last executing test programs: 26m0.267196523s ago: executing program 32 (id=990): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000700)={0x40, 0x0, 0xf, "012720dcfe14c639a500ba17162716"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000380)={0x44, &(0x7f0000000180)={0x0, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x5b14, 0x0) 23m44.566167498s ago: executing program 33 (id=2426): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB="0201000000000010ac05418200000000000109022400010000000009040000110300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000580), 0x4, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000080)={0x73, 0x18, 0x4, 0x0, "d80004000000000000957f00003d4a100a000000000020020661e6e66b8b37ff"}) 21m22.268524822s ago: executing program 34 (id=3855): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newlink={0x50, 0x10, 0x437, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r3, 0x5f501}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TOS={0x5, 0x4, 0x1}, @IFLA_GENEVE_REMOTE6={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x40004) sendmmsg$inet(r0, &(0x7f0000000b80)=[{{&(0x7f0000000000)={0x2, 0x4e1c, @local}, 0x10, 0x0}}, {{&(0x7f0000000100)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @dev={0xac, 0x14, 0x14, 0x13}, @rand_addr=0x64010100}}}], 0x20}}], 0x2, 0x4000) 21m15.69544604s ago: executing program 6 (id=3906): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffff9, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newtfilter={0x74, 0x2c, 0xf3f, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x44, 0x2, [@TCA_BASIC_EMATCHES={0x40, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0x34, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x1}, {0x5, 0x40}}}]}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0xa, 0x1, 0x2}, {0x4, 0x0, 0x1f28, 0x2, 0x9}}}]}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20041090}, 0x4044000) 21m15.421925472s ago: executing program 6 (id=3910): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) shutdown(r1, 0x0) recvmmsg(r1, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 21m15.232666609s ago: executing program 6 (id=3911): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8101, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) unshare(0x2a020480) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd(0x5) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x4, 0x0, r0}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r2, 0x7, 0x3}) 21m15.024569089s ago: executing program 6 (id=3913): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000a00)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00') 21m14.925384815s ago: executing program 6 (id=3914): r0 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4}, &(0x7f0000000300)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x49, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1}) r3 = syz_io_uring_setup(0x23b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r3, 0x2def, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x6e2, 0x3900, 0x3, 0x0, 0x0) 21m14.623486459s ago: executing program 6 (id=3917): writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000000)="8724866f", 0x4}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1c, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1a04"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000180)) 21m14.305077732s ago: executing program 35 (id=3917): writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000000)="8724866f", 0x4}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1c, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1a04"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000180)) 20m45.41998674s ago: executing program 5 (id=4155): sendto(0xffffffffffffffff, 0x0, 0x0, 0x4000, 0x0, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, r0, 0x2}) r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x7aba, 0x100, 0x22, 0x352}, &(0x7f0000000080)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) 20m45.247850503s ago: executing program 5 (id=4157): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x220) 20m45.031524047s ago: executing program 5 (id=4160): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) setitimer(0x2, 0x0, &(0x7f00000000c0)) 20m44.876951998s ago: executing program 5 (id=4163): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) unshare(0x26020480) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='.\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) 20m43.832393365s ago: executing program 5 (id=4178): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2, 0x0, 0xa}, 0x10) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0) write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x0, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x1, 0x2b, 0x16, 0x68, 0x0, 0x60, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, "11f3"}}, 0x24) 20m42.689817524s ago: executing program 5 (id=4192): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x1, 0x0, &(0x7f0000001600)=""/62, 0x0, 0xdddd0000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000040)=0x200000000) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) 20m42.21590823s ago: executing program 36 (id=4192): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x1, 0x0, &(0x7f0000001600)=""/62, 0x0, 0xdddd0000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000040)=0x200000000) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) 17m11.583769106s ago: executing program 8 (id=6903): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x81]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$nl_audit(0x10, 0x3, 0x9) getsockopt$netlink(r2, 0x10e, 0xc, 0x0, &(0x7f0000000180)) 17m11.427509683s ago: executing program 8 (id=6905): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$tipc(0x1e, 0x5, 0x0) getpeername$tipc(r2, 0x0, 0x0) 17m11.326358048s ago: executing program 8 (id=6909): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x8a, &(0x7f0000000040)={0x42, 0x200000, 0x3}, 0x10) 17m11.188770369s ago: executing program 8 (id=6912): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) unshare(0x26020480) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x80000, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0xa) 17m10.20996207s ago: executing program 8 (id=6938): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40015) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x7ffffffe, {0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x6, @private0}}}, 0x3a) 17m10.051489896s ago: executing program 8 (id=6942): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prctl$PR_MCE_KILL(0x29, 0x0, 0x2) 17m9.756320163s ago: executing program 37 (id=6942): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prctl$PR_MCE_KILL(0x29, 0x0, 0x2) 16m56.188460539s ago: executing program 4 (id=7099): rt_sigaction(0xd, &(0x7f0000000040)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x800]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000340)={0x400000100002f, {0x0, 0x0, 0x7ff}}) 16m55.997224457s ago: executing program 4 (id=7101): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x4]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x41, &(0x7f0000000040)={'raw\x00', 0x4, [{}, {}, {}, {}]}, 0x68) 16m55.859389286s ago: executing program 4 (id=7102): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000000c0)={'bond_slave_0\x00', &(0x7f0000000240)=@ethtool_gstrings={0x1b, 0x7}}) 16m55.643383626s ago: executing program 4 (id=7104): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) unshare(0x2c020400) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226) umount2(&(0x7f0000000080)='./file0\x00', 0xb) 16m54.661923667s ago: executing program 4 (id=7112): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000480)=[{0x0}, {0x0}, {&(0x7f00000003c0)="77cccb0deedbb94f1afd3ccb469a6721cc637e9cbc7f0685c4ab02897a615638b1ba209474e485e5c676dab2f779fc45e14a15eb8cab8dce71eaea08ea87db5609774523b75431043e4a32f82c5b61bea2b9b0eff207d81c7b175cfcb3e448d7fcac8844402e9401582eeb4a08d247096e183b9b7de727a818150a153b9397c4cc61a6bd461f30fb84b679bca11d47c56904a9d359442a5c3693048b8aa179cf93", 0xa1}, {0x0}, {&(0x7f0000000680)}], 0x5, 0x4, 0x5) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x7, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff, 0x0, '\x00', 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16m54.295076907s ago: executing program 4 (id=7117): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/disk', 0x141a82, 0x33) write$cgroup_freezer_state(r2, &(0x7f00000001c0)='THAWED\x00', 0x7) 16m53.875613481s ago: executing program 38 (id=7117): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/disk', 0x141a82, 0x33) write$cgroup_freezer_state(r2, &(0x7f00000001c0)='THAWED\x00', 0x7) 13m41.242311216s ago: executing program 1 (id=10158): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x4]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETTXFILTER(r2, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB="2e2e000c371303ed6a33fe86890df20e87"]) 13m41.100192749s ago: executing program 1 (id=10159): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x45) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @local}]}}]}, 0x50}}, 0x24000000) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 13m40.793860321s ago: executing program 1 (id=10162): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x20000000000001]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x0) ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0) 13m40.627452344s ago: executing program 1 (id=10164): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 13m40.533575915s ago: executing program 1 (id=10166): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) 13m38.887211951s ago: executing program 1 (id=10192): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0x20c8a1, 0x1c881, 0x8, 0xd1}) r1 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000140)={'syztnl2\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x5c8c, 0x0, @empty, @mcast1, 0x80, 0x0, 0x0, 0x20000000}}) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x2d, 0x0, 0x1f, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x38, &(0x7f0000000240)={0x20, 0x523}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 13m38.466723206s ago: executing program 39 (id=10192): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0x20c8a1, 0x1c881, 0x8, 0xd1}) r1 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000140)={'syztnl2\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x5c8c, 0x0, @empty, @mcast1, 0x80, 0x0, 0x0, 0x20000000}}) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x2d, 0x0, 0x1f, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x38, &(0x7f0000000240)={0x20, 0x523}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 3.083124822s ago: executing program 0 (id=24534): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r3, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) 2.994061825s ago: executing program 0 (id=24535): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) rmdir(0x0) 2.846810353s ago: executing program 0 (id=24540): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f00000005c0), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f"], 0x48}}, 0x0) 2.765818077s ago: executing program 0 (id=24542): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 2.659404418s ago: executing program 0 (id=24543): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0x4020400) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) unshare(0x4020400) ioctl$TIOCGPTPEER(r3, 0x5441, 0x80) 2.574626248s ago: executing program 0 (id=24547): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r4 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000751c0110e60f00989ad1010203010902240001000000000904290202b48cbb0009050402100000fa000905820240"], 0x0) syz_usb_control_io$printer(r4, 0x0, 0x0) 2.42945812s ago: executing program 2 (id=24550): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) 2.25268068s ago: executing program 2 (id=24555): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) 2.049364709s ago: executing program 2 (id=24560): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) openat$cgroup(r1, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) 1.970420964s ago: executing program 2 (id=24561): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x4}, @NFTA_MATCH_NAME={0x9, 0x1, 'l2tp\x00'}, @NFTA_MATCH_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 1.897218784s ago: executing program 9 (id=24564): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001"], 0xb8}, 0x1, 0x0, 0x0, 0x4048000}, 0x14) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="760100001b"], 0x188}, 0x1, 0x0, 0x0, 0x40004}, 0x0) 1.785664004s ago: executing program 9 (id=24566): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r4 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x1e, r3, 0xfffffffffffffffd, r4, 0x0) 1.687313917s ago: executing program 2 (id=24568): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) setsockopt$MRT6_ASSERT(r0, 0x29, 0xcf, 0x0, 0x0) 1.636193399s ago: executing program 2 (id=24569): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) ioctl$TCXONC(r1, 0x540a, 0x2) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x6) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$int_in(r2, 0x5452, &(0x7f0000001080)=0x3) write(r2, &(0x7f0000000200)='#', 0x1) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000140)={0x6, 0x3, 0x6, 0x7fff, 0x1a, "ee1dd756f560f25a63b2f119c3439425ea59d8"}) 1.5779596s ago: executing program 9 (id=24572): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) 1.483008824s ago: executing program 9 (id=24573): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ftruncate(r0, 0x6) 1.278340281s ago: executing program 9 (id=24577): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket(0x1d, 0x2, 0x6) setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r3, 0x6a, 0x3, 0x20000000, 0x4) 1.107492804s ago: executing program 9 (id=24579): syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) shmget$private(0x0, 0x4000, 0x200, &(0x7f0000ffc000/0x4000)=nil) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) syz_clone(0x12c180, 0x0, 0x0, 0x0, 0x0, 0x0) add_key(&(0x7f0000000180)='rxrpc\x00', 0x0, &(0x7f0000000200)="d397e21e0152b281fc2623c841205afa5d22545fe0e72e905341619a", 0x1c, 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5}, 0x0) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) syz_clone(0x42080000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.102040152s ago: executing program 3 (id=24580): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket(0x1d, 0x803, 0x2) 1.020504491s ago: executing program 7 (id=24581): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000100)=0x100010, 0x4) 910.30671ms ago: executing program 3 (id=24582): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) keyctl$search(0xa, 0x0, 0x0, 0x0, 0xfffffffffffffffa) 899.409348ms ago: executing program 7 (id=24583): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00') 787.293402ms ago: executing program 7 (id=24584): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TCSETS(r3, 0x800455c9, 0x0) 721.179556ms ago: executing program 7 (id=24585): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6f, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000240)=@req3={0x1000, 0x1, 0x1000, 0x1, 0x7ff, 0xf84, 0x3}, 0x1c) syz_emit_ethernet(0x66, &(0x7f00000004c0)=ANY=[], 0x0) 666.270932ms ago: executing program 3 (id=24586): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 484.20491ms ago: executing program 7 (id=24587): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = fsopen(&(0x7f0000000080)='devpts\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fsmount(r3, 0x0, 0xb) fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0) 483.0659ms ago: executing program 3 (id=24588): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0xb, 0x84) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"}) r4 = syz_open_pts(r3, 0x900) dup3(r4, r3, 0x80000) 215.480099ms ago: executing program 7 (id=24589): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) io_setup(0x8, &(0x7f00000002c0)) 197.588367ms ago: executing program 3 (id=24590): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) 0s ago: executing program 3 (id=24591): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) name_to_handle_at(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): g