last executing test programs: 3m58.503929236s ago: executing program 1 (id=1144): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x40) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030212590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000003c21c00b000000000000721a5dbb56a3d9e16e7c2179c9b5b24722944820e624fc5b17d0822ca4232c98a9936ba722475ca5", 0x72}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb00"/135, 0x87}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3be5e6bd03cbe773a938f621809345ec07cfceb013e3d76d500d97c8bee6ff54980ac3d221fcb35724ba64adb29ae8db909e097d78ff9542196635a14266944b850c9d436e96cc806a88090cbfc9db7ce83231bc043ded67966cfd68b800f6030a85f6bb070a2a5b372be2dacea7884b42e76e164af04e47f90ce0694623dce23cd1471f1a6029f68331317073e1a2d8cfb16f821c867d35a609649cf36aa781fa0a381f934844366d4e3ab8dd239c6ec35c15f307a7ed07869aacec38d787fd9c08e9dda1a28bf1a15b004bb1d88aa429ee8e927f5a1e1445685d8923cad92c90c79726d5e73dfe741de35498842cf51a4f09b97b1c14d33213705b95e84a8853fab4e1ced6faecea9d9203b038594bceb202a9d47f862c4f1853db9a0a7bf98ed9d2e3012358b38d092bd1ed7efb1a9e582ac5ef30c9b476e185f537f40ae8189528b480436122a939967e8d862e01172245ebced9f5251dd302e7e974c1db40be1e9e79799c27384caf6485e7c469b77cd6b28f71e39f84d2adbe074dd2bed6636e6853655adc3d1a47eff697e8edba53e6b281aea94798d82da7d3e86d09d869e5e345316eeeced4e15fc39234a0b0104e0b205c95eda632d0e86b095b284f441a62cb0e7262bc1967ee75f5c2d459011b0c15f4c85b02150a8834eda7f84cc96dde04e4abbdf5985a9c7218797820251b5804cae80c9a726afddf36793ae52cfb38e4e19740d6e07e4ed7c01001ab87b7fb12d5b70a75938d234c83d863b1763aec37b41d204fc319c6e802734ed681ea179fe6cad4857c3ca0e236e7b9867688d8bd7749e919f2d4f57f2249c9ccaf76a23760569b0fbde2db12ca0169e74982c1f4f0494aae13f4838b3f50d9ab0f6e328250d6fc34c0156e4b754c5c648b4ef8af32c91859f9706048f029634cefd0d767e8b7743262cb8a468ad37dfa47a745495e3f03cfa1d4ed71af55453c0a25fa1122a9054bcc4d9960c9a54f36b6db55154ab7dd19890d9f8ff3549e0fbd5a655319566b7f9c72be0242e7ffb59020356c3ffb5b9c43858e69d7b677a9bc5b8a64721a51b75a254e07199a73726834bea05901455ad53b38116b953c970b2002d0d1f91deb73ccb7266fbb21aa8555599daed7585575ef3efbd737f2523018ba4645d862889d5c3d91b12f04166db8bffecde54ee278d0d5351f3bf1f8902ff3f4c24a8c0c8a4e6addc9baadc471813589324d3128a1b193137c15c01be9f367317b1c885301ff8e9df728efa37df27f65eb0464055091f2ed469fdab48f413e3978f73ff9dffeb85453e841f86594612ac91b50add8d14910748bfa903033662f3e735ce6d299ce52338a96035aa89f63bd59d151fb20c38125236cbc0d795ac6f8da4cafc74714ed62a23b017e15adcaade58385b78c6945fb30a2539c42b1e415879433b9fb6966c6d19ed19f9f90cbd360d936a8b9f8e03bca5a83c063651b4636a7783bbda6417c83e470a16dfb115344a527436242ace9341432b5816b5e6609d97d600e142ca3cf74cbc00e1d9ee203cdfad339ce460b294f3931c5bd8ae6da8fc14d66a01bae4a212ef3d914e58c13217c8ad91628636b56257c7ca41b404cc2d4b5d50e26ebefc74656c62b1b4e9b6c5b6cc8d79101460f719d95925630bf99e042018439c50026513d680ea573620132ded57dea9e2da4e16f17dbc171642b1e80a3f41311ee73441302285668792160db6614fdb30d25a5719d2ae03ab98ea167597c48dd8197e7faf6189d801134462027901506c5ff1ae2558d96722217f65131d2f429693ae9fae19c101319473608976d08cc1c0d98f789b0c364e8aca574321ab2857af1015f1588afd313503085db4d99961a9391db06c10477ceb44199f1648594e8f9b452fafdab49b1962d02ee77ebd31b7931174a729fa943cb18102130e7e08eaba77df066069c2c3564fc85881ba0dad12c4f06a9e6dea9fea53931ff85e38505eb7ad60a52e2a8a248b3f4d0d55eee31f75f110c70e3b12409a79a5a98b0156c6d2a5d94604b8fa202b12746a365c708c671316cc0ffff6e9b7139b337953be22672a4910e1eb28cccc023b77028e20a6d377a339372f0dc235069f41c2692b0a3a7e0f315f4aebeef435a46b2e8b8462739293f9184c01b1434e87bf3fd48be54bf437056a1d2cff0c7aa52578013f96b1d5100ca936ff029cfd6f9a093621f684196ed7e1d363a97c647c34fe5f2370e7ab9dc718a1fc317779ab8a04bc12c01b778d17eea0b546bce03475fc6373c860714df0322dde550186c553ebd61ed18c0b80655f0827a63d209117ca23b026c1ad30bac4d43a4611292c7049f855b829a3a17fd2b83c142078beed8ca07b7cb7cd624705ccc160246c81174a4d3a9f2057caffe84b1ac073375e065c1ff4e9e22e7d87b3adb40ff796132e4ed86e5fc9f9616f8e4116be96497621692fb516e9316cfd15ad01742a1de4aa35fe02861236295823edf4c48fc37faf55226044e393a3733d58e8ef0f0c7941bc30f09739f37dea2f395f2e9e9b2c31a11923a2d6c9b14f1bacce15094cbbd6445f3581c6d45b76943b4d0db8fd4d4acbdb91780f57c872827abd7a1f13290a0d17dda220493476c92ce65e33f07afcf763aec0e67450f547101f1a5ada0f760c8f12137679324e22c7a13fdf78575115acb0ae4a2818b7b3ead27eea5eccba6f7a34c61819382eebfad742a3c603c6d2f332726996b3e8fcbdfd56b436c1173b1b3bc1ab66a717e31f2f918f0bea3f4801e04c14c881c59324fd9bc38745dd0e47da6bc8e98fe74a760304d74f17cd3cfceb33503397cf592d2b6a51b641d559ba8d6dc449e19b289fd1a4b3772b3998181e787723fe3893362d8f3e346c0ab0abe933e9bdd9a82b377914018377af9d2cbc58ab4fc08cea2623174239cea585603b8acd20da923a44799b1745c3bd65640508f96a0d92a6a2fd8314573f10b4f6e6cbf61e8828bd6e69b1b0c47f5795917a5035b3424dc3cadd2aadbbafb9d18349fab41d79ba13660f2c94", 0x9e8}], 0x3}, 0x0) 3m58.420340875s ago: executing program 1 (id=1145): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) sendto$inet(r2, 0x0, 0x0, 0x20000888, 0x0, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4e, &(0x7f0000000000)=0x6, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0xfe1d, @loopback={0xe0}, 0x9371}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20004000, &(0x7f0000000080)={0xa, 0x4e22, 0x40000000, @empty, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) close(r0) writev(0xffffffffffffffff, 0x0, 0x0) 3m57.474629279s ago: executing program 1 (id=1149): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e21, @broadcast}, 0x2, 0x9800, 0xfffffffd}}, 0x2e) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x2}}, 0x26) socket$inet6(0xa, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) close(0x3) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$PPPIOCATTCHAN(r5, 0x40047438, &(0x7f0000000500)=0x2) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r0, 0x7434, 0x0) 3m57.384585789s ago: executing program 1 (id=1151): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f8ffffff0000000000000000850000"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 3m57.267664697s ago: executing program 1 (id=1153): syz_usb_connect$midi(0x0, 0x38, &(0x7f0000001dc0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x1430, 0x474b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x26, 0x1, 0x1, 0x35, 0x50, 0x9, "", {{{0x9, 0x4, 0x0, 0x0, 0x1, 0x1, 0x3, 0x20, 0x7, [], [{{0x9, 0x5, 0xe, 0x2, 0x400, 0x5, 0xf3, 0x2e, {0xb, 0x25, 0x1, 0x7, "a9bbe77b19be87"}}}]}}}}}]}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(0xffffffffffffffff, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r1 = socket(0x1, 0x803, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r4 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x1, 0x0) fchdir(r5) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$cgroup_pressure(r6, 0x0, 0x0) ftruncate(r6, 0x8008976) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r6, 0x0) r7 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r8 = fsmount(r7, 0x1, 0x86) fchdir(r8) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) getdents(r9, 0x0, 0x20) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mkdirat(0xffffffffffffff9c, 0x0, 0x158) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x2010, r0, 0x0) 3m53.260133519s ago: executing program 1 (id=1181): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x6, 0x4, 0x4096, 0x89, 0x0, 0xffffffffffffffff, 0x100000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x50) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, 0x0, 0x80) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, 0x0, 0x20000015) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, 0x0, 0x800) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x1c, 0x26, 0x9, 0x70bd25, 0x25dfdbfa, {0x2}, [@typed={0x8, 0x1, 0x0, 0x0, @u32=0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000002}, 0x4000080) 3m38.167224467s ago: executing program 32 (id=1181): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x6, 0x4, 0x4096, 0x89, 0x0, 0xffffffffffffffff, 0x100000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x50) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, 0x0, 0x80) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, 0x0, 0x20000015) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, 0x0, 0x800) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x1c, 0x26, 0x9, 0x70bd25, 0x25dfdbfa, {0x2}, [@typed={0x8, 0x1, 0x0, 0x0, @u32=0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000002}, 0x4000080) 2m44.249530402s ago: executing program 4 (id=1814): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r1) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x56) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=@newlink={0x20, 0x10, 0x439, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, 0x49801, 0x49a41}}, 0x20}}, 0x0) sendto$packet(r0, &(0x7f0000000400)="05d936277c6f5422007f83477ca1", 0xe, 0x40880, &(0x7f0000000200)={0x11, 0x86dd, r2, 0x1, 0x4, 0x6, @local}, 0x14) 2m44.096577197s ago: executing program 4 (id=1818): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x23}, [@ldst={0x1, 0x0, 0x3, 0x1, 0x1, 0x8}]}, &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x6f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94) 2m43.945527663s ago: executing program 4 (id=1821): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$bt_hci(r0, 0x84, 0x0, &(0x7f0000001280)=""/4107, &(0x7f0000000080)=0x100b) 2m43.83358628s ago: executing program 4 (id=1824): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) syz_emit_ethernet(0x82, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 2m43.58351922s ago: executing program 4 (id=1827): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$qrtr(0x2a, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r3, &(0x7f0000000480)={0x2, 0x22, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x15}, @in=@private=0xa010100, 0x4e1f, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x7fffffff, 0x0, 0xffffffffffeffffa}, {}, 0x4, 0x0, 0x1, 0x0, 0x1, 0x2}, {{@in=@multicast1, 0x4d2, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xd, 0xfffffffe, 0x3}}, 0xe8) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x1c) connect$qrtr(r2, &(0x7f0000000040)={0x2a, 0x1, 0xfffffffe}, 0xc) r4 = socket$qrtr(0x2a, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000ac0)=[{{0x0, 0xff2c, 0x0}, 0x1}], 0x40, 0x2, 0x0) r5 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5) getsockname$packet(r5, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x55) writev(r4, &(0x7f0000000340)=[{&(0x7f0000000080)="fb", 0x1}], 0x1) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000000000800000000008"], 0x50) r8 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000100)={0x80000018}) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000180)={'wpan0\x00', 0x0}) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000000301010400000000000000000200000024000180"], 0x38}}, 0x0) close(r10) syz_emit_ethernet(0x8e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaa25aae0cb3fd0a2ea4e01aaaaaaaaaa4305400f008000650000082e90780a01010164010102864e000000030008094ac467ec3f00124c985e594ee96c2b09f6e55ec84c916e05052450b2070ce17393606d00a7ab3c13010dcee8f17fabc8f286afabb207106549c337b0e2fdba29f02c960c99891be6ac141425ac1414aa64010100ffffffffe00000"], 0x0) r11 = socket(0xa, 0x5, 0x0) sendmsg$inet_sctp(r11, &(0x7f0000000380)={&(0x7f00000000c0)=@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000240)="af", 0x1}], 0x1, &(0x7f00000006c0)=[@init={0x18, 0x84, 0x0, {0xffff, 0x7, 0x7, 0x4}}], 0x18, 0x20000001}, 0x20008000) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r11, 0x84, 0x65, 0x0, 0x0) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)={0x28, r0, 0x1, 0x70bd26, 0x27dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_SEC_OUT_KEY_ID={0xc, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004001}, 0x20008800) socket$key(0xf, 0x3, 0x2) 2m42.382851383s ago: executing program 4 (id=1844): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@getsadinfo={0x74, 0x23, 0x100, 0x70bd2a, 0x25dfdbff, 0x0, [@etimer_thresh={0x8, 0xc, 0x5}, @XFRMA_SET_MARK={0x8, 0x1d, 0x2}, @replay_esn_val={0x1c, 0x17, {0x0, 0x70bd27, 0x70bd28, 0x70bd28, 0x70bd2b, 0x8}}, @policy_type={0xa}, @coaddr={0x14, 0xe, @in6=@mcast1}, @srcaddr={0x14, 0xd, @in6=@mcast1}]}, 0x74}, 0x1, 0x0, 0x0, 0x4008011}, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x18, 0x26, 0x1, 0x7fffd, 0x1000, {0x4}, [@nested={0x4, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008090) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}, 0x1, 0x0, 0x0, 0x40050}, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9e", 0x78}], 0x1}}], 0x2, 0x2090) recvfrom$inet(r0, &(0x7f0000004cc0)=""/4096, 0x1000, 0x102, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000000)={0x3, 'veth0_to_bridge\x00', {0x2}, 0xc3}) shutdown(r0, 0x1) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/4096, 0x1000, 0x1, 0x0}, &(0x7f0000000180)=0x40) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010"], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x0) 2m27.360224248s ago: executing program 33 (id=1844): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@getsadinfo={0x74, 0x23, 0x100, 0x70bd2a, 0x25dfdbff, 0x0, [@etimer_thresh={0x8, 0xc, 0x5}, @XFRMA_SET_MARK={0x8, 0x1d, 0x2}, @replay_esn_val={0x1c, 0x17, {0x0, 0x70bd27, 0x70bd28, 0x70bd28, 0x70bd2b, 0x8}}, @policy_type={0xa}, @coaddr={0x14, 0xe, @in6=@mcast1}, @srcaddr={0x14, 0xd, @in6=@mcast1}]}, 0x74}, 0x1, 0x0, 0x0, 0x4008011}, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x18, 0x26, 0x1, 0x7fffd, 0x1000, {0x4}, [@nested={0x4, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008090) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}, 0x1, 0x0, 0x0, 0x40050}, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9e", 0x78}], 0x1}}], 0x2, 0x2090) recvfrom$inet(r0, &(0x7f0000004cc0)=""/4096, 0x1000, 0x102, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000000)={0x3, 'veth0_to_bridge\x00', {0x2}, 0xc3}) shutdown(r0, 0x1) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/4096, 0x1000, 0x1, 0x0}, &(0x7f0000000180)=0x40) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010"], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x0) 26.532834377s ago: executing program 2 (id=2811): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000180)='@') 23.340702073s ago: executing program 2 (id=2825): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r1, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r3, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x3c, r3, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x28, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xdb0c}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={0x1, &(0x7f00000001c0)="375dfa6d195fb0b393f28686ef1e0181530c61b7d305eaf8ea6485143a30741d1e3da9bcfc0301f58da0322126e0e6d5", &(0x7f0000000300)=""/94}, 0x20) pipe(&(0x7f0000000200)) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x1618d1d7) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000003180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01080000e0030000000e02000000090001007300803000000000080002400000000214000000110001"], 0x50}}, 0x0) sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="200000000a0a01020000000000000000020000000900010073"], 0x20}}, 0x4000000) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000900)=[@in={0x2, 0x4ea1, @local}], 0x10) listen(r4, 0xfff) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r6, &(0x7f0000000100)={@val={0x2000}, @void, @eth={@broadcast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x0, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1}, {0x300, 0x0, 0x29, 0x0, @gue={{0x2}, "ebc7a1e0ff5befe1fdbc66e400d7e83306de422b4a81099bda"}}}}}}}, 0x4f) 7.764726724s ago: executing program 3 (id=2913): close(0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x2, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00) r2 = socket$netlink(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24000084) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r8, {0x4}, {0xffff, 0xffff}, {0xffff, 0x6}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4005c}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000640)=@newqdisc={0x3c, 0x28, 0x4ee4e6a52ff56541, 0x5001, 0xfffffdfb, {0x0, 0x0, 0x0, r5, {0x4}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x2, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xcebc}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) 6.552231229s ago: executing program 6 (id=2915): socket$inet6(0xa, 0x3, 0x3c) r0 = socket$kcm(0xa, 0xfd338641414bfd63, 0x106) sendmsg$kcm(r0, 0x0, 0x20000011) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x800001000091}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) mount(&(0x7f00000003c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000300)='udf\x00', 0x200480, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) sendfile(r3, r2, 0x0, 0x578410eb) r4 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x4000) 6.534108624s ago: executing program 3 (id=2916): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) mlock(&(0x7f000040a000/0x4000)=nil, 0x4000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x20000000, 0x2) munlockall() prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$video(&(0x7f0000000440), 0x0, 0x0) r1 = syz_open_dev$video(&(0x7f0000000040), 0x2, 0x141000) ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000080)={0xe, 0x101, 0x7, {0x103, 0x2, 0x2, 0x200a}}) 5.658394437s ago: executing program 6 (id=2918): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x40) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f00000001c0)={{0x9, 0x7}, {0x3, 0x80}, 0x1d, 0x6, 0x3}) 5.524667136s ago: executing program 6 (id=2921): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000300)=&(0x7f00000002c0)) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0, 0xc000}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000380)={0x0, 0x3fb, 0x7fff}) exit(0xffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x48) 4.94217391s ago: executing program 3 (id=2925): socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20) sendmmsg(r0, &(0x7f0000001500)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}, {{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x108}}], 0x2, 0xc040) 4.811934273s ago: executing program 3 (id=2927): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x46, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000002280)={0x4c, 0x0, &(0x7f0000002100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0}) 4.633548978s ago: executing program 3 (id=2928): socket$inet6(0xa, 0x3, 0x3c) r0 = socket$kcm(0xa, 0xfd338641414bfd63, 0x106) sendmsg$kcm(r0, 0x0, 