last executing test programs: 3m44.675849505s ago: executing program 4 (id=950): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0xa5e, 0x2d6301) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x0, 0x1}) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) syz_extract_tcp_res(0x0, 0x10000, 0x9) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000200)={'tunl0\x00', &(0x7f0000000240)={'gretap0\x00', 0x0, 0x8000, 0x0, 0xef85, 0x3, {{0x10, 0x4, 0x1, 0x2, 0x40, 0x68, 0x0, 0x4, 0x2f, 0x0, @multicast2, @remote, {[@timestamp={0x44, 0x1c, 0xe8, 0x0, 0x3, [0x9, 0xf, 0x8, 0x10, 0x5, 0x0]}, @end, @generic={0x18e, 0xd, "df05cd0cd2e8a427adcd4a"}]}}}}}) syz_open_dev$dri(&(0x7f0000000100), 0xe43, 0x90000) r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x7) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000000c0)=0xf9) 3m44.030547062s ago: executing program 4 (id=953): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r5, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x437, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, 0x54583}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x1}, @IFLA_IPTUN_LINK={0x8, 0x1, r6}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @empty, @dev={0xac, 0x14, 0x14, 0x27}}}}], 0x20}}], 0x1, 0x80) setsockopt$packet_tx_ring(r2, 0x107, 0x5, 0x0, 0x0) r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) socket$inet_sctp(0x2, 0x4, 0x84) ptrace$poke(0x420e, r7, 0x0, 0xfffffffffffffffe) mmap(&(0x7f0000001000/0x3000)=nil, 0x30000, 0x0, 0x11, r2, 0x0) fsopen(&(0x7f0000000300)='tracefs\x00', 0x0) r8 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r8, 0x0, 0x4000891) shutdown(r8, 0x1) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, 0x0, 0x0) mremap(&(0x7f000000e000/0x7000)=nil, 0x7000, 0x1000, 0x3, &(0x7f0000007000/0x1000)=nil) r9 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TCFLSH(r9, 0x40045436, 0x3) pread64(r1, &(0x7f0000002240)=""/237, 0xed, 0x4eb) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000002c0)=0x1, 0x4) r10 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r10, &(0x7f0000001700)=[{{&(0x7f0000000280)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000400)="1b86", 0x2}], 0x1}}, {{&(0x7f0000000740)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000001540)}}], 0x2, 0x48000) r11 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r11, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, &(0x7f0000000000)=0x8) 3m43.264510284s ago: executing program 4 (id=955): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) r3 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000b80)={0x44, &(0x7f0000000900)={0x40, 0x9, 0x1, "f6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_ep_write(r3, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000") read$char_usb(r4, 0x0, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x42, 0x58) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', r5, &(0x7f00000004c0)='./file0\x00', 0x2) r6 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r6, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) renameat2(r6, &(0x7f0000000340)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2) unlink(&(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00') syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) r7 = socket$inet(0x2, 0x3, 0x8) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000d40)=@raw={'raw\x00', 0x8, 0x3, 0x2c8, 0x0, 0xe138, 0x198, 0x0, 0x198, 0x230, 0x358, 0x358, 0x230, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'nicvf0\x00', 'veth0_to_bond\x00'}, 0x0, 0x158, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0005000000000000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c429955608b9952bed40ce4a8c1df6cdbdb7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a0002000000000000000000000000000000080049", 0x3}}, @inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x5, 0x1, 0x9, 0xf, 'pptp\x00', {0xe}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328) prlimit64(0x0, 0x7, &(0x7f00000001c0)={0x81f6, 0x3}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3m39.812357848s ago: executing program 4 (id=968): write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="7f454c4600040000ff7f00000000000003003e00ecfffbff940200000000000040000000002c8f38000100000002"], 0x78) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='syscall\x00') recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000040)=@x86={0xff, 0xe, 0x7, 0x0, 0x9, 0x3, 0x7f, 0x9, 0x62, 0x81, 0x7, 0xc, 0x0, 0x3ff, 0x7, 0x7, 0x2, 0xcd, 0x1, '\x00', 0xe, 0x84}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f000001dc00)=""/102392, 0x18ff8) syz_open_procfs(0x0, 0x0) creat(&(0x7f0000000240)='./file0\x00', 0xe0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000000)=[0x1000006], 0x0, 0x0, 0x1}}, 0x40) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) write$tcp_mem(0xffffffffffffffff, 0x0, 0x0) shmctl$SHM_LOCK(0x0, 0xb) ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000380)={0x48, 0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000540), 0x4}) 3m39.144180073s ago: executing program 4 (id=972): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00') 3m38.275950804s ago: executing program 4 (id=977): ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) (async) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket(0x2a, 0x2, 0x0) (async) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=@newtfilter={0xa4, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x74, 0x2, [@TCA_FLOWER_ACT={0x70, 0x3, [@m_connmark={0x6c, 0x1, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x8, 0x7, 0xfc, 0x3}, 0xb}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8001, 0x80000001, 0x8, 0xf7a, 0x2a7}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0xa4}}, 0x24000000) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=@newtfilter={0xa4, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x74, 0x2, [@TCA_FLOWER_ACT={0x70, 0x3, [@m_connmark={0x6c, 0x1, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x8, 0x7, 0xfc, 0x3}, 0xb}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8001, 0x80000001, 0x8, 0xf7a, 0x2a7}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0xa4}}, 0x24000000) r3 = accept4$netrom(r1, &(0x7f0000000040)={{0x3, @null}, [@null, @bcast, @null, @bcast, @rose, @default, @remote, @rose]}, &(0x7f00000000c0)=0x48, 0x1800) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000100)='bridge_slave_0\x00', 0x10) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) getpid() (async) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) (async) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x103a02, 0x0) (async) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x103a02, 0x0) ioctl$RTC_SET_TIME(r7, 0x4024700a, &(0x7f0000000200)={0x17, 0x20, 0x12, 0x1b, 0xb, 0x63, 0x4, 0xf5, 0x1}) 3m23.0851636s ago: executing program 32 (id=977): ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) (async) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket(0x2a, 0x2, 0x0) (async) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=@newtfilter={0xa4, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x74, 0x2, [@TCA_FLOWER_ACT={0x70, 0x3, [@m_connmark={0x6c, 0x1, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x8, 0x7, 0xfc, 0x3}, 0xb}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8001, 0x80000001, 0x8, 0xf7a, 0x2a7}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0xa4}}, 0x24000000) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=@newtfilter={0xa4, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x74, 0x2, [@TCA_FLOWER_ACT={0x70, 0x3, [@m_connmark={0x6c, 0x1, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x8, 0x7, 0xfc, 0x3}, 0xb}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8001, 0x80000001, 0x8, 0xf7a, 0x2a7}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0xa4}}, 0x24000000) r3 = accept4$netrom(r1, &(0x7f0000000040)={{0x3, @null}, [@null, @bcast, @null, @bcast, @rose, @default, @remote, @rose]}, &(0x7f00000000c0)=0x48, 0x1800) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000100)='bridge_slave_0\x00', 0x10) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) getpid() (async) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) (async) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x103a02, 0x0) (async) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x103a02, 0x0) ioctl$RTC_SET_TIME(r7, 0x4024700a, &(0x7f0000000200)={0x17, 0x20, 0x12, 0x1b, 0xb, 0x63, 0x4, 0xf5, 0x1}) 2m42.275768813s ago: executing program 0 (id=1193): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000180)={'wpan0\x00', 0x0}) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@delchain={0x24, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000480)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000ffdbdf251e00000008000300", @ANYRES32=r2, @ANYBLOB="3c002f800c0002000200aaaaaaaaaaaa2c00038008000100000000002000038006000100ffff0000080002"], 0x58}, 0x1, 0x0, 0x0, 0x40040}, 0x0) 2m42.040244937s ago: executing program 0 (id=1196): fcntl$notify(0xffffffffffffffff, 0x402, 0x91ea6c1af182532) r0 = openat(0xffffffffffffff9c, 0x0, 0x1214c2, 0x26) (async) io_submit(0x0, 0x0, 0x0) (async) pipe(0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @sack_perm, @sack_perm, @sack_perm, @sack_perm, @sack_perm], 0x6) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000d00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fffffff}, 0x94) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64=r1, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008001500b7040000000000008500000058"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10) sigaltstack(0x0, 0x0) (async) syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) (async) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000002740)=ANY=[@ANYBLOB="140000001300015b993dde440113e90006"], 0x14}], 0x1}, 0x0) 2m40.013274504s ago: executing program 0 (id=1201): r0 = syz_usb_connect$hid(0x0, 0x6c, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040b827ed0100000000000109022400010000000009040000010300000009210000200122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "9c21ae2a"}]}}, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x6, 0x9}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000000800000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xd, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5b", 0x0, 0x4002000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socket(0x10, 0x803, 0x0) socket$inet6(0xa, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) set_mempolicy(0x2, &(0x7f0000000080)=0x4716, 0x3) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1c9b41, 0x8) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000300)={'dvmrp1\x00', &(0x7f0000000400)=@ethtool_rxnfc={0x32, 0xd, 0x2002, {0x0, @hdata="c3b467aca79221c2e4d626bfd283e0a10e23d2fa504990e9ce34004c56937b82a7c45294652cad4e6b3175264e735c411738e756", {0x0, @remote, 0x7f, 0xb6, [0x8, 0x7]}, @esp_ip6_spec={@private0={0xfc, 0x0, '\x00', 0x4}, @remote, 0x9, 0x43}, {0x0, @link_local, 0x5, 0xd7, [0x1ff, 0xa]}, 0x4000000000000ad, 0xf1}, 0x8, [0x3ff, 0x5, 0x8f2, 0x7, 0x1, 0x8001, 0x81, 0x80000001]}}) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4000, 0x0, @mcast2, 0x5}, {0xa, 0x3, 0x20000207, @private2={0xfc, 0x2, '\x00', 0x1}, 0x800086}, r5}}, 0x48) add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, &(0x7f0000000000)="100c0681fc717e27cb0ad775b301", 0xe, 0xfffffffffffffffc) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_GET_MSRS_sys(r6, 0xc008ae88, &(0x7f0000000200)={0x1, 0x0, [{0x482, 0x0, 0x3}]}) 2m35.429225757s ago: executing program 0 (id=1214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) futex(0x0, 0x10b, 0x2, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180), 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x2012, r3, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) 2m34.044167448s ago: executing program 0 (id=1216): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="f000000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="0008000000020000bc0012800c0001006d6163766c616e00ac000280080006000100000008000100100000000a0004000180c200000300000a00040000000000030000000800070005000000080007000a0000004c0005800a"], 0xf0}, 0x1, 0x0, 0x0, 0x4}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r4, 0x1, 0x28, &(0x7f0000000000)=0x5, 0x4) bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) msgsnd(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0600000000000000"], 0x0, 0x0) msgctl$IPC_RMID(0x0, 0x0) r5 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) bind$can_raw(r5, &(0x7f0000000000)={0x1d, r6}, 0x10) setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, &(0x7f00000000c0), 0xf00) bind$can_raw(r5, &(0x7f0000000080), 0x10) 2m32.94711185s ago: executing program 0 (id=1219): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r0, 0x0, 0x8000) socketpair$unix(0x1, 0x5, 0x0, 0x0) socket$inet6(0xa, 0x80003, 0xff) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) getgroups(0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x5, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x2) ioctl$NBD_SET_SOCK(r3, 0xab00, 0xffffffffffffffff) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) ppoll(&(0x7f00000000c0)=[{r4, 0x18}], 0x1, 0x0, 0x0, 0x0) write$vga_arbiter(r4, &(0x7f0000000040)=@other={'lock', ' ', 'io+mem'}, 0xc) write$vga_arbiter(r4, &(0x7f0000000080)=@unlock_all, 0xb) ioctl$NBD_DO_IT(r3, 0xab03) setpriority(0x2, 0x0, 0x4) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)=@tipc=@id={0x1e, 0x3, 0x0, {0xfffffffe}}, 0x80, 0xffffffffffffffff}, 0x4c010) 2m17.909020721s ago: executing program 33 (id=1219): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r0, 0x0, 0x8000) socketpair$unix(0x1, 0x5, 0x0, 0x0) socket$inet6(0xa, 0x80003, 0xff) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) getgroups(0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x5, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x2) ioctl$NBD_SET_SOCK(r3, 0xab00, 0xffffffffffffffff) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) ppoll(&(0x7f00000000c0)=[{r4, 0x18}], 0x1, 0x0, 0x0, 0x0) write$vga_arbiter(r4, &(0x7f0000000040)=@other={'lock', ' ', 'io+mem'}, 0xc) write$vga_arbiter(r4, &(0x7f0000000080)=@unlock_all, 0xb) ioctl$NBD_DO_IT(r3, 0xab03) setpriority(0x2, 0x0, 0x4) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)=@tipc=@id={0x1e, 0x3, 0x0, {0xfffffffe}}, 0x80, 0xffffffffffffffff}, 0x4c010) 1m6.047481494s ago: executing program 6 (id=1257): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000580)={0x2, 0x6, 0x8005, 0x475, 0xfffffffffffffffe, 0xfffffffffffffff8, 0x23, 0x101f00, 0xfeff}) 59.454123476s ago: executing program 5 (id=1043): syz_usb_connect(0x0, 0x1a2, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b6a57e4086805b0bc5e10102030109029001020000000009040000020e0100000a2401002200020102092100000001220000090500000000000000a7008d566539461c701919d99a91c3af134dfaf61ea66b8f08810855d90c55c91f11c4a6d847caf7b449c6c760e60f6b890d99ed23074bf2538ca7bba727dfe7c00b90d0bc7f2da56768ed5ce8db38c07183564831596fd52da49a92adafa6277df5a120c898fc51ca04089f110dfbe1b258e9b9a83bf95fb0a4a24ca6acae78e1c291f671fcdca77c7128d319f7a4b51bbc2ed4bab8aac95498fb6033f760602c1a8b1eac2150072501000000000905000000000000000725010000000007250100000000090400000eb03748000a240100"], 0x0) 55.623573336s ago: executing program 6 (id=1257): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000580)={0x2, 0x6, 0x8005, 0x475, 0xfffffffffffffffe, 0xfffffffffffffff8, 0x23, 0x101f00, 0xfeff}) 48.832139104s ago: executing program 5 (id=1043): syz_usb_connect(0x0, 0x1a2, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b6a57e4086805b0bc5e10102030109029001020000000009040000020e0100000a2401002200020102092100000001220000090500000000000000a7008d566539461c701919d99a91c3af134dfaf61ea66b8f08810855d90c55c91f11c4a6d847caf7b449c6c760e60f6b890d99ed23074bf2538ca7bba727dfe7c00b90d0bc7f2da56768ed5ce8db38c07183564831596fd52da49a92adafa6277df5a120c898fc51ca04089f110dfbe1b258e9b9a83bf95fb0a4a24ca6acae78e1c291f671fcdca77c7128d319f7a4b51bbc2ed4bab8aac95498fb6033f760602c1a8b1eac2150072501000000000905000000000000000725010000000007250100000000090400000eb03748000a240100"], 0x0) 45.040149056s ago: executing program 6 (id=1257): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000580)={0x2, 0x6, 0x8005, 0x475, 0xfffffffffffffffe, 0xfffffffffffffff8, 0x23, 0x101f00, 0xfeff}) 36.459293518s ago: executing program 5 (id=1043): syz_usb_connect(0x0, 0x1a2, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b6a57e4086805b0bc5e10102030109029001020000000009040000020e0100000a2401002200020102092100000001220000090500000000000000a7008d566539461c701919d99a91c3af134dfaf61ea66b8f08810855d90c55c91f11c4a6d847caf7b449c6c760e60f6b890d99ed23074bf2538ca7bba727dfe7c00b90d0bc7f2da56768ed5ce8db38c07183564831596fd52da49a92adafa6277df5a120c898fc51ca04089f110dfbe1b258e9b9a83bf95fb0a4a24ca6acae78e1c291f671fcdca77c7128d319f7a4b51bbc2ed4bab8aac95498fb6033f760602c1a8b1eac2150072501000000000905000000000000000725010000000007250100000000090400000eb03748000a240100"], 0x0) 34.397740437s ago: executing program 6 (id=1257): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000580)={0x2, 0x6, 0x8005, 0x475, 0xfffffffffffffffe, 0xfffffffffffffff8, 0x23, 0x101f00, 0xfeff}) 25.654351144s ago: executing program 5 (id=1043): syz_usb_connect(0x0, 0x1a2, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b6a57e4086805b0bc5e10102030109029001020000000009040000020e0100000a2401002200020102092100000001220000090500000000000000a7008d566539461c701919d99a91c3af134dfaf61ea66b8f08810855d90c55c91f11c4a6d847caf7b449c6c760e60f6b890d99ed23074bf2538ca7bba727dfe7c00b90d0bc7f2da56768ed5ce8db38c07183564831596fd52da49a92adafa6277df5a120c898fc51ca04089f110dfbe1b258e9b9a83bf95fb0a4a24ca6acae78e1c291f671fcdca77c7128d319f7a4b51bbc2ed4bab8aac95498fb6033f760602c1a8b1eac2150072501000000000905000000000000000725010000000007250100000000090400000eb03748000a240100"], 0x0) 23.921614121s ago: executing program 6 (id=1257): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000580)={0x2, 0x6, 0x8005, 0x475, 0xfffffffffffffffe, 0xfffffffffffffff8, 0x23, 0x101f00, 0xfeff}) 15.399072019s ago: executing program 5 (id=1043): syz_usb_connect(0x0, 0x1a2, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b6a57e4086805b0bc5e10102030109029001020000000009040000020e0100000a2401002200020102092100000001220000090500000000000000a7008d566539461c701919d99a91c3af134dfaf61ea66b8f08810855d90c55c91f11c4a6d847caf7b449c6c760e60f6b890d99ed23074bf2538ca7bba727dfe7c00b90d0bc7f2da56768ed5ce8db38c07183564831596fd52da49a92adafa6277df5a120c898fc51ca04089f110dfbe1b258e9b9a83bf95fb0a4a24ca6acae78e1c291f671fcdca77c7128d319f7a4b51bbc2ed4bab8aac95498fb6033f760602c1a8b1eac2150072501000000000905000000000000000725010000000007250100000000090400000eb03748000a240100"], 0x0) 13.020536056s