last executing test programs: 2m36.950399744s ago: executing program 4 (id=2362): setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2m36.564037518s ago: executing program 4 (id=2365): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB], 0x0, 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = syz_open_procfs(0x0, 0x0) pread64(r5, &(0x7f0000032140)=""/102344, 0x18fc8, 0x4000c2a) ioctl$vim2m_VIDIOC_QUERYBUF(r5, 0xc0585609, &(0x7f0000000340)=@userptr={0xd, 0x3, 0x0, 0xe000, 0x4, {0x0, 0x2710}, {0x2, 0x8, 0x5, 0x2, 0x9, 0x20, "ce7f9a90"}, 0x7fffffff, 0x2, {&(0x7f0000000300)}, 0x1}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x44, r7, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x44}}, 0x0) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) 2m34.551439346s ago: executing program 4 (id=2371): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2}) 2m33.156831383s ago: executing program 4 (id=2375): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x2f126000) setpgid(0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) write(r2, &(0x7f0000000140)="24000000010006", 0x7) fcntl$notify(r0, 0x402, 0x8) cachestat(r1, 0x0, &(0x7f0000002280), 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c80), r5) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002bbd7000fcdbdf253700000008000300", @ANYRES32, @ANYBLOB="080026006c0900000008005700004800000000000000000000000000000000004af2c64b8e3a6bd1b8fb034d1fbeac3ce54417559f931fd9a99aaad9bd0ec16f166529dea64ab6a622503b46bf0428ee8429b7c5d4b9e0c093043f62e6cac6fc899f499877faf2803bdb7c31b48b1e251710be15bc5b7c720305a687050c8f6a310c3fdc5a2c9461565ba6bc0cc0b5039f6f34b43931e05e6f58c8b6d8ee03aba1df"], 0x3c}, 0x1, 0x0, 0x0, 0x8850}, 0x4000) r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r7, &(0x7f0000001180)={0x23d, 0x7d, 0x0, {{0x500, 0xfc, 0x0, 0xfffffffa, {}, 0x1bac0000, 0x0, 0x0, 0x0, 0x25, '\x04no\xc8f\xc9}`\x99\x06\x00\x00\x00\x00\x00\x00\x00\x90\x00\x00\x1d\xf6\xdb\x00\x00\x00\x00\x00\x00=\xd3\x00\x00\x00\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x17, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x0fX\x05\x02\xb6n\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x05\x00\x00\x00\x00\x00\x00\x00\xc2g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23d) preadv(r7, &(0x7f0000000040)=[{&(0x7f00000013c0)=""/4100, 0x1004}], 0x1, 0x0, 0x0) 2m31.46257516s ago: executing program 4 (id=2379): syz_open_dev$mouse(0x0, 0x0, 0x2042) io_uring_setup(0x52b4, &(0x7f0000000240)={0x0, 0x1332, 0x10000, 0x0, 0x1d}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe1000/0x18000)=nil, 0x0, 0x0, 0x34, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0) r3 = syz_open_dev$vbi(0x0, 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000001c0)=0x1) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x5, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r4}, 0x10) creat(&(0x7f00000002c0)='./file0\x00', 0x109) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)=[0x1], 0x0, 0x0, 0x1, 0x1}}, 0x40) r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4}}}}) 2m30.444732629s ago: executing program 4 (id=2383): r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x80000000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) 2m15.296537229s ago: executing program 32 (id=2383): r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x80000000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) 1m21.591463959s ago: executing program 0 (id=2587): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) ptrace$ARCH_GET_CPUID(0x1e, r0, 0x0, 0x1011) socket(0x2, 0x80805, 0x0) r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001aa40)=""/102400, 0x19000) ioctl$SG_IO(r1, 0x2285, 0x0) writev(r1, &(0x7f0000000400)=[{&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x17}]}, &(0x7f0000000040)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r3, 0x0, 0x25, 0x0, @void}, 0x10) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) getpid() 1m18.973501099s ago: executing program 0 (id=2593): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x1612c2, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, &(0x7f0000000300)=0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004f00), 0x0, 0x0) r5 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) write$binfmt_register(r5, &(0x7f0000000180)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x7, 0x3a, 's\x05\x00\x00\x00ller\x00', 0x3a, 'Sy\x00[\xea\xe1lq\x00\x00\x00\x002#', 0x3a, './file0', 0x3a, [0x4f, 0x43]}, 0x41) 1m17.530143277s ago: executing program 0 (id=2597): epoll_create1(0x0) openat$urandom(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0) ioctl$TIOCPKT(r0, 0x5420, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20) connect$l2tp6(r2, 0x0, 0x0) sendmmsg$inet6(r2, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00) 1m16.163984531s ago: executing program 0 (id=2602): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) 1m15.457069957s ago: executing program 0 (id=2604): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10000008, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/if_inet6\x00') pread64(r3, &(0x7f0000001240)=""/102400, 0x200000, 0x2000000) 1m12.703384909s ago: executing program 0 (id=2613): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r6 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x8000}) r8 = fcntl$dupfd(r7, 0x406, r0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r8}) 1m11.1491336s ago: executing program 33 (id=2613): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r6 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x8000}) r8 = fcntl$dupfd(r7, 0x406, r0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r8}) 56.533650313s ago: executing program 5 (id=2659): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x88, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x49, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @random=0x8, 0x1, @void, @val, @val={0x3, 0x1, 0x84}, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x2, 0x0, 0x7, 0x0, {0x6, 0x2, 0x0, 0xbc}, 0x400, 0x3, 0x9}}, @void, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x88}}, 0x0) 56.331197485s ago: executing program 5 (id=2660): syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) io_uring_setup(0x52b4, &(0x7f0000000240)={0x0, 0x1332, 0x10000, 0x0, 0x1d}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe1000/0x18000)=nil, 0x0, 0x0, 0x34, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0) r3 = syz_open_dev$vbi(0x0, 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000001c0)=0x1) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x5, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r4}, 0x10) creat(&(0x7f00000002c0)='./file0\x00', 0x109) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)=[0x1], 0x0, 0x0, 0x1, 0x1}}, 0x40) r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4}}}}) 52.122619924s ago: executing program 5 (id=2668): fsopen(&(0x7f0000000000)='pipefs\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[], 0x48) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) stat(0x0, &(0x7f0000000240)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1000, 0x800, &(0x7f0000000900)) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x2) readv(r3, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000400)=""/184, 0xb8}, {&(0x7f0000000a00)=""/237, 0xed}, {&(0x7f0000000b00)=""/244, 0xf4}], 0x4) ioctl$TIOCVHANGUP(r3, 0x5437, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 45.513245463s ago: executing program 5 (id=2687): sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) add_key(0x0, 0x0, &(0x7f0000000100)="305c0605e182d1447ad1ad837003", 0xe, 0xfffffffffffffffe) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffffff280012800b"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xffffffffffffff02, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 40.804325694s ago: executing program 5 (id=2696): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) close(0xffffffffffffffff) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0b00000000010000000100000900000001"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0x8, r4}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r4}, 0x38) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) add_key(0x0, &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x7}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @loopback}, 0x1c) shutdown(r5, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r0, 0xffffffffffffffff, 0x1b, 0x0, @val=@tracing={0x0, 0x5}}, 0x20) 38.930842871s ago: executing program 5 (id=2700): r0 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x38, 0x1403, 0x1, 0x70bd2d, 0xffffffff, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'wlan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40854}, 0x40000) mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000000c0)=0x0) capget(&(0x7f00000001c0)={0x20071026, r4}, &(0x7f0000000040)={0x6, 0xfffff795, 0x40, 0xfffffbf9, 0x1, 0x5}) syz_clone(0x0, 0x0, 0xffffffda, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x8, [{0x0, 0x2, 0x2}]}, @ptr]}}, 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) 23.760329933s ago: executing program 34 (id=2700): r0 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x38, 0x1403, 0x1, 0x70bd2d, 0xffffffff, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'wlan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40854}, 0x40000) mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000000c0)=0x0) capget(&(0x7f00000001c0)={0x20071026, r4}, &(0x7f0000000040)={0x6, 0xfffff795, 0x40, 0xfffffbf9, 0x1, 0x5}) syz_clone(0x0, 0x0, 0xffffffda, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x8, [{0x0, 0x2, 0x2}]}, @ptr]}}, 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) 14.517083538s ago: executing program 3 (id=2752): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x2, 'dh\x00', 0x1, 0x5, 0x4a}, 0x2c) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82187201, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000181000010000000000000000000000000a40000000060a010400000000000000000200050000000000000400000000000000796e7365740000180002800900010073797a300000000008000440000000001400000011000100"/101], 0x68}}, 0x0) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00', @ANYRES16=r2], 0x44}}, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c8, &(0x7f0000000100)) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@newlink={0x40, 0x10, 0x503, 0x1, 0x700, {0x0, 0x0, 0x0, 0x0, 0x2201}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @multicast1}, @IFLA_GRE_IKEY={0x8, 0x4, 0x7ff}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8800}, 0xc0b0) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0f0000"], 0x37) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=ANY=[@ANYBLOB="12000000020000000800000002"], 0x48) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x3, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff, @void, @value}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x32600) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5) sendmsg$NFC_CMD_ACTIVATE_TARGET(r5, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x1c, r6, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 13.558718453s ago: executing program 3 (id=2756): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto={0x0, 0x0, 0x0, 0xd, 0x4}]}, {0x0, [0x0, 0x0, 0x0, 0x5f]}}, 0x0, 0x3a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) 13.471287825s ago: executing program 3 (id=2757): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x1400) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x81082, 0x0) r5 = io_uring_setup(0x2a2e, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x1}) syz_init_net_socket$rose(0xb, 0x5, 0x0) setresgid(0xee00, 0xee01, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r6, &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f0000001100)={{}, {0x1, 0x6}, [], {}, [], {0x10, 0x2}, {0x20, 0x6}}, 0x24, 0x1) close_range(r5, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="850000007a000000760000000000000127000000000000009500"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe) ioctl$TCFLSH(r0, 0x80047456, 0x20000020001100) 12.045040671s ago: executing program 3 (id=2760): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r4 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) sendmsg$tipc(r3, &(0x7f0000000400)={&(0x7f00000008c0), 0x58, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_emit_ethernet(0xec, &(0x7f0000000180)=ANY=[@ANYBLOB="a63a1fef0fceffffffffffff81002f000011ff0181e31e220b337bf44fcf593468da7097d613b739826ceb575172507d3d48775a45bebe2ec31a88ce14d26ce7d1c2083171ea9a72ec135df5b73addb2585e72192d433630b13c50594578a9f471c2eb18386f7721"], &(0x7f0000000280)={0x1, 0x4, [0x896, 0x1ff, 0x9ad, 0xb0f]}) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0xffffffff00000000) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r5}, 0x18) 10.37998188s ago: executing program 3 (id=2761): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000340)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x36c18523, 0x401, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0xa4001f7e}}, 0x50) syz_fuse_handle_req(r1, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65be667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r4, 0x2, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r3, &(0x7f00000000c0)='!', 0xb7f40}]) dup3(r3, r1, 0x0) 8.611129665s ago: executing program 6 (id=2766): close(0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000002c0), 0x100000004, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) r1 = socket$inet(0x2, 0x3, 0x100) setsockopt$sock_int(r1, 0x1, 0x6, 0x0, 0x0) timer_create(0x7, 0x0, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x3c) r2 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54", 0xe) r3 = socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet(r3, &(0x7f0000000940)=[{{&(0x7f0000000000)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000040)="93", 0x1}], 0x1}}], 0x1, 0x46054) close(r3) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x2000c051) connect$inet(r1, 0x0, 0x0) 8.433644356s ago: executing program 1 (id=2767): prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0) getrlimit(0xe, &(0x7f00000000c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, 0x0, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$dri(0x0, 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETMODE(r6, 0x4b3a, 0x1) ioctl$TCXONC(r6, 0x4b3a, 0x2) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c) 7.846169058s ago: executing program 3 (id=2768): r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) io_submit(0x0, 0x0, &(0x7f0000000180)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) renameat(0xffffffffffffffff, &(0x7f00000004c0)='./cgroup.net/devices.allow\x00', 0xffffffffffffffff, &(0x7f0000000380)='./cgroup.net/cgroup.procs\x00') getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000200)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) unshare(0x68060200) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000040)={0xa, 0x0, 0xc, {0x5, 0x4, 0x4, 0x8000}}) 7.680365501s ago: executing program 2 (id=2769): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r6 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x8000}) r8 = fcntl$dupfd(r7, 0x406, r0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r8}) close_range(r1, 0xffffffffffffffff, 0x0) 7.510720413s ago: executing program 6 (id=2770): prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0) getrlimit(0xe, &(0x7f00000000c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, 0x0, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r5) ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETMODE(r6, 0x4b3a, 0x1) ioctl$TCXONC(r6, 0x4b3a, 0x2) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c) 6.509071944s ago: executing program 2 (id=2771): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1, 0x0, 0x0, 0x44}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000000)=0x7ff, 0x4) setsockopt$inet_sctp_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x20, 0x8f, 0x2, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x4}, 0xe) sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) recvmmsg(r3, &(0x7f0000000ec0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 4.553597969s ago: executing program 2 (id=2772): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bind$nfc_llcp(r3, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) mkdir(0x0, 0x0) mq_open(0x0, 0x40, 0x0, 0x0) mq_unlink(&(0x7f0000000340)='eth0\x00') bind$nfc_llcp(r4, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e0000000000000006eeab91e8ff0055e564a08bcd3ffdb93bd43a847a1597c8ef03da5be62200", 0x10}, 0x60) 4.503505903s ago: executing program 1 (id=2773): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x8800}, 0xc0b0) 4.345847228s ago: executing program 6 (id=2774): syz_emit_ethernet(0x74, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000000000000000000450000240000000000739074cb000300b91414aa00000001fe9a903b0200000000000000"], 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0cc5640, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newspdinfo={0x1c, 0x24, 0x801, 0x70bd2c, 0x25dfdbfb, 0xc, [@XFRMA_SPD_IPV6_HTHRESH={0x6}]}, 0x1c}}, 0x40) openat$drirender128(0xffffff9c, &(0x7f0000000140), 0x2040c0, 0x0) syz_init_net_socket$llc(0x1a, 0x801, 0x0) sendmsg$OSF_MSG_ADD(0xffffffffffffffff, 0x0, 0x4002080) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) io_submit(0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_tcp(0x2, 0x1, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0xc) fcntl$notify(r2, 0x402, 0x17) open(&(0x7f0000000000)='./file1\x00', 0x109042, 0x0) fcntl$notify(r2, 0x402, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000780)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 4.15869164s ago: executing program 1 (id=2775): inotify_init1(0x0) r0 = inotify_init() creat(0x0, 0xd931d3864d39dcca) inotify_add_watch(r0, &(0x7f0000000240)='./file1\x00', 0x10000802) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040004}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_int(r3, 0x29, 0x4e, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) close(0xffffffffffffffff) fanotify_init(0x12, 0x1000) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[0x0, 0x0], 0x0, 0x0, 0x2, 0x0, 0x0, r7}) 3.612641168s ago: executing program 2 (id=2776): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pipe2$9p(&(0x7f0000000240), 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000140)=0x81) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) preadv(0xffffffffffffffff, 0x0, 0x0, 