.073720][T12961] bridge0: port 1(bridge_slave_0) entered disabled state [ 1442.091884][T12961] bridge_slave_0: entered allmulticast mode [ 1442.100568][T12961] bridge_slave_0: entered promiscuous mode [ 1442.113358][T12957] bridge0: port 2(bridge_slave_1) entered blocking state [ 1442.124243][T12957] bridge0: port 2(bridge_slave_1) entered disabled state [ 1442.132095][T12957] bridge_slave_1: entered allmulticast mode [ 1442.140322][T12957] bridge_slave_1: entered promiscuous mode [ 1442.251886][T12955] team0: Port device team_slave_0 added [ 1442.322315][T12961] bridge0: port 2(bridge_slave_1) entered blocking state [ 1442.336567][T12961] bridge0: port 2(bridge_slave_1) entered disabled state [ 1442.349628][T12961] bridge_slave_1: entered allmulticast mode [ 1442.368621][T12961] bridge_slave_1: entered promiscuous mode [ 1442.435955][T12955] team0: Port device team_slave_1 added [ 1442.635841][T12957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1442.865756][T12961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1442.891030][T12957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1442.989015][T12955] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1442.996212][T12955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1443.033340][T12955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1443.061814][T12955] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1443.069346][T12955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1443.096738][T12955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1443.113010][T12961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1443.183133][T12957] team0: Port device team_slave_0 added [ 1443.295553][T12957] team0: Port device team_slave_1 added [ 1443.409090][T12961] team0: Port device team_slave_0 added [ 1443.507433][T12955] hsr_slave_0: entered promiscuous mode [ 1443.515453][T12955] hsr_slave_1: entered promiscuous mode [ 1443.523014][T12955] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1443.531442][T12955] Cannot create hsr debugfs directory [ 1443.543645][T12961] team0: Port device team_slave_1 added [ 1443.595302][T12957] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1443.602841][T12957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1443.629183][T12957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1443.644097][T12957] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1443.656010][T12957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1443.683697][T12957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1443.737888][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1443.801618][T12961] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1443.816539][T12961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1443.845610][T12961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1443.923971][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1443.941589][T12961] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1443.949026][T12961] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1443.985520][T12961] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1444.092388][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1444.194730][T12957] hsr_slave_0: entered promiscuous mode [ 1444.208724][T12957] hsr_slave_1: entered promiscuous mode [ 1444.215282][T12957] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1444.228437][T12957] Cannot create hsr debugfs directory [ 1444.285920][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1444.408179][T12853] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1444.505534][T12853] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1444.547857][T12853] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1444.649690][T12961] hsr_slave_0: entered promiscuous mode [ 1444.660106][T12961] hsr_slave_1: entered promiscuous mode [ 1444.670531][T12961] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1444.686582][T12961] Cannot create hsr debugfs directory [ 1444.714406][T12853] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1444.879589][ T29] audit: type=1400 audit(1727199156.306:886): avc: denied { remount } for pid=13054 comm="syz.1.948" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 1445.010677][T12955] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1445.142672][T12955] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1445.324000][T12955] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1445.356796][ T9359] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1445.424289][T12955] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1445.592485][ T9359] usb 2-1: config 1 has an invalid descriptor of length 105, skipping remainder of the config [ 1445.626567][ T9359] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1445.647482][ T9359] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1445.662882][ T9359] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1445.678217][ T9359] usb 2-1: SerialNumber: syz [ 1445.790701][ T11] bridge_slave_1: left allmulticast mode [ 1445.803960][ T11] bridge_slave_1: left promiscuous mode [ 1445.821213][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1445.854295][ T11] bridge_slave_0: left allmulticast mode [ 1445.866577][ T11] bridge_slave_0: left promiscuous mode [ 1445.872551][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1445.901077][ T11] bridge_slave_1: left allmulticast mode [ 1445.920381][ T11] bridge_slave_1: left promiscuous mode [ 1445.926200][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1445.935913][T13055] netlink: 32 bytes leftover after parsing attributes in process `syz.1.948'. [ 1445.959139][ T11] bridge_slave_0: left allmulticast mode [ 1445.964842][ T11] bridge_slave_0: left promiscuous mode [ 1445.976789][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1446.003065][ T11] bridge_slave_1: left allmulticast mode [ 1446.012424][ T11] bridge_slave_1: left promiscuous mode [ 1446.019348][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1446.042755][ T11] bridge_slave_0: left allmulticast mode [ 1446.056940][ T11] bridge_slave_0: left promiscuous mode [ 1446.072271][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1447.753632][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1447.777591][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1447.790984][ T11] bond0 (unregistering): Released all slaves [ 1448.021468][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1448.034202][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1448.046242][ T11] bond0 (unregistering): Released all slaves [ 1448.265520][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1448.282580][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1448.294616][ T11] bond0 (unregistering): Released all slaves [ 1448.456898][ T9359] usb 2-1: 0:2 : does not exist [ 1448.593388][ T9359] usb 2-1: USB disconnect, device number 8 [ 1448.802194][T13021] udevd[13021]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1450.061853][T12955] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1450.084140][T12955] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1450.123676][T12955] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1450.178806][T13084] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1450.222801][T12955] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1450.512652][T12853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1451.346842][T12853] 8021q: adding VLAN 0 to HW filter on device team0 [ 1451.585655][ T8544] bridge0: port 1(bridge_slave_0) entered blocking state [ 1451.592919][ T8544] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1451.829815][ T11] hsr_slave_0: left promiscuous mode [ 1451.847527][ T11] hsr_slave_1: left promiscuous mode [ 1451.867752][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1451.875215][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1451.901082][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1451.926645][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1451.987573][ T11] hsr_slave_0: left promiscuous mode [ 