to 7 [ 1437.266927][T25829] usb 10-1: config 0 interface 0 has no altsetting 0 [ 1437.273666][T25829] usb 10-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1437.319138][T25829] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1437.349206][T25829] usb 10-1: config 0 descriptor?? [ 1437.595656][T25829] usbhid 10-1:0.0: can't add hid device: -71 [ 1437.607785][T25829] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 1437.635594][T25829] usb 10-1: USB disconnect, device number 39 [ 1438.028158][T18949] pim6reg: entered allmulticast mode [ 1440.113464][T19048] netlink: 52 bytes leftover after parsing attributes in process `syz.9.19295'. [ 1440.136537][T19048] netlink: 52 bytes leftover after parsing attributes in process `syz.9.19295'. [ 1440.202265][T19056] dns_resolver: Unsupported content type (6) [ 1440.281437][T19060] tipc: New replicast peer: 0.0.0.0 [ 1440.295994][T19060] tipc: Enabled bearer , priority 10 [ 1440.302242][T19059] netlink: 156 bytes leftover after parsing attributes in process `syz.3.19300'. [ 1440.467490][T19067] netlink: 20 bytes leftover after parsing attributes in process `syz.0.19304'. [ 1440.667410][T19081] binder: 19079:19081 ioctl c0306201 2000000001c0 returned -14 [ 1442.624042][T19184] netlink: 'syz.3.19361': attribute type 4 has an invalid length. [ 1442.637816][T19184] netlink: 'syz.3.19361': attribute type 5 has an invalid length. [ 1442.645888][T19184] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.19361'. [ 1444.134934][T19243] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 1444.672657][T19260] syzkaller0: entered promiscuous mode [ 1444.701053][T19260] syzkaller0: entered allmulticast mode [ 1445.038747][T19278] netlink: 84 bytes leftover after parsing attributes in process `syz.3.19403'. [ 1445.063673][T19278] netlink: 64 bytes leftover after parsing attributes in process `syz.3.19403'. [ 1445.386282][T19292] netlink: 12 bytes leftover after parsing attributes in process `syz.3.19410'. [ 1445.396312][T19292] netlink: 16 bytes leftover after parsing attributes in process `syz.3.19410'. [ 1445.566723][T19300] netlink: 57 bytes leftover after parsing attributes in process `syz.2.19413'. [ 1446.228254][T19331] netlink: 128 bytes leftover after parsing attributes in process `syz.3.19429'. [ 1446.249120][T19331] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1446.503887][T19345] input: syz0 as /devices/virtual/input/input152 [ 1447.123867][ T30] audit: type=1326 audit(1763556789.681:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19367 comm="syz.3.19447" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x0 [ 1447.795941][T19385] netlink: 60 bytes leftover after parsing attributes in process `syz.2.19452'. [ 1448.086008][T19388] netlink: 8 bytes leftover after parsing attributes in process `syz.7.19455'. [ 1448.145161][T19388] netlink: 8 bytes leftover after parsing attributes in process `syz.7.19455'. [ 1448.391635][T19398] @: renamed from vlan0 (while UP) [ 1448.893700][T19417] netlink: 'syz.9.19469': attribute type 16 has an invalid length. [ 1448.924863][T19417] netlink: 64122 bytes leftover after parsing attributes in process `syz.9.19469'. [ 1451.193468][ T30] audit: type=1326 audit(1763556793.801:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19519 comm="syz.7.19516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1451.252407][ T30] audit: type=1326 audit(1763556793.801:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19519 comm="syz.7.19516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1451.278578][ T30] audit: type=1326 audit(1763556793.801:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19519 comm="syz.7.19516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1451.322535][ T30] audit: type=1326 audit(1763556793.801:1211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19519 comm="syz.7.19516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1451.351580][ T30] audit: type=1326 audit(1763556793.801:1212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19519 comm="syz.7.19516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1451.374313][ T30] audit: type=1326 audit(1763556793.801:1213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19519 comm="syz.7.19516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1451.397625][ T30] audit: type=1326 audit(1763556793.801:1214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19519 comm="syz.7.19516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1451.424061][ T30] audit: type=1326 audit(1763556793.801:1215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19519 comm="syz.7.19516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1451.546234][ T30] audit: type=1326 audit(1763556793.801:1216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19519 comm="syz.7.19516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1452.495999][ T5950] usb 10-1: new high-speed USB device number 40 using dummy_hcd [ 1452.707012][ T5950] usb 10-1: config 15 has an invalid descriptor of length 224, skipping remainder of the config [ 1452.724210][ T5950] usb 10-1: config 15 has 0 interfaces, different from the descriptor's value: 1 [ 1452.752322][ T5950] usb 10-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00 [ 1452.765291][ T5950] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1452.845246][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 1452.845268][ T30] audit: type=1326 audit(1763556795.441:1256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.0.19548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1452.911545][ T30] audit: type=1326 audit(1763556795.451:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.0.19548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1452.945015][ T30] audit: type=1326 audit(1763556795.451:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.0.19548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1453.001332][ T30] audit: type=1326 audit(1763556795.451:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.0.19548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1453.072566][ T30] audit: type=1326 audit(1763556795.451:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.0.19548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1453.736716][ T5950] usb 10-1: string descriptor 0 read error: -71 [ 1453.772792][ T5950] usb 10-1: USB disconnect, device number 40 [ 1453.922686][T19617] pim6reg1: entered promiscuous mode [ 1453.935147][T19617] pim6reg1: entered allmulticast mode [ 1455.635349][ T30] audit: type=1326 audit(1763556798.241:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19655 comm="syz.7.19576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1455.756474][ T30] audit: type=1326 audit(1763556798.241:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19655 comm="syz.7.19576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1455.805892][ T30] audit: type=1326 audit(1763556798.241:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19655 comm="syz.7.19576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1455.875311][ T30] audit: type=1326 audit(1763556798.331:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19655 comm="syz.7.19576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1455.931701][T19665] fuse: Bad value for 'user_id' [ 1455.937088][T19665] fuse: Bad value for 'user_id' [ 1455.990358][ T30] audit: type=1326 audit(1763556798.331:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19655 comm="syz.7.19576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1456.550572][T19698] netlink: 'syz.9.19596': attribute type 25 has an invalid length. [ 1456.783559][T19708] netlink: 'syz.2.19601': attribute type 5 has an invalid length. [ 1457.053343][T19725] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19608'. [ 1459.739915][T19802] usb usb7: usbfs: process 19802 (syz.9.19643) did not claim interface 0 before use [ 1459.886835][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1459.886853][ T30] audit: type=1326 audit(1763556802.501:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19807 comm="syz.9.19648" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f879cd8f749 code=0x0 [ 1459.912913][T19811] netlink: 8 bytes leftover after parsing attributes in process `syz.3.19647'. [ 1460.194853][T19823] netlink: 252 bytes leftover after parsing attributes in process `syz.9.19653'. [ 1460.216285][T19828] netlink: 12 bytes leftover after parsing attributes in process `syz.2.19654'. [ 1460.590973][ T30] audit: type=1326 audit(1763556803.201:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19843 comm="syz.7.19663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7fc00000 [ 1461.162401][T19877] kvm: user requested TSC rate below hardware speed [ 1461.176049][T25829] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 1461.345630][T25829] usb 3-1: Using ep0 maxpacket: 32 [ 1461.368443][T25829] usb 3-1: config 0 has an invalid interface number: 89 but max is 0 [ 1461.387553][T25829] usb 3-1: config 0 has no interface number 0 [ 1461.394329][T25829] usb 3-1: config 0 interface 89 has no altsetting 0 [ 1461.404619][T25829] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 1461.422666][T25829] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1461.431375][T25829] usb 3-1: Product: syz [ 1461.460884][T25829] usb 3-1: Manufacturer: syz [ 1461.466424][T25829] usb 3-1: SerialNumber: syz [ 1461.476991][T25829] usb 3-1: config 0 descriptor?? [ 1461.492392][T25829] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 1461.516583][T25829] em28xx 3-1:0.89: Video interface 89 found: bulk [ 1461.603744][T19897] netlink: 5 bytes leftover after parsing attributes in process `syz.9.19688'. [ 1461.621459][T19897] 0ªî{X¹¦: renamed from z00ªX¹¦ [ 1461.630471][T19897] 0ªî{X¹¦: left promiscuous mode [ 1461.635939][T19897] 0ªî{X¹¦: entered allmulticast mode [ 1461.644064][T19897] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 1462.110124][T25829] em28xx 3-1:0.89: unknown em28xx chip ID (0) [ 1462.996710][T25829] em28xx 3-1:0.89: write to i2c device at 0xa0 failed with unknown error (status=1) [ 1463.021054][T25829] em28xx 3-1:0.89: failed to read eeprom (err=-5) [ 1463.076417][T25829] em28xx 3-1:0.89: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 1463.234857][T19969] netlink: 40 bytes leftover after parsing attributes in process `syz.9.19722'. [ 1463.269361][T25829] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67) [ 1463.278884][T25829] em28xx 3-1:0.89: analog set to bulk mode. [ 1463.288507][T25826] em28xx 3-1:0.89: Registering V4L2 extension [ 1463.337829][T25829] usb 3-1: USB disconnect, device number 48 [ 1463.352203][T25826] em28xx 3-1:0.89: reading from i2c device at 0x4a failed (error=-19) [ 1463.376870][T25829] em28xx 3-1:0.89: Disconnecting em28xx [ 1463.382525][T25826] em28xx 3-1:0.89: Config register raw data: 0xffffffed [ 1463.411942][T25826] em28xx 3-1:0.89: AC97 chip type couldn't be determined [ 1463.444970][T25826] em28xx 3-1:0.89: No AC97 audio processor [ 1463.475618][T25826] usb 3-1: Decoder not found [ 1463.480265][T25826] em28xx 3-1:0.89: failed to create media graph [ 1463.508206][T25826] em28xx 3-1:0.89: V4L2 device video103 deregistered [ 1463.514196][T19978] xt_limit: Overflow, try lower: 1207959552/384 [ 1463.528259][T25826] em28xx 3-1:0.89: Registering snapshot button... [ 1463.561525][T25826] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input154 [ 1463.588071][T25826] em28xx 3-1:0.89: Remote control support is not available for this card. [ 1463.609350][T25829] em28xx 3-1:0.89: Closing input extension [ 1463.640332][T25829] em28xx 3-1:0.89: Deregistering snapshot button [ 1463.775551][T25829] em28xx 3-1:0.89: Freeing device [ 1463.985069][T20000] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19735'. [ 1464.515858][T20028] 8021q: VLANs not supported on gre0 [ 1465.207384][T20063] netlink: 204 bytes leftover after parsing attributes in process `syz.9.19766'. [ 1465.758758][ T30] audit: type=1326 audit(1763556808.361:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20051 comm="syz.7.19760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7fc00000 [ 1466.732287][T20123] dummy0: entered allmulticast mode [ 1466.772562][T20121] dummy0: left allmulticast mode [ 1466.990871][T20129] netlink: 20 bytes leftover after parsing attributes in process `syz.9.19795'. [ 1467.034646][T20131] netlink: 40 bytes leftover after parsing attributes in process `syz.7.19797'. [ 1468.635745][T20192] binder: 20190:20192 ioctl c0306201 200000000940 returned -22 [ 1469.169909][T25829] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1469.326710][T25829] usb 3-1: Using ep0 maxpacket: 8 [ 1469.333436][T25829] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1469.365625][T25829] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1469.393123][T25829] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1469.428021][T25829] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1469.581691][T25829] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1469.835303][T25829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1470.093849][T25829] usb 3-1: GET_CAPABILITIES returned 0 [ 1470.103702][T25829] usbtmc 3-1:16.0: can't read capabilities [ 1470.409179][ C0] usbtmc 3-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 1470.418623][ C0] usbtmc 3-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 1470.428537][T20203] usbtmc 3-1:16.0: Unable to send data, error -71 [ 1470.449492][T25829] usb 3-1: USB disconnect, device number 49 [ 1471.950079][T10182] Bluetooth: hci4: ACL packet too small [ 1472.473488][T20303] netlink: 20 bytes leftover after parsing attributes in process `syz.3.19874'. [ 1473.044947][T20332] netlink: 104 bytes leftover after parsing attributes in process `syz.3.19887'. [ 1475.527581][T20383] netlink: 'syz.9.19908': attribute type 1 has an invalid length. [ 1476.278995][T20399] netlink: 12 bytes leftover after parsing attributes in process `syz.7.19914'. [ 1476.463277][T20402] netlink: 12 bytes leftover after parsing attributes in process `syz.0.19917'. [ 1476.489460][T20404] fuseblk: Bad value for 'fd' [ 1477.723390][T20452] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1477.967846][T20455] netlink: 4 bytes leftover after parsing attributes in process `syz.7.19942'. [ 1478.518275][T20455] bond0: (slave team0): Releasing backup interface [ 1478.560917][T20455] team0 (unregistering): Port device team_slave_0 removed [ 1478.577715][T20455] team0 (unregistering): Port device team_slave_1 removed [ 1479.822257][T20535] input: syz0 as /devices/virtual/input/input155 [ 1479.888187][T20533] xt_CT: No such helper "pptp" [ 1480.581311][T20578] @: renamed from vlan0 [ 1482.545062][T20636] netlink: 337 bytes leftover after parsing attributes in process `syz.2.20026'. [ 1482.716178][T20640] netlink: 628 bytes leftover after parsing attributes in process `syz.9.20027'. [ 1483.105340][ T5950] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 1483.200928][T20661] netlink: 'syz.9.20038': attribute type 28 has an invalid length. [ 1483.266742][ T5950] usb 4-1: Using ep0 maxpacket: 8 [ 1483.288439][ T5950] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1483.314082][ T5950] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1483.348564][ T5950] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1483.359943][ T5950] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1483.373995][ T5950] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1483.384107][ T5950] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1483.619102][ T5950] usb 4-1: GET_CAPABILITIES returned 0 [ 1483.625106][ T5950] usbtmc 4-1:16.0: can't read capabilities [ 1483.946946][T20684] netlink: 84 bytes leftover after parsing attributes in process `syz.7.20048'. [ 1484.467217][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.474050][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.838704][ T5950] usb 4-1: USB disconnect, device number 63 [ 1486.232061][T20749] binder: 20747:20749 ioctl c018620c 200000000240 returned -22 [ 1488.475362][T19596] usb 10-1: new high-speed USB device number 41 using dummy_hcd [ 1488.647286][T19596] usb 10-1: config 0 has too many interfaces: 204, using maximum allowed: 32 [ 1488.659617][T19596] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 204 [ 