0xfffffffb, 0xa) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000002380)={0x0, 0x0, &(0x7f0000001300), 0x1, 0x0, &(0x7f0000001380)='r'}) bpf$PROG_LOAD(0x5, 0x0, 0x0) 3.161844712s ago: executing program 6 (id=2777): setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, 0x8) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2.506685626s ago: executing program 6 (id=2778): syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) io_uring_setup(0x52b4, &(0x7f0000000240)={0x0, 0x1332, 0x10000, 0x0, 0x1d}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe1000/0x18000)=nil, 0x0, 0x0, 0x34, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0) r3 = syz_open_dev$vbi(0x0, 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000001c0)=0x1) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x5, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r4}, 0x18) creat(&(0x7f00000002c0)='./file0\x00', 0x109) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)=[0x1], 0x0, 0x0, 0x1, 0x1}}, 0x40) r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4}}}}) 2.232969428s ago: executing program 1 (id=2779): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000340)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, &(0x7f0000000380)=[0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x95, &(0x7f0000000400)=[{}, {}, {}], 0x18, 0x0, 0x0, &(0x7f0000000480), 0x8, 0xf2, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) dup(0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)={0x28, r4, 0x1, 0x70bd2d, 0x25dfdbfb, {{}, {}, {0xc, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x51}, 0x40000) 1.638846091s ago: executing program 2 (id=2780): fsopen(&(0x7f0000000000)='pipefs\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[], 0x48) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) stat(0x0, &(0x7f0000000240)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1000, 0x800, &(0x7f0000000900)) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x2) readv(r3, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000400)=""/184, 0xb8}, {&(0x7f0000000a00)=""/237, 0xed}, {&(0x7f0000000b00)=""/244, 0xf4}], 0x4) ioctl$TIOCVHANGUP(r3, 0x5437, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 713.152748ms ago: executing program 6 (id=2781): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0xa4, 0x4f, 0xd8, 0x8, 0x4da, 0x390d, 0x5386, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xa3, 0x0, 0x0, 0xdd, 0x9, 0x44}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000340)={0x20}, 0x0, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x6}, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x40, 0x9, 0x1, 0xa}, &(0x7f00000005c0)={0x40, 0xb, 0x2, '\n]'}, 0x0, 0x0, &(0x7f0000000680)={0x40, 0x17, 0x6}, &(0x7f00000006c0)={0x40, 0x19, 0x2, "1501"}, &(0x7f0000000700)={0x40, 0x1a, 0x2, 0x7}, &(0x7f0000000740)={0x40, 0x1c, 0x1, 0x9}, &(0x7f0000000780)={0x40, 0x1e, 0x1}, &(0x7f00000007c0)={0x40, 0x21, 0x1}}) 595.860405ms ago: executing program 2 (id=2782): socket(0x10, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00'}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r1, 0x8b32, &(0x7f0000000040)) 330.6322ms ago: executing program 1 (id=2783): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r5 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) ftruncate(r5, 0xffff) fcntl$addseals(r5, 0x409, 0x7) r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f00000002c0)={r5, 0x0, 0x0, 0x8000}) r7 = fcntl$dupfd(r6, 0x406, r0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r7}) close_range(r1, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=2784): openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000000c0), 0x10f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) add_key(0x0, 0x0, &(0x7f0000000100)="305c0605e182d1447ad1ad83700398d1c7d7982b8f57fb20a3adc9", 0x1b, 0xfffffffffffffffe) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, 0x0, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) kernel console output (not intermixed with test programs): n process `syz.4.1320'. [ 519.618679][T10713] fuse: Unknown parameter 'fd0x0000000000000006' [ 520.993305][T10732] hub 8-0:1.0: USB hub found [ 520.998822][T10732] hub 8-0:1.0: 1 port detected [ 522.129130][T10744] serio: Serial port ttyS3 [ 525.008246][T10773] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 525.024206][ T972] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 525.299834][ T972] usb 1-1: Using ep0 maxpacket: 16 [ 525.310195][ T972] usb 1-1: config 0 has no interfaces? [ 525.320831][ T972] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f2 [ 525.339842][ T972] usb 1-1: New USB device strings: Mfr=1, Product=6, SerialNumber=3 [ 525.512578][ T972] usb 1-1: Product: syz [ 525.554335][ T972] usb 1-1: Manufacturer: syz [ 525.585793][ T972] usb 1-1: SerialNumber: syz [ 525.695286][ T972] usb 1-1: config 0 descriptor?? [ 526.870807][T10795] hub 8-0:1.0: USB hub found [ 526.876400][T10795] hub 8-0:1.0: 1 port detected [ 527.298231][T10802] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1349'. [ 527.942233][ T42] usb 1-1: USB disconnect, device number 13 [ 529.162831][T10822] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1356'. [ 529.178115][T10822] team_slave_0: entered promiscuous mode [ 529.183870][T10822] team_slave_1: entered promiscuous mode [ 529.194811][T10822] macvtap3: entered promiscuous mode [ 529.281159][T10822] team0: entered promiscuous mode [ 529.301214][T10825] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1357'. [ 529.654038][T10822] macvtap3: entered allmulticast mode [ 529.659511][T10822] team0: entered allmulticast mode [ 529.664938][T10822] team_slave_0: entered allmulticast mode [ 529.688871][T10822] team_slave_1: entered allmulticast mode [ 529.699757][T10822] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 530.331357][T10828] team0: left allmulticast mode [ 530.345141][T10828] team_slave_0: left allmulticast mode [ 530.383902][T10828] team_slave_1: left allmulticast mode [ 530.397391][T10828] team0: left promiscuous mode [ 530.411335][T10828] team_slave_0: left promiscuous mode [ 530.416738][T10828] team_slave_1: left promiscuous mode [ 530.586240][T10842] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1354'. [ 530.861445][T10843] kAFS: No cell specified [ 532.626555][T10858] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 534.702202][T10885] fuse: Bad value for 'group_id' [ 535.359880][T10885] fuse: Bad value for 'group_id' [ 535.555666][T10891] 9pnet_fd: Insufficient options for proto=fd [ 539.263386][T10928] hub 8-0:1.0: USB hub found [ 539.269043][T10928] hub 8-0:1.0: 1 port detected [ 541.895494][T10957] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 542.168513][T10943] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 542.178077][T10943] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 542.187200][T10943] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 542.198265][T10943] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 542.205361][T10943] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 542.403332][T10933] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1386'. [ 544.426071][ T9607] Bluetooth: hci2: command 0x0405 tx timeout [ 544.428863][ T5817] Bluetooth: hci0: command 0x0c1a tx timeout [ 544.451423][ T5817] Bluetooth: hci4: command 0x0c1a tx timeout [ 544.457493][ T5817] Bluetooth: hci3: command 0x0c1a tx timeout [ 544.472402][T10980] hub 8-0:1.0: USB hub found [ 544.478701][T10980] hub 8-0:1.0: 1 port detected [ 545.097320][ T5822] Bluetooth: hci1: command 0x0c1a tx timeout [ 548.871155][ T42] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 548.896981][T11011] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 549.660022][ T42] usb 1-1: Using ep0 maxpacket: 8 [ 549.730696][ T42] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 549.745471][ T42] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 549.810573][ T42] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.903057][T11017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1409'. [ 549.954176][T11017] dummy0: entered promiscuous mode [ 549.959735][T11017] macvtap4: entered promiscuous mode [ 549.973786][T11017] macvtap4: entered allmulticast mode [ 549.979186][T11017] dummy0: entered allmulticast mode [ 552.764663][ T972] usb 1-1: USB disconnect, device number 14 [ 553.091158][T11065] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 553.637467][T11069] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1422'. [ 554.106164][T11074] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1424'. [ 554.140658][T11082] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 554.393996][T11083] serio: Serial port ttyS3 [ 555.871286][T11101] kAFS: No cell specified [ 556.598558][ T30] audit: type=1400 audit(1749803218.489:390): avc: denied { write } for pid=11107 comm="syz.1.1434" name="sg0" dev="devtmpfs" ino=768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 556.672322][T11110] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 556.672322][T11110] program syz.1.1434 not setting count and/or reply_len properly [ 558.225777][T11124] serio: Serial port ttyS3 [ 558.916055][T11126] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 559.216016][T11115] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 559.252642][T11115] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 559.273853][T11115] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 559.554254][T11115] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 559.561002][T11115] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 559.575118][T10983] Bluetooth: hci0: command 0x0c1a tx timeout [ 561.029645][T11150] hub 8-0:1.0: USB hub found [ 561.040488][T11150] hub 8-0:1.0: 1 port detected [ 561.443447][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 561.449551][ T5817] Bluetooth: hci1: command 0x0c1a tx timeout [ 561.629890][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 561.635954][ T5817] Bluetooth: hci2: command 0x0405 tx timeout [ 562.350703][ T30] audit: type=1400 audit(1749803224.249:391): avc: denied { read write } for pid=11155 comm="syz.3.1447" name="mouse0" dev="devtmpfs" ino=990 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 562.390974][ T30] audit: type=1400 audit(1749803224.279:392): avc: denied { open } for pid=11155 comm="syz.3.1447" path="/dev/input/mouse0" dev="devtmpfs" ino=990 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 562.415048][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.590623][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.598714][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 566.841151][T11211] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 567.269744][T11215] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1464'. [ 567.647877][T11220] serio: Serial port ttyS3 [ 569.741916][T11236] serio: Serial port ttyS3 [ 569.914575][T11242] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1470'. [ 570.956616][T11256] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 570.956616][T11256] program syz.1.1475 not setting count and/or reply_len properly [ 572.308715][T11271] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1479'. [ 572.542107][T11267] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 572.990454][T11267] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 572.998211][T11267] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 573.016725][T11267] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 573.023510][T11267] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 574.441374][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 575.070415][ T5826] Bluetooth: hci2: command 0x0405 tx timeout [ 575.070749][T10983] Bluetooth: hci3: command 0x0c1a tx timeout [ 575.076548][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 575.079979][ T5817] Bluetooth: hci4: command 0x0c1a tx timeout [ 575.234949][ T30] audit: type=1400 audit(1749803237.119:393): avc: denied { create } for pid=11296 comm="syz.2.1487" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 575.508213][T11298] delete_channel: no stack [ 576.204051][T11312] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 576.204051][T11312] program syz.2.1491 not setting count and/or reply_len properly [ 576.313311][T11312] fuse: Bad value for 'fd' [ 576.483599][T11314] kAFS: No cell specified [ 578.811232][ T972] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 578.944083][T11334] hub 8-0:1.0: USB hub found [ 578.949667][T11334] hub 8-0:1.0: 1 port detected [ 579.314778][ T10] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 579.399852][ T972] usb 3-1: Using ep0 maxpacket: 32 [ 579.466080][ T972] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 579.488471][T11339] overlayfs: failed to resolve './file1': -2 [ 579.494502][ T972] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 579.494543][ T972] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 579.494567][ T972] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 579.494592][ T972] usb 3-1: config 0 interface 0 has no altsetting 0 [ 579.513552][ T972] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 579.539551][T11342] fuse: Bad value for 'group_id' [ 579.709133][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 579.719805][ T30] audit: type=1400 audit(1749803241.469:394): avc: denied { read } for pid=11335 comm="syz.3.1498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 579.744743][T11342] fuse: Bad value for 'group_id' [ 579.754175][T11342] 9pnet_fd: Insufficient options for proto=fd [ 579.763070][ T10] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 579.779959][ T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 579.799858][ T972] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 579.812329][ T972] usb 3-1: Product: syz [ 579.827021][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 579.843448][ T972] usb 3-1: Manufacturer: syz [ 579.848084][ T972] usb 3-1: SerialNumber: syz [ 579.869349][ T10] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 579.890035][ T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 579.899093][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.908594][ T972] usb 3-1: config 0 descriptor?? [ 579.931239][ T972] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 580.033551][ T972] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 580.074521][ T10] usbtmc 1-1:16.0: bulk endpoints not found [ 580.210564][T11351] serio: Serial port ttyS3 [ 580.449006][T11322] ldusb 3-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 580.476649][ T24] usb 3-1: USB disconnect, device number 11 [ 580.482723][ C1] ldusb 3-1:0.0: usb_submit_urb failed (-19) [ 580.506517][ T24] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 582.075446][ T10] usb 1-1: USB disconnect, device number 15 [ 583.364699][T11375] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 583.364699][T11375] program syz.4.1508 not setting count and/or reply_len properly [ 583.466115][T11375] fuse: Bad value for 'fd' [ 583.724861][T11369] delete_channel: no stack [ 583.942914][T11379] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 583.942914][T11379] program syz.3.1509 not setting count and/or reply_len properly [ 584.172259][T11386] fuse: Bad value for 'group_id' [ 584.203012][T11386] fuse: Bad value for 'group_id' [ 584.225017][T11386] 9pnet_fd: Insufficient options for proto=fd [ 584.500901][T11393] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 584.629920][ T30] audit: type=1400 audit(1749803246.479:395): avc: denied { shutdown } for pid=11387 comm="syz.3.1513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 586.423392][T11417] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 586.423392][T11417] program syz.2.1520 not setting count and/or reply_len properly [ 587.603329][T11432] fuse: Bad value for 'fd' [ 587.623091][T11431] fuse: Bad value for 'fd' [ 587.689249][T11410] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 587.695631][T11410] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 588.148779][T11410] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 588.179947][T11410] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 588.186088][T11410] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 588.192093][ T5817] Bluetooth: hci0: command 0x0c1a tx timeout [ 589.813595][ T5817] Bluetooth: hci1: command 0x0c1a tx timeout [ 590.472612][T10983] Bluetooth: hci4: command 0x0c1a tx timeout [ 590.478626][T10983] Bluetooth: hci3: command 0x0c1a tx timeout [ 590.485096][ T5817] Bluetooth: hci2: command 0x0405 tx timeout [ 591.636351][T11475] fuse: Bad value for 'group_id' [ 591.642099][T11475] fuse: Bad value for 'group_id' [ 592.272262][ T42] IPVS: starting estimator thread 0... [ 592.277962][ T30] audit: type=1400 audit(1749803254.169:396): avc: denied { ioctl } for pid=11480 comm="syz.2.1540" path="socket:[27283]" dev="sockfs" ino=27283 ioctlcmd=0x7201 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 592.284416][T11482] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 592.419867][T11486] IPVS: using max 45 ests per chain, 108000 per kthread [ 592.742012][T11489] delete_channel: no stack [ 593.140104][ T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 594.221975][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 594.236736][ T10] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 594.246014][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.257932][ T10] usb 5-1: Product: syz [ 594.271775][ T10] usb 5-1: Manufacturer: syz [ 594.276377][ T10] usb 5-1: SerialNumber: syz [ 594.472952][ T10] usb 5-1: config 0 descriptor?? [ 595.371338][ T10] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 595.425893][T11505] delete_channel: no stack [ 595.737668][T11520] fuse: Bad value for 'group_id' [ 595.742736][T11520] fuse: Bad value for 'group_id' [ 597.382393][ T10] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 597.441098][ T10] usb 5-1: USB disconnect, device number 12 [ 598.632319][T11548] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 598.632319][T11548] program syz.4.1560 not setting count and/or reply_len properly [ 598.758603][T11548] fuse: Bad value for 'fd' [ 598.960586][T11549] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 598.960586][T11549] program syz.0.1559 not setting count and/or reply_len properly [ 599.060604][T11549] fuse: Bad value for 'fd' [ 600.034749][T11560] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 600.034749][T11560] program syz.4.1563 not setting count and/or reply_len properly [ 600.314880][T11561] fuse: Bad value for 'fd' [ 600.681609][T11564] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 600.687797][T11564] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 