ago: executing program 6 (id=1257): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000580)={0x2, 0x6, 0x8005, 0x475, 0xfffffffffffffffe, 0xfffffffffffffff8, 0x23, 0x101f00, 0xfeff}) 10.311209432s ago: executing program 2 (id=1586): r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x12) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect(0x6, 0x7a, 0x0, 0x0) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_wait(r1, &(0x7f0000000140)=[{}], 0x1, 0x410) fsmount(0xffffffffffffffff, 0x0, 0xa) r4 = creat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f00000000c0)=0x40000000) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r9 = socket(0x10, 0x803, 0x0) r10 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {}, {0x1}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x3, 0x8, 0x2}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x48c0}, 0x20001880) inotify_init1(0x0) listen(r0, 0x786) socket$nl_sock_diag(0x10, 0x3, 0x4) r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r12}, 0x10) 8.360259014s ago: executing program 3 (id=1589): r0 = syz_open_dev$dri(&(0x7f0000000080), 0xfffffffffffffbff, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000340)={0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000280), 0x2, r4}) ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[r4], &(0x7f0000000540)=[0x10000, 0x6], &(0x7f0000000600)=[r5], &(0x7f0000000280)=[0x8, 0x4], 0x0, 0x100}) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r6, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r6, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r7, 0x0, 0x10000, 0x0, 0x200000, 0x2857d1, 0x2e725e}) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r8, 0xc1105518, &(0x7f0000000300)={{0x9, 0x4, 0x80, 0x7, 'syz1\x00', 0xfff}, 0x2, 0x20000000, 0x0, 0x0, 0x0, 0xc2d0, 'syz0\x00', 0x0}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r8, 0x3ba0, &(0x7f0000000580)={0x48, 0x7, r7, 0x0, 0x10000, 0x0, 0x2003, 0x37302b, 0xf9b2f, 0x200000000000}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x2, 0x2}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) sigaltstack(0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) r9 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x101000) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r9, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[0x0, 0x0], &(0x7f0000000540), 0x0, 0x2, 0x0, 0x0, r10}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r9, 0xc01064ab, &(0x7f0000000e00)={0x1, r11, r10}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r9, 0xc05064a7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000000280), 0x1c, 0x5, 0x0, 0x0, r10}) r12 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000c40), 0x8000, 0x0) pread64(r12, &(0x7f0000000f40)=""/58, 0x3a, 0x3) r13 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r12) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r12, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r13, @ANYBLOB="0004abbd7000fbdbdf250b0000000500330000000000822900bbe41eb02afb3589955fb3a17083540897a2a44e4e63f2491bcd92a356133e21aa3aa3557b"], 0x1c}, 0x1, 0x0, 0x0, 0x34004084}, 0x20000010) 8.150622299s ago: executing program 3 (id=1590): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = getpid() ptrace$ARCH_SET_CPUID(0x1e, r2, 0x0, 0x1012) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x8100, 0x0) preadv2(r5, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0) 7.180288091s ago: executing program 3 (id=1591): r0 = syz_usb_connect$hid(0x0, 0x6c, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040b827ed0100000000000109022400010000000009040000010300000009210000200122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "9c21ae2a"}]}}, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x6, 0x9}, 0x50) 7.046966502s ago: executing program 2 (id=1592): socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = openat$ocfs2_control(0xffffffffffffff9c, 0x0, 0x101800, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f0000000640)=0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/fib_trie\x00') read$FUSE(r4, &(0x7f0000006180)={0x2020}, 0x2020) 6.119188178s ago: executing program 2 (id=1596): socket$inet(0x2, 0x2, 0x1) ioctl$DRM_IOCTL_DROP_MASTER(0xffffffffffffffff, 0x641f) syz_open_procfs(0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)) r1 = socket$packet(0x11, 0x3, 0x300) r2 = dup(r1) r3 = fcntl$dupfd(r0, 0x406, r1) socket$netlink(0x10, 0x3, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000001a40)=""/102392, 0x18ff8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000800)=""/251, 0x0, 0x1000}) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000080)={0x0, r2}) ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0) 5.689923845s ago: executing program 2 (id=1597): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e22}, 0x6d) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 5.262480683s ago: executing program 3 (id=1598): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$alg(0x26, 0x5, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000000c0)=@abs, 0xc1) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x1e, 0x4, 0x0) socket(0x1e, 0x4, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) socket(0x2, 0x80805, 0x0) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x4}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r4, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x46, 0x0, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 5.140275002s ago: executing program 1 (id=1599): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x8100, 0x0) preadv2(r5, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0) 4.387557399s ago: executing program 2 (id=1600): syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) r1 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) ftruncate(r1, 0x2007fff) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x8000) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000880)={0x14, 0x3a, 0x229, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) 4.224307086s ago: executing program 3 (id=1601): r0 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000600)={0x34, &(0x7f0000000040)={0x20, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001540)={0x34, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) r1 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r1, 0x13) tkill(r1, 0x12) waitid(0x0, r1, 0x0, 0x8, &(0x7f0000000880)) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000002c0)={0x20, 0x18}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000180)={0x40, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)={0x40, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000b40)={0x34, &(0x7f0000000980)={0x0, 0x11}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000004300)={0x34, &(0x7f00000040c0)={0x40, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f00000010c0)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_usb_connect(0x5, 0x207, &(0x7f0000009a00)=ANY=[@ANYBLOB="12011003a9372540f30c1010db26010203010902f50101030250070904"], &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0}) syz_usb_disconnect(r2) syz_usb_control_io$printer(r2, &(0x7f0000000300)={0x14, &(0x7f0000000080)={0x20, 0x1, 0xca, {0xca, 0x9, "4a110b4f9ab2edec153f87cdf7fb14a5db390e88b56cf4b13556b21e3811aa8a607b445a3afe1f3f4b38b1dab4d23ff9e99f93d7b84c1db16c583f148413f63b04f7f30a766ab424adfe2aa71871d348bbc0256d7aa4f188d1d876a79baa88a4dd68a507c389e1059672996c872b2d2b8858082390db0ff3dff0710675fdf27bc5afbf9da88181445915223360dd7d49b6a1a4cdb7a1764f6361cd7568ffef3fdc6a2e5b20ae4ca481917e791beb17502e78cc2ed100a34394ddb8c80d1131bd786f24826be118b3"}}, &(0x7f00000001c0)={0x0, 0x3, 0xe6, @string={0xe6, 0x3, "b80b6598e01cdce359d276d73a2c1656bbd834af3dcfc72d9c14c3e21f309dd26771369f8151815d4d293fb646e7b997c41d79b8af97d2fee414b136f668a337ad4b7169e3a7e6fe26b94cf53cda98c52f5a005d66ecc11305b8351ed9a178ed009f631ab0d3d60b1513a2f26aa9c7639373e5eb9a3180e8c74090538c71972cdda56361c73a821f73beadb85355a699d63594fe53934180460e7f0b18626176b72219ea80f4075c98212a406f29e5015f0ab3a63558f08caadd3335b16dfec1d71a2e196560e318e0afd9041a699378b0f0b77e7c9cc4f1f88193923ca039c08adbbd85"}}}, &(0x7f00000005c0)={0x34, &(0x7f0000000340)={0x0, 0x8, 0xd7, "1c739bd0184e80197829f3b365ad39a38172f2b1cd3087101b36f5192fc5efeb4a41911eb1135d448a7218f7d289e46be2a55c59705d7a520ddbe5650a7009b1d382e685f0cb1edbd3d6168724e8c3c5d540ecdf396e71c56fd0741835ad4a3df8bb51d14e6be244ff4d7a0ee5ce4724cf7d04bd6f2ca08931a77345155685ad1fc4b4712272d2851e5e9aff6fb81696c0fd76ceb9edb3edef756d16d4350c5fd4ed40204da1ad7b11ce0cdb48ae74f744d5bd379a72214282952fdb2e067bd86c63f24adeb84059f452390d103daa5c4a8b75c5f212b7"}, &(0x7f0000000440)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x4e}, &(0x7f00000004c0)={0x20, 0x0, 0x5c, {0x5a, "78a4e91769e380536c08e33ce3482eb9262a131aacf8418ce65c8631b9df0516d9ed0921e46f84b60de4a2451640fcdf28e8905ce62f7dfd96942512aaaed0c6bddbc3d0d03b3e4fac0f0687b1029c20f5a0741781d589ed7323"}}, &(0x7f0000000540)={0x20, 0x1, 0x1, 0x6}, &(0x7f0000000580)={0x20, 0x0, 0x1, 0xf0}}) 4.222658432s ago: executing program 1 (id=1602): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = getpid() ptrace$ARCH_SET_CPUID(0x1e, r2, 0x0, 0x1012) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x8100, 0x0) preadv2(r5, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0) 3.237337714s ago: executing program 1 (id=1603): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x141141, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x2e, 0x8, 0x3}]}) open_tree(0xffffffffffffff9c, 0x0, 0x89901) bpf$MAP_CREATE(0x0, 0x0, 0x48) mmap$xdp(&(0x7f0000016000/0x4000)=nil, 0x4000, 0x700000d, 0x811, 0xffffffffffffffff, 0x180000000) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknod(&(0x7f0000000080)='./bus\x00', 0x8000, 0x7) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'syzkaller0\x00', 0x6132}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1200000001000000080000000200000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000820b522d9cc01201a537691daa2e023852582476c93ab0e0d8a62620c3e4bbef18508bbc21957e5bfb87885cfe9c447c68ae33a74101845ca1f1348d4ff8119884f45772ebfee1aa668dbb7736a4ce1752b2c725ce035718172ae785069ac0b3f3afdf1d6dc753bc9525be2236a22aab7fcfb4df8236cc3a2f709727fe4803faf1d947c3d953c7287f37d7efbdd3d2e5ded246b6cb208ee92238cb959cfab361be52606117aa3b415bc1def94f27fa1a8cdb8d34b7e51ac19970f71a0a1c8b04235e1aa94537c51add", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) socket$inet_udp(0x2, 0x2, 0x0) 2.250574566s ago: executing program 1 (id=1604): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) syz_clone3(&(0x7f0000000300)={0x22800000, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, 0x0}, 0x3f) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb8a0a63cdec5908060001080006190001aaaaaaaaaa0aac1414bbaaaaaaaaaaff7f000001"], 0x0) r2 = syz_open_dev$mouse(&(0x7f0000000140), 0x6, 0x40040) connect$tipc(r2, &(0x7f0000000240)=@id={0x1e, 0x3, 0x0, {0x4e23, 0x3}}, 0x10) r3 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) 2.151863865s ago: executing program 1 (id=1605): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000a00)=@nat={'nat\x00', 0x1b, 0x5, 0x360, 0x318, 0xf0, 0xffffffff, 0x0, 0x318, 0x538, 0x520, 0xffffffff, 0x538, 0x538, 0x5, 0x0, {[{{@ip={@local, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffffff, 0xffffffff, 'geneve1\x00', 'gretap0\x00', {}, {0xff}, 0x32, 0x1}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x4, @local, @multicast2, @icmp_id=0x66, @icmp_id=0x200}}}}, {{@ip={@private=0xa010100, @multicast1, 0xff000000, 0xffffffff, 'wg0\x00', 'bridge0\x00', {0xff}, {0xff}, 0x32, 0x2}, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x8, @broadcast, @rand_addr=0x64010100, @gre_key=0x9, @icmp_id=0x65}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x8, @multicast1, @private=0xa010101, @port=0x4e24, @icmp_id=0x68}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x4, [0x1, 0x2, 0x0, 0x0, 0x6, 0x1], 0x2, 0x3}, {0x4, [0x6, 0x6, 0x0, 0x1, 0x0, 0x1], 0x2, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x0, 0xfffffffd}}}}, 0x3c0) statx(r0, 0x0, 0x1000, 0xd297a502c7a56ca3, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x106, 0x4}}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x101, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001680)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0x0, 0x0, {0xa, 0x80}, [@RTA_IIF={0x8, 0x1b}, @RTA_DPORT={0x6, 0x1d, 0x4e24}]}, 0x2c}}, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r4, r5, 0x26, 0x0, @void}, 0x10) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000440)={r4, r5, 0x26, 0x0, @val=@kprobe_multi=@addrs={0x1, 0x0, 0x0, 0x0}}, 0x30) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r2, &(0x7f0000000580)={0xb, 0x10, 0xfa00, {0x0, r3, 0x2}}, 0x18) 2.113765171s ago: executing program 5 (id=1043): syz_usb_connect(0x0, 0x1a2, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b6a57e4086805b0bc5e10102030109029001020000000009040000020e0100000a2401002200020102092100000001220000090500000000000000a7008d566539461c701919d99a91c3af134dfaf61ea66b8f08810855d90c55c91f11c4a6d847caf7b449c6c760e60f6b890d99ed23074bf2538ca7bba727dfe7c00b90d0bc7f2da56768ed5ce8db38c07183564831596fd52da49a92adafa6277df5a120c898fc51ca04089f110dfbe1b258e9b9a83bf95fb0a4a24ca6acae78e1c291f671fcdca77c7128d319f7a4b51bbc2ed4bab8aac95498fb6033f760602c1a8b1eac2150072501000000000905000000000000000725010000000007250100000000090400000eb03748000a240100"], 0x0) 258.833053ms ago: executing program 1 (id=1606): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000044e22008d31324320dcb010c03010902120001040020000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000080)={0x14, &(0x7f0000000000)={0x40, 0xe, 0x45, {0x45, 0xd, "25e953defcd29c37233ccaf9040eed3ad0c9ad37285e05464a42be0466a8ca846794c2d2eb9e9a3128b3bf5447f3111f249ec88c8577f6c640b0a98f3c209a27ce1b2d"}}, &(0x7f0000000140)={0x0, 0x3, 0x8a, @string={0x8a, 0x3, "d80275f4258ddf1cab41133fc1fa1ea2dad7bccb23e57c6d5efec79f29cbbbf0ec19a912fda1cada9c9a28d1e8c2a7d1d5cacf5bb211d685b42941c840fab503480766c7674c5581172ce478a3c8c530b54c254118daab19b4837cc2ea2c8002d6dd6697b66aa78a097d3e837498b60b21c01f9e63f4f062790e5069b9f055bd1631b95fc29feeec"}}}, &(0x7f0000000500)={0x44, &(0x7f0000000280)={0x20, 0x14, 0xf7, "cdf39efc96acf54f257be8d0acbd6f0ec2ebcf6ccd3be8a15155c7c86ef06a951bd69d00c6453749ed58954bcf65eba7ac738bcdf7b77e41e9d977291bb5c52c3973be5b40b9dc70a48a7dc0ef682680fedbef26fe2562779939c2b2a1bf6baef3ce44bf994e13b3864037259f192163958c96673aed9dbc526589a15fdcd198aa01c3381898c60e550d4277d5f6764527789acf1b43347d1c893b89ec0fcf18f88566df4cab41bc5c32012cc5d37865c7c9a37c2534837557f0408e8c3ac3d23c9e734e62661adb66b3b249e80a350dad9f82c8f7d6a8992827fdbbbfa2371e8e4c0028113b400eb10e1570ecb5cef3f95ab809975250"}, &(0x7f0000000200)={0x0, 0xa, 0x1, 0xaa}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0xf2}, &(0x7f00000003c0)={0x20, 0x81, 0x3, "e278c2"}, &(0x7f0000000400)={0x20, 0x82, 0x1, '`'}, &(0x7f0000000440)={0x20, 0x83, 0x1, '@'}, &(0x7f0000000480)={0x20, 0x84, 0x3, "36e094"}, &(0x7f00000004c0)={0x20, 0x85, 0x3, 'R$\\'}}) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0900000004000000dd0000000a"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000008000000040000000600000001"], 0x50) 255.135594ms ago: executing program 2 (id=1607): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000810}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r2, 0x800448d7, &(0x7f0000000400)) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000080)={{0x1, 0x1, 0x18, r5, {r0}}, './file0\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, 0x24}, 0x94) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8) bind$inet6(r6, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000000200)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)="a3", 0x1}], 0x1}}], 0x1, 0x4000001) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x3f}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x31}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r6, 0x84, 0x79, &(0x7f0000000180)=ANY=[], 0x8) 0s ago: executing program 3 (id=1608): r0 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0200001a00010000000000000000001c141000fe00000a000000001e0b699cf5c0a56c67308eded388a7247829a17c91e4803aecc27433072ac5562187ed4c72372119470e58a25d91"], 0x1c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'dummy0\x00', 0x0}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r4, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newtclass={0xb0, 0x28, 0x400, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x3, 0x4}, {0x10, 0xfff3}, {0xd}}, [@tclass_kind_options=@c_skbprio={0xc}, @TCA_RATE={0x6, 0x5, {0x8, 0xc}}, @tclass_kind_options=@c_mqprio={0xb}, @tclass_kind_options=@c_tbf={0x8}, @tclass_kind_options=@c_multiq={0xb}, @tclass_kind_options=@c_hfsc={{0x9}, {0x24, 0x2, [@TCA_HFSC_RSC={0x10, 0x1, {0x10, 0x4, 0xe73}}, @TCA_HFSC_RSC={0x10, 0x1, {0xffffffff, 0x7, 0xfff}}]}}, @tclass_kind_options=@c_qfq={{0x8}, {0xc, 0x2, [@TCA_QFQ_WEIGHT={0x8}]}}, @tclass_kind_options=@c_skbprio={0xc}, @TCA_RATE={0x6, 0x5, {0xfb, 0x8a}}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4000000}, 0x3004408c) socket$key(0xf, 0x3, 0x2) r5 = socket$inet6(0xa, 0x2, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r6, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="640000001000370429bd7000fcdbdf2500000000", @ANYRES32=r7, @ANYBLOB="890c040000000000440012800b000100697036746e6c000034000280080008003200000014000200fc01000006000f0001000000040013000800140034c30000000000000000000000000000ca78"], 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmmsg$inet(r5, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @empty, @rand_addr=0x3}}}], 0x20}}], 0x1, 0x4040880) syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r8, &(0x7f0000000600)=""/190, 0xbe) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040090}, 0x40000) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r10) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x1c, r11, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r12}]}, 0x1c}}, 0x0) kernel console output (not intermixed with test programs): s+0x20e/0x3c0 [ 313.115703][ T9642] security_file_ioctl+0x9b/0x240 [ 313.115723][ T9642] __x64_sys_ioctl+0xb7/0x210 [ 313.115748][ T9642] do_syscall_64+0xcd/0xfa0 [ 313.115776][ T9642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.115794][ T9642] RIP: 0033:0x7fa3b838eec9 [ 313.115809][ T9642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.115826][ T9642] RSP: 002b:00007fa3b9266038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 313.115844][ T9642] RAX: ffffffffffffffda RBX: 00007fa3b85e6180 RCX: 00007fa3b838eec9 [ 313.115855][ T9642] RDX: 0000200000000740 RSI: 000000004020aeb2 RDI: 0000000000000004 [ 313.115866][ T9642] RBP: 00007fa3b9266090 R08: 0000000000000000 R09: 0000000000000000 [ 313.115877][ T9642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 