1488.686226][T19596] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1488.748048][T19596] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1488.769157][T19596] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1488.822185][T19596] usb 10-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 1488.839835][T19596] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1488.859752][T19596] usb 10-1: config 0 descriptor?? [ 1489.152981][ T30] audit: type=1326 audit(1763556831.761:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20846 comm="syz.3.20122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1489.211094][ T30] audit: type=1326 audit(1763556831.791:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20846 comm="syz.3.20122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1489.233692][ C0] vkms_vblank_simulate: vblank timer overrun [ 1489.265316][ T30] audit: type=1326 audit(1763556831.791:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20846 comm="syz.3.20122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1489.287853][ C0] vkms_vblank_simulate: vblank timer overrun [ 1489.314449][T19596] input: HID 28bd:0909 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:28BD:0909.005D/input/input156 [ 1489.366261][ T30] audit: type=1326 audit(1763556831.791:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20846 comm="syz.3.20122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1489.388798][ C0] vkms_vblank_simulate: vblank timer overrun [ 1489.471206][T19596] uclogic 0003:28BD:0909.005D: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0909] on usb-dummy_hcd.9-1/input0 [ 1489.651828][T19596] usb 10-1: USB disconnect, device number 41 [ 1489.668936][T20858] fido_id[20858]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/10-1/report_descriptor': No such file or directory [ 1492.723275][T20996] netlink: 12 bytes leftover after parsing attributes in process `syz.2.20196'. [ 1494.884001][ T30] audit: type=1326 audit(1763556837.491:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21063 comm="syz.2.20227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1494.958839][ T30] audit: type=1326 audit(1763556837.521:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21063 comm="syz.2.20227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1495.069476][ T30] audit: type=1326 audit(1763556837.521:1277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21063 comm="syz.2.20227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1495.104412][T21072] netlink: 'syz.9.20231': attribute type 10 has an invalid length. [ 1495.114315][T21072] team0: Cannot enslave team device to itself [ 1495.961739][T21115] binder: 21113:21115 ioctl c018620b 0 returned -14 [ 1496.555808][T25829] usb 8-1: new high-speed USB device number 26 using dummy_hcd [ 1496.727464][T25829] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1496.750003][T25829] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1496.763331][T25829] usb 8-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 1496.773561][T25829] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1496.787003][T25829] usb 8-1: config 0 descriptor?? [ 1496.837486][T21151] binder: BINDER_SET_CONTEXT_MGR already set [ 1496.853913][T21151] binder: 21150:21151 ioctl 40046207 0 returned -16 [ 1497.252945][T25829] usbhid 8-1:0.0: can't add hid device: -71 [ 1497.262309][T25829] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 1497.312040][T25829] usb 8-1: USB disconnect, device number 26 [ 1497.759310][T21188] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1497.931625][ T30] audit: type=1326 audit(1763556840.541:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21196 comm="syz.3.20291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1498.006634][ T30] audit: type=1326 audit(1763556840.541:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21196 comm="syz.3.20291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1498.081084][ T30] audit: type=1326 audit(1763556840.541:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21196 comm="syz.3.20291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1498.181025][ T30] audit: type=1326 audit(1763556840.541:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21196 comm="syz.3.20291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1498.203648][ C0] vkms_vblank_simulate: vblank timer overrun [ 1498.259528][ T30] audit: type=1326 audit(1763556840.541:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21196 comm="syz.3.20291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1498.283471][ T30] audit: type=1326 audit(1763556840.541:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21196 comm="syz.3.20291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1498.306905][ T30] audit: type=1326 audit(1763556840.541:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21196 comm="syz.3.20291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1499.087215][T21245] netlink: 276 bytes leftover after parsing attributes in process `syz.9.20311'. [ 1500.231346][T21294] netlink: 4 bytes leftover after parsing attributes in process `syz.2.20336'. [ 1500.413563][T21307] netlink: 40 bytes leftover after parsing attributes in process `syz.2.20342'. [ 1500.427171][T21304] netlink: 'syz.7.20343': attribute type 25 has an invalid length. [ 1500.683331][T21319] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1502.514575][T21367] netlink: 4 bytes leftover after parsing attributes in process `syz.9.20369'. [ 1502.552958][T21367] netlink: 4 bytes leftover after parsing attributes in process `syz.9.20369'. [ 1502.974856][T21392] netlink: 'syz.2.20381': attribute type 64 has an invalid length. [ 1502.997356][T21392] netlink: 5 bytes leftover after parsing attributes in process `syz.2.20381'. [ 1503.011963][T21392] gretap0: entered allmulticast mode [ 1503.020033][T21392] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1503.040663][T21395] netlink: 8 bytes leftover after parsing attributes in process `syz.0.20383'. [ 1503.050134][T21395] netlink: 8 bytes leftover after parsing attributes in process `syz.0.20383'. [ 1503.278962][T21407] netlink: 'syz.2.20390': attribute type 6 has an invalid length. [ 1503.748516][T21431] netlink: 72 bytes leftover after parsing attributes in process `syz.9.20402'. [ 1504.112950][T21454] netlink: 12 bytes leftover after parsing attributes in process `syz.0.20413'. [ 1504.545768][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 1504.545789][ T30] audit: type=1800 audit(1763556847.141:1305): pid=21477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.20424" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0 [ 1504.767836][T21489] netlink: 12 bytes leftover after parsing attributes in process `syz.9.20428'. [ 1505.274762][ T36] tipc: Subscription rejected, illegal request [ 1505.289449][T21517] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1506.889339][ T30] audit: type=1326 audit(1763556849.501:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21583 comm="syz.9.20473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879cd8f749 code=0x7ffc0000 [ 1506.965722][ T30] audit: type=1326 audit(1763556849.531:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21583 comm="syz.9.20473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879cd8f749 code=0x7ffc0000 [ 1507.030363][ T30] audit: type=1326 audit(1763556849.531:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21583 comm="syz.9.20473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f879cd8f749 code=0x7ffc0000 [ 1507.081161][ T30] audit: type=1326 audit(1763556849.531:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21583 comm="syz.9.20473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879cd8f749 code=0x7ffc0000 [ 1507.104794][ T30] audit: type=1326 audit(1763556849.531:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21583 comm="syz.9.20473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879cd8f749 code=0x7ffc0000 [ 1507.129169][ T30] audit: type=1326 audit(1763556849.531:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21583 comm="syz.9.20473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f879cd8f749 code=0x7ffc0000 [ 1507.153324][ T30] audit: type=1326 audit(1763556849.531:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21583 comm="syz.9.20473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879cd8f749 code=0x7ffc0000 [ 1507.211257][T21595] netlink: 68 bytes leftover after parsing attributes in process `syz.9.20479'. [ 1507.240651][ T30] audit: type=1326 audit(1763556849.531:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21583 comm="syz.9.20473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879cd8f749 code=0x7ffc0000 [ 1507.309550][ T30] audit: type=1326 audit(1763556849.531:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21583 comm="syz.9.20473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f879cd8f749 code=0x7ffc0000 [ 1507.908109][T21634] netlink: 8 bytes leftover after parsing attributes in process `syz.7.20496'. [ 1508.683477][T21676] binder: 21675:21676 ioctl c0306201 200000000940 returned -22 [ 1511.049531][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 1511.049551][ T30] audit: type=1326 audit(1763556853.661:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz.0.20581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1511.087284][ T30] audit: type=1326 audit(1763556853.661:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz.0.20581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1511.111698][ T30] audit: type=1326 audit(1763556853.721:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz.0.20581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1511.136120][ T30] audit: type=1326 audit(1763556853.721:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz.0.20581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1511.186039][ T30] audit: type=1326 audit(1763556853.721:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz.0.20581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1511.250876][ T30] audit: type=1326 audit(1763556853.721:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz.0.20581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1511.301192][ T30] audit: type=1326 audit(1763556853.721:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz.0.20581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1511.355364][ T30] audit: type=1326 audit(1763556853.721:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz.0.20581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1511.397387][ T30] audit: type=1326 audit(1763556853.721:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz.0.20581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1511.445627][ T30] audit: type=1326 audit(1763556853.721:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz.0.20581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1511.723226][T21830] netlink: 108 bytes leftover after parsing attributes in process `syz.2.20592'. [ 1511.980121][T21840] netlink: 68 bytes leftover after parsing attributes in process `syz.3.20597'. [ 1512.179358][T21846] netlink: 12 bytes leftover after parsing attributes in process `syz.9.20600'. [ 1512.412225][T21861] openvswitch: netlink: Missing valid actions attribute. [ 1512.438803][T21861] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1513.360961][T21902] can: request_module (can-proto-0) failed. [ 1513.785769][T21921] netlink: 8 bytes leftover after parsing attributes in process `syz.2.20636'. [ 1513.894118][T21928] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 1513.900682][T21928] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1513.949430][T21928] vhci_hcd vhci_hcd.0: Device attached [ 1513.981064][T21929] vhci_hcd: connection closed [ 1513.981391][ T1101] vhci_hcd: stop threads [ 1513.999589][ T1101] vhci_hcd: release socket [ 1514.016287][ T1101] vhci_hcd: disconnect device [ 1515.541692][T21989] input: syz0 as /devices/virtual/input/input161 [ 1516.593005][T22037] netlink: 64 bytes leftover after parsing attributes in process `syz.3.20689'. [ 1516.692969][T22041] netlink: 216 bytes leftover after parsing attributes in process `syz.0.20690'. [ 1516.732781][T22041] netlink: 40 bytes leftover after parsing attributes in process `syz.0.20690'. [ 1516.902264][ T30] kauditd_printk_skb: 66 callbacks suppressed [ 1516.902282][ T30] audit: type=1326 audit(1763556859.511:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22051 comm="syz.2.20697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1516.933414][ T30] audit: type=1326 audit(1763556859.521:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22051 comm="syz.2.20697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1516.958407][ T30] audit: type=1326 audit(1763556859.551:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22051 comm="syz.2.20697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1516.983643][ T30] audit: type=1326 audit(1763556859.551:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22051 comm="syz.2.20697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1517.008345][ T30] audit: type=1326 audit(1763556859.551:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22051 comm="syz.2.20697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1517.143479][ T30] audit: type=1326 audit(1763556859.751:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22058 comm="syz.2.20700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1517.221946][ T30] audit: type=1326 audit(1763556859.751:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22058 comm="syz.2.20700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1517.254673][ T30] audit: type=1326 audit(1763556859.751:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22058 comm="syz.2.20700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1517.355594][ T30] audit: type=1326 audit(1763556859.751:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22058 comm="syz.2.20700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1517.378744][ T30] audit: type=1326 audit(1763556859.751:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22058 comm="syz.2.20700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1517.892517][T22089] binder: 22087:22089 ioctl c0306201 200000000100 returned -14 [ 1518.522169][T22114] syz_tun: entered allmulticast mode [ 1518.533594][T22113] syz_tun: left allmulticast mode [ 1518.773938][T22120] x_tables: duplicate underflow at hook 2 [ 1518.959008][T22123] netlink: 20 bytes leftover after parsing attributes in process `syz.7.20730'. [ 1519.039372][T22130] netlink: 'syz.2.20733': attribute type 64 has an invalid length. [ 1519.049691][T22130] netlink: 5 bytes leftover after parsing attributes in process `syz.2.20733'. [ 1521.565883][ T5950] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 1521.735350][ T5950] usb 3-1: Using ep0 maxpacket: 16 [ 1521.747752][ T5950] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1521.782113][ T5950] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 1521.817774][ T5950] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1521.836999][ T5950] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1521.855369][ T5950] usb 3-1: config 0 descriptor?? [ 1521.870741][T22249] netlink: 20 bytes leftover after parsing attributes in process `syz.9.20788'. [ 1521.883323][ T5950] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1521.905090][T22249] netlink: 20 bytes leftover after parsing attributes in process `syz.9.20788'. [ 1522.006424][T22249] netlink: 20 bytes leftover after parsing attributes in process `syz.9.20788'. [ 1522.027902][T22249] netlink: 20 bytes leftover after parsing attributes in process `syz.9.20788'. [ 1522.099675][T22227] netlink: 'syz.2.20778': attribute type 49 has an invalid length. [ 1522.265509][T22249] netlink: 20 bytes leftover after parsing attributes in process `syz.9.20788'. [ 1522.274630][T22249] netlink: 20 bytes leftover after parsing attributes in process `syz.9.20788'. [ 1522.289753][T25826] usb 3-1: USB disconnect, device number 50 [ 1522.518124][T22272] netlink: 12 bytes leftover after parsing attributes in process `syz.9.20798'. [ 1522.861590][T22290] netlink: 104 bytes leftover after parsing attributes in process `syz.3.20805'. [ 1523.180252][ T36] tipc: Subscription rejected, illegal request [ 1523.343236][T22311] bridge0: port 1(70·) entered blocking state [ 1523.374750][T22311] bridge0: port 1(70·) entered disabled state [ 1523.482787][T22311] 0·: entered promiscuous mode [ 