1451.994279][ T11] hsr_slave_1: left promiscuous mode [ 1452.011433][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1452.117341][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1452.147666][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1452.169676][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1452.220373][ T11] hsr_slave_0: left promiscuous mode [ 1452.241505][ T11] hsr_slave_1: left promiscuous mode [ 1452.267393][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1452.288038][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1452.318216][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1452.326540][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1452.650037][ T11] veth1_macvtap: left promiscuous mode [ 1452.671222][ T11] veth0_macvtap: left promiscuous mode [ 1452.691633][ T11] veth1_vlan: left promiscuous mode [ 1452.713675][ T11] veth0_vlan: left promiscuous mode [ 1452.747838][ T11] veth1_macvtap: left promiscuous mode [ 1452.761303][ T11] veth0_macvtap: left promiscuous mode [ 1452.781641][ T11] veth1_vlan: left promiscuous mode [ 1452.804286][ T11] veth0_vlan: left promiscuous mode [ 1452.883799][ T11] veth1_macvtap: left promiscuous mode [ 1452.899654][ T11] veth0_macvtap: left promiscuous mode [ 1452.905450][ T11] veth1_vlan: left promiscuous mode [ 1452.934947][ T11] veth0_vlan: left promiscuous mode [ 1453.212037][ T29] audit: type=1400 audit(1727199164.616:887): avc: denied { bind } for pid=13119 comm="syz.1.952" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 1454.261462][ T29] audit: type=1326 audit(1727199165.666:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13129 comm="syz.1.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1454.487481][ T29] audit: type=1326 audit(1727199165.666:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13129 comm="syz.1.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1454.864351][ T29] audit: type=1326 audit(1727199165.666:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13129 comm="syz.1.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1455.106486][ T29] audit: type=1326 audit(1727199165.666:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13129 comm="syz.1.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1455.165408][ T29] audit: type=1326 audit(1727199165.666:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13129 comm="syz.1.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1455.237033][ T29] audit: type=1326 audit(1727199165.676:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13129 comm="syz.1.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1455.316947][ T29] audit: type=1326 audit(1727199165.676:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13129 comm="syz.1.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1455.386095][ T29] audit: type=1326 audit(1727199165.676:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13129 comm="syz.1.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1455.475784][ T29] audit: type=1326 audit(1727199165.676:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13129 comm="syz.1.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9fa17def9 code=0x7ffc0000 [ 1457.513215][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1457.587811][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1459.864389][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1459.925630][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1461.154289][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1461.231036][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1461.922221][ T8544] bridge0: port 2(bridge_slave_1) entered blocking state [ 1461.929498][ T8544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1462.314532][T12955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1462.579987][T12961] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1462.646991][T12961] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1462.669817][T12961] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1462.724415][T12961] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1462.774697][T12955] 8021q: adding VLAN 0 to HW filter on device team0 [ 1462.869861][ T8544] bridge0: port 1(bridge_slave_0) entered blocking state [ 1462.877133][ T8544] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1462.978822][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 1462.986051][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1463.471503][ T5225] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1463.483945][ T5225] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1463.501835][ T5225] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1463.529347][ T5225] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1463.587258][ T5225] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1463.595319][ T5225] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1463.820005][T12957] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1463.839494][T12957] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1463.951698][T13171] 9pnet_fd: Insufficient options for proto=fd [ 1464.635403][T12957] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1464.711611][T12957] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1464.736568][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 1464.736584][ T29] audit: type=1400 audit(1727199176.156:910): avc: denied { unmount } for pid=12397 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 1464.924586][T12961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1465.315518][T12961] 8021q: adding VLAN 0 to HW filter on device team0 [ 1465.546343][ T2513] bridge0: port 1(bridge_slave_0) entered blocking state [ 1465.553672][ T2513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1465.676965][ T9111] Bluetooth: hci0: command tx timeout [ 1466.335418][ T2513] bridge0: port 2(bridge_slave_1) entered blocking state [ 1466.342651][ T2513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1466.912426][ T29] audit: type=1400 audit(1727199178.346:911): avc: denied { read } for pid=13187 comm="syz.1.960" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1466.972705][T12955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1467.041681][T13166] chnl_net:caif_netlink_parms(): no params data found [ 1467.086553][T13189] sp0: Synchronizing with TNC [ 1467.131231][T12957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1467.323420][T13189] libceph: resolve '0.0' (ret=-3): failed [ 1467.740546][T12957] 8021q: adding VLAN 0 to HW filter on device team0 [ 1467.757194][ T9111] Bluetooth: hci0: command tx timeout [ 1467.809260][T13166] bridge0: port 1(bridge_slave_0) entered blocking state [ 1467.816973][T13166] bridge0: port 1(bridge_slave_0) entered disabled state [ 1467.825559][T13166] bridge_slave_0: entered allmulticast mode [ 1467.842386][T13166] bridge_slave_0: entered promiscuous mode [ 1467.860127][T11021] bridge0: port 1(bridge_slave_0) entered blocking state [ 1467.867402][T11021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1467.894908][T13166] bridge0: port 2(bridge_slave_1) entered blocking state [ 1467.907450][T13166] bridge0: port 2(bridge_slave_1) entered disabled state [ 1467.914735][T13166] bridge_slave_1: entered allmulticast mode [ 1467.938853][T13166] bridge_slave_1: entered promiscuous mode [ 1468.116909][T13166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1468.186152][ T2953] bridge0: port 2(bridge_slave_1) entered blocking state [ 1468.193340][ T2953] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1468.248889][T13200] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1468.261705][T12955] veth0_vlan: entered promiscuous mode [ 1468.333918][T13166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1468.527172][ T11] bridge_slave_1: left allmulticast mode [ 1468.532869][ T11] bridge_slave_1: left promiscuous mode [ 1468.552146][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1468.577735][ T11] bridge_slave_0: left allmulticast mode [ 1468.583454][ T11] bridge_slave_0: left promiscuous