313.115887][ T9642] R13: 00007fa3b85e6218 R14: 00007fa3b85e6180 R15: 00007fff3f2cc968 [ 313.115912][ T9642] [ 313.115939][ T9642] ERROR: Out of memory at tomoyo_realpath_from_path. [ 313.318292][ T30] audit: type=1400 audit(2000000004.020:508): avc: denied { mounton } for pid=9641 comm="syz.2.1092" path="/223/file0" dev="tmpfs" ino=1196 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 313.541817][ T9463] netdevsim netdevsim5 netdevsim0: renamed from eth5 [ 313.568203][ T9463] netdevsim netdevsim5 netdevsim1: renamed from eth6 [ 313.595786][ T9463] netdevsim netdevsim5 netdevsim2: renamed from eth7 [ 313.626404][ T9463] netdevsim netdevsim5 netdevsim3: renamed from eth8 [ 313.907374][ T9463] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.583917][ T5891] usb 1-1: unable to get BOS descriptor or descriptor too short [ 314.596783][ T5891] usb 1-1: no configurations [ 314.627276][ T5891] usb 1-1: can't read configurations, error -22 [ 314.789599][ T7940] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.796736][ T7940] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.861342][ T30] audit: type=1400 audit(2000000005.570:509): avc: denied { append } for pid=9659 comm="syz.1.1097" name="sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 314.861752][ T7940] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.892188][ T7940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 315.037615][ T30] audit: type=1400 audit(2000000005.730:510): avc: denied { write } for pid=9660 comm="syz.2.1095" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 315.231188][ T30] audit: type=1400 audit(2000000005.940:511): avc: denied { read } for pid=9660 comm="syz.2.1095" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 315.407116][ T30] audit: type=1400 audit(2000000006.110:512): avc: denied { write } for pid=9674 comm="syz.1.1099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 316.493626][ T30] audit: type=1400 audit(2000000007.200:513): avc: denied { execmod } for pid=9658 comm="syz.0.1096" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=28983 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 316.619127][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.625447][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.883369][ T9696] FAULT_INJECTION: forcing a failure. [ 316.883369][ T9696] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.932721][ T9696] CPU: 1 UID: 0 PID: 9696 Comm: syz.0.1103 Not tainted syzkaller #0 PREEMPT(full) [ 316.932745][ T9696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 316.932756][ T9696] Call Trace: [ 316.932762][ T9696] [ 316.932768][ T9696] dump_stack_lvl+0x16c/0x1f0 [ 316.932800][ T9696] should_fail_ex+0x512/0x640 [ 316.932830][ T9696] _copy_from_user+0x2e/0xd0 [ 316.932849][ T9696] copy_msghdr_from_user+0x98/0x160 [ 316.932876][ T9696] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 316.932914][ T9696] ___sys_sendmsg+0xfe/0x1d0 [ 316.932940][ T9696] ? __pfx____sys_sendmsg+0x10/0x10 [ 316.932996][ T9696] __sys_sendmsg+0x16d/0x220 [ 316.933022][ T9696] ? __pfx___sys_sendmsg+0x10/0x10 [ 316.933064][ T9696] do_syscall_64+0xcd/0xfa0 [ 316.933092][ T9696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.933110][ T9696] RIP: 0033:0x7f9226d8eec9 [ 316.933125][ T9696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.933142][ T9696] RSP: 002b:00007f9227cca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 316.933159][ T9696] RAX: ffffffffffffffda RBX: 00007f9226fe5fa0 RCX: 00007f9226d8eec9 [ 316.933170][ T9696] RDX: 0000000000040000 RSI: 0000200000000e80 RDI: 0000000000000003 [ 316.933181][ T9696] RBP: 00007f9227cca090 R08: 0000000000000000 R09: 0000000000000000 [ 316.933191][ T9696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.933201][ T9696] R13: 00007f9226fe6038 R14: 00007f9226fe5fa0 R15: 00007ffd357698e8 [ 316.933226][ T9696] [ 317.235604][ T9463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 318.018421][ T9722] gfs2: not a GFS2 filesystem [ 318.519736][ T5970] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 318.680457][ T5970] usb 3-1: Using ep0 maxpacket: 16 [ 318.691796][ T5970] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 318.744975][ T5970] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 318.785113][ T5970] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 318.829715][ T5970] usb 3-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 318.859667][ T5970] usb 3-1: config 7 interface 0 has no altsetting 0 [ 318.876469][ T5970] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 318.889805][ T5970] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.010316][ T30] audit: type=1400 audit(2000000009.710:514): avc: denied { bind } for pid=9725 comm="syz.0.1108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 319.498571][ T9463] veth0_vlan: entered promiscuous mode [ 319.638031][ T9463] veth1_vlan: entered promiscuous mode [ 319.813901][ T9463] veth0_macvtap: entered promiscuous mode [ 319.944505][ T9463] veth1_macvtap: entered promiscuous mode [ 320.068119][ T9737] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 320.523968][ T9463] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 320.593385][ T9747] FAULT_INJECTION: forcing a failure. [ 320.593385][ T9747] name failslab, interval 1, probability 0, space 0, times 0 [ 320.616760][ T9747] CPU: 0 UID: 0 PID: 9747 Comm: syz.1.1112 Not tainted syzkaller #0 PREEMPT(full) [ 320.616783][ T9747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 320.616794][ T9747] Call Trace: [ 320.616800][ T9747] [ 320.616806][ T9747] dump_stack_lvl+0x16c/0x1f0 [ 320.616839][ T9747] should_fail_ex+0x512/0x640 [ 320.616865][ T9747] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 320.616894][ T9747] should_failslab+0xc2/0x120 [ 320.616914][ T9747] kmem_cache_alloc_node_noprof+0x78/0x770 [ 320.616938][ T9747] ? __alloc_skb+0x2b2/0x380 [ 320.616969][ T9747] ? __alloc_skb+0x2b2/0x380 [ 320.616990][ T9747] ? __pfx_netlink_insert+0x10/0x10 [ 320.617015][ T9747] __alloc_skb+0x2b2/0x380 [ 320.617038][ T9747] ? __pfx___alloc_skb+0x10/0x10 [ 320.617062][ T9747] ? netlink_autobind.isra.0+0x158/0x370 [ 320.617096][ T9747] netlink_alloc_large_skb+0x69/0x140 [ 320.617114][ T9747] netlink_sendmsg+0x698/0xdd0 [ 320.617136][ T9747] ? __pfx_netlink_sendmsg+0x10/0x10 [ 320.617163][ T9747] ____sys_sendmsg+0xa95/0xc70 [ 320.617183][ T9747] ? copy_msghdr_from_user+0x10a/0x160 [ 320.617208][ T9747] ? __pfx_____sys_sendmsg+0x10/0x10 [ 320.617240][ T9747] ___sys_sendmsg+0x134/0x1d0 [ 320.617266][ T9747] ? __pfx____sys_sendmsg+0x10/0x10 [ 320.617324][ T9747] __sys_sendmsg+0x16d/0x220 [ 320.617350][ T9747] ? __pfx___sys_sendmsg+0x10/0x10 [ 320.617381][ T9747] ? ksys_write+0x17e/0x250 [ 320.617414][ T9747] do_syscall_64+0xcd/0xfa0 [ 320.617442][ T9747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.617460][ T9747] RIP: 0033:0x7fc2a7b8eec9 [ 320.617474][ T9747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.617491][ T9747] RSP: 002b:00007fc2a896e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 320.617508][ T9747] RAX: ffffffffffffffda RBX: 00007fc2a7de6090 RCX: 00007fc2a7b8eec9 [ 320.617519][ T9747] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 320.617529][ T9747] RBP: 00007fc2a896e090 R08: 0000000000000000 R09: 0000000000000000 [ 320.617540][ T9747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.617550][ T9747] R13: 00007fc2a7de6128 R14: 00007fc2a7de6090 R15: 00007ffdacf9c328 [ 320.617576][ T9747] [ 320.636272][ T9463] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 321.067491][ T30] audit: type=1400 audit(2000000011.770:515): avc: denied { ioctl } for pid=9748 comm="syz.0.1113" path="socket:[30123]" dev="sockfs" ino=30123 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 321.105770][ T9463] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 321.138949][ T9463] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 321.183521][ T5970] usbhid 3-1:7.0: can't add hid device: -71 [ 321.202702][ T5970] usbhid 3-1:7.0: probe with driver usbhid failed with error -71 [ 321.234397][ T9754] mkiss: ax0: crc mode is auto. [ 321.242674][ T9754] netlink: 11 bytes leftover after parsing attributes in process `syz.2.1115'. [ 321.272498][ T5970] usb 3-1: USB disconnect, device number 24 [ 321.311313][ T9463] wireguard: wg0: Could not create IPv4 socket [ 321.350376][ T9463] wireguard: wg1: Could not create IPv4 socket [ 321.350804][ T9756] Failed to initialize the IGMP autojoin socket (err -2) [ 321.360243][ T9463] wireguard: wg2: Could not create IPv4 socket [ 322.478948][ T9767] FAULT_INJECTION: forcing a failure. [ 322.478948][ T9767] name failslab, interval 1, probability 0, space 0, times 0 [ 322.684415][ T9767] CPU: 1 UID: 0 PID: 9767 Comm: syz.2.1119 Not tainted syzkaller #0 PREEMPT(full) [ 322.684438][ T9767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 322.684447][ T9767] Call Trace: [ 322.684453][ T9767] [ 322.684459][ T9767] dump_stack_lvl+0x16c/0x1f0 [ 322.684487][ T9767] should_fail_ex+0x512/0x640 [ 322.684510][ T9767] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 322.684528][ T9767] should_failslab+0xc2/0x120 [ 322.684546][ T9767] kmem_cache_alloc_noprof+0x75/0x6e0 [ 322.684575][ T9767] ? skb_clone+0x190/0x3f0 [ 322.684603][ T9767] ? skb_clone+0x190/0x3f0 [ 322.684624][ T9767] skb_clone+0x190/0x3f0 [ 322.684648][ T9767] netlink_deliver_tap+0xabd/0xd30 [ 322.684678][ T9767] netlink_unicast+0x71f/0x870 [ 322.684697][ T9767] ? __pfx_netlink_unicast+0x10/0x10 [ 322.684713][ T9767] ? genl_rcv_msg+0x4bb/0x800 [ 322.684737][ T9767] netlink_ack+0x696/0xb80 [ 322.684760][ T9767] netlink_rcv_skb+0x332/0x420 [ 322.684775][ T9767] ? __pfx_genl_rcv_msg+0x10/0x10 [ 322.684794][ T9767] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 322.684819][ T9767] ? netlink_deliver_tap+0x1ae/0xd30 [ 322.684846][ T9767] genl_rcv+0x28/0x40 [ 322.684861][ T9767] netlink_unicast+0x5aa/0x870 [ 322.684879][ T9767] ? __pfx_netlink_unicast+0x10/0x10 [ 322.684905][ T9767] netlink_sendmsg+0x8c8/0xdd0 [ 322.684923][ T9767] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.684946][ T9767] ____sys_sendmsg+0xa95/0xc70 [ 322.684965][ T9767] ? copy_msghdr_from_user+0x10a/0x160 [ 322.684989][ T9767] ? __pfx_____sys_sendmsg+0x10/0x10 [ 322.685018][ T9767] ___sys_sendmsg+0x134/0x1d0 [ 322.685044][ T9767] ? __pfx____sys_sendmsg+0x10/0x10 [ 322.685103][ T9767] __sys_sendmsg+0x16d/0x220 [ 322.685129][ T9767] ? __pfx___sys_sendmsg+0x10/0x10 [ 322.685173][ T9767] do_syscall_64+0xcd/0xfa0 [ 322.685202][ T9767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.685220][ T9767] RIP: 0033:0x7f428c78eec9 [ 322.685234][ T9767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.685251][ T9767] RSP: 002b:00007f428d6f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 322.685269][ T9767] RAX: ffffffffffffffda RBX: 00007f428c9e5fa0 RCX: 00007f428c78eec9 [ 322.685280][ T9767] RDX: 0000000000048054 RSI: 0000200000007580 RDI: 0000000000000003 [ 322.685290][ T9767] RBP: 00007f428d6f5090 R08: 0000000000000000 R09: 0000000000000000 [ 322.685300][ T9767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.685309][ T9767] R13: 00007f428c9e6038 R14: 00007f428c9e5fa0 R15: 00007fff5fdab7d8 [ 322.685335][ T9767] [ 323.553559][ T5820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 323.562342][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 323.570454][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 323.578154][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 323.585783][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 323.603657][ T9783] Failed to initialize the IGMP autojoin socket (err -2) [ 325.100019][ T5942] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 325.293083][ T30] audit: type=1400 audit(2000000016.000:516): avc: denied { read write } for pid=9812 comm="syz.0.1129" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 325.324630][ T5942] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 325.352601][ T30] audit: type=1400 audit(2000000016.000:517): avc: denied { open } for pid=9812 comm="syz.0.1129" path="/236/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 325.375452][ C1] vkms_vblank_simulate: vblank timer overrun [ 325.385797][ T30] audit: type=1400 audit(2000000016.000:518): avc: denied { mounton } for pid=9812 comm="syz.0.1129" path="/236/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 325.407956][ C1] vkms_vblank_simulate: vblank timer overrun [ 325.443920][ T5891] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 325.601608][ T5891] usb 3-1: Using ep0 maxpacket: 32 [ 325.615885][ T5891] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 325.624956][ T5891] usb 3-1: config 0 has no interface number 0 [ 325.641105][ T5891] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 325.649133][ T5942] usb 4-1: config 0 interface 0 has no altsetting 0 [ 325.650667][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.660716][ T5816] Bluetooth: hci1: command tx timeout [ 325.665207][ T5891] usb 3-1: Product: syz [ 325.675609][ T5891] usb 3-1: Manufacturer: syz [ 325.677973][ T5942] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 325.680357][ T5891] usb 3-1: SerialNumber: syz [ 325.697029][ T5891] usb 3-1: config 0 descriptor?? [ 325.697426][ T5942] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 325.714295][ T5942] usb 4-1: Product: syz [ 325.718507][ T5942] usb 4-1: Manufacturer: syz [ 325.722364][ T5891] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 325.723170][ T5942] usb 4-1: SerialNumber: syz [ 325.743831][ T5942] usb 4-1: config 0 descriptor?? [ 325.757381][ T5942] usb 4-1: selecting invalid altsetting 0 [ 325.925177][ T30] audit: type=1400 audit(2000000016.630:519): avc: denied { connect } for pid=9810 comm="syz.2.1127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 325.946758][ T9783] netdevsim netdevsim5 netdevsim0: renamed from eth5 [ 325.965074][ T5884] usb 4-1: USB disconnect, device number 23 [ 325.977199][ T9813] orangefs_mount: mount request failed with -4 [ 326.014333][ T9783] netdevsim netdevsim5 netdevsim1: renamed from eth6 [ 326.034122][ T9783] netdevsim netdevsim5 netdevsim2: renamed from eth7 [ 326.079594][ T5891] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 326.107621][ T9783] netdevsim netdevsim5 netdevsim3: renamed from eth8 [ 326.176658][ T9831] FAULT_INJECTION: forcing a failure. [ 326.176658][ T9831] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 326.247971][ T5891] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 326.276039][ T9831] CPU: 1 UID: 0 PID: 9831 Comm: syz.0.1130 Not tainted syzkaller #0 PREEMPT(full) [ 326.276062][ T9831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 326.276071][ T9831] Call Trace: [ 326.276077][ T9831] [ 326.276084][ T9831] dump_stack_lvl+0x16c/0x1f0 [ 326.276114][ T9831] should_fail_ex+0x512/0x640 [ 326.276144][ T9831] strncpy_from_user+0x3b/0x2e0 [ 326.276174][ T9831] getname_flags.part.0+0x8f/0x550 [ 326.276202][ T9831] getname_flags+0x93/0xf0 [ 326.276218][ T9831] user_path_at+0x24/0x60 [ 326.276235][ T9831] __x64_sys_mount+0x1fb/0x310 [ 326.276254][ T9831] ? __pfx___x64_sys_mount+0x10/0x10 [ 326.276277][ T9831] ? rcu_is_watching+0x12/0xc0 [ 326.276302][ T9831] do_syscall_64+0xcd/0xfa0 [ 326.276330][ T9831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.276347][ T9831] RIP: 0033:0x7f9226d8eec9 [ 326.276361][ T9831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.276377][ T9831] RSP: 002b:00007f9227cca038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 326.276393][ T9831] RAX: ffffffffffffffda RBX: 00007f9226fe5fa0 RCX: 00007f9226d8eec9 [ 326.276404][ T9831] RDX: 00002000000003c0 RSI: 0000200000000000 RDI: 0000200000002440 [ 326.276415][ T9831] RBP: 00007f9227cca090 R08: 0000200000002340 R09: 0000000000000000 [ 326.276425][ T9831] R10: 000000000200840d R11: 0000000000000246 R12: 0000000000000001 [ 326.276434][ T9831] R13: 00007f9226fe6038 R14: 00007f9226fe5fa0 R15: 00007ffd357698e8 [ 326.276459][ T9831] [ 326.433025][ C1] vkms_vblank_simulate: vblank timer overrun [ 326.953812][ T9828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 327.694024][ T30] audit: type=1400 audit(2000000018.400:520): avc: denied { bind } for pid=9859 comm="syz.0.1135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 327.730084][ T5816] Bluetooth: hci1: command tx timeout [ 327.741804][ T30] audit: type=1400 audit(2000000018.420:521): avc: denied { ioctl } for pid=9859 comm="syz.0.1135" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0x9426 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 327.899028][ T9783] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 327.942945][ T9783] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 327.978841][ T9783] wireguard: wg0: Could not create IPv4 socket [ 327.996955][ T9783] wireguard: wg1: Could not create IPv4 socket [ 328.013958][ T9783] wireguard: wg2: Could not create IPv4 socket [ 328.138726][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 328.147640][ T5884] usb 3-1: USB disconnect, device number 25 [ 328.182665][ T5884] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 328.287340][ T9873] syz.1.1137 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 328.301866][ T5884] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 328.314328][ T5884] quatech2 3-1:0.51: device disconnected [ 329.223505][ T30] audit: type=1400 audit(2000000019.900:522): avc: denied { relabelfrom } for pid=9903 comm="syz.3.1142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 329.423801][ T30] audit: type=1400 audit(2000000019.900:523): avc: denied { relabelto } for pid=9903 comm="syz.3.1142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 330.124052][ T9933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1145'. [ 330.780883][ T9925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 331.685271][ T30] audit: type=1400 audit(2000000022.390:524): avc: denied { create } for pid=9944 comm="syz.3.1149" name="file7" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 331.772689][ T9949] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 331.803461][ T30] audit: type=1400 audit(2000000022.470:525): avc: denied { block_suspend } for pid=9944 comm="syz.3.1149" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 331.968439][ T9956] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1152'. [ 333.143425][ T30] audit: type=1400 audit(2000000023.840:526): avc: denied { audit_read } for pid=9974 comm="syz.3.1157" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 333.789784][ T30] audit: type=1400 audit(2000000024.420:527): avc: denied { listen } for pid=9980 comm="syz.1.1159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 333.945982][ T5884] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 334.223613][ T5884] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 334.251852][ T5884] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 