last executing test programs: 8.005774011s ago: executing program 1 (id=935): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000400)=0x2) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f00000000c0)={0x5, {{0x2, 0xfffe, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x210) syz_open_procfs(0x0, &(0x7f00000001c0)='net/softnet_stat\x00') syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r2, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x200000, 0x1000}, 0x20) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x3, &(0x7f0000000500)=[{0x80, 0x3, 0x0, 0x2}, {0x0, 0x0, 0x0, 0xe12b}, {0x16}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x3, &(0x7f0000000240)=[{0x5, 0x33}, {0x7fff, 0x9, 0x80, 0xd83f}, {0x4, 0x2f, 0x3f, 0x2}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000540)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r4, 0xc0182101, &(0x7f0000000180)={r5}) io_submit(0x0, 0x1, &(0x7f0000002340)=[&(0x7f0000000040)={0x0, 0x300, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r6 = memfd_create(0x0, 0x0) finit_module(r6, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000480)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r4, 0x40182103, &(0x7f0000000080)={r7, 0x3, r4, 0x5}) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x2000000) r8 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x92c0199, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90224fc60100005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0) 6.968422191s ago: executing program 1 (id=939): ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) syz_open_procfs(0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000140), 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e0a010e"], 0xd) syz_emit_vhci(0x0, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @remote}, 0x1c) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000440)={0x4}) syz_open_dev$dri(0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFNETMASK(r3, 0x891c, &(0x7f0000000000)={'batadv_slave_0\x00', {0x2, 0x4e21, @broadcast}}) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_setup(0x0, &(0x7f00000004c0)) 6.031949176s ago: executing program 2 (id=942): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000018c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000001a00)='./binderfs/binder0\x00', 0x0, 0x0) dup3(r3, r1, 0x80000) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = epoll_create1(0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0) r8 = socket$inet_udplite(0x2, 0x2, 0x88) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r8, &(0x7f0000000040)={0x60000014}) read$char_usb(r7, &(0x7f0000000100)=""/169, 0xa9) epoll_pwait(r6, &(0x7f0000000200)=[{}], 0x1, 0x0, 0x0, 0x0) 5.154443468s ago: executing program 1 (id=946): socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)={0x0, 0x6}, &(0x7f0000000040)=0x8) socket(0x0, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) getsockopt$netlink(r0, 0x10e, 0x9, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) socket$rxrpc(0x21, 0x2, 0x0) ioctl$BTRFS_IOC_SYNC(0xffffffffffffffff, 0x9408, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SWAP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x6, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x34}}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 4.620278418s ago: executing program 1 (id=950): socket$inet_udp(0x2, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) syz_emit_vhci(0x0, 0x17) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r0, &(0x7f0000000000)={{0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @null]}, 0x48) bind$netrom(r0, 0x0, 0x0) 4.478927789s ago: executing program 1 (id=952): madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8}, @NFTA_EXTHDR_FLAGS={0x8}, @NFTA_EXTHDR_LEN={0x8}, @NFTA_EXTHDR_TYPE={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xd4}}, 0x0) 4.460128416s ago: executing program 3 (id=953): setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x24, @short}, 0x14, &(0x7f0000000080)={0x0}}, 0x0) 3.421232847s ago: executing program 3 (id=955): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x4, 0x0, 0x2, 0x0, 0x1}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) socket(0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) socket(0x0, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) unlinkat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='bbr\x00', 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r0, &(0x7f0000000040)='u', 0xa792a, 0x801, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/128, 0xfffffce3, 0x0, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000200)='g', 0x1}], 0x1) 3.36365813s ago: executing program 0 (id=956): ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) syz_open_procfs(0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000140), 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e0a010e"], 0xd) syz_emit_vhci(0x0, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @remote}, 0x1c) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000440)={0x4}) syz_open_dev$dri(0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFNETMASK(r3, 0x891c, &(0x7f0000000000)={'batadv_slave_0\x00', {0x2, 0x4e21, @broadcast}}) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_setup(0x0, &(0x7f00000004c0)) 3.036378883s ago: executing program 4 (id=957): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) sched_setscheduler(0x0, 0x6, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x298) r1 = memfd_create(0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) getsockopt$inet_tcp_buf(r2, 0x6, 0x1a, 0x0, 0x0) fallocate(r1, 0x0, 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000140)={0x0, 0x3, 0x3}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) pipe2(&(0x7f00000002c0), 0x4080) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e24, 0x9, @private0}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) 2.293189877s ago: executing program 3 (id=958): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x120, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xeb, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@response={0x2, 0x0, 0x0, "82d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d17", "0194bd7b1b0303c5ba7f602606a285b3", {"30da2d58da817f8a5f77a23de36a2164", "3b33cfa231a427159c7b9f0eceb155f0"}}}}}}}, 0x0) recvfrom(r2, 0x0, 0x94, 0x0, 0x0, 0x0) 2.023163243s ago: executing program 4 (id=959): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) fchownat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0xae, &(0x7f0000000080)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd60f4adf70038040000000000000000000000000000000000ff020000000000000000000000000001"], 0x0) 1.759367625s ago: executing program 4 (id=960): r0 = socket$inet6(0xa, 0x1, 0x0) fgetxattr(r0, &(0x7f0000000200)=@known='trusted.overlay.redirect\x00', 0x0, 0x0) 1.757998077s ago: executing program 2 (id=961): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r3}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd8, 0xd8, 0x4, [@fwd={0x7}, @int={0xe, 0x0, 0x0, 0x1, 0x0, 0x5d, 0x0, 0x1b}, @enum={0xe, 0x3, 0x0, 0x6, 0x4, [{0x7, 0xffffff7f}, {0xc, 0x3}, {0x7, 0xa}]}, @restrict={0x4, 0x0, 0x0, 0xb, 0x1}, @restrict={0x0, 0x0, 0x0, 0xb, 0x2}, @func_proto={0x0, 0x9, 0x0, 0xd, 0x0, [{0x8, 0x3}, {0x7, 0x4}, {0xf, 0x2}, {0x10, 0x2}, {0xa, 0x3}, {0x5, 0x4}, {0xb, 0x2}, {0xc}, {0xf, 0x3}]}, @typedef={0xe, 0x0, 0x0, 0x8, 0x2}, @int={0x2, 0x0, 0x0, 0x1, 0x0, 0x3a, 0x0, 0x43}, @var={0x5, 0x0, 0x0, 0xe, 0x2, 0x1}]}, {0x0, [0x61, 0x0]}}, &(0x7f0000000580)=""/242, 0xf4, 0xf2, 0x3, 0x8}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000380), &(0x7f00000003c0)=0xc) r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r8, &(0x7f0000000800)={'syz1\x00', {}, 0x0, [0xd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68], [0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000], [0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008008000b70100000000000085000000030000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10) r10 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r10, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet(r10, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r10, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) truncate(&(0x7f0000000680)='./file0\x00', 0x43) openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x2000, 0x5) sendmmsg$inet(r10, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000700)="a8", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000480)="ec", 0x1}], 0x1}}], 0x2, 0x0) 1.520263855s ago: executing program 4 (id=962): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000230000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000040)) ioctl$PPPIOCSACTIVE(r2, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) read(r2, 0x0, 0x2) pwrite64(r2, &(0x7f0000000000)='@\n', 0x2, 0x0) 1.480974255s ago: executing program 2 (id=963): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes\x00', 0x26e1, 0x0) close(r0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x1a1282, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x93) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) write$cgroup_pid(r0, &(0x7f0000000400), 0x20000412) 1.228302483s ago: executing program 4 (id=964): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x24, r1, 0x0, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKMODES_OURS={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000080}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7c, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000140)={0x2, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000040)=0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000280)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0x400000}}, 0x0, 0xfff9, 0x0, 0x0, 0x20}, 0x9c) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10) truncate(0x0, 0xffffffffffff0001) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newqdisc={0x70, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x4c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, {0xa, 0x2, [0x8, 0x0, 0x0]}}, {{0x1c, 0x1, {0xc}}, {0x4}}]}]}, 0x70}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) syz_emit_vhci(0x0, 0xd) pipe(0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) futex(0x0, 0x2, 0x0, 0x0, 0x0, 0x0) 1.156625711s ago: executing program 2 (id=965): r0 = openat$tcp_congestion(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$FS_IOC_GETFSLABEL(r0, 0x5451, 0x0) 1.029795856s ago: executing program 0 (id=966): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0x5450, 0x0) 1.002934825s ago: executing program 2 (id=967): r0 = socket(0x2b, 0x1, 0x1) syz_init_net_socket$llc(0x1a, 0x0, 0x0) openat$ttyS3(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0xfffffbff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7fffffff}, 0x1c) 936.647047ms ago: executing program 3 (id=968): r0 = socket$alg(0x26, 0x5, 0x0) r1 = dup(r0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58) accept4$alg(r1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, 0x0, 0xe) 822.036628ms ago: executing program 0 (id=969): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg$unix(r0, &(0x7f0000001900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=[@rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}], 0x10}}], 0x1, 0x0, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_MODIFY(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[], 0x58}}, 0x0) 762.788604ms ago: executing program 3 (id=970): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e) 659.976422ms ago: executing program 0 (id=971): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e) 498.944694ms ago: executing program 3 (id=972): socket$netlink(0x10, 0x3, 0x0) fchdir(0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x9}}, 0x50) syz_fuse_handle_req(r1, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r5, 0x2, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r4, &(0x7f00000000c0)='!', 0xb7f40}]) write$cgroup_int(r4, &(0x7f0000000240), 0x12) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) dup3(r4, r1, 0x0) sched_setscheduler(r3, 0x1, &(0x7f0000000140)=0x8) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={0x0}, 0x10) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000007000018110000", @ANYRES8, @ANYBLOB="0000000000000000b702000003000000850081000000000095ee"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='ext4_mark_inode_dirty\x00'}, 0x10) mkdir(0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000001180)='net/dev_snmp6\x00') getdents(r6, &(0x7f0000000000)=""/47, 0x2f) 435.534769ms ago: executing program 0 (id=973): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r3}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd8, 0xd8, 0x4, [@fwd={0x7}, @int={0xe, 0x0, 0x0, 0x1, 0x0, 0x5d, 0x0, 0x1b}, @enum={0xe, 0x3, 0x0, 0x6, 0x4, [{0x7, 0xffffff7f}, {0xc, 0x3}, {0x7, 0xa}]}, @restrict={0x4, 0x0, 0x0, 0xb, 0x1}, @restrict={0x0, 0x0, 0x0, 0xb, 0x2}, @func_proto={0x0, 0x9, 0x0, 0xd, 0x0, [{0x8, 0x3}, {0x7, 0x4}, {0xf, 0x2}, {0x10, 0x2}, {0xa, 0x3}, {0x5, 0x4}, {0xb, 0x2}, {0xc}, {0xf, 0x3}]}, @typedef={0xe, 0x0, 0x0, 0x8, 0x2}, @int={0x2, 0x0, 0x0, 0x1, 0x0, 0x3a, 0x0, 0x43}, @var={0x5, 0x0, 0x0, 0xe, 0x2, 0x1}]}, {0x0, [0x61, 0x0]}}, &(0x7f0000000580)=""/242, 0xf4, 0xf2, 0x3, 0x8}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000380), &(0x7f00000003c0)=0xc) r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r8, &(0x7f0000000800)={'syz1\x00', {}, 0x0, [0xd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68], [0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000], [0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008008000b70100000000000085000000030000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10) r10 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r10, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet(r10, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r10, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) truncate(&(0x7f0000000680)='./file0\x00', 0x43) openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x2000, 0x5) sendmmsg$inet(r10, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000700)="a8", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000480)="ec", 0x1}], 0x1}}], 0x2, 0x0) 96.435954ms ago: executing program 0 (id=974): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000020000000000000000000010000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000004000000b705000008"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r3}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x4, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 78.52464ms ago: executing program 4 (id=975): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x11}}, @TCA_STAB={0x4}]}, 0x44}}, 0x0) 261.296µs ago: executing program 1 (id=976): ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) syz_open_procfs(0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000140), 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e0a010e"], 0xd) syz_emit_vhci(0x0, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @remote}, 0x1c) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000440)={0x4}) syz_open_dev$dri(0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFNETMASK(r3, 0x891c, &(0x7f0000000000)={'batadv_slave_0\x00', {0x2, 0x4e21, @broadcast}}) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_setup(0x0, &(0x7f00000004c0)) 0s ago: executing program 2 (id=977): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000500000038000180060001000a0000000800050000006c"], 0x4c}}, 0x0) kernel console output (not intermixed with test programs): a:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.938843][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.948718][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.959518][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.971240][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.982352][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.010521][ T6305] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 168.077295][ T52] Bluetooth: hci3: command 0x0406 tx timeout [ 168.086493][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.117740][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.134816][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.145474][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.156324][ T6651] autofs: Unknown parameter './file0' [ 168.162511][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.195626][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.233073][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.263534][ T6660] syz.4.322: attempt to access beyond end of device [ 168.263534][ T6660] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0 [ 168.264894][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.344355][ T6305] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 168.383901][ T6659] netlink: 12 bytes leftover after parsing attributes in process `syz.1.326'. [ 168.437588][ T6659] vlan2: entered promiscuous mode [ 168.444518][ T6659] dummy0: entered promiscuous mode [ 168.461885][ T6659] dummy0: left promiscuous mode [ 168.487189][ T29] audit: type=1326 audit(1720993392.430:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6666 comm="syz.3.327" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2c8b375bd9 code=0x0 [ 168.541952][ T6305] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.555095][ T6305] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.583349][ T6305] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.598985][ T6305] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.615405][ T6660] netlink: 20 bytes leftover after parsing attributes in process `syz.4.322'. [ 168.657987][ T6660] (unnamed net_device) (uninitialized): option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0) [ 168.911026][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.941534][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.033863][ T2825] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.068790][ T2825] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.172488][ T52] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 169.179299][ T52] Bluetooth: Wrong link type (-22) [ 169.185003][ T52] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 169.193889][ T52] Bluetooth: Wrong link type (-22) [ 169.719111][ T6693] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 170.077686][ T6700] netlink: 104 bytes leftover after parsing attributes in process `syz.3.334'. [ 170.380859][ T6704] tmpfs: Unknown parameter 'usrquotaN÷‚ÛL¹| èþU¡ [ 170.380859][ T6704] ' [ 170.485822][ T6714] autofs: Unknown parameter './file0' [ 170.826682][ T6711] could not allocate digest TFM handle sha256-arm64-neon [ 171.103433][ T29] audit: type=1326 audit(1720993395.050:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6725 comm="syz.1.341" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f228e975bd9 code=0x0 [ 171.129132][ T52] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 171.135881][ T52] Bluetooth: Wrong link type (-22) [ 171.142334][ T52] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 171.152070][ T52] Bluetooth: Wrong link type (-22) [ 171.157620][ T52] Bluetooth: hci4: link tx timeout [ 171.165056][ T52] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 171.178482][ T52] Bluetooth: hci4: link tx timeout [ 171.183844][ T52] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 172.389252][ T6757] overlayfs: overlapping lowerdir path [ 172.427731][ T6758] syz.4.346: attempt to access beyond end of device [ 172.427731][ T6758] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0 [ 172.482909][ T52] Bluetooth: hci0: command tx timeout [ 172.487949][ T6759] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 172.534287][ T6759] fuse: Bad value for 'fd' [ 172.995125][ T6762] tmpfs: Unknown parameter 'usrquotaN÷‚ÛL¹| èþU¡ [ 172.995125][ T6762] ' [ 173.197322][ T52] Bluetooth: hci4: command 0x0406 tx timeout [ 173.501823][ T6772] autofs: Unknown parameter './file0' [ 174.606720][ T29] audit: type=1326 audit(1720993398.550:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6791 comm="syz.1.359" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f228e975bd9 code=0x0 [ 175.118780][ T52] Bluetooth: hci0: command tx timeout [ 175.396068][ T52] Bluetooth: hci4: command 0x0406 tx timeout [ 177.304239][ T6830] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 177.644114][ T6835] fuse: Bad value for 'fd' [ 177.829919][ T5084] Bluetooth: hci5: adv larger than maximum supported [ 178.118473][ T29] audit: type=1326 audit(1720993402.070:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6845 comm="syz.0.373" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x0 [ 179.990160][ T6857] syz.3.370: attempt to access beyond end of device [ 179.990160][ T6857] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 180.487168][ T60] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 180.692156][ T60] usb 5-1: Using ep0 maxpacket: 16 [ 180.719742][ T60] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 180.735774][ T60] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 180.759874][ T60] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 180.786561][ T60] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 180.795455][ T60] usb 5-1: Manufacturer: syz [ 180.816459][ T60] usb 5-1: config 0 descriptor?? [ 185.087516][ T5166] usb 5-1: USB disconnect, device number 8 [ 186.015938][ T60] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 186.033045][ T6892] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 186.064962][ T6892] fuse: Bad value for 'fd' [ 186.335413][ T6901] netlink: 12 bytes leftover after parsing attributes in process `syz.4.386'. [ 186.355202][ T6901] vlan2: entered promiscuous mode [ 186.360543][ T6901] dummy0: entered promiscuous mode [ 186.466141][ T6901] dummy0: left promiscuous mode [ 186.874745][ T6906] netlink: 'syz.3.387': attribute type 10 has an invalid length. [ 186.994118][ T6906] batman_adv: batadv0: Adding interface: team0 [ 187.000634][ T6906] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.029285][ T6906] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 187.758926][ T29] audit: type=1326 audit(1720993411.710:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6909 comm="syz.1.389" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f228e975bd9 code=0x0 [ 188.144867][ T6923] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.389'. [ 188.156909][ T6920] netlink: 165 bytes leftover after parsing attributes in process `syz.3.392'. [ 189.883284][ T6955] netlink: 'syz.4.403': attribute type 10 has an invalid length. [ 190.584077][ T6956] netlink: 12 bytes leftover after parsing attributes in process `syz.1.402'. [ 190.671059][ T6956] vlan2: entered promiscuous mode [ 190.676584][ T6956] dummy0: entered promiscuous mode [ 190.691049][ T6956] dummy0: left promiscuous mode [ 190.791099][ T6962] Cannot find add_set index 0 as target [ 190.827681][ T6962] netlink: 165 bytes leftover after parsing attributes in process `syz.0.405'. [ 190.889332][ T6969] mmap: syz.4.406 (6969): VmData 54497280 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 191.441027][ T29] audit: type=1326 audit(1720993644.395:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6979 comm="syz.0.410" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x0 [ 191.605479][ T6983] netlink: 68 bytes leftover after parsing attributes in process `syz.3.411'. [ 191.798596][ T6987] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.410'. [ 192.274252][ T29] audit: type=1326 audit(1720993645.085:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.2.412" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ed4775bd9 code=0x0 [ 193.107309][ T8] kernel write not supported for file /134/timerslack_ns (pid: 8 comm: kworker/0:0) [ 193.537161][ T5228] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 193.749495][ T5228] usb 1-1: Using ep0 maxpacket: 8 [ 193.778904][ T5228] usb 1-1: config 0 has an invalid descriptor of length 216, skipping remainder of the config [ 193.823176][ T5228] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 193.847957][ T5228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 193.881120][ T5228] usb 1-1: SerialNumber: syz [ 193.898245][ T8] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 193.914008][ T5228] usb 1-1: config 0 descriptor?? [ 193.952024][ T60] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 194.040217][ T7018] Cannot find add_set index 0 as target [ 194.055105][ T7018] netlink: 165 bytes leftover after parsing attributes in process `syz.1.420'. [ 194.114315][ T8] usb 3-1: New USB device found, idVendor=093a, idProduct=2626, bcdDevice= d.b4 [ 194.125887][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.152232][ T5228] usb 1-1: Found UVC 0.00 device (05ac:8501) [ 194.167199][ T60] usb 4-1: Using ep0 maxpacket: 16 [ 194.176490][ T5228] usb 1-1: No valid video chain found. [ 194.193562][ T60] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 194.199385][ T8] usb 3-1: config 0 descriptor?? [ 194.209134][ T5228] usb 1-1: USB disconnect, device number 11 [ 194.228678][ T8] gspca_main: gspca_pac7302-2.14.0 probing 093a:2626 [ 194.229993][ T60] usb 4-1: can't read configurations, error -22 [ 194.429005][ T60] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 194.454919][ T7020] netlink: 'syz.4.421': attribute type 9 has an invalid length. [ 194.474535][ T7020] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.421'. [ 194.577473][ T1245] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.588666][ T1245] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.594328][ T7027] netlink: 'syz.4.421': attribute type 9 has an invalid length. [ 194.604723][ T7027] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.421'. [ 194.638353][ T60] usb 4-1: Using ep0 maxpacket: 16 [ 194.650656][ T60] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 194.663239][ T60] usb 4-1: can't read configurations, error -22 [ 194.673226][ T60] usb usb4-port1: attempt power cycle [ 194.866360][ T8] gspca_pac7302: reg_w() failed i: ff v: 01 error -71 [ 194.897811][ T8] gspca_pac7302 3-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 195.107367][ T60] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 195.183721][ T8] usb 3-1: USB disconnect, device number 8 [ 195.661314][ T60] usb 4-1: Using ep0 maxpacket: 16 [ 195.675637][ T60] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 196.645194][ T60] usb 4-1: can't read configurations, error -22 [ 196.889370][ T29] audit: type=1326 audit(1720993649.845:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7046 comm="syz.3.427" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2c8b375bd9 code=0x0 [ 196.937829][ T29] audit: type=1326 audit(1720993649.865:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7044 comm="syz.0.426" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x0 [ 197.228361][ T7054] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.426'. [ 197.627123][ T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 197.897091][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 197.913882][ T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.937247][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 198.023291][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 198.142067][ T7066] netlink: 165 bytes leftover after parsing attributes in process `syz.3.432'. [ 198.195191][ T8] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 198.211651][ T5084] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 198.227103][ T8] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 198.247458][ T8] usb 2-1: Manufacturer: syz [ 198.275686][ T8] usb 2-1: config 0 descriptor?? [ 198.700532][ T7074] FAULT_INJECTION: forcing a failure. [ 198.700532][ T7074] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 198.756246][ T7074] CPU: 1 PID: 7074 Comm: syz.0.435 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 198.766362][ T7074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 198.776467][ T7074] Call Trace: [ 198.779782][ T7074] [ 198.782745][ T7074] dump_stack_lvl+0x241/0x360 [ 198.787489][ T7074] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.792730][ T7074] ? __pfx__printk+0x10/0x10 [ 198.797377][ T7074] ? snprintf+0xda/0x120 [ 198.801655][ T7074] should_fail_ex+0x3b0/0x4e0 [ 198.806384][ T7074] _copy_to_user+0x2f/0xb0 [ 198.810838][ T7074] simple_read_from_buffer+0xca/0x150 [ 198.816254][ T7074] proc_fail_nth_read+0x1e9/0x250 [ 198.821319][ T7074] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 198.826914][ T7074] ? rw_verify_area+0x520/0x6b0 [ 198.831807][ T7074] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 198.837400][ T7074] vfs_read+0x204/0xbc0 [ 198.841637][ T7074] ? __pfx_lock_release+0x10/0x10 [ 198.846721][ T7074] ? __pfx_vfs_read+0x10/0x10 [ 198.851431][ T7074] ? __might_fault+0xc6/0x120 [ 198.856139][ T7074] ? __fget_files+0x29/0x470 [ 198.860764][ T7074] ? __fget_files+0x3f6/0x470 [ 198.865498][ T7074] ksys_read+0x1a0/0x2c0 [ 198.869782][ T7074] ? __pfx_ksys_read+0x10/0x10 [ 198.874578][ T7074] ? do_syscall_64+0x100/0x230 [ 198.879341][ T7074] ? do_syscall_64+0xb6/0x230 [ 198.884021][ T7074] do_syscall_64+0xf3/0x230 [ 198.888534][ T7074] ? clear_bhb_loop+0x35/0x90 [ 198.893301][ T7074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.899389][ T7074] RIP: 0033:0x7f60cc9746bc [ 198.903858][ T7074] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 198.923471][ T7074] RSP: 002b:00007f60cd7c5040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 198.931884][ T7074] RAX: ffffffffffffffda RBX: 00007f60ccb04038 RCX: 00007f60cc9746bc [ 198.939850][ T7074] RDX: 000000000000000f RSI: 00007f60cd7c50b0 RDI: 0000000000000008 [ 198.947816][ T7074] RBP: 00007f60cd7c50a0 R08: 0000000000000000 R09: 0000000000000000 [ 198.955786][ T7074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 198.963847][ T7074] R13: 000000000000006e R14: 00007f60ccb04038 R15: 00007ffe772e5308 [ 198.972349][ T7074] [ 199.131833][ T7084] FAULT_INJECTION: forcing a failure. [ 199.131833][ T7084] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.177775][ T7084] CPU: 0 PID: 7084 Comm: syz.3.437 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 199.187917][ T7084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 199.197998][ T7084] Call Trace: [ 199.201289][ T7084] [ 199.204225][ T7084] dump_stack_lvl+0x241/0x360 [ 199.208942][ T7084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.214158][ T7084] ? __pfx__printk+0x10/0x10 [ 199.218752][ T7084] ? snprintf+0xda/0x120 [ 199.222993][ T7084] should_fail_ex+0x3b0/0x4e0 [ 199.227674][ T7084] _copy_to_user+0x2f/0xb0 [ 199.232177][ T7084] simple_read_from_buffer+0xca/0x150 [ 199.237556][ T7084] proc_fail_nth_read+0x1e9/0x250 [ 199.242583][ T7084] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 199.248247][ T7084] ? rw_verify_area+0x520/0x6b0 [ 199.253120][ T7084] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 199.258663][ T7084] vfs_read+0x204/0xbc0 [ 199.262847][ T7084] ? __pfx_lock_release+0x10/0x10 [ 199.267980][ T7084] ? __pfx_vfs_read+0x10/0x10 [ 199.272671][ T7084] ? _raw_spin_lock_irq+0xdf/0x120 [ 199.277893][ T7084] ? __fget_files+0x29/0x470 [ 199.282508][ T7084] ? __fget_files+0x3f6/0x470 [ 199.287211][ T7084] ksys_read+0x1a0/0x2c0 [ 199.291506][ T7084] ? __pfx_ksys_read+0x10/0x10 [ 199.296275][ T7084] ? do_syscall_64+0x100/0x230 [ 199.301041][ T7084] ? do_syscall_64+0xb6/0x230 [ 199.305729][ T7084] do_syscall_64+0xf3/0x230 [ 199.310229][ T7084] ? clear_bhb_loop+0x35/0x90 [ 199.314903][ T7084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.320794][ T7084] RIP: 0033:0x7f2c8b3746bc [ 199.325201][ T7084] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 199.344893][ T7084] RSP: 002b:00007f2c8c1e4040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 199.353302][ T7084] RAX: ffffffffffffffda RBX: 00007f2c8b503f60 RCX: 00007f2c8b3746bc [ 199.361356][ T7084] RDX: 000000000000000f RSI: 00007f2c8c1e40b0 RDI: 0000000000000003 [ 199.369317][ T7084] RBP: 00007f2c8c1e40a0 R08: 0000000000000000 R09: 0000000000000000 [ 199.377283][ T7084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 199.385246][ T7084] R13: 000000000000000b R14: 00007f2c8b503f60 R15: 00007ffc69955c48 [ 199.393221][ T7084] [ 199.452957][ T7082] block device autoloading is deprecated and will be removed. [ 199.473628][ T7082] syz.2.436: attempt to access beyond end of device [ 199.473628][ T7082] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 199.634683][ T7087] 9pnet_fd: Insufficient options for proto=fd [ 199.653001][ T7087] ipt_rpfilter: unknown options [ 199.697470][ T7099] netlink: 36 bytes leftover after parsing attributes in process `syz.4.438'. [ 199.824707][ T29] audit: type=1326 audit(1720993652.775:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7101 comm="syz.2.441" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ed4775bd9 code=0x0 [ 199.901121][ T5084] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 199.901188][ T5084] CPU: 0 PID: 5084 Comm: kworker/u9:3 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 199.901218][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 199.901231][ T5084] Workqueue: hci1 hci_rx_work [ 199.901266][ T5084] Call Trace: [ 199.901274][ T5084] [ 199.901284][ T5084] dump_stack_lvl+0x241/0x360 [ 199.901320][ T5084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.901347][ T5084] ? __pfx__printk+0x10/0x10 [ 199.901376][ T5084] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 199.901399][ T5084] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 199.901429][ T5084] sysfs_create_dir_ns+0x2ce/0x3a0 [ 199.901454][ T5084] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 199.901488][ T5084] kobject_add_internal+0x435/0x8d0 [ 199.901518][ T5084] kobject_add+0x152/0x220 [ 199.901544][ T5084] ? do_raw_spin_unlock+0x13c/0x8b0 [ 199.901568][ T5084] ? device_add+0x3e7/0xbf0 [ 199.901594][ T5084] ? __pfx_kobject_add+0x10/0x10 [ 199.901620][ T5084] ? _raw_spin_unlock+0x28/0x50 [ 199.901643][ T5084] ? get_device_parent+0x165/0x410 [ 199.901675][ T5084] device_add+0x4e5/0xbf0 [ 199.901709][ T5084] hci_conn_add_sysfs+0xe8/0x200 [ 199.901737][ T5084] le_conn_complete_evt+0xc9f/0x12e0 [ 199.901766][ T5084] ? trace_contention_end+0x3c/0x120 [ 199.901795][ T5084] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 199.901819][ T5084] ? __mutex_unlock_slowpath+0x21d/0x750 [ 199.901844][ T5084] ? __copy_skb_header+0x437/0x5b0 [ 199.901872][ T5084] ? skb_pull_data+0x112/0x230 [ 199.901902][ T5084] hci_le_enh_conn_complete_evt+0x185/0x420 [ 199.901930][ T5084] hci_event_packet+0xa53/0x1540 [ 199.901959][ T5084] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 199.901984][ T5084] ? __pfx_hci_event_packet+0x10/0x10 [ 199.902007][ T5084] ? do_raw_spin_unlock+0x13c/0x8b0 [ 199.902043][ T5084] ? hci_send_to_monitor+0xd8/0x7f0 [ 199.902064][ T5084] ? kcov_remote_start+0x9e/0x7e0 [ 199.902090][ T5084] hci_rx_work+0x3e8/0xca0 [ 199.902126][ T5084] ? process_scheduled_works+0x945/0x1830 [ 199.902144][ T5084] process_scheduled_works+0xa2c/0x1830 [ 199.902197][ T5084] ? __pfx_process_scheduled_works+0x10/0x10 [ 199.902239][ T5084] ? assign_work+0x364/0x3d0 [ 199.902267][ T5084] worker_thread+0x86d/0xd50 [ 199.902308][ T5084] ? __kthread_parkme+0x169/0x1d0 [ 199.902336][ T5084] ? __pfx_worker_thread+0x10/0x10 [ 199.902358][ T5084] kthread+0x2f0/0x390 [ 199.902381][ T5084] ? __pfx_worker_thread+0x10/0x10 [ 199.902400][ T5084] ? __pfx_kthread+0x10/0x10 [ 199.902424][ T5084] ret_from_fork+0x4b/0x80 [ 199.902446][ T5084] ? __pfx_kthread+0x10/0x10 [ 199.902468][ T5084] ret_from_fork_asm+0x1a/0x30 [ 199.902511][ T5084] [ 199.902543][ T5084] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 199.902584][ T5084] Bluetooth: hci1: failed to register connection device [ 200.113542][ T7110] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.441'. [ 200.259063][ T60] usb 2-1: USB disconnect, device number 2 [ 201.364251][ T7123] FAULT_INJECTION: forcing a failure. [ 201.364251][ T7123] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 201.364284][ T7123] CPU: 1 PID: 7123 Comm: syz.1.446 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 201.364304][ T7123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 201.364315][ T7123] Call Trace: [ 201.364323][ T7123] [ 201.364332][ T7123] dump_stack_lvl+0x241/0x360 [ 201.364366][ T7123] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.364391][ T7123] ? __pfx__printk+0x10/0x10 [ 201.364419][ T7123] ? __pfx_lock_release+0x10/0x10 [ 201.364448][ T7123] should_fail_ex+0x3b0/0x4e0 [ 201.364480][ T7123] _copy_from_iter+0x1f6/0x1960 [ 201.364501][ T7123] ? __virt_addr_valid+0x183/0x530 [ 201.364525][ T7123] ? __pfx_lock_release+0x10/0x10 [ 201.364552][ T7123] ? __alloc_skb+0x28f/0x440 [ 201.364574][ T7123] ? __pfx__copy_from_iter+0x10/0x10 [ 201.364596][ T7123] ? __virt_addr_valid+0x183/0x530 [ 201.364619][ T7123] ? __virt_addr_valid+0x183/0x530 [ 201.364641][ T7123] ? __virt_addr_valid+0x45f/0x530 [ 201.364670][ T7123] ? __check_object_size+0x49c/0x900 [ 201.364697][ T7123] netlink_sendmsg+0x743/0xcb0 [ 201.364736][ T7123] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.364763][ T7123] ? __import_iovec+0x536/0x820 [ 201.364787][ T7123] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 201.364804][ T7123] ? security_socket_sendmsg+0x87/0xb0 [ 201.364833][ T7123] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.364856][ T7123] __sock_sendmsg+0x221/0x270 [ 201.364879][ T7123] ____sys_sendmsg+0x525/0x7d0 [ 201.364908][ T7123] ? __pfx_____sys_sendmsg+0x10/0x10 [ 201.364948][ T7123] __sys_sendmsg+0x2b0/0x3a0 [ 201.364974][ T7123] ? __pfx___sys_sendmsg+0x10/0x10 [ 201.364996][ T7123] ? vfs_write+0x7c4/0xc90 [ 201.365061][ T7123] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 201.365080][ T7123] ? do_syscall_64+0x100/0x230 [ 201.365098][ T7123] ? do_syscall_64+0xb6/0x230 [ 201.365118][ T7123] do_syscall_64+0xf3/0x230 [ 201.365143][ T7123] ? clear_bhb_loop+0x35/0x90 [ 201.365163][ T7123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.365187][ T7123] RIP: 0033:0x7f228e975bd9 [ 201.365205][ T7123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.365220][ T7123] RSP: 002b:00007f228f66f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 201.365242][ T7123] RAX: ffffffffffffffda RBX: 00007f228eb03f60 RCX: 00007f228e975bd9 [ 201.365256][ T7123] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 [ 201.365269][ T7123] RBP: 00007f228f66f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 201.365282][ T7123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.365294][ T7123] R13: 000000000000000b R14: 00007f228eb03f60 R15: 00007ffc83d46938 [ 201.365323][ T7123] [ 201.393647][ T7124] Cannot find add_set index 0 as target [ 201.402395][ T7124] netlink: 165 bytes leftover after parsing attributes in process `syz.4.447'. [ 201.937161][ T5084] Bluetooth: hci1: command tx timeout [ 202.074562][ T5084] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 202.074609][ T5084] Bluetooth: Wrong link type (-22) [ 202.074675][ T5084] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 202.074688][ T5084] Bluetooth: Wrong link type (-22) [ 202.074774][ T5084] Bluetooth: hci5: link tx timeout [ 202.074834][ T5084] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 203.354306][ T7141] netlink: 'syz.3.449': attribute type 10 has an invalid length. [ 204.162047][ T5084] Bluetooth: hci5: command 0x0406 tx timeout [ 205.221338][ T52] Bluetooth: hci4: adv larger than maximum supported [ 205.267241][ T5166] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 205.538184][ T7154] Cannot find del_set index 3 as target [ 205.667325][ T5166] usb 3-1: device descriptor read/64, error -71 [ 205.755163][ T7159] netlink: 'syz.3.453': attribute type 1 has an invalid length. [ 205.979687][ T5166] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 206.088931][ T29] audit: type=1326 audit(1720993659.045:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7161 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x7ffc0000 [ 206.161788][ T5166] usb 3-1: device descriptor read/64, error -71 [ 206.189857][ T29] audit: type=1326 audit(1720993659.045:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7161 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x7ffc0000 [ 206.245560][ T29] audit: type=1326 audit(1720993659.075:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7161 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f60cc975bd9 code=0x7ffc0000 [ 206.309422][ T29] audit: type=1326 audit(1720993659.075:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7161 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x7ffc0000 [ 206.351320][ T5166] usb usb3-port1: attempt power cycle [ 206.468672][ T29] audit: type=1326 audit(1720993659.075:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7161 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x7ffc0000 [ 206.559459][ T29] audit: type=1326 audit(1720993659.075:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7161 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60cc975bd9 code=0x7ffc0000 [ 206.605838][ T29] audit: type=1326 audit(1720993659.085:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7161 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x7ffc0000 [ 206.650518][ T29] audit: type=1326 audit(1720993659.085:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7161 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x7ffc0000 [ 206.678992][ T29] audit: type=1326 audit(1720993659.085:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7161 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60cc975bd9 code=0x7ffc0000 [ 206.711535][ T29] audit: type=1326 audit(1720993659.085:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7161 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x7ffc0000 [ 207.099339][ T60] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 207.109095][ T5166] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 207.167495][ T5166] usb 3-1: device descriptor read/8, error -71 [ 207.265128][ T7177] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 207.356424][ T60] usb 4-1: Using ep0 maxpacket: 16 [ 207.404631][ T60] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.480768][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 207.492582][ T60] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 207.526669][ T60] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 207.536055][ T60] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 207.736912][ T60] usb 4-1: Manufacturer: syz [ 207.810943][ T60] usb 4-1: config 0 descriptor?? [ 208.666532][ T52] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 208.818564][ T7188] netlink: 8 bytes leftover after parsing attributes in process `syz.1.462'. [ 208.881264][ T7193] binder: 7185:7193 ioctl c0405665 20000200 returned -22 [ 208.909520][ T7193] binder: 7185:7193 ioctl c0306201 20000140 returned -14 [ 209.325165][ T7206] Cannot find add_set index 0 as target [ 209.571431][ T7209] netlink: 'syz.1.467': attribute type 1 has an invalid length. [ 210.537138][ T5228] usb 4-1: USB disconnect, device number 12 [ 212.068840][ T52] Bluetooth: hci5: adv larger than maximum supported [ 212.095820][ T29] kauditd_printk_skb: 39 callbacks suppressed [ 212.095838][ T29] audit: type=1326 audit(1720993665.045:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7230 comm="syz.2.475" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ed4775bd9 code=0x0 [ 213.784469][ T7252] tun0: tun_chr_ioctl cmd 1076910137 [ 214.065129][ T7259] FAULT_INJECTION: forcing a failure. [ 214.065129][ T7259] name failslab, interval 1, probability 0, space 0, times 0 [ 214.134259][ T7259] CPU: 0 PID: 7259 Comm: syz.2.482 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 214.144270][ T7259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 214.154344][ T7259] Call Trace: [ 214.157619][ T7259] [ 214.160537][ T7259] dump_stack_lvl+0x241/0x360 [ 214.165207][ T7259] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.170394][ T7259] ? __pfx__printk+0x10/0x10 [ 214.175000][ T7259] should_fail_ex+0x3b0/0x4e0 [ 214.179674][ T7259] should_failslab+0x9/0x20 [ 214.184169][ T7259] kmalloc_node_track_caller_noprof+0xda/0x440 [ 214.190399][ T7259] ? dh_data_from_key+0x169/0x280 [ 214.195438][ T7259] kmemdup_noprof+0x2a/0x60 [ 214.199947][ T7259] dh_data_from_key+0x169/0x280 [ 214.204791][ T7259] __keyctl_dh_compute+0x3be/0xf50 [ 214.209903][ T7259] ? __pfx___keyctl_dh_compute+0x10/0x10 [ 214.215530][ T7259] ? __pfx___might_resched+0x10/0x10 [ 214.220830][ T7259] ? __might_fault+0xc6/0x120 [ 214.225498][ T7259] keyctl_dh_compute+0x107/0x160 [ 214.230426][ T7259] ? __pfx_keyctl_dh_compute+0x10/0x10 [ 214.235964][ T7259] ? vfs_write+0x7c4/0xc90 [ 214.240404][ T7259] __se_sys_keyctl+0x3f3/0xa50 [ 214.245175][ T7259] ? __pfx___se_sys_keyctl+0x10/0x10 [ 214.250470][ T7259] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 214.256468][ T7259] ? __fget_files+0x3f6/0x470 [ 214.261139][ T7259] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 214.267115][ T7259] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 214.273434][ T7259] ? do_syscall_64+0x100/0x230 [ 214.278184][ T7259] ? __x64_sys_keyctl+0x20/0xc0 [ 214.283022][ T7259] do_syscall_64+0xf3/0x230 [ 214.287510][ T7259] ? clear_bhb_loop+0x35/0x90 [ 214.292184][ T7259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.298152][ T7259] RIP: 0033:0x7f1ed4775bd9 [ 214.302552][ T7259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 214.322184][ T7259] RSP: 002b:00007f1ed41ff048 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 214.330615][ T7259] RAX: ffffffffffffffda RBX: 00007f1ed4903f60 RCX: 00007f1ed4775bd9 [ 214.338582][ T7259] RDX: 00000000200001c0 RSI: 0000000020000100 RDI: 0000000000000017 [ 214.346541][ T7259] RBP: 00007f1ed41ff0a0 R08: 0000000020000340 R09: 0000000000000000 [ 214.354943][ T7259] R10: 0000000000000033 R11: 0000000000000246 R12: 0000000000000001 [ 214.362914][ T7259] R13: 000000000000000b R14: 00007f1ed4903f60 R15: 00007ffe1801e0b8 [ 214.370884][ T7259] [ 214.977096][ T5133] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 215.019255][ T25] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 215.197192][ T52] Bluetooth: hci1: command tx timeout [ 215.218497][ T5133] usb 4-1: Using ep0 maxpacket: 16 [ 215.247111][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 215.255111][ T25] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 215.265518][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 215.278938][ T5133] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 215.303702][ T5133] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 215.330730][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 215.444492][ T5133] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.468109][ T5133] usb 4-1: config 0 descriptor?? [ 215.489444][ T25] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 215.503261][ T25] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 215.858610][ T7261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.190179][ T7261] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.283568][ T25] usb 3-1: Manufacturer: syz [ 216.301708][ T25] usb 3-1: config 0 descriptor?? [ 216.380187][ T7272] netlink: 32 bytes leftover after parsing attributes in process `syz.0.485'. [ 216.666624][ T7277] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.723358][ T7277] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.791754][ T5133] hid-generic 0003:0158:0100.0003: unknown main item tag 0x1 [ 216.811056][ T5133] hid-generic 0003:0158:0100.0003: unexpected long global item [ 216.819624][ T5133] hid-generic 0003:0158:0100.0003: probe with driver hid-generic failed with error -22 [ 216.868280][ T29] audit: type=1326 audit(1720993669.795:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7280 comm="syz.4.488" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c7d775bd9 code=0x0 [ 217.058196][ T5166] usb 4-1: USB disconnect, device number 13 [ 217.223593][ T7290] FAULT_INJECTION: forcing a failure. [ 217.223593][ T7290] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 217.260789][ T7290] CPU: 0 PID: 7290 Comm: syz.4.490 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 217.270812][ T7290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 217.280899][ T7290] Call Trace: [ 217.284202][ T7290] [ 217.287155][ T7290] dump_stack_lvl+0x241/0x360 [ 217.291881][ T7290] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.297119][ T7290] ? __pfx__printk+0x10/0x10 [ 217.301746][ T7290] ? iovec_from_user+0x61/0x240 [ 217.306648][ T7290] ? __pfx_lock_release+0x10/0x10 [ 217.311712][ T7290] should_fail_ex+0x3b0/0x4e0 [ 217.316434][ T7290] _copy_from_user+0x2f/0xe0 [ 217.321056][ T7290] ____sys_sendmsg+0x2e4/0x7d0 [ 217.325866][ T7290] ? __pfx_____sys_sendmsg+0x10/0x10 [ 217.331204][ T7290] __sys_sendmsg+0x2b0/0x3a0 [ 217.335826][ T7290] ? __pfx___sys_sendmsg+0x10/0x10 [ 217.340971][ T7290] ? vfs_write+0x7c4/0xc90 [ 217.345443][ T7290] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 217.351794][ T7290] ? do_syscall_64+0x100/0x230 [ 217.356589][ T7290] ? do_syscall_64+0xb6/0x230 [ 217.361291][ T7290] do_syscall_64+0xf3/0x230 [ 217.365816][ T7290] ? clear_bhb_loop+0x35/0x90 [ 217.370531][ T7290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.376454][ T7290] RIP: 0033:0x7f5c7d775bd9 [ 217.380979][ T7290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.400612][ T7290] RSP: 002b:00007f5c7e537048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 217.409061][ T7290] RAX: ffffffffffffffda RBX: 00007f5c7d903f60 RCX: 00007f5c7d775bd9 [ 217.417061][ T7290] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 217.425056][ T7290] RBP: 00007f5c7e5370a0 R08: 0000000000000000 R09: 0000000000000000 [ 217.433054][ T7290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 217.441048][ T7290] R13: 000000000000000b R14: 00007f5c7d903f60 R15: 00007ffdbe40cea8 [ 217.449064][ T7290] [ 217.489524][ T7293] netlink: 20 bytes leftover after parsing attributes in process `syz.0.491'. [ 217.585643][ T7295] netlink: 'syz.0.491': attribute type 1 has an invalid length. [ 217.664932][ T7298] ======================================================= [ 217.664932][ T7298] WARNING: The mand mount option has been deprecated and [ 217.664932][ T7298] and is ignored by this kernel. Remove the mand [ 217.664932][ T7298] option from the mount to silence this warning. [ 217.664932][ T7298] ======================================================= [ 217.731442][ T7298] syz.1.492: attempt to access beyond end of device [ 217.731442][ T7298] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 217.793601][ T7298] syz.1.492: attempt to access beyond end of device [ 217.793601][ T7298] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 221.327612][ T25] usb 3-1: USB disconnect, device number 13 [ 221.377270][ T7298] Mount JFS Failure: -5 [ 221.744641][ T52] Bluetooth: hci0: adv larger than