0x20000011) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x800001000091}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) mount(&(0x7f00000003c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000300)='udf\x00', 0x200480, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) sendfile(r3, r2, 0x0, 0x578410eb) r4 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x4000) 4.050855832s ago: executing program 5 (id=2931): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r1, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r3, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x3c, r3, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x28, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xdb0c}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={0x1, &(0x7f00000001c0)="375dfa6d195fb0b393f28686ef1e0181530c61b7d305eaf8ea6485143a30741d1e3da9bcfc0301f58da0322126e0e6d5", &(0x7f0000000300)=""/94}, 0x20) pipe(&(0x7f0000000200)) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x1618d1d7) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000003180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01080000e0030000000e02000000090001007300803000000000080002400000000214000000110001"], 0x50}}, 0x0) sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="200000000a0a01020000000000000000020000000900010073"], 0x20}}, 0x4000000) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000900)=[@in={0x2, 0x4ea1, @local}], 0x10) listen(0xffffffffffffffff, 0xfff) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r4, &(0x7f0000000100)={@val={0x2000}, @void, @eth={@broadcast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x0, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1}, {0x300, 0x0, 0x29, 0x0, @gue={{0x2}, "ebc7a1e0ff5befe1fdbc66e400d7e83306de422b4a81099bda"}}}}}}}, 0x4f) 4.044059505s ago: executing program 6 (id=2932): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = syz_open_dev$dvb_dvr(&(0x7f0000000000), 0x0, 0x0) ioctl$DVB_DVR_DMX_SET_BUFFER_SIZE(r1, 0x6f2d, 0x7fffffffffffffff) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000100)) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$DVB_DVR_DMX_SET_BUFFER_SIZE(r1, 0x6f2d, 0xcb) 3.966872874s ago: executing program 3 (id=2933): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) preadv(r0, &(0x7f0000000500)=[{&(0x7f0000001480)=""/14, 0xe}], 0xc, 0x0, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r1) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x8, 0x32, 0xffffffffffffffff, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c}}, 0x840) 3.949649617s ago: executing program 2 (id=2835): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0084f9679b", @ANYRES32, @ANYRES32, @ANYBLOB], 0x48) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000c, 0x2010, 0xffffffffffffffff, 0xa7a89000) syz_clone(0x81000000, 0x0, 0x0, 0x0, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0xc17a) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x9a, &(0x7f00000000c0)=ANY=[], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, &(0x7f0000000040)=0x8) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r4 = syz_open_dev$sndpcmc(&(0x7f0000000340), 0x1, 0x80) ioctl$SNDRV_PCM_IOCTL_UNLINK(r4, 0x4161, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) 2.697936793s ago: executing program 0 (id=2936): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x51}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000007c0)=@newqdisc={0x178, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x148, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "abcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e0179832927deecf7465ea95bd97b018b7afaccdcb28bb42d677b73c44e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236749b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ff7944f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990604b9f12033688caa0b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d600"}, @TCA_GRED_LIMIT={0x8, 0x5, 0x7}, @TCA_GRED_PARMS={0x38, 0x1, {0x0, 0x5, 0x642f, 0xa, 0xb, 0x4, 0x2, 0xc, 0x7, 0x2, 0x19, 0xc, 0x19, 0x1, 0x401, 0x81}}]}}]}, 0x178}}, 0x24008004) 2.608286278s ago: executing program 5 (id=2937): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x46, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000002280)={0x4c, 0x0, &(0x7f0000002100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0}) 2.574357242s ago: executing program 0 (id=2938): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000a00)=ANY=[@ANYBLOB="61050dfa02"], 0xe4) 2.341223753s ago: executing program 5 (id=2939): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) 2.195380233s ago: executing program 0 (id=2940): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8) r1 = accept(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397", 0xc}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f000000b680)={0x0, 0xffffffffffffffc3, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2}, 0x0) 2.194189321s ago: executing program 5 (id=2941): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa00, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000540), 0x200000b1, 0x8a681) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001100)={r0, 0x0, {0x0, 0x0, 0x0, 0x7ffc, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "244333791f045158d97405000000000000040000000100", [0xfffffffffeff7ffc]}}) ioctl$XFS_IOC_FD_TO_HANDLE(r1, 0x4c08, &(0x7f00000001c0)={r1, 0x0, 0x420a02, 0x0, 0x5, 0x0, 0x0}) 2.135799341s ago: executing program 6 (id=2942): socket$pppl2tp(0x18, 0x1, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x18002, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x3, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) unshare(0x8040480) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000280)={&(0x7f00000059c0), 0x0, 0x0, 0x0}) sendmsg$DEVLINK_CMD_SB_POOL_GET(r3, &(0x7f00000084c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000084}, 0x40080) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000040)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4000004) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000900)='/proc/keys\x00', 0x0, 0x0) read$FUSE(r6, &(0x7f0000002980)={0x2020}, 0x2020) ioctl$FBIOGET_FSCREENINFO(r6, 0x4602, &(0x7f0000000100)) sendmsg$NFT_BATCH(r5, 0x0, 0x0) r7 = dup(0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000b, 0x12, r7, 0x2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17) 2.031214703s ago: executing program 0 (id=2943): bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x50) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) syz_emit_ethernet(0x7e, &(0x7f00000000c0)=ANY=[@ANYBLOB="0180c20000000000000000000800450000700000000000019078ac1e0001ac1414aa0c0090780000000045800000000000000089000000000000ac141400443c0001ac1e0001000000000000000000000000ac1414aa000000000000200000000000ac14140000000000ffffffff00000000ac1414010000000000000000"], 0x0) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e24, 0x6bb, @ipv4={'\x00', '\xff\xff', @local}, 0x5}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r2, 0x0, 0x0) setsockopt$CAN_RAW_ERR_FILTER(r2, 0x65, 0x2, &(0x7f00000005c0)=0x1, 0x4) r3 = socket(0x1, 0x3, 0x0) write(r3, &(0x7f0000000000)="2400000011005f0414f9f4070009041f810000000e0000000000000008000f0001000000", 0x24) syz_emit_ethernet(0x3e, 0x0, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0xc, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000000)=0xb2, 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) 1.760407415s ago: executing program 5 (id=2944): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) syz_usb_connect$uac3(0x0, 0xa0, 0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) syz_open_dev$radio(0x0, 0x2, 0x2) epoll_create1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0x4452]}, 0x8, 0x800) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 1.44158504s ago: executing program 2 (id=2945): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) get_robust_list(r0, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) 1.425028685s ago: executing program 0 (id=2946): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r1, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r3, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x3c, r3, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x28, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xdb0c}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={0x1, &(0x7f00000001c0)="375dfa6d195fb0b393f28686ef1e0181530c61b7d305eaf8ea6485143a30741d1e3da9bcfc0301f58da0322126e0e6d5", &(0x7f0000000300)=""/94}, 0x20) pipe(&(0x7f0000000200)) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x1618d1d7) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000003180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01080000e0030000000e02000000090001007300803000000000080002400000000214000000110001"], 0x50}}, 0x0) sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="200000000a0a01020000000000000000020000000900010073"], 0x20}}, 0x4000000) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000900)=[@in={0x2, 0x4ea1, @local}], 0x10) listen(0xffffffffffffffff, 0xfff) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r4, &(0x7f0000000100)={@val={0x2000}, @void, @eth={@broadcast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x0, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1}, {0x300, 0x0, 0x29, 0x0, @gue={{0x2}, "ebc7a1e0ff5befe1fdbc66e400d7e83306de422b4a81099bda"}}}}}}}, 0x4f) 730.560353ms ago: executing program 6 (id=2947): add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) socket$inet(0xa, 0x801, 0x84) socketpair$unix(0x1, 0x3, 0x0, 0x0) r0 = socket(0x10, 0x80002, 0x0) syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpgrp(0x0) epoll_create1(0x80000) kcmp$KCMP_EPOLL_TFD(r1, 0x0, 0x7, r0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r2 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000200)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e24, 0x0, @private1}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000000c0)={0xfd, 0x0, 0xfe, 0x22, 0x0, 0x7, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3}, 0xe) recvmmsg(r3, &(0x7f0000000840), 0x0, 0x0, 0x0) 698.934013ms ago: executing program 0 (id=2948): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x46, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000002280)={0x4c, 0x0, &(0x7f0000002100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0}) 698.630825ms ago: executing program 5 (id=2949): syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0) ioctl$COMEDI_CMD(r0, 0x80506409, &(0x7f0000000180)={0x1, 0x80, 0x80, 0xd, 0x10, 0x3e8, 0x2, 0x0, 0x20, 0x1, 0x20, 0xffffffff, &(0x7f0000000600)=[0x7], 0x1, 0x0}) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x8000, 0x0) syz_open_dev$radio(&(0x7f0000000340), 0x3, 0x2) syz_open_dev$tty1(0xc, 0x4, 0x1) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x1000000, 0x8000, 0x4, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x3, 0x0, 0xf, 0x80000006}, 0x0, 0x0) 327.64975ms ago: executing program 2 (id=2950): socket(0x10, 0x2, 0x0) epoll_create1(0x0) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="1400000002010500000000000081000000000008"], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x8, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0xc7c, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0xfff, 0x8, 0x80000001, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x4005, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x8922, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) pipe2(&(0x7f0000000580), 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000540)="54b17a07", 0x4}], 0x1, &(0x7f0000000200)=[@txtime={{0x18, 0x1, 0x3d, 0x6}}], 0x18}}], 0x1, 0x20000000) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x2, 0x0, 0x4}}, 0x2e) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 0s ago: executing program 2 (id=2951): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) kernel console output (not intermixed with test programs): 11.661445][T11043] netlink: 'syz.0.1823': attribute type 11 has an invalid length. [ 311.842339][ T29] audit: type=1400 audit(1778935384.672:540): avc: denied { setopt } for pid=11051 comm="syz.0.1826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 311.896725][ T29] audit: type=1400 audit(1778935384.672:541): avc: denied { getopt } for pid=11051 comm="syz.0.1826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 311.952802][ T29] audit: type=1400 audit(1778935384.772:542): avc: denied { write } for pid=11020 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 312.074188][ T29] audit: type=1400 audit(1778935384.902:543): avc: denied { connect } for pid=11060 comm="syz.4.1827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 312.165687][T11072] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11072 comm=syz.4.1827 [ 312.171838][ T29] audit: type=1400 audit(1778935384.942:544): avc: denied { read } for pid=11060 comm="syz.4.1827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 312.232342][ T29] audit: type=1400 audit(1778935385.052:545): avc: denied { write } for pid=11067 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 312.323721][ T29] audit: type=1400 audit(1778935385.112:546): avc: denied { write } for pid=11060 comm="syz.4.1827" path="socket:[30318]" dev="sockfs" ino=30318 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 312.354302][T11061] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1827'. [ 312.451869][T11085] netlink: 'syz.2.1836': attribute type 11 has an invalid length. [ 312.528585][ T29] audit: type=1400 audit(1778935385.362:547): avc: denied { write } for pid=11088 comm="syz.3.1837" path="socket:[30367]" dev="sockfs" ino=30367 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 312.759116][T11095] RDS: rds_bind could not find a transport for ::ffff:100.1.1.0, load rds_tcp or rds_rdma? [ 312.813918][T11089] bridge0: entered allmulticast mode [ 313.887157][T11160] netlink: 220 bytes leftover after parsing attributes in process `syz.5.1855'. [ 313.903781][T11160] netlink: 'syz.5.1855': attribute type 2 has an invalid length. [ 314.086624][T11173] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1860'. [ 314.197745][T11178] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1861'. [ 314.223028][ T5719] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 314.384468][ T5719] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 314.413086][ T5719] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 314.427724][ T5719] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 314.438152][ T5719] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.460334][ T5719] usb 6-1: config 0 descriptor?? [ 314.641301][T11203] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1500) ! [ 314.795184][T11212] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1875'. [ 314.866427][T11217] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1878'. [ 314.882772][ T5719] usbhid 6-1:0.0: can't add hid device: -71 [ 314.892610][ T5719] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 314.913194][ T5719] usb 6-1: USB disconnect, device number 5 [ 315.222523][T11230] netlink: 798 bytes leftover after parsing attributes in process `syz.0.1879'. [ 315.871952][T11243] syzkaller0: entered promiscuous mode [ 315.882132][T11243] syzkaller0: entered allmulticast mode [ 315.932560][T11247] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1891'. [ 316.065289][T11256] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1894'. [ 316.332287][T11251] bridge_slave_0 (unregistering): left allmulticast mode [ 316.343972][T11251] bridge_slave_0 (unregistering): left promiscuous mode [ 316.351085][T11251] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.409037][T11272] syzkaller0: entered promiscuous mode [ 316.414708][T11272] syzkaller0: entered allmulticast mode [ 316.705603][T11280] netlink: 798 bytes leftover after parsing attributes in process `syz.2.1900'. [ 316.813584][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.819972][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.182354][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802137b000: rx timeout, send abort [ 317.197979][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 317.197994][ T29] audit: type=1400 audit(1778935390.032:556): avc: denied { read } for pid=4961 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 317.235210][ T29] audit: type=1400 audit(1778935390.032:557): avc: denied { search } for pid=4961 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 317.258849][ T29] audit: type=1400 audit(1778935390.032:558): avc: denied { write search } for pid=4961 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 317.286693][ T29] audit: type=1400 audit(1778935390.032:559): avc: denied { add_name } for pid=4961 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 317.291726][T11288] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1905'. [ 317.314254][ T29] audit: type=1400 audit(1778935390.032:560): avc: denied { create } for pid=4961 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 317.431767][ T29] audit: type=1400 audit(1778935390.032:561): avc: denied { append open } for pid=4961 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 317.456794][ T29] audit: type=1400 audit(1778935390.032:562): avc: denied { getattr } for pid=4961 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 317.643596][ T29] audit: type=1400 audit(1778935390.482:563): avc: denied { ioctl } for pid=11299 comm="syz.0.1910" path="socket:[32871]" dev="sockfs" ino=32871 ioctlcmd=0x8927 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 317.667086][T11300] Bluetooth: MGMT ver 1.23 [ 317.692694][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802137b000: abort rx timeout. Force session deactivation [ 317.772714][ T29] audit: type=1400 audit(1778935390.602:564): avc: denied { execute } for pid=11302 comm="syz.0.1912" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=32876 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 317.809653][T11305] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 317.809755][T11307] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1913'. [ 317.827922][ T29] audit: type=1400 audit(1778935390.662:565): avc: denied { write } for pid=11302 comm="syz.0.1912" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 317.840254][T11307] xfrm1: entered promiscuous mode [ 317.858452][T11307] xfrm1: entered allmulticast mode [ 317.870654][T11307] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1913'. [ 317.938155][T11305] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1911'. [ 317.950548][T11307] bond2: entered promiscuous mode [ 317.961750][T11307] 8021q: adding VLAN 0 to HW filter on device bond2 [ 318.614757][T11340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1923'. [ 319.047295][T11359] netlink: 207952 bytes leftover after parsing attributes in process `syz.5.1931'. [ 319.116644][T11359] IPVS: set_ctl: invalid protocol: 50 224.0.0.2:0 [ 319.334262][T11377] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1940'. [ 319.467778][T11380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 319.552224][T11381] netlink: 798 bytes leftover after parsing attributes in process `syz.2.1939'. [ 320.218857][T11393] netlink: 'syz.3.1946': attribute type 1 has an invalid length. [ 320.272851][T11394] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 320.308890][T11397] siw: device registration error -23 [ 320.317746][T11397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1948'. [ 320.583019][ C0] vcan0: j1939_tp_rxtimer: 0xffff888076503800: rx timeout, send abort [ 320.760130][T11424] siw: device registration error -23 [ 320.933329][T11430] bond4: entered promiscuous mode [ 320.950507][T11430] 8021q: adding VLAN 0 to HW filter on device bond4 [ 321.091273][ C0] vcan0: j1939_tp_rxtimer: 0xffff888076503800: abort rx timeout. Force session deactivation [ 321.213989][ T5814] IPVS: starting estimator thread 0... [ 321.232854][T11453] netlink: 'syz.0.1974': attribute type 11 has an invalid length. [ 321.335906][T11458] IPVS: using max 44 ests per chain, 105600 per kthread [ 321.354708][T11468] IPv6: addrconf: prefix option has invalid lifetime [ 321.362560][T11468] IPv6: addrconf: prefix option has invalid lifetime [ 321.852358][T11495] sctp: [Deprecated]: syz.5.1992 (pid 11495) Use of int in max_burst socket option deprecated. [ 321.852358][T11495] Use struct sctp_assoc_value instead [ 322.047972][T11507] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 322.048010][T11508] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=11508 comm=syz.5.1995 [ 322.061377][T11507] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 322.210625][T11510] __nla_validate_parse: 5 callbacks suppressed [ 322.210643][T11510] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1999'. [ 322.401128][T11527] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 322.407665][T11527] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 322.424025][T11533] openvswitch: netlink: nsh attr 0 has unexpected len 6 expected 0 [ 322.432429][T11527] vhci_hcd vhci_hcd.0: Device attached [ 322.441671][T11533] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 322.467262][T11534] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 322.473896][T11534] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 322.490646][T11538] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2008'. [ 322.490669][T11527] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 322.512038][T11534] vhci_hcd vhci_hcd.0: Device attached [ 322.534831][T11527] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(14) [ 322.541480][T11527] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 322.555237][T11527] vhci_hcd vhci_hcd.0: Device attached [ 322.564901][T11527] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 322.575049][T11542] rdma_rxe: rxe_newlink: failed to add bond0 [ 322.584965][T11527] vhci_hcd vhci_hcd.0: pdev(3) rhport(4) sockfd(18) [ 322.586360][T11544] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 322.591584][T11527] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 322.608548][T11527] vhci_hcd vhci_hcd.0: Device attached [ 322.614312][T11544] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 322.673019][ T5719] usb 39-1: new low-speed USB device number 3 using vhci_hcd [ 322.681122][ T5613] Bluetooth: hci1: unexpected event for opcode 0x0c03 [ 322.788862][ T5613] Bluetooth: hci5: link tx timeout [ 322.799008][ T5613] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa [ 322.811423][ T5613] Bluetooth: hci5: link tx timeout [ 322.816862][ T5613] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 322.829623][T11558] netlink: 'syz.2.2016': attribute type 1 has an invalid length. [ 322.837784][T11558] netlink: 1388 bytes leftover after parsing attributes in process `syz.2.2016'. [ 323.047514][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 323.047529][ T29] audit: type=1400 audit(1778935395.882:571): avc: denied { bind } for pid=11561 comm="syz.5.2018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 323.138565][T11571] rdma_rxe: rxe_newlink: failed to add bond0 [ 323.326811][T11581] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2027'. [ 323.348176][T11581] xfrm1: entered promiscuous mode [ 323.353731][T11581] xfrm1: entered allmulticast mode [ 323.359346][T11581] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2027'. [ 323.379176][T11582] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2027'. [ 323.420765][T11582] bond5: entered promiscuous mode [ 323.426558][T11582] 8021q: adding VLAN 0 to HW filter on device bond5 [ 323.488291][T11590] mac80211_hwsim hwsim7 syzkaller0: entered promiscuous mode [ 323.495900][T11590] mac80211_hwsim hwsim7 syzkaller0: entered allmulticast mode [ 323.508769][T11591] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=11591 comm=syz.5.2029 [ 324.647672][T11618] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2042'. [ 324.685589][ T29] audit: type=1400 audit(1778935397.522:572): avc: denied { create } for pid=11617 comm="syz.0.2042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 324.709498][ T29] audit: type=1400 audit(1778935397.552:573): avc: denied { write } for pid=11617 comm="syz.0.2042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 324.739187][T11527] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 324.755225][T11535] vhci_hcd: connection closed [ 324.755482][ T7570] vhci_hcd vhci_hcd.3: stop threads [ 324.755882][T11539] vhci_hcd: connection closed [ 324.760219][T11528] vhci_hcd: connection reset by peer [ 324.761296][ T7570] vhci_hcd vhci_hcd.3: release socket [ 324.765927][T11545] vhci_hcd: connection closed [ 324.781670][ T7570] vhci_hcd vhci_hcd.3: disconnect device [ 324.803161][ T7570] vhci_hcd vhci_hcd.3: stop threads [ 324.811187][ T7570] vhci_hcd vhci_hcd.3: release socket [ 324.823330][ T7570] vhci_hcd vhci_hcd.3: disconnect device [ 324.834251][ T7570] vhci_hcd vhci_hcd.3: stop threads [ 324.845302][ T7570] vhci_hcd vhci_hcd.3: release socket [ 324.850833][ T7570] vhci_hcd vhci_hcd.3: disconnect device [ 324.858861][ T7570] vhci_hcd vhci_hcd.3: stop threads [ 324.864437][ T7570] vhci_hcd vhci_hcd.3: release socket [ 324.869907][ T7570] vhci_hcd vhci_hcd.3: disconnect device [ 324.878402][ T5613] Bluetooth: hci5: command 0x0406 tx timeout [ 325.287042][T11646] netlink: 'syz.0.2054': attribute type 10 has an invalid length. [ 325.300508][T11646] team0: Port device veth1_to_hsr added [ 325.614564][ T5726] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 325.775935][T11651] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2056'. [ 325.861895][T11656] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2059'. [ 325.872096][T11656] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2059'. [ 325.885599][ T5726] usb 3-1: Using ep0 maxpacket: 16 [ 325.905136][ T5726] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 325.924485][ T5726] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 325.934328][T11656] bond6: entered promiscuous mode [ 325.940831][T11656] 8021q: adding VLAN 0 to HW filter on device bond6 [ 326.021363][ T5726] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 326.030604][ T5726] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.053601][ T5726] usb 3-1: config 0 descriptor?? [ 326.185904][T11674] netlink: 'syz.0.2066': attribute type 1 has an invalid length. [ 326.953065][ T5613] Bluetooth: hci5: command 0x0406 tx timeout [ 327.823479][ T5719] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 327.981579][T11707] __nla_validate_parse: 3 callbacks suppressed [ 327.981599][T11707] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2074'. [ 327.991343][T11713] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 328.011725][T11707] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2074'. [ 328.023215][T11707] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2074'. [ 328.065247][T11707] pimreg: tun_chr_ioctl cmd 35111 [ 328.307477][ T5613] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 328.322881][ T5613] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 328.331312][ T5613] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 328.346721][ T5613] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 328.354865][ T5613] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 328.396838][ T5726] usb 3-1: USB disconnect, device number 15 [ 329.167083][ T805] usb usb40-port1: attempt power cycle [ 329.705772][T11758] openvswitch: netlink: Missing valid actions attribute. [ 329.712977][T11758] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 329.903944][ T805] usb usb40-port1: unable to enumerate USB device [ 330.166495][ T29] audit: type=1400 audit(1778935403.002:574): avc: denied { accept } for pid=11769 comm="syz.2.2092" laddr=::ffff:172.20.20.170 lport=40436 faddr=::ffff:172.20.20.170 fport=20129 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 330.252047][T11721] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.259418][T11721] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.266839][T11784] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2097'. [ 330.267532][T11721] bridge_slave_0: entered allmulticast mode [ 330.283583][T11721] bridge_slave_0: entered promiscuous mode [ 330.291854][T11721] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.299244][T11721] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.306848][T11721] bridge_slave_1: entered allmulticast mode [ 330.314239][T11721] bridge_slave_1: entered promiscuous mode [ 330.350931][T11721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 330.392893][T11721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 330.393143][ T5613] Bluetooth: hci6: command tx timeout [ 330.474616][T11721] team0: Port device team_slave_0 added [ 330.491961][T11721] team0: Port device team_slave_1 added [ 330.562371][T11721] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 330.570635][T11721] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 330.597567][T11721] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 330.610359][T11721] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 330.617610][T11721] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 330.644318][T11721] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 330.736133][T11721] hsr_slave_0: entered promiscuous mode [ 330.742672][T11721] hsr_slave_1: entered promiscuous mode [ 330.750034][T11721] debugfs: 'hsr0' already exists in 'hsr' [ 330.756896][T11721] Cannot create hsr debugfs directory [ 330.774278][T11790] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 331.308323][T11724] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 331.407902][T11721] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 331.462783][T11721] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 331.492750][T11721] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 331.519056][T11721] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 331.536143][T11721] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 331.544515][T11804] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2107'. [ 331.558053][T11721] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 331.580053][T11721] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 331.610854][T11721] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 331.794502][T11721] 8021q: adding VLAN 0 to HW filter on device bond0 [ 331.821244][T11818] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2111'. [ 331.824315][T11721] 8021q: adding VLAN 0 to HW filter on device team0 [ 331.842087][T11816] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 331.851079][ T7570] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.859755][ T7570] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.871912][T11819] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2111'. [ 331.876705][ T7570] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.888001][ T7570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 331.966159][T11819] bond3: entered promiscuous mode [ 331.971740][T11819] 8021q: adding VLAN 0 to HW filter on device bond3 [ 332.333290][T11844] binder: 11843:11844 ioctl 4018620d 0 returned -22 [ 332.420320][T11849] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 332.430133][T11852] netlink: 'syz.3.2122': attribute type 1 has an invalid length. [ 332.438545][T11852] netlink: 1384 bytes leftover after parsing attributes in process `syz.3.2122'. [ 332.474037][ T5613] Bluetooth: hci6: command tx timeout [ 332.520983][T11856] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2124'. [ 332.538423][T11858] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2125'. [ 332.599216][T11858] bond7: entered promiscuous mode [ 332.605290][T11858] 8021q: adding VLAN 0 to HW filter on device bond7 [ 332.689459][T11721] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 332.947795][T11884] block nbd0: not configured, cannot reconfigure [ 332.960158][ T29] audit: type=1400 audit(1778935405.792:575): avc: denied { ioctl } for pid=11880 comm="syz.3.2131" path="socket:[35105]" dev="sockfs" ino=35105 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 333.011256][T11721] veth0_vlan: entered promiscuous mode [ 333.027011][T11721] veth1_vlan: entered promiscuous mode [ 333.056723][T11891] __nla_validate_parse: 3 callbacks suppressed [ 333.056739][T11891] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2133'. [ 333.081183][T11721] veth0_macvtap: entered promiscuous mode [ 333.096696][T11721] veth1_macvtap: entered promiscuous mode [ 333.133748][T11721] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 333.151075][T11721] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 333.164913][ T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.174675][ T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.195852][ T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.216566][ T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.109417][ T29] audit: type=1400 audit(1778935406.942:576): avc: denied { create } for pid=11921 comm="syz.0.2146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 334.129944][ T29] audit: type=1400 audit(1778935406.942:577): avc: denied { ioctl } for pid=11921 comm="syz.0.2146" path="socket:[34669]" dev="sockfs" ino=34669 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 334.553098][ T5613] Bluetooth: hci6: command tx timeout [ 335.817846][ T29] audit: type=1400 audit(1778935408.652:578): avc: denied { ioctl } for pid=11929 comm="syz.0.2148" path="socket:[35205]" dev="sockfs" ino=35205 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 335.865791][T11932] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2149'. [ 336.117382][T11893] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 336.176217][ T84] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.208733][ T84] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.314376][ T8206] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.338838][ T8206] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.479047][T11948] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2156'. [ 336.610417][T11957] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2159'. [ 336.643164][ T5613] Bluetooth: hci6: command tx timeout [ 336.983134][ T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 337.155031][ T10] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0xE has invalid maxpacket 1024 [ 337.177761][ T10] usb 6-1: New USB device found, idVendor=1430, idProduct=474b, bcdDevice= 0.40 [ 337.189617][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.198376][ T10] usb 6-1: Product: syz [ 337.202545][ T10] usb 6-1: Manufacturer: syz [ 337.207201][ T10] usb 6-1: SerialNumber: syz [ 337.215556][T11965] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 337.596692][ T10] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 337.604352][ T10] usb 6-1: MIDIStreaming interface descriptor not found [ 337.633703][ T10] usb 6-1: USB disconnect, device number 6 [ 338.165616][T11977] siw: device registration error -23 [ 338.176207][T11977] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2163'. [ 338.322013][T11981] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2165'. [ 338.331736][T11981] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2165'. [ 338.342204][T11981] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2165'. [ 338.361624][T11981] bond4: entered promiscuous mode [ 338.367334][T11981] 8021q: adding VLAN 0 to HW filter on device bond4 [ 338.465428][T11985] batman_adv: batadv0: Adding interface: dummy0 [ 338.471732][T11985] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 338.497627][T11985] batman_adv: batadv0: Interface activated: dummy0 [ 338.521864][T11985] batadv0: mtu less than device minimum [ 338.528289][T11985] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 338.540367][T11985] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 338.551291][T11985] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 338.562103][T11985] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 338.574834][T11985] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 338.585715][T11985] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 338.596855][T11985] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 338.607699][T11985] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 338.618691][T11985] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 339.578117][T11955] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 339.600743][T11963] block nbd0: NBD_DISCONNECT [ 339.825578][T11993] wg1: entered promiscuous mode [ 339.843005][T11993] wg1: entered allmulticast mode [ 340.066277][T12005] siw: device registration error -23 [ 340.086802][T12005] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2174'. [ 340.255801][T12019] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2179'. [ 340.443202][T12027] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2181'. [ 340.603024][ T29] audit: type=1400 audit(1778935413.422:579): avc: denied { getopt } for pid=12020 comm="syz.0.2180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 341.012651][T12048] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2187'. [ 341.239679][T12054] siw: device registration error -23 [ 