mode [ 1468.592795][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1469.296081][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1469.318867][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1469.340060][ T11] bond0 (unregistering): Released all slaves [ 1469.373433][T12955] veth1_vlan: entered promiscuous mode [ 1469.412265][T13166] team0: Port device team_slave_0 added [ 1469.459547][T13166] team0: Port device team_slave_1 added [ 1469.573042][ T11] hsr_slave_0: left promiscuous mode [ 1469.581373][ T11] hsr_slave_1: left promiscuous mode [ 1469.595836][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1469.610866][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1469.836748][ T9111] Bluetooth: hci0: command tx timeout [ 1470.000700][T13208] netlink: 16 bytes leftover after parsing attributes in process `syz.1.962'. [ 1470.961542][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1471.046110][ T29] audit: type=1400 audit(1727199182.476:912): avc: denied { execute } for pid=13209 comm="syz.1.963" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 1471.090163][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1471.144790][T13211] openvswitch: netlink: Message has 4 unknown bytes. [ 1471.917718][ T9111] Bluetooth: hci0: command tx timeout [ 1472.164805][T12961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1472.342940][T13166] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1472.386068][T13166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1472.436730][T13166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1472.484609][T13166] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1472.504840][T13166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1472.593442][T13166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1472.740636][T12955] veth0_macvtap: entered promiscuous mode [ 1472.794113][T12955] veth1_macvtap: entered promiscuous mode [ 1473.634217][T12955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1473.670169][T12955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1473.699228][T12955] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1473.754998][T13166] hsr_slave_0: entered promiscuous mode [ 1473.803472][T13166] hsr_slave_1: entered promiscuous mode [ 1473.954795][T12955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1473.986669][T12955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1474.178919][T12955] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1474.650722][T12955] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1474.683819][T12955] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1474.717961][T12955] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1474.746448][T12955] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1474.888049][T13248] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 1475.032531][T12961] veth0_vlan: entered promiscuous mode [ 1475.096088][T12957] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1475.266248][T12961] veth1_vlan: entered promiscuous mode [ 1476.031520][ T8544] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1476.122290][T12961] veth0_macvtap: entered promiscuous mode [ 1476.140823][ T8544] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1476.349916][T12961] veth1_macvtap: entered promiscuous mode [ 1476.487788][T12957] veth0_vlan: entered promiscuous mode [ 1476.498095][ T2513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1476.505951][ T2513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1476.510834][T13251] iou-wrk-13250 (13251): drop_caches: 2 [ 1476.703918][T12957] veth1_vlan: entered promiscuous mode [ 1476.945194][T12961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1476.994096][T12961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1477.004042][T12961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1477.021638][T12961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1477.036547][T12961] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1477.071787][T13166] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1477.140847][T13166] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1477.211452][T12961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1477.259726][T12961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1477.286271][T12961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1477.350852][T12961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1477.411794][T12961] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1477.477717][T13166] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1477.568777][T12957] veth0_macvtap: entered promiscuous mode [ 1477.865314][T12961] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1477.875301][T12961] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1477.884189][T12961] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1477.893129][T12961] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1477.905100][T13166] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1478.898090][T12957] veth1_macvtap: entered promiscuous mode [ 1479.249596][T13286] VFS: could not find a valid V7 on nullb0. [ 1480.258250][T12957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1480.280561][T12957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.293669][T12957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1480.328573][T12957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.427645][T12957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1480.511186][T12957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.708426][T12957] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1480.793447][T12957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1480.885959][T12957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.901832][T12957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1480.912849][T12957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.926654][T12957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1480.949325][T12957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.962007][T12957] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1481.078108][T12957] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1481.088731][ T6994] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1481.119360][ T6994] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1481.127276][T12957] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1481.139018][T12957] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1481.148053][T12957] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1481.483157][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1481.874030][T13166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1481.886511][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1484.822321][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1484.872070][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1485.310674][T13166] 8021q: adding VLAN 0 to HW filter on device team0 [ 1485.546728][ T8544] bridge0: port 1(bridge_slave_0) entered blocking state [ 1485.553991][ T8544] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1486.471191][ T2513] bridge0: port 2(bridge_slave_1) entered blocking state [ 1486.478495][ T2513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1486.576067][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1486.611327][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1487.903677][T13166] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1487.999213][T13166] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1489.127787][T13335] syz.0.938 (13335): drop_caches: 2 [ 1489.780674][T13337] netlink: 44 bytes leftover after parsing attributes in process `syz.4.976'. [ 1490.003531][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 1494.059520][T13166] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1494.212782][ T29] audit: type=1400 audit(1727199205.606:913): avc: denied { write } for pid=13360 comm="syz.4.980" name="ppp" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1494.438041][T13166] veth0_vlan: entered promiscuous