334.309056][ T5884] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 334.328520][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 334.730121][ T5884] usb 4-1: SerialNumber: syz [ 334.807025][ T5884] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 334.882680][ T5884] usb-storage 4-1:1.0: USB Mass Storage device detected [ 335.056618][ T30] audit: type=1400 audit(2000000025.750:528): avc: denied { ioctl } for pid=10008 comm="syz.1.1164" path="socket:[31859]" dev="sockfs" ino=31859 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 335.060570][ T5884] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 335.168429][ T5884] scsi host1: usb-storage 4-1:1.0 [ 335.380001][ T5970] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 335.456830][ T5820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 335.467804][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 335.476994][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 335.485377][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 335.492812][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 335.547192][T10029] Failed to initialize the IGMP autojoin socket (err -2) [ 335.621729][ T5970] usb 3-1: device descriptor read/64, error -71 [ 335.909708][ T5970] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 336.089880][ T5970] usb 3-1: device descriptor read/64, error -71 [ 336.209896][ T5970] usb usb3-port1: attempt power cycle [ 336.709743][ T5970] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 336.745075][ T5970] usb 3-1: device descriptor read/8, error -71 [ 336.778617][T10029] netdevsim netdevsim5 netdevsim0: renamed from eth5 [ 336.799274][ T30] audit: type=1400 audit(2000000027.500:529): avc: denied { ioctl } for pid=10064 comm="syz.1.1168" path="socket:[31343]" dev="sockfs" ino=31343 ioctlcmd=0x7542 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 336.823867][ C1] vkms_vblank_simulate: vblank timer overrun [ 336.848801][T10029] netdevsim netdevsim5 netdevsim1: renamed from eth6 [ 336.862437][T10029] netdevsim netdevsim5 netdevsim2: renamed from eth7 [ 336.883388][T10029] netdevsim netdevsim5 netdevsim3: renamed from eth8 [ 336.938999][T10073] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1169'. [ 337.017358][ T5970] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 337.062011][ T5970] usb 3-1: device descriptor read/8, error -71 [ 337.199768][ T5970] usb usb3-port1: unable to enumerate USB device [ 337.285997][ T5848] usb 4-1: USB disconnect, device number 24 [ 337.318132][T10087] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1171'. [ 337.339212][T10087] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1171'. [ 337.351441][T10090] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1173'. [ 337.569898][ T5820] Bluetooth: hci1: command tx timeout [ 337.614420][T10098] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 339.664417][ T56] block nbd0: Possible stuck request ffff8880261b0000: control (read@0,1024B). Runtime 30 seconds [ 339.675937][ T56] block nbd0: Possible stuck request ffff8880261b01c0: control (read@1024,1024B). Runtime 30 seconds [ 339.686918][ T56] block nbd0: Possible stuck request ffff8880261b0380: control (read@2048,1024B). Runtime 30 seconds [ 339.697791][ T56] block nbd0: Possible stuck request ffff8880261b0540: control (read@3072,1024B). Runtime 30 seconds [ 339.728050][ T30] audit: type=1400 audit(2000000030.420:530): avc: denied { write } for pid=10136 comm="syz.2.1181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 339.814987][ T5820] Bluetooth: hci1: command tx timeout [ 340.213807][T10029] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 340.267011][T10145] Failed to initialize the IGMP autojoin socket (err -2) [ 340.278765][T10029] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 340.317091][T10029] wireguard: wg0: Could not create IPv4 socket [ 340.328628][T10029] wireguard: wg1: Could not create IPv4 socket [ 340.336318][T10029] wireguard: wg2: Could not create IPv4 socket [ 340.511837][T10151] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1184'. [ 340.727596][T10154] hsr0: entered promiscuous mode [ 340.768984][T10154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1185'. [ 340.868240][T10154] hsr_slave_0: left promiscuous mode [ 340.895228][T10164] FAULT_INJECTION: forcing a failure. [ 340.895228][T10164] name failslab, interval 1, probability 0, space 0, times 0 [ 340.898761][T10154] hsr_slave_1: left promiscuous mode [ 340.929994][T10164] CPU: 1 UID: 0 PID: 10164 Comm: syz.2.1186 Not tainted syzkaller #0 PREEMPT(full) [ 340.930017][T10164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 340.930027][T10164] Call Trace: [ 340.930033][T10164] [ 340.930039][T10164] dump_stack_lvl+0x16c/0x1f0 [ 340.930069][T10164] should_fail_ex+0x512/0x640 [ 340.930094][T10164] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 340.930115][T10164] should_failslab+0xc2/0x120 [ 340.930134][T10164] __kvmalloc_node_noprof+0x141/0x9c0 [ 340.930153][T10164] ? traverse.part.0.constprop.0+0x397/0x650 [ 340.930178][T10164] ? __kernel_text_address+0xd/0x40 [ 340.930199][T10164] ? traverse.part.0.constprop.0+0x397/0x650 [ 340.930215][T10164] traverse.part.0.constprop.0+0x397/0x650 [ 340.930236][T10164] seq_read_iter+0x93c/0x12d0 [ 340.930253][T10164] ? _kstrtoull+0x145/0x200 [ 340.930270][T10164] seq_read+0x3a3/0x570 [ 340.930286][T10164] ? __pfx_seq_read+0x10/0x10 [ 340.930304][T10164] ? import_ubuf+0x1b6/0x220 [ 340.930322][T10164] ? avc_policy_seqno+0x9/0x20 [ 340.930338][T10164] ? __pfx_seq_read+0x10/0x10 [ 340.930354][T10164] proc_reg_read+0x240/0x330 [ 340.930371][T10164] ? __pfx_proc_reg_read+0x10/0x10 [ 340.930385][T10164] vfs_readv+0x5c1/0x8b0 [ 340.930404][T10164] ? __pfx_vfs_readv+0x10/0x10 [ 340.930420][T10164] ? find_held_lock+0x2b/0x80 [ 340.930443][T10164] ? __fget_files+0x20e/0x3c0 [ 340.930457][T10164] ? do_preadv+0x1a6/0x270 [ 340.930471][T10164] do_preadv+0x1a6/0x270 [ 340.930487][T10164] ? __pfx_do_preadv+0x10/0x10 [ 340.930506][T10164] do_syscall_64+0xcd/0xfa0 [ 340.930524][T10164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.930535][T10164] RIP: 0033:0x7f428c78eec9 [ 340.930544][T10164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.930554][T10164] RSP: 002b:00007f428d6f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 340.930565][T10164] RAX: ffffffffffffffda RBX: 00007f428c9e5fa0 RCX: 00007f428c78eec9 [ 340.930571][T10164] RDX: 0000000000000001 RSI: 0000200000000200 RDI: 0000000000000003 [ 340.930577][T10164] RBP: 00007f428d6f5090 R08: 0000000000000000 R09: 0000000000000000 [ 340.930583][T10164] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 340.930589][T10164] R13: 00007f428c9e6038 R14: 00007f428c9e5fa0 R15: 00007fff5fdab7d8 [ 340.930604][T10164] [ 340.939223][T10154] hsr0 (unregistering): left promiscuous mode [ 341.366525][ T30] audit: type=1400 audit(2000000032.070:531): avc: denied { ioctl } for pid=10172 comm="syz.3.1188" path="socket:[31646]" dev="sockfs" ino=31646 ioctlcmd=0x5828 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 341.391917][ C0] vkms_vblank_simulate: vblank timer overrun [ 341.421593][ T30] audit: type=1400 audit(2000000032.070:532): avc: denied { nlmsg_read } for pid=10172 comm="syz.3.1188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 341.426304][T10185] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1189'. [ 341.452360][T10185] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1189'. [ 341.554530][ T30] audit: type=1326 audit(2000000032.120:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 341.582831][ T30] audit: type=1326 audit(2000000032.120:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 341.608365][ T30] audit: type=1326 audit(2000000032.130:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 341.646433][ T30] audit: type=1326 audit(2000000032.130:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 341.694992][T10187] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=10187 comm=syz.1.1190 [ 342.101052][ T30] audit: type=1326 audit(2000000032.130:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 342.124415][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.149919][ T30] audit: type=1326 audit(2000000032.130:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 342.186572][ T30] audit: type=1326 audit(2000000032.130:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 342.345526][T10197] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1191'. [ 342.359788][ T30] audit: type=1326 audit(2000000032.130:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 342.384887][ T30] audit: type=1326 audit(2000000032.130:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 342.486199][T10202] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1193'. [ 342.558269][ T30] audit: type=1326 audit(2000000032.130:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 342.660357][T10210] netlink: 'syz.2.1195': attribute type 13 has an invalid length. [ 342.674635][ T30] audit: type=1326 audit(2000000032.130:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 342.732719][ T30] audit: type=1326 audit(2000000032.130:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 342.756077][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.767568][ T30] audit: type=1326 audit(2000000032.130:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 342.790930][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.797341][ T30] audit: type=1326 audit(2000000032.130:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 342.914237][ T5933] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 343.110006][ T5933] usb 1-1: Using ep0 maxpacket: 32 [ 343.116634][ T5933] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 343.128780][ T5933] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 343.147139][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 343.254372][ T5933] usb 1-1: Product: syz [ 343.269715][ T5933] usb 1-1: Manufacturer: syz [ 343.274319][ T5933] usb 1-1: SerialNumber: syz [ 343.282585][ T5848] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 343.291213][ T5933] usb 1-1: config 0 descriptor?? [ 343.296713][T10214] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 343.319694][ T5970] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 343.449698][ T5970] usb 3-1: device descriptor read/64, error -71 [ 343.520929][ T5891] usb 1-1: USB disconnect, device number 18 [ 343.705294][ T5970] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 343.889128][ T5970] usb 3-1: device descriptor read/64, error -71 [ 344.020703][ T5970] usb usb3-port1: attempt power cycle [ 344.374373][ T5970] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 344.410595][ T5970] usb 3-1: device descriptor read/8, error -71 [ 344.670208][ T5970] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 344.710924][ T5970] usb 3-1: device descriptor read/8, error -71 [ 344.859732][ T5970] usb usb3-port1: unable to enumerate USB device [ 344.957145][ T5891] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 345.004533][T10271] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1204'. [ 345.017885][T10271] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1204'. [ 345.121534][ T5816] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 345.131275][ T5816] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 345.140351][ T5816] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 345.147528][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 345.160086][ T5816] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 345.176640][ T5816] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 345.203693][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 345.219718][ T5891] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 345.222863][T10273] Failed to initialize the IGMP autojoin socket (err -2) [ 345.228950][ T5891] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.800546][ T5891] usb 1-1: config 0 descriptor?? [ 346.229846][ T5848] usb 4-1: unable to get BOS descriptor or descriptor too short [ 346.242749][ T5848] usb 4-1: no configurations [ 346.247387][ T5848] usb 4-1: can't read configurations, error -22 [ 346.353556][T10301] vxcan1 speed is unknown, defaulting to 1000 [ 346.367861][T10301] vxcan1 speed is unknown, defaulting to 1000 [ 346.380777][T10301] vxcan1 speed is unknown, defaulting to 1000 [ 346.855545][T10301] infiniband syz2: set active [ 346.860507][T10301] infiniband syz2: added vxcan1 [ 346.867206][T10301] syz2: rxe_create_qp: returned err = -2 [ 346.873187][T10301] infiniband syz2: Couldn't create ib_mad QP1 [ 346.879714][T10301] infiniband syz2: Couldn't open port 1 [ 346.901478][ T24] vxcan1 speed is unknown, defaulting to 1000 [ 346.909467][T10301] RDS/IB: syz2: added [ 346.913712][T10301] smc: adding ib device syz2 with port count 1 [ 346.920038][T10301] smc: ib device syz2 port 1 has no pnetid [ 346.927707][T10301] vxcan1 speed is unknown, defaulting to 1000 [ 347.041431][T10301] vxcan1 speed is unknown, defaulting to 1000 [ 347.154318][T10301] vxcan1 speed is unknown, defaulting to 1000 [ 347.249724][ T5816] Bluetooth: hci1: command tx timeout [ 347.266722][T10301] vxcan1 speed is unknown, defaulting to 1000 [ 347.436388][ T5970] vxcan1 speed is unknown, defaulting to 1000 [ 347.843642][T10305] tmpfs: Unknown parameter 'usqquota_block_hardlimit' [ 347.946881][ T5891] hid-led 0003:27B8:01ED.000C: probe with driver hid-led failed with error -71 [ 348.213545][ T5891] usb 1-1: USB disconnect, device number 19 [ 348.778013][ T5848] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 348.848493][T10317] team0: No ports can be present during mode change [ 348.946518][ T5848] usb 4-1: Using ep0 maxpacket: 32 [ 348.973203][ T5848] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 348.981684][ T5848] usb 4-1: config 0 has no interface number 0 [ 349.003337][ T5848] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 349.038553][ T5848] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.071469][ T5848] usb 4-1: Product: syz [ 349.098762][ T5848] usb 4-1: Manufacturer: syz [ 349.109522][ T5848] usb 4-1: SerialNumber: syz [ 349.133480][T10273] netdevsim netdevsim5 netdevsim0: renamed from eth5 [ 349.142355][ T5848] usb 4-1: config 0 descriptor?? [ 349.168130][T10324] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1212'. [ 349.204518][ T5848] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 349.225668][T10273] netdevsim netdevsim5 netdevsim1: renamed from eth6 [ 349.232557][ T5848] usb 4-1: selecting invalid altsetting 1 [ 349.232576][ T5848] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 349.239018][ T5848] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 349.297120][T10273] netdevsim netdevsim5 netdevsim2: renamed from eth7 [ 349.318726][T10332] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1215'. [ 349.329794][ T5816] Bluetooth: hci1: command tx timeout [ 349.352672][T10329] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1213'. [ 349.412111][ T5848] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 349.420412][ T5848] usb 4-1: media controller created [ 349.440421][ T5848] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 349.808481][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 349.808511][ T30] audit: type=1400 audit(2000000040.504:571): avc: denied { map } for pid=10327 comm="syz.0.1214" path="/dev/sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 349.983819][T10273] netdevsim netdevsim5 netdevsim3: renamed from eth8 [ 350.576595][ T30] audit: type=1400 audit(2000000040.504:572): avc: denied { execute } for pid=10327 comm="syz.0.1214" path="/dev/sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 350.593812][T10345] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1216'. [ 350.680541][T10345] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1216'. [ 351.410312][ T5816] Bluetooth: hci1: command tx timeout [ 351.629718][ T5848] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 351.637274][ T5848] zl10353_read_register: readreg error (reg=127, ret==-71) [ 351.652620][ T30] audit: type=1326 audit(2000000042.254:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10309 comm="syz.3.