341.248126][T12054] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2190'. [ 341.553507][T12065] mac80211_hwsim hwsim13 syzkaller0: entered promiscuous mode [ 341.570620][T12065] mac80211_hwsim hwsim13 syzkaller0: entered allmulticast mode [ 341.694106][T12071] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2198'. [ 342.962449][T12100] mac80211_hwsim hwsim9 syzkaller0: entered promiscuous mode [ 342.970597][T12100] mac80211_hwsim hwsim9 syzkaller0: entered allmulticast mode [ 343.060197][T12009] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 343.512540][T12124] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 344.405533][T12137] tipc: Started in network mode [ 344.420727][T12137] tipc: Node identity ac14140f, cluster identity 4711 [ 344.435550][T12137] tipc: New replicast peer: 255.255.255.255 [ 344.448790][T12137] tipc: Enabled bearer , priority 10 [ 345.630761][ T5726] tipc: Node number set to 2886997007 [ 345.701820][T12174] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 345.940884][T12177] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2231'. [ 347.552751][T12146] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 347.909674][T12198] binder: 12197:12198 ioctl 40046205 0 returned -22 [ 348.924297][T12216] net_ratelimit: 11 callbacks suppressed [ 348.924316][T12216] openvswitch: netlink: nsh attribute has 16 unknown bytes. [ 348.957170][T12216] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 349.126531][T12223] syzkaller0: entered promiscuous mode [ 349.143009][T12223] syzkaller0: entered allmulticast mode [ 349.666170][T12243] tipc: Started in network mode [ 349.678776][T12243] tipc: Node identity ac14140f, cluster identity 4711 [ 349.695584][T12243] tipc: New replicast peer: 255.255.255.255 [ 349.709826][T12243] tipc: Enabled bearer , priority 10 [ 350.827087][ T5712] tipc: Node number set to 2886997007 [ 351.421118][T12290] netlink: 'syz.3.2273': attribute type 11 has an invalid length. [ 352.189846][T12297] syzkaller0: entered promiscuous mode [ 352.197172][T12297] syzkaller0: entered allmulticast mode [ 353.571753][T12327] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”ÎÜr$åG—•µ' [ 353.582506][T12327] CPU: 0 UID: 0 PID: 12327 Comm: syz.2.2285 Not tainted syzkaller #0 PREEMPT(full) [ 353.582536][T12327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 353.582547][T12327] Call Trace: [ 353.582554][T12327] [ 353.582562][T12327] dump_stack_lvl+0x100/0x190 [ 353.582591][T12327] sysfs_warn_dup.cold+0x1c/0x28 [ 353.582620][T12327] sysfs_do_create_link_sd+0x113/0x140 [ 353.582647][T12327] sysfs_create_link+0x61/0xc0 [ 353.582671][T12327] device_add+0x675/0x1950 [ 353.582698][T12327] ? __pfx_device_add+0x10/0x10 [ 353.582720][T12327] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 353.582746][T12327] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 353.582773][T12327] wiphy_register+0x1edd/0x2d90 [ 353.582797][T12327] ? __rtnl_unlock+0xb9/0xf0 [ 353.582827][T12327] ? __pfx_wiphy_register+0x10/0x10 [ 353.582852][T12327] ? __asan_memset+0x23/0x50 [ 353.582879][T12327] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 353.582921][T12327] ieee80211_register_hw+0x3055/0x4570 [ 353.582961][T12327] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 353.582990][T12327] ? __pfx___debug_object_init+0x10/0x10 [ 353.583029][T12327] ? find_held_lock+0x2b/0x80 [ 353.583051][T12327] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 353.583075][T12327] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 353.583100][T12327] ? __hrtimer_setup+0x208/0x330 [ 353.583133][T12327] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 353.583184][T12327] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 353.583220][T12327] ? __asan_memcpy+0x3c/0x60 [ 353.583252][T12327] hwsim_new_radio_nl+0xc5f/0x1370 [ 353.583283][T12327] ? rcu_is_watching+0x12/0xc0 [ 353.583314][T12327] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 353.583353][T12327] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 353.583386][T12327] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 353.583422][T12327] genl_family_rcv_msg_doit+0x214/0x300 [ 353.583455][T12327] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 353.583495][T12327] ? bpf_lsm_capable+0x9/0x10 [ 353.583514][T12327] ? security_capable+0x80/0x260 [ 353.583536][T12327] ? ns_capable+0xd2/0xf0 [ 353.583564][T12327] genl_rcv_msg+0x560/0x800 [ 353.583596][T12327] ? __pfx_genl_rcv_msg+0x10/0x10 [ 353.583626][T12327] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 353.583657][T12327] ? trace_reschedule_exit.constprop.0+0x6b/0x220 [ 353.583689][T12327] netlink_rcv_skb+0x159/0x420 [ 353.583716][T12327] ? __pfx_genl_rcv_msg+0x10/0x10 [ 353.583746][T12327] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 353.583782][T12327] ? rcu_is_watching+0x12/0xc0 [ 353.583818][T12327] genl_rcv+0x28/0x40 [ 353.583844][T12327] netlink_unicast+0x585/0x850 [ 353.583875][T12327] ? __pfx_netlink_unicast+0x10/0x10 [ 353.583909][T12327] netlink_sendmsg+0x8b0/0xda0 [ 353.583940][T12327] ? __pfx_netlink_sendmsg+0x10/0x10 [ 353.583969][T12327] ? __pfx_netlink_sendmsg+0x10/0x10 [ 353.584000][T12327] ____sys_sendmsg+0x9e1/0xb70 [ 353.584031][T12327] ? __pfx_netlink_sendmsg+0x10/0x10 [ 353.584061][T12327] ? __pfx_____sys_sendmsg+0x10/0x10 [ 353.584086][T12327] ? do_raw_spin_unlock+0x145/0x1e0 [ 353.584129][T12327] ___sys_sendmsg+0x190/0x1e0 [ 353.584159][T12327] ? __pfx____sys_sendmsg+0x10/0x10 [ 353.584222][T12327] __sys_sendmsg+0x170/0x220 [ 353.584245][T12327] ? __pfx___sys_sendmsg+0x10/0x10 [ 353.584278][T12327] ? rcu_is_watching+0x12/0xc0 [ 353.584314][T12327] do_syscall_64+0x10b/0xf80 [ 353.584341][T12327] ? clear_bhb_loop+0x40/0x90 [ 353.584365][T12327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.584384][T12327] RIP: 0033:0x7f393939ce59 [ 353.584402][T12327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 353.584421][T12327] RSP: 002b:00007f393a2fd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 353.584440][T12327] RAX: ffffffffffffffda RBX: 00007f3939616180 RCX: 00007f393939ce59 [ 353.584452][T12327] RDX: 0000000004000010 RSI: 0000200000000100 RDI: 000000000000000b [ 353.584464][T12327] RBP: 00007f3939432d6f R08: 0000000000000000 R09: 0000000000000000 [ 353.584475][T12327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 353.584486][T12327] R13: 00007f3939616218 R14: 00007f3939616180 R15: 00007fffe36b5c88 [ 353.584511][T12327] [ 354.471494][T12341] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2293'. [ 354.641318][T12350] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2296'. [ 354.734109][T12350] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 355.480511][T12372] PKCS7: Unknown OID: [4] 0.0 [ 355.485600][T12372] PKCS7: Only support pkcs7_signedData type [ 355.586802][ T29] audit: type=1400 audit(1778935428.332:580): avc: denied { bind } for pid=12360 comm="syz.0.2299" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 355.743224][T12377] kvm: Disabled LAPIC found during irq injection [ 355.866367][T12380] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2307'. [ 356.042241][T12386] faux_driver vkms: [drm] Unknown color mode 11; guessing buffer size. [ 356.117212][T12390] netlink: 248 bytes leftover after parsing attributes in process `syz.2.2312'. [ 356.279017][ T29] audit: type=1400 audit(1778935429.112:581): avc: denied { read } for pid=12395 comm="syz.5.2314" path="socket:[37458]" dev="sockfs" ino=37458 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 356.387456][ T29] audit: type=1400 audit(1778935429.222:582): avc: denied { read } for pid=12395 comm="syz.5.2314" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 356.839282][ T29] audit: type=1400 audit(1778935429.562:583): avc: denied { write } for pid=12395 comm="syz.5.2314" path="socket:[36496]" dev="sockfs" ino=36496 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 357.161138][T12417] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2319'. [ 358.403201][ T5805] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 358.602306][ T5805] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 358.647531][ T5805] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 359.125856][ T5805] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 359.135327][ T5805] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.146601][ T5805] usb 7-1: config 0 descriptor?? [ 359.674847][T12444] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2331'. [ 360.268838][T12459] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2332'. [ 361.757946][ T805] usb 7-1: USB disconnect, device number 2 [ 362.047695][T12486] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2341'. [ 362.087944][T12486] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 362.140472][T12489] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2343'. [ 362.397612][T12499] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2348'. [ 362.408956][T12501] block nbd2: NBD_DISCONNECT [ 362.483391][ T5726] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 362.645911][T12513] siw: device registration error -23 [ 362.652872][T12513] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2354'. [ 362.674596][ T5726] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 362.691763][ T5726] usb 6-1: config 0 has no interfaces? [ 362.699584][ T5726] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 362.709202][ T5726] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 362.718164][ T5726] usb 6-1: Product: syz [ 362.722434][ T5726] usb 6-1: Manufacturer: syz [ 362.734998][ T5726] usb 6-1: config 0 descriptor?? [ 362.952027][T12494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 362.969624][T12521] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2356'. [ 362.978804][T12494] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 363.108356][T12526] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x10) [ 363.152262][ T936] usb 6-1: USB disconnect, device number 7 [ 363.201953][T12530] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2359'. [ 363.268864][T12534] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 363.286712][T12534] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 363.313359][T12536] netlink: 'syz.0.2362': attribute type 13 has an invalid length. [ 363.469482][T12537] mac80211_hwsim hwsim7 syzkaller0: Caught tx_queue_len zero misconfig [ 363.627897][T12544] siw: device registration error -23 [ 363.644447][T12544] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2365'. [ 364.559055][ T5726] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 364.593308][T12569] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 364.609465][T12569] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 364.734550][ T5726] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0xE has invalid maxpacket 1024 [ 364.766882][ T5726] usb 4-1: New USB device found, idVendor=1430, idProduct=474b, bcdDevice= 0.40 [ 364.794914][ T5726] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.827235][ T5726] usb 4-1: Product: syz [ 364.838340][ T5726] usb 4-1: Manufacturer: syz [ 364.851210][ T5726] usb 4-1: SerialNumber: syz [ 364.858023][T12576] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.895892][T12557] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 364.966528][T12578] siw: device registration error -23 [ 364.975189][T12578] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2378'. [ 365.361592][ T5726] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 365.368614][ T5726] usb 4-1: MIDIStreaming interface descriptor not found [ 365.437317][ T805] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 365.603147][ T805] usb 6-1: Using ep0 maxpacket: 32 [ 365.610353][ T805] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 365.632255][ T805] usb 6-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 365.677319][ T5726] usb 4-1: USB disconnect, device number 18 [ 365.679224][ T805] usb 6-1: config 0 interface 0 has no altsetting 0 [ 365.725368][ T805] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 365.738376][ T805] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.752318][ T805] usb 6-1: Product: syz [ 365.767216][ T805] usb 6-1: Manufacturer: syz [ 365.780993][ T805] usb 6-1: SerialNumber: syz [ 365.801479][ T805] usb 6-1: config 0 descriptor?? [ 365.953793][T12593] syzkaller0: entered promiscuous mode [ 365.956872][T12595] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2384'. [ 365.959410][T12593] syzkaller0: entered allmulticast mode [ 366.248788][ T805] gs_usb 6-1:0.0: Configuring for 176 interfaces [ 369.700709][ T805] gs_usb 6-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO) [ 369.839833][ T805] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -71 [ 369.883262][ T805] usb 6-1: USB disconnect, device number 8 [ 371.978176][T12661] batman_adv: batadv0: Adding interface: dummy0 [ 371.995605][T12661] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 372.080925][T12661] batman_adv: batadv0: Interface activated: dummy0 [ 372.334283][T12691] netlink: 'syz.3.2419': attribute type 13 has an invalid length. [ 372.483245][T12686] ALSA: mixer_oss: invalid OSS volume '' [ 372.935709][T12695] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 372.973328][T12708] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 373.809693][T12722] syzkaller0: entered promiscuous mode [ 373.825616][T12722] syzkaller0: entered allmulticast mode [ 373.828983][ T48] Bluetooth: Error in BCSP hdr checksum [ 374.002612][T12733] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2429'. [ 374.173985][T12734] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2431'. [ 375.356949][ T5613] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 376.154442][T12746] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2434'. [ 376.201353][T12754] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 376.371914][T12764] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 376.860164][T12786] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2446'. [ 377.019322][T12790] netlink: 'syz.2.2448': attribute type 13 has an invalid length. [ 377.099371][T12795] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 377.292162][T12803] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=12803 comm=syz.0.2451 [ 377.578807][T12808] RDS: rds_bind could not find a transport for ::ffff:100.1.1.0, load rds_tcp or rds_rdma? [ 378.237255][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.243989][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.780388][ T5613] Bluetooth: hci6: command tx timeout [ 379.427941][T12858] batman_adv: batadv0: Adding interface: dummy0 [ 379.441016][T12858] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 379.519983][T12858] batman_adv: batadv0: Interface activated: dummy0 [ 379.540038][T12858] batadv0: mtu less than device minimum [ 379.546916][T12858] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 379.558230][T12858] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 379.569604][T12858] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 379.580951][T12858] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 379.592314][T12858] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 379.605162][T12858] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 379.616504][T12858] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 379.627851][T12858] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 379.639219][T12858] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 379.987208][ T162] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 380.101579][ T162] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 380.134412][ T162] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 380.150877][ T162] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 381.283171][ T5726] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 381.453583][ T5726] usb 3-1: Using ep0 maxpacket: 16 [ 381.484934][ T5726] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 381.504873][ T5726] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.544109][ T5726] usb 3-1: Product: syz [ 381.562232][ T5726] usb 3-1: Manufacturer: syz [ 381.578888][ T5726] usb 3-1: SerialNumber: syz [ 381.844019][ T5726] usb 3-1: config 0 descriptor?? [ 381.871306][ T5726] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 382.068089][T12926] lo: Caught tx_queue_len zero misconfig [ 382.489310][T12933] netlink: 220 bytes leftover after parsing attributes in process `syz.0.2497'. [ 382.499133][T12933] netlink: 'syz.0.2497': attribute type 2 has an invalid length. [ 382.768663][T12945] batman_adv: batadv0: Adding interface: dummy0 [ 382.784111][ C1] vcan0: j1939_tp_rxtimer: 0xffff888055d85800: rx timeout, send abort [ 382.793003][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880555ef000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 382.823099][T12945] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 382.874089][T12945] batman_adv: batadv0: Interface activated: dummy0 [ 383.001380][ T29] audit: type=1400 audit(1778935455.832:584): avc: denied { read write } for pid=12948 comm="syz.6.2502" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 383.031294][ T29] audit: type=1400 audit(1778935455.872:585): avc: denied { open } for pid=12948 comm="syz.6.2502" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 383.292357][ C1] vcan0: j1939_tp_rxtimer: 0xffff888055d85800: abort rx timeout. Force session deactivation [ 383.313302][ T5726] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71 [ 383.391365][ T5726] usb 3-1: USB disconnect, device number 16 [ 383.880229][T12969] netlink: 260 bytes leftover after parsing attributes in process `syz.0.2509'. [ 383.907397][ T29] audit: type=1400 audit(1778935456.742:586): avc: denied { read } for pid=12964 comm="syz.3.2508" path="socket:[38674]" dev="sockfs" ino=38674 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 384.093014][ T5726] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 384.193697][T12982] netlink: 'syz.5.2514': attribute type 13 has an invalid length. [ 384.254145][ T5726] usb 7-1: Using ep0 maxpacket: 16 [ 384.310175][ T5726] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 384.390689][ T5726] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 384.475045][ T5726] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.661363][ T5726] usb 7-1: config 0 descriptor?? [ 385.185296][ T5726] mcp2221 0003:04D8:00DD.000E: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0 [ 385.212592][T12988] mac80211_hwsim hwsim13 syzkaller0: Caught tx_queue_len zero misconfig [ 385.383098][ T29] audit: type=1326 audit(1778935458.202:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13004 