mode [ 1494.472278][T13166] veth1_vlan: entered promiscuous mode [ 1494.565486][T13166] veth0_macvtap: entered promiscuous mode [ 1494.581148][T13166] veth1_macvtap: entered promiscuous mode [ 1494.792506][T13166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1494.803579][T13166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1494.814538][T13166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1494.835679][T13166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1494.849809][T13166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1494.866414][T13166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1494.876821][T13166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1494.888046][T13166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1494.902460][T13166] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1495.032919][T13166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1495.099316][T13166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.196587][T13166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1495.251062][T13166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.288731][T13166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1495.326442][T13166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.340067][T13166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1495.376723][T13166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.413768][T13166] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1495.462264][T13166] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.426600][T13166] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.466838][T13166] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.475601][T13166] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1498.516634][ T6994] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1498.637809][ T6994] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1498.851603][T13399] netlink: 'syz.4.987': attribute type 4 has an invalid length. [ 1498.903039][ T5540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1498.923165][ T5540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1499.752030][T13409] syz.2.912 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1503.123452][T13417] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 1503.150036][ T29] audit: type=1400 audit(1727199213.766:914): avc: denied { setopt } for pid=13410 comm="syz.4.988" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 1503.707399][T13422] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1505.347029][T13442] Cannot find set identified by id 0 to match [ 1508.579830][ T29] audit: type=1400 audit(1727199220.016:915): avc: denied { wake_alarm } for pid=13462 comm="syz.4.998" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1509.332980][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1509.409139][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1509.524802][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1509.574750][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1509.602166][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1509.616526][ T9359] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1509.655851][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1509.713714][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1509.776016][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1509.817615][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1509.844356][ T9359] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1509.866999][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1509.909616][ T9359] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1509.934506][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1509.936397][ T9359] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1510.046888][ T9359] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1510.056726][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.096985][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.144728][ T9359] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1510.145287][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.179178][ T9359] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1510.210293][ T9359] usb 2-1: config 0 descriptor?? [ 1510.231225][ T5225] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1510.245977][ T5225] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1510.256730][ T5225] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1510.266607][ T5225] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1510.279720][ T5225] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1510.287457][ T5225] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1510.303474][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.327233][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.335800][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.345461][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.353542][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.454689][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.792192][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.805678][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.813298][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.821614][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.831592][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1510.844961][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1511.661594][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1511.719179][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1511.766547][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1511.771398][ T9359] usbhid 2-1:0.0: can't add hid device: -71 [ 1511.798880][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1511.812894][ T9359] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1511.831374][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1511.884534][ T6265] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1511.909413][ T9359] usb 2-1: USB disconnect, device number 9 [ 1511.960084][ T6265] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1512.048649][T13494] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1001'. [ 1512.397738][ T5225] Bluetooth: hci1: command tx timeout [ 1513.826553][ T5291] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 1514.286870][ T5291] usb 2-1: Using ep0 maxpacket: 8 [ 1514.346499][ T5291] usb 2-1: config 7 has an invalid interface number: 122 but max is 1 [ 1514.375262][ T5291] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 1514.622104][ T5225] Bluetooth: hci1: command tx timeout [ 1514.648545][ T5291] usb 2-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 1514.665914][ T5291] usb 2-1: config 7 has no interface number 0 [ 1515.723913][ T5291] usb 2-1: config 7 interface 122 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 1515.885316][T13472] chnl_net:caif_netlink_parms(): no params data found [ 1515.933791][ T5291] usb 2-1: config 7 interface 122 has no altsetting 0 [ 1516.077260][ T5225] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 1516.086272][ T5225] Bluetooth: hci0: Injecting HCI hardware error event [ 1516.097686][ T9111] Bluetooth: hci0: hardware error 0x00 [ 1516.646502][ T5225] Bluetooth: hci1: command tx timeout [ 1517.059570][ T5291] usb 2-1: string descriptor 0 read error: -71 [ 1517.066037][ T5291] usb 2-1: New USB device found, idVendor=04e2, idProduct=1400, bcdDevice=65.13 [ 1517.216608][ T5291] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1517.286185][T13510] delete_channel: no stack [ 1517.307155][ T5291] usb 2-1: can't set config #7, error -71 [ 1517.376633][ T5291] usb 2-1: USB disconnect, device number 10 [ 1517.595841][T13539] No control pipe specified [ 1517.802361][T13539] ALSA: mixer_oss: invalid OSS volume 'DIGIT ' [ 1517.991748][T13543] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1010'. [ 1518.126441][ T29] audit: type=1400 audit(1727199229.546:916): avc: denied { append } for pid=13544 comm="syz.0.1011" name="rtc0" dev="devtmpfs" ino=838 