601.702031][T11564] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 601.711503][T11564] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 602.730765][T11553] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1562'. [ 602.750332][ T5822] Bluetooth: hci3: command 0x0c1a tx timeout [ 602.750341][ T5817] Bluetooth: hci1: command 0x0c1a tx timeout [ 602.972831][T11578] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 602.979682][T11578] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 602.988199][T11578] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 602.995267][T11578] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 603.320063][ T30] audit: type=1800 audit(1749803265.209:397): pid=11593 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.1573" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 604.830042][ T5817] Bluetooth: hci1: command 0x0c1a tx timeout [ 605.070180][ T5817] Bluetooth: hci2: command 0x0405 tx timeout [ 605.076313][ T5817] Bluetooth: hci4: command 0x0c1a tx timeout [ 605.082703][ T5817] Bluetooth: hci3: command 0x0c1a tx timeout [ 605.847718][T11637] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1582'. [ 605.873946][T11637] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1582'. [ 607.238332][ T10] IPVS: starting estimator thread 0... [ 607.256528][T11656] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 607.340770][T11657] IPVS: using max 77 ests per chain, 184800 per kthread [ 607.459868][ T30] audit: type=1400 audit(1749803269.269:398): avc: denied { bind } for pid=11658 comm="syz.3.1592" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 610.819921][ T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 610.969830][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 610.976460][ T24] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 610.986355][ T24] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 610.996204][ T24] usb 3-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 611.008104][ T24] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 611.129870][ T24] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 611.138951][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.185833][ T24] usbtmc 3-1:16.0: bulk endpoints not found [ 613.218060][ T10] usb 3-1: USB disconnect, device number 12 [ 614.375241][T11727] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 615.469368][T11734] kvm: kvm [11733]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x80 [ 617.398687][T11752] delete_channel: no stack [ 624.058256][T11829] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1635'. [ 624.093255][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.099610][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.631996][T11858] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1644'. [ 626.797545][ T5822] Bluetooth: hci3: unexpected event for opcode 0x0c2d [ 626.807433][T11858] bridge0: entered promiscuous mode [ 626.813166][T11858] macvtap4: entered promiscuous mode [ 626.818756][T11858] macvtap4: entered allmulticast mode [ 626.824309][T11858] bridge0: entered allmulticast mode [ 627.287790][T11864] bridge0: left allmulticast mode [ 627.297505][T11864] bridge0: left promiscuous mode [ 627.575692][T11869] kAFS: No cell specified [ 627.789427][T11874] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 627.789427][T11874] program syz.2.1649 not setting count and/or reply_len properly [ 630.671175][T11890] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 630.677159][T11890] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 630.704538][T11890] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 630.763683][T11890] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 630.924089][T11906] futex_wake_op: syz.4.1657 tries to shift op by -1; fix this program [ 632.752534][ T5817] Bluetooth: hci4: command 0x0c1a tx timeout [ 632.752603][ T5822] Bluetooth: hci3: command 0x0c1a tx timeout [ 632.752895][T10983] Bluetooth: hci1: command 0x0c1a tx timeout [ 632.830057][ T5817] Bluetooth: hci2: command 0x0405 tx timeout [ 634.197707][T11934] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1666'. [ 634.333999][ T10] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 634.631097][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 634.648832][ T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 634.663803][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 634.687003][ T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 634.725672][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 634.780207][ T10] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 635.444865][T11953] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1672'. [ 635.582344][ T10] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 635.591639][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.612649][T11953] bridge0: entered promiscuous mode [ 635.615534][ T10] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -22 [ 635.639615][T11953] macvtap5: entered promiscuous mode [ 635.655251][T11953] macvtap5: entered allmulticast mode [ 635.661671][T11953] bridge0: entered allmulticast mode [ 635.979981][ T24] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 636.594520][T11976] [U] „ [ 636.616846][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 637.151343][T11976] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 637.242711][ T24] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 637.268659][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.278698][ T24] usb 5-1: Product: syz [ 637.283774][ T24] usb 5-1: Manufacturer: syz [ 637.288377][ T24] usb 5-1: SerialNumber: syz [ 637.306108][ T24] usb 5-1: config 0 descriptor?? [ 637.528109][ T42] usb 4-1: USB disconnect, device number 10 [ 637.541710][ T24] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 637.735572][ T30] audit: type=1400 audit(1749803299.629:399): avc: denied { write } for pid=11988 comm="syz.0.1681" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 637.739974][T11992] fuse: Bad value for 'group_id' [ 637.817670][T11992] fuse: Bad value for 'group_id' [ 637.956219][T11985] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 638.401123][ T30] audit: type=1400 audit(1749803299.949:400): avc: denied { setopt } for pid=11988 comm="syz.0.1681" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 638.542177][T11985] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 638.622962][T11985] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 638.630147][T11985] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 638.874915][T12003] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1684'. [ 639.632868][ T24] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 640.029855][T10983] Bluetooth: hci1: command 0x0c1a tx timeout [ 640.333052][ T24] usb 5-1: USB disconnect, device number 13 [ 640.717229][T10983] Bluetooth: hci3: command 0x0c1a tx timeout [ 640.717701][ T5817] Bluetooth: hci2: command 0x0405 tx timeout [ 640.723700][T10983] Bluetooth: hci4: command 0x0c1a tx timeout [ 640.803478][T12025] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1689'. [ 640.833240][ T42] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 641.039908][ T42] usb 1-1: Using ep0 maxpacket: 8 [ 641.128507][ T42] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 641.177537][ T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.217618][ T42] usb 1-1: Product: syz [ 641.228593][ T42] usb 1-1: Manufacturer: syz [ 641.303739][ T42] usb 1-1: SerialNumber: syz [ 641.328833][ T42] usb 1-1: config 0 descriptor?? [ 641.555107][T12028] kvm: kvm [12027]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000 [ 641.574636][ T42] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 641.597092][T12028] kvm: kvm [12027]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x80 [ 641.963092][T12038] fuse: Bad value for 'group_id' [ 641.970083][T12038] fuse: Bad value for 'group_id' [ 641.991109][T12028] kvm: kvm [12027]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 642.000176][T12028] kvm: kvm [12027]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 642.802773][ T30] audit: type=1400 audit(1749803304.319:401): avc: denied { map } for pid=12041 comm="syz.1.1696" path="socket:[29309]" dev="sockfs" ino=29309 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 642.939643][T12048] fuse: Bad value for 'fd' [ 643.325844][T10983] Bluetooth: hci4: unexpected event for opcode 0x0c2d [ 643.865472][ T42] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 643.987055][ T42] usb 1-1: USB disconnect, device number 16 [ 645.611988][ T30] audit: type=1800 audit(1749803307.499:402): pid=12075 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.1705" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 645.633537][ C1] vkms_vblank_simulate: vblank timer overrun [ 645.825477][T12086] futex_wake_op: syz.0.1708 tries to shift op by -1; fix this program [ 645.841663][T12084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1710'. [ 647.330470][T12106] serio: Serial port ttyS3 [ 647.651397][T12113] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1717'. [ 648.074688][T12114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1715'. [ 648.143761][T12114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1715'. [ 650.803737][T12134] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1722'. [ 651.542188][T12143] futex_wake_op: syz.0.1723 tries to shift op by -1; fix this program [ 652.807804][T12146] serio: Serial port ttyS3 [ 656.411512][T12182] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1734'. [ 656.829422][T12184] futex_wake_op: syz.2.1736 tries to shift op by -1; fix this program [ 657.401032][T12189] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1738'. [ 659.832855][T12205] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 659.856193][T12205] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 659.878463][T12205] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 659.887308][T12205] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 660.437179][T12228] serio: Serial port ttyS3 [ 661.532014][T12233] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1749'. [ 661.720901][T12233] bridge0: entered promiscuous mode [ 661.757421][T12233] macvtap5: entered promiscuous mode [ 661.787463][T12233] macvtap5: entered allmulticast mode [ 661.965587][ T5817] Bluetooth: hci3: command 0x0c1a tx timeout [ 661.971793][ T5817] Bluetooth: hci1: command 0x0c1a tx timeout [ 661.978005][ T5817] Bluetooth: hci2: command 0x0405 tx timeout [ 661.984198][ T5817] Bluetooth: hci4: command 0x0c1a tx timeout [ 662.014216][T12233] bridge0: entered allmulticast mode [ 662.250311][T12235] bridge0: left allmulticast mode [ 662.272122][T12245] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1752'. [ 662.281613][T12235] bridge0: left promiscuous mode [ 665.452328][T12274] fuse: Bad value for 'group_id' [ 665.457295][T12274] fuse: Bad value for 'group_id' [ 665.590210][ T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 665.663078][T12283] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1764'. [ 665.715864][T12283] bridge0: entered promiscuous mode [ 665.729104][T12283] macvtap6: entered promiscuous mode [ 665.747463][T12283] macvtap6: entered allmulticast mode [ 665.770468][T12283] bridge0: entered allmulticast mode [ 665.788949][T12287] bridge0: left allmulticast mode [ 665.794088][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 665.807219][ T10] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 665.822792][T12287] bridge0: left promiscuous mode [ 665.827822][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 665.847364][ T10] usb 4-1: Product: syz [ 665.853994][ T10] usb 4-1: Manufacturer: syz [ 665.858897][ T10] usb 4-1: SerialNumber: syz [ 665.868835][ T10] usb 4-1: config 0 descriptor?? [ 666.539533][ T10] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 668.231923][ T10] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 668.243090][ T10] usb 4-1: USB disconnect, device number 11 [ 669.383626][T12329] netlink: 'syz.4.1775': attribute type 1 has an invalid length. [ 669.855760][T12332] 8021q: adding VLAN 0 to HW filter on device bond2 [ 669.927932][T12332] bond1: (slave bond2): making interface the new active one [ 669.955712][T12332] bond1: (slave bond2): Enslaving as an active interface with an up link [ 670.606372][T12334] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 670.642490][T12334] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 670.724212][T12334] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 670.733985][T12334] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 671.054017][T12358] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1781'. [ 671.255568][T12359] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1782'. [ 672.079868][ T42] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 672.109797][T10983] Bluetooth: hci1: command 0x0c1a tx timeout [ 672.510026][ T42] usb 4-1: Using ep0 maxpacket: 8 [ 672.539493][ T42] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 672.560426][ T42] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 672.573923][ T42] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 672.594123][ T42] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 672.627668][ T42] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 672.673292][T10983] Bluetooth: hci3: command 0x0c1a tx timeout [ 673.189835][T10983] Bluetooth: hci2: command 0x0405 tx timeout [ 673.196439][T10983] Bluetooth: hci4: command 0x0c1a tx timeout [ 673.688194][ T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.953339][ T42] usb 4-1: usb_control_msg returned -32 [ 673.962366][ T42] usbtmc 4-1:16.0: can't read capabilities [ 675.280184][ T42] usb 4-1: USB disconnect, device number 12 [ 677.380818][ T10] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 677.590083][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 677.689884][ T10] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 677.784841][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.823503][ T10] usb 3-1: Product: syz [ 677.827735][ T10] usb 3-1: Manufacturer: syz [ 677.833879][ T10] usb 3-1: SerialNumber: syz [ 677.842850][ T10] usb 3-1: config 0 descriptor?? [ 678.149946][ T24] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 678.570361][ T10] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 679.029802][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 679.036342][ T24] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 679.046718][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 679.058143][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 679.069397][ T24] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 679.082840][ T24] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 679.092163][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.113952][ T24] usb 2-1: usb_control_msg returned -71 [ 680.138373][ T24] usbtmc 2-1:16.0: can't read capabilities [ 680.254850][ T24] usb 2-1: USB disconnect, device number 14 [ 680.609395][ T10] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 680.623955][ T10] usb 3-1: USB disconnect, device number 13 [ 681.576598][T12490] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 682.305954][ T42] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 682.729110][ T42] usb 3-1: Using ep0 maxpacket: 16 [ 682.810284][ T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 682.850920][ T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 682.875282][ T42] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 682.928248][ T42] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 683.012869][ T42] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.199890][ T10] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 683.824545][ T42] usb 3-1: config 0 descriptor?? [ 683.929932][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 683.936564][ T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 683.948483][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 684.043748][T12514] fuse: Bad value for 'fd' [ 684.056169][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 684.069463][ T10] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 684.199861][ T10] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 684.217747][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.661459][ T42] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 684.677104][ T42] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 684.697890][ T42] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 684.706299][ T42] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 684.716771][ T42] microsoft 0003:045E:07DA.0008: unknown main item tag 0x6 [ 684.724330][ T42] microsoft 0003:045E:07DA.0008: unknown main item tag 0x6 [ 684.736046][ T42] microsoft 0003:045E:07DA.0008: unknown main item tag 0x6 [ 684.743773][ T42] microsoft 0003:045E:07DA.0008: unknown main item tag 0x6 [ 684.754778][ T42] microsoft 0003:045E:07DA.0008: No inputs registered, leaving [ 684.766783][ T42] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 684.790973][ T42] microsoft 0003:045E:07DA.0008: no inputs found [ 684.797582][ T42] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway [ 684.867572][ T10] usb 4-1: usb_control_msg returned -32 [ 684.874745][ T10] usbtmc 4-1:16.0: can't read capabilities [ 684.897441][ T10] usb 4-1: USB disconnect, device number 13 [ 684.942318][ T9] usb 3-1: USB disconnect, device number 14 [ 685.317603][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.325122][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.229620][ T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 687.379873][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 687.551971][ T9] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 687.577177][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.599855][ T9] usb 3-1: Product: syz [ 687.608654][ T9] usb 3-1: Manufacturer: syz [ 687.614197][ T9] usb 3-1: SerialNumber: syz [ 688.601835][ T9] usb 3-1: config 0 descriptor?? [ 689.648100][ T9] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 689.742543][T12562] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 691.166843][ T9] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 691.197274][ T9] usb 3-1: USB disconnect, device number 15 [ 691.211541][ T24] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 691.442186][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 691.522623][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 691.562019][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 691.832857][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 691.939970][ T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 692.137723][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 692.841695][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 693.531092][ T24] usb 5-1: can't set config #16, error -71 [ 693.548726][ T24] usb 5-1: USB disconnect, device number 14 [ 695.242466][T12619] futex_wake_op: syz.0.1854 tries to shift op by -1; fix this program [ 695.847073][T12628] ptrace attach of "./syz-executor exec"[5823] was attempted by "./syz-executor exec"[12628] [ 697.789938][ T42] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 698.010046][ T42] usb 4-1: Using ep0 maxpacket: 16 [ 698.024272][ T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 698.097228][ T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 698.276931][ T42] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 698.377133][ T42] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 698.394927][ T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.406162][ T42] usb 4-1: config 0 descriptor?? [ 700.406934][ T42] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0 [ 700.469782][ T42] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0 [ 700.496494][ T42] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0 [ 700.522662][ T42] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0 [ 700.629803][ T42] microsoft 0003:045E:07DA.0009: unknown main item tag 0x6 [ 700.637461][ T42] microsoft 0003:045E:07DA.0009: unknown main item tag 0x6 [ 700.645493][ T42] microsoft 0003:045E:07DA.0009: unknown main item tag 0x6 [ 700.653288][ T42] microsoft 0003:045E:07DA.0009: unknown main item tag 0x6 [ 700.662907][ T42] microsoft 0003:045E:07DA.0009: No inputs registered, leaving [ 700.674107][ T42] microsoft 0003:045E:07DA.0009: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 701.433803][ T42] microsoft 0003:045E:07DA.0009: no inputs found [ 701.440262][ T42] microsoft 0003:045E:07DA.0009: could not initialize ff, continuing anyway [ 701.453760][ T42] usb 4-1: USB disconnect, device number 14 [ 702.822518][T12674] fido_id[12674]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 704.321424][T12703] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1876'. [ 706.750581][T12720] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 706.942145][T12720] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 706.948350][T12720] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 706.956248][T12720] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 707.874350][ T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 708.471117][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 708.752576][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 708.779504][ T9] usb 3-1: config 0 has no interfaces? [ 708.803987][ T9] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 708.813766][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 708.828550][ T9] usb 3-1: Product: syz [ 708.832794][ T5817] Bluetooth: hci1: command 0x0c1a tx timeout [ 708.845252][ T9] usb 3-1: Manufacturer: syz [ 708.860467][ T9] usb 3-1: SerialNumber: syz [ 708.867301][ T9] usb 3-1: config 0 descriptor?? [ 708.999816][ T5817] Bluetooth: hci2: command 0x0405 tx timeout [ 709.004339][T10983] Bluetooth: hci4: command 0x0c1a tx timeout [ 709.005849][ T5822] Bluetooth: hci3: command 0x0c1a tx timeout [ 709.060035][T11951] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 709.679900][T11951] usb 2-1: Using ep0 maxpacket: 8 [ 709.687930][T11951] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 709.697249][T11951] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 709.705365][T11951] usb 2-1: Product: syz [ 709.709528][T11951] usb 2-1: Manufacturer: syz [ 709.714197][T11951] usb 2-1: SerialNumber: syz [ 709.726821][T11951] usb 2-1: config 0 descriptor?? [ 710.020899][T11951] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 710.111156][ T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 711.029512][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 711.180215][ T9] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 711.199525][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 711.208145][ T10] usb 3-1: USB disconnect, device number 16 [ 711.234598][ T9] usb 4-1: Product: syz [ 711.240599][ T9] usb 4-1: Manufacturer: syz [ 711.248336][ T9] usb 4-1: SerialNumber: syz [ 711.363640][ T9] usb 4-1: config 0 descriptor?? [ 711.380893][ T5817] Bluetooth: hci4: unexpected event for opcode 0x0000 [ 711.600306][ T9] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 712.902013][T11951] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 712.918761][T11951] usb 2-1: USB disconnect, device number 15 [ 713.659607][ T9] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 713.704794][ T9] usb 4-1: USB disconnect, device number 15 [ 715.401194][ T5817] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 715.410307][ T5817] Bluetooth: hci4: Injecting HCI hardware error event [ 715.418188][ T5822] Bluetooth: hci4: hardware error 0x00 [ 715.667386][ T9] IPVS: starting estimator thread 0... [ 715.747037][T12811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 715.829876][T12813] IPVS: using max 55 ests per chain, 132000 per kthread [ 716.319330][T12823] serio: Serial port ttyS3 [ 716.335028][T12825] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 716.335028][T12825] program syz.2.1910 not setting count and/or reply_len properly [ 716.368032][T12825] fuse: Bad value for 'fd' [ 716.379796][ T42] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 716.549876][ T42] usb 4-1: Using ep0 maxpacket: 8 [ 716.568933][ T42] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 716.599590][ T42] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 716.624734][ T42] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 716.640145][ T42] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 716.794425][ T42] usb 4-1: Product: syz [ 716.798662][ T42] usb 4-1: Manufacturer: syz [ 716.803619][ T42] usb 4-1: SerialNumber: syz [ 716.825514][ T42] usb 4-1: config 0 descriptor?? [ 717.479809][ T5822] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 718.926141][ T42] usb 4-1: USB disconnect, device number 16 [ 721.543605][T12866] futex_wake_op: syz.3.1922 tries to shift op by -1; fix this program [ 721.780837][T12873] ptrace attach of "./syz-executor exec"[5819] was attempted by "./syz-executor exec"[12873] [ 722.531370][T12887] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 722.998465][ T30] audit: type=1400 audit(1749803384.879:403): avc: denied { setopt } for pid=12894 comm="syz.1.1929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 723.095603][ T30] audit: type=1400 audit(1749803384.879:404): avc: denied { write } for pid=12894 comm="syz.1.1929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 730.070330][T12959] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1947'. [ 732.627924][T11951] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 733.260781][T11951] usb 1-1: Using ep0 maxpacket: 8 [ 733.528210][T11951] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 733.543360][T11951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 733.551831][T11951] usb 1-1: Product: syz [ 733.561714][T11951] usb 1-1: Manufacturer: syz [ 733.571813][T11951] usb 1-1: SerialNumber: syz [ 733.774876][T11951] usb 1-1: config 0 descriptor?? [ 733.790656][T12983] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 734.270269][T12983] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 734.326838][T12983] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 734.411016][T12991] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 734.665344][T11951] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 735.880900][ T5822] Bluetooth: hci1: command 0x0c1a tx timeout [ 736.349987][ T5817] Bluetooth: hci3: command 0x0c1a tx timeout [ 736.356073][ T5822] Bluetooth: hci2: command 0x0405 tx timeout [ 736.693281][T13017] netlink: 'syz.4.1961': attribute type 1 has an invalid length. [ 736.858731][T13017] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1961'. [ 737.005654][T11951] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 737.040038][T11951] usb 1-1: USB disconnect, device number 17 [ 737.151911][ T9] IPVS: starting estimator thread 0... [ 737.165452][T13027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 737.259866][T13028] IPVS: using max 77 ests per chain, 184800 per kthread [ 738.520112][T13038] serio: Serial port ttyS3 [ 739.613237][T13050] netlink: 'syz.0.1969': attribute type 1 has an invalid length. [ 739.705146][T13050] 8021q: adding VLAN 0 to HW filter on device bond1 [ 739.810047][T13050] dummy0: entered promiscuous mode [ 739.865170][T13050] bond1: (slave dummy0): making interface the new active one [ 739.881181][T13050] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 741.150764][T13078] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 741.158452][T13078] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 741.183199][T13078] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 741.262930][ T30] audit: type=1400 audit(1749803403.159:405): avc: denied { setopt } for pid=13087 comm="syz.0.1979" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 743.205451][ T5817] Bluetooth: hci1: command 0x0c1a tx timeout [ 743.229835][ T5817] Bluetooth: hci2: command 0x0405 tx timeout [ 743.235872][ T5817] Bluetooth: hci3: command 0x0c1a tx timeout [ 744.371103][T13126] futex_wake_op: syz.0.1989 tries to shift op by -1; fix this program [ 744.413053][T13117] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 744.421965][T13117] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 744.428436][T13117] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 744.671725][ T9] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 744.695072][T13098] serio: Serial port ttyS3 [ 744.842527][T13133] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 744.851919][ T9] usb 4-1: config 0 has an invalid interface number: 163 but max is 0 [ 744.879364][ T9] usb 4-1: config 0 has no interface number 0 [ 744.899013][T13133] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 744.921494][ T9] usb 4-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=53.86 [ 744.944382][T13133] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 744.957951][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 745.011744][ T9] usb 4-1: Product: syz [ 745.034542][ T9] usb 4-1: Manufacturer: syz [ 745.062794][ T9] usb 4-1: SerialNumber: syz [ 745.085736][ T9] usb 4-1: config 0 descriptor?? [ 745.635523][ T9] ath6kl: Failed to read usb control message: -71 [ 745.653468][ T9] ath6kl: Unable to read the bmi data from the device: -71 [ 746.144085][ T9] ath6kl: Unable to recv target info: -71 [ 746.166715][ T9] ath6kl: Failed to init ath6kl core: -71 [ 746.199812][ T9] ath6kl_usb 4-1:0.163: probe with driver ath6kl_usb failed with error -71 [ 746.229060][ T9] usb 4-1: USB disconnect, device number 17 [ 746.758906][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 746.766174][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 746.909948][ T5822] Bluetooth: hci1: command 0x0c1a tx timeout [ 746.916151][ T5817] Bluetooth: hci3: command 0x0c1a tx timeout [ 746.991101][ T5817] Bluetooth: hci2: command 0x0405 tx timeout [ 748.246754][T13165] fuse: Bad value for 'fd' [ 748.720241][T13173] netlink: 'syz.4.2002': attribute type 1 has an invalid length. [ 748.873467][T13178] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2001'. [ 749.303799][T13173] 8021q: adding VLAN 0 to HW filter on device bond5 [ 749.329356][T13176] futex_wake_op: syz.1.2003 tries to shift op by -1; fix this program [ 749.343106][T13173] dummy0: entered promiscuous mode [ 749.361772][T13173] bond5: (slave dummy0): making interface the new active one [ 749.380951][T13173] bond5: (slave dummy0): Enslaving as an active interface with an up link [ 750.039870][T13195] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2006'. [ 751.581538][T13206] serio: Serial port ttyS3 [ 753.931798][ T9] IPVS: starting estimator thread 0... [ 753.944515][T13224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 754.029881][T13225] IPVS: using max 38 ests per chain, 91200 per kthread [ 756.077061][T13247] futex_wake_op: syz.2.2021 tries to shift op by -1; fix this program [ 758.169275][T13271] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 758.169275][T13271] program syz.3.2029 not setting count and/or reply_len properly [ 758.939924][ T42] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 758.964447][T13273] fuse: Bad value for 'fd' [ 759.377312][ T42] usb 3-1: Using ep0 maxpacket: 8 [ 760.352029][ T42] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 760.361262][ T42] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 760.369245][ T42] usb 3-1: Product: syz [ 760.373835][ T42] usb 3-1: Manufacturer: syz [ 760.378756][ T42] usb 3-1: SerialNumber: syz [ 760.480884][ T42] usb 3-1: config 0 descriptor?? [ 760.762625][T13282] futex_wake_op: syz.0.2032 tries to shift op by -1; fix this program [ 760.875233][T13276] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2031'. [ 761.047950][ T42] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 761.712399][ T42] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 762.823352][ T42] usb 3-1: USB disconnect, device number 17 [ 763.566842][T13331] fuse: Bad value for 'group_id' [ 763.573022][T13331] fuse: Bad value for 'group_id' [ 764.508553][T13341] futex_wake_op: syz.0.2046 tries to shift op by -1; fix this program [ 765.322768][T13356] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 765.322768][T13356] program syz.3.2051 not setting count and/or reply_len properly [ 765.652913][T13353] fuse: Bad value for 'fd' [ 765.849994][ T42] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 766.089746][ T42] usb 1-1: Using ep0 maxpacket: 8 [ 766.098174][ T42] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 766.107759][ T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 766.116154][ T42] usb 1-1: Product: syz [ 766.120762][ T42] usb 1-1: Manufacturer: syz [ 766.125382][ T42] usb 1-1: SerialNumber: syz [ 766.173259][ T42] usb 1-1: config 0 descriptor?? [ 766.583144][ T42] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 766.706180][T13375] [U] „ [ 766.793492][ T42] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 767.205934][T13383] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 767.205934][T13383] program syz.4.2057 not setting count and/or reply_len properly [ 767.569232][T13387] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2058'. [ 767.803660][T13380] fuse: Bad value for 'fd' [ 768.988546][ T42] usb 1-1: USB disconnect, device number 18 [ 770.703809][ T42] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 770.737818][T13425] netlink: 'syz.1.2069': attribute type 1 has an invalid length. [ 770.768663][T13425] 8021q: adding VLAN 0 to HW filter on device bond1 [ 770.794982][T13425] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2069'. [ 770.805938][T13425] dummy0: entered promiscuous mode [ 770.816590][T13425] bond1: (slave dummy0): making interface the new active one [ 770.825859][T13425] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 770.887208][ T42] usb 4-1: Using ep0 maxpacket: 16 [ 770.920278][ T42] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 770.949750][T11951] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 770.955354][ T42] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 770.976770][ T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 771.003765][ T42] usb 4-1: config 0 descriptor?? [ 771.028391][ T42] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input10 [ 771.119764][T11951] usb 3-1: Using ep0 maxpacket: 16 [ 771.137103][T11951] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 771.177858][T11951] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 771.198288][T11951] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 771.228586][T11951] usb 3-1: config 0 descriptor?? [ 771.257448][T11951] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input11 [ 771.297854][ T5175] bcm5974 4-1:0.0: could not read from device [ 772.284164][T13439] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2071'. [ 772.434314][T13420] bcm5974 4-1:0.0: could not read from device [ 772.469986][ T42] usb 4-1: USB disconnect, device number 18 [ 772.547563][ T5175] bcm5974 4-1:0.0: could not read from device [ 772.577899][T11951] bcm5974 3-1:0.0: could not read from device [ 772.669901][T13442] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 772.669901][T13442] program syz.4.2073 not setting count and/or reply_len properly [ 772.788341][T13442] fuse: Bad value for 'fd' [ 772.923481][ T5175] bcm5974 3-1:0.0: could not read from device [ 773.124053][T11951] input: failed to attach handler mousedev to device input11, error: -5 [ 773.143321][ T5175] bcm5974 3-1:0.0: could not read from device [ 773.359945][ T24] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 773.549781][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 773.595506][T11951] usb 3-1: USB disconnect, device number 18 [ 773.616643][T12462] bcm5974 3-1:0.0: could not read from device [ 773.654906][ T24] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 774.233124][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 774.241629][ T24] usb 1-1: Product: syz [ 774.245798][ T24] usb 1-1: Manufacturer: syz [ 774.250932][ T24] usb 1-1: SerialNumber: syz [ 774.286625][ T24] usb 1-1: config 0 descriptor?? [ 774.535535][ T24] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 775.006285][ T24] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 776.606603][T11951] usb 1-1: USB disconnect, device number 19 [ 777.533799][T13498] kAFS: No cell specified [ 777.701721][ T24] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 777.839866][T11951] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 778.559919][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 778.567092][ T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 778.584433][ T24] usb 2-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 778.609877][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 778.619879][T11951] usb 5-1: Using ep0 maxpacket: 16 [ 778.650443][T11951] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 778.659235][ T24] usb 2-1: config 0 descriptor?? [ 778.663410][T11951] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 778.677465][T11951] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 778.689180][T13505] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2091'. [ 778.706268][T11951] usb 5-1: config 0 descriptor?? [ 778.723058][ T24] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input12 [ 