comm="syz.0.2519" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f765a39ce59 code=0x0 [ 385.415711][ T5726] usb 7-1: USB disconnect, device number 3 [ 385.741025][T13012] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2518'. [ 387.695569][T13041] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2528'. [ 387.772994][ T10] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 388.069121][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 388.074984][ T29] audit: type=1400 audit(1778935460.862:588): avc: denied { create } for pid=13045 comm="syz.6.2530" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 388.098956][ T29] audit: type=1400 audit(1778935460.912:589): avc: denied { connect } for pid=13045 comm="syz.6.2530" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 388.123188][ T10] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 388.133141][ T10] usb 4-1: config 0 has no interface number 0 [ 388.140135][ T10] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 388.152851][T13049] tipc: Started in network mode [ 388.162100][ T29] audit: type=1400 audit(1778935460.972:590): avc: denied { write } for pid=13045 comm="syz.6.2530" path="socket:[38777]" dev="sockfs" ino=38777 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 388.188372][T13049] tipc: Node identity 2007ff, cluster identity 4711 [ 388.196880][ T10] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 388.206998][T13049] tipc: Node number set to 2099199 [ 388.212146][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.248717][ T10] usb 4-1: config 0 descriptor?? [ 388.300930][ T10] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 388.605227][ T10] usb 4-1: USB disconnect, device number 19 [ 388.653036][ T5733] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 388.813047][ T5733] usb 7-1: Using ep0 maxpacket: 16 [ 388.819608][ T5733] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.840785][ T5733] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 388.862180][ T5733] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.872531][ T5733] usb 7-1: config 0 descriptor?? [ 389.223472][T13075] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 389.496781][ T5733] usbhid 7-1:0.0: can't add hid device: -71 [ 389.517541][ T5733] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 389.563834][ T5733] usb 7-1: USB disconnect, device number 4 [ 389.605553][T13079] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2542'. [ 389.827631][ T29] audit: type=1400 audit(1778935462.662:591): avc: denied { name_bind 0x1000000 } for pid=13085 comm="syz.0.2545" path="socket:[40008]" dev="sockfs" ino=40008 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 390.212289][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807bd54800: rx timeout, send abort [ 390.221003][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807bd54400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 390.720792][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807bd54800: abort rx timeout. Force session deactivation [ 392.071560][ T29] audit: type=1400 audit(1778935464.152:592): avc: denied { setopt } for pid=13109 comm="syz.2.2553" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 392.287337][T13126] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2556'. [ 393.351515][T13148] mac80211_hwsim hwsim9 syzkaller0: Caught tx_queue_len zero misconfig [ 393.552077][T13158] netlink: 'syz.2.2566': attribute type 13 has an invalid length. [ 393.578875][T13131] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2559'. [ 393.603153][T13158] mac80211_hwsim hwsim9 syzkaller0: Caught tx_queue_len zero misconfig [ 394.758271][ T50] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 394.770156][ T50] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 394.779347][ T50] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 394.789415][ T50] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 394.805371][ T50] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 394.889496][ T29] audit: type=1400 audit(1778935467.682:593): avc: denied { kexec_image_load } for pid=13167 comm="syz.2.2569" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 395.026665][ T1162] Bluetooth: hci8: Frame reassembly failed (-84) [ 397.101915][ T5613] Bluetooth: hci8: command 0xfc11 tx timeout [ 397.109611][ T50] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 397.119270][ T5613] Bluetooth: hci7: command tx timeout [ 398.158718][ T48] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.197029][T13191] batman_adv: batadv0: Adding interface: dummy0 [ 398.203453][T13191] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 398.391523][T13191] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 398.532239][T13204] netlink: 'syz.3.2578': attribute type 13 has an invalid length. [ 398.789161][ T48] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.015757][ T48] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.193144][ T5612] Bluetooth: hci7: command tx timeout [ 400.342982][ T5726] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 400.385486][T13242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 400.475899][ T48] erspan0 (unregistering): left allmulticast mode [ 400.507639][ T29] audit: type=1400 audit(1778935473.342:594): avc: denied { write } for pid=13237 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 400.531258][ T5726] usb 4-1: Using ep0 maxpacket: 16 [ 400.547268][ T5726] usb 4-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 400.564607][ T5726] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.580810][ T5726] usb 4-1: Product: syz [ 400.588597][ T5726] usb 4-1: Manufacturer: syz [ 400.597741][ T5726] usb 4-1: SerialNumber: syz [ 400.611868][ T5726] usb 4-1: config 0 descriptor?? [ 400.625991][ T5726] usb-storage 4-1:0.0: USB Mass Storage device detected [ 400.655875][ T5726] usb-storage 4-1:0.0: Quirks match for vid 054c pid 002e: 1 [ 400.676559][ T29] audit: type=1400 audit(1778935473.512:595): avc: denied { write } for pid=13250 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 400.785626][ T48] bond1 (unregistering): Released all slaves [ 400.806547][ T48] bond2 (unregistering): Released all slaves [ 400.818851][ T48] bond3 (unregistering): Released all slaves [ 400.838708][ T48] bond4 (unregistering): Released all slaves [ 400.850556][ T5805] usb 4-1: USB disconnect, device number 20 [ 400.859311][ T48] bond0 (unregistering): Released all slaves [ 400.878750][ T48] bond5 (unregistering): Released all slaves [ 400.890599][ T48] bond6 (unregistering): Released all slaves [ 400.936544][ T5274] 8021q: adding VLAN 0 to HW filter on device eth2 [ 400.981124][ T48] tipc: Disabling bearer [ 400.995549][ T48] tipc: Left network mode [ 401.283684][ T5612] Bluetooth: hci7: command tx timeout [ 401.320794][T13264] netlink: 'syz.6.2590': attribute type 13 has an invalid length. [ 401.543075][ T29] audit: type=1400 audit(1778935474.372:596): avc: denied { write } for pid=13260 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 401.896336][ T29] audit: type=1400 audit(1778935474.722:597): avc: denied { write } for pid=13285 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 402.105175][ T5274] 8021q: adding VLAN 0 to HW filter on device eth1 [ 402.239741][T13170] bridge0: port 1(bridge_slave_0) entered blocking state [ 402.262317][T13170] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.288490][T13170] bridge_slave_0: entered allmulticast mode [ 402.311488][T13170] bridge_slave_0: entered promiscuous mode [ 402.323193][ T5805] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 402.367732][T13170] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.454273][T13170] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.474116][T13170] bridge_slave_1: entered allmulticast mode [ 402.573307][ T5805] usb 7-1: Using ep0 maxpacket: 8 [ 402.580596][ T5805] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 402.590678][ T5805] usb 7-1: config 0 has no interface number 0 [ 402.597084][ T5805] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 402.608521][ T5805] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 402.619451][ T5805] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.640539][T13170] bridge_slave_1: entered promiscuous mode [ 402.722534][T13316] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2597'. [ 403.034075][ T5805] usb 7-1: config 0 descriptor?? [ 403.053980][ T5805] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 403.124337][T13316] batman_adv: batadv0: Interface deactivated: ipvlan0 [ 403.131268][T13316] net_ratelimit: 31 callbacks suppressed [ 403.131284][T13316] batadv0: mtu less than device minimum [ 403.145302][T13316] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 403.158271][T13316] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 403.169582][T13316] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 403.180847][T13316] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 403.192103][T13316] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 403.204794][T13316] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 403.215611][T13316] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 403.226373][T13316] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 403.237210][T13316] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 403.353188][ T5612] Bluetooth: hci7: command tx timeout [ 403.360618][T13316] batman_adv: batadv0: Removing interface: ipvlan0 [ 403.408792][ T5733] usb 7-1: USB disconnect, device number 5 [ 403.490922][ T29] audit: type=1400 audit(1778935476.322:598): avc: denied { write } for pid=13308 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 403.597216][T13170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 403.650346][ T48] hsr_slave_0: left promiscuous mode [ 403.671988][ T48] hsr_slave_1: left promiscuous mode [ 403.688054][ T29] audit: type=1400 audit(1778935476.522:599): avc: denied { write } for pid=13330 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 403.715322][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 403.753580][ T48] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 403.790940][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 403.818219][ T48] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 403.847024][ T48] batman_adv: batadv0: Interface deactivated: dummy0 [ 403.866276][ T48] batman_adv: batadv0: Removing interface: dummy0 [ 403.867334][T13338] netlink: 'syz.3.2602': attribute type 13 has an invalid length. [ 403.958930][ T48] veth1_macvtap: left promiscuous mode [ 404.010869][ T48] veth0_macvtap: left promiscuous mode [ 404.319948][ T48] team0 (unregistering): Port device veth1_to_hsr removed [ 404.369328][ T48] team0 (unregistering): Port device team_slave_1 removed [ 404.410483][ T48] team0 (unregistering): Port device team_slave_0 removed [ 404.487202][T13170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 404.497379][ T5274] 8021q: adding VLAN 0 to HW filter on device eth3 [ 404.573528][T13170] team0: Port device team_slave_0 added [ 404.602524][T13170] team0: Port device team_slave_1 added [ 404.647849][T13170] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 404.663251][T13170] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 404.729836][T13170] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 404.746124][T13170] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 404.754296][T13170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 404.792051][T13170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 404.887499][T13170] hsr_slave_0: entered promiscuous mode [ 404.903937][T13170] hsr_slave_1: entered promiscuous mode [ 404.910375][T13170] debugfs: 'hsr0' already exists in 'hsr' [ 404.920505][T13170] Cannot create hsr debugfs directory [ 405.010150][ T48] IPVS: stop unused estimator thread 0... [ 406.535455][T13401] syz.6.2618: vmalloc error: size 9223372036854775807, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 406.550245][T13401] CPU: 1 UID: 0 PID: 13401 Comm: syz.6.2618 Tainted: G L syzkaller #0 PREEMPT(full) [ 406.550274][T13401] Tainted: [L]=SOFTLOCKUP [ 406.550284][T13401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 406.550294][T13401] Call Trace: [ 406.550301][T13401] [ 406.550308][T13401] dump_stack_lvl+0x100/0x190 [ 406.550337][T13401] warn_alloc.cold+0x95/0x1c1 [ 406.550356][T13401] ? __pfx_warn_alloc+0x10/0x10 [ 406.550390][T13401] ? __lock_acquire+0xd73/0x2630 [ 406.550426][T13401] __vmalloc_node_range_noprof+0x136c/0x1630 [ 406.550455][T13401] ? rcu_is_watching+0x12/0xc0 [ 406.550482][T13401] ? trace_contention_end+0x122/0x170 [ 406.550506][T13401] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 406.550526][T13401] ? dvb_dvr_do_ioctl+0x7e/0x270 [ 406.550539][T13401] ? find_held_lock+0x2b/0x80 [ 406.550561][T13401] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 406.550584][T13401] ? __pfx___mutex_lock+0x10/0x10 [ 406.550614][T13401] ? futex_wait+0x11e/0x370 [ 406.550636][T13401] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 406.550652][T13401] __vmalloc_node_noprof+0xad/0xf0 [ 406.550673][T13401] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 406.550690][T13401] dvb_dvr_do_ioctl+0x15d/0x270 [ 406.550708][T13401] dvb_usercopy+0x167/0x340 [ 406.550733][T13401] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 406.550751][T13401] ? __pfx_dvb_usercopy+0x10/0x10 [ 406.550786][T13401] ? selinux_file_ioctl+0x13b/0x290 [ 406.550820][T13401] ? selinux_file_ioctl+0xb6/0x290 [ 406.550850][T13401] dvb_dvr_ioctl+0x29/0x40 [ 406.550867][T13401] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 406.550887][T13401] __x64_sys_ioctl+0x18e/0x210 [ 406.550910][T13401] do_syscall_64+0x10b/0xf80 [ 406.550934][T13401] ? clear_bhb_loop+0x40/0x90 [ 406.550957][T13401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.550975][T13401] RIP: 0033:0x7fdc11b9ce59 [ 406.550992][T13401] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 406.551008][T13401] RSP: 002b:00007fdc12ae2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 406.551027][T13401] RAX: ffffffffffffffda RBX: 00007fdc11e15fa0 RCX: 00007fdc11b9ce59 [ 406.551039][T13401] RDX: 7fffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000003 [ 406.551049][T13401] RBP: 00007fdc11c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 406.551060][T13401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 406.551070][T13401] R13: 00007fdc11e16038 R14: 00007fdc11e15fa0 R15: 00007ffe427fccd8 [ 406.551095][T13401] [ 406.551892][T13401] Mem-Info: [ 406.805261][T13401] active_anon:11507 inactive_anon:0 isolated_anon:0 [ 406.805261][T13401] active_file:14919 inactive_file:40827 isolated_file:0 [ 406.805261][T13401] unevictable:768 dirty:259 writeback:0 [ 406.805261][T13401] slab_reclaimable:12474 slab_unreclaimable:111844 [ 406.805261][T13401] mapped:41898 shmem:1286 pagetables:1381 [ 406.805261][T13401] sec_pagetables:0 bounce:0 [ 406.805261][T13401] kernel_misc_reclaimable:0 [ 406.805261][T13401] free:1257686 free_pcp:12219 free_cma:0 [ 406.850741][T13401] Node 0 active_anon:46028kB inactive_anon:0kB active_file:59676kB inactive_file:163112kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:167592kB dirty:1036kB writeback:0kB shmem:3608kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13636kB pagetables:5384kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 406.887190][T13401] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 406.919759][T13401] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 406.949591][T13401] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 406.955384][T13401] Node 0 DMA32 free:1072864kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:46028kB inactive_anon:0kB active_file:59676kB inactive_file:163112kB unevictable:1536kB writepending:1036kB zspages:0kB present:3129332kB managed:2537028kB mlocked:0kB bounce:0kB free_pcp:49356kB local_pcp:26944kB free_cma:0kB [ 406.989070][T13401] lowmem_reserve[]: 0 0 1 1 1 [ 406.994228][T13401] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1088kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 407.023839][T13401] lowmem_reserve[]: 0 0 0 0 0 [ 407.028551][T13401] Node 1 Normal free:3942520kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 407.036944][T13348] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 407.060748][T13401] lowmem_reserve[]: 0 0 0 0 0 [ 407.074944][T13401] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 407.087637][T13401] Node 0 DMA32: 3655*4kB (UME) 3229*8kB (UME) 1720*16kB (UME) 800*32kB (UME) 222*64kB (UME) 169*128kB (UME) 91*256kB (UME) 61*512kB (UME) 30*1024kB (UME) 5*2048kB (UM) 207*4096kB (UM) = 1072772kB [ 407.106945][T13401] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 407.118758][T13401] Node 1 Normal: 2*4kB (UM) 4*8kB (UM) 9*16kB (UM) 4*32kB (UM) 7*64kB (UM) 3*128kB (UM) 4*256kB (UM) 4*512kB (UM) 2*1024kB (UM) 0*2048kB 961*4096kB (M) = 3942520kB [ 407.135481][T13401] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 407.145074][T13401] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 407.154527][T13401] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 407.164115][T13401] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 407.169853][T13170] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 407.174195][T13401] 57028 total pagecache pages [ 407.184894][T13401] 0 pages in swap cache [ 407.189046][T13401] Free swap = 124996kB [ 407.193981][T13401] Total swap = 124996kB [ 407.198501][T13401] 2097051 pages RAM [ 407.202349][T13401] 0 pages HighMem/MovableOnly [ 407.207069][T13401] 430907 pages reserved [ 407.211216][T13401] 0 pages cma reserved [ 407.298992][T13170] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 407.328143][T13170] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 407.346948][T13408] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2620'. [ 407.365099][T13170] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 407.384954][T13170] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 407.432063][T13170] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 407.457919][T13170] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 407.489976][T13170] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 407.760076][T13430] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2622'. [ 407.779835][ T29] audit: type=1400 audit(1778935480.592:600): avc: denied { bind } for pid=13411 comm="syz.2.2622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 408.024988][T13430] wg1: entered promiscuous mode [ 408.029908][T13430] wg1: entered allmulticast mode [ 408.200396][T13170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 408.307806][T13170] 8021q: adding VLAN 0 to HW filter on device team0 [ 