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1518.479535][T13548] input: syz1 as /devices/virtual/input/input15 [ 1518.716509][ T5225] Bluetooth: hci1: command tx timeout [ 1518.886997][ T9111] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1519.599118][ T62] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1519.725104][T13472] bridge0: port 1(bridge_slave_0) entered blocking state [ 1519.750444][T13472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1519.789998][T13472] bridge_slave_0: entered allmulticast mode [ 1520.299822][T13472] bridge_slave_0: entered promiscuous mode [ 1520.348771][T13472] bridge0: port 2(bridge_slave_1) entered blocking state [ 1520.401911][T13472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1520.426960][T13472] bridge_slave_1: entered allmulticast mode [ 1520.448952][T13472] bridge_slave_1: entered promiscuous mode [ 1521.970121][ T62] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1522.155853][T13472] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1522.233849][T13472] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1525.080430][ T62] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1525.964022][ T6265] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1525.989662][T13586] /dev/sg0: Can't lookup blockdev [ 1526.100811][ T62] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1526.155480][ T6265] usb 2-1: Using ep0 maxpacket: 32 [ 1526.218635][ T6265] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1526.238205][ T6265] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=a6.13 [ 1526.264593][ T6265] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1526.287328][ T6265] usb 2-1: Product: syz [ 1526.293448][ T6265] usb 2-1: Manufacturer: syz [ 1526.298305][ T6265] usb 2-1: SerialNumber: syz [ 1526.309448][ T6265] usb 2-1: config 0 descriptor?? [ 1526.352635][ T6265] pvrusb2: Hardware description: Terratec Grabster AV400 [ 1526.354227][T13472] team0: Port device team_slave_0 added [ 1526.366682][ T6265] pvrusb2: ********** [ 1526.370709][ T6265] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 1526.386484][ T6265] pvrusb2: Important functionality might not be entirely working. [ 1526.407276][ T6265] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 1526.482090][T13472] team0: Port device team_slave_1 added [ 1526.520163][ T6265] pvrusb2: ********** [ 1526.697397][T13472] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1526.726529][T13472] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1526.917275][T13472] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1527.152043][T13472] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1527.207791][T13472] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1527.306066][T13472] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1527.617594][ T2041] pvrusb2: Invalid write control endpoint [ 1527.656867][ T6265] usb 2-1: USB disconnect, device number 11 [ 1528.115442][T13472] hsr_slave_0: entered promiscuous mode [ 1528.116021][ T2041] pvrusb2: Invalid write control endpoint [ 1528.176503][ T2041] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 1528.187984][T13472] hsr_slave_1: entered promiscuous mode [ 1528.203255][ T2041] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 1528.216618][ T2041] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 1528.474624][ T2041] pvrusb2: Device being rendered inoperable [ 1528.474660][T13472] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1528.508601][ T2041] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 1528.515219][T13472] Cannot create hsr debugfs directory [ 1528.643858][T13618] nbd: illegal input index -748760761 [ 1529.283292][ T2041] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 1529.339707][ T2041] pvrusb2: Attached sub-driver cx25840 [ 1529.365482][ T2041] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1529.395996][ T2041] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1529.753275][T13613] mkiss: ax0: crc mode is auto. [ 1530.164984][ T62] bridge_slave_1: left allmulticast mode [ 1530.174597][ T62] bridge_slave_1: left promiscuous mode [ 1530.202115][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 1530.238634][ T62] bridge_slave_0: left allmulticast mode [ 1530.258137][ T62] bridge_slave_0: left promiscuous mode [ 1530.300652][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 1534.258018][T13641] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1535.390603][ T29] audit: type=1400 audit(1727199246.823:917): avc: denied { mount } for pid=13643 comm="syz.2.1030" name="/" dev="hugetlbfs" ino=74199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 1535.499309][ T29] audit: type=1400 audit(1727199246.873:918): avc: denied { create } for pid=13651 comm="syz.4.1032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 1535.509792][T13656] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1536.166553][ T29] audit: type=1400 audit(1727199246.883:919): avc: denied { bind } for pid=13651 comm="syz.4.1032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 1536.226011][ T29] audit: type=1400 audit(1727199247.653:920): avc: denied { write } for pid=13643 comm="syz.2.1030" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 1539.334680][ T29] audit: type=1326 audit(1727199250.763:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13664 comm="syz.0.1035" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5bc5d7def9 code=0x0 [ 1539.368353][ T25] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1539.626616][ T25] usb 2-1: config 253 has an invalid interface number: 109 but max is 0 [ 1539.657284][ T25] usb 2-1: config 253 has no interface number 0 [ 1539.668003][ T25] usb 2-1: config 253 interface 109 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1539.686301][ T25] usb 2-1: New USB device found, idVendor=5a57, idProduct=0284, bcdDevice=3d.d3 [ 1539.698578][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1539.709863][ T25] usb 2-1: Product: syz [ 1539.717340][ T25] usb 2-1: Manufacturer: syz [ 1539.722574][ T25] usb 2-1: SerialNumber: syz [ 1539.728883][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1539.831202][ T25] usb 2-1: USB disconnect, device number 12 [ 1539.846587][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1540.026787][ T62] bond0 (unregistering): Released all slaves [ 1540.656093][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1540.709522][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1540.768673][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1540.776128][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1540.824472][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1540.848589][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1540.856030][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1540.886121][ T29] audit: type=1400 audit(1727199252.303:922): avc: denied { create } for pid=13676 comm="syz.4.1039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1540.906732][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1540.914164][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1540.959227][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1540.970551][ T29] audit: type=1400 audit(1727199252.313:923): avc: denied { write } for pid=13676 comm="syz.4.1039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1540.992460][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.012010][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.056558][ T29] audit: type=1400 audit(1727199252.313:924): avc: denied { connect } for pid=13676 comm="syz.4.1039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1541.078526][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.090082][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.123128][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.156496][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.163995][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.224959][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.236566][ T29] audit: type=1400 audit(1727199252.673:925): avc: denied { ioctl } for pid=13676 comm="syz.4.1039" path="socket:[74868]" dev="sockfs" ino=74868 ioctlcmd=0x8907 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1541.259962][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.288438][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.295869][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.361871][ T29] audit: type=1400 audit(1727199252.763:926): avc: denied { setopt } for pid=13676 comm="syz.4.1039" lport=49299 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1541.376458][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.456614][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.456643][ T29] audit: type=1400 audit(1727199252.773:927): avc: denied { shutdown } for pid=13676 comm="syz.4.1039" lport=49299 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1541.556223][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.593451][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.620105][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.633707][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.645672][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.660436][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.672985][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.721565][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.733886][T11465] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1541.788806][T11465] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1542.347391][ T29] audit: type=1400 audit(1727199253.723:928): avc: denied { getopt } for pid=13691 comm="syz.2.1041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1545.061896][ T62] hsr_slave_0: left promiscuous mode [ 1545.204002][ T62] hsr_slave_1: left promiscuous mode [ 1545.261137][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1545.273323][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1545.320625][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1545.328652][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1545.738270][ T62] veth1_macvtap: left promiscuous mode [ 1545.743897][ T62] veth0_macvtap: left promiscuous mode [ 1545.822195][ T62] veth1_vlan: left promiscuous mode [ 1545.839279][ T62] veth0_vlan: left promiscuous mode [ 1545.888476][T13718] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1546.217677][ T29] audit: type=1400 audit(1727199257.653:929): avc: denied { read } for pid=13724 comm="syz.0.1046" lport=40477 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1546.321334][ T9111] Bluetooth: hci5: unexpected Set CIG Parameters response data [ 1548.631437][ T62] team0 (unregistering): Port device team_slave_1 removed [ 1548.748696][ T62] team0 (unregistering): Port device team_slave_0 removed [ 1549.433662][T13742] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1550.416556][ T9111] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 1550.427155][ T9111] Bluetooth: hci5: Injecting HCI hardware error event [ 1550.437030][ T9111] Bluetooth: hci5: hardware error 0x00 [ 1550.601260][T13750] fuse: Bad value for 'fd' [ 1551.348935][T13755] input: syz1 as /devices/virtual/input/input16 [ 1551.591141][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 1552.160332][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.350794][ T29] audit: type=1400 audit(1727199263.783:930): avc: denied { append } for pid=13753 comm="syz.2.1052" name="ppp" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1552.402241][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.460917][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.486857][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.563796][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.667006][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.702895][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.765704][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.795088][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.839772][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.880655][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.921553][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.944021][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1552.972469][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.006047][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.043721][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.093288][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.117607][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.158634][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.219592][T13472] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1553.253485][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.293796][T13472] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1553.317507][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.368322][ T9111] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1553.371641][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.437088][T13472] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1553.458913][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.478454][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.496107][T13472] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1553.539328][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.568875][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.581177][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.596511][ T9110] Bluetooth: hci6: command 0x0406 tx timeout [ 1553.636208][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.650078][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.665715][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.673702][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.683349][ T6265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1553.707875][ T6265] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1554.059525][T13780] netlink: 'syz.1.1056': attribute type 4 has an invalid length. [ 1554.067517][T13780] netlink: 'syz.1.1056': attribute type 4 has an invalid length. [ 1554.075370][T13780] netlink: 204124 bytes leftover after parsing attributes in process `syz.1.1056'. [ 1554.155514][ T29] audit: type=1400 audit(1727199265.583:931): avc: denied { create } for pid=13777 comm="syz.1.1056" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 1554.240895][T13472] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1554.312864][T13472] 8021q: adding VLAN 0 to HW filter on device team0 [ 1554.855808][ T147] bridge0: port 1(bridge_slave_0) entered blocking state [ 1554.863025][ T147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1555.081046][ T5340] bridge0: port 2(bridge_slave_1) entered blocking state [ 1555.088320][ T5340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1555.615913][T13472] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1555.636456][ T9111] Bluetooth: hci5: Opcode 0x206c failed: -110 [ 1557.208992][ T29] audit: type=1400 audit(1727199267.563:932): avc: denied { create } for pid=13788 comm="syz.1.1058" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 1557.416762][ T29] audit: type=1400 audit(1727199267.763:933): avc: denied { map } for pid=13788 comm="syz.1.1058" path="socket:[74602]" dev="sockfs" ino=74602 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 1557.629657][T13799] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1060'. [ 1558.332495][ T9111] Bluetooth: hci5: Opcode 0x2046 failed: -110 [ 1558.424534][ T29] audit: type=1400 audit(1727199267.793:934): avc: denied { read } for pid=13788 comm="syz.1.1058" path="socket:[74602]" dev="sockfs" ino=74602 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 1560.539483][T13813] ubi: mtd0 is already attached to ubi0 [ 1560.570878][T13813] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1063'. [ 1560.991814][T13472] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1562.715799][T13472] veth0_vlan: entered promiscuous mode [ 1562.844058][T13472] veth1_vlan: entered promiscuous mode [ 1563.117735][T13472] veth0_macvtap: entered promiscuous