last executing test programs: 2m50.345258604s ago: executing program 1 (id=5699): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x8, &(0x7f0000000000)={&(0x7f0000000200)={{0x14, 0x10, 0xc00e}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x4000000, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWSETELEM={0x78, 0xc, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4c, 0x3, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0xb}, @NFTA_SET_ELEM_EXPRESSIONS={0x3c, 0xb, 0x0, 0x1, [{0x20, 0x7, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @connlimit={{0x4, 0x2}, @val={0x4}}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xfc}}, 0x0) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000010a01"], 0x14}, 0x1, 0x0, 0x0, 0x9f51112bec62b69a}, 0x4000000) 2m50.271308972s ago: executing program 1 (id=5700): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x40000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000040'], 0x2a, 0x0) r5 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(0x0, &(0x7f0000000440), &(0x7f0000000500)="14", 0x1, 0xfffffffffffffffd) keyctl$read(0xb, r5, &(0x7f0000000240)=""/112, 0x349b7f55) syz_init_net_socket$ax25(0x3, 0x3, 0x8) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r7, &(0x7f00000042c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c61", 0x3c}], 0x1}}, {{0x0, 0x0, &(0x7f00000022c0)=[{&(0x7f0000001040)="39e6f0f5240525bf127de94fe5cfc0b0f2c98c4ac8bf0568e948e0274b0445d03a56f1bfe147fb8ac1da60b16f07dbe40e90d68b4619d12165154b679949da907d460d298e92e0d24077e89d302255e0a9626f61e6dc304713126dd04ca5e168c8f7894d2d189c22945826101c5199f90c3734146364f2195120530ab5e42614a3cb5651b1fc7b17d61955840b5c9adbeffa334d38da282e42b01ea9d6b5a7", 0x9f}, {&(0x7f0000001100)}, {&(0x7f0000001200)="e86b23ea031a0d0335d120405fcbc0e8261e54e194b7ac7427e456a0c74eba6fd030e30723c080ff9d1d60aa58929f37061fea9199560e8c9734c24ad5a9849b6dc72795f44e9954bf08f35b5483099d17afa38d10de84516fb241942b5dc2443a0df8de2b82fba03bd1aaf1a8b54a56340e1c17ec2c1f797cb9e8534005fad205586e8df9c5e5846de0a63ea0935349fbe97099bcd39d198870265cb0e9d30982731773077edf0340e001654b40167f7172daaaf09261d1a91c77ab96126862c5af4dedd795869895c3f9770a945fc27c4579371167a0e2981f9e678f36a1f5c630359af6d41a45159b21d214d2b46132bc35cb5dc8a2324c3b447144e3ec5aa60a0791c33111d4c18e54f0f61d99dc68d109530c58fbb766a533071d8f12d4fa93efa0867620756cb13183b963714fc8f641ff59bcb98d36d132c30e4aacf1585a2aa076bf6ab258ee85734651c05ab4c24c32f18f2a884ff3562b367cb24c4e35587a42b7da49d69756a1f5e1e8eac669e0b968e8d88d863f7ea0a364926f0fb64d8f347c39f68ae32be6a3d875a7470dd209327d4060c75fba01cfb285aca1e8a1bddf0759ba9485bcbb585593374041cb2354fcee8290aad5ffc690a4c8e36ae09540b10f40310567b2c82ab527d403468524a4d42488e2a8f8a144ee47e00ffbfc09aa3138237780e160e63c97700d5c1a5c8e198e223d11bcc2e684c04c42d185977aa42accf31fb8d90162e07dbf4dcc6222e0e3d81493c390a61bf506ba14b044fc268e0a04756440280d62e249857eea9234cbd65d7e08ad58bcccd4244c2ebd7c781f4661fc448e04db6a9150d48022ce3aebddba51c23ae242a9c6d8ad4f4dff925f5a7033b5f6f765d96aa316ec31ef2c022e2c381defb051b81aa9710379e8e775abe6e9d632439c998ffa48e7e54208d12a4c2e018f2873e26f6ea2c758cbd10069baba0f85d8509c5c4475b29c6358c96dd61ae8181a99cd453820f6a6509c29543b9c7db410e6d9d60082ccc2602b8cf91a59a8b8c2fcba7f43913f4b0a2842042f20488cf58de93150a9b7d0a7c4b9a84ad330ca34efbe0a878064983c915a6f24a35dfdd866f53326ecc117f84b4e46449eb5cb4164288fcbad2562e8ba76a6d18b9e58ef69973a7ff12618e4dfbeada86b059be11ed49317e47b5205d74966f72f92db62baef8809f0a9f75faec55b8ad241277a5f", 0x35f}], 0x3, &(0x7f0000002340)=[@ip_ttl={{0x14, 0x0, 0x2, 0x8004}}, @ip_retopts={{0x10}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x40}}], 0x40}}, {{&(0x7f0000002440)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}}], 0x3, 0xc054) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) 2m49.330522826s ago: executing program 1 (id=5701): fsopen(&(0x7f0000000580)='overlay\x00', 0x0) openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48}) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000640)=@filter={'filter\x00', 0x42, 0x4, 0x348, 0xffffffff, 0x1b8, 0x0, 0x1b8, 0xffffffff, 0xffffffff, 0x2b0, 0x2b0, 0x2b0, 0xffffffff, 0x4, 0x0, {[{{@ip={@empty, @loopback, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00', {}, {}, 0x11}, 0x0, 0xd0, 0xf8, 0x0, {0x100000000000000}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x3, 0x0, 0xf}}, @common=@unspec=@connmark={{0x30}, {0x5}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@unspec=@state={{0x28}, {0x7}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x8}}}, {{@ip={@multicast2, @private=0xa010102, 0x0, 0x0, 'veth1_virt_wifi\x00', '\x00', {}, {}, 0x0, 0x1}, 0x0, 0xb8, 0xf8, 0x0, {}, [@common=@unspec=@connlabel={{0x28}, {0xf, 0x2}}, @common=@socket0={{0x20}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000100)=@req={0x0, 0x2, 0xc, 0x9}, 0xc) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x110) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) r5 = syz_open_dev$media(&(0x7f0000000380), 0x3, 0x0) ioctl$MEDIA_IOC_G_TOPOLOGY(r5, 0xc0487c04, &(0x7f00000005c0)={0x0, 0x7, 0x0, &(0x7f0000001040)=[{}, {}, {}, {}, {}, {}, {}], 0x2, 0x0, &(0x7f0000000c80)=[{}, {}], 0x4, 0x0, &(0x7f0000000400)=[{}, {}, {}, {}], 0x0, 0x0, &(0x7f00000004c0)}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r6, 0x0, 0x0, 0x20000010, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) ioctl$FBIOBLANK(r4, 0x4611, 0x3) ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0) 2m47.658702872s ago: executing program 1 (id=5709): openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000640)=ANY=[@ANYBLOB="736563757216ae2c69747900"], 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c235aa9c5", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) ioctl$OCFS2_IOC_GROUP_EXTEND(r0, 0x40046f01, &(0x7f00000002c0)=0x7) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed88", 0x3a}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$cdc_ecm(r2, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0xc38, &(0x7f0000000dc0)=ANY=[]) 2m44.26647893s ago: executing program 1 (id=5725): openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0xf6b5, 0x1, 0x77fe, 0x40024e}, &(0x7f0000000340), &(0x7f0000000040)) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$vnet(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x185a00, 0x0) r3 = socket(0x10, 0x80003, 0x0) write(r3, &(0x7f0000000000)="240000001a005f0214f9", 0xa) r4 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r5, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f0000005c40)=[{{&(0x7f0000000240)=@ax25={{}, [@null, @default, @bcast, @bcast, @default, @rose, @null]}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/51, 0x33}], 0x1, &(0x7f00000006c0)=""/18, 0x12}, 0x8}, {{&(0x7f0000000440)=@ax25={{0x3, @netrom}, [@rose, @rose, @default, @null, @bcast, @netrom, @netrom]}, 0x80, 0x0, 0x0, &(0x7f00000009c0)=""/178, 0xb2}, 0xc}, {{&(0x7f0000000a80)=@generic, 0x80, &(0x7f0000003100)=[{&(0x7f0000000b00)=""/96, 0x60}, {&(0x7f0000000540)=""/107, 0x6b}, {&(0x7f0000000c00)=""/133, 0x85}, {0x0}, {&(0x7f0000000d40)=""/61, 0x3d}, {&(0x7f0000000d80)=""/69, 0x45}, {&(0x7f0000000e00)=""/191, 0xbf}, {&(0x7f00000005c0)=""/215, 0xd7}, {&(0x7f0000003040)=""/148, 0x94}], 0x9, &(0x7f00000031c0)=""/123, 0x7b}}, {{&(0x7f0000003240)=@xdp, 0x80, &(0x7f0000004800)=[{&(0x7f00000032c0)=""/4096, 0x1000}, {&(0x7f00000042c0)=""/177, 0xb1}, {&(0x7f0000004380)=""/188, 0xbc}, {&(0x7f0000004440)=""/251, 0xfb}, {&(0x7f0000000ec0)=""/22, 0x16}, {&(0x7f00000004c0)=""/107, 0x6b}, {&(0x7f00000045c0)=""/216, 0xd8}, {&(0x7f00000046c0)=""/67, 0x43}, {&(0x7f0000004740)=""/28, 0x1c}, {&(0x7f0000004780)=""/121, 0x79}], 0xa, &(0x7f00000048c0)=""/217, 0xd9}, 0x8501}, {{&(0x7f00000049c0)=@pptp={0x18, 0x2, {0x0, @loopback}}, 0x80, &(0x7f0000005bc0), 0x0, &(0x7f0000005c00)=""/21, 0x15}, 0x10}], 0x5, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000200)={0x3, 0x2, 0x1, 0x1}) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) 2m43.302544366s ago: executing program 1 (id=5727): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', 0x0}) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@remote, r2}, 0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@gettaction={0x28, 0x32, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x3}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x28}, 0x1, 0xf0ffffffffffff, 0x0, 0x1c005}, 0x20008000) socket$packet(0x11, 0x3, 0x300) socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x4d, 0x1, 0x0, 0x0, 0x0) close(0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="2000000043000701fefffffffcdbdf25017c00000400458008002f000a0101023b16821a3ccc10bb9b1a688fc2535c03610340519b1241eb8e8766bc6562a9c07ecc76458d6ac39e7a300812c34a40765dadbeb83ffa6261133eb42231fb565e35c1e975d2b1158c5daf037148c536eb4c16d215e77ffff9c6ab4706000000df9344aadac34bbdf4f10f7b57da128bce592047485a13269de3e5109ca7602e8dd2b64e8f0e06ff8794b978f6b49a784d066d058832c9500a43d16e9d00a6460df3c076da4fef8beee3ffc923eb1594ed5fc946dd45f868448e9c3ce743e65efcc1a4e6539943cc98069f211428086256da782fa8e92f9a90fab09f36132bb01a1176a3e28d0bc052d0f2c9e71918c413c60c672a274e4cd391f1bb5d9aec708b8741042d6a262efdaf8c1c659fbfc72c6051d72050e450f337a06dd416"], 0x20}, 0x1, 0x0, 0x0, 0xc004}, 0xc000) syz_io_uring_setup(0x110, 0x0, &(0x7f00000000c0)=0x0, &(0x7f0000000480)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000001a40)=""/102392, 0x18ff8) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r7, r6, &(0x7f00000000c0)=0x58, 0x5) 2m28.170603813s ago: executing program 32 (id=5727): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', 0x0}) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@remote, r2}, 0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@gettaction={0x28, 0x32, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x3}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x28}, 0x1, 0xf0ffffffffffff, 0x0, 0x1c005}, 0x20008000) socket$packet(0x11, 0x3, 0x300) socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x4d, 0x1, 0x0, 0x0, 0x0) close(0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="2000000043000701fefffffffcdbdf25017c00000400458008002f000a0101023b16821a3ccc10bb9b1a688fc2535c03610340519b1241eb8e8766bc6562a9c07ecc76458d6ac39e7a300812c34a40765dadbeb83ffa6261133eb42231fb565e35c1e975d2b1158c5daf037148c536eb4c16d215e77ffff9c6ab4706000000df9344aadac34bbdf4f10f7b57da128bce592047485a13269de3e5109ca7602e8dd2b64e8f0e06ff8794b978f6b49a784d066d058832c9500a43d16e9d00a6460df3c076da4fef8beee3ffc923eb1594ed5fc946dd45f868448e9c3ce743e65efcc1a4e6539943cc98069f211428086256da782fa8e92f9a90fab09f36132bb01a1176a3e28d0bc052d0f2c9e71918c413c60c672a274e4cd391f1bb5d9aec708b8741042d6a262efdaf8c1c659fbfc72c6051d72050e450f337a06dd416"], 0x20}, 0x1, 0x0, 0x0, 0xc004}, 0xc000) syz_io_uring_setup(0x110, 0x0, &(0x7f00000000c0)=0x0, &(0x7f0000000480)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000001a40)=""/102392, 0x18ff8) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r7, r6, &(0x7f00000000c0)=0x58, 0x5) 50.64388079s ago: executing program 4 (id=6128): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c) bind$inet6(r1, 0x0, 0x0) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') socket$phonet_pipe(0x23, 0x5, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x400000000010, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x2f00020b, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x7, 0xf, &(0x7f0000000600)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x68, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffd}, 0x94) 45.812161028s ago: executing program 3 (id=6353): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xf, r0, 0x2000200002, 0xffffffffffffffff) 41.011885535s ago: executing program 4 (id=6128): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c) bind$inet6(r1, 0x0, 0x0) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') socket$phonet_pipe(0x23, 0x5, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x400000000010, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x2f00020b, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x7, 0xf, &(0x7f0000000600)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x68, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffd}, 0x94) 37.477028718s ago: executing program 3 (id=6353): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xf, r0, 0x2000200002, 0xffffffffffffffff) 34.986246321s ago: executing program 3 (id=6353): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xf, r0, 0x2000200002, 0xffffffffffffffff) 30.278334055s ago: executing program 4 (id=6128): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c) bind$inet6(r1, 0x0, 0x0) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') socket$phonet_pipe(0x23, 0x5, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x400000000010, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x2f00020b, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x7, 0xf, &(0x7f0000000600)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x68, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffd}, 0x94) 21.479830535s ago: executing program 3 (id=6353): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xf, r0, 0x2000200002, 0xffffffffffffffff) 18.405757348s ago: executing program 3 (id=6353): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xf, r0, 0x2000200002, 0xffffffffffffffff) 12.11298411s ago: executing program 4 (id=6128): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c) bind$inet6(r1, 0x0, 0x0) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') socket$phonet_pipe(0x23, 0x5, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x400000000010, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x2f00020b, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x7, 0xf, &(0x7f0000000600)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x68, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffd}, 0x94) 10.322124697s ago: executing program 4 (id=6128): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c) bind$inet6(r1, 0x0, 0x0) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') socket$phonet_pipe(0x23, 0x5, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x400000000010, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x2f00020b, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x7, 0xf, &(0x7f0000000600)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x68, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffd}, 0x94) 8.036438722s ago: executing program 3 (id=6353): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xf, r0, 0x2000200002, 0xffffffffffffffff) 5.025063872s ago: executing program 5 (id=6632): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44) sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x0, 0x0}, 0x8) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=r7, 0x4) 4.894154947s ago: executing program 5 (id=6633): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x5, 0xa}, {}, {0x8, 0x10}}}, 0x24}}, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)=ANY=[@ANYBLOB="60b80000", @ANYRES16, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32, @ANYBLOB="4400028040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x4040084) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xffe0}, {0xfff3, 0x3}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0x12000000}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xaf62}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4.808550098s ago: executing program 2 (id=6635): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = creat(&(0x7f0000000000)='./file0\x00', 0xc9a9c042ad77c5e5) write$binfmt_elf32(r0, 0x0, 0x58) 3.143629485s ago: executing program 5 (id=6636): mkdir(0x0, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x10000000005) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001a400)=""/102384, 0x18ff0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) 3.142821169s ago: executing program 2 (id=6637): ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x980000, 0x80000000, 0x0, 0xffffffffffffffff, 0x0, 0x0}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)=@caif=@dgm={0x25, 0x9, 0x9}, 0x80, &(0x7f0000000240)=[{0x0}, {0x0}], 0x2}, 0x8001) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xbf7, 0xed}]}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x845, 0x9, 0xfffffffffffffffd, 0x8, 0x10000, 0x0, 0x4002004c2, 0x2000000000fff, 0x1400000000000000, 0x0, 0x3fd, 0x1080, 0x3, 0x0, 0x8, 0x4000000000008d], 0x100000, 0x80}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.195373948s ago: executing program 5 (id=6640): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0xe8, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, 0x0}], 0x1, 0x10, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1b}, 0x400c941) setxattr$incfs_metadata(&(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.098675672s ago: executing program 2 (id=6642): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102}) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b00)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000}, 0x1, r2}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x1, 0x2, 0x0, 0xd, 0x4101}, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000000)="8724", 0x2}], 0x1) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x4, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6) ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c8, &(0x7f0000000100)) 1.759392127s ago: executing program 0 (id=6645): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$alg(0x26, 0x5, 0x0) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @bcast, @bpq0, 0x0, 'syz0\x00', @default, 0x1, 0x8, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 1.618017489s ago: executing program 0 (id=6646): getsockname$unix(0xffffffffffffffff, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000080)={0x84, @private=0xa010101, 0x15, 0x3, 'sh\x00', 0x2e, 0x5, 0x72}, 0x2c) r1 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e20, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@loopback, 0x4e20, 0x10000, 0x2, 0x2}}, 