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3b838eec9 code=0x7fc00000 [ 351.676365][ T5848] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 351.766153][T10369] netlink: 14436 bytes leftover after parsing attributes in process `syz.3.1221'. [ 351.830006][ T5848] usb 4-1: USB disconnect, device number 26 [ 351.859724][T10369] openvswitch: netlink: Missing key (keys=40, expected=80) [ 352.447555][ T30] audit: type=1400 audit(2000000043.144:574): avc: denied { read } for pid=10382 comm="syz.3.1222" path="socket:[32740]" dev="sockfs" ino=32740 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 352.837255][T10368] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 352.889731][ T30] audit: type=1400 audit(2000000043.534:575): avc: denied { connect } for pid=10366 comm="syz.2.1220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 353.332680][T10273] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 353.567517][T10273] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 353.581325][ T5816] Bluetooth: hci1: command tx timeout [ 353.627692][T10273] wireguard: wg0: Could not create IPv4 socket [ 353.646664][T10273] wireguard: wg1: Could not create IPv4 socket [ 353.668364][T10273] wireguard: wg2: Could not create IPv4 socket [ 353.786833][T10411] netlink: 'syz.1.1223': attribute type 6 has an invalid length. [ 356.175363][T10516] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1230'. [ 356.184423][T10516] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1230'. [ 360.061754][ T5820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 360.071100][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 360.080913][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 360.092135][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 360.102413][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 360.177226][T10599] Failed to initialize the IGMP autojoin socket (err -2) [ 360.516735][T10619] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1242'. [ 360.538984][T10619] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1242'. [ 362.209698][ T5816] Bluetooth: hci1: command tx timeout [ 363.473008][T10599] netdevsim netdevsim5 netdevsim0: renamed from eth5 [ 363.541794][T10599] netdevsim netdevsim5 netdevsim1: renamed from eth6 [ 363.554802][T10599] netdevsim netdevsim5 netdevsim2: renamed from eth7 [ 363.581754][T10599] netdevsim netdevsim5 netdevsim3: renamed from eth8 [ 364.301074][ T5816] Bluetooth: hci1: command tx timeout [ 364.461584][T10680] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1251'. [ 364.669053][T10680] bond0: (slave bond_slave_1): Releasing backup interface [ 365.496346][T10710] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1255'. [ 365.522517][T10710] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1255'. [ 365.850646][T10599] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 365.940235][T10599] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 366.028972][T10599] wireguard: wg0: Could not create IPv4 socket [ 366.081614][T10599] wireguard: wg1: Could not create IPv4 socket [ 366.124119][T10599] wireguard: wg2: Could not create IPv4 socket [ 366.371761][ T5816] Bluetooth: hci1: command tx timeout [ 367.143558][ T5820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 367.692838][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 367.700539][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 367.709255][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 367.717091][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 367.762138][T10740] Failed to initialize the IGMP autojoin socket (err -2) [ 368.092340][T10754] fuse: Bad value for 'fd' [ 368.279148][T10759] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 368.396199][T10759] loop9: detected capacity change from 0 to 7 [ 368.454253][T10759] Dev loop9: unable to read RDB block 7 [ 368.481163][T10759] loop9: unable to read partition table [ 368.525203][T10759] loop9: partition table beyond EOD, truncated [ 368.558451][T10759] loop_reread_partitions: partition scan of loop9 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 368.587068][ T9486] Dev loop9: unable to read RDB block 7 [ 368.606849][ T9486] loop9: unable to read partition table [ 368.626096][ T9486] loop9: partition table beyond EOD, truncated [ 368.864080][T10773] Dev loop9: unable to read RDB block 7 [ 368.872494][T10773] loop9: unable to read partition table [ 368.960074][T10773] loop9: partition table beyond EOD, truncated [ 368.987857][T10773] loop_reread_partitions: partition scan of loop9 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 369.750740][T10808] netlink: 'syz.3.1269': attribute type 10 has an invalid length. [ 369.758921][ T56] block nbd0: Possible stuck request ffff8880261b0000: control (read@0,1024B). Runtime 60 seconds [ 369.769673][ T56] block nbd0: Possible stuck request ffff8880261b01c0: control (read@1024,1024B). Runtime 60 seconds [ 369.781113][ T56] block nbd0: Possible stuck request ffff8880261b0380: control (read@2048,1024B). Runtime 60 seconds [ 369.803809][ T56] block nbd0: Possible stuck request ffff8880261b0540: control (read@3072,1024B). Runtime 60 seconds [ 369.813280][ T5816] Bluetooth: hci1: command tx timeout [ 370.046300][ T30] audit: type=1107 audit(2000000060.714:576): pid=10796 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 370.146162][T10824] Failed to initialize the IGMP autojoin socket (err -2) [ 370.303689][ T30] audit: type=1400 audit(2000000061.004:577): avc: denied { unmount } for pid=10813 comm="syz.1.1271" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 370.697596][T10740] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 370.731022][T10740] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 370.766492][T10740] wireguard: wg0: Could not create IPv4 socket [ 370.792763][T10740] wireguard: wg1: Could not create IPv4 socket [ 370.811278][T10740] wireguard: wg2: Could not create IPv4 socket [ 371.714216][T10880] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1276'. [ 372.196449][ T30] audit: type=1400 audit(2000000062.894:578): avc: denied { bind } for pid=10885 comm="syz.3.1279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 372.238437][ T30] audit: type=1400 audit(2000000062.894:579): avc: denied { listen } for pid=10885 comm="syz.3.1279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 372.283091][ T5820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 372.296919][ T30] audit: type=1400 audit(2000000062.894:580): avc: denied { accept } for pid=10885 comm="syz.3.1279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 372.299450][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 372.330183][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 372.351936][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 372.363982][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 372.444078][T10893] Failed to initialize the IGMP autojoin socket (err -2) [ 372.649383][ T5820] Bluetooth: hci2: unexpected event for opcode 0x080f [ 373.383898][T10920] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1) [ 373.617276][T10924] evm: overlay not supported [ 373.939744][ T5848] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 374.191397][ T5848] usb 3-1: Using ep0 maxpacket: 16 [ 374.197685][ T5848] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 374.208808][ T5848] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 374.249858][ T5848] usb 3-1: config 0 interface 0 has no altsetting 0 [ 374.280626][ T5848] usb 3-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 374.315349][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.409870][ T5848] usb 3-1: config 0 descriptor?? [ 374.454198][ T5820] Bluetooth: hci1: command tx timeout [ 374.721228][T10946] tipc: Enabling of bearer rejected, failed to enable media [ 375.138025][ T5848] usbhid 3-1:0.0: can't add hid device: -71 [ 375.159547][ T5848] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 375.191251][ T5848] usb 3-1: USB disconnect, device number 34 [ 375.580441][T10964] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1288'. [ 375.658791][T10965] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1289'. [ 375.729062][ T5820] Bluetooth: hci3: Malformed LE Event: 0x0b [ 376.332788][T10893] netdevsim netdevsim5 netdevsim0: renamed from eth9 [ 376.352920][T10893] netdevsim netdevsim5 netdevsim1: renamed from eth10 [ 376.370616][T10893] netdevsim netdevsim5 netdevsim2: renamed from eth11 [ 376.387082][T10893] netdevsim netdevsim5 netdevsim3: renamed from eth12 [ 376.481137][ T5816] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 376.492039][ T5816] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 376.504638][ T5816] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 376.525036][ T5816] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 376.532811][ T5812] Bluetooth: hci1: command tx timeout [ 376.538650][ T5812] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 376.602559][T10983] Failed to initialize the IGMP autojoin socket (err -2) [ 376.698837][ T5812] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 376.707769][ T5812] Bluetooth: hci2: Injecting HCI hardware error event [ 376.715636][ T5812] Bluetooth: hci2: hardware error 0x00 [ 377.620814][T11015] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1) [ 377.819473][ T5820] Bluetooth: hci2: unexpected event for opcode 0x080f [ 377.859483][ T5816] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 377.921347][ T5816] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 377.929151][ T5816] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 377.938197][ T5816] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 377.945832][ T5816] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 377.986412][T11023] Failed to initialize the IGMP autojoin socket (err -2) [ 378.184951][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.191734][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.212655][ T30] audit: type=1400 audit(2000000068.870:581): avc: denied { listen } for pid=11021 comm="syz.1.1296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 378.629374][T11031] fuse: Unknown parameter '' [ 378.638663][ T5816] Bluetooth: hci1: command tx timeout [ 378.686904][T11035] ceph: No mds server is up or the cluster is laggy [ 378.714501][ T5933] libceph: mon0 (1)[c::]:6789 connect error [ 378.896271][ T5812] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 378.919666][ T30] audit: type=1400 audit(2000000069.320:582): avc: denied { accept } for pid=11021 comm="syz.1.1296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 379.021268][T10893] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 379.111420][T11045] overlayfs: missing 'lowerdir' [ 379.138032][T10893] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 379.196846][T11048] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1299'. [ 379.455692][T10893] wireguard: wg0: Could not create IPv4 socket [ 380.322267][T10893] wireguard: wg1: Could not create IPv4 socket [ 380.341097][T10893] wireguard: wg2: Could not create IPv4 socket [ 380.620163][ T30] audit: type=1400 audit(2000000071.320:583): avc: denied { read write } for pid=11047 comm="syz.3.1299" name="file0" dev="fuse" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 380.669204][ T30] audit: type=1400 audit(2000000071.320:584): avc: denied { open } for pid=11047 comm="syz.3.1299" path="/266/file0/file0" dev="fuse" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 380.697199][ T5812] Bluetooth: hci1: command tx timeout [ 381.395415][T11093] netlink: 'syz.3.1305': attribute type 8 has an invalid length. [ 381.673996][ T5816] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 381.683164][ T5816] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 381.699755][ T5816] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 381.723920][ T5816] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 381.731502][ T5816] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 381.739478][ T30] audit: type=1400 audit(2000000072.430:585): avc: granted { setsecparam } for pid=11103 comm="syz.2.1307" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 381.766636][T11100] Failed to initialize the IGMP autojoin socket (err -2) [ 383.661058][T11151] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1316'. [ 383.870094][ T5812] Bluetooth: hci1: command tx timeout [ 384.621042][ T30] audit: type=1400 audit(2000000075.320:586): avc: denied { read } for pid=11169 comm="syz.2.1318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 385.334450][T11100] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 385.377935][T11100] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 385.406337][T11100] wireguard: wg0: Could not create IPv4 socket [ 385.427361][T11100] wireguard: wg1: Could not create IPv4 socket [ 385.447220][T11100] wireguard: wg2: Could not create IPv4 socket [ 386.094856][T11208] netlink: 'syz.1.1321': attribute type 10 has an invalid length. [ 386.156329][ T30] audit: type=1107 audit(2000000076.860:587): pid=11207 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 386.413150][ T30] audit: type=1400 audit(2000000077.050:588): avc: denied { getopt } for pid=11211 comm="syz.1.1322" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 386.424903][ T5816] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 386.538835][ T5816] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 386.546980][ T5816] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 386.554867][ T5816] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 386.568205][ T5816] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 386.615163][T11216] Failed to initialize the IGMP autojoin socket (err -2) [ 387.150019][ T5933] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 387.313247][ T5933] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 387.349405][ T5933] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 387.370031][ T5933] usb 4-1: config 220 interface 0 has no altsetting 0 [ 387.389095][ T5933] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 387.409713][ T5933] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.427858][ T5933] usb 4-1: Product: syz [ 387.437961][ T5933] usb 4-1: Manufacturer: syz [ 387.448063][ T5933] usb 4-1: SerialNumber: syz [ 388.089551][T11249] Failed to initialize the IGMP autojoin socket (err -2) [ 388.590984][ T30] audit: type=1400 audit(2000000079.300:589): avc: denied { accept } for pid=11257 comm="syz.2.1327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 388.635446][ T5816] Bluetooth: hci1: command tx timeout [ 390.012695][ T5933] uvcvideo 4-1:220.0: Found UVC 0.00 device syz (8086:0b07) [ 390.029238][ T5933] uvcvideo 4-1:220.0: No valid video chain found. [ 390.056297][ T5933] usb 4-1: USB disconnect, device number 27 [ 390.259025][T11216] netdevsim netdevsim5 netdevsim0: renamed from eth9 [ 390.277083][T11216] netdevsim netdevsim5 netdevsim1: renamed from eth10 [ 390.295341][T11216] netdevsim netdevsim5 netdevsim2: renamed from eth11 [ 390.314456][T11216] netdevsim netdevsim5 netdevsim3: renamed from eth12 [ 390.713713][ T5816] Bluetooth: hci1: command tx timeout [ 390.794096][ T30] audit: type=1326 audit(2000000081.480:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11297 comm="syz.1.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 390.817466][ C1] vkms_vblank_simulate: vblank timer overrun [ 390.900802][T11309] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1331'. [ 391.506764][ T30] audit: type=1326 audit(2000000081.480:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11297 comm="syz.1.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 391.596863][ T30] audit: type=1326 audit(2000000081.480:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11297 comm="syz.1.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 391.620250][ C1] vkms_vblank_simulate: vblank timer overrun [ 391.679660][ T30] audit: type=1326 audit(2000000081.480:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11297 comm="syz.1.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 391.703013][ C1] vkms_vblank_simulate: vblank timer overrun [ 391.767833][ T30] audit: type=1326 audit(2000000081.480:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11297 comm="syz.1.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 391.854861][ T30] audit: type=1326 audit(2000000081.480:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11297 comm="syz.1.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 391.929233][T11216] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 391.950631][ T30] audit: type=1326 audit(2000000081.480:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11297 comm="syz.1.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 392.007199][T11216] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 392.029908][ T30] audit: type=1326 audit(2000000081.810:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11297 comm="syz.1.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 392.053265][ C1] vkms_vblank_simulate: vblank timer overrun [ 392.079362][T11216] wireguard: wg0: Could not create IPv4 socket [ 392.096599][T11216] wireguard: wg1: Could not create IPv4 socket [ 392.108529][ T30] audit: type=1326 audit(2000000081.810:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11297 comm="syz.1.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 392.150737][ T5812] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 392.153822][T11216] wireguard: wg2: Could not create IPv4 socket [ 392.164463][ T5812] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 392.174520][ T5812] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 392.191732][ T5812] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 392.202165][ T5812] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 392.222968][ T30] audit: type=1326 audit(2000000082.350:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11297 comm="syz.1.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffc0000 [ 392.420232][T11327] Failed to initialize the IGMP autojoin socket (err -2) [ 392.769819][ T5812] Bluetooth: hci1: command tx timeout [ 394.079218][T11366] FAULT_INJECTION: forcing a failure. [ 394.079218][T11366] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 394.092482][T11366] CPU: 1 UID: 0 PID: 11366 Comm: syz.2.1340 Not tainted syzkaller #0 PREEMPT(full) [ 394.092504][T11366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 394.092513][T11366] Call Trace: [ 394.092519][T11366] [ 394.092526][T11366] dump_stack_lvl+0x16c/0x1f0 [ 394.092556][T11366] should_fail_ex+0x512/0x640 [ 394.092586][T11366] _copy_from_user+0x2e/0xd0 [ 394.092603][T11366] copy_msghdr_from_user+0x98/0x160 [ 394.092631][T11366] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 394.092669][T11366] ___sys_sendmsg+0xfe/0x1d0 [ 394.092696][T11366] ? __pfx____sys_sendmsg+0x10/0x10 [ 394.092753][T11366] __sys_sendmsg+0x16d/0x220 [ 394.092778][T11366] ? __pfx___sys_sendmsg+0x10/0x10 [ 394.092820][T11366] do_syscall_64+0xcd/0xfa0 [ 394.092847][T11366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.092864][T11366] RIP: 0033:0x7f428c78eec9 [ 394.092878][T11366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 394.092895][T11366] RSP: 002b:00007f428d6f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 394.092912][T11366] RAX: ffffffffffffffda RBX: 00007f428c9e5fa0 RCX: 00007f428c78eec9 [ 394.092923][T11366] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003 [ 394.092933][T11366] RBP: 00007f428d6f5090 R08: 0000000000000000 R09: 0000000000000000 [ 394.092944][T11366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 394.092953][T11366] R13: 00007f428c9e6038 R14: 00007f428c9e5fa0 R15: 00007fff5fdab7d8 [ 394.092977][T11366] [ 394.289810][ T5812] Bluetooth: hci5: command tx timeout [ 396.369746][ T5812] Bluetooth: hci5: command tx timeout [ 396.726751][T11416] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1345'. [ 396.739170][T11416] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 396.739170][T11416] program syz.3.1345 not setting count and/or reply_len properly [ 397.655830][T11327] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 397.743427][T11327] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 397.792392][T11327] wireguard: wg0: Could not create IPv4 socket [ 397.831273][T11327] wireguard: wg1: Could not create IPv4 socket [ 397.850997][T11327] wireguard: wg2: Could not create IPv4 socket [ 399.650221][ T5816] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 399.662905][ T5816] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 399.674008][ T5816] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 399.699340][ T5816] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 399.707450][ T5816] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 399.799932][ T5970] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 399.818877][ T56] block nbd0: Possible stuck request ffff8880261b0000: control (read@0,1024B). Runtime 90 seconds [ 399.822114][T11474] Failed to initialize the IGMP autojoin socket (err -2) [ 399.834442][ T56] block nbd0: Possible stuck request ffff8880261b01c0: control (read@1024,1024B). Runtime 90 seconds [ 400.305355][ T56] block nbd0: Possible stuck request ffff8880261b0380: control (read@2048,1024B). Runtime 90 seconds [ 400.316333][ T56] block nbd0: Possible stuck request ffff8880261b0540: control (read@3072,1024B). Runtime 90 seconds [ 400.412651][ T5970] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 400.430247][ T5970] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 