1523.875945][T22317] bridge0: port 1(ip6gretap0) entered disabled state [ 1523.998855][T22317] ip6gretap0 (unregistering): left allmulticast mode [ 1524.005885][T22317] ip6gretap0 (unregistering): left promiscuous mode [ 1524.128218][T22317] bridge0: port 1(ip6gretap0) entered disabled state [ 1526.598008][T22380] netlink: 4 bytes leftover after parsing attributes in process `syz.7.20846'. [ 1526.869897][T22393] netlink: 20 bytes leftover after parsing attributes in process `syz.9.20852'. [ 1527.061732][T22404] netlink: 128 bytes leftover after parsing attributes in process `syz.3.20857'. [ 1527.853948][T22418] netlink: 8 bytes leftover after parsing attributes in process `syz.9.20864'. [ 1530.317727][T22515] netlink: 'syz.9.20903': attribute type 10 has an invalid length. [ 1530.362634][T22515] team0: Port device dummy0 added [ 1530.369144][T22519] netlink: 'syz.9.20903': attribute type 10 has an invalid length. [ 1530.415346][T22519] team0: Port device dummy0 removed [ 1531.938584][T22595] netlink: 'syz.2.20941': attribute type 12 has an invalid length. [ 1532.315388][T25826] usb 8-1: new full-speed USB device number 27 using dummy_hcd [ 1532.508538][T25826] usb 8-1: not running at top speed; connect to a high speed hub [ 1532.524058][T25826] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4 [ 1532.548238][T25826] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1532.575435][T25826] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1532.611213][T25826] usb 8-1: Product: 䒔伺⬼巺ç¿æ†•æƒ´ì³¯î…¾åž’ꦇƗ⹹ꨟ嘈씆뢚誹Ᲊ熛蹬첩㬶ꦦâcåµï«„䃜ࣿ⑆㘗툒ã¼æ¨·æ¡‡êŸ”ḅ괶⫅蒃њ㖖༞慺鵔㜎ᯑ첷è—艗îˆä·´è¶£çŽ™è¸°ã¨‘ãž›ï„⎼죪ʗãƒî§¹ç¦›â¯¢ï…‘ã²ì–˜ãµì°¦á½ Ý¸í‡—틻Ȭ粓ê¨Ó·ë»ƒå—­à¼…ގ [ 1532.670222][T25826] usb 8-1: Manufacturer: Ð [ 1532.674837][T25826] usb 8-1: SerialNumber: á [ 1533.096708][T25826] usb 8-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1533.103929][T25826] usb 8-1: unit 91 not found! [ 1533.137010][T25826] usb 8-1: 5:0: cannot get min/max values for control 2 (id 5) [ 1533.159799][T25826] usb 8-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1533.209886][T25826] usb 8-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1533.266199][T25826] usb 8-1: USB disconnect, device number 27 [ 1533.320989][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1535.583909][T22728] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1537.497552][T22797] loop9: detected capacity change from 0 to 7 [ 1537.527299][ T5823] Dev loop9: unable to read RDB block 7 [ 1537.532935][ T5823] loop9: unable to read partition table [ 1537.553942][ T5823] loop9: partition table beyond EOD, truncated [ 1537.583276][T22797] Dev loop9: unable to read RDB block 7 [ 1537.597769][T22797] loop9: unable to read partition table [ 1537.617630][T22797] loop9: partition table beyond EOD, truncated [ 1537.644580][T22797] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1538.105416][ T5950] usb 10-1: new full-speed USB device number 42 using dummy_hcd [ 1538.268173][ T5950] usb 10-1: config index 0 descriptor too short (expected 55488, got 27) [ 1538.285854][ T5950] usb 10-1: config 0 has an invalid descriptor of length 216, skipping remainder of the config [ 1538.317174][ T5950] usb 10-1: config 0 has no interfaces? [ 1538.333693][ T5950] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1538.360573][ T5950] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1538.370917][ T5950] usb 10-1: Product: syz [ 1538.380020][ T5950] usb 10-1: Manufacturer: syz [ 1538.390144][ T5950] usb 10-1: SerialNumber: syz [ 1538.407060][ T5950] usb 10-1: config 0 descriptor?? [ 1538.495129][T22829] netlink: 52 bytes leftover after parsing attributes in process `syz.7.21051'. [ 1538.762390][T25826] usb 10-1: USB disconnect, device number 42 [ 1539.622199][T22876] netlink: 'syz.0.21073': attribute type 11 has an invalid length. [ 1539.641640][T22876] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.21073'. [ 1540.782313][T22929] sit0: left promiscuous mode [ 1542.382098][T22988] netlink: 24 bytes leftover after parsing attributes in process `syz.7.21127'. [ 1543.255343][ T5950] usb 10-1: new high-speed USB device number 43 using dummy_hcd [ 1543.827362][ T5950] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1543.842466][ T5950] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1543.898791][ T5950] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1543.939742][ T5950] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1543.976949][ T5950] usb 10-1: config 0 descriptor?? [ 1544.216004][ T5950] usb 10-1: string descriptor 0 read error: -71 [ 1544.252912][ T5950] usb 10-1: USB disconnect, device number 43 [ 1544.613645][T23050] random: crng reseeded on system resumption [ 1545.694148][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 1545.694166][ T30] audit: type=1326 audit(1763556888.301:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23092 comm="syz.0.21174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1545.797454][ T30] audit: type=1326 audit(1763556888.351:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23092 comm="syz.0.21174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1545.873146][T23102] netlink: 8 bytes leftover after parsing attributes in process `syz.9.21179'. [ 1545.891276][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1545.905810][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1545.913257][ T30] audit: type=1326 audit(1763556888.351:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23092 comm="syz.0.21174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1545.940980][ T30] audit: type=1326 audit(1763556888.351:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23092 comm="syz.0.21174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1545.968774][ T30] audit: type=1326 audit(1763556888.461:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23098 comm="syz.2.21177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1545.993379][ T30] audit: type=1326 audit(1763556888.461:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23098 comm="syz.2.21177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1546.016682][ T30] audit: type=1326 audit(1763556888.461:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23098 comm="syz.2.21177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3026d8df90 code=0x7ffc0000 [ 1546.124555][ T30] audit: type=1326 audit(1763556888.461:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23098 comm="syz.2.21177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3026d8df90 code=0x7ffc0000 [ 1546.174482][ T30] audit: type=1326 audit(1763556888.461:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23098 comm="syz.2.21177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1546.204084][ T30] audit: type=1326 audit(1763556888.461:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23098 comm="syz.2.21177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1547.920503][T23183] netlink: 72 bytes leftover after parsing attributes in process `syz.2.21217'. [ 1547.968206][T23188] binder: 23187:23188 ioctl 40046205 0 returned -22 [ 1550.288147][T23300] netlink: 16 bytes leftover after parsing attributes in process `syz.9.21273'. [ 1550.827296][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 1550.827316][ T30] audit: type=1326 audit(1763556893.431:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23327 comm="syz.7.21288" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x0 [ 1550.958613][T23336] syzkaller0: entered promiscuous mode [ 1550.964129][T23336] syzkaller0: entered allmulticast mode [ 1551.375597][ T5950] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 1551.441323][T23359] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 1551.566362][ T5950] usb 4-1: Using ep0 maxpacket: 16 [ 1551.593974][ T5950] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1551.635451][ T5950] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1551.656384][ T5950] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1551.669571][ T5950] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1551.679885][ T5950] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1551.718029][ T5950] usb 4-1: config 0 descriptor?? [ 1552.153858][ T5950] microsoft 0003:045E:07DA.005E: ignoring exceeding usage max [ 1552.173751][ T5950] microsoft 0003:045E:07DA.005E: unsupported Resolution Multiplier 0 [ 1552.193138][ T5950] microsoft 0003:045E:07DA.005E: implement() called with n (152) > 32! (kworker/0:6) [ 1552.347595][ T5950] microsoft 0003:045E:07DA.005E: unsupported Resolution Multiplier 0 [ 1552.367803][ T5950] microsoft 0003:045E:07DA.005E: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 1552.385346][ T5950] microsoft 0003:045E:07DA.005E: no inputs found [ 1552.391827][ T5950] microsoft 0003:045E:07DA.005E: could not initialize ff, continuing anyway [ 1552.568002][T23403] netlink: 'syz.0.21321': attribute type 27 has an invalid length. [ 1552.596231][T23403] lo: entered promiscuous mode [ 1552.601053][T23403] lo: entered allmulticast mode [ 1552.604024][ T5950] usb 4-1: USB disconnect, device number 64 [ 1552.617827][T23403] tunl0: entered promiscuous mode [ 1552.623574][T23403] tunl0: entered allmulticast mode [ 1552.637210][T23403] gre0: entered promiscuous mode [ 1552.645948][T23403] gre0: entered allmulticast mode [ 1552.670557][T23403] gretap0: entered promiscuous mode [ 1552.692294][T23403] gretap0: entered allmulticast mode [ 1552.706728][T23403] erspan0: entered promiscuous mode [ 1552.729268][T23403] erspan0: entered allmulticast mode [ 1552.751659][T23403] ip_vti0: entered promiscuous mode [ 1552.781091][T23403] ip_vti0: entered allmulticast mode [ 1552.817177][T23403] ip6_vti0: entered promiscuous mode [ 1552.822519][T23403] ip6_vti0: entered allmulticast mode [ 1552.856710][T23403] sit0: entered allmulticast mode [ 1552.868402][T23403] ip6tnl0: entered promiscuous mode [ 1552.874077][T23403] ip6tnl0: entered allmulticast mode [ 1552.878013][T23415] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21326'. [ 1552.881540][T23403] ip6gre0: entered promiscuous mode [ 1552.893803][T23403] ip6gre0: entered allmulticast mode [ 1552.902563][T23403] syz_tun: entered promiscuous mode [ 1552.910441][T23403] vcan0: entered promiscuous mode [ 1552.917432][T23403] vcan0: entered allmulticast mode [ 1552.924138][T23403] bond0: entered promiscuous mode [ 1552.930173][T23403] bond_slave_0: entered promiscuous mode [ 1552.937344][T23403] @0Ù: entered promiscuous mode [ 1552.942710][T23403] bond0: entered allmulticast mode [ 1552.949028][T23403] bond_slave_0: entered allmulticast mode [ 1552.954974][T23403] @0Ù: entered allmulticast mode [ 1552.960520][T23417] netlink: 8 bytes leftover after parsing attributes in process `syz.7.21328'. [ 1552.964136][T23403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1552.973204][T23417] netlink: 12 bytes leftover after parsing attributes in process `syz.7.21328'. [ 1552.978805][T23403] nlmon0: entered promiscuous mode [ 1552.987012][T23417] netlink: 16 bytes leftover after parsing attributes in process `syz.7.21328'. [ 1552.991635][T23403] nlmon0: entered allmulticast mode [ 1553.055531][T23403] caif0: entered promiscuous mode [ 1553.060599][T23403] caif0: entered allmulticast mode [ 1553.066190][T23403] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1553.874286][T23455] netlink: 536 bytes leftover after parsing attributes in process `syz.3.21347'. [ 1553.919635][T23455] netlink: 124 bytes leftover after parsing attributes in process `syz.3.21347'. [ 1554.130574][T23471] fuse: Bad value for 'fd' [ 1554.264116][ T30] audit: type=1326 audit(1763556896.871:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23474 comm="syz.7.21355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1554.331312][ T30] audit: type=1326 audit(1763556896.901:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23474 comm="syz.7.21355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1554.356223][ T30] audit: type=1326 audit(1763556896.901:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23474 comm="syz.7.21355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1554.383528][ T30] audit: type=1326 audit(1763556896.901:1480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23474 comm="syz.7.21355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1554.778770][T23460] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1554.786292][T23460] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1554.800617][T23460] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1554.816431][T23460] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1554.837571][T23460] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1554.961951][T23504] netlink: 24 bytes leftover after parsing attributes in process `syz.7.21369'. [ 1555.650367][T23540] netlink: 156 bytes leftover after parsing attributes in process `syz.2.21387'. [ 1556.046615][T10182] Bluetooth: hci1: command 0x0406 tx timeout [ 1556.785340][ T5950] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 1556.845784][T10182] Bluetooth: hci4: command 0x0406 tx timeout [ 1556.852100][T10182] Bluetooth: hci3: command 0x0406 tx timeout [ 1556.858701][T10182] Bluetooth: hci0: command 0x0406 tx timeout [ 1556.862451][ T8822] Bluetooth: hci2: command 0x0406 tx timeout [ 1556.979619][ T5950] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1557.002582][ T5950] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1557.044468][ T5950] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1557.063461][ T5950] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 1557.101561][ T5950] usb 4-1: Manufacturer: syz [ 1557.116300][ T5950] usb 4-1: config 0 descriptor?? [ 1557.910965][ T30] audit: type=1326 audit(1763556900.521:1481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23635 comm="syz.2.21430" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x0 [ 1557.969681][ T5950] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.005F/input/input163 [ 1558.082197][ T5950] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.005F/input/input164 [ 1558.105670][ T5950] input: syz Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.005F/input/input165 [ 1558.141425][ T5950] input: syz Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.005F/input/input166 [ 1558.176764][ T5950] uclogic 0003:256C:006D.005F: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.3-1/input0 [ 1558.673544][T23664] netlink: 76 bytes leftover after parsing attributes in process `syz.7.21444'. [ 1558.692742][T23663] netlink: 'syz.2.21443': attribute type 27 has an invalid length. [ 1558.716300][T23663] lo: entered promiscuous mode [ 1558.721214][T23663] lo: entered allmulticast mode [ 1558.762358][T23663] tunl0: entered promiscuous mode [ 1558.800792][T23663] tunl0: entered allmulticast mode [ 1558.838077][T23663] gre0: entered promiscuous mode [ 1558.843072][T23663] gre0: entered allmulticast mode [ 1558.881100][T19564] usb 4-1: USB disconnect, device number 65 [ 1558.901873][T23663] gretap0: entered promiscuous mode [ 1558.915914][T23663] ip_vti0: entered promiscuous mode [ 1558.921385][T23663] ip_vti0: entered allmulticast mode [ 1558.984114][T23663] ip6_vti0: entered promiscuous mode [ 1559.003285][T23663] ip6_vti0: entered allmulticast mode [ 1559.010947][T23663] sit0: entered allmulticast mode [ 1559.069834][T23663] ip6tnl0: entered promiscuous mode [ 1559.075092][T23663] ip6tnl0: entered allmulticast mode [ 1559.128143][T23663] ip6gre0: entered promiscuous mode [ 1559.133400][T23663] ip6gre0: entered allmulticast mode [ 1559.189229][T23663] syz_tun: entered promiscuous mode [ 1559.205167][T23663] syz_tun: entered allmulticast mode [ 1559.216608][T23663] ip6gretap0: entered promiscuous mode [ 1559.222203][T23663] ip6gretap0: entered allmulticast mode [ 1559.231031][T23663] bridge0: port 3(erspan0) entered blocking state [ 1559.237776][T23663] bridge0: port 3(erspan0) entered forwarding state [ 1559.246162][T23663] bridge0: entered promiscuous mode [ 1559.251505][T23663] bridge0: entered allmulticast mode [ 1559.318350][T23663] caif0: entered promiscuous mode [ 1559.323754][T23663] caif0: entered allmulticast mode [ 1559.331590][T23663] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1559.976754][T19564] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 1560.206182][T19564] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1560.223966][T19564] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1560.242722][T19564] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1560.252042][T19564] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 