maximum supported [ 222.013317][ T7316] netlink: 12 bytes leftover after parsing attributes in process `syz.3.494'. [ 222.204583][ T7316] vlan3: entered promiscuous mode [ 222.234402][ T7316] dummy0: entered promiscuous mode [ 222.262875][ T7316] dummy0: left promiscuous mode [ 224.414198][ T7336] program syz.3.503 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 225.406835][ T7357] netlink: 104 bytes leftover after parsing attributes in process `syz.4.507'. [ 225.487148][ T25] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 225.679373][ T7364] overlayfs: overlapping lowerdir path [ 225.867188][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 225.978231][ T25] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 226.392393][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 226.676954][ T7374] netlink: 12 bytes leftover after parsing attributes in process `syz.2.512'. [ 226.695298][ T7373] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 226.705592][ T25] usb 2-1: New USB device found, idVendor=1b80, idProduct=d700, bcdDevice=d0.46 [ 226.738374][ T7374] vlan2: entered promiscuous mode [ 226.747620][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.765492][ T7374] dummy0: entered promiscuous mode [ 226.768337][ T7375] fuse: Bad value for 'fd' [ 226.810552][ T7374] dummy0: left promiscuous mode [ 226.835825][ T25] usb 2-1: Product: syz [ 226.887150][ T25] usb 2-1: Manufacturer: syz [ 226.891804][ T25] usb 2-1: SerialNumber: syz [ 226.935331][ T25] usb 2-1: config 0 descriptor?? [ 226.967464][ T7355] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 227.224278][ T25] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -71 [ 227.276196][ T25] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5 [ 227.327456][ T7382] program syz.0.514 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 227.375484][ T25] usb 2-1: USB disconnect, device number 3 [ 230.968491][ T7412] overlayfs: overlapping lowerdir path [ 231.788621][ T7416] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 231.847140][ T7416] fuse: Bad value for 'fd' [ 231.965323][ T7422] Cannot find add_set index 0 as target [ 232.015899][ T7422] netlink: 165 bytes leftover after parsing attributes in process `syz.2.525'. [ 232.137297][ T5116] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 232.377368][ T5116] usb 4-1: Using ep0 maxpacket: 16 [ 232.420529][ T5116] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 232.440720][ T5116] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 232.476337][ T5116] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 232.513032][ T5116] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 232.530341][ T5116] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 232.545011][ T5116] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 232.557102][ T5116] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 232.587585][ T5116] usb 4-1: Manufacturer: syz [ 232.599699][ T5116] usb 4-1: config 0 descriptor?? [ 232.897344][ T5116] rc_core: IR keymap rc-hauppauge not found [ 232.917266][ T8] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 232.937271][ T5116] Registered IR keymap rc-empty [ 232.955555][ T5116] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 233.017225][ T5116] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 233.063729][ T5116] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 233.104402][ T5116] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input6 [ 233.148822][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 233.180620][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 233.216727][ T5116] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 233.245684][ T8] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 233.270654][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.331486][ T5116] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 233.341967][ T8] usb 1-1: config 0 descriptor?? [ 233.369007][ T5116] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 233.585424][ T5116] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 233.628293][ T5116] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 233.667203][ T5116] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 233.768300][ T5116] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 233.829724][ T5116] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 233.843557][ T8] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 233.861696][ T5116] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 233.870806][ T8] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 233.894043][ T8] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0004/input/input7 [ 233.914211][ T5116] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 233.963943][ T8] cm6533_jd 0003:0D8C:0022.0004: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 233.988607][ T5116] mceusb 4-1:0.0: Registered with mce emulator interface version 1 [ 234.015272][ T5116] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 234.075468][ T5116] usb 4-1: USB disconnect, device number 14 [ 234.502681][ T60] usb 1-1: USB disconnect, device number 12 [ 234.628515][ T7463] overlayfs: overlapping lowerdir path [ 234.758688][ T7464] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 234.822934][ T7464] fuse: Bad value for 'fd' [ 236.089323][ T8] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 236.307072][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 236.323048][ T8] usb 4-1: config 0 has an invalid interface number: 6 but max is 0 [ 236.331994][ T8] usb 4-1: config 0 has no interface number 0 [ 236.342837][ T8] usb 4-1: config 0 interface 6 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 236.377339][ T8] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice=41.a9 [ 236.405576][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.424282][ T8] usb 4-1: Product: syz [ 236.432900][ T8] usb 4-1: Manufacturer: syz [ 236.438445][ T8] usb 4-1: SerialNumber: syz [ 236.680013][ T8] usb 4-1: config 0 descriptor?? [ 237.823706][ T52] Bluetooth: hci4: adv larger than maximum supported [ 237.971944][ T5116] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 238.204821][ T5116] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 238.272584][ T5116] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 238.293018][ T5116] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 238.315914][ T5116] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.342273][ T5116] usb 3-1: config 0 descriptor?? [ 238.588956][ T25] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 238.667337][ T5228] usb 4-1: USB disconnect, device number 15 [ 238.782301][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 238.805282][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 238.835917][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 238.851831][ T25] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 238.869523][ T5116] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0 [ 238.888731][ T5116] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0 [ 238.903780][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.944528][ T5116] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0005/input/input8 [ 238.948802][ T25] usb 2-1: config 0 descriptor?? [ 239.128074][ T5116] cm6533_jd 0003:0D8C:0022.0005: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 239.191133][ T52] Bluetooth: hci5: unexpected event for opcode 0x0000 [ 239.474540][ T7511] sp0: Synchronizing with TNC [ 239.779970][ T7524] FAULT_INJECTION: forcing a failure. [ 239.779970][ T7524] name failslab, interval 1, probability 0, space 0, times 0 [ 239.793325][ T7524] CPU: 0 PID: 7524 Comm: syz.0.557 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 239.803345][ T7524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 239.813423][ T7524] Call Trace: [ 239.816716][ T7524] [ 239.819654][ T7524] dump_stack_lvl+0x241/0x360 [ 239.824357][ T7524] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.829747][ T7524] ? __pfx__printk+0x10/0x10 [ 239.834365][ T7524] should_fail_ex+0x3b0/0x4e0 [ 239.839069][ T7524] ? snd_pcm_oss_change_params_locked+0x1b6/0x3d60 [ 239.845596][ T7524] should_failslab+0x9/0x20 [ 239.850120][ T7524] kmalloc_trace_noprof+0x6c/0x2c0 [ 239.855263][ T7524] snd_pcm_oss_change_params_locked+0x1b6/0x3d60 [ 239.861615][ T7524] ? __pfx___might_resched+0x10/0x10 [ 239.866917][ T7524] ? __pfx___mutex_trylock_common+0x10/0x10 [ 239.872832][ T7524] ? rcu_is_watching+0x15/0xb0 [ 239.877609][ T7524] ? trace_contention_end+0x3c/0x120 [ 239.882914][ T7524] ? __mutex_lock+0x2ef/0xd70 [ 239.887618][ T7524] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 239.894399][ T7524] ? __pfx___mutex_lock+0x10/0x10 [ 239.899443][ T7524] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 239.904926][ T7524] snd_pcm_oss_write+0x2d5/0x11f0 [ 239.909972][ T7524] ? __lock_acquire+0x1346/0x1fd0 [ 239.915024][ T7524] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 239.920505][ T7524] ? bpf_lsm_file_permission+0x9/0x10 [ 239.925888][ T7524] ? security_file_permission+0x7f/0xa0 [ 239.931452][ T7524] ? rw_verify_area+0x1d2/0x6b0 [ 239.936320][ T7524] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 239.941804][ T7524] vfs_write+0x2a2/0xc90 [ 239.946164][ T7524] ? __pfx_vfs_write+0x10/0x10 [ 239.951038][ T7524] ? __fget_files+0x29/0x470 [ 239.955646][ T7524] ? __fget_files+0x3f6/0x470 [ 239.960334][ T7524] ? __fget_files+0x29/0x470 [ 239.965082][ T7524] ksys_write+0x1a0/0x2c0 [ 239.969438][ T7524] ? __pfx_ksys_write+0x10/0x10 [ 239.974479][ T7524] ? do_syscall_64+0x100/0x230 [ 239.979263][ T7524] ? do_syscall_64+0xb6/0x230 [ 239.983951][ T7524] do_syscall_64+0xf3/0x230 [ 239.988466][ T7524] ? clear_bhb_loop+0x35/0x90 [ 239.993154][ T7524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.999062][ T7524] RIP: 0033:0x7f60cc975bd9 [ 240.003486][ T7524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.023108][ T7524] RSP: 002b:00007f60cd7a4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 240.031626][ T7524] RAX: ffffffffffffffda RBX: 00007f60ccb04110 RCX: 00007f60cc975bd9 [ 240.039610][ T7524] RDX: 000000000000fdbc RSI: 0000000020000500 RDI: 0000000000000007 [ 240.047593][ T7524] RBP: 00007f60cd7a40a0 R08: 0000000000000000 R09: 0000000000000000 [ 240.055582][ T7524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 240.063569][ T7524] R13: 000000000000006e R14: 00007f60ccb04110 R15: 00007ffe772e5308 [ 240.071580][ T7524] [ 240.224243][ T52] Bluetooth: hci5: Malformed LE Event: 0x0b [ 240.427702][ T5116] usb 3-1: reset high-speed USB device number 14 using dummy_hcd [ 240.551188][ T7521] Falling back ldisc for ptm1. [ 240.639500][ T7511] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 240.688858][ T7511] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 240.767958][ T25] hid-generic 0003:0158:0100.0006: unknown main item tag 0x1 [ 240.799153][ T25] hid-generic 0003:0158:0100.0006: unexpected long global item [ 240.852417][ T25] hid-generic 0003:0158:0100.0006: probe with driver hid-generic failed with error -22 [ 240.985577][ T9] usb 2-1: USB disconnect, device number 4 [ 241.953021][ T5228] usb 3-1: USB disconnect, device number 14 [ 242.081561][ T2926] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.739585][ T2926] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.754359][ T29] audit: type=1326 audit(1720993695.705:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7562 comm="syz.2.567" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ed4775bd9 code=0x0 [ 242.966854][ T2926] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.104774][ T2926] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.183037][ T5084] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 243.205055][ T5084] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 243.214422][ T5084] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 243.226010][ T5084] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 243.242097][ T5084] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 243.253061][ T5084] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 243.958157][ T2926] bridge_slave_1: left allmulticast mode [ 243.980047][ T2926] bridge_slave_1: left promiscuous mode [ 244.020181][ T2926] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.070165][ T2926] bridge_slave_0: left allmulticast mode [ 244.088749][ T25] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 244.121174][ T2926] bridge_slave_0: left promiscuous mode [ 244.142484][ T2926] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.308906][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 244.333581][ T25] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 244.383038][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 244.432094][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 244.484637][ T25] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 244.537147][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 244.613274][ T25] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 244.653001][ T25] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 244.706367][ T25] usb 3-1: Manufacturer: syz [ 244.777402][ T5132] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 244.801435][ T25] usb 3-1: config 0 descriptor?? [ 244.982114][ T5132] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 245.024294][ T5132] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 245.042929][ T5132] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 245.064701][ T5132] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.097623][ T5132] usb 5-1: config 0 descriptor?? [ 245.148830][ T25] rc_core: IR keymap rc-hauppauge not found [ 245.187143][ T25] Registered IR keymap rc-empty [ 245.206119][ T25] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 245.270920][ T25] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 245.363788][ T52] Bluetooth: hci2: command tx timeout [ 245.468709][ T25] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 245.526917][ T5132] cm6533_jd 0003:0D8C:0022.0007: unknown main item tag 0x0 [ 245.535524][ T25] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input9 [ 245.549466][ T5132] cm6533_jd 0003:0D8C:0022.0007: unknown main item tag 0x0 [ 245.565145][ T25] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 245.577523][ T5132] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0007/input/input10 [ 245.688383][ T25] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 246.007162][ T5132] cm6533_jd 0003:0D8C:0022.0007: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 246.228258][ T25] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 246.297314][ T25] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 246.357344][ T25] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 246.397226][ T25] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 246.438239][ T25] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 246.485535][ T7627] Cannot find add_set index 0 as target [ 246.499422][ T25] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 246.543522][ T7627] netlink: 165 bytes leftover after parsing attributes in process `syz.0.581'. [ 246.567400][ T25] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 246.627155][ T25] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 246.635054][ T2926] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 246.680513][ T25] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 246.702684][ T2926] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 246.727785][ T25] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 246.798095][ T25] usb 3-1: USB disconnect, device number 15 [ 246.827682][ T2926] bond0 (unregistering): Released all slaves [ 246.921144][ T29] audit: type=1326 audit(1720993699.875:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7633 comm="syz.2.583" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ed4775bd9 code=0x0 [ 246.967127][ T5132] usb 5-1: reset high-speed USB device number 9 using dummy_hcd [ 247.062289][ T7576] chnl_net:caif_netlink_parms(): no params data found [ 247.300970][ T7640] syz.3.580: attempt to access beyond end of device [ 247.300970][ T7640] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 247.447550][ T52] Bluetooth: hci2: command tx timeout [ 247.838950][ T52] Bluetooth: hci1: command 0x0406 tx timeout [ 248.064238][ T7658] netlink: 104 bytes leftover after parsing attributes in process `syz.2.584'. [ 248.273245][ T2926] hsr_slave_0: left promiscuous mode [ 248.299890][ T2926] hsr_slave_1: left promiscuous mode [ 248.325901][ T2926] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 248.372371][ T2926] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 248.388367][ T2926] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 248.409139][ T2926] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 248.479695][ T2926] veth1_macvtap: left promiscuous mode [ 248.512973][ T2926] veth0_macvtap: left promiscuous mode [ 248.537288][ T2926] veth1_vlan: left promiscuous mode [ 248.553090][ T2926] veth0_vlan: left promiscuous mode [ 248.850882][ T5166] usb 5-1: USB disconnect, device number 9 [ 249.114700][ T5084] Bluetooth: hci4: unexpected event for opcode 0x0056 [ 249.517294][ T5084] Bluetooth: hci2: command tx timeout [ 249.865420][ T2926] team0 (unregistering): Port device team_slave_1 removed [ 249.999354][ T2926] team0 (unregistering): Port device team_slave_0 removed [ 250.482125][ T7576] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.489564][ T7576] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.496952][ T7576] bridge_slave_0: entered allmulticast mode [ 250.512946][ T7576] bridge_slave_0: entered promiscuous mode [ 250.582778][ T7576] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.590469][ T7576] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.598108][ T7576] bridge_slave_1: entered allmulticast mode [ 250.606634][ T7576] bridge_slave_1: entered promiscuous mode [ 250.738103][ T7576] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 250.752081][ T7576] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 250.896090][ T29] audit: type=1326 audit(1720993703.805:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7697 comm="syz.0.593" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x0 [ 251.003331][ T29] audit: type=1326 audit(1720993703.955:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7699 comm="syz.3.594" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2c8b375bd9 code=0x0 [ 251.018001][ T7576] team0: Port device team_slave_0 added [ 251.045485][ T29] audit: type=1326 audit(1720993703.995:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7702 comm="syz.2.595" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ed4775bd9 code=0x0 [ 251.052533][ T7576] team0: Port device team_slave_1 added [ 251.139285][ T7576] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.146506][ T7576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.179722][ T7576] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.207424][ T7576] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.224693][ T7576] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.286730][ T7576] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.425758][ T7576] hsr_slave_0: entered promiscuous mode [ 251.451336][ T7576] hsr_slave_1: entered promiscuous mode [ 251.597173][ T5084] Bluetooth: hci2: command tx timeout [ 251.677069][ T5228] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 251.884299][ T5228] usb 5-1: Using ep0 maxpacket: 16 [ 251.907468][ T5228] usb 5-1: config 0 has an invalid interface number: 6 but max is 0 [ 251.935214][ T5228] usb 5-1: config 0 has no interface number 0 [ 251.974190][ T5228] usb 5-1: config 0 interface 6 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 252.017525][ T5228] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice=41.a9 [ 252.046496][ T5228] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.114315][ T5228] usb 5-1: Product: syz [ 252.126247][ T5228] usb 5-1: Manufacturer: syz [ 252.143646][ T5228] usb 5-1: SerialNumber: syz [ 252.216553][ T5228] usb 5-1: config 0 descriptor?? [ 252.604408][ T7738] syz.3.597: attempt to access beyond end of device [ 252.604408][ T7738] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 252.709866][ T7576] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 252.755096][ T5084] Bluetooth: hci1: unexpected event for opcode 0x0056 [ 252.757404][ T7576] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 252.834471][ T7576] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 252.890299][ T7576] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 253.124805][ T7576] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.235441][ T7576] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.292742][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.299990][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.379925][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.387127][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.857907][ T5116] usb 5-1: USB disconnect, device number 10 [ 254.083838][ T7576] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 254.335691][ T7576] veth0_vlan: entered promiscuous mode [ 254.362053][ T7576] veth1_vlan: entered promiscuous mode [ 254.560358][ T7576] veth0_macvtap: entered promiscuous mode [ 254.972336][ T7576] veth1_macvtap: entered promiscuous mode [ 254.996708][ T7576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.011689][ T7576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.022270][ T7576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.036377][ T7576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.072634][ T7576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.090384][ T7576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.101533][ T7576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.124537][ T7576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.149878][ T29] audit: type=1326 audit(1720993708.105:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7788 comm="syz.4.607" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c7d775bd9 code=0x0 [ 255.183353][ T7576] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 255.226840][ T7576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.255565][ T7576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.283592][ T7576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.315747][ T7576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.333375][ T7576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.350902][ T7576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.364779][ T7576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.375637][ T7576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.397235][ T7576] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 255.580646][ T7576] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.641861][ T7576] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.657616][ T7576] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.666597][ T7576] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.988765][ T2926] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.004640][ T1245] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.017158][ T1245] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.054796][ T2926] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.205581][ T2893] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.215597][ T2893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.340011][ T5084] Bluetooth: hci4: unexpected event for opcode 0x0056 [ 256.714568][ T7833] netlink: 12 bytes leftover after parsing attributes in process `syz.1.565'. [ 256.734129][ T7833] vlan2: entered promiscuous mode [ 256.741946][ T7833] dummy0: entered promiscuous mode [ 256.762416][ T7833] dummy0: left promiscuous mode [ 257.080269][ T7839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.616'. [ 258.906870][ T5084] Bluetooth: hci3: unexpected event for opcode 0x000e [ 258.921043][ T5084] Bluetooth: hci2: unexpected event for opcode 0x0056 [ 259.022685][ T7880] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 259.322664][ T5084] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 259.329523][ T5084] Bluetooth: Wrong link type (-22) [ 259.334796][ T5084] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 259.341455][ T5084] Bluetooth: Wrong link type (-22) [ 259.579469][ T5084] Bluetooth: hci1: unexpected event for opcode 0x0056 [ 259.805621][ T7886] tunl0: entered promiscuous mode [ 259.834915][ T7886] netlink: 'syz.4.629': attribute type 1 has an invalid length. [ 259.872738][ T7886] netlink: 9 bytes leftover after parsing attributes in process `syz.4.629'. [ 260.022135][ T7891] netlink: 'syz.4.629': attribute type 2 has an invalid length. [ 260.398873][ T7897] FAULT_INJECTION: forcing a failure. [ 260.398873][ T7897] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 260.415062][ T7898] FAULT_INJECTION: forcing a failure. [ 260.415062][ T7898] name failslab, interval 1, probability 0, space 0, times 0 [ 260.428070][ T7898] CPU: 0 PID: 7898 Comm: syz.1.631 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 260.438068][ T7898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 260.448149][ T7898] Call Trace: [ 260.451446][ T7898] [ 260.454389][ T7898] dump_stack_lvl+0x241/0x360 [ 260.459095][ T7898] ? __pfx_dump_stack_lvl+0x10/0x10 [ 260.464312][ T7898] ? __pfx__printk+0x10/0x10 [ 260.469100][ T7898] ? ref_tracker_alloc+0x332/0x490 [ 260.474226][ T7898] should_fail_ex+0x3b0/0x4e0 [ 260.478923][ T7898] ? skb_clone+0x20c/0x390 [ 260.483353][ T7898] should_failslab+0x9/0x20 [ 260.487878][ T7898] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 260.493268][ T7898] skb_clone+0x20c/0x390 [ 260.497533][ T7898] __netlink_deliver_tap+0x3cc/0x7c0 [ 260.502859][ T7898] ? netlink_deliver_tap+0x2e/0x1b0 [ 260.508091][ T7898] netlink_deliver_tap+0x19d/0x1b0 [ 260.513222][ T7898] netlink_unicast+0x7b8/0x980 [ 260.518006][ T7898] ? __pfx_netlink_unicast+0x10/0x10 [ 260.523299][ T7898] ? __virt_addr_valid+0x183/0x530 [ 260.528516][ T7898] ? __check_object_size+0x49c/0x900 [ 260.533817][ T7898] ? bpf_lsm_netlink_send+0x9/0x10 [ 260.538950][ T7898] netlink_sendmsg+0x8db/0xcb0 [ 260.543747][ T7898] ? __pfx_netlink_sendmsg+0x10/0x10 [ 260.549055][ T7898] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 260.554345][ T7898] ? security_socket_sendmsg+0x87/0xb0 [ 260.559821][ T7898] ? __pfx_netlink_sendmsg+0x10/0x10 [ 260.565115][ T7898] __sock_sendmsg+0x221/0x270 [ 260.569807][ T7898] sock_write_iter+0x2dd/0x400 [ 260.574589][ T7898] ? __pfx_sock_write_iter+0x10/0x10 [ 260.579937][ T7898] do_iter_readv_writev+0x5a4/0x800 [ 260.585151][ T7898] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 260.590884][ T7898] ? bpf_lsm_file_permission+0x9/0x10 [ 260.596348][ T7898] ? security_file_permission+0x7f/0xa0 [ 260.601907][ T7898] ? rw_verify_area+0x1d2/0x6b0 [ 260.606779][ T7898] vfs_writev+0x37c/0xbb0 [ 260.611136][ T7898] ? __pfx_lock_acquire+0x10/0x10 [ 260.616177][ T7898] ? __pfx_vfs_writev+0x10/0x10 [ 260.621554][ T7898] ? vfs_write+0x7c4/0xc90 [ 260.625996][ T7898] ? __fget_files+0x29/0x470 [ 260.630699][ T7898] do_writev+0x1b1/0x350 [ 260.634960][ T7898] ? __pfx_do_writev+0x10/0x10 [ 260.639743][ T7898] ? do_syscall_64+0x100/0x230 [ 260.644533][ T7898] ? do_syscall_64+0xb6/0x230 [ 260.649221][ T7898] do_syscall_64+0xf3/0x230 [ 260.653732][ T7898] ? clear_bhb_loop+0x35/0x90 [ 260.658434][ T7898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.664370][ T7898] RIP: 0033:0x7f2cc7175bd9 [ 260.668803][ T7898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.688426][ T7898] RSP: 002b:00007f2cc7f82048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 260.696858][ T7898] RAX: ffffffffffffffda RBX: 00007f2cc7304110 RCX: 00007f2cc7175bd9 [ 260.704841][ T7898] RDX: 0000000000000001 RSI: 0000000020019440 RDI: 0000000000000009 [ 260.712820][ T7898] RBP: 00007f2cc7f820a0 R08: 0000000000000000 R09: 0000000000000000 [ 260.720805][ T7898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.728789][ T7898] R13: 000000000000006e R14: 00007f2cc7304110 R15: 00007fffa55ea448 [ 260.736790][ T7898] [ 260.837342][ T7897] CPU: 1 PID: 7897 Comm: syz.0.632 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 260.847381][ T7897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 260.857446][ T7897] Call Trace: [ 260.860734][ T7897] [ 260.863666][ T7897] dump_stack_lvl+0x241/0x360 [ 260.868364][ T7897] ? __pfx_dump_stack_lvl+0x10/0x10 [ 260.873575][ T7897] ? __pfx__printk+0x10/0x10 [ 260.878187][ T7897] ? snprintf+0xda/0x120 [ 260.882442][ T7897] should_fail_ex+0x3b0/0x4e0 [ 260.887136][ T7897] _copy_to_user+0x2f/0xb0 [ 260.891573][ T7897] simple_read_from_buffer+0xca/0x150 [ 260.896966][ T7897] proc_fail_nth_read+0x1e9/0x250 [ 260.902007][ T7897] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 260.907569][ T7897] ? rw_verify_area+0x520/0x6b0 [ 260.912433][ T7897] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 260.917989][ T7897] vfs_read+0x204/0xbc0 [ 260.922156][ T7897] ? __pfx_lock_release+0x10/0x10 [ 260.927641][ T7897] ? __pfx_vfs_read+0x10/0x10 [ 260.932330][ T7897] ? __fget_files+0x29/0x470 [ 260.936929][ T7897] ? __fget_files+0x3f6/0x470 [ 260.941635][ T7897] ksys_read+0x1a0/0x2c0 [ 260.945900][ T7897] ? __pfx_ksys_read+0x10/0x10 [ 260.950685][ T7897] ? do_syscall_64+0x100/0x230 [ 260.955457][ T7897] ? do_syscall_64+0xb6/0x230 [ 260.960142][ T7897] do_syscall_64+0xf3/0x230 [ 260.964649][ T7897] ? clear_bhb_loop+0x35/0x90 [ 260.969334][ T7897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.975239][ T7897] RIP: 0033:0x7f60cc9746bc [ 260.979677][ T7897] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 260.999291][ T7897] RSP: 002b:00007f60cd7e6040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 261.007718][ T7897] RAX: ffffffffffffffda RBX: 00007f60ccb03f60 RCX: 00007f60cc9746bc [ 261.015693][ T7897] RDX: 000000000000000f RSI: 00007f60cd7e60b0 RDI: 0000000000000005 [ 261.023667][ T7897] RBP: 00007f60cd7e60a0 R08: 0000000000000000 R09: 0000000000000000 [ 261.031642][ T7897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 261.039642][ T7897] R13: 000000000000000b R14: 00007f60ccb03f60 R15: 00007ffe772e5308 [ 261.047645][ T7897] [ 262.338856][ T7919] binder: 7917:7919 ioctl c0306201 0 returned -14 [ 262.672151][ T5084] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 262.697835][ T5116] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 262.700344][ T7927] netlink: 104 bytes leftover after parsing attributes in process `syz.0.641'. [ 262.738747][ T7930] xt_TCPMSS: Only works on TCP SYN packets [ 262.824712][ T7932] netlink: 104 bytes leftover after parsing attributes in process `syz.2.642'. [ 262.907202][ T5116] usb 2-1: Using ep0 maxpacket: 16 [ 262.909265][ T5116] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 262.909297][ T5116] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 262.909312][ T5116] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.911173][ T5116] usb 2-1: config 0 descriptor?? [ 263.151377][ T7919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.184934][ T7919] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.352965][ T7939] netlink: 4 bytes leftover after parsing attributes in process `syz.3.645'. [ 263.490221][ T7938] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.569311][ T7938] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.679115][ T5116] hid-generic 0003:0158:0100.0008: unknown main item tag 0x1 [ 263.706375][ T5116] hid-generic 0003:0158:0100.0008: unexpected long global item [ 263.747080][ T5116] hid-generic 0003:0158:0100.0008: probe with driver hid-generic failed with error -22 [ 263.807209][ T7946] overlayfs: overlapping lowerdir path [ 264.062721][ T7950] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 264.098011][ T7950] fuse: Bad value for 'fd' [ 264.233089][ T5131] usb 2-1: USB disconnect, device number 5 [ 264.281305][ T52] Bluetooth: hci3: unexpected event for opcode 0x000e [ 264.661054][ T7955] xt_l2tp: missing protocol rule (udp|l2tpip) [ 265.217181][ T5116] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 265.469010][ T5116] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.524109][ T5116] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 265.573428][ T7965] input: syz1 as /devices/virtual/input/input11 [ 265.577351][ T5116] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 265.623514][ T5116] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.670634][ T5116] usb 3-1: config 0 descriptor?? [ 266.105941][ T5116] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 266.152768][ T5116] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 266.174853][ T7977] netlink: 104 bytes leftover after parsing attributes in process `syz.0.657'. [ 266.340837][ T7982] syz.1.654: attempt to access beyond end of device [ 266.340837][ T7982] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 266.395694][ T7983] netlink: 104 bytes leftover after parsing attributes in process `syz.3.658'. [ 267.010973][ T7993] netlink: 104 bytes leftover after parsing attributes in process `syz.4.659'. [ 267.207214][ T60] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 267.387223][ T60] usb 1-1: Using ep0 maxpacket: 16 [ 267.420785][ T60] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 267.441457][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 267.453839][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 267.465679][ T60] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 267.484095][ T60] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 267.504862][ T60] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 267.514644][ T60] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 267.534987][ T60] usb 1-1: Manufacturer: syz [ 267.546051][ T60] usb 1-1: config 0 descriptor?? [ 267.653377][ T7998] overlayfs: overlapping lowerdir path [ 267.772757][ T7999] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 267.826702][ T8001] fuse: Bad value for 'fd' [ 267.877233][ T60] rc_core: IR keymap rc-hauppauge not found [ 267.891409][ T60] Registered IR keymap rc-empty [ 267.909619][ T60] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 267.952360][ T5132] usb 3-1: USB disconnect, device number 16 [ 267.969179][ T60] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.021710][ T52] Bluetooth: hci3: unexpected event for opcode 0x000e [ 268.028508][ T60] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 268.030243][ T60] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input12 [ 268.042139][ T60] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.068014][ T60] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.073540][ T52] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 268.097272][ T60] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.128297][ T60] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.164230][ T60] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.183527][ T8012] xt_l2tp: missing protocol rule (udp|l2tpip) [ 268.187597][ T60] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.218016][ T60] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.255349][ T60] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.285288][ T60] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.308584][ T60] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.340115][ T60] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 268.340134][ T60] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 268.728564][ T25] usb 1-1: USB disconnect, device number 13 [ 269.015488][ T8017] netlink: 12 bytes leftover after parsing attributes in process `syz.1.668'. [ 269.062353][ T8017] vlan2: entered promiscuous mode [ 269.081390][ T8017] dummy0: entered promiscuous mode [ 269.109827][ T8017] dummy0: left promiscuous mode [ 269.528011][ T8024] netlink: 104 bytes leftover after parsing attributes in process `syz.1.670'. [ 269.603325][ T5084] Bluetooth: hci1: adv larger than maximum supported [ 270.680516][ T8046] netlink: 104 bytes leftover after parsing attributes in process `syz.2.675'. [ 270.987128][ T25] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 271.190824][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.242315][ T25] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 271.301599][ T25] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 271.329585][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.343513][ T25] usb 2-1: config 0 descriptor?? [ 271.578899][ T29] audit: type=1326 audit(1720993724.535:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8061 comm="syz.4.680" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c7d775bd9 code=0x0 [ 271.766534][ T25] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 271.775714][ T25] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 272.475529][ T5084] Bluetooth: hci4: unexpected event for opcode 0x000e [ 273.098438][ T8083] xt_l2tp: missing protocol rule (udp|l2tpip) [ 273.112452][ T5084] Bluetooth: hci1: adv larger than maximum supported [ 273.760257][ T25] usb 2-1: USB disconnect, device number 6 [ 274.357400][ T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 274.411643][ T8098] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 274.577367][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 274.596911][ T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 274.643984][ T9] usb 3-1: config 0 has no interface number 0 [ 274.662757][ T29] audit: type=1326 audit(1720993727.615:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8102 comm="syz.1.694" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2cc7175bd9 code=0x0 [ 274.684410][ T9] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 274.698145][ T9] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 274.715749][ T9] usb 3-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 274.725426][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.763668][ T9] usb 3-1: config 0 descriptor?? [ 274.862372][ T9] hso 3-1:0.1: Failed to find BULK IN ep [ 274.881693][ T8109] usb usb2: usbfs: process 8109 (syz.3.695) did not claim interface 0 before use [ 275.163781][ T5132] usb 3-1: USB disconnect, device number 17 [ 276.537295][ T5132] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 276.727109][ T5132] usb 2-1: Using ep0 maxpacket: 16 [ 276.747936][ T5132] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 276.773317][ T5132] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 276.788137][ T5132] usb 2-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 276.807102][ T5132] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 276.831006][ T5132] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 276.858322][ T5132] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 276.897129][ T5132] usb 2-1: Manufacturer: syz [ 276.941521][ T5132] usb 2-1: config 0 descriptor?? [ 278.435269][ T8150] xt_l2tp: missing protocol rule (udp|l2tpip) [ 278.766783][ T8157] netlink: 104 bytes leftover after parsing attributes in process `syz.0.709'. [ 278.959074][ T5133] usb 2-1: USB disconnect, device number 7 [ 280.862262][ T5084] Bluetooth: unknown link type 227 [ 280.867570][ T5084] Bluetooth: hci4: connection err: -111 [ 281.005618][ T5084] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 281.068337][ T5084] Bluetooth: hci3: unexpected event for opcode 0x000e [ 281.104894][ T8181] autofs: Unknown parameter './file0' [ 281.427094][ T5116] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 281.587131][ T5116] usb 5-1: device descriptor read/64, error -71 [ 281.607150][ T5131] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 281.819172][ T5131] usb 2-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 281.850309][ T5131] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.881585][ T5131] usb 2-1: config 0 descriptor?? [ 281.883229][ T5116] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 282.057131][ T5116] usb 5-1: device descriptor read/64, error -71 [ 282.127563][ T5131] kaweth 2-1:0.0: Firmware present in device. [ 282.178396][ T5116] usb usb5-port1: attempt power cycle [ 282.384636][ T5131] kaweth 2-1:0.0: Error reading configuration (-32), no net device created [ 282.410651][ T5131] kaweth 2-1:0.0: probe with driver kaweth failed with error -5 [ 282.518558][ T25] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 282.607089][ T5116] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 282.647888][ T5116] usb 5-1: device descriptor read/8, error -71 [ 282.717158][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 282.733328][ T25] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 282.744517][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 282.775936][ T25] usb 4-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 282.816142][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 283.062048][ T25] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 283.076570][ T25] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 283.091729][ T25] usb 4-1: Manufacturer: syz [ 283.098309][ T25] usb 4-1: config 0 descriptor?? [ 283.144433][ T29] audit: type=1326 audit(1720993736.095:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8200 comm="syz.4.725" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c7d775bd9 code=0x0 [ 284.424621][ T25] usb 2-1: USB disconnect, device number 8 [ 285.604951][ T52] Bluetooth: hci1: unexpected event for opcode 0x000e [ 285.666620][ T5228] usb 4-1: USB disconnect, device number 16 [ 285.762188][ T8231] autofs: Unknown parameter './file0' [ 285.823012][ T5084] Bluetooth: hci1: adv larger than maximum supported [ 286.964043][ T8249] netlink: 64 bytes leftover after parsing attributes in process `syz.3.736'. [ 287.307126][ T60] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 287.607602][ T60] usb 4-1: Using ep0 maxpacket: 8 [ 287.616206][ T60] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 287.616273][ T60] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 287.616298][ T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.627949][ T60] usb 4-1: config 0 descriptor?? [ 287.663685][ T60] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 288.136113][ T60] gspca_vc032x: reg_w err -71 [ 288.161406][ T60] vc032x 4-1:0.0: probe with driver vc032x failed with error -71 [ 288.219897][ T60] usb 4-1: USB disconnect, device number 17 [ 291.581516][ T5084] Bluetooth: hci1: unexpected event for opcode 0x000e [ 291.710686][ T8285] autofs: Unknown parameter './file0' [ 291.748566][ T8286] autofs: Unknown parameter './file0' [ 291.957245][ T5131] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 292.167089][ T5131] usb 4-1: Using ep0 maxpacket: 16 [ 292.179025][ T5131] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 292.199718][ T5131] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 292.221469][ T5131] usb 4-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 292.255233][ T5131] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 292.289833][ T5131] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 292.303097][ T5131] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 292.331205][ T5131] usb 4-1: Manufacturer: syz [ 292.358405][ T5131] usb 4-1: config 0 descriptor?? [ 294.828713][ T60] usb 4-1: USB disconnect, device number 18 [ 296.137802][ T5084] Bluetooth: hci3: unexpected event for opcode 0x000e [ 296.674030][ T8328] autofs: Unknown parameter './file0' [ 296.939759][ T8332] netlink: 'syz.3.761': attribute type 10 has an invalid length. [ 300.577118][ T9] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 300.835586][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 300.847558][ T25] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 300.855429][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 300.886387][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 300.887378][ T5131] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 300.903072][ T9] usb 5-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 300.916577][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 300.941053][ T9] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 300.959648][ T9] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 300.972516][ T9] usb 5-1: Manufacturer: syz [ 301.020683][ T9] usb 5-1: config 0 descriptor?? [ 301.037160][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 301.060001][ T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 301.081624][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 301.107485][ T5131] usb 1-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 301.129904][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 301.142446][ T5131] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.152687][ T25] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 301.164892][ T5131] usb 1-1: config 0 descriptor?? [ 301.171229][ T25] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 301.197484][ T25] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 301.206798][ T25] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 301.216031][ T25] usb 2-1: Manufacturer: syz [ 301.237451][ T25] usb 2-1: config 0 descriptor?? [ 301.422821][ T5131] kaweth 1-1:0.0: Firmware present in device. [ 301.672627][ T25] rc_core: IR keymap rc-hauppauge not found [ 301.688316][ T25] Registered IR keymap rc-empty [ 301.694774][ T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 301.748043][ T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 301.811053][ T25] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 301.859162][ T5131] kaweth 1-1:0.0: Error reading configuration (-32), no net device created [ 301.888679][ T5131] kaweth 1-1:0.0: probe with driver kaweth failed with error -5 [ 301.905144][ T25] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input13 [ 301.955149][ T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 301.987842][ T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 302.022410][ T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 302.061221][ T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 302.137159][ T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 302.167318][ T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 302.227838][ T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 302.308822][ T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 302.407123][ T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 302.451802][ T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 302.521289][ T25] mceusb 2-1:0.0: Registered with mce emulator interface version 1 [ 302.530628][ T25] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 302.580232][ T25] usb 2-1: USB disconnect, device number 9 [ 302.757090][ T60] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 302.997144][ T60] usb 4-1: Using ep0 maxpacket: 32 [ 303.188410][ T60] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 303.198157][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.207695][ T60] usb 4-1: Product: syz [ 303.212294][ T60] usb 4-1: Manufacturer: syz [ 303.217513][ T60] usb 4-1: SerialNumber: syz [ 303.241957][ T60] usb 4-1: config 0 descriptor?? [ 303.260175][ T5116] usb 5-1: USB disconnect, device number 15 [ 303.847295][ T8390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 303.943076][ T8390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 304.017666][ T5228] usb 1-1: USB disconnect, device number 14 [ 305.125834][ T60] rtl8150 4-1:0.0: couldn't reset the device [ 305.166123][ T60] rtl8150 4-1:0.0: probe with driver rtl8150 failed with error -5 [ 306.344705][ T8411] netlink: 12 bytes leftover after parsing attributes in process `syz.4.781'. [ 306.409642][ T8411] vlan2: entered promiscuous mode [ 306.429214][ T8411] team0: entered promiscuous mode [ 306.443517][ T8411] team_slave_0: entered promiscuous mode [ 306.457498][ T8411] team_slave_1: entered promiscuous mode [ 306.493346][ T8411] team0: left promiscuous mode [ 306.548391][ T8411] team_slave_0: left promiscuous mode [ 306.565070][ T8411] team_slave_1: left promiscuous mode [ 307.461492][ T5116] usb 4-1: USB disconnect, device number 19 [ 307.943208][ T60] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 307.997505][ T5116] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 308.328662][ T5116] usb 4-1: Using ep0 maxpacket: 16 [ 308.708786][ T60] usb 1-1: config 0 has an invalid interface number: 153 but max is 0 [ 308.750161][ T60] usb 1-1: config 0 has no interface number 0 [ 308.817324][ T5132] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 308.845127][ T5116] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 308.847267][ T60] usb 1-1: New USB device found, idVendor=249c, idProduct=932c, bcdDevice=f9.1b [ 308.887638][ T5116] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 308.906817][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.929038][ T60] usb 1-1: config 0 descriptor?? [ 308.954787][ T60] usb 1-1: can't set first interface for hiFace device. [ 308.995562][ T5116] usb 4-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 309.016895][ T60] snd-usb-hiface 1-1:0.153: probe with driver snd-usb-hiface failed with error -5 [ 309.153169][ T60] usb 1-1: USB disconnect, device number 15 [ 309.179689][ T5132] usb 5-1: config 0 has an invalid interface number: 35 but max is 0 [ 309.197840][ T5132] usb 5-1: config 0 has an invalid interface number: 80 but max is 0 [ 309.200785][ T5116] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 309.205944][ T5132] usb 5-1: config 0 has an invalid descriptor of length 158, skipping remainder of the config [ 309.205970][ T5132] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 309.205991][ T5132] usb 5-1: config 0 has no interface number 0 [ 309.259333][ T5116] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 309.279860][ T5116] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 309.297161][ T5116] usb 4-1: Manufacturer: syz [ 309.318630][ T5116] usb 4-1: config 0 descriptor?? [ 309.379810][ T5132] usb 5-1: config 0 has no interface number 1 [ 309.409350][ T5132] usb 5-1: too many endpoints for config 0 interface 35 altsetting 196: 189, using maximum allowed: 30 [ 309.466422][ T5132] usb 5-1: config 0 interface 35 altsetting 196 has 0 endpoint descriptors, different from the interface descriptor's value: 189 [ 309.529944][ T5132] usb 5-1: too many endpoints for config 0 interface 80 altsetting 109: 32, using maximum allowed: 30 [ 309.541993][ T52] Bluetooth: hci2: unexpected event for opcode 0x0056 [ 309.549266][ T5132] usb 5-1: config 0 interface 80 altsetting 109 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 309.614862][ T5132] usb 5-1: config 0 interface 35 has no altsetting 0 [ 309.645230][ T52] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 309.652306][ T52] Bluetooth: Wrong link type (-22) [ 309.657665][ T52] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 309.664235][ T52] Bluetooth: Wrong link type (-22) [ 309.669608][ T52] Bluetooth: hci2: link tx timeout [ 309.675839][ T52] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa [ 309.686180][ T52] Bluetooth: hci2: link tx timeout [ 309.691479][ T52] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 309.750105][ T5132] usb 5-1: config 0 interface 80 has no altsetting 0 [ 309.801691][ T5132] usb 5-1: New USB device found, idVendor=050f, idProduct=0190, bcdDevice=2b.a5 [ 309.845719][ T5132] usb 5-1: New USB device strings: Mfr=34, Product=0, SerialNumber=0 [ 309.884263][ T5132] usb 5-1: Manufacturer: syz [ 309.910987][ T5132] usb 5-1: config 0 descriptor?? [ 310.004971][ T8469] netlink: 165 bytes leftover after parsing attributes in process `syz.0.798'. [ 310.745693][ T5132] cdc_subset 5-1:0.35: probe with driver cdc_subset failed with error -22 [ 310.786575][ T5132] cdc_subset 5-1:0.80: probe with driver cdc_subset failed with error -22 [ 310.838869][ T5132] usb 5-1: USB disconnect, device number 16 [ 311.507924][ T9] usb 4-1: USB disconnect, device number 20 [ 311.839169][ T52] Bluetooth: hci2: command 0x0405 tx timeout [ 312.491937][ T2825] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.717399][ T2825] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.876758][ T2825] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.094395][ T2825] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.207807][ T5082] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 313.219215][ T5082] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 313.228181][ T5082] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 313.236890][ T5082] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 313.244690][ T5082] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 313.255247][ T5082] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 313.290845][ T8511] netlink: 165 bytes leftover after parsing attributes in process `syz.2.810'. [ 313.723765][ T8521] syz.1.811 (8521): attempted to duplicate a private mapping with mremap. This is not supported. [ 313.785777][ T8520] netlink: 104 bytes leftover after parsing attributes in process `syz.2.813'. [ 313.873373][ T2825] bridge_slave_1: left allmulticast mode [ 313.917514][ T5082] Bluetooth: hci2: command 0x0405 tx timeout [ 313.933160][ T2825] bridge_slave_1: left promiscuous mode [ 313.976287][ T2825] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.051747][ T2825] bridge_slave_0: left allmulticast mode [ 314.075535][ T2825] bridge_slave_0: left promiscuous mode [ 314.119505][ T2825] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.357494][ T5084] Bluetooth: hci4: command tx timeout [ 315.877991][ T8540] netlink: zone id is out of range [ 315.908510][ T8540] netlink: zone id is out of range [ 315.975441][ T8540] netlink: set zone limit has 4 unknown bytes [ 315.986813][ T2825] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 316.019010][ T2825] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 316.092749][ T2825] bond0 (unregistering): Released all slaves [ 316.195894][ T8521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.811'. [ 316.303270][ T8521] vlan2: entered allmulticast mode [ 316.825099][ T5084] Bluetooth: hci2: unexpected event for opcode 0x0056 [ 316.903186][ T5084] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 317.445533][ T1245] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.457218][ T5084] Bluetooth: hci4: command tx timeout [ 317.467863][ T1245] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.684008][ T8509] chnl_net:caif_netlink_parms(): no params data found [ 317.777331][ T2825] hsr_slave_0: left promiscuous mode [ 317.803939][ T2825] hsr_slave_1: left promiscuous mode [ 317.835065][ T2825] batman_adv: batadv0: Removing interface: team0 [ 317.860187][ T2825] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 317.883075][ T2825] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 317.922135][ T2825] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 317.953992][ T2825] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 317.997659][ T2825] veth1_macvtap: left promiscuous mode [ 318.009074][ T2825] veth0_macvtap: left promiscuous mode [ 318.026212][ T2825] veth1_vlan: left promiscuous mode [ 318.034413][ T2825] veth0_vlan: left promiscuous mode [ 318.987115][ T5132] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 319.213244][ T5132] usb 4-1: Using ep0 maxpacket: 16 [ 319.251075][ T5132] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 319.264331][ T5132] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 319.424654][ T5132] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.519489][ T5084] Bluetooth: hci4: command tx timeout [ 319.867962][ T5132] usb 4-1: config 0 descriptor?? [ 320.128126][ T8600] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 320.174698][ T8600] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 320.495236][ T8607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 320.535809][ T8607] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 320.613815][ T5132] hid-generic 0003:0158:0100.000B: unknown main item tag 0x1 [ 320.624917][ T2825] team0 (unregistering): Port device team_slave_1 removed [ 320.635983][ T5132] hid-generic 0003:0158:0100.000B: unexpected long global item [ 320.667851][ T5132] hid-generic 0003:0158:0100.000B: probe with driver hid-generic failed with error -22 [ 320.770351][ T2825] team0 (unregistering): Port device team_slave_0 removed [ 321.173863][ T25] usb 4-1: USB disconnect, device number 21 [ 321.434788][ T8615] netlink: 104 bytes leftover after parsing attributes in process `syz.0.832'. [ 321.599746][ T5082] Bluetooth: hci4: command tx timeout [ 322.484177][ T8509] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.492711][ T8509] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.500025][ T8509] bridge_slave_0: entered allmulticast mode [ 322.508727][ T8509] bridge_slave_0: entered promiscuous mode [ 322.518450][ T8509] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.525612][ T8509] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.536133][ T8509] bridge_slave_1: entered allmulticast mode [ 322.567971][ T8509] bridge_slave_1: entered promiscuous mode [ 322.993603][ T8509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.096725][ T8509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 323.510864][ T8509] team0: Port device team_slave_0 added [ 323.517366][ T5082] Bluetooth: hci2: command 0x0405 tx timeout [ 323.940025][ T29] audit: type=1326 audit(1720993776.875:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8652 comm="syz.2.842" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ed4775bd9 code=0x0 [ 324.338686][ T8509] team0: Port device team_slave_1 added [ 324.520152][ T8509] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.533914][ T8509] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.540152][ T8668] netlink: 104 bytes leftover after parsing attributes in process `syz.3.844'. [ 324.589834][ T8509] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.628743][ T8509] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.646220][ T8509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.729839][ T8509] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 324.945142][ T8509] hsr_slave_0: entered promiscuous mode [ 324.953728][ T8509] hsr_slave_1: entered promiscuous mode [ 324.954886][ T8509] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 324.954987][ T8509] Cannot create hsr debugfs directory [ 325.315134][ T8681] netlink: 165 bytes leftover after parsing attributes in process `syz.2.848'. [ 325.817187][ T60] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 326.029539][ T60] usb 2-1: Using ep0 maxpacket: 16 [ 326.059348][ T60] usb 2-1: config 0 has an invalid interface number: 6 but max is 0 [ 326.081390][ T60] usb 2-1: config 0 has no interface number 0 [ 326.119562][ T60] usb 2-1: config 0 interface 6 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 326.168140][ T60] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice=41.a9 [ 326.206534][ T60] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.247465][ T60] usb 2-1: Product: syz [ 326.251895][ T60] usb 2-1: Manufacturer: syz [ 326.271065][ T60] usb 2-1: SerialNumber: syz [ 326.288551][ T60] usb 2-1: config 0 descriptor?? [ 326.312863][ T8509] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 326.350021][ T8509] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 326.402747][ T8509] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 326.450837][ T8509] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 326.853663][ T8509] 8021q: adding VLAN 0 to HW filter on device bond0 [ 326.950475][ T8509] 8021q: adding VLAN 0 to HW filter on device team0 [ 326.985868][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.993108][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 327.019550][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.026788][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 327.106000][ T5082] Bluetooth: hci1: unexpected event for opcode 0x0056 [ 327.183820][ T5082] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 327.681418][ T8509] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 327.807689][ T5166] usb 2-1: USB disconnect, device number 10 [ 328.085776][ T5082] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 328.686017][ T8765] netlink: 165 bytes leftover after parsing attributes in process `syz.0.861'. [ 328.724961][ T8509] veth0_vlan: entered promiscuous mode [ 328.793803][ T8509] veth1_vlan: entered promiscuous mode [ 328.834374][ T8767] netlink: 12 bytes leftover after parsing attributes in process `syz.3.862'. [ 328.890476][ T8767] vlan3: entered promiscuous mode [ 328.970553][ T8771] syz.2.859: attempt to access beyond end of device [ 328.970553][ T8771] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 329.111796][ T8509] veth0_macvtap: entered promiscuous mode [ 329.185024][ T8771] netlink: 68 bytes leftover after parsing attributes in process `syz.2.859'. [ 329.272323][ T8509] veth1_macvtap: entered promiscuous mode [ 329.359223][ T8509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 329.408127][ T8509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.434367][ T8509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 329.473875][ T8509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.514270][ T8509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 329.556486][ T8509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.576677][ T8509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 329.638958][ T8509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.664151][ T8509] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 329.719513][ T8509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.749910][ T8509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.784637][ T8509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.813059][ T8509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.835400][ T8509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.864336][ T8509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.888221][ T8509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.902731][ T8509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.914736][ T8509] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 329.971971][ T8509] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.011852][ T8509] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.077305][ T8509] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.104997][ T8509] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.305706][ T5084] Bluetooth: hci2: unexpected event for opcode 0x0056 [ 330.381060][ T5084] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 330.387465][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.429784][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 330.547508][ T2825] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.555368][ T2825] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 330.652017][ T8813] netlink: 104 bytes leftover after parsing attributes in process `syz.3.870'. [ 331.767390][ T8833] netlink: 165 bytes leftover after parsing attributes in process `syz.3.873'. [ 331.958505][ T8838] netlink: 12 bytes leftover after parsing attributes in process `syz.2.875'. [ 332.016539][ T8838] vlan2: entered promiscuous mode [ 332.707128][ T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 332.725894][ T5084] Bluetooth: hci2: unexpected event for opcode 0x0056 [ 332.785218][ T5084] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 332.900705][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 332.934073][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 332.975172][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 333.080128][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 333.112341][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 333.157096][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 333.188631][ T9] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 333.200192][ T8880] syz.4.881: attempt to access beyond end of device [ 333.200192][ T8880] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0 [ 333.211581][ T9] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 333.329692][ T8880] netlink: 68 bytes leftover after parsing attributes in process `syz.4.881'. [ 333.337178][ T9] usb 3-1: Manufacturer: syz [ 333.351597][ T8884] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 333.400361][ T9] usb 3-1: config 0 descriptor?? [ 333.777279][ T9] rc_core: IR keymap rc-hauppauge not found [ 333.777302][ T9] Registered IR keymap rc-empty [ 333.777514][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.783555][ T5084] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 333.807209][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.848951][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 333.858369][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input14 [ 333.875344][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.899806][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.927283][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 333.967560][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 334.003099][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 334.027231][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 334.057173][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 334.097356][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 334.106518][ T5084] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 334.137218][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 334.167426][ T9] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 334.210485][ T9] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 334.210537][ T9] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 334.588103][ T5166] usb 3-1: USB disconnect, device number 18 [ 334.762916][ T5082] Bluetooth: hci1: unexpected event for opcode 0x000e [ 334.807155][ T5132] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 335.022935][ T5132] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 335.040014][ T5132] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 335.104176][ T5132] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 335.128236][ T5132] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 335.162731][ T5132] usb 4-1: config 0 descriptor?? [ 336.156698][ T5132] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 336.246658][ T5132] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 337.116263][ T5082] Bluetooth: hci1: unexpected event for opcode 0x0056 [ 337.189255][ T5082] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 337.697666][ T5082] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 338.410467][ T5116] usb 4-1: USB disconnect, device number 22 [ 338.548608][ T8] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 338.777160][ T8] usb 1-1: device descriptor read/64, error -71 [ 339.024693][ T8957] autofs: Unknown parameter './file0' [ 339.057237][ T8] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 339.087044][ T25] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 339.207053][ T8] usb 1-1: device descriptor read/64, error -71 [ 339.267021][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 339.274151][ T25] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 339.285220][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 339.296322][ T5132] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 339.304277][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 339.314666][ T25] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 339.325074][ T25] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 339.340967][ T25] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 339.347726][ T8] usb usb1-port1: attempt power cycle [ 339.351039][ T25] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 339.363554][ T25] usb 5-1: Manufacturer: syz [ 339.369904][ T25] usb 5-1: config 0 descriptor?? [ 339.500599][ T5132] usb 2-1: Using ep0 maxpacket: 16 [ 339.507928][ T5132] usb 2-1: config 0 has an invalid interface number: 6 but max is 0 [ 339.516025][ T5132] usb 2-1: config 0 has no interface number 0 [ 339.522929][ T5132] usb 2-1: config 0 interface 6 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 339.536248][ T5132] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice=41.a9 [ 339.545652][ T5132] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.554538][ T5132] usb 2-1: Product: syz [ 339.561267][ T5132] usb 2-1: Manufacturer: syz [ 339.565956][ T5132] usb 2-1: SerialNumber: syz [ 339.574299][ T5132] usb 2-1: config 0 descriptor?? [ 339.657892][ T25] rc_core: IR keymap rc-hauppauge not found [ 339.673067][ T25] Registered IR keymap rc-empty [ 339.679276][ T25] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 339.717210][ T25] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 339.753634][ T25] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 339.786231][ T8] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 339.800939][ T25] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input15 [ 339.834243][ T8] usb 1-1: device descriptor read/8, error -71 [ 339.854236][ T25] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 339.899900][ T25] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 339.942451][ T25] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 339.988643][ T25] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 340.044857][ T25] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 340.109313][ T25] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 340.134841][ T8] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 340.157610][ T25] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 340.190537][ T8] usb 1-1: device descriptor read/8, error -71 [ 340.208352][ T25] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 340.249794][ T25] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 340.321926][ T8] usb usb1-port1: unable to enumerate USB device [ 340.322489][ T25] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 340.443313][ T25] mceusb 5-1:0.0: Registered with mce emulator interface version 1 [ 340.453644][ T25] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 340.558594][ T25] usb 5-1: USB disconnect, device number 17 [ 340.987615][ T60] usb 2-1: USB disconnect, device number 11 [ 342.114483][ T8998] autofs: Unknown parameter './file0' [ 342.557138][ T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 342.679453][ T29] audit: type=1326 audit(1720993795.625:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9001 comm="syz.1.918" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2cc7175bd9 code=0x0 [ 342.737294][ T9] usb 5-1: device descriptor read/64, error -71 [ 343.724894][ T9] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 343.737533][ T5082] Bluetooth: hci1: unexpected event for opcode 0x000e [ 343.901070][ T9018] netlink: 104 bytes leftover after parsing attributes in process `syz.1.923'. [ 343.907498][ T9] usb 5-1: device descriptor read/64, error -71 [ 344.037401][ T9] usb usb5-port1: attempt power cycle [ 344.447337][ T9] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 344.530490][ T9] usb 5-1: device descriptor read/8, error -71 [ 344.837094][ T9] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 344.897794][ T9] usb 5-1: device descriptor read/8, error -71 [ 345.057582][ T9] usb usb5-port1: unable to enumerate USB device [ 345.597753][ T9] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 345.662347][ T29] audit: type=1326 audit(1720993798.615:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9040 comm="syz.0.930" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x0 [ 345.707793][ T5228] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 345.753509][ T9045] autofs: Unknown parameter './file0' [ 345.809333][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 345.816145][ T9] usb 3-1: config 0 has an invalid interface number: 6 but max is 0 [ 345.824767][ T9] usb 3-1: config 0 has no interface number 0 [ 345.831870][ T9] usb 3-1: config 0 interface 6 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 345.850979][ T9] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice=41.a9 [ 345.862178][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.964442][ T5228] usb 5-1: Using ep0 maxpacket: 16 [ 346.028104][ T5228] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 346.072729][ T9] usb 3-1: Product: syz [ 346.100606][ T9] usb 3-1: Manufacturer: syz [ 346.123120][ T5228] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 346.140945][ T9] usb 3-1: SerialNumber: syz [ 346.194282][ T5228] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.245269][ T9] usb 3-1: config 0 descriptor?? [ 346.355171][ T5228] usb 5-1: config 0 descriptor?? [ 346.648376][ T9036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 346.696542][ T9036] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 346.723420][ T29] audit: type=1326 audit(1720993799.675:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9052 comm="syz.0.933" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f60cc975bd9 code=0x0 [ 346.794293][ T29] audit: type=1326 audit(1720993799.735:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9054 comm="syz.3.934" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2c8b375bd9 code=0x0 [ 346.852382][ T29] audit: type=1326 audit(1720993799.795:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9057 comm="syz.1.935" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2cc7175bd9 code=0x0 [ 347.021814][ T9056] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 347.043550][ T9056] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 347.075709][ T5228] hid-generic 0003:0158:0100.000D: unknown main item tag 0x1 [ 347.084637][ T5228] hid-generic 0003:0158:0100.000D: unexpected long global item [ 347.093973][ T5228] hid-generic 0003:0158:0100.000D: probe with driver hid-generic failed with error -22 [ 347.280928][ T5228] usb 5-1: USB disconnect, device number 22 [ 347.673061][ T5082] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 347.829697][ T60] usb 3-1: USB disconnect, device number 19 [ 347.884820][ T5082] Bluetooth: hci2: unexpected event for opcode 0x000e [ 348.031114][ T25] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 348.217073][ T25] usb 1-1: device descriptor read/64, error -71 [ 348.597084][ T25] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 348.771955][ T25] usb 1-1: device descriptor read/64, error -71 [ 348.921185][ T25] usb usb1-port1: attempt power cycle [ 349.357318][ T25] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 349.428171][ T25] usb 1-1: device descriptor read/8, error -71 [ 349.450824][ T9093] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 349.717936][ T25] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 349.759635][ T25] usb 1-1: device descriptor read/8, error -71 [ 349.889219][ T25] usb usb1-port1: unable to enumerate USB device [ 350.552677][ T9122] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 351.490369][ T5082] Bluetooth: hci1: unexpected event for opcode 0x000e [ 353.790717][ T9158] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 354.783981][ C1] [ 354.786363][ C1] ================================ [ 354.791495][ C1] WARNING: inconsistent lock state [ 354.796675][ C1] 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 Not tainted [ 354.803795][ C1] -------------------------------- [ 354.808884][ C1] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. [ 354.815741][ C1] syz.3.972/9170 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 354.821994][ C1] ffff8880b95387e8 (lock#12){?.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x8f/0x630 [ 354.832395][ C1] {HARDIRQ-ON-W} state was registered at: [ 354.838139][ C1] lock_acquire+0x1ed/0x550 [ 354.842721][ C1] __mmap_lock_do_trace_acquire_returned+0xa8/0x630 [ 354.849395][ C1] copy_mm+0x1f8c/0x2020 [ 354.853772][ C1] copy_process+0x187a/0x3dc0 [ 354.858541][ C1] kernel_clone+0x223/0x870 [ 354.863116][ C1] __x64_sys_clone+0x258/0x2a0 [ 354.868134][ C1] do_syscall_64+0xf3/0x230 [ 354.872796][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.878774][ C1] irq event stamp: 3412 [ 354.883082][ C1] hardirqs last enabled at (3411): [] ___slab_alloc+0xac6/0x14b0 [ 354.892533][ C1] hardirqs last disabled at (3412): [] sysvec_call_function_single+0xe/0xc0 [ 354.902763][ C1] softirqs last enabled at (1220): [] __irq_exit_rcu+0xf4/0x1c0 [ 354.912061][ C1] softirqs last disabled at (1123): [] __irq_exit_rcu+0xf4/0x1c0 [ 354.921439][ C1] [ 354.921439][ C1] other info that might help us debug this: [ 354.929482][ C1] Possible unsafe locking scenario: [ 354.929482][ C1] [ 354.936913][ C1] CPU0 [ 354.940180][ C1] ---- [ 354.943442][ C1] lock(lock#12); [ 354.947168][ C1] [ 354.950606][ C1] lock(lock#12); [ 354.954497][ C1] [ 354.954497][ C1] *** DEADLOCK *** [ 354.954497][ C1] [ 354.962626][ C1] 3 locks held by syz.3.972/9170: [ 354.967630][ C1] #0: ffff88807b5ea590 (&sb->s_type->i_mutex_key#26){+.+.}-{3:3}, at: fuse_file_write_iter+0x2b4/0xf60 [ 354.978764][ C1] #1: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540 [ 354.988157][ C1] #2: ffff88806a749498 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x237/0x9d0 [ 354.999022][ C1] [ 354.999022][ C1] stack backtrace: [ 355.004896][ C1] CPU: 1 PID: 9170 Comm: syz.3.972 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 355.014948][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 355.025013][ C1] Call Trace: [ 355.028281][ C1] [ 355.031114][ C1] dump_stack_lvl+0x241/0x360 [ 355.035788][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 355.040980][ C1] ? print_usage_bug+0x61a/0x8a0 [ 355.045993][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 355.051278][ C1] ? is_bpf_text_address+0x26/0x2a0 [ 355.056467][ C1] valid_state+0x13a/0x1c0 [ 355.060873][ C1] mark_lock_irq+0xbb/0xc20 [ 355.065376][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 355.070345][ C1] ? __pfx_mark_lock_irq+0x10/0x10 [ 355.075452][ C1] ? stack_trace_save+0x118/0x1d0 [ 355.080473][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 355.085839][ C1] ? sched_balance_rq+0x3314/0x8780 [ 355.091025][ C1] ? lockdep_lock+0x123/0x2b0 [ 355.095706][ C1] ? save_trace+0x5a/0xb40 [ 355.100121][ C1] mark_lock+0x223/0x350 [ 355.104358][ C1] __lock_acquire+0xb8e/0x1fd0 [ 355.109130][ C1] lock_acquire+0x1ed/0x550 [ 355.113643][ C1] ? __mmap_lock_do_trace_acquire_returned+0x8f/0x630 [ 355.120406][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 355.125510][ C1] ? __pfx_sched_balance_rq+0x10/0x10 [ 355.130874][ C1] ? down_read_trylock+0x24f/0x3c0 [ 355.136151][ C1] ? stack_map_get_build_id_offset+0x237/0x9d0 [ 355.142302][ C1] ? __mmap_lock_do_trace_acquire_returned+0x8f/0x630 [ 355.149581][ C1] __mmap_lock_do_trace_acquire_returned+0xa8/0x630 [ 355.156424][ C1] ? __mmap_lock_do_trace_acquire_returned+0x8f/0x630 [ 355.163183][ C1] stack_map_get_build_id_offset+0x9af/0x9d0 [ 355.169162][ C1] ? __pfx_stack_map_get_build_id_offset+0x10/0x10 [ 355.175660][ C1] __bpf_get_stack+0x4ad/0x5a0 [ 355.180423][ C1] ? __pfx___bpf_get_stack+0x10/0x10 [ 355.185701][ C1] ? __pfx___cant_migrate+0x10/0x10 [ 355.190893][ C1] bpf_get_stack_raw_tp+0x1a3/0x240 [ 355.196087][ C1] ? bpf_trace_run2+0x1fc/0x540 [ 355.201019][ C1] bpf_prog_ec3b2eefa702d8d3+0x42/0x46 [ 355.206463][ C1] bpf_trace_run2+0x2ec/0x540 [ 355.211133][ C1] ? __pfx_bpf_trace_run2+0x10/0x10 [ 355.216350][ C1] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 355.221999][ C1] ? __pfx_native_flush_tlb_one_user+0x10/0x10 [ 355.228176][ C1] trace_tlb_flush+0x118/0x140 [ 355.232984][ C1] flush_tlb_func+0x4e7/0x630 [ 355.237663][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 355.242899][ C1] ? sched_clock_cpu+0x76/0x490 [ 355.247765][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 355.252981][ C1] __flush_smp_call_function_queue+0x3fc/0x1690 [ 355.259345][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 355.264554][ C1] __sysvec_call_function_single+0xb8/0x430 [ 355.270445][ C1] sysvec_call_function_single+0x9e/0xc0 [ 355.276084][ C1] [ 355.279100][ C1] [ 355.282022][ C1] asm_sysvec_call_function_single+0x1a/0x20 [ 355.288026][ C1] RIP: 0010:lock_release+0x630/0x9f0 [ 355.293307][ C1] Code: 3c 3b 00 74 08 4c 89 f7 e8 1d 12 86 00 f6 84 24 91 00 00 00 02 75 77 41 f7 c5 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 27 00 00 00 00 4b c7 44 27 08 00 00 00 00 65 48 8b 04 25 [ 355.313037][ C1] RSP: 0018:ffffc9000edf6d60 EFLAGS: 00000206 [ 355.319102][ C1] RAX: 0000000000000001 RBX: 1ffff92001dbedbe RCX: ffffc9000edf6d03 [ 355.327072][ C1] RDX: 0000000000000001 RSI: ffffffff8bcaccc0 RDI: ffffffff8c1f5540 [ 355.335061][ C1] RBP: ffffc9000edf6e90 R08: ffffffff8fac692f R09: 1ffffffff1f58d25 [ 355.343113][ C1] R10: dffffc0000000000 R11: fffffbfff1f58d26 R12: 1ffff92001dbedb8 [ 355.351146][ C1] R13: 0000000000000246 R14: ffffc9000edf6df0 R15: dffffc0000000000 [ 355.359307][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 355.364335][ C1] ? is_bpf_text_address+0x26/0x2a0 [ 355.369529][ C1] ? __pfx_lock_release+0x10/0x10 [ 355.374571][ C1] ? deref_stack_reg+0x1c7/0x260 [ 355.379569][ C1] ? 0xffffffffa0001f90 [ 355.383718][ C1] ? 0xffffffffa0001f90 [ 355.387885][ C1] is_bpf_text_address+0x280/0x2a0 [ 355.393012][ C1] ? is_bpf_text_address+0x26/0x2a0 [ 355.398558][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 355.404798][ C1] kernel_text_address+0xa7/0xe0 [ 355.409734][ C1] __kernel_text_address+0xd/0x40 [ 355.414786][ C1] unwind_get_return_address+0x5d/0xc0 [ 355.420257][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.426779][ C1] arch_stack_walk+0x125/0x1b0 [ 355.431585][ C1] stack_trace_save+0x118/0x1d0 [ 355.436480][ C1] ? __lock_acquire+0x1346/0x1fd0 [ 355.441522][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 355.446898][ C1] kasan_save_track+0x3f/0x80 [ 355.451576][ C1] ? kasan_save_track+0x3f/0x80 [ 355.456511][ C1] ? __kasan_kmalloc+0x98/0xb0 [ 355.461264][ C1] ? __kmalloc_noprof+0x1f9/0x400 [ 355.466283][ C1] ? fuse_direct_io+0x23c6/0x2ce0 [ 355.471298][ C1] ? fuse_direct_IO+0x97e/0x13a0 [ 355.476226][ C1] ? generic_file_direct_write+0x130/0x350 [ 355.482026][ C1] ? fuse_file_write_iter+0xb7c/0xf60 [ 355.487391][ C1] ? aio_write+0x570/0x7d0 [ 355.491800][ C1] ? io_submit_one+0x8a7/0x18b0 [ 355.496641][ C1] ? __se_sys_io_submit+0x179/0x2f0 [ 355.501835][ C1] ? do_syscall_64+0xf3/0x230 [ 355.506537][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.512617][ C1] __kasan_kmalloc+0x98/0xb0 [ 355.517226][ C1] ? fuse_direct_io+0x23c6/0x2ce0 [ 355.522249][ C1] __kmalloc_noprof+0x1f9/0x400 [ 355.527104][ C1] fuse_direct_io+0x23c6/0x2ce0 [ 355.531959][ C1] ? __pfx_fuse_direct_io+0x10/0x10 [ 355.537150][ C1] ? __raw_spin_lock_init+0x45/0x100 [ 355.542430][ C1] fuse_direct_IO+0x97e/0x13a0 [ 355.547201][ C1] ? __pfx_fuse_direct_IO+0x10/0x10 [ 355.552399][ C1] ? generic_write_checks+0x160/0x1c0 [ 355.557767][ C1] ? __lock_acquire+0x1346/0x1fd0 [ 355.562813][ C1] generic_file_direct_write+0x130/0x350 [ 355.568465][ C1] fuse_file_write_iter+0xb7c/0xf60 [ 355.573667][ C1] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 355.579381][ C1] ? aio_write+0x504/0x7d0 [ 355.583794][ C1] ? __pfx_lock_release+0x10/0x10 [ 355.588854][ C1] ? rcu_read_lock_any_held+0xb7/0x160 [ 355.594350][ C1] ? rw_verify_area+0x1d2/0x6b0 [ 355.599304][ C1] aio_write+0x570/0x7d0 [ 355.603563][ C1] ? __pfx_aio_write+0x10/0x10 [ 355.608325][ C1] ? __might_fault+0xaa/0x120 [ 355.613032][ C1] ? __pfx_lock_release+0x10/0x10 [ 355.618053][ C1] ? __fget_files+0x3f6/0x470 [ 355.622732][ C1] ? __might_fault+0xaa/0x120 [ 355.627403][ C1] io_submit_one+0x8a7/0x18b0 [ 355.632172][ C1] ? __pfx_io_submit_one+0x10/0x10 [ 355.637277][ C1] ? __might_fault+0xaa/0x120 [ 355.641960][ C1] ? __pfx_lock_release+0x10/0x10 [ 355.646980][ C1] ? lookup_ioctx+0x94/0x6a0 [ 355.651739][ C1] ? __might_fault+0xaa/0x120 [ 355.656420][ C1] ? __might_fault+0xc6/0x120 [ 355.661114][ C1] __se_sys_io_submit+0x179/0x2f0 [ 355.666131][ C1] ? __pfx___se_sys_io_submit+0x10/0x10 [ 355.671668][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 355.677642][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 355.684049][ C1] ? do_syscall_64+0x100/0x230 [ 355.688803][ C1] ? do_syscall_64+0xb6/0x230 [ 355.693469][ C1] do_syscall_64+0xf3/0x230 [ 355.697960][ C1] ? clear_bhb_loop+0x35/0x90 [ 355.702624][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.708619][ C1] RIP: 0033:0x7f2c8b375bd9 [ 355.713023][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.732725][ C1] RSP: 002b:00007f2c8c1e4048 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 355.741142][ C1] RAX: ffffffffffffffda RBX: 00007f2c8b503f60 RCX: 00007f2c8b375bd9 [ 355.749283][ C1] RDX: 0000000020000780 RSI: 0000000000000002 RDI: 00007f2c8c19a000 [ 355.757351][ C1] RBP: 00007f2c8b3e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 355.765324][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 355.773301][ C1] R13: 000000000000000b R14: 00007f2c8b503f60 R15: 00007ffc69955c48 [ 355.781273][ C1] [ 355.881907][ T9180] netlink: 36 bytes leftover after parsing attributes in process `syz.2.977'. [ 355.923257][ T5082] Bluetooth: hci2: unexpected event for opcode 0x000e [ 355.925126][ T9184] netlink: 12 bytes leftover after parsing attributes in process `syz.4.975'.