400.448716][ T5970] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.456828][ T5970] usb 3-1: Product: syz [ 400.461861][ T5970] usb 3-1: Manufacturer: syz [ 400.466449][ T5970] usb 3-1: SerialNumber: syz [ 400.477338][ T5970] usb 3-1: config 0 descriptor?? [ 400.519311][ T5970] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 400.606618][ T9486] udevd[9486]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 400.811735][ T5891] usb 3-1: USB disconnect, device number 35 [ 401.704816][T11474] netdevsim netdevsim5 netdevsim0: renamed from eth9 [ 401.726899][T11474] netdevsim netdevsim5 netdevsim1: renamed from eth10 [ 401.751728][T11474] netdevsim netdevsim5 netdevsim2: renamed from eth11 [ 401.780319][T11474] netdevsim netdevsim5 netdevsim3: renamed from eth12 [ 402.103395][T11563] netlink: 'syz.2.1357': attribute type 1 has an invalid length. [ 402.112917][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 402.112930][ T30] audit: type=1400 audit(2000000348.812:621): avc: denied { append } for pid=11562 comm="syz.3.1358" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 402.186832][T11563] bond1: entered promiscuous mode [ 402.209033][T11563] 8021q: adding VLAN 0 to HW filter on device bond1 [ 402.283840][ T30] audit: type=1400 audit(2000000348.962:622): avc: denied { write } for pid=11561 comm="syz.2.1357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 402.308407][T11568] 8021q: adding VLAN 0 to HW filter on device bond2 [ 402.339801][T11568] bond1: (slave bond2): making interface the new active one [ 402.348034][T11568] bond2: entered promiscuous mode [ 402.353696][T11568] bond1: (slave bond2): Enslaving as an active interface with an up link [ 402.414748][T11563] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 402.472049][T11563] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 402.506468][ T5816] Bluetooth: hci1: command tx timeout [ 402.518434][ T5820] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 402.528516][ T5820] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 402.536186][ T5820] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 402.554228][ T5820] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 402.561825][ T5820] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 403.142897][T11580] Failed to initialize the IGMP autojoin socket (err -2) [ 403.240262][T11474] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 403.260208][T11474] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 403.297429][T11474] wireguard: wg0: Could not create IPv4 socket [ 403.310991][T11474] wireguard: wg1: Could not create IPv4 socket [ 403.326822][T11474] wireguard: wg2: Could not create IPv4 socket [ 403.770081][T11601] vivid-000: disconnect [ 403.798916][T11598] vivid-000: reconnect [ 404.904215][ T5820] Bluetooth: hci3: unexpected event for opcode 0x0c1c [ 405.082189][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 405.090626][ T5812] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 405.098751][ T5812] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 405.107660][ T5812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 405.114865][ T5812] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 405.121934][ T24] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 405.151447][T11650] Failed to initialize the IGMP autojoin socket (err -2) [ 405.297233][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 405.324607][ T24] usb 3-1: unable to get BOS descriptor or descriptor too short [ 405.387398][ T24] usb 3-1: config 4 has an invalid interface number: 147 but max is 0 [ 405.496568][T11658] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1366'. [ 405.580488][ T24] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 406.145172][ T24] usb 3-1: config 4 has no interface number 0 [ 406.177520][ T24] usb 3-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 406.195141][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 406.239690][T11664] fuse: Bad value for 'fd' [ 406.254945][ T24] usb 3-1: Product: 力뉱⳾Eࡻ꒗î²è³…ꑞ〃譃괙 [ 406.261801][ T24] usb 3-1: SerialNumber: ê¾…ä„é†ä‘«ã™²á˜€ï°ŒçŸ¥ãŠ™ã’¤è“¯î¾¹î”¯ã ƒ [ 406.959544][ T24] uvcvideo 3-1:4.147: Found UVC 0.02 device 力뉱⳾Eࡻ꒗î²è³…ꑞ〃譃괙 (04f2:b746) [ 407.020385][ T24] uvcvideo 3-1:4.147: No valid video chain found. [ 407.045332][ T24] usb 3-1: USB disconnect, device number 36 [ 407.164812][ T5812] Bluetooth: hci1: command tx timeout [ 408.343975][T11650] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 408.442770][T11650] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 408.466170][T11650] wireguard: wg0: Could not create IPv4 socket [ 408.476152][T11650] wireguard: wg1: Could not create IPv4 socket [ 408.492393][T11650] wireguard: wg2: Could not create IPv4 socket [ 408.525106][T11711] Option 'D' to dns_resolver key: bad/missing value [ 408.765209][T11714] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1374'. [ 408.796670][T11714] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1374'. [ 410.907104][ T30] audit: type=1400 audit(2000000357.617:623): avc: denied { map } for pid=11774 comm="syz.3.1378" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 411.082525][ T24] usb 3-1: new full-speed USB device number 37 using dummy_hcd [ 411.098892][ T5820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 411.108586][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 411.117604][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 411.123956][T11778] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1378'. [ 411.141082][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 411.151368][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 411.179997][T11780] Failed to initialize the IGMP autojoin socket (err -2) [ 411.245894][ T24] usb 3-1: config 0 has an invalid interface number: 176 but max is 2 [ 411.272779][ T24] usb 3-1: config 0 has no interface number 1 [ 411.293115][ T24] usb 3-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 411.312582][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.337984][ T24] usb 3-1: config 0 descriptor?? [ 411.669864][ T24] usb 3-1: Could not set interface, error -71 [ 411.706743][ T24] usb 3-1: USB disconnect, device number 37 [ 412.111545][T11797] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 412.120884][T11797] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 413.242770][ T5820] Bluetooth: hci1: command tx timeout [ 414.142710][T11780] netdevsim netdevsim5 netdevsim0: renamed from eth9 [ 414.159282][T11780] netdevsim netdevsim5 netdevsim1: renamed from eth10 [ 414.178228][T11780] netdevsim netdevsim5 netdevsim2: renamed from eth11 [ 414.193615][T11780] netdevsim netdevsim5 netdevsim3: renamed from eth12 [ 414.570217][T11834] tipc: Enabling of bearer rejected, failed to enable media [ 415.325095][ T5820] Bluetooth: hci1: command tx timeout [ 415.593358][ T30] audit: type=1326 audit(2000000362.309:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11845 comm="syz.1.1389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7fc00000 [ 415.617675][T11852] netlink: 'syz.1.1389': attribute type 25 has an invalid length. [ 415.701832][ T5812] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 415.711264][ T5812] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 415.718876][ T5812] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 415.727679][ T5812] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 415.735191][ T5812] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 415.804604][T11861] Failed to initialize the IGMP autojoin socket (err -2) [ 415.850795][T11869] Failed to initialize the IGMP autojoin socket (err -2) [ 416.003496][T11780] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 416.034315][T11780] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 416.062895][T11780] wireguard: wg0: Could not create IPv4 socket [ 416.088484][T11780] wireguard: wg1: Could not create IPv4 socket [ 416.103342][T11780] wireguard: wg2: Could not create IPv4 socket [ 416.130067][ T5848] usb 4-1: new full-speed USB device number 28 using dummy_hcd [ 416.268873][ T30] audit: type=1326 audit(2000000362.979:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11845 comm="syz.1.1389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2a7b8eec9 code=0x7fc00000 [ 416.321327][ T5848] usb 4-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 416.333611][ T5848] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 416.356118][ T5848] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 416.365880][ T5848] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.375149][ T5848] usb 4-1: Product: syz [ 416.379362][ T5848] usb 4-1: Manufacturer: syz [ 416.387064][ T5848] usb 4-1: SerialNumber: syz [ 416.805477][ T5848] usb 4-1: 0:2 : does not exist [ 417.316545][ T30] audit: type=1326 audit(2000000364.030:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11921 comm="syz.1.1395" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x0 [ 417.404972][T11928] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1395'. [ 417.715953][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 417.727212][ T5812] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 417.741005][ T5812] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 417.750021][ T5812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 417.757477][ T5812] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 417.827366][T11935] Failed to initialize the IGMP autojoin socket (err -2) [ 419.694930][ T5848] usb 4-1: USB disconnect, device number 28 [ 419.798157][ T5812] Bluetooth: hci1: command tx timeout [ 420.106755][T11967] kAFS: Can only specify source 'none' with -o dyn [ 420.118803][ T5942] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 420.278532][ T5942] usb 3-1: Using ep0 maxpacket: 8 [ 420.288606][ T5942] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 420.302562][ T5942] usb 3-1: config 0 has no interface number 0 [ 420.313297][ T5942] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 420.325980][ T5942] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 420.338860][ T5942] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 420.350488][ T5942] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 420.364605][ T5942] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 420.374212][ T5942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.401306][ T5942] usb 3-1: config 0 descriptor?? [ 420.438426][ T5942] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 420.628573][ T5942] usb 3-1: USB disconnect, device number 38 [ 420.639263][ T5942] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 421.050134][T11935] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 421.069911][T11935] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 421.090785][T11935] wireguard: wg0: Could not create IPv4 socket [ 421.099305][T11935] wireguard: wg1: Could not create IPv4 socket [ 421.108646][T11935] wireguard: wg2: Could not create IPv4 socket [ 421.837280][ T5848] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 422.012595][ T5820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 422.022039][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 422.034786][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 422.043063][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 422.050577][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 422.067316][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 422.079171][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 422.086426][ T5848] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 422.155117][ T5848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.169372][T12008] Failed to initialize the IGMP autojoin socket (err -2) [ 422.196545][ T5848] usb 4-1: config 0 descriptor?? [ 422.278906][T12016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1406'. [ 423.016643][T12026] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1407'. [ 423.029988][T12026] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 423.039886][T12026] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 423.062657][T12026] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 423.070371][T12026] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 423.672076][ T5848] hid-led 0003:27B8:01ED.000D: probe with driver hid-led failed with error -71 [ 423.690127][ T5848] usb 4-1: USB disconnect, device number 29 [ 423.937547][T12044] netlink: 'syz.1.1409': attribute type 3 has an invalid length. [ 423.982265][T12044] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1409'. [ 424.206130][ T5812] Bluetooth: hci1: command tx timeout [ 425.222579][T12077] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1412'. [ 425.233163][T12077] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1412'. [ 426.275629][ T5812] Bluetooth: hci1: command tx timeout [ 426.717639][T12008] netdevsim netdevsim5 netdevsim0: renamed from eth9 [ 426.733840][T12008] netdevsim netdevsim5 netdevsim1: renamed from eth10 [ 426.750513][T12008] netdevsim netdevsim5 netdevsim2: renamed from eth11 [ 426.761964][T12008] netdevsim netdevsim5 netdevsim3: renamed from eth12 [ 427.213823][T12153] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1416'. [ 427.257056][T12153] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1416'. [ 427.260013][T12156] tipc: Started in network mode [ 427.275400][T12156] tipc: Node identity c2bad390e09f, cluster identity 4711 [ 427.282733][T12156] tipc: Enabled bearer , priority 0 [ 427.409148][T12158] syzkaller0: entered promiscuous mode [ 427.424297][T12158] syzkaller0: entered allmulticast mode [ 427.478205][ T30] audit: type=1400 audit(2000000374.195:627): avc: denied { bind } for pid=12161 comm="syz.1.1417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 427.549235][ T30] audit: type=1400 audit(2000000374.215:628): avc: denied { listen } for pid=12161 comm="syz.1.1417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 427.569345][T12008] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 427.607179][ T30] audit: type=1400 audit(2000000374.225:629): avc: denied { ioctl } for pid=12161 comm="syz.1.1417" path="socket:[41628]" dev="sockfs" ino=41628 ioctlcmd=0x5878 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 427.693454][T12156] tipc: Resetting bearer [ 427.758897][T12008] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 427.812362][T12154] tipc: Resetting bearer [ 427.835464][T12154] tipc: Disabling bearer [ 427.861852][ T5820] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 427.872013][ T5820] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 427.880689][ T5820] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 427.902260][T12008] wireguard: wg0: Could not create IPv4 socket [ 427.920777][ T5820] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 427.932256][ T5820] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 427.935428][T12008] wireguard: wg1: Could not create IPv4 socket [ 428.019358][T12008] wireguard: wg2: Could not create IPv4 socket [ 428.095313][T12173] Failed to initialize the IGMP autojoin socket (err -2) [ 428.376686][T12189] netlink: 'syz.2.1420': attribute type 10 has an invalid length. [ 428.512609][ T30] audit: type=1107 audit(2000000375.225:630): pid=12181 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 429.875059][ T56] block nbd0: Possible stuck request ffff8880261b0000: control (read@0,1024B). Runtime 120 seconds [ 430.127771][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 430.138416][ T5812] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 430.146189][ T5812] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 430.158232][ T5812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 430.176741][ T5812] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 430.210791][T12243] Failed to initialize the IGMP autojoin socket (err -2) [ 430.223228][ T5848] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 430.238183][ T30] audit: type=1400 audit(2000000376.956:631): avc: denied { listen } for pid=12247 comm="syz.2.1426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 430.298847][ T56] block nbd0: Possible stuck request ffff8880261b01c0: control (read@1024,1024B). Runtime 120 seconds [ 430.310464][ T56] block nbd0: Possible stuck request ffff8880261b0380: control (read@2048,1024B). Runtime 120 seconds [ 430.323388][ T56] block nbd0: Possible stuck request ffff8880261b0540: control (read@3072,1024B). Runtime 120 seconds [ 430.762100][T12264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1428'. [ 431.000034][T12274] netlink: 'syz.1.1429': attribute type 10 has an invalid length. [ 431.008823][T12274] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.016023][T12274] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.036619][T12274] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.043771][T12274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 431.051197][T12274] bridge0: port 1(bridge_slave_0) entered blocking state [ 431.058324][T12274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 431.094544][T12276] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1429'. [ 431.126964][T12274] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 431.147933][T12276] bridge_slave_1: left allmulticast mode [ 431.173808][T12276] bridge_slave_1: left promiscuous mode [ 431.202766][T12276] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.329477][T12276] bridge_slave_0: left promiscuous mode [ 431.339060][T12276] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.496374][T12276] bond0: (slave bridge0): Releasing backup interface [ 431.725151][T12283] fuse: Bad value for 'fd' [ 432.191998][ T5812] Bluetooth: hci1: command tx timeout [ 432.360774][T12243] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 432.381160][T12243] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 432.399803][T12243] wireguard: wg0: Could not create IPv4 socket [ 432.409116][T12243] wireguard: wg1: Could not create IPv4 socket [ 432.418015][T12243] wireguard: wg2: Could not create IPv4 socket [ 432.973593][ T5848] usb 4-1: unable to get BOS descriptor or descriptor too short [ 432.987717][ T5848] usb 4-1: no configurations [ 433.001987][ T5848] usb 4-1: can't read configurations, error -22 [ 433.247142][ T30] audit: type=1400 audit(2000000379.968:632): avc: denied { append } for pid=12343 comm="syz.2.1432" name="pfkey" dev="proc" ino=4026533453 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 433.860808][ T5820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 433.872425][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 433.880242][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 433.888816][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 433.901575][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 433.968485][T12353] Failed to initialize the IGMP autojoin socket (err -2) [ 435.950096][ T5812] Bluetooth: hci1: command tx timeout [ 436.174347][T12421] veth1_vlan: left promiscuous mode [ 436.847717][T12430] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1447'. [ 436.856977][ T30] audit: type=1400 audit(2000000383.569:633): avc: denied { execute } for pid=12429 comm="syz.2.1447" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 436.899357][T12430] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1447'. [ 436.927556][T12430] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1447'. [ 438.029347][ T5812] Bluetooth: hci1: command tx timeout [ 438.795049][T12478] netlink: 'syz.3.1454': attribute type 1 has an invalid length. [ 438.807737][T12478] netlink: 'syz.3.1454': attribute type 4 has an invalid length. [ 438.828747][T12478] netlink: 208 bytes leftover after parsing attributes in process `syz.3.1454'. [ 438.837779][T12478] NCSI netlink: No device for ifindex 3321692160 [ 439.254967][T12353] netdevsim netdevsim5 netdevsim0: renamed from eth9 [ 439.272328][T12353] netdevsim netdevsim5 netdevsim1: renamed from eth10 [ 439.287597][T12353] netdevsim netdevsim5 netdevsim2: renamed from eth11 [ 439.301291][T12353] netdevsim netdevsim5 netdevsim3: renamed from eth12 [ 439.478931][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.485225][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.758133][T12353] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 439.782603][T12353] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 439.804345][T12353] wireguard: wg0: Could not create IPv4 socket [ 439.814801][T12353] wireguard: wg1: Could not create IPv4 socket [ 439.824333][T12353] wireguard: wg2: Could not create IPv4 socket [ 440.349467][T12550] overlayfs: empty lowerdir [ 440.529505][ T5820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 440.540092][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 440.550320][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 440.560404][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 440.568516][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 440.596971][T12555] Failed to initialize the IGMP autojoin socket (err -2) [ 441.291592][T12584] overlayfs: failed to clone lowerpath [ 441.370294][T12585] overlayfs: failed to clone upperpath [ 441.836822][ T30] audit: type=1400 audit(2000000388.552:634): avc: denied { write } for pid=12593 comm="syz.3.1463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 441.983247][ T30] audit: type=1400 audit(2000000388.552:635): avc: denied { read } for pid=12593 comm="syz.3.1463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 442.608079][ T5820] Bluetooth: hci1: command tx timeout [ 443.495786][T12555] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 443.554315][T12555] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 443.593046][T12555] wireguard: wg0: Could not create IPv4 socket [ 443.618467][T12555] wireguard: wg1: Could not create IPv4 socket [ 443.645140][T12555] wireguard: wg2: Could not create IPv4 socket [ 444.736317][ T5820] Bluetooth: hci1: command tx timeout [ 445.157208][T12652] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1470'. [ 446.724711][ T30] audit: type=1400 audit(2000000393.444:636): avc: denied { getopt } for pid=12727 comm="syz.2.1472" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 446.726991][T12738] netlink: 'syz.3.1473': attribute type 10 has an invalid length. [ 446.795714][ T30] audit: type=1400 audit(2000000393.504:637): avc: denied { create } for pid=12731 comm="syz.1.1474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 447.044584][ T30] audit: type=1107 audit(2000000393.675:638): pid=12729 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 447.214017][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 447.305190][ C1] vkms_vblank_simulate: vblank timer overrun [ 447.324832][ T5812] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 447.332536][ T5812] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 447.341728][ T5812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 447.350485][ T5812] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 447.373361][T12751] Failed to initialize the IGMP autojoin socket (err -2) [ 449.007305][ T30] audit: type=1400 audit(2000000395.736:639): avc: denied { name_bind 0x1000000 } for pid=12789 comm="syz.1.1481" path="socket:[43886]" dev="sockfs" ino=43886 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 449.384164][ T5812] Bluetooth: hci1: command tx timeout [ 449.451530][T12792] Process accounting resumed [ 449.535235][ T30] audit: type=1400 audit(2000000396.266:640): avc: denied { unmount } for pid=5809 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 449.632535][T12789] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 449.760907][T12751] netdevsim netdevsim5 netdevsim0: renamed from eth9 [ 449.771970][T12751] netdevsim netdevsim5 netdevsim1: renamed from eth10 [ 449.782119][T12751] netdevsim netdevsim5 netdevsim2: renamed from eth11 [ 449.805394][T12751] netdevsim netdevsim5 netdevsim3: renamed from eth12 [ 450.234660][T12751] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 450.257074][T12751] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 450.277244][T12751] wireguard: wg0: Could not create IPv4 socket [ 450.285651][T12751] wireguard: wg1: Could not create IPv4 socket [ 450.294360][T12751] wireguard: wg2: Could not create IPv4 socket [ 451.191303][ T5820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 451.201275][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 451.211690][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 451.219543][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 451.228124][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 451.251845][T12880] Failed to initialize the IGMP autojoin socket (err -2) [ 451.269728][ T978] usb 3-1: new full-speed USB device number 39 using dummy_hcd [ 451.413470][ T30] audit: type=1400 audit(2000000398.147:641): avc: denied { ioctl } for pid=12884 comm="syz.3.1489" path="socket:[45566]" dev="sockfs" ino=45566 ioctlcmd=0x581f scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 451.504297][T12889] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1489'. [ 451.513475][T12889] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1489'. [ 451.621524][ T978] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 451.703469][ T978] usb 3-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 451.790683][ T978] usb 3-1: Product: syz [ 451.807063][ T978] usb 3-1: Manufacturer: syz [ 451.811661][ T978] usb 3-1: SerialNumber: syz [ 451.865093][ T978] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 452.288583][ T978] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 452.516284][ T978] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 452.553357][ T978] usb 3-1: USB disconnect, device number 39 [ 453.031247][T12930] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1493'. [ 453.720690][ T5820] Bluetooth: hci1: command tx timeout [ 453.897880][T12937] bond3: entered promiscuous mode [ 453.921765][T12937] bond3: entered allmulticast mode [ 453.952868][T12937] 8021q: adding VLAN 0 to HW filter on device bond3 [ 454.019535][T12937] bond4: entered promiscuous mode [ 454.024666][T12937] bond4: entered allmulticast mode [ 454.030039][T12937] 8021q: adding VLAN 0 to HW filter on device bond4 [ 454.619402][T12880] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 454.656723][T12961] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1501'. [ 454.667300][T12880] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 454.713052][T12880] wireguard: wg0: Could not create IPv4 socket [ 454.758976][T12880] wireguard: wg1: Could not create IPv4 socket [ 454.794456][T12880] wireguard: wg2: Could not create IPv4 socket [ 457.727082][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 457.736342][ T5812] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 457.745760][ T5812] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 457.753565][ T5812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 457.763507][ T5812] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 457.797384][T13086] Failed to initialize the IGMP autojoin socket (err -2) [ 459.858395][ T5820] Bluetooth: hci1: command tx timeout [ 459.978365][ T56] block nbd0: Possible stuck request ffff8880261b0000: control (read@0,1024B). Runtime 150 seconds [ 460.298084][ T56] block nbd0: Possible stuck request ffff8880261b01c0: control (read@1024,1024B). Runtime 150 seconds [ 460.309081][ T56] block nbd0: Possible stuck request ffff8880261b0380: control (read@2048,1024B). Runtime 150 seconds [ 460.340742][ T56] block nbd0: Possible stuck request ffff8880261b0540: control (read@3072,1024B). Runtime 150 seconds [ 460.823049][T13086] netdevsim netdevsim5 netdevsim0: renamed from eth9 [ 460.865011][T13086] netdevsim netdevsim5 netdevsim1: renamed from eth10 [ 460.892520][T13086] netdevsim netdevsim5 netdevsim2: renamed from eth11 [ 460.928215][T13086] netdevsim netdevsim5 netdevsim3: renamed from eth12 [ 461.421975][T13155] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1512'. [ 461.481007][T13155] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1512'. [ 461.546031][T13086] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 461.614065][T13086] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 461.638509][ T978] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 461.658072][ T5942] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 461.701558][T13086] wireguard: wg0: Could not create IPv4 socket [ 461.719068][T13086] wireguard: wg1: Could not create IPv4 socket [ 461.745667][T13086] wireguard: wg2: Could not create IPv4 socket [ 461.762983][ T5812] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 461.771968][ T5812] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 461.785553][ T5812] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 461.793369][ T5812] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 461.800862][ T5812] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 461.855763][T13161] Failed to initialize the IGMP autojoin socket (err -2) [ 462.042190][ T978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.057126][ T5820] Bluetooth: hci1: command tx timeout [ 462.082163][ T978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 463.023532][ T978] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 463.038767][ T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.054309][ T978] usb 3-1: config 0 descriptor?? [ 463.866796][ T5820] Bluetooth: hci5: command tx timeout [ 463.885994][ T978] hid-led 0003:27B8:01ED.000E: probe with driver hid-led failed with error -71 [ 463.916936][ T978] usb 3-1: USB disconnect, device number 40 [ 464.432045][ T5942] usb 4-1: unable to get BOS descriptor or descriptor too short [ 464.565106][ T5942] usb 4-1: no configurations [ 464.630057][ T5942] usb 4-1: can't read configurations, error -22 [ 464.773838][T13225] Failed to initialize the IGMP autojoin socket (err -2) [ 465.130319][T13161] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 465.163604][T13161] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 465.314088][T13240] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1520'. [ 465.362700][ T30] audit: type=1400 audit(2000000411.984:642): avc: denied { write } for pid=13233 comm="syz.2.1520" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 465.572025][T13161] wireguard: wg0: Could not create IPv4 socket [ 465.605759][T13161] wireguard: wg1: Could not create IPv4 socket [ 465.614222][T13161] wireguard: wg2: Could not create IPv4 socket [ 466.306539][ T30] audit: type=1400 audit(2000000412.974:643): avc: denied { mount } for pid=13245 comm="syz.2.1522" name="/" dev="hugetlbfs" ino=47567 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 467.287721][T13284] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1525'. [ 467.301971][T13284] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1525'. [ 468.261655][T13296] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1526'. [ 468.270862][T13296] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1526'. [ 470.069366][T13384] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1531'. [ 471.148655][T13392] can: request_module (can-proto-3) failed. [ 471.267900][ T30] audit: type=1400 audit(2000000417.206:644): avc: denied { mount } for pid=13383 comm="syz.1.1529" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 471.546447][ T5891] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 471.610317][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 471.621711][ T5812] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 471.629942][ T5812] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 471.640512][ T5812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 471.653967][ T5812] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 471.683268][T13397] Failed to initialize the IGMP autojoin socket (err -2) [ 471.712724][ T5891] usb 4-1: Using ep0 maxpacket: 32 [ 471.732630][ T5891] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 471.786698][ T5891] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 471.810669][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 471.820543][ T5891] usb 4-1: Product: syz [ 471.825107][ T5891] usb 4-1: Manufacturer: syz [ 471.829693][ T5891] usb 4-1: SerialNumber: syz [ 471.843961][ T5891] usb 4-1: config 0 descriptor?? [ 471.849507][T13384] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 472.147144][T13168] usb 4-1: USB disconnect, device number 34 [ 472.415423][T13397] netdevsim netdevsim5 netdevsim0: renamed from eth9 [ 472.426843][T13397] netdevsim netdevsim5 netdevsim1: renamed from eth10 [ 472.446777][T13397] netdevsim netdevsim5 netdevsim2: renamed from eth11 [ 472.457305][T13397] netdevsim netdevsim5 netdevsim3: renamed from eth12 [ 472.904928][T13397] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 472.943842][T13397] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 472.962254][T13397] wireguard: wg0: Could not create IPv4 socket [ 472.971115][T13397] wireguard: wg1: Could not create IPv4 socket [ 472.982943][T13397] wireguard: wg2: Could not create IPv4 socket [ 473.215592][T13464] netlink: 'syz.1.1532': attribute type 4 has an invalid length. [ 473.382527][T13474] IPv6: sit1: Disabled Multicast RS [ 473.388529][T13474] sit1: entered allmulticast mode [ 473.421394][ T30] audit: type=1326 audit(2000000420.138:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13465 comm="syz.2.1533" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f428c78eec9 code=0x0 [ 473.629760][T13482] netlink: 'syz.1.1536': attribute type 10 has an invalid length. [ 473.696075][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 473.705907][ T5812] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 473.714280][ T5812] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 473.722638][ T5812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 473.730184][ T5812] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 473.760739][T13484] Failed to initialize the IGMP autojoin socket (err -2) [ 473.783468][ T30] audit: type=1107 audit(2000000420.528:646): pid=13481 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 473.986578][T13494] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1537'. [ 473.997717][T13494] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1537'. [ 475.648166][T13524] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket pid=13524 comm=syz.1.1542 [ 475.773881][ T5820] Bluetooth: hci1: command tx timeout [ 475.860651][ T5942] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 476.023888][ T5942] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 476.035937][ T5942] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 476.075776][ T5942] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 476.113877][ T5942] usb 3-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 476.126446][ T5942] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.143448][ T5942] usb 3-1: Product: syz [ 476.152002][ T5942] usb 3-1: Manufacturer: syz [ 476.163660][ T5942] usb 3-1: SerialNumber: syz [ 476.193108][ T5942] usb 3-1: config 0 descriptor?? [ 476.206634][ T5942] iguanair 3-1:0.0: probe with driver iguanair failed with error -12 [ 476.413218][ T30] audit: type=1400 audit(2000000423.159:647): avc: denied { accept } for pid=13531 comm="syz.2.1544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 476.441964][ T5891] usb 3-1: USB disconnect, device number 41 [ 476.497175][ T30] audit: type=1400 audit(2000000423.179:648): avc: denied { read } for pid=13531 comm="syz.2.1544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 476.595785][T13570] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1549'. [ 476.637558][T13570] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1549'. [ 476.647722][T13484] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 476.684114][T13484] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 476.707467][T13484] wireguard: wg0: Could not create IPv4 socket [ 476.748865][T13484] wireguard: wg1: Could not create IPv4 socket [ 476.790103][T13484] wireguard: wg2: Could not create IPv4 socket [ 476.903071][T13576] vlan0: entered promiscuous mode [ 476.985980][ T30] audit: type=1400 audit(2000000423.730:649): avc: denied { write } for pid=13579 comm="syz.2.1553" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 477.103333][T13587] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1553'. [ 477.574100][T13598] trusted_key: encrypted_key: insufficient parameters specified [ 477.583054][T13598] trusted_key: encrypted_key: insufficient parameters specified [ 477.723325][T13602] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1555'. [ 478.789736][ T30] audit: type=1326 audit(2000000425.530:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13613 comm="syz.1.1557" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc2a7b8eec9 code=0x7ffe0000 [ 479.098497][ T5877] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 479.269899][ T5877] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 479.288384][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.306123][ T5877] usb 3-1: config 0 descriptor?? [ 479.322394][ T5877] cp210x 3-1:0.0: cp210x converter detected [ 479.730163][ T5877] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 479.740839][ T5877] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 479.758165][ T5877] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 479.786510][ T5877] usb 3-1: cp210x converter now attached to ttyUSB0 [ 479.821963][ T5877] usb 3-1: USB disconnect, device number 42 [ 479.838645][ T5877] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 479.860126][ T5877] cp210x 3-1:0.0: device disconnected [ 480.958752][T13686] kvm: kvm [13678]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x255a5214c26516b6 [ 481.530659][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 