1560.263786][T19564] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 1560.322658][T19564] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1560.331986][T19564] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1560.340353][T19564] usb 4-1: Product: syz [ 1560.355189][T19564] usb 4-1: Manufacturer: syz [ 1560.365690][T19564] cdc_wdm 4-1:1.0: skipping garbage [ 1560.373605][T19564] cdc_wdm 4-1:1.0: skipping garbage [ 1560.381877][T19564] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 1560.431067][T19564] cdc_wdm 4-1:1.0: Unknown control protocol [ 1560.570905][T19564] usb 4-1: USB disconnect, device number 66 [ 1560.737632][T23713] netlink: 8 bytes leftover after parsing attributes in process `syz.9.21466'. [ 1561.047398][T23729] netlink: 'syz.2.21474': attribute type 13 has an invalid length. [ 1561.284737][T19564] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1561.967937][T19564] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1562.643960][T23779] trusted_key: encrypted_key: insufficient parameters specified [ 1564.015564][T19596] usb 10-1: new high-speed USB device number 44 using dummy_hcd [ 1564.185899][T19596] usb 10-1: Using ep0 maxpacket: 8 [ 1564.216133][T19596] usb 10-1: unable to get BOS descriptor or descriptor too short [ 1564.223951][T19596] usb 10-1: no configurations [ 1564.310885][T19596] usb 10-1: can't read configurations, error -22 [ 1565.141500][T23860] netlink: 'syz.3.21531': attribute type 13 has an invalid length. [ 1566.006719][T23884] tipc: New replicast peer: 2001:0000:0000:0000:0000:0000:0000:0002 [ 1566.231793][T23899] netlink: 64 bytes leftover after parsing attributes in process `syz.7.21550'. [ 1566.356205][T23903] netlink: 'syz.0.21552': attribute type 6 has an invalid length. [ 1566.388783][T23903] netlink: 'syz.0.21552': attribute type 4 has an invalid length. [ 1566.410930][T23903] netlink: 17 bytes leftover after parsing attributes in process `syz.0.21552'. [ 1566.450308][T23909] netlink: 280 bytes leftover after parsing attributes in process `syz.7.21555'. [ 1566.634992][T23918] netlink: 'syz.7.21559': attribute type 4 has an invalid length. [ 1566.666574][T23918] netlink: 'syz.7.21559': attribute type 5 has an invalid length. [ 1566.678690][T23918] netlink: 3657 bytes leftover after parsing attributes in process `syz.7.21559'. [ 1567.824842][T23988] netlink: 36 bytes leftover after parsing attributes in process `syz.3.21590'. [ 1567.853395][T23991] netlink: 8 bytes leftover after parsing attributes in process `syz.0.21591'. [ 1568.057447][T23999] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21597'. [ 1569.161762][T24043] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21613'. [ 1569.199853][T24046] netlink: 12 bytes leftover after parsing attributes in process `syz.9.21615'. [ 1569.554328][T24059] netlink: 'syz.7.21619': attribute type 13 has an invalid length. [ 1569.931261][T24084] x_tables: duplicate entry at hook 2 [ 1570.178064][T24095] binder: 24094:24095 ioctl c0306201 200000000100 returned -14 [ 1570.772369][T24121] netlink: 'syz.0.21647': attribute type 11 has an invalid length. [ 1570.785408][T24121] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.21647'. [ 1571.165488][T25826] usb 3-1: new full-speed USB device number 51 using dummy_hcd [ 1571.328405][T25826] usb 3-1: config 0 has an invalid interface number: 133 but max is 0 [ 1571.338087][T25826] usb 3-1: config 0 has no interface number 0 [ 1571.354615][T25826] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 1571.366302][T25826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1571.374327][T25826] usb 3-1: Product: syz [ 1571.395154][T25826] usb 3-1: Manufacturer: syz [ 1571.410740][T25826] usb 3-1: SerialNumber: syz [ 1571.427237][T25826] usb 3-1: config 0 descriptor?? [ 1571.547246][T24159] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1571.667813][T25826] keyspan 3-1:0.133: Keyspan 1 port adapter converter detected [ 1571.691881][T25826] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 81 [ 1571.708809][T25826] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 1 [ 1571.745760][T25826] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 2 [ 1571.768691][T25826] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1571.799984][T25826] usb 3-1: USB disconnect, device number 51 [ 1571.819148][T25826] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1571.842179][T25826] keyspan 3-1:0.133: device disconnected [ 1572.012399][T24176] x_tables: duplicate underflow at hook 2 [ 1572.022701][T24177] macvlan0: entered promiscuous mode [ 1575.368608][T24289] netlink: 20 bytes leftover after parsing attributes in process `syz.3.21719'. [ 1575.518499][T24294] netlink: 'syz.2.21720': attribute type 1 has an invalid length. [ 1575.564345][T24294] bond3: (slave xfrm1): The slave device specified does not support setting the MAC address [ 1575.578992][T24294] bond3: (slave xfrm1): Setting fail_over_mac to active for active-backup mode [ 1575.591330][T24294] bond3: (slave xfrm1): making interface the new active one [ 1575.616037][T24294] bond3: (slave xfrm1): Enslaving as an active interface with an up link [ 1575.667547][T24294] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21720'. [ 1575.948696][T24294] bond3 (unregistering): (slave xfrm1): Releasing backup interface [ 1576.010766][T24294] bond3 (unregistering): Released all slaves [ 1576.729972][T24314] lo: Caught tx_queue_len zero misconfig [ 1576.878222][T24318] ip6tnl0: Caught tx_queue_len zero misconfig [ 1578.223745][T24383] netlink: 52 bytes leftover after parsing attributes in process `syz.0.21764'. [ 1578.371641][T24391] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1578.607027][T24404] binder: 24398:24404 ioctl 400c620e 200000000100 returned -22 [ 1579.076368][T25826] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 1579.237571][T25826] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1579.250241][T25826] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1579.262419][T25826] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1579.280649][T25826] usb 3-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 1579.294693][T25826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1579.303271][T25826] usb 3-1: Product: syz [ 1579.307986][T25826] usb 3-1: Manufacturer: syz [ 1579.312600][T25826] usb 3-1: SerialNumber: syz [ 1579.326156][T25826] usb 3-1: config 0 descriptor?? [ 1579.332278][T24417] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1579.559224][T24442] netlink: 'syz.7.21789': attribute type 1 has an invalid length. [ 1579.573941][T25826] powermate: unknown product id 0240 [ 1579.615421][T25826] powermate: Expected payload of 3--6 bytes, found 1024 bytes! [ 1579.640822][T25826] input: Griffin SoundKnob as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input168 [ 1579.987257][ C1] powermate: config urb returned -71 [ 1579.995117][ C1] powermate: config urb returned -71 [ 1580.000683][ C1] powermate: config urb returned -71 [ 1580.006570][ C1] powermate 3-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 1580.015339][T25826] usb 3-1: USB disconnect, device number 52 [ 1580.744644][ T5950] hid_parser_main: 118 callbacks suppressed [ 1580.744665][ T5950] hid-generic 0003:0004:0000.0060: unknown main item tag 0x0 [ 1580.804717][ T5950] hid-generic 0003:0004:0000.0060: unknown main item tag 0x0 [ 1580.853247][ T5950] hid-generic 0003:0004:0000.0060: unknown main item tag 0x0 [ 1580.889567][ T5950] hid-generic 0003:0004:0000.0060: unknown main item tag 0x0 [ 1580.898139][ T5950] hid-generic 0003:0004:0000.0060: unknown main item tag 0x0 [ 1580.925101][ T5950] hid-generic 0003:0004:0000.0060: unknown main item tag 0x0 [ 1580.943330][ T5950] hid-generic 0003:0004:0000.0060: unknown main item tag 0x0 [ 1580.973599][ T5950] hid-generic 0003:0004:0000.0060: unknown main item tag 0x0 [ 1581.145464][ T5950] hid-generic 0003:0004:0000.0060: unknown main item tag 0x0 [ 1581.249605][ T5950] hid-generic 0003:0004:0000.0060: unknown main item tag 0x0 [ 1581.324873][ T5950] hid-generic 0003:0004:0000.0060: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 1581.435175][T24494] fido_id[24494]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1582.167122][T24526] netlink: 'syz.0.21828': attribute type 13 has an invalid length. [ 1582.181096][T24527] trusted_key: encrypted_key: insufficient parameters specified [ 1582.185491][T24526] netlink: 'syz.0.21828': attribute type 17 has an invalid length. [ 1582.297578][T24526] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1582.529021][T24540] netlink: 36 bytes leftover after parsing attributes in process `syz.3.21834'. [ 1582.829328][T24549] netlink: 40 bytes leftover after parsing attributes in process `syz.3.21838'. [ 1583.103935][T24563] xt_hashlimit: max too large, truncated to 1048576 [ 1583.117366][T24567] netlink: 12 bytes leftover after parsing attributes in process `syz.3.21846'. [ 1583.127764][T24563] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 1583.137750][T24567] netlink: 12 bytes leftover after parsing attributes in process `syz.3.21846'. [ 1583.163978][T24568] netlink: 12 bytes leftover after parsing attributes in process `syz.3.21846'. [ 1583.186474][T24568] netlink: 12 bytes leftover after parsing attributes in process `syz.3.21846'. [ 1584.447661][T24622] trusted_key: encrypted_key: master key parameter 'd' is invalid [ 1584.509606][T24625] netlink: 'syz.2.21873': attribute type 4 has an invalid length. [ 1584.517973][T24625] netlink: 17 bytes leftover after parsing attributes in process `syz.2.21873'. [ 1585.032695][T24653] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21886'. [ 1585.780919][ T30] audit: type=1800 audit(1763556928.391:1482): pid=24688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.21901" name="file1" dev="tmpfs" ino=17837 res=0 errno=0 [ 1586.842157][T24726] delete_channel: no stack [ 1587.487355][T24755] netlink: 'syz.3.21931': attribute type 1 has an invalid length. [ 1588.144962][T24791] binder: 24788:24791 ioctl c0306201 200000000100 returned -14 [ 1588.196627][T24795] netlink: 12 bytes leftover after parsing attributes in process `syz.0.21949'. [ 1589.673598][T24868] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21984'. [ 1590.379051][T24888] tipc: Enabling of bearer rejected, media not registered [ 1590.387255][T24890] netlink: 'syz.0.21994': attribute type 29 has an invalid length. [ 1590.399317][T24890] netlink: 8 bytes leftover after parsing attributes in process `syz.0.21994'. [ 1590.686520][T24907] netlink: 8 bytes leftover after parsing attributes in process `syz.7.22002'. [ 1592.156216][T25826] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 1592.326040][T25826] usb 3-1: Using ep0 maxpacket: 16 [ 1592.334229][T25826] usb 3-1: config 0 has an invalid interface number: 126 but max is 0 [ 1592.343415][T25826] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1592.360228][T25826] usb 3-1: config 0 has no interface number 0 [ 1592.371266][T25826] usb 3-1: config 0 interface 126 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1592.405748][T25826] usb 3-1: config 0 interface 126 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1592.434741][T25826] usb 3-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88 [ 1592.448739][T25826] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1592.463585][T25826] usb 3-1: config 0 descriptor?? [ 1592.513741][T25826] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1592.888044][T24993] netlink: 68 bytes leftover after parsing attributes in process `syz.7.22042'. [ 1592.921066][T18286] udevd[18286]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.126/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1592.941705][T25826] snd-usb-audio 3-1:0.126: probe with driver snd-usb-audio failed with error -2 [ 1592.968987][T25826] usb 3-1: USB disconnect, device number 53 [ 1593.191094][T24999] pim6reg1: entered promiscuous mode [ 1593.207687][T24999] pim6reg1: entered allmulticast mode [ 1593.923492][ T30] audit: type=1326 audit(1763556936.521:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24996 comm="syz.0.22044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7fc00000 [ 1594.049723][ T30] audit: type=1326 audit(1763556936.521:1484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24996 comm="syz.0.22044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f083618f749 code=0x7fc00000 [ 1594.131231][ T30] audit: type=1326 audit(1763556936.521:1485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24996 comm="syz.0.22044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7fc00000 [ 1594.210536][ T30] audit: type=1326 audit(1763556936.521:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24996 comm="syz.0.22044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7fc00000 [ 1594.321723][ T30] audit: type=1326 audit(1763556936.521:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24996 comm="syz.0.22044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7fc00000 [ 1594.456069][ T30] audit: type=1326 audit(1763556936.521:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24996 comm="syz.0.22044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7fc00000 [ 1594.543738][ T30] audit: type=1326 audit(1763556936.521:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24996 comm="syz.0.22044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7fc00000 [ 1594.636393][ T30] audit: type=1326 audit(1763556936.521:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24996 comm="syz.0.22044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7fc00000 [ 1595.842549][T25097] xt_hashlimit: max too large, truncated to 1048576 [ 1596.246883][T25116] netlink: 12 bytes leftover after parsing attributes in process `syz.2.22100'. [ 1597.075652][T32137] usb 8-1: new full-speed USB device number 28 using dummy_hcd [ 1597.115590][T19596] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 1597.260661][T32137] usb 8-1: unable to get BOS descriptor or descriptor too short [ 1597.271002][T19596] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1597.276525][T32137] usb 8-1: not running at top speed; connect to a high speed hub [ 1597.294952][T19596] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1597.298543][T32137] usb 8-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1597.307204][T19596] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 1597.328645][T19596] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1597.336880][T32137] usb 8-1: config 1 interface 0 has no altsetting 0 [ 1597.339130][T32137] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1597.353844][T32137] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1597.356266][T19596] usb 3-1: config 0 descriptor?? [ 1597.367101][T32137] usb 8-1: Product: syz [ 1597.367123][T32137] usb 8-1: Manufacturer: syz [ 1597.367139][T32137] usb 8-1: SerialNumber: syz [ 1597.589520][T32137] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -71 [ 1597.612984][T32137] usb 8-1: USB disconnect, device number 28 [ 1597.811543][T19596] hid_parser_main: 8 callbacks suppressed [ 1597.811567][T19596] cm6533_jd 0003:0D8C:0022.0061: unknown main item tag 0x0 [ 1597.833629][T19596] cm6533_jd 0003:0D8C:0022.0061: unknown main item tag 0x0 [ 1597.868701][T19596] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0061/input/input170 [ 1597.910827][T19596] cm6533_jd 0003:0D8C:0022.0061: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 1598.187356][T25826] usb 3-1: USB disconnect, device number 54 [ 1598.557233][T25210] netlink: 8 bytes leftover after parsing attributes in process `syz.9.22144'. [ 1599.539042][T25255] netlink: 120 bytes leftover after parsing attributes in process `syz.0.22167'. [ 1599.557508][T25255] netlink: 12 bytes leftover after parsing attributes in process `syz.0.22167'. [ 1599.595068][T25255] netlink: 16 bytes leftover after parsing attributes in process `syz.0.22167'. [ 1599.717921][T25263] netlink: 'syz.7.22170': attribute type 4 has an invalid length. [ 1599.739611][T25263] netlink: 17 bytes leftover after parsing attributes in process `syz.7.22170'. [ 1600.855077][ T30] audit: type=1326 audit(1763556943.461:1491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25324 comm="syz.7.22202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1600.914248][ T30] audit: type=1326 