0x44) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x25, 0x0, @val=@netkit}, 0x1c) sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 1.355930028s ago: executing program 0 (id=6647): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x5, 0xa}, {}, {0x8, 0x10}}}, 0x24}}, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)=ANY=[@ANYBLOB="60b80000", @ANYRES16, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32, @ANYBLOB="4400028040000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x4040084) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xffe0}, {0xfff3, 0x3}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0x12000000}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xaf62}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.272281182s ago: executing program 2 (id=6648): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2649baca85309be96d5a45bbbdb5ff7ffffffd075b3eee14473f51be98db7efbb059842badcfc81364470e8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c11071adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eb47efb7b3f19046c6f1bd1bf56e5853ed96137f95b3a11954ed1c8a8676468cf2405e48723d4b1ff"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x18) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) socket$alg(0x26, 0x5, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet_sctp(0x2, 0x5, 0x84) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240), 0x50) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r0}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000240)={r1, r3, 0x25, 0x2}, 0x14) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[], 0x0) 1.217590926s ago: executing program 0 (id=6649): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) bind$xdp(0xffffffffffffffff, 0x0, 0x0) write$tun(r0, &(0x7f0000000840)=ANY=[@ANYBLOB], 0xfce) 1.076206998s ago: executing program 2 (id=6650): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCGPKT(r0, 0x40045431, &(0x7f0000000140)) 1.003816619s ago: executing program 5 (id=6651): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000) r2 = socket(0x14, 0x2, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x61d0, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYRES32=r0], 0xa4}, 0x1, 0x0, 0x0, 0x48005}, 0x801) 979.738987ms ago: executing program 2 (id=6652): ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x980000, 0x80000000, 0x0, 0xffffffffffffffff, 0x0, 0x0}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)=@caif=@dgm={0x25, 0x9, 0x9}, 0x80, &(0x7f0000000240)=[{0x0}, {0x0}], 0x2}, 0x8001) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xbf7, 0xed}]}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x845, 0x9, 0xfffffffffffffffd, 0x8, 0x10000, 0x0, 0x4002004c2, 0x2000000000fff, 0x1400000000000000, 0x0, 0x3fd, 0x1080, 0x3, 0x0, 0x8, 0x4000000000008d], 0x100000, 0x80}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 890.155273ms ago: executing program 0 (id=6653): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e3000000000000000000000000800030000000000140006"], 0x58}}, 0x20008000) 799.631274ms ago: executing program 0 (id=6654): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x5, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newqdisc={0xb4, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x84, 0x2, {{0x100, 0x3, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_RATE={0x14, 0x6, {0x8e, 0xf7fc, 0xfffffeff, 0x9}}, @TCA_NETEM_RATE={0x14, 0x6, {0x101, 0xffffffff, 0x5, 0x2}}, @TCA_NETEM_REORDER={0xc, 0x3, {0x8, 0x1}}, @TCA_NETEM_JITTER64={0xc, 0xb, 0xfffffffffffffff9}, @TCA_NETEM_RATE={0x14, 0x6, {0x9, 0x0, 0x10000, 0x6}}, @TCA_NETEM_ECN={0x8}, @TCA_NETEM_JITTER64={0xc, 0xb, 0x7}]}}}]}, 0xb4}, 0x1, 0x0, 0x0, 0xc04c001}, 0x20000804) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0x19}, {0xb, 0xb}, {0xd, 0xfff6}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x9, 0x81, 0x378, 0x400}, 0x6280, 0x0, 0x8, 0x5, 0x6, 0x16, 0xc, 0x1b, 0x0, 0x7ff, {0x200, 0xe, 0x6000, 0x7, 0xfffffff8, 0x6}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000050}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 48.554256ms ago: executing program 4 (id=6128): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c) bind$inet6(r1, 0x0, 0x0) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') socket$phonet_pipe(0x23, 0x5, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x400000000010, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x2f00020b, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x7, 0xf, &(0x7f0000000600)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x68, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffd}, 0x94) 0s ago: executing program 5 (id=6655): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="0a0018000303030303030000"], 0x34}}, 0x4850) kernel console output (not intermixed with test programs): dor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1643.912296][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1643.922425][ T5927] usb 2-1: Product: syz [ 1643.930623][ T5927] usb 2-1: Manufacturer: syz [ 1643.995758][ T5927] cdc_wdm 2-1:1.0: skipping garbage [ 1644.001110][ T5927] cdc_wdm 2-1:1.0: skipping garbage [ 1644.035585][ T5927] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 1644.041959][ T5927] cdc_wdm 2-1:1.0: Unknown control protocol [ 1644.179700][ C0] wdm_int_callback: 5 callbacks suppressed [ 1644.179722][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 1644.192129][ C0] wdm_int_callback: 5 callbacks suppressed [ 1644.192144][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 1644.205377][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 1644.211971][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 1644.225319][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 1644.231948][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 1644.245311][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 1644.251938][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 1644.258181][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 1644.264782][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 1644.275486][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 1644.278270][ T5927] usb 2-1: USB disconnect, device number 39 [ 1644.282120][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 1644.294072][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 1644.308592][T27530] x_tables: duplicate underflow at hook 4 [ 1644.773131][ T5178] block nbd0: Possible stuck request ffff888028198000: control (read@0,1024B). Runtime 210 seconds [ 1644.786423][ T5178] block nbd0: Possible stuck request ffff888028198200: control (read@1024,1024B). Runtime 210 seconds [ 1644.798373][ T5178] block nbd0: Possible stuck request ffff888028198400: control (read@2048,1024B). Runtime 210 seconds [ 1644.847928][ T5178] block nbd0: Possible stuck request ffff888028198600: control (read@3072,1024B). Runtime 210 seconds [ 1645.495322][ T5869] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 1645.625344][T27550] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1645.778536][ T5869] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1646.398436][ T5869] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1646.429063][ T5869] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1646.457258][ T5869] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1647.066831][ T5869] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1647.076094][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1647.084097][ T5869] usb 2-1: Product: syz [ 1647.123992][ T5869] usb 2-1: Manufacturer: syz [ 1647.177850][ T5869] cdc_wdm 2-1:1.0: skipping garbage [ 1647.199584][ T5869] cdc_wdm 2-1:1.0: skipping garbage [ 1647.224468][ T5869] cdc_wdm 2-1:1.0: skipping garbage [ 1647.244236][ T5869] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1647.580932][ T5869] usb 2-1: USB disconnect, device number 40 [ 1647.685539][ T794] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 1647.861659][ T794] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1647.885320][ T794] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1647.945318][ T794] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1647.965044][ T794] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1648.155389][ T5869] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 1648.215661][ T794] usb 3-1: GET_CAPABILITIES returned 0 [ 1648.228313][ T794] usbtmc 3-1:16.0: can't read capabilities [ 1648.327177][ T5869] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1648.375261][ T5869] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1648.395471][ T5869] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1648.426858][ T5869] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1648.475557][ T5869] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1648.509765][ T5869] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1648.519068][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1648.531951][ T5869] usb 4-1: Product: syz [ 1648.538793][ T5869] usb 4-1: Manufacturer: syz [ 1648.553771][ T5869] cdc_wdm 4-1:1.0: skipping garbage [ 1648.617690][T27597] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5673'. [ 1648.813593][ T5869] cdc_wdm 4-1:1.0: skipping garbage [ 1649.202291][T27603] virt_wifi0 speed is unknown, defaulting to 1000 [ 1651.225327][ T794] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 1651.376726][ T794] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1651.385698][ T794] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1651.396364][ T794] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1651.406150][ T794] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1651.421170][ T794] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1651.431446][ T794] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1651.440365][ T794] usb 1-1: Product: syz [ 1651.444743][ T794] usb 1-1: Manufacturer: syz [ 1651.454100][ T794] cdc_wdm 1-1:1.0: skipping garbage [ 1651.459746][ T794] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1652.393565][T27639] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1652.895343][T19154] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260 [ 1653.335386][T26352] usb 2-1: new full-speed USB device number 41 using dummy_hcd [ 1653.742591][T27565] usbtmc 3-1:16.0: usbtmc_ioctl_request failed -110 [ 1653.766507][ T5869] cdc_wdm 4-1:1.0: cdc-wdm1: USB WDM device [ 1653.773655][ T5869] cdc_wdm 4-1:1.0: Unknown control protocol [ 1653.775461][ T5927] usb 1-1: USB disconnect, device number 16 [ 1653.792110][ T5944] usb 3-1: USB disconnect, device number 15 [ 1653.794654][ T5869] usb 4-1: USB disconnect, device number 37 [ 1653.886969][T26352] usb 2-1: config 120 has an invalid interface number: 125 but max is 0 [ 1653.901854][T26352] usb 2-1: config 120 has no interface number 0 [ 1653.908771][T26352] usb 2-1: config 120 interface 125 altsetting 8 endpoint 0x3 has invalid maxpacket 33206, setting to 64 [ 1653.942065][T26352] usb 2-1: config 120 interface 125 has no altsetting 0 [ 1653.958248][T26352] usb 2-1: New USB device found, idVendor=03f0, idProduct=0307, bcdDevice= 0.01 [ 1653.972625][T26352] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1653.999953][T27658] virt_wifi0 speed is unknown, defaulting to 1000 [ 1654.031520][T27659] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5687'. [ 1654.085184][T26352] usb 2-1: Product: syz [ 1654.089682][T26352] usb 2-1: Manufacturer: syz [ 1654.094726][T26352] usb 2-1: SerialNumber: syz [ 1654.158153][T27646] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 1654.403683][T26352] ums-usbat 2-1:120.125: USB Mass Storage device detected [ 1654.515892][T26352] usb 2-1: USB disconnect, device number 41 [ 1654.875063][ T29] audit: type=1400 audit(1774455714.966:1273): avc: denied { create } for pid=27682 comm="syz.0.5694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 1654.917322][T27685] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5692'. [ 1654.935840][ T29] audit: type=1400 audit(1774455715.006:1274): avc: denied { write } for pid=27682 comm="syz.0.5694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 1654.956793][ T29] audit: type=1400 audit(1774455715.006:1275): avc: denied { ioctl } for pid=27682 comm="syz.0.5694" path="socket:[146854]" dev="sockfs" ino=146854 ioctlcmd=0x894b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 1655.166920][T26352] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 1655.335293][T26352] usb 1-1: Using ep0 maxpacket: 16 [ 1655.431243][T26352] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 1655.439760][T26352] usb 1-1: config 0 has no interface number 0 [ 1655.447165][T26352] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1655.484352][T26352] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1655.567517][T26352] usb 1-1: config 0 interface 41 has no altsetting 0 [ 1655.592214][T26352] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1655.602420][T26352] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1655.629838][T26352] usb 1-1: Product: syz [ 1655.642479][T26352] usb 1-1: Manufacturer: syz [ 1655.655300][T26352] usb 1-1: SerialNumber: syz [ 1655.682095][T26352] usb 1-1: config 0 descriptor?? [ 1655.805370][T27686] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1655.816776][T27686] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1656.306872][T27683] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1656.314517][T27683] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1656.665302][ T5869] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1656.827094][ T5869] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1656.838167][ T5869] usb 4-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 1656.857874][ T5869] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1656.874244][ T5869] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1656.903710][ T5869] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1656.914704][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1656.927769][ T5869] usb 4-1: Product: syz [ 1656.935085][ T5869] usb 4-1: Manufacturer: syz [ 1656.938077][T26352] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 1656.966175][ T5869] cdc_wdm 4-1:1.0: skipping garbage [ 1656.978654][ T5869] cdc_wdm 4-1:1.0: skipping garbage [ 1656.984643][ T5869] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1657.105664][T27701] netlink: 'syz.1.5699': attribute type 3 has an invalid length. [ 1657.113537][T27701] netlink: 'syz.1.5699': attribute type 3 has an invalid length. [ 1657.122106][T27701] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5699'. [ 1657.184586][T26352] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 1657.199211][T26352] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Failed to power down PHY : -71 [ 1657.310300][T26352] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -71 [ 1657.322734][T26352] usb 1-1: USB disconnect, device number 17 [ 1657.427383][T27705] trusted_key: encrypted_key: key user:syz not found [ 1657.440228][T27705] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5700'. [ 1657.835552][ T5927] usb 4-1: USB disconnect, device number 38 [ 1660.114201][T26352] libceph: connect (1)[c::]:6789 error -101 [ 1660.116257][T26352] libceph: mon0 (1)[c::]:6789 connect error [ 1660.398865][T26352] libceph: connect (1)[c::]:6789 error -101 [ 1660.406460][T26352] libceph: mon0 (1)[c::]:6789 connect error [ 1660.425316][T23293] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 1660.459774][T27756] fuse: Unknown parameter '0x0000000000000005' [ 1660.585377][T23293] usb 2-1: Using ep0 maxpacket: 16 [ 1660.593966][T23293] usb 2-1: config 0 has an invalid descriptor of length 24, skipping remainder of the config [ 1660.625821][T23293] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1660.637020][T23293] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1660.647729][T23293] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1660.667341][T27747] ceph: No mds server is up or the cluster is laggy [ 1661.012294][T23293] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1661.046388][T27768] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 1661.083727][T23293] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1661.094019][T23293] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1661.103023][T23293] usb 2-1: Manufacturer: syz [ 1661.111400][T23293] usb 2-1: config 0 descriptor?? [ 1661.489358][T23293] rc_core: IR keymap rc-hauppauge not found [ 1661.499017][T23293] Registered IR keymap rc-empty [ 1661.601274][T27780] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5717'. [ 1662.043444][T23293] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1662.086135][T23293] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1662.163148][T23293] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 1662.187580][T23293] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input232 [ 1662.305850][T23293] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1662.362368][T23293] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1662.390130][T23293] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1662.435446][T23293] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1662.465713][T23293] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1662.508075][T23293] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1662.545323][T23293] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1662.585451][T23293] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1662.615853][T23293] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1662.715986][T23293] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 1662.747964][T23293] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1662.769010][T23293] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1662.810809][T23293] usb 2-1: USB disconnect, device number 42 [ 1663.190757][T27797] virt_wifi0 speed is unknown, defaulting to 1000 [ 1663.287356][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1663.330385][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1663.967736][T27812] fuse: Unknown