481.549777][ T5812] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 481.558561][ T5812] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 481.568779][ T5812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 481.593686][ T5812] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 481.684197][T13690] Failed to initialize the IGMP autojoin socket (err -2) [ 482.285481][T13690] netdevsim netdevsim5 netdevsim0: renamed from eth9 [ 482.310502][T13690] netdevsim netdevsim5 netdevsim1: renamed from eth10 [ 482.331406][T13690] netdevsim netdevsim5 netdevsim2: renamed from eth11 [ 482.364345][T13690] netdevsim netdevsim5 netdevsim3: renamed from eth12 [ 483.031799][T13690] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 483.050415][T13690] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 483.068980][T13690] wireguard: wg0: Could not create IPv4 socket [ 483.077757][T13690] wireguard: wg1: Could not create IPv4 socket [ 483.085862][T13690] wireguard: wg2: Could not create IPv4 socket [ 483.442963][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 483.457100][ T5812] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 483.465134][ T5812] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 483.617327][T13795] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1564'. [ 483.665951][ T5812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 483.679595][ T5812] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 483.815429][ T5848] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 483.841217][T13792] Failed to initialize the IGMP autojoin socket (err -2) [ 483.977226][ T5848] usb 3-1: Using ep0 maxpacket: 8 [ 483.989896][ T5848] usb 3-1: config 0 has an invalid interface number: 110 but max is 0 [ 483.999409][ T5848] usb 3-1: config 0 has no interface number 0 [ 484.012689][ T5848] usb 3-1: config 0 interface 110 has no altsetting 0 [ 484.022242][ T5848] usb 3-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=f6.56 [ 484.032129][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.041240][ T5848] usb 3-1: Product: syz [ 484.049709][ T5848] usb 3-1: Manufacturer: syz [ 484.084125][ T5848] usb 3-1: SerialNumber: syz [ 484.100336][ T5848] usb 3-1: config 0 descriptor?? [ 484.325590][T13789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 484.335703][T13789] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 484.349459][T11971] usb 3-1: USB disconnect, device number 43 [ 484.531897][T13807] netlink: 'syz.3.1567': attribute type 4 has an invalid length. [ 485.278237][T13817] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1569'. [ 485.845524][ T5812] Bluetooth: hci1: command tx timeout [ 486.125706][T13825] netlink: 'syz.2.1571': attribute type 1 has an invalid length. [ 486.262188][T13833] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1571'. [ 486.283115][T13825] 8021q: adding VLAN 0 to HW filter on device bond5 [ 486.846242][T13833] bond5 (unregistering): Released all slaves [ 486.954560][ T5848] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 486.994779][T13792] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 487.067112][T13792] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 487.109306][T13792] wireguard: wg0: Could not create IPv4 socket [ 487.135524][T13792] wireguard: wg1: Could not create IPv4 socket [ 487.172945][T13792] wireguard: wg2: Could not create IPv4 socket [ 487.215764][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 487.234608][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 487.264385][ T5848] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 487.283611][ T5848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.303578][ T5848] usb 4-1: config 0 descriptor?? [ 487.873017][T13850] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1576'. [ 487.914298][T13850] batadv0: entered promiscuous mode [ 487.919558][T13850] batadv0: entered allmulticast mode [ 488.858569][ T5848] hid-led 0003:27B8:01ED.000F: probe with driver hid-led failed with error -71 [ 488.877385][ T5848] usb 4-1: USB disconnect, device number 35 [ 490.003279][ T56] block nbd0: Possible stuck request ffff8880261b0000: control (read@0,1024B). Runtime 180 seconds [ 490.304840][ T56] block nbd0: Possible stuck request ffff8880261b01c0: control (read@1024,1024B). Runtime 180 seconds [ 490.315925][ T56] block nbd0: Possible stuck request ffff8880261b0380: control (read@2048,1024B). Runtime 180 seconds [ 490.353022][ T56] block nbd0: Possible stuck request ffff8880261b0540: control (read@3072,1024B). Runtime 180 seconds [ 492.382175][ T5820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 492.426336][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 492.434613][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 492.453103][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 492.460712][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 492.514162][T13991] Failed to initialize the IGMP autojoin socket (err -2) [ 493.665825][T13991] netdevsim netdevsim5 netdevsim0: renamed from eth9 [ 493.682441][T13991] netdevsim netdevsim5 netdevsim1: renamed from eth10 [ 493.700126][T13991] netdevsim netdevsim5 netdevsim2: renamed from eth11 [ 493.717195][T13991] netdevsim netdevsim5 netdevsim3: renamed from eth12 [ 494.218360][T13991] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 494.243659][T13991] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 494.262374][T13991] wireguard: wg0: Could not create IPv4 socket [ 494.270638][T13991] wireguard: wg1: Could not create IPv4 socket [ 494.286872][T13991] wireguard: wg2: Could not create IPv4 socket [ 495.219109][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 495.229304][ T5812] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 495.238931][ T5812] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 495.456395][ T5812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 495.464333][ T5812] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 495.501917][T14063] Failed to initialize the IGMP autojoin socket (err -2) [ 495.838349][T14074] comedi comedi0: comedi_config --init_data is deprecated [ 497.520590][ T5812] Bluetooth: hci1: command tx timeout [ 497.709501][ T5933] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 497.872688][ T5933] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 497.884159][ T5933] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 497.910915][ T5933] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 497.929643][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.947852][ T5933] usb 4-1: config 0 descriptor?? [ 498.168645][T14063] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 498.191848][T14063] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 498.214784][T14063] wireguard: wg0: Could not create IPv4 socket [ 498.224025][T14063] wireguard: wg1: Could not create IPv4 socket [ 498.232957][T14063] wireguard: wg2: Could not create IPv4 socket [ 498.791455][ T5933] hid-led 0003:27B8:01ED.0010: probe with driver hid-led failed with error -71 [ 498.832706][ T5933] usb 4-1: USB disconnect, device number 36 [ 500.648171][ T5933] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 501.080355][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.086686][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.290623][ T5933] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 501.305661][ T5933] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.386440][ T5933] usb 4-1: Product: syz [ 501.396604][ T5933] usb 4-1: Manufacturer: syz [ 501.404053][ T5933] usb 4-1: SerialNumber: syz [ 502.489267][T14224] netlink: 'syz.1.1605': attribute type 27 has an invalid length. [ 503.773914][T14191] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 503.784231][T14191] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 503.993477][ T5933] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000044. ret = -EPROTO [ 504.008343][ T5933] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 504.021224][ T5933] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 504.033941][ T5933] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 504.045208][ T5933] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 504.059427][ T5933] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 504.077283][ T5933] usb 4-1: USB disconnect, device number 37 [ 504.775789][ T31] INFO: task syz.0.1219:10372 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 504.849990][ T31] Not tainted syzkaller #0 [ 504.953451][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 505.051434][ T31] task:syz.0.1219 state:D stack:28344 pid:10372 tgid:10364 ppid:5806 task_flags:0x400040 flags:0x00080002 [ 505.063714][ T31] Call Trace: [ 505.067482][ T31] [ 505.070420][ T31] __schedule+0x1190/0x5de0 [ 505.075042][ T31] ? __pfx___schedule+0x10/0x10 [ 505.077243][T14318] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1608'. [ 505.080294][ T31] ? find_held_lock+0x2b/0x80 [ 505.111950][ T31] ? schedule+0x2d7/0x3a0 [ 505.128046][ T31] ? bdev_open+0x41a/0xe40 [ 505.132477][ T31] schedule+0xe7/0x3a0 [ 505.173695][ T31] schedule_preempt_disabled+0x13/0x30 [ 505.205847][ T31] __mutex_lock+0x818/0x1060 [ 505.235442][ T31] ? bdev_open+0x41a/0xe40 [ 505.239879][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 505.244920][ T31] ? bdev_open+0x41a/0xe40 [ 505.288516][ T31] bdev_open+0x41a/0xe40 [ 505.292779][ T31] ? iput+0x35/0x40 [ 505.325352][ T31] blkdev_open+0x34e/0x4f0 [ 505.329795][ T31] do_dentry_open+0x97f/0x1530 [ 505.334561][ T31] ? __pfx_blkdev_open+0x10/0x10 [ 505.370170][ T31] vfs_open+0x82/0x3f0 [ 505.374269][ T31] path_openat+0x1de4/0x2cb0 [ 505.379276][ T31] ? __pfx_path_openat+0x10/0x10 [ 505.384220][ T31] do_filp_open+0x20b/0x470 [ 505.394058][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 505.395335][ T5891] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 505.399687][ T31] ? alloc_fd+0x471/0x7d0 [ 505.411134][ T31] do_sys_openat2+0x11b/0x1d0 [ 505.416640][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 505.421859][ T31] __x64_sys_openat+0x174/0x210 [ 505.427297][ T31] ? __pfx___x64_sys_openat+0x10/0x10 [ 505.432686][ T31] do_syscall_64+0xcd/0xfa0 [ 505.437664][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.445306][ T31] RIP: 0033:0x7f9226d8d710 [ 505.449728][ T31] RSP: 002b:00007f9227ca8b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 505.475238][ T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f9226d8d710 [ 505.483215][ T31] RDX: 0000000000000002 RSI: 00007f9227ca8c10 RDI: 00000000ffffff9c [ 505.505992][ T31] RBP: 00007f9227ca8c10 R08: 0000000000000000 R09: 002364626e2f7665 [ 505.513970][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd [ 505.555307][ T31] R13: 00007f9226fe6128 R14: 00007f9226fe6090 R15: 00007ffd357698e8 [ 505.563309][ T31] [ 505.578826][ T31] [ 505.578826][ T31] Showing all locks held in the system: [ 505.595345][ T31] 1 lock held by rcu_exp_gp_kthr/18: [ 505.600637][ T31] 3 locks held by kworker/1:0/24: [ 505.615215][ T31] 1 lock held by khungtaskd/31: [ 505.620061][ T31] #0: ffffffff8e3c44a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 505.665462][ T31] 2 locks held by getty/5569: [ 505.670140][ T31] #0: ffff8880316790a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 505.715116][ T31] #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 505.727234][ T31] 5 locks held by kworker/1:7/5891: [ 505.732428][ T31] #0: ffff88801e2eb548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 505.743708][ T31] #1: ffffc9000462fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 505.758055][ T31] #2: ffff88802937b198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fe0 [ 505.767140][ T31] #3: ffff88802937e518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x2981/0x4fe0 [ 505.777315][ T31] #4: ffff888029233168 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x29aa/0x4fe0 [ 505.787459][ T31] 1 lock held by udevd/6402: [ 505.792048][ T31] #0: ffff888143796358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40 [ 505.801766][ T31] 1 lock held by syz.1.1039/9445: [ 505.806978][ T31] #0: ffffffff8e3cfa38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 505.818885][ T31] 1 lock held by syz.3.1085/9619: [ 505.823902][ T31] #0: ffffffff8e3cf900 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0 [ 505.834247][ T31] 1 lock held by syz.0.1219/10372: [ 505.839546][ T31] #0: ffff888143796358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40 [ 505.849331][ T31] 1 lock held by syz-executor/14063: [ 505.854606][ T31] #0: ffffffff8e3cf900 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0 [ 505.864833][ T31] 1 lock held by syz.2.1607/14319: [ 505.872607][ T31] #0: ffffffff8e3cfa38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 505.883128][ T31] 1 lock held by sed/14333: [ 505.887875][ T31] [ 505.925983][ T31] ============================================= [ 505.925983][ T31] [ 505.934393][ T31] NMI backtrace for cpu 0 [ 505.934405][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 505.934424][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 505.934434][ T31] Call Trace: [ 505.934439][ T31] [ 505.934446][ T31] dump_stack_lvl+0x116/0x1f0 [ 505.934475][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 505.934493][ T31] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 505.934518][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 505.934544][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 505.934567][ T31] watchdog+0xf3f/0x1170 [ 505.934594][ T31] ? rcu_is_watching+0x12/0xc0 [ 505.934617][ T31] ? __pfx_watchdog+0x10/0x10 [ 505.934636][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 505.934663][ T31] ? __kthread_parkme+0x19e/0x250 [ 505.934689][ T31] ? __pfx_watchdog+0x10/0x10 [ 505.934710][ T31] kthread+0x3c2/0x780 [ 505.934728][ T31] ? __pfx_kthread+0x10/0x10 [ 505.934747][ T31] ? rcu_is_watching+0x12/0xc0 [ 505.934768][ T31] ? __pfx_kthread+0x10/0x10 [ 505.934790][ T31] ret_from_fork+0x672/0x7d0 [ 505.934805][ T31] ? __pfx_kthread+0x10/0x10 [ 505.934822][ T31] ret_from_fork_asm+0x1a/0x30 [ 505.934853][ T31] [ 505.934859][ T31] Sending NMI from CPU 0 to CPUs 1: [ 506.066343][ C1] NMI backtrace for cpu 1 [ 506.066356][ C1] CPU: 1 UID: 0 PID: 9445 Comm: syz.1.1039 Not tainted syzkaller #0 PREEMPT(full) [ 506.066372][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 506.066380][ C1] RIP: 0010:lock_acquire+0x44/0x350 [ 506.066396][ C1] Code: cd 53 48 89 fb 48 83 ec 38 65 48 8b 05 fd da 0b 12 48 89 44 24 30 31 c0 66 90 65 8b 05 19 db 0b 12 83 f8 07 0f 87 bc 02 00 00 <89> c0 48 0f a3 05 a2 da ea 0e 0f 82 74 02 00 00 8b 35 1a 0b eb 0e [ 506.066409][ C1] RSP: 0018:ffffc9000ea878b8 EFLAGS: 00000297 [ 506.066421][ C1] RAX: 0000000000000001 RBX: ffffffff8e3c44a0 RCX: 0000000000000002 [ 506.066429][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e3c44a0 [ 506.066438][ C1] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 506.066446][ C1] R10: ffffea0001975ef7 R11: 0000000000000000 R12: 0000000000000000 [ 506.066454][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 506.066461][ C1] FS: 0000000000000000(0000) GS:ffff888124add000(0000) knlGS:0000000000000000 [ 506.066483][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 506.066492][ C1] CR2: 000055b26f2bb300 CR3: 00000000293d0000 CR4: 00000000003526f0 [ 506.066501][ C1] Call Trace: [ 506.066505][ C1] [ 506.066510][ C1] ? lock_acquire+0x179/0x350 [ 506.066524][ C1] page_ext_get+0x36/0x1a0 [ 506.066546][ C1] ? page_ext_get+0x25/0x1a0 [ 506.066563][ C1] __reset_page_owner+0x2b/0x1a0 [ 506.066577][ C1] __free_frozen_pages+0x7df/0x1160 [ 506.066595][ C1] ? ___free_pages+0xcd/0x220 [ 506.066610][ C1] vfree+0x1fd/0xb50 [ 506.066624][ C1] ? find_held_lock+0x2b/0x80 [ 506.066640][ C1] ? rcu_is_watching+0x12/0xc0 [ 506.066656][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 506.066676][ C1] ? __pfx_kcov_close+0x10/0x10 [ 506.066691][ C1] kcov_close+0x34/0x60 [ 506.066705][ C1] __fput+0x3ff/0xb70 [ 506.066721][ C1] ? cleanup_mnt+0x26b/0x450 [ 506.066740][ C1] task_work_run+0x14d/0x240 [ 506.066754][ C1] ? __pfx_task_work_run+0x10/0x10 [ 506.066771][ C1] do_exit+0x86f/0x2bf0 [ 506.066791][ C1] ? __pfx_do_exit+0x10/0x10 [ 506.066808][ C1] ? cgroup_update_frozen_flag+0x107/0x210 [ 506.066822][ C1] ? find_held_lock+0x2b/0x80 [ 506.066839][ C1] do_group_exit+0xd3/0x2a0 [ 506.066857][ C1] get_signal+0x2671/0x26d0 [ 506.066875][ C1] ? hrtimer_nanosleep+0x187/0x380 [ 506.066892][ C1] ? __pfx_get_signal+0x10/0x10 [ 506.066908][ C1] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 506.066923][ C1] arch_do_signal_or_restart+0x8f/0x7c0 [ 506.066939][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 506.066958][ C1] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 506.066977][ C1] exit_to_user_mode_loop+0x85/0x130 [ 506.066990][ C1] do_syscall_64+0x426/0xfa0 [ 506.067010][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.067023][ C1] RIP: 0033:0x7fc2a7bc1785 [ 506.067033][ C1] Code: Unable to access opcode bytes at 0x7fc2a7bc175b. [ 506.067039][ C1] RSP: 002b:00007fc2a898ef80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 506.067050][ C1] RAX: fffffffffffffdfc RBX: 00007fc2a7de5fa0 RCX: 00007fc2a7bc1785 [ 506.067059][ C1] RDX: 00007fc2a898efc0 RSI: 0000000000000000 RDI: 0000000000000000 [ 506.067066][ C1] RBP: 00007fc2a7c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 506.067074][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 506.067081][ C1] R13: 00007fc2a7de6038 R14: 00007fc2a7de5fa0 R15: 00007ffdacf9c328 [ 506.067095][ C1] [ 506.487245][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 506.494105][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 506.503206][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 506.513253][ T31] Call Trace: [ 506.516519][ T31] [ 506.519463][ T31] dump_stack_lvl+0x3d/0x1f0 [ 506.524059][ T31] vpanic+0x640/0x6f0 [ 506.528044][ T31] panic+0xca/0xd0 [ 506.531763][ T31] ? __pfx_panic+0x10/0x10 [ 506.536184][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 506.541554][ T31] ? nmi_trigger_cpumask_backtrace+0x1b1/0x300 [ 506.547704][ T31] ? watchdog+0xe48/0x1170 [ 506.552115][ T31] ? watchdog+0xe3b/0x1170 [ 506.556526][ T31] watchdog+0xe59/0x1170 [ 506.560772][ T31] ? rcu_is_watching+0x12/0xc0 [ 506.565535][ T31] ? __pfx_watchdog+0x10/0x10 [ 506.570210][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 506.575412][ T31] ? __kthread_parkme+0x19e/0x250 [ 506.580450][ T31] ? __pfx_watchdog+0x10/0x10 [ 506.585124][ T31] kthread+0x3c2/0x780 [ 506.589188][ T31] ? __pfx_kthread+0x10/0x10 [ 506.593761][ T31] ? rcu_is_watching+0x12/0xc0 [ 506.598512][ T31] ? __pfx_kthread+0x10/0x10 [ 506.603083][ T31] ret_from_fork+0x672/0x7d0 [ 506.607652][ T31] ? __pfx_kthread+0x10/0x10 [ 506.612223][ T31] ret_from_fork_asm+0x1a/0x30 [ 506.616980][ T31] [ 506.620153][ T31] Kernel Offset: disabled [ 506.624450][ T31] Rebooting in 86400 seconds..