408.327625][ T29] audit: type=1400 audit(1778935481.162:601): avc: denied { write } for pid=13409 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 408.392140][ T1162] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.399294][ T1162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 408.490232][ T29] audit: type=1400 audit(1778935481.322:602): avc: denied { write } for pid=13451 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 408.552297][ T162] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.559459][ T162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 408.835643][ T29] audit: type=1400 audit(1778935481.492:603): avc: denied { mount } for pid=13448 comm="syz.3.2627" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 409.017983][ T29] audit: type=1400 audit(1778935481.492:604): avc: denied { remount } for pid=13448 comm="syz.3.2627" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 409.187541][ T29] audit: type=1400 audit(1778935482.022:605): avc: denied { mounton } for pid=13465 comm="syz.5.2631" path="/syzcgroup/unified/syz5" dev="cgroup2" ino=283 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 409.195628][T13470] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 409.221971][T13470] UDF-fs: Scanning with blocksize 512 failed [ 409.454802][T13470] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 409.455712][ T29] audit: type=1400 audit(1778935482.222:606): avc: denied { unmount } for pid=5610 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 409.482663][T13470] UDF-fs: Scanning with blocksize 1024 failed [ 409.518617][T13470] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 409.527569][T13470] UDF-fs: Scanning with blocksize 2048 failed [ 409.542514][T13470] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 409.550804][T13470] UDF-fs: Scanning with blocksize 4096 failed [ 409.553115][T13474] netlink: 'syz.6.2633': attribute type 13 has an invalid length. [ 409.765815][T13479] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2634'. [ 410.239746][ T29] audit: type=1400 audit(1778935483.072:607): avc: denied { write } for pid=13476 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 410.345908][T13170] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 410.443238][T13170] veth0_vlan: entered promiscuous mode [ 410.488828][T13170] veth1_vlan: entered promiscuous mode [ 410.504257][ T29] audit: type=1400 audit(1778935483.332:608): avc: denied { write } for pid=13524 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 410.611431][T13170] veth0_macvtap: entered promiscuous mode [ 410.657680][T13170] veth1_macvtap: entered promiscuous mode [ 410.686801][T13532] netlink: 'syz.2.2644': attribute type 13 has an invalid length. [ 410.742202][T13170] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 410.786614][T13170] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 410.827026][ T162] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.900625][ T145] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.961977][ T145] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.162088][ T145] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.364883][T13544] mac80211_hwsim hwsim9 syzkaller0: Caught tx_queue_len zero misconfig [ 411.720336][ T162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 411.740589][T13549] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2648'. [ 411.781721][ T162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.946934][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 411.996067][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 412.407161][ T29] audit: type=1400 audit(1778935485.242:609): avc: denied { write } for pid=13534 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 412.637544][T13584] netlink: 'syz.6.2655': attribute type 13 has an invalid length. [ 412.980822][T13600] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2658'. [ 413.040700][T13602] lo: Caught tx_queue_len zero misconfig [ 413.717781][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 413.717796][ T29] audit: type=1400 audit(1778935486.552:611): avc: denied { write } for pid=13593 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 413.885452][ T29] audit: type=1400 audit(1778935486.722:612): avc: denied { write } for pid=13639 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 415.227688][T13645] batman_adv: batadv0: Adding interface: dummy0 [ 415.234027][T13645] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 415.259694][T13645] batman_adv: batadv0: Interface activated: dummy0 [ 415.381769][T13645] net_ratelimit: 10 callbacks suppressed [ 415.393144][T13645] batadv0: mtu less than device minimum [ 415.489781][T13645] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 415.500650][T13645] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 415.511968][T13645] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 415.523276][T13645] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 415.534602][T13645] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 415.545933][T13645] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 415.557258][T13645] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 415.568590][T13645] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 415.579918][T13645] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 416.259944][T13660] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2673'. [ 416.373352][ T29] audit: type=1400 audit(1778935489.202:613): avc: denied { read write } for pid=13662 comm="syz.5.2674" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 416.481833][ T29] audit: type=1400 audit(1778935489.212:614): avc: denied { open } for pid=13662 comm="syz.5.2674" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 416.537265][ T29] audit: type=1400 audit(1778935489.232:615): avc: denied { ioctl } for pid=13662 comm="syz.5.2674" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 416.641834][ T29] audit: type=1400 audit(1778935489.472:616): avc: denied { write } for pid=13648 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 416.937540][ T29] audit: type=1400 audit(1778935489.772:617): avc: denied { write } for pid=13680 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 417.142550][T13695] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2684'. [ 417.165383][ T10] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 418.077704][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 418.101938][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 418.124329][ T10] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 418.157753][ T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 418.190588][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.213925][ T10] usb 4-1: Product: syz [ 418.242692][ T10] usb 4-1: Manufacturer: syz [ 418.258624][ T10] usb 4-1: SerialNumber: syz [ 418.301092][ T10] cdc_mbim 4-1:1.0: CDC Union missing and no IAD found [ 418.321752][ T10] cdc_mbim 4-1:1.0: bind() failure [ 418.393701][ T5733] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 418.523956][ T29] audit: type=1400 audit(1778935491.342:618): avc: denied { write } for pid=13693 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 418.589868][ T5733] usb 6-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 418.624342][ T5733] usb 6-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 418.643462][ T5726] usb 4-1: USB disconnect, device number 21 [ 418.667597][ T5733] usb 6-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 418.709476][ T5733] usb 6-1: config 0 interface 0 has no altsetting 0 [ 418.956755][ T5733] usb 6-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 419.063152][ T5733] usb 6-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0 [ 419.077546][ T29] audit: type=1400 audit(1778935491.912:619): avc: denied { write } for pid=13729 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 419.099639][ T5733] usb 6-1: Manufacturer: syz [ 419.116735][ T5733] usb 6-1: config 0 descriptor?? [ 419.341751][T13750] veth0_macvtap: Caught tx_queue_len zero misconfig [ 419.524325][T13756] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2697'. [ 420.015742][ T29] audit: type=1400 audit(1778935492.462:620): avc: denied { audit_read } for pid=13752 comm="syz.3.2699" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 420.415497][ T5733] sony 0003:054C:0268.000F: hiddev0,hidraw0: USB HID v80.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 420.426508][ T5733] sony 0003:054C:0268.000F: failed to claim input [ 420.463322][ T5733] usb 6-1: USB disconnect, device number 9 [ 421.370008][T13777] hugetlbfs: syz.6.2703 (13777): Using mlock ulimits for SHM_HUGETLB is obsolete [ 421.961521][T13779] fido_id[13779]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 422.503572][ T29] audit: type=1400 audit(1778935495.332:621): avc: denied { write } for pid=13742 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 423.031683][ T29] audit: type=1400 audit(1778935495.842:622): avc: denied { write } for pid=13806 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 425.395697][ T5719] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 425.951695][T13858] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 425.959364][T13858] UDF-fs: Scanning with blocksize 512 failed [ 425.967346][T13858] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 425.974886][T13858] UDF-fs: Scanning with blocksize 1024 failed [ 425.981444][T13858] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 425.988933][T13858] UDF-fs: Scanning with blocksize 2048 failed [ 425.995422][T13858] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 426.003015][T13858] UDF-fs: Scanning with blocksize 4096 failed [ 426.015395][ T5719] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 426.028560][ T5719] usb 7-1: config 0 has no interfaces? [ 426.035728][ T5719] usb 7-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00 [ 426.073943][ T5719] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.103366][ T5719] usb 7-1: config 0 descriptor?? [ 426.414903][ T10] usb 7-1: USB disconnect, device number 6 [ 426.774524][T13876] syzkaller0: entered promiscuous mode [ 426.780627][T13876] syzkaller0: entered allmulticast mode [ 427.031584][T13878] siw: device registration error -23 [ 427.048695][T13878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2734'. [ 428.566733][T13904] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2743'. [ 429.172863][T13917] batman_adv: batadv0: Interface deactivated: dummy0 [ 429.213605][T13917] batman_adv: batadv0: Removing interface: dummy0 [ 430.347042][ T9137] NFSD: Failed to start, no listeners configured. [ 431.078795][T13927] siw: device registration error -23 [ 431.146950][T13927] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2750'. [ 432.864393][T13941] syzkaller0: entered promiscuous mode [ 432.911246][T13941] syzkaller0: entered allmulticast mode [ 432.970652][T13947] tipc: Started in network mode [ 432.977398][T13947] tipc: Node identity ac14140f, cluster identity 4711 [ 432.986103][T13947] tipc: New replicast peer: 255.255.255.255 [ 432.993532][T13947] tipc: Enabled bearer , priority 10 [ 433.439488][T13885] net_ratelimit: 10 callbacks suppressed [ 433.439502][T13885] Set syz1 is full, maxelem 65536 reached [ 435.993719][ T5726] tipc: Node number set to 2886997007 [ 436.000453][T13963] batman_adv: batadv0: Interface deactivated: dummy0 [ 436.007292][T13963] batman_adv: batadv0: Removing interface: dummy0 [ 436.125499][T13977] siw: device registration error -23 [ 436.132092][T13977] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2762'. [ 436.421235][T13994] 9pnet_virtio: no channels available for device syz [ 438.742386][T13996] Set syz1 is full, maxelem 65536 reached [ 438.797617][T14009] syzkaller0: entered promiscuous mode [ 438.804128][T14009] syzkaller0: entered allmulticast mode [ 439.056391][T13971] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 439.675662][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.682412][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.770868][T13993] debugfs: '1ùà^!‚lü1Ü*ø$pOcÚÉ”ÎÜr$åG—•µ' already exists in 'ieee80211' [ 440.876814][T14029] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2774'. [ 440.912808][T14029] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2774'. [ 440.924131][ T29] audit: type=1400 audit(1778935513.742:623): avc: denied { write } for pid=14030 comm="syz.3.2777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 440.989726][ T29] audit: type=1400 audit(1778935513.782:624): avc: denied { read } for pid=14030 comm="syz.3.2777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 441.000364][T14037] siw: device registration error -23 [ 441.003351][T14037] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2776'. [ 441.399323][T14054] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2781'. [ 441.408521][T14054] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2781'. [ 441.417738][T14054] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2781'. [ 441.426857][T14054] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2781'. [ 441.435879][T14054] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2781'. [ 441.445004][T14054] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2781'. [ 441.454036][T14054] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2781'. [ 441.463351][T14054] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2781'. [ 441.473302][T14054] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2781'. [ 441.483472][T14054] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2781'. [ 442.259671][T14065] tipc: Enabling of bearer rejected, already enabled [ 442.267264][ T24] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 442.368356][T14064] syzkaller0: entered promiscuous mode [ 442.374358][T14064] syzkaller0: entered allmulticast mode [ 442.422983][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 442.436843][ T24] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 442.468986][ T24] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 442.551245][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 442.612294][ T24] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 442.665175][ T24] usb 3-1: Product: syz [ 442.696325][ T24] usb 3-1: Manufacturer: syz [ 442.853518][ T24] hub 3-1:4.0: USB hub found [ 443.002156][ T24] hub 3-1:4.0: 2 ports detected [ 444.221483][ T24] hub 3-1:4.0: activate --> -90 [ 444.423528][ T5712] usb 3-1: USB disconnect, device number 17 [ 445.049758][T14105] siw: device registration error -23 [ 446.487556][T14121] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 446.495483][T14121] UDF-fs: Scanning with blocksize 512 failed [ 446.506580][T14121] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 446.515724][T14121] UDF-fs: Scanning with blocksize 1024 failed [ 446.526562][T14121] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 446.534255][T14121] UDF-fs: Scanning with blocksize 2048 failed [ 446.541808][T14121] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 446.549606][T14121] UDF-fs: Scanning with blocksize 4096 failed [ 446.753140][T14127] lo: Caught tx_queue_len zero misconfig [ 447.313460][T14128] syzkaller0: entered promiscuous mode [ 447.319127][T14128] syzkaller0: entered allmulticast mode [ 447.326367][T14131] __nla_validate_parse: 12 callbacks suppressed [ 447.326382][T14131] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2803'. [ 447.341910][T14134] tipc: New replicast peer: 255.255.255.255 [ 447.368326][T14134] tipc: Enabled bearer , priority 10 [ 447.807913][T14146] ceph: No mds server is up or the cluster is laggy [ 448.016894][ T5719] libceph: connect (1)[c::]:6789 error -101 [ 448.053822][ T5719] libceph: mon0 (1)[c::]:6789 connect error [ 448.895812][ T29] audit: type=1400 audit(1778935521.732:625): avc: denied { write } for pid=14156 comm="syz.5.2810" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 449.253016][ T5719] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 449.383113][ T5719] usb 3-1: device descriptor read/64, error -71 [ 449.626788][ T5719] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 449.768617][ T5719] usb 3-1: device descriptor read/64, error -71 [ 449.914449][ T5719] usb usb3-port1: attempt power cycle [ 450.273416][ T5719] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 450.293631][ T5719] usb 3-1: device descriptor read/8, error -71 [ 450.553105][T14167] siw: device registration error -23 [ 450.565667][T14170] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2814'. [ 450.645446][ T5719] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 450.675449][ T5719] usb 3-1: device descriptor read/8, error -71 [ 451.187842][ T5719] usb usb3-port1: unable to enumerate USB device [ 451.610856][ T29] audit: type=1400 audit(1778935524.442:626): avc: denied { setopt } for pid=14181 comm="syz.5.2818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 451.646679][ T29] audit: type=1400 audit(1778935524.442:627): avc: denied { bind } for pid=14181 comm="syz.5.2818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 451.666735][ T29] audit: type=1400 audit(1778935524.442:628): avc: denied { rename } for pid=14181 comm="syz.5.2818" name="file0" dev="tmpfs" ino=1514 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 451.926720][T14196] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2824'. [ 452.146714][T14198] tipc: Started in network mode [ 452.151804][T14198] tipc: Node identity ac14140f, cluster identity 4711 [ 452.172704][T14198] tipc: New replicast peer: 255.255.255.255 [ 452.201938][T14198] tipc: Enabled bearer , priority 10 [ 452.374389][T14205] siw: device registration error -23 [ 452.384033][T14205] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2827'. [ 453.256750][ T24] tipc: Node number set to 2886997007 [ 453.939637][ T29] audit: type=1400 audit(1778935526.402:629): avc: denied { watch } for pid=14220 comm="syz.3.2833" path="/585/file0" dev="tmpfs" ino=2990 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 454.125311][ T29] audit: type=1400 audit(1778935526.402:630): avc: denied { watch_sb watch_reads } for pid=14220 comm="syz.3.2833" path="/585/file0" dev="tmpfs" ino=2990 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 454.515531][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 454.527260][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 454.540939][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 454.556903][ T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 454.564446][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 454.648041][T14237] siw: device registration error -23 [ 454.708246][T14237] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2840'. [ 