778.737132][T11951] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input13 [ 778.995704][ T5175] bcm5974 5-1:0.0: could not read from device [ 779.909827][T13487] bcm5974 5-1:0.0: could not read from device [ 779.971031][T11951] usb 5-1: USB disconnect, device number 15 [ 779.988986][T12462] bcm5974 5-1:0.0: could not read from device [ 780.019162][ T24] bcm5974 2-1:0.0: could not read from device [ 780.070409][ T5175] bcm5974 5-1:0.0: could not read from device [ 780.086732][ T24] input: failed to attach handler mousedev to device input12, error: -5 [ 780.133618][ T24] usb 2-1: USB disconnect, device number 16 [ 780.141862][T13512] bcm5974 2-1:0.0: could not read from device [ 780.342736][T13516] fuse: Bad value for 'fd' [ 780.452709][ T5175] bcm5974 2-1:0.0: could not read from device [ 780.719083][T13524] netlink: 'syz.2.2097': attribute type 1 has an invalid length. [ 780.762591][T13524] 8021q: adding VLAN 0 to HW filter on device bond1 [ 780.811378][T13524] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2097'. [ 780.869906][T11951] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 780.941905][T13530] process 'syz.1.2098' launched './file2' with NULL argv: empty string added [ 781.089298][ T30] audit: type=1400 audit(1749803442.919:406): avc: denied { execute_no_trans } for pid=13529 comm="syz.1.2098" path="/431/file2" dev="tmpfs" ino=2288 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 781.113125][T11951] usb 4-1: Using ep0 maxpacket: 8 [ 781.146020][T11951] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 781.179816][T11951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 781.198228][T11951] usb 4-1: Product: syz [ 781.249937][T11951] usb 4-1: Manufacturer: syz [ 781.254576][T11951] usb 4-1: SerialNumber: syz [ 781.315579][T11951] usb 4-1: config 0 descriptor?? [ 781.337526][T13536] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2102'. [ 781.493637][T13543] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 781.493637][T13543] program syz.4.2104 not setting count and/or reply_len properly [ 781.652315][T13543] fuse: Bad value for 'fd' [ 781.758057][T11951] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 781.995618][T11951] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 782.071033][T13545] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 782.101744][T13545] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 782.277215][T13545] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 783.061140][T13558] futex_wake_op: syz.1.2108 tries to shift op by -1; fix this program [ 784.109911][ T5817] Bluetooth: hci3: command 0x0c1a tx timeout [ 784.116027][ T5822] Bluetooth: hci1: command 0x0c1a tx timeout [ 784.199886][T11951] usb 4-1: USB disconnect, device number 19 [ 784.350798][ T5822] Bluetooth: hci2: command 0x0405 tx timeout [ 784.656368][ T30] audit: type=1400 audit(1749803446.539:407): avc: denied { map } for pid=13577 comm="syz.1.2115" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 784.833715][T13578] binder: 13577:13578 ioctl c0306201 200000000240 returned -11 [ 784.838614][ T30] audit: type=1400 audit(1749803446.729:408): avc: denied { set_context_mgr } for pid=13577 comm="syz.1.2115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 784.861262][ C1] vkms_vblank_simulate: vblank timer overrun [ 785.205877][T13587] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2116'. [ 785.460053][T13581] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 785.516203][T13581] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 785.529138][T13581] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 785.530122][T13587] bond1: (slave dummy0): Releasing active interface [ 787.172386][T13611] futex_wake_op: syz.2.2125 tries to shift op by -1; fix this program [ 787.211260][ T5822] Bluetooth: hci1: command 0x0c1a tx timeout [ 787.270560][T13615] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 787.285619][T13615] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 787.294663][T13621] netlink: 'syz.0.2127': attribute type 1 has an invalid length. [ 787.304793][T13615] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 787.404173][T11951] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 787.557730][T13628] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2127'. [ 787.590591][T13621] 8021q: adding VLAN 0 to HW filter on device bond2 [ 787.626501][T13630] bond2: (slave dummy0): making interface the new active one [ 787.639183][T13630] bond2: (slave dummy0): Enslaving as an active interface with an up link [ 787.643337][T11951] usb 4-1: Using ep0 maxpacket: 8 [ 787.702981][T11951] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 787.729743][T11951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 787.751684][T11951] usb 4-1: Product: syz [ 787.755870][T11951] usb 4-1: Manufacturer: syz [ 787.773627][T11951] usb 4-1: SerialNumber: syz [ 787.790557][T11951] usb 4-1: config 0 descriptor?? [ 787.790796][T13633] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2131'. [ 788.146894][T11951] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 788.360805][T11951] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 789.171792][T13654] hub 8-0:1.0: USB hub found [ 789.177405][T13654] hub 8-0:1.0: 1 port detected [ 789.309861][ T5817] Bluetooth: hci1: command 0x0c1a tx timeout [ 789.470152][ T5822] Bluetooth: hci3: command 0x0c1a tx timeout [ 789.476376][ T5817] Bluetooth: hci2: command 0x0405 tx timeout [ 789.684403][T13657] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 789.684403][T13657] program syz.0.2136 not setting count and/or reply_len properly [ 789.694151][ T42] usb 4-1: USB disconnect, device number 20 [ 790.066732][T13662] fuse: Bad value for 'fd' [ 790.771700][T13668] futex_wake_op: syz.1.2139 tries to shift op by -1; fix this program [ 791.633405][ T42] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 793.109855][ T42] usb 2-1: Using ep0 maxpacket: 8 [ 793.126019][ T42] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 793.193058][ T42] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 793.215346][ T42] usb 2-1: Product: syz [ 793.219607][ T42] usb 2-1: Manufacturer: syz [ 793.224673][ T42] usb 2-1: SerialNumber: syz [ 793.245481][ T42] usb 2-1: config 0 descriptor?? [ 793.289464][T13695] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2147'. [ 793.353350][T13695] bond2: (slave dummy0): Releasing active interface [ 793.481519][ T42] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 793.490300][T11951] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 793.643156][T13699] futex_wake_op: syz.0.2150 tries to shift op by -1; fix this program [ 793.731887][T11951] usb 3-1: Using ep0 maxpacket: 8 [ 793.755246][T11951] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 793.761415][T13703] ptrace attach of "./syz-executor exec"[5823] was attempted by "./syz-executor exec"[13703] [ 793.784734][T11951] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 793.805004][T11951] usb 3-1: Product: syz [ 793.829776][T11951] usb 3-1: Manufacturer: syz [ 793.835450][T11951] usb 3-1: SerialNumber: syz [ 793.842610][T11951] usb 3-1: config 0 descriptor?? [ 794.082485][T11951] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 794.335324][T11951] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 794.390511][ T10] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 794.540719][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 794.553907][ T10] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 794.579864][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 794.587898][ T10] usb 5-1: Product: syz [ 794.599729][ T10] usb 5-1: Manufacturer: syz [ 794.604357][ T10] usb 5-1: SerialNumber: syz [ 794.622130][ T10] usb 5-1: config 0 descriptor?? [ 795.006292][ T42] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 795.009364][ T10] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 795.021588][ T42] usb 2-1: USB disconnect, device number 17 [ 795.679767][T11951] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 795.849821][T11951] usb 1-1: Using ep0 maxpacket: 16 [ 795.857721][T11951] usb 1-1: config 5 has an invalid interface number: 168 but max is 0 [ 795.867712][T11951] usb 1-1: config 5 has no interface number 0 [ 795.874357][T11951] usb 1-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 795.886616][T11951] usb 1-1: config 5 interface 168 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 1024 [ 796.613477][T11951] usb 1-1: config 5 interface 168 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 1023 [ 796.623901][T11951] usb 1-1: config 5 interface 168 has no altsetting 0 [ 796.640583][T11951] usb 1-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 796.681639][ T9] usb 3-1: USB disconnect, device number 19 [ 796.725260][T11951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 796.733787][T11951] usb 1-1: Product: syz [ 796.737984][T11951] usb 1-1: Manufacturer: syz [ 796.742956][T11951] usb 1-1: SerialNumber: syz [ 796.802508][T13725] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 796.827167][T13725] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 797.119120][ T10] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 797.425743][ T10] usb 5-1: USB disconnect, device number 16 [ 797.462744][ C0] usb 1-1: NFC: Urb failure (status -71) [ 797.485742][ C0] usb 1-1: NFC: Urb failure (status -71) [ 797.498459][T11951] usb 1-1: NFC: Unable to get FW version [ 797.780899][T11951] pn533_usb 1-1:5.168: probe with driver pn533_usb failed with error -71 [ 797.829186][T11951] usb 1-1: USB disconnect, device number 20 [ 797.914697][ T30] audit: type=1400 audit(1749803459.799:409): avc: denied { create } for pid=13750 comm="syz.3.2164" name="file5" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 798.017471][ T30] audit: type=1400 audit(1749803459.839:410): avc: denied { rename } for pid=13750 comm="syz.3.2164" name="file5" dev="tmpfs" ino=2129 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 798.868998][ T30] audit: type=1400 audit(1749803459.839:411): avc: denied { unlink } for pid=13750 comm="syz.3.2164" name="file7" dev="tmpfs" ino=2129 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 804.047757][T13811] [U] „ [ 804.416194][T13802] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 804.423422][T13802] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 804.430262][T13802] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 804.485859][T13811] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 805.854847][T13829] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2181'. [ 806.099991][T13824] fuse: Bad value for 'fd' [ 806.796270][ T5822] Bluetooth: hci2: command 0x0405 tx timeout [ 806.807080][ T5817] Bluetooth: hci3: command 0x0c1a tx timeout [ 806.910805][ T5822] Bluetooth: hci1: command 0x0c1a tx timeout [ 806.913078][T13818] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 807.154491][T13818] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 807.656108][T13818] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 808.040343][ T24] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 808.250611][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.376549][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.583645][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 808.739815][ T10] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 809.000906][T10983] Bluetooth: hci3: command 0x0c1a tx timeout [ 809.094812][ T24] usb 1-1: config 5 has an invalid interface number: 168 but max is 0 [ 809.127704][ T24] usb 1-1: config 5 has no interface number 0 [ 809.152292][ T24] usb 1-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 809.176275][ T24] usb 1-1: config 5 interface 168 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 1024 [ 809.205241][ T24] usb 1-1: config 5 interface 168 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 1023 [ 809.207320][T13870] No control pipe specified [ 809.229942][ T24] usb 1-1: config 5 interface 168 has no altsetting 0 [ 809.238919][ T24] usb 1-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 809.259756][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 809.259763][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 809.259783][ T24] usb 1-1: Product: syz [ 809.289728][ T24] usb 1-1: Manufacturer: syz [ 809.299872][ T24] usb 1-1: SerialNumber: syz [ 809.319265][T13850] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 809.338355][T13850] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 809.352533][ T10] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 809.372679][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 809.395837][ T10] usb 4-1: config 0 descriptor?? [ 809.625970][T13875] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2193'. [ 809.710144][T10983] Bluetooth: hci2: command 0x0405 tx timeout [ 809.791919][ T10] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 809.838212][ C1] usb 1-1: NFC: Urb failure (status -71) [ 809.859605][ C1] usb 1-1: NFC: Urb failure (status -71) [ 809.867054][ T24] usb 1-1: NFC: Unable to get FW version [ 809.873165][ T24] pn533_usb 1-1:5.168: probe with driver pn533_usb failed with error -71 [ 809.873436][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 809.907889][ T10] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 809.969605][ T24] usb 1-1: USB disconnect, device number 21 [ 809.982013][ T10] usb 4-1: media controller created [ 810.062073][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 810.506348][ T10] az6027: usb out operation failed. (-71) [ 810.532593][ T10] az6027: usb out operation failed. (-71) [ 810.549083][ T10] stb0899_attach: Driver disabled by Kconfig [ 810.559210][ T10] az6027: no front-end attached [ 810.559210][ T10] [ 810.569366][ T10] az6027: usb out operation failed. (-71) [ 810.590476][ T10] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 810.629188][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input14 [ 810.688286][ T10] dvb-usb: schedule remote query interval to 400 msecs. [ 810.709384][ T10] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 810.729368][ T10] usb 4-1: USB disconnect, device number 21 [ 811.371572][T13896] [U] „ [ 811.789727][T13896] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 811.995936][ T10] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 812.444218][T13914] [U] „ [ 814.605056][T13934] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2205'. [ 814.970499][T13937] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2206'. [ 815.394303][T13945] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 815.394303][T13945] program syz.1.2209 not setting count and/or reply_len properly [ 815.716823][T13945] fuse: Bad value for 'fd' [ 817.055321][T13960] netlink: 'syz.4.2214': attribute type 1 has an invalid length. [ 817.097910][T13960] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2214'. [ 817.173899][T13960] bond5: (slave dummy0): Releasing active interface [ 818.944296][T13978] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2219'. [ 819.069829][ T10] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 819.315121][ T10] usb 3-1: config 0 has an invalid interface number: 163 but max is 0 [ 819.390891][ T10] usb 3-1: config 0 has no interface number 0 [ 819.471556][ T10] usb 3-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=53.86 [ 819.495826][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 819.519980][ T30] audit: type=1400 audit(1749803481.389:412): avc: denied { mount } for pid=13984 comm="syz.1.2222" name="/" dev="autofs" ino=36406 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 819.546177][ T10] usb 3-1: Product: syz [ 819.555098][ T10] usb 3-1: Manufacturer: syz [ 819.796245][T13993] [U] „ [ 820.165916][ T10] usb 3-1: SerialNumber: syz [ 820.172780][ T10] usb 3-1: config 0 descriptor?? [ 820.207135][T13993] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 820.908770][ T10] ath6kl: Failed to read usb control message: -32 [ 820.940941][ T10] ath6kl: Unable to read the bmi data from the device: -32 [ 820.948260][ T10] ath6kl: Unable to recv target info: -32 [ 820.976099][ T10] ath6kl: Failed to init ath6kl core: -32 [ 821.002011][ T10] ath6kl_usb 3-1:0.163: probe with driver ath6kl_usb failed with error -32 [ 821.614647][ T10] usb 3-1: USB disconnect, device number 20 [ 821.685800][T14009] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 821.685800][T14009] program syz.4.2225 not setting count and/or reply_len properly [ 821.754610][T14008] fuse: Bad value for 'fd' [ 822.019863][ T30] audit: type=1400 audit(1749803483.899:413): avc: denied { unmount } for pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 824.012266][T14026] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 824.969181][T14036] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2235'. [ 826.812256][T14060] hub 8-0:1.0: USB hub found [ 826.817943][T14060] hub 8-0:1.0: 1 port detected [ 828.360395][ T10] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 828.974624][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 829.036552][ T10] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 829.047553][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 829.558717][ T10] usb 5-1: config 0 descriptor?? [ 830.743859][ T10] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 830.775104][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 831.520237][ T10] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 831.542401][T14091] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 831.542494][ T10] usb 5-1: media controller created [ 831.843054][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 831.908308][T14098] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 831.908308][T14098] program syz.2.2251 not setting count and/or reply_len properly [ 832.110165][T14098] fuse: Bad value for 'fd' [ 832.222225][ T10] az6027: usb out operation failed. (-71) [ 832.251700][ T10] az6027: usb out operation failed. (-71) [ 832.278619][ T10] stb0899_attach: Driver disabled by Kconfig [ 832.299810][ T10] az6027: no front-end attached [ 832.299810][ T10] [ 832.308758][ T10] az6027: usb out operation failed. (-71) [ 832.319908][ T10] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 832.337878][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input15 [ 832.498707][ T10] dvb-usb: schedule remote query interval to 400 msecs. [ 832.961918][ T10] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 832.974139][ T10] usb 5-1: USB disconnect, device number 17 [ 833.816655][T14113] hub 8-0:1.0: USB hub found [ 833.821814][T14113] hub 8-0:1.0: 1 port detected [ 834.183049][ T10] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 835.153685][T14124] netlink: 