parameter '0x0000000000000005' [ 1665.534195][T27836] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60030 sclass=netlink_route_socket pid=27836 comm=syz.4.5733 [ 1666.312125][T27847] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5735'. [ 1667.312755][T27861] fuse: Unknown parameter '0x0000000000000005' [ 1668.455738][T26352] Process accounting resumed [ 1668.745918][T26352] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 1669.106925][T26352] usb 4-1: Using ep0 maxpacket: 16 [ 1669.129008][T26352] usb 4-1: config 0 has an invalid descriptor of length 27, skipping remainder of the config [ 1669.139909][T26352] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1669.295380][T26352] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1669.305557][T26352] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1669.315529][T26352] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1669.330311][T26352] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1669.339679][T26352] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1669.484582][T26352] usb 4-1: Manufacturer: syz [ 1669.548550][T26352] usb 4-1: config 0 descriptor?? [ 1669.928072][T26352] rc_core: IR keymap rc-hauppauge not found [ 1669.934064][T26352] Registered IR keymap rc-empty [ 1669.939231][T26352] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1669.965357][T26352] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1669.995109][T26352] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 1670.045995][T26352] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input233 [ 1670.214481][T26352] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1670.327368][T26352] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1670.378608][T26352] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1670.415467][T26352] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1670.435402][T26352] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1670.465352][T26352] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1670.505335][T26352] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1670.525331][T26352] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1670.545335][T26352] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1670.565343][T26352] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 1670.588976][T26352] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1670.605364][T26352] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1670.605378][T23293] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 1670.655624][T26352] usb 4-1: USB disconnect, device number 39 [ 1670.766575][T23293] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1670.775512][T23293] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1670.792371][T23293] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1670.817704][T23293] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87 [ 1670.831737][T23293] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 14129, setting to 64 [ 1670.846673][T23293] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1670.856271][T23293] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1670.875416][T23293] usb 3-1: Product: syz [ 1670.879765][T23293] usb 3-1: Manufacturer: syz [ 1670.891180][T23293] cdc_wdm 3-1:1.0: skipping garbage [ 1670.896799][T23293] cdc_wdm 3-1:1.0: skipping garbage [ 1670.902171][T23293] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1671.052625][T27916] syzkaller0: entered promiscuous mode [ 1671.059330][T27916] syzkaller0: entered allmulticast mode [ 1671.229269][T23293] usb 3-1: USB disconnect, device number 16 [ 1671.436080][T27927] fuse: Unknown parameter 'fd0x0000000000000005' [ 1672.431166][T27942] virt_wifi0 speed is unknown, defaulting to 1000 [ 1674.795741][ T5178] block nbd0: Possible stuck request ffff888028198000: control (read@0,1024B). Runtime 240 seconds [ 1674.808520][ T5178] block nbd0: Possible stuck request ffff888028198200: control (read@1024,1024B). Runtime 240 seconds [ 1674.864417][T27966] libceph: resolve '96.' (ret=-3): failed [ 1674.968502][ T5178] block nbd0: Possible stuck request ffff888028198400: control (read@2048,1024B). Runtime 240 seconds [ 1675.105397][ T5178] block nbd0: Possible stuck request ffff888028198600: control (read@3072,1024B). Runtime 240 seconds [ 1675.911040][T27984] libceph: resolve '96.' (ret=-3): failed [ 1677.275321][ T794] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 1677.437433][ T794] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1677.449254][ T794] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1677.461149][ T794] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1677.474574][ T794] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1677.483843][ T794] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1677.494263][ T794] usb 3-1: config 0 descriptor?? [ 1677.916340][ T794] plantronics 0003:047F:FFFF.002C: unknown main item tag 0x0 [ 1677.923764][ T794] plantronics 0003:047F:FFFF.002C: unknown main item tag 0x0 [ 1677.946557][ T794] plantronics 0003:047F:FFFF.002C: unknown main item tag 0x0 [ 1677.959186][ T794] plantronics 0003:047F:FFFF.002C: unknown main item tag 0x0 [ 1677.974212][ T794] plantronics 0003:047F:FFFF.002C: unknown main item tag 0x0 [ 1677.993243][ T794] plantronics 0003:047F:FFFF.002C: unknown main item tag 0x0 [ 1678.008699][ T794] plantronics 0003:047F:FFFF.002C: unknown main item tag 0x0 [ 1678.023176][ T794] plantronics 0003:047F:FFFF.002C: unknown main item tag 0x0 [ 1678.037814][ T794] plantronics 0003:047F:FFFF.002C: unknown main item tag 0x0 [ 1678.060377][ T794] plantronics 0003:047F:FFFF.002C: unknown main item tag 0x0 [ 1678.081067][ T794] plantronics 0003:047F:FFFF.002C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1678.465468][ T794] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1678.661289][T28036] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 1678.666976][ T794] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1678.682769][ T794] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1678.703503][ T794] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1678.715578][ T794] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1678.727058][ T794] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1678.741585][ T794] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1678.751204][ T794] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1678.759487][ T794] usb 4-1: Product: syz [ 1678.763779][ T794] usb 4-1: Manufacturer: syz [ 1678.775715][ T794] cdc_wdm 4-1:1.0: skipping garbage [ 1678.781302][ T794] cdc_wdm 4-1:1.0: skipping garbage [ 1678.788094][ T794] cdc_wdm 4-1:1.0: cdc-wdm1: USB WDM device [ 1678.794176][ T794] cdc_wdm 4-1:1.0: Unknown control protocol [ 1678.908929][T28039] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.5787'. [ 1679.227034][T28007] usb 3-1: string descriptor 0 read error: -71 [ 1679.757913][T26352] usb 4-1: USB disconnect, device number 40 [ 1679.803625][ T5813] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1679.816470][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1679.825037][ T5813] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1679.837926][ T5813] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1679.845711][ T5813] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1679.878340][T28054] virt_wifi0 speed is unknown, defaulting to 1000 [ 1680.048556][T28054] chnl_net:caif_netlink_parms(): no params data found [ 1680.146203][T28054] bridge0: port 1(bridge_slave_0) entered blocking state [ 1680.158374][T28054] bridge0: port 1(bridge_slave_0) entered disabled state [ 1680.168064][T28054] bridge_slave_0: entered allmulticast mode [ 1680.178480][T28054] bridge_slave_0: entered promiscuous mode [ 1680.187338][T28054] bridge0: port 2(bridge_slave_1) entered blocking state [ 1680.194680][T28054] bridge0: port 2(bridge_slave_1) entered disabled state [ 1680.202474][T28054] bridge_slave_1: entered allmulticast mode [ 1680.211007][T28054] bridge_slave_1: entered promiscuous mode [ 1680.276598][T28054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1680.306713][T28054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1680.337281][T28054] team0: Port device team_slave_0 added [ 1680.345350][T28054] team0: Port device team_slave_1 added [ 1680.378944][T28054] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1680.388138][T28054] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1680.414446][T28054] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1680.590102][ T47] usb 3-1: USB disconnect, device number 17 [ 1680.712753][T28076] fuse: Unknown parameter 'user_i0000000000000000000000000000000000000000' [ 1681.367790][T28054] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1681.379305][T28075] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 1681.391705][T28070] trusted_key: encrypted_key: insufficient parameters specified [ 1681.810355][T28054] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1681.892410][T28054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1681.915317][T19154] Bluetooth: hci1: command tx timeout [ 1682.036236][T28054] hsr_slave_0: entered promiscuous mode [ 1682.106756][T28054] hsr_slave_1: entered promiscuous mode [ 1682.113977][T28054] debugfs: 'hsr0' already exists in 'hsr' [ 1682.133517][T28054] Cannot create hsr debugfs directory [ 1682.947390][T28087] virt_wifi0 speed is unknown, defaulting to 1000 [ 1683.809445][T28054] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1683.859173][T28054] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1683.889815][T28054] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1683.921652][T28054] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1684.023012][T19154] Bluetooth: hci1: command tx timeout [ 1684.151311][T28054] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1684.168519][T28054] 8021q: adding VLAN 0 to HW filter on device team0 [ 1684.190801][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 1684.197939][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1684.220424][T28121] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1684.252155][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 1684.255573][T28121] block device autoloading is deprecated and will be removed. [ 1684.259333][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1684.436877][T28124] libceph: resolve '96.' (ret=-3): failed [ 1686.077994][T28140] fuse: Unknown parameter 'user_i0000000000000000000000000000000000000000' [ 1686.656813][T19154] Bluetooth: hci1: command tx timeout [ 1687.334553][T28054] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1687.697090][ T5181] udevd[5181]: worker [21143] /devices/virtual/block/nbd0 timeout; kill it [ 1687.748146][ T5181] udevd[5181]: seq 31956 '/devices/virtual/block/nbd0' killed [ 1688.091809][T28156] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 1688.495170][T28054] veth0_vlan: entered promiscuous mode [ 1688.518328][T28054] veth1_vlan: entered promiscuous mode [ 1688.569790][T28054] veth0_macvtap: entered promiscuous mode [ 1688.586036][T28054] veth1_macvtap: entered promiscuous mode [ 1688.599671][T28178] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1688.637199][T28054] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1688.672657][T28054] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1688.711720][ T49] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1688.721769][T19154] Bluetooth: hci1: command tx timeout [ 1688.723337][ T49] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1688.780753][ T49] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1688.847815][ T49] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1688.983870][T28051] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1688.994425][T28051] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1689.054087][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1689.068937][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1689.770121][T28198] libceph: resolve '96.' (ret=-3): failed [ 1692.392924][ T5813] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1692.403455][ T5813] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1692.412087][ T5813] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1692.431139][ T5813] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1692.439902][ T5813] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1692.519681][T28237] virt_wifi0 speed is unknown, defaulting to 1000 [ 1693.195359][ T5927] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 1693.282444][T28237] chnl_net:caif_netlink_parms(): no params data found [ 1693.357084][ T5927] usb 3-1: Using ep0 maxpacket: 16 [ 1693.373651][ T5927] usb 3-1: config 0 has an invalid descriptor of length 35, skipping remainder of the config [ 1693.402050][ T5927] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1693.440636][ T5927] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1693.470916][ T5927] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1693.491149][ T5927] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1693.522102][ T5927] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1693.538471][ T5927] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1693.602870][T28237] bridge0: port 1(bridge_slave_0) entered blocking state [ 1693.604811][ T5927] usb 3-1: Manufacturer: syz [ 1693.616801][T28237] bridge0: port 1(bridge_slave_0) entered disabled state [ 1693.626088][T28237] bridge_slave_0: entered allmulticast mode [ 1693.636019][T28237] bridge_slave_0: entered promiscuous mode [ 1693.645329][T28237] bridge0: port 2(bridge_slave_1) entered blocking state [ 1693.656981][T28237] bridge0: port 2(bridge_slave_1) entered disabled state [ 1693.665163][T28237] bridge_slave_1: entered allmulticast mode [ 1693.671227][ T5927] usb 3-1: config 0 descriptor?? [ 1693.683174][T28237] bridge_slave_1: entered promiscuous mode [ 1693.928801][T28237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1694.263872][T28237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1694.288550][ T5927] rc_core: IR keymap rc-hauppauge not found [ 1694.294478][ T5927] Registered IR keymap rc-empty [ 1694.325040][ T5927] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1694.383967][ T5927] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1694.398861][T28237] team0: Port device team_slave_0 added [ 1694.426325][ T5927] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 1694.453471][T28237] team0: Port device team_slave_1 added [ 1694.462721][ T5927] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input235 [ 1694.478594][T19154] Bluetooth: hci6: command tx timeout [ 1694.524214][ T5927] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1694.649758][ T5927] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1694.670916][T28237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1694.675363][ T5927] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1694.696825][T28237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1694.705427][ T5927] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1694.746200][ T5927] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1695.682391][T28237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1695.694582][T28237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1695.703094][T28237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1695.711542][ T5927] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1695.980310][T28237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1696.048375][ T5927] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1696.262999][T28285] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5840'. [ 1696.360548][ T5927] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1696.395595][ T5927] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1696.421710][ T5927] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 1696.605457][T19154] Bluetooth: hci6: command tx timeout [ 1696.621566][ T5927] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1696.843816][ T5927] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1696.869788][ T5927] usb 3-1: USB disconnect, device number 18 [ 1696.925460][T28284] virt_wifi0 speed is unknown, defaulting to 1000 [ 1696.972226][T28293] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60030 sclass=netlink_route_socket pid=28293 comm=syz.5.5842 [ 1697.077955][T28237] hsr_slave_0: entered promiscuous mode [ 1697.175947][T28237] hsr_slave_1: entered promiscuous mode [ 1697.203365][T28237] debugfs: 'hsr0' already exists in 'hsr' [ 1697.218845][T28237] Cannot create hsr debugfs directory [ 1697.795745][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1697.826835][ T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1698.112463][ T155] bond0 (unregistering): Released all slaves [ 1698.378596][ T155] tipc: Left network mode [ 1698.635270][ T5813] Bluetooth: hci6: command tx timeout [ 1698.891069][ T155] hsr_slave_0: left promiscuous mode [ 1698.919745][ T155] hsr_slave_1: left promiscuous mode [ 1699.285580][ T5927] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1699.834203][ T155] team0 (unregistering): Port device team_slave_1 removed [ 1699.885986][ T5927] usb 6-1: Using ep0 maxpacket: 16 [ 1699.892888][ T155] team0 (unregistering): Port device team_slave_0 removed [ 1699.895108][ T5927] usb 6-1: config 0 has an invalid descriptor of length 35, skipping remainder of the config [ 1699.917892][ T794] Process accounting resumed [ 1699.949002][ T5927] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1700.039640][ T5927] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1700.075585][ T47] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 1700.111598][ T5927] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1700.155658][ T5927] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1700.170152][ T5927] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1700.182910][ T5927] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1700.194023][ T5927] usb 6-1: Manufacturer: syz [ 1700.210360][ T5927] usb 6-1: config 0 descriptor?? [ 1700.229481][ T47] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1700.245134][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1700.258404][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1700.271070][ T47] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1700.308528][ T47] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1700.320688][ T47] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1700.351963][ T47] usb 5-1: Manufacturer: syz [ 1700.392623][ T47] usb 5-1: config 0 descriptor?? [ 1700.525311][ T5927] rc_core: IR keymap rc-hauppauge not found [ 1700.531294][ T5927] Registered IR keymap rc-empty [ 1700.540446][ T5927] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 1700.570254][ T5927] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 1700.596398][ T5927] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 1700.614865][ T5927] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input236 [ 1700.653711][ T5927] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 1700.730036][ T5813] Bluetooth: hci6: command tx timeout [ 1700.742894][ T5927] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 1700.788149][ T5927] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 1700.815878][ T47] hid_parser_main: 5 callbacks suppressed [ 1700.815899][ T47] appleir 0003:05AC:8243.002D: unknown main item tag 0x0 [ 1700.857940][ T5927] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 1700.864607][T28237] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1700.888412][T28237] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1700.897032][ T5927] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 1700.919631][ T47] appleir 0003:05AC:8243.002D: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 1700.959117][ T5927] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 1700.974433][T28237] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1701.001625][T28237] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1701.048232][ T5927] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 1701.115631][ T5927] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 1701.158809][ T5927] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 1701.171720][ T47] usb 5-1: USB disconnect, device number 7 [ 1701.215336][ T5927] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 1701.251217][ T5927] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1701.278217][ T5927] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1701.311882][ T5927] usb 6-1: USB disconnect, device number 2 [ 1701.317301][T28237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1701.394059][T28237] 8021q: adding VLAN 0 to HW filter on device team0 [ 1701.420838][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 1701.427957][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1701.460632][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 1701.467757][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1702.269082][T28399] fuse: Bad value for 'fd' [ 1702.483737][T28396] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5856'. [ 1702.948926][T28408] comedi comedi0: Minor 3 could not be opened [ 1703.000997][T28237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1703.196580][T28418] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5860'. [ 1703.401837][T28237] veth0_vlan: entered promiscuous mode [ 1703.454999][T28237] veth1_vlan: entered promiscuous mode [ 1703.647145][T28237] veth0_macvtap: entered promiscuous mode [ 1703.683570][T28237] veth1_macvtap: entered promiscuous mode [ 1703.792984][T28237] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1703.831945][T28237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1704.097535][ T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1705.045677][ T5178] block nbd0: Possible stuck request ffff888028198000: control (read@0,1024B). Runtime 270 seconds [ 1705.056573][ T5178] block nbd0: Possible stuck request ffff888028198200: control (read@1024,1024B). Runtime 270 seconds [ 1705.068285][ T5178] block nbd0: Possible stuck request ffff888028198400: control (read@2048,1024B). Runtime 270 seconds [ 1705.151651][ T35] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1705.162654][ T5178] block nbd0: Possible stuck request ffff888028198600: control (read@3072,1024B). Runtime 270 seconds [ 1705.207284][ T35] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1705.244329][ T35] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1705.580076][T28051] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1705.618892][T28051] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1705.848584][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1705.965143][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1707.613536][ T5944] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 1707.763209][ T47] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1707.844079][ T5944] usb 1-1: Using ep0 maxpacket: 16 [ 1708.167460][T15376] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 1708.177373][ T5944] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1708.282516][ T5944] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1708.292655][ T5944] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1708.302908][ T5944] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1708.311037][ T5944] usb 1-1: Manufacturer: syz [ 1708.317485][ T5944] usb 1-1: config 0 descriptor?? [ 1708.355662][T15376] usb 5-1: Using ep0 maxpacket: 8 [ 1708.356702][ T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1709.326494][T15376] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 1709.338825][T15376] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1709.348587][T15376] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1709.358955][T15376] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1709.361489][ T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1709.372547][T15376] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1709.392351][ T47] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1709.408103][ T47] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1709.417437][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1709.677635][T15376] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1709.697238][ T47] usb 4-1: config 0 descriptor?? [ 1709.723155][T15376] usbtmc 5-1:16.0: bulk endpoints not found [ 1709.776959][T28495] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1710.116681][ T47] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0 [ 1710.127754][ T47] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0 [ 1710.135187][ T47] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0 [ 1710.143596][ T47] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0 [ 1710.151897][ T47] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0 [ 1710.160341][ T47] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0 [ 1710.167825][ T47] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0 [ 1710.175391][ T47] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0 [ 1710.184080][ T47] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0 [ 1710.191522][ T47] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0 [ 1710.210536][ T47] plantronics 0003:047F:FFFF.002E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1710.346704][T15376] usb 4-1: USB disconnect, device number 41 [ 1710.754636][T28503] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5874'. [ 1710.781237][T15376] usb 1-1: USB disconnect, device number 18 [ 1710.822672][T28503] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5874'. [ 1711.155351][T15376] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 1711.419182][T15376] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1711.427900][ T5944] usb 5-1: USB disconnect, device number 8 [ 1711.449746][T15376] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1712.415335][T15376] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1712.425128][T15376] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7 [ 1712.438231][T15376] usb 1-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40 [ 1712.749462][T15376] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1712.761747][T15376] usb 1-1: Product: syz [ 1712.766389][T15376] usb 1-1: Manufacturer: syz [ 1712.770998][T15376] usb 1-1: SerialNumber: syz [ 1713.085328][ T793] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1713.114349][T15376] usb 1-1: USB disconnect, device number 19 [ 1713.248921][ T793] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1713.269505][ T793] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1713.321304][ T793] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1713.335578][ T793] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1713.374470][ T793] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1713.418570][ T793] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1713.438178][ T793] usb 3-1: Manufacturer: syz [ 1713.454667][ T793] usb 3-1: config 0 descriptor?? [ 1713.897139][ T793] appleir 0003:05AC:8243.002F: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 1714.190216][T23293] Process accounting resumed [ 1714.213001][ T793] usb 3-1: USB disconnect, device number 19 [ 1714.245258][T28548] fido_id[28548]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 1714.523505][T28557] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1716.303089][T28570] fuse: Unknown parameter '0x0000000000000003' [ 1717.482628][T28589] No control pipe specified [ 1718.122079][T28596] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 1718.983742][T19154] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1719.011337][T19154] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1719.022182][T19154] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1719.030253][T19154] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1719.038670][T19154] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1721.028548][T28610] chnl_net:caif_netlink_parms(): no params data found [ 1721.118853][T19154] Bluetooth: hci5: command tx timeout [ 1721.246600][T28610] bridge0: port 1(bridge_slave_0) entered blocking state [ 1721.254571][T28610] bridge0: port 1(bridge_slave_0) entered disabled state [ 1721.264095][T28610] bridge_slave_0: entered allmulticast mode [ 1721.274038][T28610] bridge_slave_0: entered promiscuous mode [ 1721.282353][T28610] bridge0: port 2(bridge_slave_1) entered blocking state [ 1721.292060][T28610] bridge0: port 2(bridge_slave_1) entered disabled state [ 1721.299330][T28610] bridge_slave_1: entered allmulticast mode [ 1721.306675][T28610] bridge_slave_1: entered promiscuous mode [ 1721.356853][T28610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1721.436123][T28610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1721.558580][ T47] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 1721.668883][T28610] team0: Port device team_slave_0 added [ 1721.743457][T28610] team0: Port device team_slave_1 added [ 1721.815289][ T47] usb 1-1: Using ep0 maxpacket: 8 [ 1721.823495][ T47] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1721.827070][T28610] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1721.835269][ T47] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1721.859295][T28646] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1721.875642][ T47] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1721.903944][ T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1721.924416][T28610] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1721.936191][ T47] usb 1-1: config 0 descriptor?? [ 1722.005270][T28610] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1722.061871][T28610] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1722.075994][T28610] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1722.159046][T28610] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1722.285661][ T47] usb 1-1: USB disconnect, device number 20 [ 1722.376916][T28610] hsr_slave_0: entered promiscuous mode [ 1722.390457][T28610] hsr_slave_1: entered promiscuous mode [ 1722.403088][T28610] debugfs: 'hsr0' already exists in 'hsr' [ 1722.415035][T28610] Cannot create hsr debugfs directory [ 1722.533012][T28610] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1722.638932][T28610] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1722.723039][T28610] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1723.175032][T28610] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1723.195695][T19154] Bluetooth: hci5: command tx timeout [ 1723.248933][T28667] hsr1: left promiscuous mode [ 1723.493466][T28672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5913'. [ 1723.751031][T28610] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1723.870035][T28610] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1723.902680][T28610] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1723.949301][T28610] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1724.216459][ T29] audit: type=1400 audit(1774455784.316:1276): avc: denied { getopt } for pid=28695 comm="syz.0.5920" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 1724.277850][T28610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1724.360374][T28610] 8021q: adding VLAN 0 to HW filter on device team0 [ 1724.414547][T28051] bridge0: port 1(bridge_slave_0) entered blocking state [ 1724.421764][T28051] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1724.485905][T28705] syzkaller0: entered promiscuous mode [ 1724.491376][T28705] syzkaller0: entered allmulticast mode [ 1724.518991][ T29] audit: type=1400 audit(1774455784.616:1277): avc: denied { shutdown } for pid=28706 comm="syz.5.5924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1724.544075][T28267] bridge0: port 2(bridge_slave_1) entered blocking state [ 1724.551277][T28267] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1724.590647][ T29] audit: type=1400 audit(1774455784.646:1278): avc: denied { read } for pid=28706 comm="syz.5.5924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1724.644131][ T29] audit: type=1400 audit(1774455784.656:1279): avc: denied { ioctl } for pid=28709 comm="syz.3.5926" path="socket:[157985]" dev="sockfs" ino=157985 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1724.683092][ T29] audit: type=1400 audit(1774455784.686:1280): avc: denied { create } for pid=28708 comm="syz.4.5925" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 1724.719009][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1724.725785][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1724.727766][T28711] tipc: Started in network mode [ 1724.741919][T28711] tipc: Node identity ba3c4d851403, cluster identity 4711 [ 1724.765705][T28711] tipc: Enabled bearer , priority 0 [ 1724.829115][T28711] syzkaller0: entered promiscuous mode [ 1724.840121][T28711] syzkaller0: entered allmulticast mode [ 1724.899048][T28718] team0: entered promiscuous mode [ 1724.904121][T28718] team_slave_0: entered promiscuous mode [ 1724.917644][T28718] team_slave_1: entered promiscuous mode [ 1724.931733][T28721] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5929'. [ 1724.943541][T28718] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1724.996436][T28715] tipc: Resetting bearer [ 1725.020528][T28708] tipc: Resetting bearer [ 1725.083936][T28727] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5931'. [ 1725.084101][T28708] tipc: Disabling bearer [ 1725.179021][T28610] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1725.282634][ T29] audit: type=1400 audit(1774455785.376:1281): avc: denied { getopt } for pid=28738 comm="syz.0.5936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 1725.305162][T19154] Bluetooth: hci5: command tx timeout [ 1725.338293][T28610] veth0_vlan: entered promiscuous mode [ 1725.347859][T28743] syzkaller0: entered promiscuous mode [ 1725.353424][T28743] syzkaller0: entered allmulticast mode [ 1725.378860][T28610] veth1_vlan: entered promiscuous mode [ 1725.422790][T28610] veth0_macvtap: entered promiscuous mode [ 1725.434510][T28610] veth1_macvtap: entered promiscuous mode [ 1725.444616][ T29] audit: type=1400 audit(1774455785.536:1282): avc: denied { name_connect } for pid=28749 comm="syz.0.5940" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 1725.474512][T28610] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1725.510150][T28610] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1725.520836][T28752] syzkaller1: entered promiscuous mode [ 1725.526530][T28752] syzkaller1: entered allmulticast mode [ 1725.538634][ T35] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1725.547605][ T35] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1725.570116][ T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1725.579036][ T35] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1725.651080][ T29] audit: type=1400 audit(1774455785.746:1283): avc: denied { setopt } for pid=28754 comm="syz.5.5942" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 1725.691397][ T29] audit: type=1400 audit(1774455785.746:1284): avc: denied { connect } for pid=28754 comm="syz.5.5942" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 1725.739705][ T29] audit: type=1400 audit(1774455785.836:1285): avc: denied { getopt } for pid=28758 comm="syz.5.5944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1726.062161][T28735] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1726.126156][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1726.134006][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1726.187520][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1726.198016][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1726.287650][T28771] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5949'. [ 1726.302735][T28771] macsec1: entered allmulticast mode [ 1726.310361][T28771] dummy0: entered allmulticast mode [ 1726.481333][T28786] openvswitch: netlink: Key type 310 is out of range max 32 [ 1726.529114][T28782] IPVS: Scheduler module ip_vs_ not found [ 1727.068012][T28804] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5960'. [ 1727.129399][T28802] ieee802154 phy0 wpan0: encryption failed: -22 [ 1727.238027][T28808] syzkaller0: entered promiscuous mode [ 1727.243607][T28808] syzkaller0: entered allmulticast mode [ 1727.365726][T19154] Bluetooth: hci5: command tx timeout [ 1727.471211][T28824] Bluetooth: MGMT ver 1.23 [ 1727.683987][T28842] syzkaller0: entered promiscuous mode [ 1727.694505][T28842] syzkaller0: entered allmulticast mode [ 1727.750415][T28846] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5980'. [ 1727.795670][T28844] tipc: Started in network mode [ 1727.805384][T28844] tipc: Node identity 4e5f005e83f5, cluster identity 4711 [ 1727.819079][T28844] tipc: Enabled bearer , priority 0 [ 1727.855842][T28844] syzkaller0: entered promiscuous mode [ 1727.861643][T28844] syzkaller0: entered allmulticast mode [ 1728.019167][T28844] tipc: Resetting bearer [ 1728.030557][T28864] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5987'. [ 1728.044428][T28843] tipc: Resetting bearer [ 1728.061663][T28843] tipc: Disabling bearer [ 1728.072891][T28861] syzkaller0: entered promiscuous mode [ 1728.081106][T28861] syzkaller0: entered allmulticast mode [ 1728.159208][T28870] netlink: 'syz.4.5990': attribute type 39 has an invalid length. [ 1728.267489][T28878] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5993'. [ 1728.293445][T28051] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1728.293561][T28878] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5993'. [ 1728.307147][T28051] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1728.327115][T28051] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1728.338497][T28051] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1728.899018][T28907] ieee802154 phy0 wpan0: encryption failed: -22 [ 1728.976278][T28911] Bluetooth: MGMT ver 1.23 [ 1729.074977][T28916] ipvlan0: entered promiscuous mode [ 1729.225834][T28897] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6000'. [ 1729.279636][T28884] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1729.501311][T28941] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6013'. [ 1729.528114][T28941] vlan1: entered promiscuous mode [ 1729.533192][T28941] team0: entered promiscuous mode [ 1729.559276][T28941] team_slave_0: entered promiscuous mode [ 1729.568091][T28941] team_slave_1: entered promiscuous mode [ 1729.604249][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 1729.604267][ T29] audit: type=1400 audit(1774455789.686:1296): avc: denied { connect } for pid=28947 comm="syz.5.6014" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 1729.658678][ T29] audit: type=1400 audit(1774455789.756:1297): avc: denied { connect } for pid=28947 comm="syz.5.6014" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 1729.762771][ T29] audit: type=1400 audit(1774455789.756:1298): avc: denied { write } for pid=28947 comm="syz.5.6014" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 1729.865050][ T29] audit: type=1400 audit(1774455789.756:1299): avc: denied { write } for pid=28947 comm="syz.5.6014" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 1729.927105][ T29] audit: type=1400 audit(1774455789.756:1300): avc: denied { accept } for pid=28947 comm="syz.5.6014" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 1730.001043][T28977] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6021'. [ 1730.086249][ T29] audit: type=1400 audit(1774455790.176:1301): avc: denied { relabelfrom } for pid=28981 comm="syz.3.6022" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 1730.110284][T28983] syzkaller0: entered promiscuous mode [ 1730.116122][T28983] syzkaller0: entered allmulticast mode [ 1730.138595][T28985] netlink: 'syz.2.6023': attribute type 13 has an invalid length. [ 1730.138811][ T29] audit: type=1400 audit(1774455790.186:1302): avc: denied { relabelto } for pid=28981 comm="syz.3.6022" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 1730.204717][T28993] netlink: 'syz.3.6025': attribute type 39 has an invalid length. [ 1730.246590][T28995] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6023'. [ 1730.275581][ T29] audit: type=1400 audit(1774455790.376:1303): avc: denied { getopt } for pid=28996 comm="syz.4.6026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 1730.553249][T29010] syzkaller0: entered promiscuous mode [ 1730.589327][T29010] syzkaller0: entered allmulticast mode [ 1730.830949][T29024] syzkaller0: entered promiscuous mode [ 1730.878859][T29024] syzkaller0: entered allmulticast mode [ 1731.060143][T23293] IPVS: starting estimator thread 0... [ 1731.130185][ T29] audit: type=1400 audit(1774455791.226:1304): avc: denied { bind } for pid=29041 comm="syz.0.6041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1731.166772][T29035] IPVS: using max 50 ests per chain, 120000 per kthread [ 1731.336971][ T29] audit: type=1400 audit(1774455791.436:1305): avc: denied { write } for pid=29043 comm="syz.4.6042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 1731.375563][T29044] tipc: Enabled bearer , priority 0 [ 1731.408102][T29044] syzkaller0: entered promiscuous mode [ 1731.413696][T29044] syzkaller0: entered allmulticast mode [ 1731.423370][T29050] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6044'. [ 1731.528187][T29044] tipc: Resetting bearer [ 1731.598583][T29043] tipc: Resetting bearer [ 1731.674097][T29043] tipc: Disabling bearer [ 1732.100782][T29092] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6053'. [ 1732.188738][T29091] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6054'. [ 1732.402798][T29074] lec:lec_atm_send: lec0: Unknown message type 252 [ 1732.520409][T29073] lec:lec_atm_close: lec0: Shut down! [ 1732.647953][T29117] lo speed is unknown, defaulting to 1000 [ 1732.732303][T29117] lo speed is unknown, defaulting to 1000 [ 1732.764546][T29117] lo speed is unknown, defaulting to 1000 [ 1732.767474][T29129] netlink: 'syz.5.6065': attribute type 39 has an invalid length. [ 1732.863372][T29138] tipc: Can't bind to reserved service type 2 [ 1732.966675][T29143] netlink: 'syz.0.6071': attribute type 89 has an invalid length. [ 1733.572492][ T5944] lo speed is unknown, defaulting to 1000 [ 1733.586277][T29117] infiniband syz0: set active [ 1733.600052][T29117] infiniband syz0: added lo [ 1733.615423][T29117] syz0: rxe_create_qp: returned err = -2 [ 1733.631268][T29117] infiniband syz0: Couldn't create ib_mad QP1 [ 1733.666940][T29117] infiniband syz0: Couldn't open port 1 [ 1733.749522][T29117] RDS/IB: syz0: added [ 1733.772049][T29117] smc: adding ib device syz0 with port count 1 [ 1733.801044][T29117] smc: ib device syz0 port 1 has no pnetid [ 1733.818407][ T5944] lo speed is unknown, defaulting to 1000 [ 1733.831404][T29117] lo speed is unknown, defaulting to 1000 [ 1733.885022][T29177] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6083'. [ 1734.405287][T29117] lo speed is unknown, defaulting to 1000 [ 1734.835303][T29117] lo speed is unknown, defaulting to 1000 [ 1734.903026][T29233] netlink: 220 bytes leftover after parsing attributes in process `syz.3.6103'. [ 1735.164921][T29117] lo speed is unknown, defaulting to 1000 [ 1735.287822][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 1735.287839][ T29] audit: type=1400 audit(1774455795.386:1314): avc: denied { write } for pid=29248 comm="syz.5.6108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 1735.503066][T29259] Failed to initialize the IGMP autojoin socket (err -2) [ 1735.574630][T29117] lo speed is unknown, defaulting to 1000 [ 1735.596464][ T5178] block nbd0: Possible stuck request ffff888028198000: control (read@0,1024B). Runtime 300 seconds [ 1735.608922][ T5178] block nbd0: Possible stuck request ffff888028198200: control (read@1024,1024B). Runtime 300 seconds [ 1735.620383][ T5178] block nbd0: Possible stuck request ffff888028198400: control (read@2048,1024B). Runtime 300 seconds [ 1735.632491][ T5178] block nbd0: Possible stuck request ffff888028198600: control (read@3072,1024B). Runtime 300 seconds [ 1735.665484][T29267] netlink: 'syz.3.6116': attribute type 9 has an invalid length. [ 1735.752663][ T29] audit: type=1400 audit(1774455795.836:1315): avc: denied { connect } for pid=29271 comm="syz.0.6118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1735.822048][T29272] veth1_to_bond: entered allmulticast mode [ 1735.831392][T29271] veth1_to_bond: left allmulticast mode [ 1735.838687][T29273] syzkaller0: entered promiscuous mode [ 1735.844191][T29273] syzkaller0: entered allmulticast mode [ 1735.849885][ T29] audit: type=1400 audit(1774455795.916:1316): avc: denied { setopt } for pid=29271 comm="syz.0.6118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 1735.849940][ T29] audit: type=1400 audit(1774455795.936:1317): avc: denied { setopt } for pid=29271 comm="syz.0.6118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 1736.018425][T29117] lo speed is unknown, defaulting to 1000 [ 1736.272239][T29296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1736.372556][ T5813] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1736.384634][ T5813] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1736.393469][ T5813] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1736.403059][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1736.413704][ T5813] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1736.474119][T29301] Failed to initialize the IGMP autojoin socket (err -2) [ 1736.538032][T29117] lo speed is unknown, defaulting to 1000 [ 1736.571215][T29307] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6136'. [ 1736.634059][ T29] audit: type=1400 audit(1774455796.726:1318): avc: denied { accept } for pid=29306 comm="syz.5.6136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 1736.816961][T29318] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.6140'. [ 1736.837754][T29318] bridge_slave_1: default FDB implementation only supports local addresses [ 1736.910671][T29313] syzkaller0: entered promiscuous mode [ 1736.925270][T29313] syzkaller0: entered allmulticast mode [ 1737.008769][T29327] Failed to initialize the IGMP autojoin socket (err -2) [ 1737.255515][T29301] chnl_net:caif_netlink_parms(): no params data found [ 1737.422234][T29355] Failed to initialize the IGMP autojoin socket (err -2) [ 1737.478399][ T29] audit: type=1400 audit(1774455797.566:1319): avc: denied { write } for pid=29342 comm="syz.0.6149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 1737.569574][T29358] block nbd5: server does not support multiple connections per device. [ 1737.595822][T29358] block nbd5: shutting down sockets [ 1737.718351][ T29] audit: type=1400 audit(1774455797.816:1320): avc: denied { bind } for pid=29372 comm="syz.5.6153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 1737.764015][T29301] bridge0: port 1(bridge_slave_0) entered blocking state [ 1737.782567][T29377] netlink: 'syz.2.6154': attribute type 10 has an invalid length. [ 1737.794815][ T29] audit: type=1400 audit(1774455797.816:1321): avc: denied { setopt } for pid=29372 comm="syz.5.6153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1737.818347][T29301] bridge0: port 1(bridge_slave_0) entered disabled state [ 1737.835791][T29301] bridge_slave_0: entered allmulticast mode [ 1737.861032][T29301] bridge_slave_0: entered promiscuous mode [ 1737.882001][T29301] bridge0: port 2(bridge_slave_1) entered blocking state [ 1737.898863][T29301] bridge0: port 2(bridge_slave_1) entered disabled state [ 1737.919170][T29301] bridge_slave_1: entered allmulticast mode [ 1737.933743][T29301] bridge_slave_1: entered promiscuous mode [ 1737.972481][T29377] 8021q: adding VLAN 0 to HW filter on device team0 [ 1737.998886][T29377] bond0: (slave team0): Enslaving as an active interface with an up link [ 1738.011488][T29391] syzkaller0: entered promiscuous mode [ 1738.030735][T29391] syzkaller0: entered allmulticast mode [ 1738.247726][T29301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1738.281515][T29301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1738.346816][T29413] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6165'. [ 1738.415004][T29301] team0: Port device team_slave_0 added [ 1738.469850][T29301] team0: Port device team_slave_1 added [ 1738.476724][T29419] openvswitch: netlink: Flow actions attr not present in new flow. [ 1738.485516][T29415] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6166'. [ 1738.487406][ T5813] Bluetooth: hci3: command tx timeout [ 1738.589375][T29301] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1738.604507][T29301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1738.634070][T29301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1738.647005][T29301] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1738.677376][T29301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1738.706450][T29301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1738.932940][T29301] hsr_slave_0: entered promiscuous mode [ 1738.953516][T29301] hsr_slave_1: entered promiscuous mode [ 1738.961803][T29301] debugfs: 'hsr0' already exists in 'hsr' [ 1738.968354][T29301] Cannot create hsr debugfs directory [ 1738.991898][ T29] audit: type=1400 audit(1774455799.086:1322): avc: denied { bind } for pid=29438 comm="syz.3.6176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1739.427776][T29460] netlink: 220 bytes leftover after parsing attributes in process `syz.5.6185'. [ 1740.565386][ T5813] Bluetooth: hci3: command tx timeout [ 1741.208081][T29404] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1741.242821][T29301] netdevsim netdevsim4 netdevsim0: renamed from eth1 [ 1741.295957][T29301] netdevsim netdevsim4 netdevsim1: renamed from eth2 [ 1741.358806][T29301] netdevsim netdevsim4 netdevsim2: renamed from eth3 [ 1741.398565][T29301] netdevsim netdevsim4 netdevsim3: renamed from eth4 [ 1741.612460][ T29] audit: type=1400 audit(1774455801.706:1323): avc: denied { create } for pid=29499 comm="syz.3.6202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 1741.676080][T29496] syzkaller0: entered promiscuous mode [ 1741.743117][T29506] Failed to initialize the IGMP autojoin socket (err -2) [ 1741.783270][T29508] syzkaller0: entered promiscuous mode [ 1741.798808][T29508] syzkaller0: entered allmulticast mode [ 1741.954349][T29517] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6208'. [ 1742.027064][T29517] Failed to initialize the IGMP autojoin socket (err -2) [ 1742.190866][T29301] 8021q: adding VLAN 0 to HW filter on device team0 [ 1742.255184][ T7829] bridge0: port 1(bridge_slave_0) entered blocking state [ 1742.262366][ T7829] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1742.289715][T29527] tipc: Enabled bearer , priority 0 [ 1742.338509][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 1742.345639][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1742.370135][T29527] tipc: Resetting bearer [ 1742.385789][T29526] tipc: Resetting bearer [ 1742.538427][T29535] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6216'. [ 1742.635884][ T5813] Bluetooth: hci3: command tx timeout [ 1742.928430][ T49] tipc: Resetting bearer [ 1743.126695][T29566] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6227'. [ 1743.147127][T29301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1743.609859][T29582] Illegal XDP return value 4294967274 on prog (id 332) dev N/A, expect packet loss! [ 1743.707714][ T29] audit: type=1400 audit(1774455803.806:1324): avc: denied { setopt } for pid=29589 comm="syz.2.6234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 1743.741806][T29590] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6234'. [ 1743.803314][T29590] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=29590 comm=syz.2.6234 [ 1743.823779][T29301] veth0_vlan: entered promiscuous mode [ 1743.857191][T29301] veth1_vlan: entered promiscuous mode [ 1743.914326][T29597] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=29597 comm=syz.0.6238 [ 1744.062865][T29301] veth0_macvtap: entered promiscuous mode [ 1744.151937][T29301] veth1_macvtap: entered promiscuous mode [ 1744.412211][T29301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1744.488380][T29301] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1744.537749][T29629] Failed to initialize the IGMP autojoin socket (err -2) [ 1744.556535][T29301] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1744.568525][T29630] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6252'. [ 1744.614460][T29301] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1744.715275][ T5813] Bluetooth: hci3: command tx timeout [ 1744.900333][T29301] wireguard: wg0: Could not create IPv4 socket [ 1744.918342][T29625] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6249'. [ 1744.920820][T29301] wireguard: wg1: Could not create IPv4 socket [ 1745.020376][T29301] wireguard: wg2: Could not create IPv4 socket [ 1745.517997][T29644] lec:lec_atm_close: lec0: Shut down! [ 1746.080136][T29685] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6271'. [ 1746.170488][T29685] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=29685 comm=syz.0.6271 [ 1746.188062][T19154] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1746.205028][T19154] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1746.249437][T19154] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1746.257663][T19154] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1746.271994][T19154] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1746.299595][T29689] Failed to initialize the IGMP autojoin socket (err -2) [ 1746.314273][T29693] netlink: 56 bytes leftover after parsing attributes in process `syz.2.6274'. [ 1746.371423][T29698] syzkaller0: entered promiscuous mode [ 1746.377121][T29698] syzkaller0: entered allmulticast mode [ 1746.500343][T29702] tipc: Resetting bearer [ 1746.600171][T29701] tipc: Resetting bearer [ 1746.668217][T29709] netlink: 104 bytes leftover after parsing attributes in process `syz.0.6281'. [ 1747.090676][ T77] tipc: Resetting bearer [ 1747.600731][T29689] netdevsim netdevsim4 netdevsim0: renamed from eth1 [ 1747.629194][T29689] netdevsim netdevsim4 netdevsim1: renamed from eth2 [ 1747.667303][T29689] netdevsim netdevsim4 netdevsim2: renamed from eth3 [ 1747.722287][T29689] netdevsim netdevsim4 netdevsim3: renamed from eth4 [ 1748.196066][ T29] audit: type=1400 audit(1774455808.086:1325): avc: denied { map } for pid=29771 comm="syz.5.6307" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 1748.348045][T19154] Bluetooth: hci3: command tx timeout [ 1748.368687][ T29] audit: type=1400 audit(1774455808.086:1326): avc: denied { execute } for pid=29771 comm="syz.5.6307" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 1748.511556][T29790] tipc: Resetting bearer [ 1748.520524][T29790] tipc: Enabling of bearer rejected, already enabled [ 1748.555047][T29789] tipc: Resetting bearer [ 1749.722545][ T86] tipc: Resetting bearer [ 1750.084892][T29824] kernel profiling enabled (shift: 6) [ 1750.263688][T29689] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1750.368606][T29689] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1750.511052][T19154] Bluetooth: hci3: command tx timeout [ 1750.824382][T29689] wireguard: wg0: Could not create IPv4 socket [ 1750.833223][T29689] wireguard: wg1: Could not create IPv4 socket [ 1750.843036][T29689] wireguard: wg2: Could not create IPv4 socket [ 1751.109885][T29839] syzkaller0: entered promiscuous mode [ 1751.116486][T29844] Failed to initialize the IGMP autojoin socket (err -2) [ 1751.135896][T29839] syzkaller0: entered allmulticast mode [ 1751.237533][T29849] tipc: Started in network mode [ 1751.252315][T29849] tipc: Node identity 221b5035d4d9, cluster identity 4711 [ 1751.279940][T29849] tipc: Enabled bearer , priority 0 [ 1751.306369][T29852] syzkaller0: entered promiscuous mode [ 1751.324292][T29852] syzkaller0: entered allmulticast mode [ 1751.411981][T29848] tipc: Resetting bearer [ 1751.475166][T29848] tipc: Disabling bearer [ 1752.084453][T29880] tipc: Started in network mode [ 1752.107050][T29880] tipc: Node identity 4a6a00e8bccb, cluster identity 4711 [ 1752.124358][T29880] tipc: Enabled bearer , priority 0 [ 1752.142151][T29886] syzkaller0: entered promiscuous mode [ 1752.163671][T29886] syzkaller0: entered allmulticast mode [ 1752.193041][T29880] tipc: Resetting bearer [ 1752.230482][T29879] tipc: Resetting bearer [ 1752.266487][T29879] tipc: Disabling bearer [ 1752.272378][ T29] audit: type=1400 audit(1774455812.248:1327): avc: denied { accept } for pid=29874 comm="syz.5.6327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 1752.302583][T29874] lec:lec_atm_close: lec0: Shut down! [ 1752.564435][T29903] syzkaller0: entered promiscuous mode [ 1752.570947][T29903] syzkaller0: entered allmulticast mode [ 1753.355975][ T29] audit: type=1400 audit(1774455813.258:1328): avc: denied { read } for pid=29913 comm="syz.5.6336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 1753.409553][T29921] Failed to initialize the IGMP autojoin socket (err -2) [ 1754.032708][T29928] bridge0: port 2(bridge_slave_1) entered disabled state [ 1754.040442][T29928] bridge0: port 1(bridge_slave_0) entered disabled state [ 1754.189098][T29928] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1754.200896][T29928] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1754.522151][T28965] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1754.557747][T29948] netlink: 220 bytes leftover after parsing attributes in process `syz.2.6345'. [ 1754.580667][T28965] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1754.591148][T28965] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1754.619889][ T49] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1755.377463][ T794] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1755.419720][T29969] loop5: detected capacity change from 0 to 7 [ 1755.426510][T29969] Dev loop5: unable to read RDB block 7 [ 1755.432111][T29969] loop5: AHDI p1 [ 1755.435751][T29969] loop5: partition table partially beyond EOD, truncated [ 1755.547451][ T794] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 248, changing to 7 [ 1755.574734][ T794] usb 6-1: New USB device found, idVendor=041e, idProduct=3048, bcdDevice= 0.40 [ 1755.673479][ T794] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1755.681487][ T794] usb 6-1: Product: syz [ 1755.704664][ T794] usb 6-1: Manufacturer: syz [ 1755.716184][ T794] usb 6-1: SerialNumber: syz [ 1755.719193][T29979] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6351'. [ 1756.820314][ T29] audit: type=1400 audit(1774455816.019:1329): avc: denied { mounton } for pid=29980 comm="syz.3.6352" path="/640/file0" dev="tmpfs" ino=3441 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 1757.622471][ T5813] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1757.632769][ T5813] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1757.642783][ T5813] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1757.651157][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1757.658717][ T5813] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1757.685521][ T794] usb 6-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1757.688991][T29994] Failed to initialize the IGMP autojoin socket (err -2) [ 1757.735869][ T794] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1757.877167][ T794] usb 6-1: USB disconnect, device number 3 [ 1757.999136][T29362] udevd[29362]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1758.216941][T30007] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6357'. [ 1758.277169][T19154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1758.288255][T19154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1758.296306][T19154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1758.318009][T19154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1758.325595][T19154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1758.393786][T30012] syzkaller0: entered promiscuous mode [ 1758.459377][T30009] Failed to initialize the IGMP autojoin socket (err -2) [ 1759.474833][T30038] ======================================================= [ 1759.474833][T30038] WARNING: The mand mount option has been deprecated and [ 1759.474833][T30038] and is ignored by this kernel. Remove the mand [ 1759.474833][T30038] option from the mount to silence this warning. [ 1759.474833][T30038] ======================================================= [ 1759.571675][T30038] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1759.980260][ T5813] Bluetooth: hci3: command tx timeout [ 1759.990723][ T29] audit: type=1400 audit(1774455819.032:1330): avc: denied { mount } for pid=30035 comm="syz.2.6363" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 1760.041411][ T29] audit: type=1400 audit(1774455819.079:1331): avc: denied { mounton } for pid=30035 comm="syz.2.6363" path="/68/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 1760.173162][ T29] audit: type=1400 audit(1774455819.640:1332): avc: denied { unmount } for pid=28610 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 1760.691456][T30055] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6367'. [ 1760.749334][T30055] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6367'. [ 1760.758220][T30055] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6367'. [ 1760.818542][T19154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1760.832583][T19154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1760.843468][T19154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1760.852819][T19154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1760.860613][T19154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1760.940381][T30058] Failed to initialize the IGMP autojoin socket (err -2) [ 1761.275791][T30076] syzkaller0: entered promiscuous mode [ 1761.443636][T30083] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14385 sclass=netlink_route_socket pid=30083 comm=syz.5.6373 [ 1761.584237][T29994] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1761.679741][T29994] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1761.724755][T29994] wireguard: wg0: Could not create IPv4 socket [ 1761.745604][T29994] wireguard: wg1: Could not create IPv4 socket [ 1761.768386][T29994] wireguard: wg2: Could not create IPv4 socket [ 1762.940222][ T5813] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1762.953000][ T5813] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1762.961854][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1762.970158][ T5813] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1762.996217][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1763.046250][T30130] Failed to initialize the IGMP autojoin socket (err -2) [ 1763.216502][T30139] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6381'. [ 1763.831222][ T29] audit: type=1400 audit(1774455823.075:1333): avc: denied { getopt } for pid=30143 comm="syz.0.6382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 1764.935479][T30165] syzkaller0: entered promiscuous mode [ 1765.194939][T19154] Bluetooth: hci0: command tx timeout [ 1766.744250][ T5178] block nbd0: Possible stuck request ffff888028198000: control (read@0,1024B). Runtime 330 seconds [ 1766.757438][ T5178] block nbd0: Possible stuck request ffff888028198200: control (read@1024,1024B). Runtime 330 seconds [ 1766.768491][ T5178] block nbd0: Possible stuck request ffff888028198400: control (read@2048,1024B). Runtime 330 seconds [ 1766.786094][ T5178] block nbd0: Possible stuck request ffff888028198600: control (read@3072,1024B). Runtime 330 seconds [ 1767.419876][T19154] Bluetooth: hci0: command tx timeout [ 1769.541874][T25452] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1769.552961][T25452] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1769.562304][T25452] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1769.580830][T25452] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1769.588642][T25452] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1769.640098][ T5813] Bluetooth: hci0: command tx timeout [ 1769.693503][T23293] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1769.711376][T30298] Failed to initialize the IGMP autojoin socket (err -2) [ 1769.928549][T23293] usb 6-1: Using ep0 maxpacket: 8 [ 1769.941063][T23293] usb 6-1: config 252 has an invalid descriptor of length 0, skipping remainder of the config [ 1769.982007][T23293] usb 6-1: config 252 has 0 interfaces, different from the descriptor's value: 1 [ 1769.991180][T23293] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 1769.998261][T30130] netdevsim netdevsim4 netdevsim0: renamed from eth5 [ 1770.044236][T30130] netdevsim netdevsim4 netdevsim1: renamed from eth6 [ 1770.061000][T23293] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1770.096248][T30130] netdevsim netdevsim4 netdevsim2: renamed from eth7 [ 1770.150855][T30130] netdevsim netdevsim4 netdevsim3: renamed from eth8 [ 1770.360803][T15376] usb 6-1: USB disconnect, device number 4 [ 1771.221792][ T29] audit: type=1400 audit(1774455829.897:1334): avc: denied { setopt } for pid=30321 comm="syz.0.6398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1772.039594][ T5813] Bluetooth: hci0: command 0x0419 tx timeout [ 1772.253290][ T5813] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1772.284418][ T5813] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1772.301672][ T5813] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1772.507010][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1772.520434][ T5813] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1772.658129][T30337] Failed to initialize the IGMP autojoin socket (err -2) [ 1772.749757][T23293] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1772.854348][T30130] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1772.926927][T30130] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1772.946302][T30130] wireguard: wg0: Could not create IPv4 socket [ 1772.963628][T23293] usb 6-1: Using ep0 maxpacket: 32 [ 1772.967730][T30130] wireguard: wg1: Could not create IPv4 socket [ 1772.989175][T30130] wireguard: wg2: Could not create IPv4 socket [ 1772.999188][T23293] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1773.016918][T23293] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1773.026678][T23293] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 1773.026701][T23293] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1773.115956][T23293] usb 6-1: config 0 descriptor?? [ 1773.391943][T19154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1773.405461][T19154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1773.414658][T19154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1773.423357][T19154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1773.430837][T30369] netlink: 168 bytes leftover after parsing attributes in process `syz.0.6400'. [ 1773.442156][T19154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1773.493067][T30366] Failed to initialize the IGMP autojoin socket (err -2) [ 1773.557492][T23293] ft260 0003:0403:6030.0030: item fetching failed at offset 0/2 [ 1773.615876][T23293] ft260 0003:0403:6030.0030: failed to parse HID [ 1773.626443][T23293] ft260 0003:0403:6030.0030: probe with driver ft260 failed with error -22 [ 1773.776783][T23293] usb 6-1: USB disconnect, device number 5 [ 1773.871762][ T5869] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 1774.049912][ T5869] usb 1-1: Using ep0 maxpacket: 8 [ 1774.222992][ T5869] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1774.233425][ T5869] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1774.266214][ T5869] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1774.278149][ T5869] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1774.298912][ T5869] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1774.310937][ T5869] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1774.759861][ T5869] usb 1-1: GET_CAPABILITIES returned 0 [ 1774.765465][ T5869] usbtmc 1-1:16.0: can't read capabilities [ 1775.026218][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.035623][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.044734][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.053924][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.063041][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.076527][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.085656][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.094771][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.105669][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.109960][T30413] Failed to initialize the IGMP autojoin socket (err -2) [ 1775.121634][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.131107][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.140186][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.149229][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.158267][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.167873][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1775.176963][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 1775.207879][ T29] audit: type=1326 audit(1774455833.715:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30374 comm="syz.0.6407" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7facb7b9c799 code=0x0 [ 1775.293311][ T29] audit: type=1400 audit(1774455833.762:1336): avc: denied { accept } for pid=30412 comm="syz.5.6413" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1775.446494][ T5813] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 1775.456404][ T5813] Bluetooth: hci6: Injecting HCI hardware error event [ 1775.466473][ T5813] Bluetooth: hci6: hardware error 0x00 [ 1775.573209][T30366] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1775.617812][T19154] Bluetooth: hci0: command tx timeout [ 1775.625765][T30366] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1775.647013][T30366] wireguard: wg0: Could not create IPv4 socket [ 1775.655411][T30366] wireguard: wg1: Could not create IPv4 socket [ 1775.678462][T30366] wireguard: wg2: Could not create IPv4 socket [ 1775.728110][T30448] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6419'. [ 1776.084196][ T5927] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1776.164736][T30475] tipc: Enabled bearer , priority 0 [ 1776.177837][T30475] tipc: Resetting bearer [ 1776.195520][T30474] tipc: Disabling bearer [ 1776.245645][ T5927] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1776.273106][ T5927] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1776.302815][ T5927] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1776.320132][ T5927] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1776.348968][ T5927] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1776.369102][ T5927] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1776.389034][ T5927] usb 6-1: config 0 descriptor?? [ 1776.827558][ T5944] usb 1-1: USB disconnect, device number 21 [ 1776.874909][ T5927] plantronics 0003:047F:FFFF.0031: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1777.674479][ T5813] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 1777.681053][T30556] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6431'. [ 1777.771605][T19154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1777.782612][T19154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1777.796957][T19154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1777.808384][T19154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1777.819721][T19154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1777.867093][T30560] Failed to initialize the IGMP autojoin socket (err -2) [ 1778.719158][T15376] usb 6-1: reset high-speed USB device number 6 using dummy_hcd [ 1778.750095][T30590] Failed to initialize the IGMP autojoin socket (err -2) [ 1779.775420][T30645] Failed to initialize the IGMP autojoin socket (err -2) [ 1779.791565][T30649] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6445'. [ 1779.973796][ T5813] Bluetooth: hci0: command tx timeout [ 1779.991314][T30663] tipc: Enabled bearer , priority 0 [ 1780.007758][T30663] syzkaller0: entered promiscuous mode [ 1780.024164][T30663] syzkaller0: entered allmulticast mode [ 1780.122211][T30663] tipc: Resetting bearer [ 1780.225385][T30659] tipc: Resetting bearer [ 