audit(1763556943.491:1492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25324 comm="syz.7.22202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1600.976231][ T30] audit: type=1326 audit(1763556943.491:1493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25324 comm="syz.7.22202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1601.044096][ T30] audit: type=1326 audit(1763556943.491:1494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25324 comm="syz.7.22202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1601.092928][ T30] audit: type=1326 audit(1763556943.491:1495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25324 comm="syz.7.22202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1602.200493][T25392] netlink: 36 bytes leftover after parsing attributes in process `syz.0.22234'. [ 1605.066657][T25534] netlink: 60 bytes leftover after parsing attributes in process `syz.3.22299'. [ 1605.323675][T25544] netlink: 48 bytes leftover after parsing attributes in process `syz.9.22304'. [ 1607.332310][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.340168][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1608.564050][T25633] netlink: 72 bytes leftover after parsing attributes in process `syz.7.22342'. [ 1608.913662][T25647] netlink: 28 bytes leftover after parsing attributes in process `syz.0.22350'. [ 1608.943271][T25647] openvswitch: netlink: Flow key attr not present in new flow. [ 1610.129375][ T30] audit: type=1326 audit(1763556952.721:1496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25672 comm="syz.0.22361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1610.215356][ T30] audit: type=1326 audit(1763556952.721:1497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25672 comm="syz.0.22361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1610.306369][ T30] audit: type=1326 audit(1763556952.721:1498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25672 comm="syz.0.22361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1610.435174][ T30] audit: type=1326 audit(1763556952.721:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25672 comm="syz.0.22361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1610.532560][ T30] audit: type=1326 audit(1763556952.721:1500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25672 comm="syz.0.22361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1610.631882][ T30] audit: type=1326 audit(1763556952.721:1501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25672 comm="syz.0.22361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1610.745413][ T30] audit: type=1326 audit(1763556952.721:1502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25672 comm="syz.0.22361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1610.821017][ T30] audit: type=1326 audit(1763556952.721:1503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25672 comm="syz.0.22361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1610.935371][ T30] audit: type=1326 audit(1763556952.721:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25672 comm="syz.0.22361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1611.050271][ T30] audit: type=1326 audit(1763556952.721:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25672 comm="syz.0.22361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1611.840633][T25732] trusted_key: encrypted_key: master key parameter is missing [ 1612.233880][T25753] netlink: 16 bytes leftover after parsing attributes in process `syz.2.22397'. [ 1612.253969][T25754] netlink: 'syz.7.22398': attribute type 32 has an invalid length. [ 1612.267642][T25753] tipc: Enabling of bearer rejected, already enabled [ 1613.612182][T25809] wg2: Caught tx_queue_len zero misconfig [ 1614.585503][ T5950] usb 10-1: new high-speed USB device number 46 using dummy_hcd [ 1614.759600][ T5950] usb 10-1: New USB device found, idVendor=2001, idProduct=b301, bcdDevice=45.a9 [ 1614.778007][ T5950] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1614.796556][ T5950] usb 10-1: Product: syz [ 1614.804312][ T5950] usb 10-1: Manufacturer: syz [ 1614.814953][ T5950] usb 10-1: SerialNumber: syz [ 1614.850735][ T5950] r8152-cfgselector 10-1: Unknown version 0x0000 [ 1614.860101][ T5950] r8152-cfgselector 10-1: config 0 descriptor?? [ 1614.884613][ T5950] r8152 10-1:0.0: Expected endpoints are not found [ 1614.936600][T25865] fuse: Invalid rootmode [ 1615.095448][T25835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1615.106019][T25835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1615.129952][T32137] r8152-cfgselector 10-1: USB disconnect, device number 46 [ 1617.218767][T25943] netlink: 9 bytes leftover after parsing attributes in process `syz.2.22478'. [ 1617.254752][T25943] 0·: renamed from hsr0 [ 1617.289368][T25943] 0·: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1617.308599][T25943] 0·: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1617.320502][T25943] 0·: entered allmulticast mode [ 1617.325995][T25943] hsr_slave_0: entered allmulticast mode [ 1617.331938][T25943] hsr_slave_1: entered allmulticast mode [ 1617.357258][T25943] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 1618.345698][T25988] netlink: 140 bytes leftover after parsing attributes in process `syz.2.22499'. [ 1618.977335][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1618.977351][ T30] audit: type=1326 audit(1763556961.591:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26018 comm="syz.2.22513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7fc00000 [ 1619.789158][T26054] netlink: 8 bytes leftover after parsing attributes in process `syz.3.22531'. [ 1620.428012][ T30] audit: type=1326 audit(1763556963.031:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26084 comm="syz.7.22544" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x0 [ 1620.499023][T26089] netlink: 104 bytes leftover after parsing attributes in process `syz.3.22547'. [ 1621.025489][T26114] netlink: 12 bytes leftover after parsing attributes in process `syz.0.22559'. [ 1621.171521][T26117] netlink: 20 bytes leftover after parsing attributes in process `syz.2.22560'. [ 1621.712681][T26139] netlink: 84 bytes leftover after parsing attributes in process `syz.9.22572'. [ 1621.722767][T26139] netlink: 16 bytes leftover after parsing attributes in process `syz.9.22572'. [ 1622.757181][T26175] IPVS: set_ctl: invalid protocol: 255 172.20.20.187:20004 [ 1623.012173][T26189] netlink: 8 bytes leftover after parsing attributes in process `syz.3.22593'. [ 1623.310285][T26200] netlink: 188 bytes leftover after parsing attributes in process `syz.7.22599'. [ 1624.093973][T26228] ptrace attach of "./syz-executor exec"[26232] was attempted by "./syz-executor exec"[26228] [ 1625.446630][T26270] trusted_key: encrypted_key: insufficient parameters specified [ 1625.785758][T26284] netlink: 'syz.0.22637': attribute type 3 has an invalid length. [ 1627.388643][T26340] netlink: 64 bytes leftover after parsing attributes in process `syz.3.22664'. [ 1627.460154][T26343] binder: 26342:26343 ioctl c018620b 200000000040 returned -14 [ 1627.765042][T26359] netlink: 9 bytes leftover after parsing attributes in process `syz.2.22673'. [ 1627.786317][T26359] gretap0: left allmulticast mode [ 1628.454342][T26384] netlink: 'syz.3.22685': attribute type 4 has an invalid length. [ 1628.688942][T26394] binder: 26393:26394 ioctl c0306201 2000000000c0 returned -14 [ 1629.100321][T26403] netlink: 104 bytes leftover after parsing attributes in process `syz.0.22694'. [ 1629.635331][T25826] usb 4-1: new full-speed USB device number 67 using dummy_hcd [ 1629.821456][T25826] usb 4-1: config 0 has an invalid interface number: 46 but max is 0 [ 1629.850194][T25826] usb 4-1: config 0 has no interface number 0 [ 1629.863223][T25826] usb 4-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01 [ 1629.883041][T25826] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1629.893452][T25826] usb 4-1: Product: syz [ 1629.916032][T25826] usb 4-1: Manufacturer: syz [ 1629.920671][T25826] usb 4-1: SerialNumber: syz [ 1629.955128][T25826] usb 4-1: config 0 descriptor?? [ 1629.973758][T25826] ums-karma 4-1:0.46: USB Mass Storage device detected [ 1630.228702][T25826] usb 4-1: USB disconnect, device number 67 [ 1630.702386][T26474] netlink: 'syz.7.22727': attribute type 1 has an invalid length. [ 1630.786372][T26474] bond4: entered promiscuous mode [ 1630.791472][T26474] bond4: entered allmulticast mode [ 1630.832297][T26478] ip6gretap0: entered allmulticast mode [ 1630.842204][T26478] bond4: (slave ip6gretap0): making interface the new active one [ 1630.860429][T26474] netlink: 28 bytes leftover after parsing attributes in process `syz.7.22727'. [ 1630.872894][T26478] ip6gretap0: entered promiscuous mode [ 1630.879751][T26478] bond4: (slave ip6gretap0): Enslaving as an active interface with an up link [ 1630.902701][T26474] bond4: left promiscuous mode [ 1630.936383][T26474] ip6gretap0: left promiscuous mode [ 1630.943833][T26474] bond4: left allmulticast mode [ 1630.966927][T26474] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1631.725757][T25826] usb 3-1: new full-speed USB device number 55 using dummy_hcd [ 1632.057174][T25826] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1632.088443][T25826] usb 3-1: not running at top speed; connect to a high speed hub [ 1632.107868][T25826] usb 3-1: config 1 has an invalid interface number: 138 but max is 0 [ 1632.117093][T25826] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1632.128135][T25826] usb 3-1: config 1 has no interface number 0 [ 1632.152735][T25826] usb 3-1: config 1 interface 138 altsetting 252 endpoint 0xC has invalid maxpacket 65296, setting to 64 [ 1632.181013][T25826] usb 3-1: config 1 interface 138 has no altsetting 0 [ 1632.197669][T25826] usb 3-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae [ 1632.209413][T25826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1632.218919][T25826] usb 3-1: Product: syz [ 1632.226416][T25826] usb 3-1: Manufacturer: syz [ 1632.234475][T25826] usb 3-1: SerialNumber: syz [ 1632.266854][T26503] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1632.502885][T25826] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1632.678100][T25826] usb 3-1: USB disconnect, device number 55 [ 1632.739318][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.138/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1632.773241][T26538] netlink: 'syz.9.22753': attribute type 1 has an invalid length. [ 1634.989276][T26607] netlink: 'syz.2.22786': attribute type 1 has an invalid length. [ 1635.976710][T26642] dns_resolver: Unsupported content type (240) [ 1637.044790][T26684] netlink: 8 bytes leftover after parsing attributes in process `syz.0.22823'. [ 1637.300352][T26694] can: request_module (can-proto-0) failed. [ 1637.597931][T26708] netlink: 9 bytes leftover after parsing attributes in process `syz.9.22832'. [ 1637.697806][T26708] 0ªî{X¹¦: entered promiscuous mode [ 1637.703152][T26708] 0ªî{X¹¦: left allmulticast mode [ 1638.740787][T26746] netlink: 8 bytes leftover after parsing attributes in process `syz.0.22852'. [ 1638.751140][T26746] netlink: 12 bytes leftover after parsing attributes in process `syz.0.22852'. [ 1638.762373][T26746] netlink: 16 bytes leftover after parsing attributes in process `syz.0.22852'. [ 1639.058299][ T30] audit: type=1326 audit(1763556981.671:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26760 comm="syz.3.22859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1639.080840][ C1] vkms_vblank_simulate: vblank timer overrun [ 1639.091563][ T30] audit: type=1326 audit(1763556981.671:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26760 comm="syz.3.22859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1639.114082][ C1] vkms_vblank_simulate: vblank timer overrun [ 1639.124458][ T30] audit: type=1326 audit(1763556981.671:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26760 comm="syz.3.22859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1639.146925][ C1] vkms_vblank_simulate: vblank timer overrun [ 1639.179700][ T30] audit: type=1326 audit(1763556981.691:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26760 comm="syz.3.22859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1639.206960][ T30] audit: type=1326 audit(1763556981.691:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26760 comm="syz.3.22859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c59d8f749 code=0x7ffc0000 [ 1639.229483][ C1] vkms_vblank_simulate: vblank timer overrun [ 1639.443764][T26776] netlink: 12 bytes leftover after parsing attributes in process `syz.0.22867'. [ 1639.927478][T26796] netlink: 6 bytes leftover after parsing attributes in process `syz.0.22876'. [ 1639.936883][T26796] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1642.113243][T26901] tipc: Enabled bearer , priority 0 [ 1642.122900][T26892] tipc: Disabling bearer [ 1642.164448][T26905] netlink: 4 bytes leftover after parsing attributes in process `syz.3.22924'. [ 1642.394155][T26904] netlink: 4 bytes leftover after parsing attributes in process `syz.2.22927'. [ 1642.976781][T26945] netlink: 44 bytes leftover after parsing attributes in process `syz.0.22945'. [ 1643.138791][T26956] netlink: 12 bytes leftover after parsing attributes in process `syz.3.22948'. [ 1645.290496][T26989] netlink: 8 bytes leftover after parsing attributes in process `syz.3.22965'. [ 1645.308276][T27049] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1645.327509][T26989] netlink: 8 bytes leftover after parsing attributes in process `syz.3.22965'. [ 1645.356777][T27052] netlink: 20 bytes leftover after parsing attributes in process `syz.2.22992'. [ 1646.122033][T27086] xt_l2tp: wrong L2TP version: 0 [ 1646.370406][T27094] bridge0: port 1(bond0) entered disabled state [ 1646.625464][T25826] usb 8-1: new high-speed USB device number 29 using dummy_hcd [ 1646.708389][T27110] netlink: 8 bytes leftover after parsing attributes in process `syz.9.23021'. [ 1646.775568][T25826] usb 8-1: Using ep0 maxpacket: 16 [ 1646.782668][T25826] usb 8-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf [ 1646.793609][T25826] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1647.232100][T25826] pegasus 8-1:2.0: probe with driver pegasus failed with error -71 [ 1647.249295][T25826] usb 8-1: USB disconnect, device number 29 [ 1647.516904][T27145] ip6gre1: entered promiscuous mode [ 1647.522173][T27145] ip6gre1: entered allmulticast mode [ 1647.529606][ T1116] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1647.537996][ T1116] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1647.559616][ T5950] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1647.595509][ T5950] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1648.448045][ T5950] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1648.891481][ T30] audit: type=1326 audit(1763556991.501:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27206 comm="syz.0.23069" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x0 [ 1649.587594][T27241] syzkaller0: entered promiscuous mode [ 1649.593202][T27241] syzkaller0: entered allmulticast mode [ 1650.119414][T27261] netlink: 16 bytes leftover after parsing attributes in process `syz.2.23095'. [ 1650.768770][T27296] netlink: 4 bytes leftover after parsing attributes in process `syz.2.23107'. [ 1650.787153][T27296] netlink: 12 bytes leftover after parsing attributes in process `syz.2.23107'. [ 1651.645519][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1654.079972][T27436] netlink: 'syz.0.23168': attribute type 1 has an invalid length. [ 1654.121052][T27436] netlink: 28 bytes leftover after parsing attributes in process `syz.0.23168'. [ 1654.138479][T27436] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1654.203628][T27436] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1654.223795][T27436] bond3: (slave geneve4): making interface the new active one [ 1654.232821][T27436] bond3: (slave geneve4): Enslaving as an active interface with an up link [ 1654.242907][ T1116] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0 [ 1654.275754][ T1116] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0 [ 1654.295113][ T1116] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0 [ 1654.318835][ T1116] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0 [ 1654.462281][T27446] netlink: 4 bytes leftover after parsing attributes in process `syz.7.23170'. [ 1656.270314][T27540] syzkaller0: Caught tx_queue_len zero