'syz.2.2260': attribute type 1 has an invalid length. [ 835.298027][T14124] 8021q: adding VLAN 0 to HW filter on device bond2 [ 835.350990][T14133] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2260'. [ 837.582360][ T30] audit: type=1400 audit(1749803499.479:414): avc: denied { create } for pid=14142 comm="syz.0.2265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 837.791331][T14153] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 837.791331][T14153] program syz.2.2266 not setting count and/or reply_len properly [ 839.087270][T14153] fuse: Bad value for 'fd' [ 839.283228][T14168] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2271'. [ 839.973169][T14174] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 839.973169][T14174] program syz.3.2273 not setting count and/or reply_len properly [ 840.035742][T14174] fuse: Bad value for 'fd' [ 841.922642][T14193] serio: Serial port ttyS3 [ 842.519621][T14198] netlink: 'syz.1.2280': attribute type 1 has an invalid length. [ 842.598886][T14198] 8021q: adding VLAN 0 to HW filter on device bond2 [ 842.722783][T14204] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2280'. [ 842.802072][T14207] fuse: Unknown parameter 'group_id00000000000000000000' [ 842.831870][T14198] bond1: (slave dummy0): Releasing active interface [ 844.599859][ T24] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 844.880565][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 845.051431][ T24] usb 3-1: config 0 has an invalid interface number: 115 but max is 0 [ 845.064281][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 845.074698][ T24] usb 3-1: config 0 has no interface number 0 [ 845.081393][ T24] usb 3-1: config 0 interface 115 altsetting 0 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 845.093455][ T24] usb 3-1: config 0 interface 115 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 845.108526][ T24] usb 3-1: New USB device found, idVendor=eb1a, idProduct=2875, bcdDevice=6f.3f [ 845.118113][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 845.139724][ T24] usb 3-1: Product: syz [ 845.143918][ T24] usb 3-1: Manufacturer: syz [ 845.148512][ T24] usb 3-1: SerialNumber: syz [ 845.165503][ T24] usb 3-1: config 0 descriptor?? [ 845.621781][ T10] usb 3-1: USB disconnect, device number 21 [ 846.472381][T14258] [U] „ [ 849.045232][T14270] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2300'. [ 849.430383][T14285] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2304'. [ 851.930602][T14308] nbd2: detected capacity change from 0 to 4294967296 [ 854.136734][T14308] block nbd2: shutting down sockets [ 854.152700][ C0] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 854.161738][ C0] buffer_io_error: 12 callbacks suppressed [ 854.161746][ C0] Buffer I/O error on dev nbd2, logical block 0, async page read [ 854.175442][T14115] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 854.185764][T14115] Buffer I/O error on dev nbd2, logical block 0, async page read [ 854.193787][T14115] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 854.206830][T14115] Buffer I/O error on dev nbd2, logical block 0, async page read [ 854.227345][T14115] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 854.243851][T14115] Buffer I/O error on dev nbd2, logical block 0, async page read [ 854.259494][T14115] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 854.292975][T14115] Buffer I/O error on dev nbd2, logical block 0, async page read [ 854.382422][T14115] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 854.402771][T14115] Buffer I/O error on dev nbd2, logical block 0, async page read [ 854.431222][T14336] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 854.431222][T14336] program syz.4.2319 not setting count and/or reply_len properly [ 854.459954][T14115] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 854.469824][T14336] fuse: Bad value for 'fd' [ 854.481453][T14115] Buffer I/O error on dev nbd2, logical block 0, async page read [ 854.489341][T14115] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 854.498664][T14115] Buffer I/O error on dev nbd2, logical block 0, async page read [ 854.507948][T14115] ldm_validate_partition_table(): Disk read failed. [ 854.535900][T14115] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 854.590794][T14115] Buffer I/O error on dev nbd2, logical block 0, async page read [ 854.599044][T14115] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 854.642138][T14115] Buffer I/O error on dev nbd2, logical block 0, async page read [ 854.662726][T14115] Dev nbd2: unable to read RDB block 0 [ 854.669587][T14115] nbd2: unable to read partition table [ 854.746293][T14115] ldm_validate_partition_table(): Disk read failed. [ 854.771666][T14115] Dev nbd2: unable to read RDB block 0 [ 855.246289][T14115] nbd2: unable to read partition table [ 857.413288][ T10] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 857.582150][ T10] usb 3-1: config 0 has an invalid interface number: 163 but max is 0 [ 857.591855][ T10] usb 3-1: config 0 has no interface number 0 [ 857.601603][ T10] usb 3-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=53.86 [ 857.610945][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 857.634983][ T10] usb 3-1: Product: syz [ 857.639260][ T10] usb 3-1: Manufacturer: syz [ 857.707494][ T10] usb 3-1: SerialNumber: syz [ 857.749571][ T10] usb 3-1: config 0 descriptor?? [ 858.271644][ T10] ath6kl: Unsupported hardware version: 0x0 [ 858.311059][ T10] ath6kl: Failed to init ath6kl core: -22 [ 858.339554][ T10] ath6kl_usb 3-1:0.163: probe with driver ath6kl_usb failed with error -22 [ 858.448339][ T10] usb 3-1: USB disconnect, device number 22 [ 859.123110][T14383] futex_wake_op: syz.4.2334 tries to shift op by -1; fix this program [ 859.240284][T14389] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[14389] [ 862.427449][T14429] binder: 14417:14429 ioctl c0306201 0 returned -14 [ 864.298308][T14449] futex_wake_op: syz.0.2353 tries to shift op by -1; fix this program [ 864.423128][T14455] ptrace attach of "./syz-executor exec"[5823] was attempted by "./syz-executor exec"[14455] [ 864.852192][T14458] [U] „ [ 865.221057][T14458] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 867.029797][T14477] hub 8-0:1.0: USB hub found [ 867.044918][T14477] hub 8-0:1.0: 1 port detected [ 867.567660][T14480] netlink: 'syz.2.2360': attribute type 10 has an invalid length. [ 867.645234][T14480] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 868.620811][T14484] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2361'. [ 868.857371][T10983] block nbd2: Receive control failed (result -32) [ 868.945703][T14494] nbd2: detected capacity change from 0 to 4294967296 [ 868.968558][T14494] block nbd2: shutting down sockets [ 869.942617][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 869.949011][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.199061][T14509] futex_wake_op: syz.2.2369 tries to shift op by -1; fix this program [ 870.321682][T14515] ptrace attach of "./syz-executor exec"[5827] was attempted by "./syz-executor exec"[14515] [ 870.649907][T11951] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 871.389844][T11951] usb 4-1: Using ep0 maxpacket: 16 [ 871.416137][T11951] usb 4-1: config 5 has an invalid interface number: 168 but max is 0 [ 871.871630][T11951] usb 4-1: config 5 has no interface number 0 [ 871.877760][T11951] usb 4-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 871.908028][T11951] usb 4-1: config 5 interface 168 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 1024 [ 871.916446][T14529] fuse: Bad value for 'fd' [ 871.946531][T11951] usb 4-1: config 5 interface 168 has no altsetting 0 [ 872.100406][T11951] usb 4-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 872.125494][T11951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 872.388577][T14531] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2375'. [ 872.914543][T11951] usb 4-1: Product: syz [ 872.918742][T11951] usb 4-1: Manufacturer: syz [ 872.979905][T11951] usb 4-1: SerialNumber: syz [ 873.034905][T14513] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 873.390309][T11951] pn533_usb 4-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 873.406186][T11951] usb 4-1: USB disconnect, device number 22 [ 874.229717][T14560] nbd4: detected capacity change from 0 to 4294967296 [ 875.003625][T10983] block nbd4: Receive control failed (result -104) [ 875.325534][T14572] netlink: 'syz.1.2386': attribute type 1 has an invalid length. [ 875.361683][T14571] block nbd3: shutting down sockets [ 875.551967][T14574] 8021q: adding VLAN 0 to HW filter on device bond4 [ 875.580748][T14572] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2386'. [ 875.590612][T14574] bond3: (slave bond4): Enslaving as an active interface with an up link [ 875.623512][T14572] 8021q: adding VLAN 0 to HW filter on device bond3 [ 875.747843][T14579] futex_wake_op: syz.2.2388 tries to shift op by -1; fix this program [ 875.909445][T14582] fuse: Bad value for 'fd' [ 876.090202][T14583] ptrace attach of "./syz-executor exec"[5827] was attempted by "./syz-executor exec"[14583] [ 878.456669][T14614] [U] „ [ 878.778845][T14614] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 879.783668][T14628] netlink: 'syz.3.2402': attribute type 10 has an invalid length. [ 879.814499][T14628] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 880.086089][T14632] futex_wake_op: syz.3.2404 tries to shift op by -1; fix this program [ 880.170369][T14635] ptrace attach of "./syz-executor exec"[5819] was attempted by "./syz-executor exec"[14635] [ 881.389885][T11951] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 881.578508][T14650] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2409'. [ 881.590731][T14650] dummy0: entered promiscuous mode [ 881.835263][T14654] [U] „ [ 882.155173][T11951] usb 2-1: config 0 has an invalid interface number: 163 but max is 0 [ 882.169729][T11951] usb 2-1: config 0 has no interface number 0 [ 882.185855][T11951] usb 2-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=53.86 [ 882.195167][T11951] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 882.209470][T11951] usb 2-1: Product: syz [ 882.213998][T11951] usb 2-1: Manufacturer: syz [ 882.218688][T11951] usb 2-1: SerialNumber: syz [ 882.235315][T11951] usb 2-1: config 0 descriptor?? [ 883.029995][T11951] ath6kl: Unsupported hardware version: 0x0 [ 883.583343][T11951] ath6kl: Failed to init ath6kl core: -22 [ 883.589593][T11951] ath6kl_usb 2-1:0.163: probe with driver ath6kl_usb failed with error -22 [ 883.839933][T11951] usb 2-1: USB disconnect, device number 18 [ 884.819759][T14689] fuse: Bad value for 'fd' [ 888.928194][T14735] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2429'. [ 888.950139][T11951] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 889.008553][T14733] bond3 (unregistering): Released all slaves [ 889.124934][T11951] usb 1-1: config 0 has an invalid interface number: 163 but max is 0 [ 889.140245][T11951] usb 1-1: config 0 has no interface number 0 [ 889.154854][T11951] usb 1-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=53.86 [ 889.174996][T11951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 889.188802][T11951] usb 1-1: Product: syz [ 889.195503][T11951] usb 1-1: Manufacturer: syz [ 889.200258][T11951] usb 1-1: SerialNumber: syz [ 889.207510][T11951] usb 1-1: config 0 descriptor?? [ 889.649278][T11951] ath6kl: Unsupported hardware version: 0x0 [ 890.156919][T14753] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2431'. [ 890.443310][T11951] ath6kl: Failed to init ath6kl core: -22 [ 890.449450][T11951] ath6kl_usb 1-1:0.163: probe with driver ath6kl_usb failed with error -22 [ 890.498998][T11951] usb 1-1: USB disconnect, device number 22 [ 890.999320][ T5817] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 891.008018][ T5817] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 891.016300][ T5817] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 891.028843][ T5817] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 891.096204][T14763] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2435'. [ 891.594319][ T5817] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 891.637602][ T30] audit: type=1400 audit(1749803553.529:415): avc: denied { mounton } for pid=14761 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 891.724644][T14765] netlink: 'syz.1.2437': attribute type 10 has an invalid length. [ 891.737887][T14761] lo speed is unknown, defaulting to 1000 [ 891.785030][T14765] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 893.332444][T14761] chnl_net:caif_netlink_parms(): no params data found [ 893.488403][T14792] futex_wake_op: syz.1.2442 tries to shift op by -1; fix this program [ 893.527208][T14761] bridge0: port 1(bridge_slave_0) entered blocking state [ 893.536321][T14761] bridge0: port 1(bridge_slave_0) entered disabled state [ 893.608646][T14794] binder: 14786:14794 ioctl 4018620d 0 returned -22 [ 893.715826][ T5817] Bluetooth: hci5: command tx timeout [ 894.046914][T14761] bridge_slave_0: entered allmulticast mode [ 894.054703][T14761] bridge_slave_0: entered promiscuous mode [ 894.063047][T14761] bridge0: port 2(bridge_slave_1) entered blocking state [ 894.070275][T14761] bridge0: port 2(bridge_slave_1) entered disabled state [ 894.077772][T14761] bridge_slave_1: entered allmulticast mode [ 894.080128][T14795] ptrace attach of "./syz-executor exec"[5813] was attempted by "./syz-executor exec"[14795] [ 894.117102][T14761] bridge_slave_1: entered promiscuous mode [ 894.229544][T14761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 894.292553][T14761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 894.487281][T14761] team0: Port device team_slave_0 added [ 895.516398][T14761] team0: Port device team_slave_1 added [ 896.514283][ T5817] Bluetooth: hci5: command tx timeout [ 896.804663][T14761] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 897.058534][T14761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 897.160190][T14761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 897.203400][T14761] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 897.211474][T14761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 897.237537][T14761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 897.334738][T14761] hsr_slave_0: entered promiscuous mode [ 897.346468][T14810] block nbd3: shutting down sockets [ 897.357399][T14761] hsr_slave_1: entered promiscuous mode [ 897.377697][T14761] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 897.385710][T14761] Cannot create hsr debugfs directory [ 897.609613][T14818] netlink: 'syz.3.2450': attribute type 10 has an invalid length. [ 898.209748][T14825] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2452'. [ 898.561125][T14827] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 898.590029][T10983] Bluetooth: hci5: command tx timeout [ 898.711011][T14761] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 898.721880][T14761] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 898.733319][T14761] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 898.762267][T14761] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 899.428755][T14851] binder: 14847:14851 ioctl 4018620d 0 returned -22 [ 899.745745][T14761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 899.798635][T14761] 8021q: adding VLAN 0 to HW filter on device team0 [ 899.816584][ T7094] bridge0: port 1(bridge_slave_0) entered blocking state [ 899.823717][ T7094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 899.846740][ T7094] bridge0: port 2(bridge_slave_1) entered blocking state [ 899.853884][ T7094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 899.995648][T14856] futex_wake_op: syz.0.2461 tries to shift op by -1; fix this program [ 900.120163][T14862] ptrace attach of "./syz-executor exec"[5823] was attempted by "./syz-executor exec"[14862] [ 900.432175][T14865] serio: Serial port ttyS3 [ 900.689858][T10983] Bluetooth: hci5: command tx timeout [ 901.185158][T14761] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 902.489661][T14761] veth0_vlan: entered promiscuous mode [ 902.502323][T14761] veth1_vlan: entered promiscuous mode [ 902.555534][T14761] veth0_macvtap: entered promiscuous mode [ 902.567910][T14761] veth1_macvtap: entered promiscuous mode [ 902.588280][T14761] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 902.756360][T14885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2465'. [ 902.887175][T14761] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 902.949191][T14761] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 902.962928][T14761] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 902.977804][T14761] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 903.005059][T14761] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 903.118693][T14889] 8021q: adding VLAN 0 to HW filter on device bond1 [ 903.168151][T14889] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2468'. [ 903.312205][T14889] vlan2: entered promiscuous mode [ 903.339097][T14889] bond1: entered promiscuous mode [ 903.812668][T14897] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 903.893216][ T7093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 903.918095][ T7093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 903.972445][ T7093] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 903.998714][ T7093] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 904.146151][ T30] audit: type=1400 audit(1749803566.039:416): avc: denied { mount } for pid=14761 comm="syz-executor" name="/" dev="gadgetfs" ino=7425 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 905.403017][ T6261] block nbd4: Possible stuck request ffff888026ba5080: control (read@0,4096B). Runtime 30 seconds [ 905.526345][T14915] netlink: 'syz.5.2432': attribute type 10 has an invalid length. [ 905.587782][T14915] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 905.764498][T14920] fuse: Bad value for 'fd' [ 906.367843][T14926] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2477'. [ 906.941848][T14933] fuse: Bad value for 'fd' [ 907.461733][T14938] fuse: Bad value for 'fd' [ 908.425287][ T30] audit: type=1400 audit(1749803570.319:417): avc: denied { connect } for pid=14947 comm="syz.2.2485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 908.909953][T14966] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2489'. [ 909.703425][T14977] [U] „ [ 911.084812][T14990] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 911.859615][T14999] netlink: 'syz.3.2499': attribute type 10 has an invalid length. [ 914.088937][T15027] [U] „ [ 914.971602][T15043] fuse: Bad value for 'fd' [ 917.069162][T15062] netlink: 