455.317751][T14271] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 455.345185][T14271] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 456.410348][T14278] lo: Caught tx_queue_len zero misconfig [ 456.633478][ T5612] Bluetooth: hci2: command tx timeout [ 456.692496][ T12] bridge_slave_1: left allmulticast mode [ 456.698779][ T12] bridge_slave_1: left promiscuous mode [ 456.710485][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.947947][ T12] bond3 (unregistering): (slave bridge1): Releasing backup interface [ 457.039800][ T12] bond1 (unregistering): Released all slaves [ 457.053986][ T12] bond2 (unregistering): Released all slaves [ 457.065663][ T12] bond3 (unregistering): Released all slaves [ 457.077176][ T12] bond0 (unregistering): Released all slaves [ 457.091332][ T12] bond4 (unregistering): Released all slaves [ 457.352682][ T12] tipc: Disabling bearer [ 457.388543][ T12] tipc: Left network mode [ 457.702573][ T29] audit: type=1400 audit(1778935530.532:631): avc: denied { write } for pid=14294 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 457.786926][T14305] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2854'. [ 457.860688][T14313] siw: device registration error -23 [ 457.983304][ T29] audit: type=1400 audit(1778935530.812:632): avc: denied { write } for pid=14325 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 458.723236][ T5612] Bluetooth: hci2: command tx timeout [ 458.962816][ T5274] 8021q: adding VLAN 0 to HW filter on device eth1 [ 458.971443][T14331] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”ÎÜr$åG—•µ' [ 458.998964][T14331] CPU: 1 UID: 0 PID: 14331 Comm: syz.3.2860 Tainted: G L syzkaller #0 PREEMPT(full) [ 458.998998][T14331] Tainted: [L]=SOFTLOCKUP [ 458.999002][T14331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 458.999010][T14331] Call Trace: [ 458.999014][T14331] [ 458.999020][T14331] dump_stack_lvl+0x100/0x190 [ 458.999039][T14331] sysfs_warn_dup.cold+0x1c/0x28 [ 458.999058][T14331] sysfs_do_create_link_sd+0x113/0x140 [ 458.999074][T14331] sysfs_create_link+0x61/0xc0 [ 458.999089][T14331] device_add+0x675/0x1950 [ 458.999104][T14331] ? __pfx_device_add+0x10/0x10 [ 458.999117][T14331] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 458.999132][T14331] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 458.999149][T14331] wiphy_register+0x1edd/0x2d90 [ 458.999163][T14331] ? __rtnl_unlock+0xb9/0xf0 [ 458.999180][T14331] ? __pfx_wiphy_register+0x10/0x10 [ 458.999194][T14331] ? __asan_memset+0x23/0x50 [ 458.999211][T14331] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 458.999239][T14331] ieee80211_register_hw+0x3055/0x4570 [ 458.999264][T14331] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 458.999280][T14331] ? __pfx___debug_object_init+0x10/0x10 [ 458.999300][T14331] ? find_held_lock+0x2b/0x80 [ 458.999313][T14331] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 458.999327][T14331] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 458.999345][T14331] ? __hrtimer_setup+0x208/0x330 [ 458.999369][T14331] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 458.999414][T14331] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 458.999434][T14331] ? __asan_memcpy+0x3c/0x60 [ 458.999451][T14331] hwsim_new_radio_nl+0xc5f/0x1370 [ 458.999469][T14331] ? rcu_is_watching+0x12/0xc0 [ 458.999486][T14331] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 458.999507][T14331] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 458.999525][T14331] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 458.999545][T14331] genl_family_rcv_msg_doit+0x214/0x300 [ 458.999563][T14331] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 458.999602][T14331] ? bpf_lsm_capable+0x9/0x10 [ 458.999622][T14331] ? security_capable+0x80/0x260 [ 458.999640][T14331] ? ns_capable+0xd2/0xf0 [ 458.999667][T14331] genl_rcv_msg+0x560/0x800 [ 458.999700][T14331] ? __pfx_genl_rcv_msg+0x10/0x10 [ 458.999728][T14331] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 458.999760][T14331] ? preempt_schedule_irq+0x7b/0x90 [ 458.999793][T14331] netlink_rcv_skb+0x159/0x420 [ 458.999818][T14331] ? __pfx_genl_rcv_msg+0x10/0x10 [ 458.999846][T14331] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 458.999882][T14331] ? rcu_is_watching+0x12/0xc0 [ 458.999917][T14331] genl_rcv+0x28/0x40 [ 458.999943][T14331] netlink_unicast+0x585/0x850 [ 458.999970][T14331] ? __pfx_netlink_unicast+0x10/0x10 [ 459.000002][T14331] netlink_sendmsg+0x8b0/0xda0 [ 459.000033][T14331] ? __pfx_netlink_sendmsg+0x10/0x10 [ 459.000057][T14331] ? __might_fault+0x30/0x140 [ 459.000095][T14331] ____sys_sendmsg+0x9e1/0xb70 [ 459.000119][T14331] ? __pfx_netlink_sendmsg+0x10/0x10 [ 459.000147][T14331] ? __pfx_____sys_sendmsg+0x10/0x10 [ 459.000169][T14331] ? preempt_schedule_thunk+0x16/0x30 [ 459.000193][T14331] ? try_to_wake_up+0x5f6/0x1900 [ 459.000217][T14331] ___sys_sendmsg+0x190/0x1e0 [ 459.000253][T14331] ? __pfx____sys_sendmsg+0x10/0x10 [ 459.000278][T14331] ? futex_private_hash_put+0x107/0x1c0 [ 459.000338][T14331] __sys_sendmsg+0x170/0x220 [ 459.000360][T14331] ? __pfx___sys_sendmsg+0x10/0x10 [ 459.000381][T14331] ? __x64_sys_futex+0x34f/0x4d0 [ 459.000421][T14331] ? rcu_is_watching+0x12/0xc0 [ 459.000454][T14331] do_syscall_64+0x10b/0xf80 [ 459.000481][T14331] ? clear_bhb_loop+0x40/0x90 [ 459.000505][T14331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.000524][T14331] RIP: 0033:0x7fb8ded9ce59 [ 459.000543][T14331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 459.000561][T14331] RSP: 002b:00007fb8dfc8e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 459.000580][T14331] RAX: ffffffffffffffda RBX: 00007fb8df016090 RCX: 00007fb8ded9ce59 [ 459.000592][T14331] RDX: 0000000004000010 RSI: 0000200000000100 RDI: 000000000000000b [ 459.000603][T14331] RBP: 00007fb8dee32d6f R08: 0000000000000000 R09: 0000000000000000 [ 459.000614][T14331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.000624][T14331] R13: 00007fb8df016128 R14: 00007fb8df016090 R15: 00007ffeb00af308 [ 459.000650][T14331] [ 459.846807][T14363] netlink: 'syz.5.2865': attribute type 13 has an invalid length. [ 460.217079][T14238] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.224654][T14238] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.231881][T14238] bridge_slave_0: entered allmulticast mode [ 460.245378][T14384] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2870'. [ 460.268958][T14238] bridge_slave_0: entered promiscuous mode [ 460.288011][ T29] audit: type=1400 audit(1778935533.122:633): avc: denied { write } for pid=14359 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 460.331937][T14238] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.346031][T14238] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.367257][T14238] bridge_slave_1: entered allmulticast mode [ 460.393700][T14238] bridge_slave_1: entered promiscuous mode [ 460.793636][ T5612] Bluetooth: hci2: command tx timeout [ 460.859098][ T29] audit: type=1400 audit(1778935533.692:634): avc: denied { write } for pid=14392 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 460.913545][ T29] audit: type=1400 audit(1778935533.752:635): avc: denied { name_bind 0x1000000 } for pid=14395 comm="syz.5.2875" path="socket:[45543]" dev="sockfs" ino=45543 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 461.025302][T14238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 461.101693][T14238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 461.178246][ T5274] 8021q: adding VLAN 0 to HW filter on device eth2 [ 461.218250][T14238] team0: Port device team_slave_0 added [ 461.248515][T14238] team0: Port device team_slave_1 added [ 461.512682][ T29] audit: type=1400 audit(1778935534.342:636): avc: denied { write } for pid=14409 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 461.624414][ T29] audit: type=1400 audit(1778935534.382:637): avc: denied { write } for pid=14421 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 461.915541][ T12] hsr_slave_0: left promiscuous mode [ 461.927524][ T12] hsr_slave_1: left promiscuous mode [ 461.938146][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 461.946871][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 462.008796][ T12] batman_adv: batadv0: Removing interface: dummy0 [ 462.114848][T14431] netlink: 'syz.6.2880': attribute type 13 has an invalid length. [ 462.873979][ T5612] Bluetooth: hci2: command tx timeout [ 463.053232][ T12] team0 (unregistering): Port device team_slave_1 removed [ 463.095556][ T12] team0 (unregistering): Port device team_slave_0 removed [ 463.209045][ T5274] 8021q: adding VLAN 0 to HW filter on device eth3 [ 463.303836][T14238] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 463.323024][T14238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 463.352629][T14238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 463.368591][ T24] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 463.403874][T14238] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 463.424909][T14238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 463.452495][T14238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 463.543241][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 463.564349][T14238] hsr_slave_0: entered promiscuous mode [ 463.570723][T14238] hsr_slave_1: entered promiscuous mode [ 463.576965][T14238] debugfs: 'hsr0' already exists in 'hsr' [ 463.582696][T14238] Cannot create hsr debugfs directory [ 463.647903][ T24] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 463.656829][ T24] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 463.693419][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 463.712088][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 463.735326][ T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 463.754495][T14471] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2889'. [ 463.760376][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 463.791461][ T24] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 463.821483][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.860086][ T24] usb 4-1: config 0 descriptor?? [ 463.999829][T14482] vivid-001: disconnect [ 464.032743][T14478] vivid-001: reconnect [ 464.097560][ T24] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 22 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 464.135228][ T29] audit: type=1400 audit(1778935536.972:638): avc: denied { write } for pid=14469 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 464.150071][ T24] usb 4-1: USB disconnect, device number 22 [ 464.231016][ T24] usblp0: removed [ 464.272804][T14492] tipc: Enabling of bearer rejected, already enabled [ 464.410579][ T29] audit: type=1400 audit(1778935537.232:639): avc: denied { write } for pid=14496 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 464.772025][ T29] audit: type=1400 audit(1778935537.602:640): avc: denied { write } for pid=14506 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 464.955151][ T24] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 464.967733][ T29] audit: type=1400 audit(1778935537.802:641): avc: denied { write } for pid=14527 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 465.129860][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 465.142813][ T24] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 465.161728][ T24] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 465.179980][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 465.198125][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 465.213078][ T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 465.230154][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 465.254176][ T24] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 465.271092][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.299755][ T24] usb 4-1: config 0 descriptor?? [ 465.666072][ T24] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 23 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 466.177708][ T29] audit: type=1400 audit(1778935539.002:642): avc: denied { write } for pid=14536 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 466.222965][ T24] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 466.231956][T14238] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 466.270687][T14238] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 466.290675][ T29] audit: type=1400 audit(1778935539.062:643): avc: denied { write } for pid=14560 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 466.315900][T14238] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 466.327679][T14238] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 466.335801][T14238] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 466.374711][ T24] usb 6-1: device descriptor read/64, error -71 [ 466.380307][T14238] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 466.525103][T14238] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 466.546380][T14238] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 466.635731][ T24] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 467.294622][T14238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 467.313105][T14238] 8021q: adding VLAN 0 to HW filter on device team0 [ 467.335056][ T24] usb 6-1: device descriptor read/64, error -71 [ 467.361856][ T8205] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.369034][ T8205] bridge0: port 1(bridge_slave_0) entered forwarding state [ 467.369359][ T5733] usb 4-1: USB disconnect, device number 23 [ 467.420428][ T8205] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.427603][ T8205] bridge0: port 2(bridge_slave_1) entered forwarding state [ 467.464102][ T24] usb usb6-port1: attempt power cycle [ 467.507985][ T29] audit: type=1400 audit(1778935540.322:644): avc: denied { write } for pid=14564 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 467.721325][ T5733] usblp0: removed [ 467.777005][ T29] audit: type=1400 audit(1778935540.602:645): avc: denied { write } for pid=14598 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 467.813028][T14605] netlink: 'syz.3.2913': attribute type 13 has an invalid length. [ 467.864005][ T24] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 467.903999][T14608] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 468.077614][ T24] usb 6-1: device descriptor read/8, error -71 [ 468.383409][ T24] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 468.663390][ T24] usb 6-1: device descriptor read/8, error -71 [ 468.773774][ T24] usb usb6-port1: unable to enumerate USB device [ 469.174967][T14638] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 469.182928][T14638] UDF-fs: Scanning with blocksize 512 failed [ 469.206839][T14638] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 469.214573][T14638] UDF-fs: Scanning with blocksize 1024 failed [ 469.222933][T14638] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 469.230465][T14638] UDF-fs: Scanning with blocksize 2048 failed [ 469.238053][T14638] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 469.260473][T14638] UDF-fs: Scanning with blocksize 4096 failed [ 469.593439][ T29] audit: type=1400 audit(1778935542.342:646): avc: denied { write } for pid=14618 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 469.986844][ T29] audit: type=1400 audit(1778935542.822:647): avc: denied { write } for pid=14650 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 470.013505][T14238] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 470.136917][T14238] veth0_vlan: entered promiscuous mode [ 470.181294][T14238] veth1_vlan: entered promiscuous mode [ 470.461695][T14238] veth0_macvtap: entered promiscuous mode [ 470.471173][T14238] veth1_macvtap: entered promiscuous mode [ 470.499938][T14238] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 470.549237][T14238] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 470.584413][ T8205] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.621035][ T8205] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.647647][ T8205] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.667273][ T8205] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.866778][ T29] audit: type=1400 audit(1778935543.702:648): avc: denied { write } for pid=14658 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 470.921123][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 470.957948][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 471.023696][T14690] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 471.031513][T14690] UDF-fs: Scanning with blocksize 512 failed [ 471.048303][T14690] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 471.056785][T14690] UDF-fs: Scanning with blocksize 1024 failed [ 471.113937][T14690] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 471.122509][T14690] UDF-fs: Scanning with blocksize 2048 failed [ 471.132018][T14690] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 471.139702][T14690] UDF-fs: Scanning with blocksize 4096 failed [ 471.349975][ T29] audit: type=1400 audit(1778935544.182:649): avc: denied { write } for pid=14692 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 471.377680][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 471.398038][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 471.583973][T14698] warn_alloc: 1 callbacks suppressed [ 471.583989][T14698] syz.6.2932: vmalloc error: size 9223372036854775807, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null) [ 471.587686][T14702] tipc: Started in network mode [ 471.612354][T14698] ,cpuset=/,mems_allowed=0-1 [ 471.622460][T14698] CPU: 0 UID: 0 PID: 14698 Comm: syz.6.2932 Tainted: G L syzkaller #0 PREEMPT(full) [ 471.622493][T14698] Tainted: [L]=SOFTLOCKUP [ 471.622500][T14698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 471.622511][T14698] Call Trace: [ 471.622517][T14698] [ 471.622525][T14698] dump_stack_lvl+0x100/0x190 [ 471.622554][T14698] warn_alloc.cold+0x95/0x1c1 [ 471.622576][T14698] ? __pfx_warn_alloc+0x10/0x10 [ 471.622610][T14698] ? __lock_acquire+0x4a5/0x2630 [ 471.622634][T14698] ? avc_has_extended_perms+0x33a/0x1080 [ 471.622662][T14698] __vmalloc_node_range_noprof+0x136c/0x1630 [ 471.622689][T14698] ? rcu_is_watching+0x12/0xc0 [ 471.622718][T14698] ? trace_contention_end+0x122/0x170 [ 471.622746][T14698] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 471.622765][T14698] ? dvb_dvr_do_ioctl+0x7e/0x270 [ 471.622781][T14698] ? find_held_lock+0x2b/0x80 [ 471.622803][T14698] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 471.622826][T14698] ? __pfx___mutex_lock+0x10/0x10 [ 471.622859][T14698] ? futex_wake+0x1ad/0x530 [ 471.622883][T14698] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 