misconfig [ 1656.319489][T27540] netlink: 60 bytes leftover after parsing attributes in process `syz.3.23217'. [ 1658.540962][T27634] syzkaller0: left promiscuous mode [ 1658.556660][T27634] syzkaller0: left allmulticast mode [ 1658.641843][T27641] netlink: 48 bytes leftover after parsing attributes in process `syz.2.23264'. [ 1659.505655][T19596] usb 10-1: new high-speed USB device number 47 using dummy_hcd [ 1659.665768][T19596] usb 10-1: Using ep0 maxpacket: 32 [ 1659.676793][T19596] usb 10-1: config 0 has an invalid interface number: 196 but max is 0 [ 1659.686011][T19596] usb 10-1: config 0 has no interface number 0 [ 1659.695648][T19596] usb 10-1: config 0 interface 196 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 1659.723780][T19596] usb 10-1: config 0 interface 196 has no altsetting 0 [ 1659.741228][T19596] usb 10-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 1659.753078][T19596] usb 10-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1659.762306][T19596] usb 10-1: Product: syz [ 1659.768518][T19596] usb 10-1: Manufacturer: syz [ 1659.773368][T19596] usb 10-1: SerialNumber: syz [ 1659.796477][T19596] usb 10-1: config 0 descriptor?? [ 1659.805440][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1659.997811][T27698] netlink: 12 bytes leftover after parsing attributes in process `syz.0.23291'. [ 1660.033653][T19596] ipheth 10-1:0.196: Unable to find endpoints [ 1660.052431][T19596] usb 10-1: USB disconnect, device number 47 [ 1660.229481][ T30] audit: type=1326 audit(1763557002.841:1516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27705 comm="syz.2.23296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1660.255983][ T30] audit: type=1326 audit(1763557002.861:1517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27705 comm="syz.2.23296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1660.278531][ C1] vkms_vblank_simulate: vblank timer overrun [ 1660.286514][ T30] audit: type=1326 audit(1763557002.881:1518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27705 comm="syz.2.23296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1660.308941][ C1] vkms_vblank_simulate: vblank timer overrun [ 1660.318881][ T30] audit: type=1326 audit(1763557002.881:1519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27705 comm="syz.2.23296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1660.342702][ T30] audit: type=1326 audit(1763557002.881:1520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27705 comm="syz.2.23296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1660.366211][ T30] audit: type=1326 audit(1763557002.881:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27705 comm="syz.2.23296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1660.389237][ T30] audit: type=1326 audit(1763557002.881:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27705 comm="syz.2.23296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1660.411750][ C1] vkms_vblank_simulate: vblank timer overrun [ 1660.426758][ T30] audit: type=1326 audit(1763557002.881:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27705 comm="syz.2.23296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1660.450551][ T30] audit: type=1326 audit(1763557002.881:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27705 comm="syz.2.23296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1660.473470][ T30] audit: type=1326 audit(1763557002.881:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27705 comm="syz.2.23296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1660.495977][ C1] vkms_vblank_simulate: vblank timer overrun [ 1660.558866][T27717] netlink: 'syz.7.23300': attribute type 13 has an invalid length. [ 1661.278050][T27749] random: crng reseeded on system resumption [ 1661.384215][T27753] Context (ID=0x1) not attached to queue pair (handle=0x0:0x2) [ 1662.323861][T27786] netlink: 20 bytes leftover after parsing attributes in process `syz.7.23332'. [ 1662.351387][T27786] netlink: 20 bytes leftover after parsing attributes in process `syz.7.23332'. [ 1662.465350][T32137] usb 4-1: new full-speed USB device number 68 using dummy_hcd [ 1662.619076][T32137] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB3, changing to 0x83 [ 1662.631705][T32137] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 235, setting to 64 [ 1662.645389][T32137] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1662.658838][T32137] usb 4-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 1662.668191][T32137] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1662.677461][T27797] bond0: Caught tx_queue_len zero misconfig [ 1662.680455][T32137] usb 4-1: config 0 descriptor?? [ 1662.693303][T32137] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1662.935099][T32137] usb 4-1: USB disconnect, device number 68 [ 1663.750491][T27831] netlink: 44 bytes leftover after parsing attributes in process `syz.2.23354'. [ 1663.790607][T27831] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23354'. [ 1664.048955][T27845] netdevsim netdevsim3: Direct firmware load for . [ 1664.048955][T27845] failed with error -2 [ 1664.072563][T27850] netlink: 'syz.0.23366': attribute type 1 has an invalid length. [ 1664.094561][T27845] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 1664.094561][T27845] [ 1664.109271][T27850] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1664.332027][T27863] netlink: 268 bytes leftover after parsing attributes in process `syz.9.23369'. [ 1665.482530][T27879] netlink: 32 bytes leftover after parsing attributes in process `syz.2.23376'. [ 1666.353319][T27911] binder: 27909:27911 ioctl c0306201 2000000004c0 returned -22 [ 1666.746963][T27934] tipc: Enabling of bearer rejected, already enabled [ 1666.837495][T27940] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23406'. [ 1667.225882][T25826] usb 4-1: new full-speed USB device number 69 using dummy_hcd [ 1667.388278][T25826] usb 4-1: config 0 has an invalid interface number: 133 but max is 0 [ 1667.396906][T25826] usb 4-1: config 0 has no interface number 0 [ 1667.403239][T25826] usb 4-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1667.418037][T25826] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 1667.427459][T25826] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1667.436401][T25826] usb 4-1: Product: syz [ 1667.440821][T25826] usb 4-1: Manufacturer: syz [ 1667.446110][T25826] usb 4-1: SerialNumber: syz [ 1667.455137][T25826] usb 4-1: config 0 descriptor?? [ 1667.688784][T25826] keyspan 4-1:0.133: Keyspan 1 port adapter converter detected [ 1667.696986][T25826] keyspan 4-1:0.133: unsupported endpoint type 0 [ 1667.705012][T25826] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 81 [ 1667.716174][T25826] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 1 [ 1667.724125][T25826] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 2 [ 1667.734622][T25826] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1667.747574][T25826] usb 4-1: USB disconnect, device number 69 [ 1667.758676][T25826] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1667.770320][T25826] keyspan 4-1:0.133: device disconnected [ 1668.530888][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 1668.530905][ T30] audit: type=1326 audit(1763557011.141:1544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28002 comm="syz.9.23436" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f879cd8f749 code=0x0 [ 1668.604261][T28009] netlink: 12 bytes leftover after parsing attributes in process `syz.0.23441'. [ 1668.619772][T28009] netlink: 12 bytes leftover after parsing attributes in process `syz.0.23441'. [ 1668.629888][T28009] netlink: 12 bytes leftover after parsing attributes in process `syz.0.23441'. [ 1668.771060][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.777593][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.663260][T28031] netlink: 72 bytes leftover after parsing attributes in process `syz.2.23451'. [ 1672.949370][T28128] fuse: Bad value for 'user_id' [ 1672.956334][T28128] fuse: Bad value for 'user_id' [ 1672.962499][T28129] netlink: 12 bytes leftover after parsing attributes in process `syz.2.23493'. [ 1675.641572][ T30] audit: type=1326 audit(1763557018.251:1545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28188 comm="syz.2.23523" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x0 [ 1675.805447][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1675.886574][T28198] netlink: 'syz.3.23526': attribute type 4 has an invalid length. [ 1675.904786][T28198] netlink: 17 bytes leftover after parsing attributes in process `syz.3.23526'. [ 1676.152678][T28205] syzkaller0: entered promiscuous mode [ 1676.173655][T28205] syzkaller0: entered allmulticast mode [ 1676.275171][T28208] syzkaller0: Caught tx_queue_len zero misconfig [ 1676.958508][T28225] netlink: 56 bytes leftover after parsing attributes in process `syz.7.23536'. [ 1677.008154][T28231] netlink: 'syz.3.23538': attribute type 64 has an invalid length. [ 1677.026037][T28231] netlink: 5 bytes leftover after parsing attributes in process `syz.3.23538'. [ 1677.110182][T28231] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1677.321156][T28241] kvm: user requested TSC rate below hardware speed [ 1677.481879][T28247] netlink: 12 bytes leftover after parsing attributes in process `syz.0.23550'. [ 1677.856832][T28262] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23555'. [ 1678.586399][T28294] syzkaller0: entered promiscuous mode [ 1678.603072][T28294] syzkaller0: entered allmulticast mode [ 1680.737392][T28400] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1680.744682][T28400] IPv6: NLM_F_CREATE should be set when creating new route [ 1680.810122][T28402] lo: entered allmulticast mode [ 1680.823603][T28402] tunl0: entered allmulticast mode [ 1680.845007][T28402] gre0: entered allmulticast mode [ 1680.867436][T28402] gretap0: entered allmulticast mode [ 1680.880444][T28402] erspan0: entered allmulticast mode [ 1680.919495][T28402] ip_vti0: entered allmulticast mode [ 1680.963003][T28402] ip6_vti0: entered allmulticast mode [ 1680.998495][T28402] sit0: entered allmulticast mode [ 1681.034742][T28402] ip6tnl0: entered allmulticast mode [ 1681.049135][T28402] ip6gre0: entered allmulticast mode [ 1681.063419][T28402] vcan0: entered allmulticast mode [ 1681.071230][T28402] bond0: entered allmulticast mode [ 1681.077789][T28402] bond_slave_0: entered allmulticast mode [ 1681.083627][T28402] @0Ù: entered allmulticast mode [ 1681.093043][T28402] dummy0: entered allmulticast mode [ 1681.103241][T28402] caif0: entered allmulticast mode [ 1681.109049][T28402] batadv0: entered allmulticast mode [ 1681.114616][T28402] vxcan0: entered allmulticast mode [ 1681.121498][T28402] vxcan1: entered allmulticast mode [ 1681.127654][T28402] veth0: entered allmulticast mode [ 1681.133460][T28402] veth1: entered allmulticast mode [ 1681.142904][T28402] wg0: entered allmulticast mode [ 1681.149142][T28402] wg1: entered allmulticast mode [ 1681.154443][T28402] wg2: entered allmulticast mode [ 1681.160364][T28402] veth0_to_bridge: entered allmulticast mode [ 1681.171358][T28402] bridge_slave_0: entered allmulticast mode [ 1681.178858][T28402] veth1_to_bridge: entered allmulticast mode [ 1681.185118][T28402] bridge_slave_1: entered allmulticast mode [ 1681.191873][T28402] veth0_to_bond: entered allmulticast mode [ 1681.198577][T28402] veth1_to_bond: entered allmulticast mode [ 1681.208736][T28402] veth0_to_team: entered allmulticast mode [ 1681.215023][T28402] team_slave_0: entered allmulticast mode [ 1681.222678][T28402] veth1_to_team: entered allmulticast mode [ 1681.243805][T28402] team_slave_1: entered allmulticast mode [ 1681.259511][T28402] veth0_to_batadv: entered allmulticast mode [ 1681.273071][T28402] batadv_slave_0: entered allmulticast mode [ 1681.289687][T28402] veth1_to_batadv: entered allmulticast mode [ 1681.303132][T28402] batadv_slave_1: entered allmulticast mode [ 1681.309506][T28402] xfrm0: entered allmulticast mode [ 1681.315110][T28402] veth0_to_hsr: entered allmulticast mode [ 1681.335827][T28402] hsr_slave_0: entered allmulticast mode [ 1681.341863][T28402] veth1_to_hsr: entered allmulticast mode [ 1681.348726][T28402] hsr_slave_1: entered allmulticast mode [ 1681.354771][T28402] hsr0: entered allmulticast mode [ 1681.362838][T28402] veth1_virt_wifi: entered allmulticast mode [ 1681.369282][T28402] veth0_virt_wifi: entered allmulticast mode [ 1681.380850][T28402] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 1681.399899][T28402] veth1_vlan: entered allmulticast mode [ 1681.410033][T28402] veth0_vlan: entered allmulticast mode [ 1681.444819][T28402] @: entered allmulticast mode [ 1681.460662][T28402] vlan1: entered allmulticast mode [ 1681.477589][T28402] macvlan0: entered allmulticast mode [ 1681.491731][T28402] macvlan1: entered allmulticast mode [ 1681.498302][T28402] ipvlan0: entered allmulticast mode [ 1681.503991][T28402] ipvlan1: entered allmulticast mode [ 1681.510035][T28402] veth1_macvtap: entered allmulticast mode [ 1681.516596][T28402] veth0_macvtap: entered allmulticast mode [ 1681.522723][T28402] macsec0: entered allmulticast mode [ 1681.528531][T28402] geneve0: entered allmulticast mode [ 1681.528869][T28423] netlink: 232 bytes leftover after parsing attributes in process `syz.2.23630'. [ 1681.534278][T28402] geneve1: entered allmulticast mode [ 1681.549673][T28402] netdevsim netdevsim7 netdevsim0: entered allmulticast mode [ 1681.557910][T28402] netdevsim netdevsim7 netdevsim1: entered allmulticast mode [ 1681.567727][T28402] netdevsim netdevsim7 netdevsim2: entered allmulticast mode [ 1681.576502][T28402] netdevsim netdevsim7 netdevsim3: entered allmulticast mode [ 1681.632025][T28402] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode [ 1681.642487][T28402] bridge1: entered allmulticast mode [ 1681.648334][T28402] bridge2: entered allmulticast mode [ 1681.654126][T28402] bridge3: entered allmulticast mode [ 1681.660161][T28402] veth2: entered allmulticast mode [ 1681.666146][T28402] veth3: entered allmulticast mode [ 1681.672526][T28402] syztnl1: entered allmulticast mode [ 1681.687795][T28402] bond1: entered allmulticast mode [ 1681.693229][T28402] M: entered allmulticast mode [ 1681.700578][T28402] vxcan2: entered allmulticast mode [ 1681.706382][T28402] vxcan3: entered allmulticast mode [ 1681.712278][T28402] batman_adv: batadv0: Interface deactivated: gretap1 [ 1681.720550][T28402] gretap1: entered allmulticast mode [ 1681.729870][T28402] vxcan4: entered allmulticast mode [ 1681.736405][T28402] bridge5: entered allmulticast mode [ 1681.744135][T28402] vlan2: left promiscuous mode [ 1681.749935][T28402] bridge0: left promiscuous mode [ 1681.755576][T28402] vlan2: entered allmulticast mode [ 1681.760878][T28402] tap0: entered allmulticast mode [ 1681.766740][T28402] : entered allmulticast mode [ 1681.772473][T28402] bridge6: entered allmulticast mode [ 1681.780156][T28402] bond2: entered allmulticast mode [ 1681.786704][T28402] sit1: entered allmulticast mode [ 1681.793109][T28402] syztnl0: entered allmulticast mode [ 1681.798857][T28402] syztnl2: entered allmulticast mode [ 1681.804481][T28402] veth4: entered allmulticast mode [ 1681.812027][T28402] veth5: entered allmulticast mode [ 1681.817956][T28402] ): entered allmulticast mode [ 1681.823214][T28402] bond3: entered allmulticast mode [ 1681.830510][T28402] syzkaller0: left promiscuous mode [ 1681.839417][T28402] gre1: entered allmulticast mode [ 1681.854209][T28402] tap1: entered allmulticast mode [ 1681.867197][T28402] bond4: entered allmulticast mode [ 1682.827153][T28465] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.23650'. [ 1683.020669][T28476] netlink: 92 bytes leftover after parsing attributes in process `syz.0.23656'. [ 1683.821267][T28506] netlink: 4 bytes leftover after parsing attributes in process `syz.7.23669'. [ 1683.870763][T28509] binder: 28507:28509 ioctl c018620c 0 returned -14 [ 1685.264922][T28583] netlink: 16 bytes leftover after parsing attributes in process `syz.0.23706'. [ 1685.274411][T28583] openvswitch: netlink: Flow actions attr not present in new flow. [ 1685.475529][T28589] netlink: 'syz.2.23709': attribute type 16 has an invalid length. [ 1685.483655][T28589] netlink: 63874 bytes leftover after parsing attributes in process `syz.2.23709'. [ 1685.754430][T28597] random: crng reseeded on system resumption [ 1687.545892][T28646] netlink: 44 bytes leftover after parsing attributes in