'syz.1.2514': attribute type 10 has an invalid length. [ 918.258733][T15079] netlink: 'syz.3.2522': attribute type 10 has an invalid length. [ 919.627695][ T30] audit: type=1400 audit(1749803581.499:418): avc: denied { read write } for pid=15096 comm="syz.5.2527" name="uinput" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 919.656798][T15097] input: syz1 as /devices/virtual/input/input16 [ 919.751275][ T30] audit: type=1400 audit(1749803581.499:419): avc: denied { open } for pid=15096 comm="syz.5.2527" path="/dev/uinput" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 919.774843][ C0] vkms_vblank_simulate: vblank timer overrun [ 920.446249][ T30] audit: type=1400 audit(1749803581.509:420): avc: denied { ioctl } for pid=15096 comm="syz.5.2527" path="/dev/uinput" dev="devtmpfs" ino=921 ioctlcmd=0x5564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 920.471382][ C0] vkms_vblank_simulate: vblank timer overrun [ 921.726254][T15112] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2529'. [ 922.212989][T15114] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2530'. [ 922.266487][T15114] bond2 (unregistering): Released all slaves [ 922.291402][T15118] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2530'. [ 923.304507][T15136] [U] „ [ 923.809377][T15136] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 924.317721][T15146] [U] „ [ 924.873553][T15152] netlink: 'syz.2.2539': attribute type 10 has an invalid length. [ 927.108958][T15175] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2545'. [ 928.701738][T15187] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 928.715415][T11951] IPVS: starting estimator thread 0... [ 928.839814][T15188] IPVS: using max 38 ests per chain, 91200 per kthread [ 929.049309][T15193] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 929.567458][ T30] audit: type=1400 audit(1749803591.039:421): avc: denied { create } for pid=15189 comm="syz.2.2550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 929.647122][ T30] audit: type=1400 audit(1749803591.059:422): avc: denied { bind } for pid=15189 comm="syz.2.2550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 931.109817][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.116126][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.575142][T15220] wireguard0: entered promiscuous mode [ 932.581411][T15220] wireguard0: entered allmulticast mode [ 932.953188][T15229] fuse: Bad value for 'fd' [ 933.067744][T15235] input: syz1 as /devices/virtual/input/input17 [ 933.074183][T15235] input: failed to attach handler leds to device input17, error: -6 [ 935.289714][T13447] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 936.819687][T13447] usb 3-1: Using ep0 maxpacket: 32 [ 937.009085][ T6261] block nbd4: Possible stuck request ffff888026ba5080: control (read@0,4096B). Runtime 60 seconds [ 937.029778][T13447] usb 3-1: device descriptor read/all, error -71 [ 938.133885][T15284] netlink: 'syz.1.2574': attribute type 1 has an invalid length. [ 938.657178][T15286] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2574'. [ 938.671454][T15284] 8021q: adding VLAN 0 to HW filter on device bond5 [ 938.691089][T15286] vlan0: entered promiscuous mode [ 938.696129][T15286] bond5: entered promiscuous mode [ 938.736811][T15284] bond5: (slave dummy0): Enslaving as an active interface with an up link [ 939.124691][T15297] [U] „ [ 939.512438][T15294] fuse: Bad value for 'fd' [ 939.577703][T15297] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 941.325443][T15321] Invalid ELF header magic: != ELF [ 941.462946][ T30] audit: type=1400 audit(1749803603.219:423): avc: denied { module_load } for pid=15317 comm="syz.2.2582" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 943.622913][T15331] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2586'. [ 943.963149][T15339] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 943.963149][T15339] program syz.0.2587 not setting count and/or reply_len properly [ 944.080528][T15339] fuse: Bad value for 'fd' [ 944.343407][T15345] veth0_vlan: entered allmulticast mode [ 944.429860][T15345] lo speed is unknown, defaulting to 1000 [ 946.908475][ T30] audit: type=1400 audit(1749803608.799:424): avc: denied { listen } for pid=15362 comm="syz.1.2596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 947.432117][T15379] [U] „ [ 952.349125][T15433] netlink: 'syz.2.2612': attribute type 10 has an invalid length. [ 954.045727][T15446] netlink: 1688 bytes leftover after parsing attributes in process `syz.5.2618'. [ 955.259855][ T30] audit: type=1400 audit(1749803617.149:425): avc: denied { write } for pid=15453 comm="syz.5.2621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 955.440780][ T5817] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 955.454718][ T5817] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 955.462944][ T5817] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 955.471507][ T5817] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 955.490942][ T5817] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 955.923854][T15459] lo speed is unknown, defaulting to 1000 [ 955.935228][T15465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 956.563077][T15474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 956.849956][ T30] audit: type=1400 audit(1749803618.739:426): avc: denied { setopt } for pid=15476 comm="syz.1.2628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 957.132248][ T30] audit: type=1400 audit(1749803618.739:427): avc: denied { getopt } for pid=15476 comm="syz.1.2628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 957.353882][T15459] chnl_net:caif_netlink_parms(): no params data found [ 957.404843][T15488] netlink: 'syz.5.2630': attribute type 72 has an invalid length. [ 957.629890][ T5817] Bluetooth: hci3: command tx timeout [ 957.687285][T15459] bridge0: port 1(bridge_slave_0) entered blocking state [ 957.694484][T15459] bridge0: port 1(bridge_slave_0) entered disabled state [ 957.701858][T15459] bridge_slave_0: entered allmulticast mode [ 957.721911][T15459] bridge_slave_0: entered promiscuous mode [ 957.735504][T15459] bridge0: port 2(bridge_slave_1) entered blocking state [ 957.742768][T15459] bridge0: port 2(bridge_slave_1) entered disabled state [ 957.751903][T15459] bridge_slave_1: entered allmulticast mode [ 957.762183][T15459] bridge_slave_1: entered promiscuous mode [ 957.862481][T15459] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 957.881079][T15459] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 958.531698][T15459] team0: Port device team_slave_0 added [ 958.565115][T15459] team0: Port device team_slave_1 added [ 958.597656][T15511] fuse: Unknown parameter 'user_i00000000000000000000' [ 959.266937][T15459] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 959.276250][T15459] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 959.310708][T15459] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 959.335275][T15516] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 959.336615][T15459] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 959.355710][T15459] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 959.390538][T15517] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 959.488112][T15459] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 960.123513][ T5817] Bluetooth: hci3: command tx timeout [ 960.173536][T15459] hsr_slave_0: entered promiscuous mode [ 960.180053][T15459] hsr_slave_1: entered promiscuous mode [ 960.192199][T15459] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 960.200683][T15459] Cannot create hsr debugfs directory [ 960.581071][T15459] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 960.603632][T15459] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 960.633930][T15459] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 960.713675][T15526] netlink: 'syz.2.2641': attribute type 72 has an invalid length. [ 961.103377][T15459] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 962.085225][T15459] 8021q: adding VLAN 0 to HW filter on device bond0 [ 962.115820][T15459] 8021q: adding VLAN 0 to HW filter on device team0 [ 962.189701][ T5817] Bluetooth: hci3: command tx timeout [ 962.208737][ T7094] bridge0: port 1(bridge_slave_0) entered blocking state [ 962.215910][ T7094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 962.275479][ T7094] bridge0: port 2(bridge_slave_1) entered blocking state [ 962.282708][ T7094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 962.308715][T15551] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 963.674416][T15566] veth0_vlan: entered allmulticast mode [ 964.270003][ T5817] Bluetooth: hci3: command tx timeout [ 964.279838][T15459] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 965.272906][T15579] fuse: Bad value for 'fd' [ 966.136628][T15589] netlink: 'syz.5.2653': attribute type 72 has an invalid length. [ 966.226543][T15592] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 966.226543][T15592] program syz.1.2654 not setting count and/or reply_len properly [ 966.370221][T15592] fuse: Bad value for 'fd' [ 966.659014][T15459] veth0_vlan: entered promiscuous mode [ 966.676045][T15459] veth1_vlan: entered promiscuous mode [ 966.707187][T15459] veth0_macvtap: entered promiscuous mode [ 966.717357][T15459] veth1_macvtap: entered promiscuous mode [ 966.845513][T15459] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 967.353357][T15459] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 967.375330][T15459] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.384583][T15459] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.394559][T15459] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.403554][T15459] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.437057][T15593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 967.998517][ T6261] block nbd4: Possible stuck request ffff888026ba5080: control (read@0,4096B). Runtime 90 seconds [ 968.109396][ T7092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 968.136762][ T7092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 968.768310][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 968.782271][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 971.202449][T15631] fuse: Bad value for 'user_id' [ 971.219848][T15631] fuse: Bad value for 'user_id' [ 971.736768][T15638] lo speed is unknown, defaulting to 1000 [ 973.251032][T15651] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 973.397911][T15655] serio: Serial port ttyS3 [ 975.361482][T15676] netlink: 'syz.2.2674': attribute type 10 has an invalid length. [ 976.360311][ T30] audit: type=1400 audit(1749803638.259:428): avc: denied { read } for pid=15687 comm="syz.6.2677" dev="sockfs" ino=45913 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 976.544166][ T30] audit: type=1400 audit(1749803638.299:429): avc: denied { ioctl } for pid=15687 comm="syz.6.2677" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1272 ioctlcmd=0xf509 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 976.576575][ T30] audit: type=1400 audit(1749803638.309:430): avc: denied { read } for pid=15689 comm="syz.1.2678" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 977.136123][ T30] audit: type=1400 audit(1749803638.309:431): avc: denied { open } for pid=15689 comm="syz.1.2678" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 979.562433][T15711] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 980.775759][ T30] audit: type=1400 audit(1749803642.599:432): avc: denied { connect } for pid=15714 comm="syz.6.2686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 985.312679][T15764] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2697'. [ 985.659395][T15772] wlan1 speed is unknown, defaulting to 1000 [ 985.803879][T15772] wlan1 speed is unknown, defaulting to 1000 [ 986.118949][T15772] wlan1 speed is unknown, defaulting to 1000 [ 989.320320][ T5190] udevd[5190]: worker [14115] /devices/virtual/block/nbd4 is taking a long time [ 989.532385][T15797] syz.1.2704: attempt to access beyond end of device [ 989.532385][T15797] loop3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 989.545422][ T30] audit: type=1400 audit(1749803651.419:433): avc: denied { mounton } for pid=15794 comm="syz.1.2704" path="/566/file0" dev="tmpfs" ino=2991 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 989.554265][ T10] wlan1 speed is unknown, defaulting to 1000 [ 989.578769][T15772] infiniband syz2: set down [ 989.589068][T15772] infiniband syz2: added wlan1 [ 989.620788][T15797] FAT-fs (loop3): unable to read boot sector [ 989.763942][T15772] syz2: rxe_create_cq: returned err = -12 [ 989.791115][T15772] infiniband syz2: Couldn't create ib_mad CQ [ 989.801817][T15772] infiniband syz2: Couldn't open port 1 [ 989.964621][T15772] RDS/IB: syz2: added [ 989.972504][T15772] smc: adding ib device syz2 with port count 1 [ 989.978932][T15772] smc: ib device syz2 port 1 has pnetid [ 989.991797][ T10] wlan1 speed is unknown, defaulting to 1000 [ 991.016202][T15772] wlan1 speed is unknown, defaulting to 1000 [ 992.602241][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.608544][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.974823][T15837] fuse: Bad value for 'fd' [ 994.584883][T15772] wlan1 speed is unknown, defaulting to 1000 [ 994.898073][T15772] wlan1 speed is unknown, defaulting to 1000 [ 996.853785][T15772] wlan1 speed is unknown, defaulting to 1000 [ 997.059252][T15772] wlan1 speed is unknown, defaulting to 1000 [ 998.326784][ T6261] block nbd4: Possible stuck request ffff888026ba5080: control (read@0,4096B). Runtime 120 seconds [ 998.653651][T15772] wlan1 speed is unknown, defaulting to 1000 [ 999.432741][T15772] wlan1 speed is unknown, defaulting to 1000 [ 1002.409814][T15912] [U] „ [ 1002.751268][T15912] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1003.110621][T10983] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1003.145660][T10983] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1003.157565][T10983] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1003.171155][T10983] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1003.287677][T10983] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1004.011199][T15924] lo speed is unknown, defaulting to 1000 [ 1004.061803][T15924] wlan1 speed is unknown, defaulting to 1000 [ 1005.452225][ T30] audit: type=1326 audit(1749803667.349:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15929 comm="syz.3.2740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669998e929 code=0x7ffc0000 [ 1005.455002][T15946] syz.3.2740: attempt to access beyond end of device [ 1005.455002][T15946] loop7: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1005.488562][T15946] FAT-fs (loop7): unable to read boot sector [ 1005.532081][ T30] audit: type=1326 audit(1749803667.349:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15929 comm="syz.3.2740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669998e929 code=0x7ffc0000 [ 1005.680917][ T30] audit: type=1326 audit(1749803667.349:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15929 comm="syz.3.2740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f669998e929 code=0x7ffc0000 [ 1005.890534][ T5817] Bluetooth: hci6: command tx timeout [ 1006.249528][ T30] audit: type=1326 audit(1749803667.349:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15929 comm="syz.3.2740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669998e929 code=0x7ffc0000 [ 1006.368889][T15951] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2745'. [ 1006.405920][ T30] audit: type=1326 audit(1749803667.349:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15929 comm="syz.3.2740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669998e929 code=0x7ffc0000 [ 1006.539716][ T30] audit: type=1326 audit(1749803667.349:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15929 comm="syz.3.2740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f669998e929 code=0x7ffc0000 [ 1006.617083][T15924] chnl_net:caif_netlink_parms(): no params data found [ 1006.627873][ T30] audit: type=1326 audit(1749803667.349:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15929 comm="syz.3.2740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669998e929 code=0x7ffc0000 [ 1006.810939][ T30] audit: type=1326 audit(1749803667.349:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15929 comm="syz.3.2740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669998e929 code=0x7ffc0000 [ 1006.835031][ T30] audit: type=1326 audit(1749803667.349:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15929 comm="syz.3.2740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f669998e929 code=0x7ffc0000 [ 1006.858659][ T30] audit: type=1326 audit(1749803667.389:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15929 comm="syz.3.2740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f669998e929 code=0x7ffc0000 [ 1007.999661][ T5817] Bluetooth: hci6: command tx timeout [ 1008.070036][T15969] fuse: Unknown parameter '0x0000000000000006' [ 1008.169295][T15924] bridge0: port 1(bridge_slave_0) entered blocking state [ 1008.176743][T15924] bridge0: port 1(bridge_slave_0) entered disabled state [ 1008.191338][T15924] bridge_slave_0: entered allmulticast mode [ 1008.259069][T15924] bridge_slave_0: entered promiscuous mode [ 1008.278671][T15924] bridge0: port 2(bridge_slave_1) entered blocking state [ 1008.309841][T15924] bridge0: port 2(bridge_slave_1) entered disabled state [ 1008.488641][T15924] bridge_slave_1: entered allmulticast mode [ 1008.835880][T15924] bridge_slave_1: entered promiscuous mode [ 1008.934724][T15974] lo speed is unknown, defaulting to 1000 [ 1008.941188][T15974] wlan1 speed is unknown, defaulting to 1000 [ 1009.041434][T15924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1009.110428][T15924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1009.872542][T15924] team0: Port device team_slave_0 added [ 1009.895522][T15984] netlink: 'syz.3.2750': attribute type 10 has an invalid length. [ 1009.903267][T15924] team0: Port device team_slave_1 added [ 1009.991311][T15924] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1009.998696][T15924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1010.029686][ T5817] Bluetooth: hci6: command tx timeout [ 1010.041355][T15924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1010.071754][T15924] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1010.078821][T15924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1010.137333][T15924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1010.389997][T15992] [U] „ [ 1011.026355][ T6772] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1011.505576][T15924] hsr_slave_0: entered promiscuous mode [ 1011.691087][T15924] hsr_slave_1: entered promiscuous mode [ 1011.698060][T15924] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1011.759111][T15924] Cannot create hsr debugfs directory [ 1012.167255][ T5817] Bluetooth: hci6: command tx timeout [ 1012.195050][ T6772] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.374280][ T6772] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1015.186539][T16038] fuse: Unknown parameter '0x0000000000000006' [ 1016.031265][ T6772] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1018.106026][T16062] veth0_vlan: entered allmulticast mode [ 1019.232751][T16064] lo speed is unknown, defaulting to 1000 [ 1020.121073][ T6772] bridge_slave_1: left allmulticast mode [ 1020.142880][ T6772] bridge_slave_1: left promiscuous mode [ 1020.209758][ T6772] bridge0: port 2(bridge_slave_1) entered disabled state [ 1020.233258][ T6772] bridge_slave_0: left allmulticast mode [ 1020.722407][ T6772] bridge_slave_0: left promiscuous mode [ 1020.728244][ T6772] bridge0: port 1(bridge_slave_0) entered disabled state [ 1020.940129][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1020.940148][ T30] audit: type=1400 audit(1749803682.739:445): avc: denied { watch watch_reads } for pid=16080 comm="syz.6.2774" path="/28" dev="tmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 1023.712914][T16113] serio: Serial port ttyS3 [ 1023.861556][ T6772] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1023.899110][ T6772] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1023.914114][ T6772] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 1023.944167][ T6772] bond0 (unregistering): Released all slaves [ 1023.963984][T16064] wlan1 speed is unknown, defaulting to 1000 [ 1023.970707][ T10] wlan1 speed is unknown, defaulting to 1000 [ 1023.979871][ T30] audit: type=1400 audit(1749803685.869:446): avc: denied { search } for pid=5485 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1024.013616][T16111] wlan1 speed is unknown, defaulting to 1000 [ 1024.043700][ T30] audit: type=1400 audit(1749803685.869:447): avc: denied { search } for pid=5485 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1024.065723][ T30] audit: type=1400 audit(1749803685.869:448): avc: denied { search } for pid=5485 comm="dhcpcd" name="data" dev="tmpfs" ino=14 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1024.087935][ T30] audit: type=1400 audit(1749803685.869:449): avc: denied { read } for pid=5485 comm="dhcpcd" name="n101" dev="tmpfs" ino=7557 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1024.192163][T13447] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 1024.223628][ T30] audit: type=1400 audit(1749803685.869:450): avc: denied { open } for pid=5485 comm="dhcpcd" path="/run/udev/data/n101" dev="tmpfs" ino=7557 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1024.246565][ C1] vkms_vblank_simulate: vblank timer overrun [ 1024.274399][ T30] audit: type=1400 audit(1749803685.869:451): avc: denied { getattr } for pid=5485 comm="dhcpcd" path="/run/udev/data/n101" dev="tmpfs" ino=7557 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1024.431064][T13447] usb 7-1: config 0 has an invalid interface number: 163 but max is 0 [ 1024.436660][T16118] warning: `syz.2.2782' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1024.449685][T13447] usb 7-1: config 0 has no interface number 0 [ 1024.470237][T13447] usb 7-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=53.86 [ 1024.479304][T13447] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1024.510797][T13447] usb 7-1: Product: syz [ 1024.514987][T13447] usb 7-1: Manufacturer: syz [ 1024.519581][T13447] usb 7-1: SerialNumber: syz [ 1024.535768][ T31] INFO: task syz.4.2383:14560 blocked for more than 144 seconds. [ 1024.571099][ T31] Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1024.578763][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1024.588384][T13447] usb 7-1: config 0 descriptor?? [ 1024.604681][ T31] task:syz.4.2383 state:D stack:28680 pid:14560 tgid:14558 ppid:5818 task_flags:0x400140 flags:0x00004006 [ 1024.616950][ T31] Call Trace: [ 1024.620459][ T31] [ 1024.623392][ T31] __schedule+0x116a/0x5de0 [ 1024.628502][ T31] ? __pfx___schedule+0x10/0x10 [ 1024.633839][ T31] ? find_held_lock+0x2b/0x80 [ 1024.638595][ T31] ? schedule+0x2d7/0x3a0 [ 1024.645808][ T31] schedule+0xe7/0x3a0 [ 1024.659964][ T31] schedule_preempt_disabled+0x13/0x30 [ 1024.679657][ T31] __mutex_lock+0x6c7/0xb90 [ 1024.684206][ T31] ? bdev_release+0x15a/0x6d0 [ 1024.719730][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1024.724837][ T31] ? find_held_lock+0x2b/0x80 [ 1024.729544][ T31] ? do_raw_spin_unlock+0x172/0x230 [ 1024.732964][ T30] audit: type=1400 audit(1749803686.609:452): avc: denied { read open } for pid=16126 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1838 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1024.735249][ T31] ? bdev_release+0x15a/0x6d0 [ 1024.760155][ C1] vkms_vblank_simulate: vblank timer overrun [ 1024.771378][ T31] bdev_release+0x15a/0x6d0 [ 1024.775933][ T31] ? __pfx_blkdev_release+0x10/0x10 [ 1024.781471][ T31] blkdev_release+0x15/0x20 [ 1024.786169][ T31] __fput+0x402/0xb70 [ 1024.799652][ T31] task_work_run+0x14d/0x240 [ 1024.804932][ T31] ? __pfx_task_work_run+0x10/0x10 [ 1024.810168][ T31] get_signal+0x1d1/0x26d0 [ 1024.819665][ T31] ? kick_process+0xf6/0x1b0 [ 1024.854029][ T31] ? __pfx_get_signal+0x10/0x10 [ 1024.858943][ T31] ? task_work_add+0x1d5/0x360 [ 1024.859923][ T30] audit: type=1400 audit(1749803686.659:453): avc: denied { getattr } for pid=16126 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1838 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1024.882218][ T31] ? __pfx_task_work_add+0x10/0x10 [ 1024.904971][ T31] arch_do_signal_or_restart+0x8f/0x7d0 [ 1024.910952][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1024.917134][ T31] ? __fput_deferred+0x213/0x480 [ 1024.925783][ T31] ? selinux_file_ioctl+0xb4/0x270 [ 1024.931268][ T31] exit_to_user_mode_loop+0x84/0x110 [ 1024.936591][ T31] do_syscall_64+0x3f6/0x4c0 [ 1024.941542][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1024.947473][ T31] RIP: 0033:0x7f5e06d8e929 [ 1024.954629][ T31] RSP: 002b:00007f5e07bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1024.963223][ T31] RAX: 0000000000000000 RBX: 00007f5e06fb5fa0 RCX: 00007f5e06d8e929 [ 1024.971228][ T31] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 1024.979316][ T31] RBP: 00007f5e06e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1024.989523][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1025.009717][ T31] R13: 0000000000000000 R14: 00007f5e06fb5fa0 R15: 00007fff72455ba8 [ 1025.017745][ T31] [ 1025.064823][ T31] [ 1025.064823][ T31] Showing all locks held in the system: [ 1025.102431][ T31] 1 lock held by pool_workqueue_/3: [ 1025.108335][ T31] #0: ffffffff8e5cfe38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 1025.169700][ T31] 3 locks held by kworker/0:1/10: [ 1025.170468][T14171] smc: removing ib device syz2 [ 1025.174745][ T31] 1 lock held by khungtaskd/31: [ 1025.199682][ T31] #0: ffffffff8e5c4840 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 1025.229710][ T31] 2 locks held by getty/5577: [ 1025.234428][ T31] #0: ffff8880329530a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1025.259694][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 1025.273874][ T31] 1 lock held by syz-executor/5827: [ 1025.279117][ T31] 6 locks held by kworker/u8:10/6772: [ 1025.299636][ T31] #0: ffff88801c6f3948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 1025.339749][ T31] #1: ffffc9000c2a7d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 1025.352157][ T30] audit: type=1400 audit(1749803687.249:454): avc: denied { add_name } for pid=16124 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1025.379646][ T31] #2: ffffffff90336c90 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 [ 1025.389038][ T31] #3: ffffffff9034cce8 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x4d/0x3a0 [ 1025.459661][ T31] #4: ffff8880549f0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf0/0x720 [ 1025.488316][ T31] #5: ffffffff8e5cfe38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 1025.499950][ T31] 2 locks held by kworker/u8:15/7096: [ 1025.505350][ T31] #0: ffff8880b843bc98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 1025.516412][ T31] #1: ffff8880b8424088 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x2c1/0x8e0 [ 1025.531755][ T31] 5 locks held by kworker/1:2/13447: [ 1025.537051][ T31] #0: ffff8880216e5548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 1025.548007][ T31] #1: ffffc90005657d10 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 1025.559287][ T31] #2: ffff888143ff0198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fa0 [ 1025.568273][ T31] #3: ffff88802af87198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0 [ 1025.577571][ T31] #4: ffff88802a13c160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0 [ 1025.586941][ T31] 4 locks held by udevd/13878: [ 1025.591876][ T31] #0: ffff888065334790 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0 [ 1025.600831][ T31] #1: ffff88806e643488 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x4d/0x240 [ 1025.610285][ T31] #2: ffff888035844698 (kn->active#18){++++}-{0:0}, at: kernfs_seq_start+0x71/0x240 [ 1025.620976][ T31] #3: ffff88802af87198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0 [ 1025.630527][ T31] 1 lock held by udevd/14115: [ 1025.635286][ T31] #0: ffff8880268b7358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40 [ 1025.644948][ T31] 3 locks held by kworker/u8:16/14171: [ 1025.651399][ T31] #0: ffff8881446e5948 ((wq_completion)ib-unreg-wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 1025.662341][ T31] #1: ffffc9001b13fd10 ((work_completion)(&device->unregistration_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 1025.675025][ T31] #2: ffff888052bd06d0 (&device->unregistration_lock){+.+.}-{4:4}, at: __ib_unregister_device+0x23b/0x480 [ 1025.686461][ T31] 1 lock held by syz.4.2383/14560: [ 1025.691691][ T31] #0: ffff8880268b7358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x15a/0x6d0 [ 1025.701363][ T31] 7 locks held by syz-executor/15924: [ 1025.706732][ T31] #0: ffff8880378fa428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1025.715842][ T31] #1: ffff88805678dc88 ( [ 1025.715965][T13447] ath6kl: Failed to submit usb control message: -110 [ 1025.715986][ T31] &of->mutex [ 1025.720339][T13447] ath6kl: unable to send the bmi data to the device: -110 [ 1025.720356][T13447] ath6kl: Unable to send get target info: -110 [ 1025.720969][T13447] ath6kl: Failed to init ath6kl core: -110 [ 1025.732462][ T31] ){+.+.}-{4:4} [ 1025.738779][T13447] ath6kl_usb 7-1:0.163: probe with driver ath6kl_usb failed with error -110 [ 1025.753126][ T31] , at: kernfs_fop_write_iter+0x28f/0x510 [ 1025.773986][ T31] #2: ffff88814377cb48 (kn->active#53){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 1025.784402][ T31] #3: ffffffff8f8e9b08 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0x185/0x730 [ 1025.796188][ T31] #4: ffff8880785810e8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0 [ 1025.805685][ T31] #5: ffff888078582250 (&devlink->lock_key#8){+.+.}-{4:4}, at: nsim_drv_probe+0xd4/0x1490 [ 1025.815797][ T31] #6: ffffffff9034cce8 (rtnl_mutex){+.+.}-{4:4}, at: nsim_create+0x93e/0x10a0 [ 1025.826387][ T31] 2 locks held by syz.3.2768/16064: [ 1025.831639][ T31] #0: ffffffff90336c90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 1025.841294][ T31] #1: ffffffff9034cce8 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_pernet_exit+0x17/0x150 [ 1025.850994][ T31] 4 locks held by kworker/0:4/16111: [ 1025.856265][ T31] #0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 1025.866785][ T31] #1: ffffc9001b4ffd10 ((work_completion)(&smcibdev->port_event_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 1025.879742][ T31] #2: ffff888052bd1258 (&rxe->usdev_lock){+.+.}-{4:4}, at: rxe_query_port+0xf1/0x330 [ 1025.889347][ T31] #3: ffffffff9034cce8 (rtnl_mutex){+.+.}-{4:4}, at: ib_get_eth_speed+0x117/0xb50 [ 1025.903019][ T31] 4 locks held by syz.6.2781/16116: [ 1025.908252][ T31] #0: ffff88807d23cd80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 1025.917852][ T31] #1: ffff88807d23c078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 1025.928172][ T31] #2: ffffffff905be3c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 [ 1025.938355][ T31] #3: ffff8880662c3338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730 [ 1025.947858][ T31] 1 lock held by syz.1.2784/16127: [ 1025.953006][ T31] #0: ffffffff9034cce8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 [ 1025.965916][ T31] [ 1025.968271][ T31] ============================================= [ 1025.968271][ T31] [ 1025.978004][ T31] NMI backtrace for cpu 0 [ 1025.978017][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 1025.978038][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1025.978048][ T31] Call Trace: [ 1025.978053][ T31] [ 1025.978060][ T31] dump_stack_lvl+0x116/0x1f0 [ 1025.978092][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 1025.978111][ T31] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 1025.978136][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1025.978160][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1025.978183][ T31] watchdog+0xf70/0x12c0 [ 1025.978206][ T31] ? __pfx_watchdog+0x10/0x10 [ 1025.978223][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 1025.978250][ T31] ? __kthread_parkme+0x19e/0x250 [ 1025.978276][ T31] ? __pfx_watchdog+0x10/0x10 [ 1025.978294][ T31] kthread+0x3c5/0x780 [ 1025.978309][ T31] ? __pfx_kthread+0x10/0x10 [ 1025.978326][ T31] ? rcu_is_watching+0x12/0xc0 [ 1025.978346][ T31] ? __pfx_kthread+0x10/0x10 [ 1025.978363][ T31] ret_from_fork+0x5d4/0x6f0 [ 1025.978386][ T31] ? __pfx_kthread+0x10/0x10 [ 1025.978401][ T31] ret_from_fork_asm+0x1a/0x30 [ 1025.978430][ T31] [ 1025.978436][ T31] Sending NMI from CPU 0 to CPUs 1: [ 1026.104767][ C1] NMI backtrace for cpu 1 [ 1026.104781][ C1] CPU: 1 UID: 0 PID: 7096 Comm: kworker/u8:15 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 1026.104799][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1026.104808][ C1] Workqueue: 0x0 (bat_events) [ 1026.104827][ C1] RIP: 0010:__lock_acquire+0x764/0x1c90 [ 1026.104849][ C1] Code: 85 c9 0f 85 54 fc ff ff e9 92 fc ff ff 8b 05 83 f0 43 19 85 c0 0f 84 c7 02 00 00 31 c0 e9 dd fa ff ff c7 44 24 2c 00 00 00 00 ca fd ff ff e8 22 57 40 03 85 c0 0f 84 c1 fc ff ff 44 8b 1d 53 [ 1026.104861][ C1] RSP: 0018:ffffc90003e9f858 EFLAGS: 00000002 [ 1026.104871][ C1] RAX: 0000000000000071 RBX: 0000000000000001 RCX: 2c1f16d45a674522 [ 1026.104880][ C1] RDX: 0000000000000000 RSI: ffff88805104d398 RDI: ffff88805104c880 [ 1026.104889][ C1] RBP: ffff88805104c880 R08: 0000000000000001 R09: 0000000000000001 [ 1026.104897][ C1] R10: 0000000000000028 R11: 0000000000000001 R12: ffff88805104d370 [ 1026.104906][ C1] R13: ffff88805104d398 R14: 0000000000000001 R15: 0000000000000002 [ 1026.104915][ C1] FS: 0000000000000000(0000) GS:ffff888124854000(0000) knlGS:0000000000000000 [ 1026.104929][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1026.104937][ C1] CR2: 000055e8ea9e4da8 CR3: 000000000e382000 CR4: 00000000003526f0 [ 1026.104946][ C1] DR0: 0000040000000000 DR1: 000000000000064f DR2: 0000000000000006 [ 1026.104954][ C1] DR3: 0000000000000006 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1026.104963][ C1] Call Trace: [ 1026.104967][ C1] [ 1026.104972][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1026.104991][ C1] ? debug_object_activate+0x2ec/0x4c0 [ 1026.105007][ C1] lock_acquire+0x179/0x350 [ 1026.105025][ C1] ? hrtimer_try_to_cancel+0xa9/0x2f0 [ 1026.105041][ C1] ? rcu_is_watching+0x12/0xc0 [ 1026.105057][ C1] ? hrtimer_active+0x1c5/0x240 [ 1026.105070][ C1] _raw_spin_lock_irqsave+0x3a/0x60 [ 1026.105086][ C1] ? hrtimer_try_to_cancel+0xa9/0x2f0 [ 1026.105100][ C1] hrtimer_try_to_cancel+0xa9/0x2f0 [ 1026.105115][ C1] update_curr_dl_se+0x3df/0x730 [ 1026.105129][ C1] update_curr+0x5af/0x800 [ 1026.105142][ C1] ? __lock_acquire+0xb8a/0x1c90 [ 1026.105161][ C1] dequeue_entity+0x23/0x1450 [ 1026.105174][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 1026.105191][ C1] ? sched_clock+0x38/0x60 [ 1026.105208][ C1] dequeue_entities+0x275/0x1680 [ 1026.105225][ C1] dequeue_task_fair+0x187/0x3b0 [ 1026.105240][ C1] __schedule+0x547/0x5de0 [ 1026.105257][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1026.105272][ C1] ? __lock_acquire+0x622/0x1c90 [ 1026.105292][ C1] ? __pfx___schedule+0x10/0x10 [ 1026.105309][ C1] ? find_held_lock+0x2b/0x80 [ 1026.105324][ C1] ? schedule+0x2d7/0x3a0 [ 1026.105341][ C1] schedule+0xe7/0x3a0 [ 1026.105356][ C1] ? worker_thread+0x28b/0xf10 [ 1026.105369][ C1] worker_thread+0x2e5/0xf10 [ 1026.105384][ C1] ? __kthread_parkme+0x19e/0x250 [ 1026.105402][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1026.105414][ C1] kthread+0x3c5/0x780 [ 1026.105426][ C1] ? __pfx_kthread+0x10/0x10 [ 1026.105438][ C1] ? rcu_is_watching+0x12/0xc0 [ 1026.105452][ C1] ? __pfx_kthread+0x10/0x10 [ 1026.105464][ C1] ret_from_fork+0x5d4/0x6f0 [ 1026.105480][ C1] ? __pfx_kthread+0x10/0x10 [ 1026.105491][ C1] ret_from_fork_asm+0x1a/0x30 [ 1026.105509][ C1] [ 1026.428214][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1026.435057][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 1026.446858][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1026.456899][ T31] Call Trace: [ 1026.460162][ T31] [ 1026.463074][ T31] dump_stack_lvl+0x3d/0x1f0 [ 1026.467659][ T31] panic+0x71c/0x800 [ 1026.471548][ T31] ? __pfx_panic+0x10/0x10 [ 1026.475951][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 1026.481314][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1026.487283][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 1026.492642][ T31] ? watchdog+0xdda/0x12c0 [ 1026.497044][ T31] ? watchdog+0xdcd/0x12c0 [ 1026.501446][ T31] watchdog+0xdeb/0x12c0 [ 1026.505676][ T31] ? __pfx_watchdog+0x10/0x10 [ 1026.510337][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 1026.515526][ T31] ? __kthread_parkme+0x19e/0x250 [ 1026.520539][ T31] ? __pfx_watchdog+0x10/0x10 [ 1026.525199][ T31] kthread+0x3c5/0x780 [ 1026.529251][ T31] ? __pfx_kthread+0x10/0x10 [ 1026.533847][ T31] ? rcu_is_watching+0x12/0xc0 [ 1026.538606][ T31] ? __pfx_kthread+0x10/0x10 [ 1026.543189][ T31] ret_from_fork+0x5d4/0x6f0 [ 1026.547778][ T31] ? __pfx_kthread+0x10/0x10 [ 1026.552364][ T31] ret_from_fork_asm+0x1a/0x30 [ 1026.557126][ T31] [ 1026.560320][ T31] Kernel Offset: disabled [ 1026.564623][ T31] Rebooting in 86400 seconds..