1780.249364][T30659] tipc: Disabling bearer [ 1780.433758][T23293] usb 6-1: USB disconnect, device number 6 [ 1780.646117][T30560] netdevsim netdevsim4 netdevsim0: renamed from eth5 [ 1780.669832][T30560] netdevsim netdevsim4 netdevsim1: renamed from eth6 [ 1780.684966][T30560] netdevsim netdevsim4 netdevsim2: renamed from eth7 [ 1780.702077][T30560] netdevsim netdevsim4 netdevsim3: renamed from eth8 [ 1780.979995][T19154] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1781.002593][T19154] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1781.013119][T19154] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1781.021056][T19154] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1781.030566][T19154] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1781.140956][T30707] Failed to initialize the IGMP autojoin socket (err -2) [ 1781.163801][ T29] audit: type=1400 audit(1774455839.292:1337): avc: denied { create } for pid=30706 comm="syz.2.6452" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 1782.063144][T30560] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1782.083663][T30560] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1782.106503][T30560] wireguard: wg0: Could not create IPv4 socket [ 1782.119692][T30560] wireguard: wg1: Could not create IPv4 socket [ 1782.128413][T30560] wireguard: wg2: Could not create IPv4 socket [ 1782.196360][ T5813] Bluetooth: hci0: command tx timeout [ 1782.606357][T30781] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6458'. [ 1782.615409][T30781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6458'. [ 1782.738954][T30781] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6458'. [ 1782.759839][T30781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6458'. [ 1782.780358][T19154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1782.791006][T19154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1782.799768][T19154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1782.807725][T19154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1782.815361][T19154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1782.846908][T30790] Failed to initialize the IGMP autojoin socket (err -2) [ 1784.059645][T30836] netlink: 'syz.5.6466': attribute type 39 has an invalid length. [ 1784.553402][T30858] loop5: detected capacity change from 0 to 7 [ 1784.561205][T30858] Dev loop5: unable to read RDB block 7 [ 1784.581036][T30858] loop5: AHDI p1 [ 1784.584717][T30858] loop5: partition table partially beyond EOD, truncated [ 1784.646973][T30862] syzkaller0: entered promiscuous mode [ 1784.652474][T30862] syzkaller0: entered allmulticast mode [ 1785.019072][ T5813] Bluetooth: hci0: command tx timeout [ 1785.290458][T30916] Failed to initialize the IGMP autojoin socket (err -2) [ 1785.453756][T30922] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6480'. [ 1785.485179][T30922] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=30922 comm=syz.5.6480 [ 1785.531107][T30790] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1785.637578][T30790] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1785.665641][T30790] wireguard: wg0: Could not create IPv4 socket [ 1785.674106][T30790] wireguard: wg1: Could not create IPv4 socket [ 1785.693360][T30790] wireguard: wg2: Could not create IPv4 socket [ 1787.686401][T19154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1787.697178][T19154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1787.705996][T19154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1787.713715][T19154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1787.730022][T19154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1787.782086][T30999] Failed to initialize the IGMP autojoin socket (err -2) [ 1787.953208][T31014] batadv_slave_0: Caught tx_queue_len zero misconfig [ 1788.206019][T31033] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6492'. [ 1788.216722][T31033] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=31033 comm=syz.5.6492 [ 1788.413814][T31043] Failed to initialize the IGMP autojoin socket (err -2) [ 1788.431293][T31050] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6495'. [ 1788.608392][ T5869] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1788.618831][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1788.625130][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1789.285214][T31069] netlink: 220 bytes leftover after parsing attributes in process `syz.2.6498'. [ 1789.294605][ T5869] usb 6-1: Using ep0 maxpacket: 32 [ 1789.312100][ T5869] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1789.327456][ T5869] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16 [ 1789.351995][ T5869] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1789.361984][ T5869] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1789.374850][ T5869] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 23 [ 1789.389315][ T5869] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1789.398382][ T5869] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1789.406860][ T5869] usb 6-1: SerialNumber: syz [ 1789.415160][T31045] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1789.424253][ T5869] hub 6-1:1.0: bad descriptor, ignoring hub [ 1789.431714][ T5869] hub 6-1:1.0: probe with driver hub failed with error -5 [ 1789.445619][ T5869] cdc_acm 6-1:1.0: Control and data interfaces are not separated! [ 1789.473363][ T5869] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -12 [ 1789.725658][T31096] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6504'. [ 1789.747117][T31096] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=31096 comm=syz.0.6504 [ 1789.762131][ T47] usb 6-1: USB disconnect, device number 7 [ 1789.978842][ T5813] Bluetooth: hci0: command tx timeout [ 1790.624281][T30999] netdevsim netdevsim4 netdevsim0: renamed from eth5 [ 1790.636162][T30999] netdevsim netdevsim4 netdevsim1: renamed from eth6 [ 1790.654475][T30999] netdevsim netdevsim4 netdevsim2: renamed from eth7 [ 1790.671210][T30999] netdevsim netdevsim4 netdevsim3: renamed from eth8 [ 1791.040088][T31163] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6510'. [ 1791.242461][T31178] loop5: detected capacity change from 0 to 7 [ 1791.248068][T19154] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1791.262585][T31178] Dev loop5: unable to read RDB block 7 [ 1791.263590][T31174] tipc: Enabled bearer , priority 0 [ 1791.275394][T19154] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1791.276719][T31178] loop5: AHDI p1 [ 1791.286439][T31178] loop5: partition table partially beyond EOD, truncated [ 1791.287380][T19154] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1791.303285][T19154] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1791.319676][T19154] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1791.477872][T31171] tipc: Disabling bearer [ 1791.581008][T31175] Failed to initialize the IGMP autojoin socket (err -2) [ 1791.652874][T30999] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1791.667983][T31195] netlink: 'syz.2.6517': attribute type 39 has an invalid length. [ 1792.174479][T30999] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1792.198305][ T5813] Bluetooth: hci0: command tx timeout [ 1792.242088][T30999] wireguard: wg0: Could not create IPv4 socket [ 1792.263520][T30999] wireguard: wg1: Could not create IPv4 socket [ 1792.271987][T30999] wireguard: wg2: Could not create IPv4 socket [ 1792.350398][T31210] netlink: 'syz.0.6518': attribute type 10 has an invalid length. [ 1792.412640][T31210] dummy0: entered promiscuous mode [ 1792.462839][T31210] team0: Port device dummy0 added [ 1792.630518][T31219] netlink: 'syz.0.6518': attribute type 10 has an invalid length. [ 1793.787874][T31219] dummy0: left promiscuous mode [ 1793.800506][T31219] team0: Port device dummy0 removed [ 1793.846950][T31219] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1794.788114][T31291] geneve1: Caught tx_queue_len zero misconfig [ 1794.807049][T31291] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=31291 comm=syz.2.6523 [ 1794.977246][T31298] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6525'. [ 1794.987308][T31298] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6525'. [ 1795.006880][ T29] audit: type=1400 audit(1774455852.244:1338): avc: denied { remount } for pid=31299 comm="syz.5.6526" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 1795.036627][T19154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1795.050897][T19154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1795.068078][T19154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1795.082760][T19154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1795.133227][T19154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1795.355348][T31297] Failed to initialize the IGMP autojoin socket (err -2) [ 1795.462413][T31308] syzkaller0: entered promiscuous mode [ 1795.467986][T31308] syzkaller0: entered allmulticast mode [ 1797.413234][T19154] Bluetooth: hci0: command tx timeout [ 1798.204963][T31297] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1798.234429][T31297] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1798.254738][T31297] wireguard: wg0: Could not create IPv4 socket [ 1798.263870][T31297] wireguard: wg1: Could not create IPv4 socket [ 1798.274387][T31297] wireguard: wg2: Could not create IPv4 socket [ 1798.786024][T31390] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6537'. [ 1798.797316][T31390] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=31390 comm=syz.5.6537 [ 1798.817362][ T29] audit: type=1400 audit(1774455855.809:1339): avc: denied { write } for pid=31389 comm="syz.2.6538" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 1798.869994][ T5178] block nbd0: Possible stuck request ffff888028198000: control (read@0,1024B). Runtime 360 seconds [ 1798.880805][ T5178] block nbd0: Possible stuck request ffff888028198200: control (read@1024,1024B). Runtime 360 seconds [ 1798.892066][ T5178] block nbd0: Possible stuck request ffff888028198400: control (read@2048,1024B). Runtime 360 seconds [ 1798.903957][ T5178] block nbd0: Possible stuck request ffff888028198600: control (read@3072,1024B). Runtime 360 seconds [ 1798.976385][T31395] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6540'. [ 1798.999839][ T5813] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1799.012095][ T5813] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1799.031619][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1799.097063][ T29] audit: type=1400 audit(1774455856.071:1340): avc: denied { ioctl } for pid=31394 comm="syz.0.6539" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x540f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 1799.185367][ T5813] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1799.202906][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1799.452520][T31402] syzkaller0: entered promiscuous mode [ 1799.479794][T31402] syzkaller0: entered allmulticast mode [ 1799.511230][T31397] Failed to initialize the IGMP autojoin socket (err -2) [ 1800.554927][T23293] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 1800.595715][T31437] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1800.843291][T23293] usb 1-1: Using ep0 maxpacket: 8 [ 1800.849806][T23293] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1800.870552][T23293] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1800.919938][T23293] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1800.939535][T23293] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1800.956360][T23293] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1800.965436][T23293] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1801.187803][T31451] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6552'. [ 1801.211845][T23293] usb 1-1: GET_CAPABILITIES returned 0 [ 1801.238328][T23293] usbtmc 1-1:16.0: can't read capabilities [ 1801.254327][T31455] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=31455 comm=syz.2.6554 [ 1801.379423][T31463] syzkaller0: entered promiscuous mode [ 1801.395874][T31463] syzkaller0: entered allmulticast mode [ 1801.409090][T31466] Failed to initialize the IGMP autojoin socket (err -2) [ 1801.431121][T19154] Bluetooth: hci0: command tx timeout [ 1801.438810][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.447936][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.457029][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.466133][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.475227][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.493117][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.502247][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.511346][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.520444][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.548632][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.559255][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.568379][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.577469][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.586558][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.613000][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1801.622125][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 1801.636194][T23293] usb 1-1: USB disconnect, device number 22 [ 1803.248720][T31484] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1803.675363][T19154] Bluetooth: hci0: command tx timeout [ 1804.713942][T31516] tipc: Enabled bearer , priority 0 [ 1804.736241][T31516] tipc: Resetting bearer [ 1804.791277][T31515] tipc: Disabling bearer [ 1805.546594][ T29] audit: type=1400 audit(1774455861.808:1341): avc: denied { read write } for pid=31522 comm="syz.2.6564" name="mouse0" dev="devtmpfs" ino=923 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 1805.546649][ T29] audit: type=1400 audit(1774455861.808:1342): avc: denied { open } for pid=31522 comm="syz.2.6564" path="/dev/input/mouse0" dev="devtmpfs" ino=923 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 1805.876503][ T5813] Bluetooth: hci0: command tx timeout [ 1806.015552][T31539] tipc: Enabled bearer , priority 0 [ 1806.028557][T31539] tipc: Resetting bearer [ 1806.096326][T31536] tipc: Disabling bearer [ 1806.398460][T31553] syzkaller0: entered promiscuous mode [ 1807.247148][ T5813] Bluetooth: hci1: command 0x0406 tx timeout [ 1807.262077][T31588] netlink: 'syz.5.6570': attribute type 39 has an invalid length. [ 1807.409931][ T5813] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1807.428590][ T5813] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1807.438693][ T5813] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1807.446471][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1807.461535][ T5813] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1808.102883][T19154] Bluetooth: hci0: command tx timeout [ 1808.752133][T31596] Failed to initialize the IGMP autojoin socket (err -2) [ 1808.865015][T31397] netdevsim netdevsim4 netdevsim0: renamed from eth5 [ 1808.896670][T31397] netdevsim netdevsim4 netdevsim1: renamed from eth6 [ 1809.007896][T31397] netdevsim netdevsim4 netdevsim2: renamed from eth7 [ 1809.040462][T31397] netdevsim netdevsim4 netdevsim3: renamed from eth8 [ 1810.182557][T31397] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1810.200958][T31397] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1810.220799][T31397] wireguard: wg0: Could not create IPv4 socket [ 1810.229970][T31397] wireguard: wg1: Could not create IPv4 socket [ 1810.238959][T31397] wireguard: wg2: Could not create IPv4 socket [ 1810.858955][T31658] tipc: Enabling of bearer rejected, failed to enable media [ 1811.042262][ T5813] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1811.102701][ T5813] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1811.129015][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1811.138867][ T5813] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1811.148377][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1811.215860][T31664] Failed to initialize the IGMP autojoin socket (err -2) [ 1811.494638][T31680] syzkaller0: entered promiscuous mode [ 1813.315686][T19154] Bluetooth: hci0: command tx timeout [ 1813.414641][T31684] tipc: Enabling of bearer rejected, failed to enable media [ 1813.454098][T31700] Failed to initialize the IGMP autojoin socket (err -2) [ 1813.543313][T31707] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6590'. [ 1813.729981][T31716] loop5: detected capacity change from 0 to 7 [ 1813.751068][T24758] Dev loop5: unable to read RDB block 7 [ 1813.757598][T31717] netlink: 'syz.2.6593': attribute type 39 has an invalid length. [ 1813.766756][T24758] loop5: AHDI p1 [ 1813.770419][T24758] loop5: partition table partially beyond EOD, truncated [ 1813.816292][T31716] Dev loop5: unable to read RDB block 7 [ 1813.821970][T31716] loop5: AHDI p1 [ 1813.844965][T31716] loop5: partition table partially beyond EOD, truncated [ 1814.603809][T31730] tipc: Enabled bearer , priority 0 [ 1814.641370][T31728] tipc: Resetting bearer [ 1814.653140][T31737] syzkaller0: entered promiscuous mode [ 1814.663489][T31737] syzkaller0: entered allmulticast mode [ 1814.672261][T31727] tipc: Disabling bearer [ 1814.885520][ T29] audit: type=1400 audit(1774455870.847:1343): avc: denied { append } for pid=31742 comm="syz.2.6600" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 1814.904150][T31744] input: syz1 as /devices/virtual/input/input239 [ 1815.059235][T31746] syzkaller0: entered promiscuous mode [ 1815.063536][T31755] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6603'. [ 1815.188029][T31763] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=31763 comm=syz.5.6603 [ 1815.537242][T19154] Bluetooth: hci0: command tx timeout [ 1816.481952][ T5813] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1816.533995][ T5813] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1816.545649][ T5813] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1816.559545][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1816.569619][ T5813] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1816.887016][T31759] Failed to initialize the IGMP autojoin socket (err -2) [ 1816.913398][T31769] Failed to initialize the IGMP autojoin socket (err -2) [ 1817.049191][T31774] tipc: Enabled bearer , priority 0 [ 1817.078975][T31774] syzkaller0: entered promiscuous mode [ 1817.084494][T31774] syzkaller0: entered allmulticast mode [ 1817.142532][T31774] tipc: Resetting bearer [ 1817.184014][T31773] tipc: Resetting bearer [ 1817.212166][T31773] tipc: Disabling bearer [ 1817.229744][T31664] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1817.269206][T31664] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1817.298045][T31664] wireguard: wg0: Could not create IPv4 socket [ 1817.331011][T31664] wireguard: wg1: Could not create IPv4 socket [ 1817.352570][T31664] wireguard: wg2: Could not create IPv4 socket [ 1818.546526][T31837] tipc: Enabled bearer , priority 0 [ 1818.569373][T19154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1818.583040][T19154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1818.592199][T19154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1818.603149][T19154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1818.613328][T19154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1818.633217][T31840] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6612'. [ 1818.644660][T31837] tipc: Resetting bearer [ 1818.711640][T31835] tipc: Disabling bearer [ 1818.778319][T31838] Failed to initialize the IGMP autojoin socket (err -2) [ 1820.055544][T31838] netdevsim netdevsim4 netdevsim0: renamed from eth5 [ 1820.071332][T31838] netdevsim netdevsim4 netdevsim1: renamed from eth6 [ 1820.087899][T31838] netdevsim netdevsim4 netdevsim2: renamed from eth7 [ 1820.109688][T31838] netdevsim netdevsim4 netdevsim3: renamed from eth8 [ 1820.552040][T31838] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1820.574262][T31838] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1820.597044][T31838] wireguard: wg0: Could not create IPv4 socket [ 1820.605934][T31838] wireguard: wg1: Could not create IPv4 socket [ 1820.615111][T31838] wireguard: wg2: Could not create IPv4 socket [ 1821.031331][T31938] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1821.551053][ T5813] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1821.567799][ T5813] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1821.583505][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1821.591545][ T5813] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1821.599188][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1821.707389][ T29] audit: type=1400 audit(1774455877.211:1344): avc: denied { write } for pid=31944 comm="syz.5.6624" name="fib_trie" dev="proc" ino=4026532967 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 1822.089633][T31950] Failed to initialize the IGMP autojoin socket (err -2) [ 1822.152555][T31957] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6626'. [ 1822.168276][ T29] audit: type=1400 audit(1774455877.651:1345): avc: denied { set_context_mgr } for pid=31959 comm="syz.2.6627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 1822.433877][T31974] loop5: detected capacity change from 0 to 7 [ 1822.471002][T31974] Dev loop5: unable to read RDB block 7 [ 1822.488972][T31974] loop5: AHDI p1 [ 1822.509727][T31974] loop5: partition table partially beyond EOD, truncated [ 1822.596208][T31985] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6633'. [ 1822.820962][T31993] overlayfs: failed to resolve './file0': -2 [ 1824.066701][T31985] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6633'. [ 1824.264839][T19154] Bluetooth: hci0: command tx timeout [ 1825.015495][T32008] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6638'. [ 1825.377018][T32025] Failed to initialize the IGMP autojoin socket (err -2) [ 1825.570921][T32033] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6644'. [ 1825.914763][T32047] Failed to initialize the IGMP autojoin socket (err -2) [ 1826.047465][T31950] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1826.085291][T32051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6647'. [ 1826.106817][T32051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6647'. [ 1826.117572][T31950] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1826.153750][T31950] wireguard: wg0: Could not create IPv4 socket [ 1826.165763][T31950] wireguard: wg1: Could not create IPv4 socket [ 1826.183409][T31950] wireguard: wg2: Could not create IPv4 socket [ 1826.357520][ T29] audit: type=1400 audit(1774455881.572:1346): avc: denied { open } for pid=32064 comm="syz.2.6650" path="/dev/ptyq8" dev="devtmpfs" ino=127 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 1826.413615][ T29] audit: type=1400 audit(1774455881.600:1347): avc: denied { ioctl } for pid=32064 comm="syz.2.6650" path="/dev/ptyq8" dev="devtmpfs" ino=127 ioctlcmd=0x5431 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 1826.667964][T32080] tipc: Enabling of bearer rejected, failed to enable media [ 1827.582951][T32109] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6655'. [ 1827.597838][ T30] INFO: task syz.1.5727:27818 blocked for more than 143 seconds. [ 1827.643990][ T30] Tainted: G L syzkaller #0 [ 1827.650521][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1827.675941][ T30] task:syz.1.5727 state:D stack:25616 pid:27818 tgid:27815 ppid:18408 task_flags:0x400040 flags:0x00080002 [ 1827.696351][ T30] Call Trace: [ 1827.699922][ T30] [ 1827.702865][ T30] __schedule+0xfee/0x6120 [ 1827.719048][ T30] ? __lock_acquire+0x4a5/0x2630 [ 1827.724038][ T30] ? __pfx___schedule+0x10/0x10 [ 1827.728907][ T30] ? find_held_lock+0x2b/0x80 [ 1827.750751][ T30] ? schedule+0x2bf/0x390 [ 1827.755131][ T30] schedule+0xdd/0x390 [ 1827.759215][ T30] io_schedule+0x8a/0xf0 [ 1827.779404][ T30] folio_wait_bit_common+0x414/0xa70 [ 1827.784978][ T30] ? folio_wait_bit_common+0x2a0/0xa70 [ 1827.790562][ T30] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 1827.796747][ T30] ? __pfx_wake_page_function+0x10/0x10 [ 1827.802320][ T30] ? __pfx___might_resched+0x10/0x10 [ 1827.807903][ T30] ? compaction_free+0x182/0x430 [ 1827.812865][ T30] migrate_pages_batch+0x1b85/0x4530 [ 1827.819162][ T30] ? __pfx_compaction_alloc+0x10/0x10 [ 1827.824581][ T30] ? __pfx_compaction_free+0x10/0x10 [ 1827.830365][ T30] ? lockdep_hardirqs_on+0x78/0x100 [ 1827.835595][ T30] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1827.841861][ T30] ? trace_sched_exit_tp+0x13a/0x180 [ 1827.847669][ T30] ? __schedule+0x1000/0x6120 [ 1827.852369][ T30] ? __schedule+0x1000/0x6120 [ 1827.857081][ T30] migrate_pages_sync+0x4db/0x880 [ 1827.863687][ T30] ? __pfx_compaction_alloc+0x10/0x10 [ 1827.869325][ T30] ? __pfx_compaction_free+0x10/0x10 [ 1827.874629][ T30] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1827.880586][ T30] migrate_pages+0x1aae/0x28a0 [ 1827.885370][ T30] ? __pfx_compaction_alloc+0x10/0x10 [ 1827.893123][ T30] ? __pfx_compaction_free+0x10/0x10 [ 1827.898446][ T30] ? __pfx_migrate_pages+0x10/0x10 [ 1827.903744][ T30] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 1827.910013][ T30] ? __nr_to_section+0xaa/0x100 [ 1827.915160][ T30] ? pfn_to_online_page+0x178/0x4c0 [ 1827.920388][ T30] compact_zone+0x2464/0x44c0 [ 1827.926078][ T30] ? debug_object_free+0x295/0x550 [ 1827.931223][ T30] ? __pfx_debug_object_free+0x10/0x10 [ 1827.937117][ T30] ? __pfx_compact_zone+0x10/0x10 [ 1827.942164][ T30] ? __flush_work+0x928/0xcb0 [ 1827.947240][ T30] ? __flush_work+0x928/0xcb0 [ 1827.951942][ T30] compact_node+0x17f/0x2c0 [ 1827.956824][ T30] ? __pfx_compact_node+0x10/0x10 [ 1827.961952][ T30] ? __lru_add_drain_all+0x43c/0x650 [ 1827.967663][ T30] ? __lru_add_drain_all+0x441/0x650 [ 1827.972977][ T30] sysctl_compaction_handler+0x141/0x210 [ 1827.979075][ T30] proc_sys_call_handler+0x47f/0x5a0 [ 1827.984384][ T30] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1827.990573][ T30] ? splice_from_pipe_next+0x1ec/0x5a0 [ 1827.996076][ T30] iter_file_splice_write+0x830/0x10a0 [ 1828.001871][ T30] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1828.008078][ T30] ? __pfx_copy_splice_read+0x10/0x10 [ 1828.013475][ T30] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1828.022652][ T30] direct_splice_actor+0x192/0x6c0 [ 1828.027802][ T30] splice_direct_to_actor+0x345/0xa30 [ 1828.033316][ T30] ? __pfx_direct_splice_actor+0x10/0x10 [ 1828.039868][ T30] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1828.045973][ T30] do_splice_direct+0x174/0x240 [ 1828.050947][ T30] ? __pfx_do_splice_direct+0x10/0x10 [ 1828.059720][ T30] ? avc_policy_seqno+0x9/0x20 [ 1828.064594][ T30] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1828.070510][ T30] ? rw_verify_area+0xce/0x6d0 [ 1828.075688][ T30] do_sendfile+0xadc/0xe20 [ 1828.080134][ T30] ? __pfx_do_sendfile+0x10/0x10 [ 1828.085459][ T30] __x64_sys_sendfile64+0x154/0x220 [ 1828.090678][ T30] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1828.096859][ T30] do_syscall_64+0x106/0xf80 [ 1828.101470][ T30] ? clear_bhb_loop+0x40/0x90 [ 1828.106561][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1828.112472][ T30] RIP: 0033:0x7fa44e79c799 [ 1828.117317][ T30] RSP: 002b:00007fa44c9f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1828.126191][ T30] RAX: ffffffffffffffda RBX: 00007fa44ea16090 RCX: 00007fa44e79c799 [ 1828.134176][ T30] RDX: 00002000000000c0 RSI: 000000000000000b RDI: 000000000000000c [ 1828.144869][ T30] RBP: 00007fa44e832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1828.153128][ T30] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1828.161393][ T30] R13: 00007fa44ea16128 R14: 00007fa44ea16090 R15: 00007fff050cd1d8 [ 1828.169637][ T30] [ 1828.172749][ T30] [ 1828.172749][ T30] Showing all locks held in the system: [ 1828.180891][ T30] 1 lock held by khungtaskd/30: [ 1828.185743][ T30] #0: ffffffff8e7e78e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1828.222138][ T30] 2 locks held by getty/5567: [ 1828.226849][ T30] #0: ffff888039e790a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1828.236994][ T30] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 1828.247857][ T30] 3 locks held by kworker/0:5/5869: [ 1828.256229][ T30] #0: ffff88813fe67148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 1828.267923][ T30] #1: ffffc90004127d08 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 1828.291431][ T30] #2: ffff88805ca92240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1b8/0x63b0 [ 1828.301809][ T30] 1 lock held by udevd/21143: [ 1828.306594][ T30] #0: ffff888028153358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40 [ 1828.315948][ T30] 1 lock held by syz.1.5727/27818: [ 1828.321340][ T30] #0: ffff88802ac32420 (sb_writers#3){.+.+}-{0:0}, at: splice_direct_to_actor+0x345/0xa30 [ 1828.331589][ T30] 1 lock held by dhcpcd-run-hook/32135: [ 1828.337258][ T30] [ 1828.341003][ T30] ============================================= [ 1828.341003][ T30] [ 1828.349534][ T30] NMI backtrace for cpu 0 [ 1828.349552][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1828.349576][ T30] Tainted: [L]=SOFTLOCKUP [ 1828.349581][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1828.349590][ T30] Call Trace: [ 1828.349596][ T30] [ 1828.349603][ T30] dump_stack_lvl+0x100/0x190 [ 1828.349636][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1828.349656][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1828.349676][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1828.349698][ T30] sys_info+0x141/0x190 [ 1828.349724][ T30] watchdog+0xd25/0x1050 [ 1828.349754][ T30] ? __pfx_watchdog+0x10/0x10 [ 1828.349777][ T30] ? __kthread_parkme+0x18c/0x230 [ 1828.349804][ T30] ? kthread+0x13a/0x450 [ 1828.349819][ T30] ? __pfx_watchdog+0x10/0x10 [ 1828.349839][ T30] kthread+0x370/0x450 [ 1828.349855][ T30] ? __pfx_kthread+0x10/0x10 [ 1828.349872][ T30] ret_from_fork+0x754/0xd80 [ 1828.349892][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1828.349910][ T30] ? __switch_to+0x7b4/0x1120 [ 1828.349930][ T30] ? __pfx_kthread+0x10/0x10 [ 1828.349946][ T30] ret_from_fork_asm+0x1a/0x30 [ 1828.349978][ T30] [ 1828.349984][ T30] Sending NMI from CPU 0 to CPUs 1: [ 1828.479599][ C1] NMI backtrace for cpu 1 [ 1828.479617][ C1] CPU: 1 UID: 0 PID: 32139 Comm: sed Tainted: G L syzkaller #0 PREEMPT(full) [ 1828.479637][ C1] Tainted: [L]=SOFTLOCKUP [ 1828.479643][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1828.479651][ C1] RIP: 0010:__rcu_read_unlock+0xa7/0x5e0 [ 1828.479670][ C1] Code: da 01 00 00 8b 83 c8 04 00 00 85 c0 75 51 48 8d bb c4 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 8b 01 00 00 8b [ 1828.479683][ C1] RSP: 0018:ffffc90003d37380 EFLAGS: 00000a07 [ 1828.479695][ C1] RAX: dffffc0000000000 RBX: ffff8880563e24c0 RCX: ffffc90003d3737c [ 1828.479705][ C1] RDX: 0000000000000000 RSI: ffffffff8de5278d RDI: ffff8880563e2984 [ 1828.479714][ C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000007 [ 1828.479722][ C1] R10: 0000000000000200 R11: 0000000000015d45 R12: ffffc90003d37478 [ 1828.479730][ C1] R13: ffffc90003d37428 R14: ffffc90003d37d98 R15: ffffc90003d3745c [ 1828.479739][ C1] FS: 0000000000000000(0000) GS:ffff88812443f000(0000) knlGS:0000000000000000 [ 1828.479753][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1828.479762][ C1] CR2: 00007f7aaca70368 CR3: 000000000e598000 CR4: 00000000003526f0 [ 1828.479771][ C1] Call Trace: [ 1828.479776][ C1] [ 1828.479783][ C1] unwind_next_frame+0x3c8/0x1ea0 [ 1828.479800][ C1] ? exit_mmap+0x454/0xa30 [ 1828.479816][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1828.479834][ C1] arch_stack_walk+0x94/0xf0 [ 1828.479851][ C1] ? __mmput+0x12a/0x410 [ 1828.479869][ C1] stack_trace_save+0x8e/0xc0 [ 1828.479885][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 1828.479902][ C1] ? __lock_acquire+0x4a5/0x2630 [ 1828.479917][ C1] save_stack+0x162/0x1e0 [ 1828.479935][ C1] ? __pfx_save_stack+0x10/0x10 [ 1828.479953][ C1] ? free_unref_folios+0xaea/0x1790 [ 1828.479970][ C1] ? folios_put_refs+0x53c/0x840 [ 1828.479987][ C1] ? free_pages_and_swap_cache+0x242/0x480 [ 1828.480005][ C1] ? __tlb_batch_free_encoded_pages+0xe9/0x280 [ 1828.480020][ C1] ? tlb_finish_mmu+0x1b0/0x810 [ 1828.480035][ C1] ? exit_mmap+0x454/0xa30 [ 1828.480051][ C1] ? page_ext_put+0x3e/0xd0 [ 1828.480072][ C1] __reset_page_owner+0x84/0x190 [ 1828.480085][ C1] free_unref_folios+0xaea/0x1790 [ 1828.480104][ C1] ? mark_held_locks+0x40/0x70 [ 1828.480116][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1828.480134][ C1] folios_put_refs+0x53c/0x840 [ 1828.480154][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 1828.480176][ C1] free_pages_and_swap_cache+0x242/0x480 [ 1828.480196][ C1] ? __pfx_free_pages_and_swap_cache+0x10/0x10 [ 1828.480227][ C1] ? __pfx___might_resched+0x10/0x10 [ 1828.480245][ C1] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 1828.480263][ C1] tlb_finish_mmu+0x1b0/0x810 [ 1828.480280][ C1] exit_mmap+0x454/0xa30 [ 1828.480295][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 1828.480308][ C1] ? trace_contention_end+0x140/0x180 [ 1828.480324][ C1] ? uprobe_clear_state+0x5f/0x360 [ 1828.480343][ C1] ? uprobe_clear_state+0x5f/0x360 [ 1828.480369][ C1] ? __lock_acquire+0x4a5/0x2630 [ 1828.480386][ C1] ? arch_uprobe_clear_state+0x107/0x150 [ 1828.480402][ C1] __mmput+0x12a/0x410 [ 1828.480418][ C1] mmput+0x67/0x80 [ 1828.480434][ C1] do_exit+0x819/0x2b60 [ 1828.480453][ C1] ? do_raw_spin_lock+0x128/0x260 [ 1828.480468][ C1] ? __pfx_do_exit+0x10/0x10 [ 1828.480485][ C1] ? do_group_exit+0x1bd/0x2a0 [ 1828.480505][ C1] ? rcu_is_watching+0x12/0xc0 [ 1828.480522][ C1] do_group_exit+0xd5/0x2a0 [ 1828.480542][ C1] __x64_sys_exit_group+0x3e/0x50 [ 1828.480561][ C1] x64_sys_call+0x102c/0x1530 [ 1828.480577][ C1] do_syscall_64+0x106/0xf80 [ 1828.480593][ C1] ? clear_bhb_loop+0x40/0x90 [ 1828.480609][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1828.480622][ C1] RIP: 0033:0x7f29e21116c5 [ 1828.480633][ C1] Code: Unable to access opcode bytes at 0x7f29e211169b. [ 1828.480639][ C1] RSP: 002b:00007ffef38551d8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7 [ 1828.480651][ C1] RAX: ffffffffffffffda RBX: 00007f29e2212fe8 RCX: 00007f29e21116c5 [ 1828.480660][ C1] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000 [ 1828.480668][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1828.480676][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1828.480684][ C1] R13: 0000000000000000 R14: 00007f29e2211680 R15: 00007f29e2213000 [ 1828.480698][ C1] [ 1828.917136][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1828.924002][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1828.934692][ T30] Tainted: [L]=SOFTLOCKUP [ 1828.939011][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1828.949046][ T30] Call Trace: [ 1828.952308][ T30] [ 1828.955221][ T30] dump_stack_lvl+0x100/0x190 [ 1828.959890][ T30] vpanic+0x552/0x970 [ 1828.963853][ T30] ? __pfx_vpanic+0x10/0x10 [ 1828.968340][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1828.974480][ T30] panic+0xd1/0xe0 [ 1828.978183][ T30] ? __pfx_panic+0x10/0x10 [ 1828.982595][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1828.988733][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1828.994868][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1829.001015][ T30] ? watchdog.cold+0x198/0x1ca [ 1829.005764][ T30] ? watchdog+0xd35/0x1050 [ 1829.010169][ T30] watchdog.cold+0x1a9/0x1ca [ 1829.014747][ T30] ? __pfx_watchdog+0x10/0x10 [ 1829.019415][ T30] ? __kthread_parkme+0x18c/0x230 [ 1829.024439][ T30] ? kthread+0x13a/0x450 [ 1829.028665][ T30] ? __pfx_watchdog+0x10/0x10 [ 1829.033332][ T30] kthread+0x370/0x450 [ 1829.037387][ T30] ? __pfx_kthread+0x10/0x10 [ 1829.041959][ T30] ret_from_fork+0x754/0xd80 [ 1829.046559][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1829.051661][ T30] ? __switch_to+0x7b4/0x1120 [ 1829.056327][ T30] ? __pfx_kthread+0x10/0x10 [ 1829.060896][ T30] ret_from_fork_asm+0x1a/0x30 [ 1829.065652][ T30] [ 1829.068959][ T30] Kernel Offset: disabled [ 1829.073261][ T30] Rebooting in 86400 seconds..