mode [ 1563.276476][ T29] audit: type=1400 audit(1727199274.703:935): avc: denied { listen } for pid=13849 comm="syz.1.1071" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1563.305336][T13472] veth1_macvtap: entered promiscuous mode [ 1563.411630][T13848] macvlan0: entered allmulticast mode [ 1563.433338][T13848] veth1_vlan: entered allmulticast mode [ 1563.786434][ T1518] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1563.842099][T13472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1563.968988][T13472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1564.014572][T13472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1564.026500][ T1518] usb 2-1: Using ep0 maxpacket: 8 [ 1564.111232][T13472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1564.124809][ T1518] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1564.161962][ T1518] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1564.199932][ T1518] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1564.208527][T13472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1564.257976][ T1518] usb 2-1: config 0 descriptor?? [ 1564.273536][T13472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1564.342405][T13472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1564.582726][T13472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1564.620984][T13472] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1565.293007][ T1518] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1566.669623][ T29] audit: type=1400 audit(1727199278.103:936): avc: denied { bind } for pid=13874 comm="syz.4.1074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1567.204665][ T5225] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1567.229739][ T5225] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1567.239070][ T5225] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1567.264327][ T5225] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1567.642926][ T5225] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1567.652381][ T5225] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1568.302615][ T6265] usb 2-1: USB disconnect, device number 13 [ 1568.354144][ T6265] iowarrior 2-1:0.0: I/O-Warror #0 now disconnected [ 1569.514367][T13882] chnl_net:caif_netlink_parms(): no params data found [ 1569.546610][ T29] audit: type=1400 audit(1727199280.973:937): avc: denied { mounton } for pid=13889 comm="syz.1.1080" path="/71/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1569.626137][ T29] audit: type=1400 audit(1727199280.973:938): avc: denied { getattr } for pid=13889 comm="syz.1.1080" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 1569.677292][ T5225] Bluetooth: hci1: command tx timeout [ 1569.818501][ T5540] bridge_slave_1: left allmulticast mode [ 1569.837698][ T5540] bridge_slave_1: left promiscuous mode [ 1569.844109][ T5540] bridge0: port 2(bridge_slave_1) entered disabled state [ 1569.939990][ T5540] bridge_slave_0: left allmulticast mode [ 1569.981355][ T5540] bridge_slave_0: left promiscuous mode [ 1570.084322][ T5540] bridge0: port 1(bridge_slave_0) entered disabled state [ 1571.194893][T13903] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1571.379851][ T29] audit: type=1400 audit(1727199282.813:939): avc: denied { unmount } for pid=12397 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 1571.443389][ T6265] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1571.457671][ T6265] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1571.485413][ T6265] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1571.544124][ T6265] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1571.567509][ T6265] rtc rtc0: __rtc_set_alarm: err=-22 [ 1572.284965][ T5225] Bluetooth: hci1: command tx timeout [ 1574.338665][ T9111] Bluetooth: hci1: command tx timeout [ 1575.344909][ T29] audit: type=1400 audit(1727199286.773:940): avc: denied { setattr } for pid=13925 comm="syz.1.1089" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1576.613236][ T9111] Bluetooth: hci1: command tx timeout [ 1579.150713][T13926] ================================================================== [ 1579.158904][T13926] BUG: KASAN: slab-use-after-free in iov_iter_advance+0x677/0x6c0 [ 1579.166750][T13926] Read of size 8 at addr ffff88802fb1b520 by task syz.1.1089/13926 [ 1579.174657][T13926] [ 1579.176988][T13926] CPU: 0 UID: 0 PID: 13926 Comm: syz.1.1089 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1579.187429][T13926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1579.197505][T13926] Call Trace: [ 1579.200801][T13926] [ 1579.203755][T13926] dump_stack_lvl+0x116/0x1f0 [ 1579.208472][T13926] print_report+0xc3/0x620 [ 1579.212932][T13926] ? __virt_addr_valid+0x5e/0x590 [ 1579.217990][T13926] ? __phys_addr+0xc6/0x150 [ 1579.222536][T13926] kasan_report+0xd9/0x110 [ 1579.226981][T13926] ? iov_iter_advance+0x677/0x6c0 [ 1579.232047][T13926] ? iov_iter_advance+0x677/0x6c0 [ 1579.237115][T13926] iov_iter_advance+0x677/0x6c0 [ 1579.242014][T13926] netfs_write_folio+0x745/0x18f0 [ 1579.247083][T13926] netfs_writepages+0x2ba/0xb90 [ 1579.251972][T13926] ? __pfx_netfs_writepages+0x10/0x10 [ 1579.257370][T13926] ? hlock_class+0x4e/0x130 [ 1579.261904][T13926] ? __pfx___lock_acquire+0x10/0x10 [ 1579.267145][T13926] ? __pfx_netfs_writepages+0x10/0x10 [ 1579.272538][T13926] do_writepages+0x1a3/0x7f0 [ 1579.277167][T13926] ? __pfx_do_writepages+0x10/0x10 [ 1579.282312][T13926] ? __pfx_lock_acquire+0x10/0x10 [ 1579.287387][T13926] ? do_raw_spin_lock+0x12d/0x2c0 [ 1579.292443][T13926] ? do_raw_spin_unlock+0x172/0x230 [ 1579.292620][T13952] ipt_ECN: cannot use operation on non-tcp rule [ 1579.297657][T13926] ? _raw_spin_unlock+0x28/0x50 [ 1579.297712][T13926] ? wbc_attach_and_unlock_inode+0x597/0x940 [ 1579.297762][T13926] filemap_fdatawrite_wbc+0x148/0x1c0 [ 1579.320704][T13926] __filemap_fdatawrite_range+0xba/0x100 [ 1579.326373][T13926] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 1579.332669][T13926] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 1579.338776][T13926] v9fs_dir_release+0x429/0x590 [ 1579.343676][T13926] ? __pfx_v9fs_dir_release+0x10/0x10 [ 1579.349173][T13926] ? __pfx___might_resched+0x10/0x10 [ 1579.354486][T13926] ? __pfx_v9fs_dir_release+0x10/0x10 [ 1579.359899][T13926] __fput+0x3f6/0xb60 [ 1579.363936][T13926] task_work_run+0x14e/0x250 [ 1579.368573][T13926] ? __pfx_task_work_run+0x10/0x10 [ 1579.373737][T13926] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1579.379690][T13926] ? task_work_add+0x1d6/0x370 [ 1579.384591][T13926] get_signal+0x1ca/0x2770 [ 1579.389049][T13926] ? fput+0x148/0x390 [ 1579.393070][T13926] ? __pfx_get_signal+0x10/0x10 [ 1579.397970][T13926] arch_do_signal_or_restart+0x90/0x7e0 [ 1579.403572][T13926] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1579.409790][T13926] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1579.415562][T13926] syscall_exit_to_user_mode+0x150/0x2a0 [ 1579.421264][T13926] do_syscall_64+0xda/0x250 [ 1579.425808][T13926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1579.431760][T13926] RIP: 0033:0x7fa9fa17def9 [ 1579.436199][T13926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1579.455841][T13926] RSP: 002b:00007fa9f9bff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1579.464281][T13926] RAX: 00000000001e8000 RBX: 00007fa9fa335f80 RCX: 00007fa9fa17def9 [ 1579.472270][T13926] RDX: 0000000000000000 RSI: 000000000000000c RDI: 000000000000000b [ 1579.480263][T13926] RBP: 00007fa9fa1f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 1579.488261][T13926] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000000 [ 1579.496261][T13926] R13: 0000000000000000 R14: 00007fa9fa335f80 R15: 00007ffe9fc95368 [ 1579.504264][T13926] [ 1579.507300][T13926] [ 1579.509703][T13926] Allocated by task 13926: [ 1579.514140][T13926] kasan_save_stack+0x33/0x60 [ 1579.518867][T13926] kasan_save_track+0x14/0x30 [ 1579.523591][T13926] __kasan_kmalloc+0xaa/0xb0 [ 1579.528230][T13926] netfs_buffer_append_folio+0x181/0x750 [ 1579.533919][T13926] netfs_write_folio+0x542/0x18f0 [ 1579.538966][T13926] netfs_writepages+0x2ba/0xb90 [ 1579.543859][T13926] do_writepages+0x1a3/0x7f0 [ 1579.548496][T13926] filemap_fdatawrite_wbc+0x148/0x1c0 [ 1579.553916][T13926] __filemap_fdatawrite_range+0xba/0x100 [ 1579.559589][T13926] v9fs_dir_release+0x429/0x590 [ 1579.564490][T13926] __fput+0x3f6/0xb60 [ 1579.568511][T13926] task_work_run+0x14e/0x250 [ 1579.573161][T13926] get_signal+0x1ca/0x2770 [ 1579.577652][T13926] arch_do_signal_or_restart+0x90/0x7e0 [ 1579.583241][T13926] syscall_exit_to_user_mode+0x150/0x2a0 [ 1579.588923][T13926] do_syscall_64+0xda/0x250 [ 1579.593448][T13926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1579.599380][T13926] [ 1579.601715][T13926] Freed by task 2953: [ 1579.605726][T13926] kasan_save_stack+0x33/0x60 [ 1579.610456][T13926] kasan_save_track+0x14/0x30 [ 1579.615188][T13926] kasan_save_free_info+0x3b/0x60 [ 1579.620263][T13926] poison_slab_object+0xf7/0x160 [ 1579.625255][T13926] __kasan_slab_free+0x32/0x50 [ 1579.630048][T13926] kfree+0x12a/0x3b0 [ 1579.633992][T13926] netfs_delete_buffer_head+0xa6/0x100 [ 1579.639494][T13926] netfs_write_collection_worker+0x20f9/0x4f80 [ 1579.645699][T13926] process_one_work+0x9c5/0x1b40 [ 1579.650655][T13926] worker_thread+0x6c8/0xf00 [ 1579.655259][T13926] kthread+0x2c1/0x3a0 [ 1579.659360][T13926] ret_from_fork+0x45/0x80 [ 1579.663823][T13926] ret_from_fork_asm+0x1a/0x30 [ 1579.668638][T13926] [ 1579.670979][T13926] The buggy address belongs to the object at ffff88802fb1b400 [ 1579.670979][T13926] which belongs to the cache kmalloc-512 of size 512 [ 1579.685054][T13926] The buggy address is located 288 bytes inside of [ 1579.685054][T13926] freed 512-byte region [ffff88802fb1b400, ffff88802fb1b600) [ 1579.698885][T13926] [ 1579.701318][T13926] The buggy address belongs to the physical page: [ 1579.707765][T13926] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2fb18 [ 1579.716565][T13926] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1579.725083][T13926] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1579.733088][T13926] page_type: 0xfdffffff(slab) [ 1579.737813][T13926] raw: 00fff00000000040 ffff88801ac41c80 0000000000000000 dead000000000001 [ 1579.746434][T13926] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 1579.755062][T13926] head: 00fff00000000040 ffff88801ac41c80 0000000000000000 dead000000000001 [ 1579.763765][T13926] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 1579.772479][T13926] head: 00fff00000000002 ffffea0000bec601 ffffffffffffffff 0000000000000000 [ 1579.781184][T13926] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 1579.789881][T13926] page dumped because: kasan: bad access detected [ 1579.796324][T13926] page_owner tracks the page as allocated [ 1579.802056][T13926] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 26763792198, free_ts 0 [ 1579.821816][T13926] post_alloc_hook+0x2d1/0x350 [ 1579.826641][T13926] get_page_from_freelist+0x1351/0x2e50 [ 1579.832226][T13926] __alloc_pages_noprof+0x22b/0x2460 [ 1579.837553][T13926] alloc_slab_page+0x4e/0xf0 [ 1579.842209][T13926] new_slab+0x84/0x260 [ 1579.846322][T13926] ___slab_alloc+0xdac/0x1870 [ 1579.851044][T13926] __slab_alloc.constprop.0+0x56/0xb0 [ 1579.856459][T13926] __kmalloc_cache_noprof+0x2b4/0x300 [ 1579.861875][T13926] device_add+0xccf/0x1a70 [ 1579.866320][T13926] workqueue_sysfs_register+0x1a4/0x400 [ 1579.871900][T13926] alloc_workqueue+0x130b/0x1c50 [ 1579.876867][T13926] nf_flow_table_offload_init+0x41/0xb0 [ 1579.882457][T13926] nf_flow_table_module_init+0x2f/0x70 [ 1579.887954][T13926] do_one_initcall+0x128/0x700 [ 1579.892770][T13926] kernel_init_freeable+0x69d/0xca0 [ 1579.898003][T13926] kernel_init+0x1c/0x2b0 [ 1579.902375][T13926] page_owner free stack trace missing [ 1579.907762][T13926] [ 1579.910116][T13926] Memory state around the buggy address: [ 1579.915764][T13926] ffff88802fb1b400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1579.923854][T13926] ffff88802fb1b480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1579.931934][T13926] >ffff88802fb1b500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1579.940011][T13926] ^ [ 1579.945137][T13926] ffff88802fb1b580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1579.953223][T13926] ffff88802fb1b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1579.961302][T13926] ================================================================== [ 1579.986552][T13926] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1579.993793][T13926] CPU: 0 UID: 0 PID: 13926 Comm: syz.1.1089 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1580.004236][T13926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1580.014309][T13926] Call Trace: [ 1580.017628][T13926] [ 1580.020583][T13926] dump_stack_lvl+0x3d/0x1f0 [ 1580.025207][T13926] panic+0x6dc/0x7c0 [ 1580.029139][T13926] ? __pfx_panic+0x10/0x10 [ 1580.033611][T13926] ? preempt_schedule_thunk+0x1a/0x30 [ 1580.039022][T13926] ? preempt_schedule_common+0x44/0xc0 [ 1580.044546][T13926] check_panic_on_warn+0xab/0xb0 [ 1580.049552][T13926] end_report+0x117/0x180 [ 1580.053928][T13926] kasan_report+0xe9/0x110 [ 1580.058476][T13926] ? iov_iter_advance+0x677/0x6c0 [ 1580.063555][T13926] ? iov_iter_advance+0x677/0x6c0 [ 1580.068722][T13926] iov_iter_advance+0x677/0x6c0 [ 1580.073656][T13926] netfs_write_folio+0x745/0x18f0 [ 1580.078746][T13926] netfs_writepages+0x2ba/0xb90 [ 1580.083730][T13926] ? __pfx_netfs_writepages+0x10/0x10 [ 1580.089147][T13926] ? hlock_class+0x4e/0x130 [ 1580.093684][T13926] ? __pfx___lock_acquire+0x10/0x10 [ 1580.098934][T13926] ? __pfx_netfs_writepages+0x10/0x10 [ 1580.104337][T13926] do_writepages+0x1a3/0x7f0 [ 1580.108968][T13926] ? __pfx_do_writepages+0x10/0x10 [ 1580.114114][T13926] ? __pfx_lock_acquire+0x10/0x10 [ 1580.119189][T13926] ? do_raw_spin_lock+0x12d/0x2c0 [ 1580.124242][T13926] ? do_raw_spin_unlock+0x172/0x230 [ 1580.129465][T13926] ? _raw_spin_unlock+0x28/0x50 [ 1580.134349][T13926] ? wbc_attach_and_unlock_inode+0x597/0x940 [ 1580.140363][T13926] filemap_fdatawrite_wbc+0x148/0x1c0 [ 1580.145789][T13926] __filemap_fdatawrite_range+0xba/0x100 [ 1580.151452][T13926] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 1580.157764][T13926] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 1580.163881][T13926] v9fs_dir_release+0x429/0x590 [ 1580.168804][T13926] ? __pfx_v9fs_dir_release+0x10/0x10 [ 1580.174211][T13926] ? __pfx___might_resched+0x10/0x10 [ 1580.179550][T13926] ? __pfx_v9fs_dir_release+0x10/0x10 [ 1580.184971][T13926] __fput+0x3f6/0xb60 [ 1580.188997][T13926] task_work_run+0x14e/0x250 [ 1580.193635][T13926] ? __pfx_task_work_run+0x10/0x10 [ 1580.198797][T13926] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1580.204743][T13926] ? task_work_add+0x1d6/0x370 [ 1580.209555][T13926] get_signal+0x1ca/0x2770 [ 1580.214003][T13926] ? fput+0x148/0x390 [ 1580.218024][T13926] ? __pfx_get_signal+0x10/0x10 [ 1580.222925][T13926] arch_do_signal_or_restart+0x90/0x7e0 [ 1580.228515][T13926] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1580.234720][T13926] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1580.240491][T13926] syscall_exit_to_user_mode+0x150/0x2a0 [ 1580.246178][T13926] do_syscall_64+0xda/0x250 [ 1580.250705][T13926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1580.256645][T13926] RIP: 0033:0x7fa9fa17def9 [ 1580.261078][T13926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1580.280726][T13926] RSP: 002b:00007fa9f9bff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1580.289175][T13926] RAX: 00000000001e8000 RBX: 00007fa9fa335f80 RCX: 00007fa9fa17def9 [ 1580.297167][T13926] RDX: 0000000000000000 RSI: 000000000000000c RDI: 000000000000000b [ 1580.305153][T13926] RBP: 00007fa9fa1f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 1580.313154][T13926] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000000 [ 1580.321145][T13926] R13: 0000000000000000 R14: 00007fa9fa335f80 R15: 00007ffe9fc95368 [ 1580.329146][T13926] [ 1580.332472][T13926] Kernel Offset: disabled [ 1580.336801][T13926] Rebooting in 86400 seconds..