471.622898][T14698] __vmalloc_node_noprof+0xad/0xf0 [ 471.622919][T14698] ? dvb_dvr_do_ioctl+0x15d/0x270 [ 471.622937][T14698] dvb_dvr_do_ioctl+0x15d/0x270 [ 471.622956][T14698] dvb_usercopy+0x167/0x340 [ 471.622983][T14698] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 471.623001][T14698] ? __pfx_dvb_usercopy+0x10/0x10 [ 471.623039][T14698] ? selinux_file_ioctl+0x13b/0x290 [ 471.623063][T14698] ? selinux_file_ioctl+0xb6/0x290 [ 471.623090][T14698] dvb_dvr_ioctl+0x29/0x40 [ 471.623105][T14698] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 471.623123][T14698] __x64_sys_ioctl+0x18e/0x210 [ 471.623153][T14698] do_syscall_64+0x10b/0xf80 [ 471.623180][T14698] ? clear_bhb_loop+0x40/0x90 [ 471.623205][T14698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.623225][T14698] RIP: 0033:0x7fdc11b9ce59 [ 471.623242][T14698] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 471.623259][T14698] RSP: 002b:00007fdc12ae2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 471.623278][T14698] RAX: ffffffffffffffda RBX: 00007fdc11e15fa0 RCX: 00007fdc11b9ce59 [ 471.623290][T14698] RDX: 7fffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000003 [ 471.623302][T14698] RBP: 00007fdc11c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 471.623313][T14698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 471.623323][T14698] R13: 00007fdc11e16038 R14: 00007fdc11e15fa0 R15: 00007ffe427fccd8 [ 471.623348][T14698] [ 471.894578][T14698] Mem-Info: [ 471.897898][T14698] active_anon:11226 inactive_anon:0 isolated_anon:0 [ 471.897898][T14698] active_file:16711 inactive_file:40856 isolated_file:0 [ 471.897898][T14698] unevictable:768 dirty:382 writeback:0 [ 471.897898][T14698] slab_reclaimable:12347 slab_unreclaimable:116150 [ 471.897898][T14698] mapped:41907 shmem:1286 pagetables:1485 [ 471.897898][T14698] sec_pagetables:0 bounce:0 [ 471.897898][T14698] kernel_misc_reclaimable:0 [ 471.897898][T14698] free:1253855 free_pcp:8586 free_cma:0 [ 471.943538][T14698] Node 0 active_anon:44904kB inactive_anon:0kB active_file:66844kB inactive_file:163228kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:167628kB dirty:1528kB writeback:0kB shmem:3608kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13924kB pagetables:5800kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 471.978746][T14698] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 472.030580][T14702] tipc: Node identity ac14140f, cluster identity 4711 [ 472.053289][T14702] tipc: New replicast peer: 255.255.255.255 [ 472.075820][T14702] tipc: Enabled bearer , priority 10 [ 472.109106][T14698] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 472.294020][T14698] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 472.300163][T14698] Node 0 DMA32 free:1039240kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:64404kB inactive_anon:0kB active_file:66844kB inactive_file:163228kB unevictable:1536kB writepending:1528kB zspages:0kB present:3129332kB managed:2537028kB mlocked:0kB bounce:0kB free_pcp:32476kB local_pcp:17652kB free_cma:0kB [ 472.555354][T14698] lowmem_reserve[]: 0 0 1 1 1 [ 472.567871][T14698] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1088kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 472.603310][T14698] lowmem_reserve[]: 0 0 0 0 0 [ 472.610249][T14698] Node 1 Normal free:3942516kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 472.674525][T14698] lowmem_reserve[]: 0 0 0 0 0 [ 472.687599][T14698] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 472.704227][T14698] Node 0 DMA32: 1516*4kB (UM) 1301*8kB (UME) 551*16kB (UM) 944*32kB (UME) 310*64kB (UME) 216*128kB (UME) 106*256kB (UM) 59*512kB (UME) 30*1024kB (UME) 3*2048kB (UM) 205*4096kB (UM) = 1036872kB [ 472.774812][T14698] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 472.805725][T14698] Node 1 Normal: 1*4kB (M) 4*8kB (UM) 9*16kB (UM) 4*32kB (UM) 7*64kB (UM) 3*128kB (UM) 4*256kB (UM) 4*512kB (UM) 2*1024kB (UM) 0*2048kB 961*4096kB (M) = 3942516kB [ 472.822991][T14698] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 472.837556][T14698] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 472.898577][T14698] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 472.993871][ T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 473.011925][T14698] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 473.013611][ T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 473.032080][ T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 473.045934][ T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 473.053328][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 473.059802][T14698] 61723 total pagecache pages [ 473.093323][ T936] tipc: Node number set to 2886997007 [ 473.111698][T14698] 0 pages in swap cache [ 473.157874][T14698] Free swap = 124996kB [ 473.175153][T14698] Total swap = 124996kB [ 473.201779][T14698] 2097051 pages RAM [ 473.221434][T14698] 0 pages HighMem/MovableOnly [ 473.243313][T14698] 430907 pages reserved [ 473.265173][T14698] 0 pages cma reserved [ 473.489040][T14745] loop9: detected capacity change from 0 to 524287936 [ 473.616302][ T29] audit: type=1400 audit(1778935546.442:650): avc: denied { view } for pid=14746 comm="syz.6.2942" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 473.969414][ T48] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 473.997784][ T48] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.224930][ T48] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.238902][ T48] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.259935][T14763] tipc: Enabling of bearer rejected, already enabled [ 474.816612][ T48] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.845462][ T48] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.158899][ T5612] Bluetooth: hci3: command tx timeout [ 475.206450][T14771] binder: BINDER_SET_CONTEXT_MGR already set [ 475.251981][T14771] binder: 14770:14771 ioctl 4018620d 200000004a80 returned -16 [ 475.516796][ T30] INFO: task syz.4.1844:11122 blocked for more than 143 seconds. [ 475.544318][ T30] Tainted: G L syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 475.560813][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 475.576136][ T30] task:syz.4.1844 state:D stack:26728 pid:11122 tgid:11120 ppid:5609 task_flags:0x400140 flags:0x00080002 [ 475.594803][ T30] Call Trace: [ 475.598991][ T30] [ 475.602719][ T30] __schedule+0x1295/0x67a0 [ 475.631548][ T30] ? __pfx___schedule+0x10/0x10 [ 475.674467][ T30] ? find_held_lock+0x2b/0x80 [ 475.727013][ T30] ? schedule+0x2bf/0x390 [ 475.771851][ T30] schedule+0xdd/0x390 [ 475.807619][ T30] schedule_preempt_disabled+0x13/0x30 [ 475.855343][ T30] __mutex_lock+0xced/0x1b10 [ 475.881623][ T30] ? nfsd_nl_version_set_doit+0xc4/0x7a0 [ 475.899378][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 475.904831][ T30] ? __nla_validate_parse+0x1e7/0x28b0 [ 475.910332][ T30] ? __pfx___nla_validate_parse+0x10/0x10 [ 475.916390][ T30] ? nfsd_nl_version_set_doit+0xc4/0x7a0 [ 475.922064][ T30] nfsd_nl_version_set_doit+0xc4/0x7a0 [ 475.927963][ T30] ? __pfx_nfsd_nl_version_set_doit+0x10/0x10 [ 475.934217][ T30] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 475.941190][ T30] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 475.954373][ T30] genl_family_rcv_msg_doit+0x214/0x300 [ 475.960001][ T29] audit: type=1400 audit(1778935548.792:651): avc: denied { write } for pid=14781 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 475.983879][ T30] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 475.990732][ T30] ? bpf_lsm_capable+0x9/0x10 [ 475.995963][ T30] ? security_capable+0x80/0x260 [ 476.000943][ T30] genl_rcv_msg+0x560/0x800 [ 476.005708][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 476.010769][ T30] ? __pfx_nfsd_nl_version_set_doit+0x10/0x10 [ 476.017004][ T29] audit: type=1400 audit(1778935548.852:652): avc: denied { write } for pid=14793 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 476.038977][ T30] ? __lock_acquire+0x4a5/0x2630 [ 476.044010][ T30] netlink_rcv_skb+0x159/0x420 [ 476.048787][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 476.053899][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 476.059201][ T30] ? netlink_deliver_tap+0x1ae/0xcc0 [ 476.061132][ T5274] 8021q: adding VLAN 0 to HW filter on device eth1 [ 476.064603][ T30] genl_rcv+0x28/0x40 [ 476.064639][ T30] netlink_unicast+0x585/0x850 [ 476.064668][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 476.064700][ T30] netlink_sendmsg+0x8b0/0xda0 [ 476.064728][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 476.064751][ T30] ? __might_fault+0x30/0x140 [ 476.064787][ T30] ____sys_sendmsg+0x9e1/0xb70 [ 476.064809][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 476.064836][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 476.064859][ T30] ? preempt_schedule_thunk+0x16/0x30 [ 476.064884][ T30] ? try_to_wake_up+0x5f6/0x1900 [ 476.064909][ T30] ___sys_sendmsg+0x190/0x1e0 [ 476.064936][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 476.064961][ T30] ? futex_private_hash_put+0x107/0x1c0 [ 476.065016][ T30] __sys_sendmsg+0x170/0x220 [ 476.065035][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 476.065054][ T30] ? __x64_sys_futex+0x34f/0x4d0 [ 476.162232][ T30] ? rcu_is_watching+0x12/0xc0 [ 476.167132][ T30] do_syscall_64+0x10b/0xf80 [ 476.171740][ T30] ? clear_bhb_loop+0x40/0x90 [ 476.176487][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.183580][ T30] RIP: 0033:0x7effc8f9ce59 [ 476.188324][ T30] RSP: 002b:00007effc9f0d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 476.196899][ T30] RAX: ffffffffffffffda RBX: 00007effc9215fa0 RCX: 00007effc8f9ce59 [ 476.204925][ T30] RDX: 0000000004008090 RSI: 0000200000000140 RDI: 0000000000000006 [ 476.212971][ T30] RBP: 00007effc9032d6f R08: 0000000000000000 R09: 0000000000000000 [ 476.220947][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 476.231988][ T30] R13: 00007effc9216038 R14: 00007effc9215fa0 R15: 00007ffdc2a3f118 [ 476.241446][ T30] [ 476.244791][ T30] [ 476.244791][ T30] Showing all locks held in the system: [ 476.253159][ T30] 1 lock held by khungtaskd/30: [ 476.258029][ T30] #0: ffffffff8e7e57a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 476.271217][ T30] 5 locks held by kworker/u8:3/48: [ 476.276377][ T30] #0: ffff88801c6c0940 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 476.290582][ T30] #1: ffffc90000b97d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 476.300743][ T30] #2: ffffffff905f4948 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 476.310171][ T30] #3: ffffffff9060d6a0 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x7ec/0xab0 [ 476.319498][ T30] #4: ffff888022691590 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_netns_exit_rtnl+0xd8/0x250 [ 476.333395][ T30] 2 locks held by getty/5372: [ 476.338086][ T30] #0: ffff88803838f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 476.348173][ T30] #1: ffffc900032332e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0 [ 476.358361][ T29] audit: type=1400 audit(1778935549.192:653): avc: denied { write } for pid=14796 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 476.381996][ T30] 2 locks held by syz.1.1181/9137: [ 476.389285][ T30] #0: ffffffff906bbb88 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 476.398531][ T30] #1: ffffffff8ec62d80 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x8ec/0x12b0 [ 476.408935][ T30] 2 locks held by syz.4.1844/11122: [ 476.415705][ T30] #0: ffffffff906bbb88 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 476.424173][ T30] #1: ffffffff8ec62d80 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_version_set_doit+0xc4/0x7a0 [ 476.434503][ T30] 1 lock held by syz-executor/14238: [ 476.439810][ T30] #0: ffffffff8e7f12e8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 476.450006][ T29] audit: type=1400 audit(1778935549.272:654): avc: denied { write } for pid=14807 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 476.472291][ T30] 2 locks held by rm/14808: [ 476.477473][ T30] [ 476.479818][ T30] ============================================= [ 476.479818][ T30] [ 476.504450][ T30] NMI backtrace for cpu 1 [ 476.504472][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 476.504501][ T30] Tainted: [L]=SOFTLOCKUP [ 476.504507][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 476.504517][ T30] Call Trace: [ 476.504522][ T30] [ 476.504529][ T30] dump_stack_lvl+0x100/0x190 [ 476.504557][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 476.504580][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 476.504604][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 476.504628][ T30] sys_info+0x141/0x190 [ 476.504643][ T30] watchdog+0xcb1/0x1030 [ 476.504670][ T30] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 476.504694][ T30] ? __pfx_watchdog+0x10/0x10 [ 476.504715][ T30] ? __kthread_parkme+0x18c/0x230 [ 476.504736][ T30] ? kthread+0x13a/0x450 [ 476.504754][ T30] ? __pfx_watchdog+0x10/0x10 [ 476.504773][ T30] kthread+0x370/0x450 [ 476.504793][ T30] ? __pfx_kthread+0x10/0x10 [ 476.504814][ T30] ret_from_fork+0x72b/0xd50 [ 476.504837][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 476.504860][ T30] ? __switch_to+0x800/0x1100 [ 476.504886][ T30] ? __pfx_kthread+0x10/0x10 [ 476.504908][ T30] ret_from_fork_asm+0x1a/0x30 [ 476.504944][ T30] [ 476.504950][ T30] Sending NMI from CPU 1 to CPUs 0: [ 476.638191][ C0] NMI backtrace for cpu 0 [ 476.638207][ C0] CPU: 0 UID: 0 PID: 14770 Comm: syz.0.2948 Tainted: G L syzkaller #0 PREEMPT(full) [ 476.638227][ C0] Tainted: [L]=SOFTLOCKUP [ 476.638232][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 476.638240][ C0] RIP: 0010:stack_trace_consume_entry+0x1e/0x170 [ 476.638260][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 b8 00 00 00 00 00 fc ff df 55 53 48 89 fb 48 83 c7 10 48 89 fa 48 c1 ea 03 <48> 83 ec 08 0f b6 04 02 84 c0 74 08 3c 03 0f 8e e7 00 00 00 48 8d [ 476.638273][ C0] RSP: 0018:ffffc9000d227918 EFLAGS: 00000a02 [ 476.638285][ C0] RAX: dffffc0000000000 RBX: ffffc9000d2279f0 RCX: ffffc9000d227884 [ 476.638294][ C0] RDX: 1ffff92001a44f40 RSI: ffffffff81d08450 RDI: ffffc9000d227a00 [ 476.638302][ C0] RBP: ffffc9000d2279c0 R08: 0000000000000001 R09: 0000000000000007 [ 476.638311][ C0] R10: 0000000000000200 R11: 0000000000018996 R12: ffffffff81f2f3f0 [ 476.638319][ C0] R13: ffffc9000d2279f0 R14: 0000000000000000 R15: ffff888037d04a00 [ 476.638328][ C0] FS: 0000000000000000(0000) GS:ffff88812436d000(0000) knlGS:0000000000000000 [ 476.638345][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 476.638354][ C0] CR2: 00007fffd5bad0f8 CR3: 000000002837f000 CR4: 00000000003526f0 [ 476.638363][ C0] Call Trace: [ 476.638368][ C0] [ 476.638373][ C0] arch_stack_walk+0x88/0xf0 [ 476.638394][ C0] ? task_work_run+0x150/0x240 [ 476.638412][ C0] stack_trace_save+0x8e/0xc0 [ 476.638426][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 476.638440][ C0] ? __lock_acquire+0x4a5/0x2630 [ 476.638457][ C0] save_stack+0x162/0x1e0 [ 476.638470][ C0] ? __pfx_save_stack+0x10/0x10 [ 476.638483][ C0] ? __free_frozen_pages+0x747/0x1040 [ 476.638500][ C0] ? vfree+0x15f/0x8d0 [ 476.638514][ C0] ? kcov_close+0x34/0x60 [ 476.638527][ C0] ? __fput+0x3ff/0xb50 [ 476.638547][ C0] ? page_ext_put+0x3e/0xd0 [ 476.638562][ C0] __reset_page_owner+0x84/0x190 [ 476.638576][ C0] __free_frozen_pages+0x747/0x1040 [ 476.638595][ C0] vfree+0x15f/0x8d0 [ 476.638610][ C0] ? __pfx_kcov_close+0x10/0x10 [ 476.638623][ C0] ? rcu_is_watching+0x12/0xc0 [ 476.638643][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 476.638661][ C0] ? __pfx_kcov_close+0x10/0x10 [ 476.638675][ C0] ? __pfx_kcov_close+0x10/0x10 [ 476.638689][ C0] kcov_close+0x34/0x60 [ 476.638703][ C0] __fput+0x3ff/0xb50 [ 476.638721][ C0] ? cleanup_mnt+0x263/0x450 [ 476.638736][ C0] task_work_run+0x150/0x240 [ 476.638753][ C0] ? __pfx_task_work_run+0x10/0x10 [ 476.638772][ C0] do_exit+0x951/0x2af0 [ 476.638786][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 476.638800][ C0] ? __pfx_do_exit+0x10/0x10 [ 476.638813][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 476.638828][ C0] do_group_exit+0xd5/0x2a0 [ 476.638843][ C0] __x64_sys_exit_group+0x3e/0x50 [ 476.638857][ C0] x64_sys_call+0x102c/0x1530 [ 476.638875][ C0] do_syscall_64+0x10b/0xf80 [ 476.638892][ C0] ? clear_bhb_loop+0x40/0x90 [ 476.638907][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.638920][ C0] RIP: 0033:0x7effaff9ce59 [ 476.638930][ C0] Code: Unable to access opcode bytes at 0x7effaff9ce2f. [ 476.638936][ C0] RSP: 002b:00007ffed94fa238 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 476.638948][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007effaff9ce59 [ 476.638956][ C0] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 476.638964][ C0] RBP: 00007ffed94fa29c R08: 0000000000000000 R09: 00000000000927c0 [ 476.638973][ C0] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000044 [ 476.638987][ C0] R13: 00000000000927c0 R14: 0000000000073e46 R15: 00007ffed94fa2f0 [ 476.639001][ C0] [ 477.164123][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 477.171016][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 477.181676][ T30] Tainted: [L]=SOFTLOCKUP [ 477.185987][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 477.196020][ T30] Call Trace: [ 477.199286][ T30] [ 477.202191][ T30] dump_stack_lvl+0x100/0x190 [ 477.206848][ T30] vpanic+0x552/0x970 [ 477.210806][ T30] ? __pfx_vpanic+0x10/0x10 [ 477.215280][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 477.221406][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 477.227537][ T30] panic+0xd1/0xe0 [ 477.231234][ T30] ? __pfx_panic+0x10/0x10 [ 477.235621][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 477.241746][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 477.247877][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 477.254001][ T30] ? watchdog.cold+0x1ec/0x234 [ 477.258741][ T30] ? watchdog+0xcc1/0x1030 [ 477.263135][ T30] watchdog.cold+0x1fd/0x234 [ 477.267697][ T30] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 477.273489][ T30] ? __pfx_watchdog+0x10/0x10 [ 477.278151][ T30] ? __kthread_parkme+0x18c/0x230 [ 477.283159][ T30] ? kthread+0x13a/0x450 [ 477.287383][ T30] ? __pfx_watchdog+0x10/0x10 [ 477.292062][ T30] kthread+0x370/0x450 [ 477.296131][ T30] ? __pfx_kthread+0x10/0x10 [ 477.300707][ T30] ret_from_fork+0x72b/0xd50 [ 477.305276][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 477.310367][ T30] ? __switch_to+0x800/0x1100 [ 477.315024][ T30] ? __pfx_kthread+0x10/0x10 [ 477.319589][ T30] ret_from_fork_asm+0x1a/0x30 [ 477.324348][ T30] [ 477.327672][ T30] Kernel Offset: disabled [ 477.331986][ T30] Rebooting in 86400 seconds..