process `syz.7.23733'. [ 1687.576067][T28646] netlink: 32 bytes leftover after parsing attributes in process `syz.7.23733'. [ 1689.335146][T28743] netlink: 'syz.0.23784': attribute type 13 has an invalid length. [ 1690.425003][T28796] netlink: 'syz.9.23809': attribute type 4 has an invalid length. [ 1690.433192][T28796] netlink: 17 bytes leftover after parsing attributes in process `syz.9.23809'. [ 1691.384479][T28837] netlink: 'syz.2.23828': attribute type 13 has an invalid length. [ 1691.756075][T28858] random: crng reseeded on system resumption [ 1691.793009][T28860] netlink: 84 bytes leftover after parsing attributes in process `syz.0.23840'. [ 1691.806146][T28860] netlink: 24 bytes leftover after parsing attributes in process `syz.0.23840'. [ 1692.295446][T28881] netlink: 'syz.3.23846': attribute type 13 has an invalid length. [ 1692.583066][T28901] netlink: 44 bytes leftover after parsing attributes in process `syz.0.23858'. [ 1692.593016][T28901] netlink: 43 bytes leftover after parsing attributes in process `syz.0.23858'. [ 1692.608448][T28901] netlink: 'syz.0.23858': attribute type 5 has an invalid length. [ 1692.616697][T28901] netlink: 43 bytes leftover after parsing attributes in process `syz.0.23858'. [ 1693.052991][T28908] syzkaller0: Caught tx_queue_len zero misconfig [ 1697.462079][T29132] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23967'. [ 1697.714103][T29143] netlink: 24 bytes leftover after parsing attributes in process `syz.0.23974'. [ 1697.932096][T29154] sch_tbf: burst 2 is lower than device lo mtu (18) ! [ 1697.998459][T29157] sch_tbf: burst 2 is lower than device lo mtu (18) ! [ 1698.021351][T29157] sch_tbf: burst 2 is lower than device lo mtu (18) ! [ 1698.053175][T29159] netlink: 'syz.2.23980': attribute type 4 has an invalid length. [ 1698.085345][T29159] netlink: 'syz.2.23980': attribute type 5 has an invalid length. [ 1698.190210][T29159] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.23980'. [ 1699.695816][T19596] usb 4-1: new full-speed USB device number 70 using dummy_hcd [ 1699.860629][T19596] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1699.878564][T19596] usb 4-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 1699.889210][T19596] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1699.909545][T19596] usb 4-1: config 0 descriptor?? [ 1699.916763][T29238] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1700.145007][T19596] usbhid 4-1:0.0: can't add hid device: -71 [ 1700.152942][T19596] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1700.166310][T19596] usb 4-1: USB disconnect, device number 70 [ 1700.575842][T29287] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1701.658161][T29338] netlink: 4096 bytes leftover after parsing attributes in process `syz.0.24070'. [ 1702.069858][ T30] audit: type=1326 audit(1763557044.681:1546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29356 comm="syz.0.24080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1702.098159][ T30] audit: type=1326 audit(1763557044.681:1547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29356 comm="syz.0.24080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1702.122572][ T30] audit: type=1326 audit(1763557044.681:1548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29356 comm="syz.0.24080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1702.147429][ T30] audit: type=1326 audit(1763557044.681:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29356 comm="syz.0.24080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1702.171526][ T30] audit: type=1326 audit(1763557044.681:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29356 comm="syz.0.24080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083618f749 code=0x7ffc0000 [ 1704.219257][T25826] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 1704.375893][T25826] usb 3-1: Using ep0 maxpacket: 16 [ 1704.383030][T25826] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1704.397100][T25826] usb 3-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 1704.406499][T25826] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1704.418102][T25826] usb 3-1: config 0 descriptor?? [ 1704.494496][T29459] binder: 29456:29459 ioctl 40046205 0 returned -22 [ 1704.640973][T25826] usbhid 3-1:0.0: can't add hid device: -71 [ 1704.648371][T25826] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1704.660829][T25826] usb 3-1: USB disconnect, device number 56 [ 1704.968571][T29482] netlink: 'syz.9.24136': attribute type 17 has an invalid length. [ 1705.342627][T29496] netlink: 'syz.9.24145': attribute type 13 has an invalid length. [ 1705.437375][T29502] netlink: 'syz.2.24147': attribute type 4 has an invalid length. [ 1705.584240][T29508] netlink: 8 bytes leftover after parsing attributes in process `syz.9.24149'. [ 1706.039009][T29530] netlink: 12 bytes leftover after parsing attributes in process `syz.2.24161'. [ 1706.265674][T25826] usb 10-1: new full-speed USB device number 48 using dummy_hcd [ 1706.288722][T29540] netlink: 'syz.2.24166': attribute type 13 has an invalid length. [ 1706.328977][ T5950] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1706.352891][T29544] netlink: 12 bytes leftover after parsing attributes in process `syz.7.24168'. [ 1706.428024][T25826] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1706.440123][T25826] usb 10-1: New USB device found, idVendor=056a, idProduct=032f, bcdDevice= 0.00 [ 1706.450901][T25826] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1706.462409][T25826] usb 10-1: config 0 descriptor?? [ 1706.468796][T29527] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22 [ 1706.484543][T29548] netlink: 8 bytes leftover after parsing attributes in process `syz.2.24170'. [ 1706.692555][T25826] usbhid 10-1:0.0: can't add hid device: -71 [ 1706.699441][T25826] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 1706.710165][T25826] usb 10-1: USB disconnect, device number 48 [ 1706.942997][T29568] trusted_key: encrypted_key: master key parameter '' is invalid [ 1706.965535][ T5950] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1708.446001][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1709.709092][T29663] syzkaller0: entered promiscuous mode [ 1710.903122][T29711] netlink: 12 bytes leftover after parsing attributes in process `syz.7.24246'. [ 1711.580801][T29745] netlink: 12 bytes leftover after parsing attributes in process `syz.0.24262'. [ 1713.080362][T29821] futex_wake_op: syz.2.24297 tries to shift op by 32; fix this program [ 1713.284095][T29833] netlink: 'syz.0.24303': attribute type 12 has an invalid length. [ 1713.743788][T29848] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1713.876291][T29848] kvm: pic: non byte read [ 1713.881061][T29848] kvm: pic: level sensitive irq not supported [ 1713.881124][T29848] kvm: pic: non byte read [ 1713.919535][T29848] kvm: pic: level sensitive irq not supported [ 1713.919738][T29848] kvm: pic: non byte read [ 1713.952861][T29848] kvm: pic: level sensitive irq not supported [ 1713.952934][T29848] kvm: pic: non byte read [ 1713.998484][T29848] kvm: pic: level sensitive irq not supported [ 1713.998596][T29848] kvm: pic: non byte read [ 1714.012620][T29848] kvm: pic: level sensitive irq not supported [ 1714.012686][T29848] kvm: pic: non byte read [ 1714.025027][T29848] kvm: pic: level sensitive irq not supported [ 1714.025093][T29848] kvm: pic: non byte read [ 1714.038328][T29848] kvm: pic: level sensitive irq not supported [ 1714.038728][T29848] kvm: pic: non byte read [ 1714.050771][T29848] kvm: pic: level sensitive irq not supported [ 1714.050842][T29848] kvm: pic: non byte read [ 1714.063500][T29867] sit0: left allmulticast mode [ 1714.081864][T29867] netlink: 'syz.0.24319': attribute type 1 has an invalid length. [ 1714.091174][T29867] netlink: 1 bytes leftover after parsing attributes in process `syz.0.24319'. [ 1714.101159][T29848] kvm: pic: level sensitive irq not supported [ 1714.101239][T29848] kvm: pic: non byte read [ 1714.112693][T29848] kvm: pic: level sensitive irq not supported [ 1715.471986][T29900] netlink: 'syz.0.24332': attribute type 4 has an invalid length. [ 1715.615613][ T5950] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 1715.771309][ T5950] usb 3-1: Using ep0 maxpacket: 16 [ 1715.781025][ T5950] usb 3-1: New USB device found, idVendor=0c45, idProduct=800a, bcdDevice=db.47 [ 1715.794789][ T5950] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1715.813782][ T5950] usb 3-1: Product: syz [ 1715.818208][ T5950] usb 3-1: Manufacturer: syz [ 1715.822824][ T5950] usb 3-1: SerialNumber: syz [ 1715.838339][ T5950] usb 3-1: config 0 descriptor?? [ 1715.851693][ T5950] gspca_main: sn9c2028-2.14.0 probing 0c45:800a [ 1715.910707][T29914] netlink: 8 bytes leftover after parsing attributes in process `syz.9.24338'. [ 1715.920536][T29914] netlink: 12 bytes leftover after parsing attributes in process `syz.9.24338'. [ 1715.930776][T29914] netlink: 16 bytes leftover after parsing attributes in process `syz.9.24338'. [ 1716.075004][ T5950] gspca_sn9c2028: read1 error -32 [ 1716.499365][T32137] usb 3-1: USB disconnect, device number 57 [ 1717.143220][ T30] audit: type=1326 audit(1763557059.751:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29963 comm="syz.7.24361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1717.168269][ T30] audit: type=1326 audit(1763557059.751:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29963 comm="syz.7.24361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1717.200662][ T30] audit: type=1326 audit(1763557059.811:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29963 comm="syz.7.24361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1717.223486][ T30] audit: type=1326 audit(1763557059.811:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29963 comm="syz.7.24361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1717.247792][ T30] audit: type=1326 audit(1763557059.811:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29963 comm="syz.7.24361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5372d8f749 code=0x7ffc0000 [ 1717.491937][T29980] netlink: 'syz.2.24370': attribute type 11 has an invalid length. [ 1718.828188][T30050] netlink: 'syz.3.24402': attribute type 2 has an invalid length. [ 1719.032603][ T30] audit: type=1800 audit(1763557061.641:1556): pid=30023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.24385" name="/" dev="fuse" ino=3 res=0 errno=0 [ 1719.066687][T30055] netlink: 44 bytes leftover after parsing attributes in process `syz.0.24405'. [ 1719.076777][T30055] netlink: 43 bytes leftover after parsing attributes in process `syz.0.24405'. [ 1719.085976][T30055] netlink: 'syz.0.24405': attribute type 5 has an invalid length. [ 1719.093890][T30055] netlink: 43 bytes leftover after parsing attributes in process `syz.0.24405'. [ 1719.557109][T30076] netlink: 8 bytes leftover after parsing attributes in process `syz.7.24413'. [ 1719.715093][T30092] netlink: 16 bytes leftover after parsing attributes in process `syz.0.24420'. [ 1719.759742][T30076] netlink: 12 bytes leftover after parsing attributes in process `syz.7.24413'. [ 1719.760744][T30075] netlink: 8 bytes leftover after parsing attributes in process `syz.9.24412'. [ 1719.997616][T30102] netlink: 'syz.0.24423': attribute type 4 has an invalid length. [ 1720.005852][T30102] netlink: 'syz.0.24423': attribute type 5 has an invalid length. [ 1720.813460][T30142] netlink: 'syz.0.24440': attribute type 13 has an invalid length. [ 1720.947714][ T5950] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1721.116000][T25826] usb 4-1: new full-speed USB device number 71 using dummy_hcd [ 1721.287292][T25826] usb 4-1: config 0 has an invalid interface number: 231 but max is 0 [ 1721.305527][T25826] usb 4-1: config 0 has no interface number 0 [ 1721.305688][ T5950] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1721.311978][T25826] usb 4-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1721.355883][T25826] usb 4-1: config 0 interface 231 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1721.375110][T25826] usb 4-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 1721.385159][T25826] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1721.393831][T25826] usb 4-1: Product: syz [ 1721.398888][T25826] usb 4-1: Manufacturer: syz [ 1721.403668][T25826] usb 4-1: SerialNumber: syz [ 1721.413299][T25826] usb 4-1: config 0 descriptor?? [ 1721.419996][T30144] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1721.506808][T25826] plusb 4-1:0.231: probe with driver plusb failed with error -22 [ 1721.588247][T30167] batadv_slave_1: entered promiscuous mode [ 1721.597598][T30166] batadv_slave_1: left promiscuous mode [ 1721.902431][ T5950] usb 4-1: USB disconnect, device number 71 [ 1721.958382][ T30] audit: type=1326 audit(1763557064.571:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30178 comm="syz.2.24456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1722.026928][ T30] audit: type=1326 audit(1763557064.571:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30178 comm="syz.2.24456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1722.060690][T30185] xt_hashlimit: max too large, truncated to 1048576 [ 1722.089812][ T30] audit: type=1326 audit(1763557064.611:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30178 comm="syz.2.24456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1722.112922][T30185] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 1722.127130][ T30] audit: type=1326 audit(1763557064.611:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30178 comm="syz.2.24456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1722.158312][ T30] audit: type=1326 audit(1763557064.611:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30178 comm="syz.2.24456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3026d8f749 code=0x7ffc0000 [ 1722.318547][T30191] __nla_validate_parse: 2 callbacks suppressed [ 1722.318569][T30191] netlink: 24 bytes leftover after parsing attributes in process `syz.0.24464'. [ 1722.371387][T30191] netlink: 4 bytes leftover after parsing attributes in process `syz.0.24464'. [ 1722.985694][T25826] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 1723.178099][T25826] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1723.189676][T25826] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1723.200771][T25826] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1723.210863][T25826] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1723.223952][T25826] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1723.233130][T25826] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1723.244283][T25826] usb 4-1: config 0 descriptor?? [ 1723.704119][T25826] plantronics 0003:047F:FFFF.0062: unknown main item tag 0x0 [ 1723.713000][T25826] plantronics 0003:047F:FFFF.0062: unknown main item tag 0x0 [ 1723.723176][T25826] plantronics 0003:047F:FFFF.0062: unknown main item tag 0x0 [ 1723.733238][T25826] plantronics 0003:047F:FFFF.0062: unknown main item tag 0x0 [ 1723.741120][T25826] plantronics 0003:047F:FFFF.0062: unknown main item tag 0x0 [ 1723.766628][T25826] plantronics 0003:047F:FFFF.0062: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1724.108370][T19596] usb 4-1: USB disconnect, device number 72 [ 1725.470149][T30300] netlink: 'syz.9.24509': attribute type 13 has an invalid length. [ 1725.779712][T30318] netlink: 12 bytes leftover after parsing attributes in process `syz.7.24519'. [ 1726.621268][T30358] netlink: 36 bytes leftover after parsing attributes in process `syz.2.24538'. [ 1727.013122][T30379] netlink: 'syz.3.24548': attribute type 11 has an invalid length. [ 1727.349879][T30396] netlink: 100 bytes leftover after parsing attributes in process `syz.7.24559'. [ 1727.541953][T30405] netlink: 182 bytes leftover after parsing attributes in process `syz.9.24564'. [ 1727.583050][T30409] netlink: 304 bytes leftover after parsing attributes in process `syz.7.24563'. [ 1729.394892][T30467] [ 1729.397261][T30467] ===================================================== [ 1729.404193][T30467] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1729.411664][T30467] syzkaller #0 Not tainted [ 1729.416083][T30467] ----------------------------------------------------- [ 1729.423012][T30467] syz.2.24569/30467 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1729.430818][T30467] ffff88807733ac90 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1729.439552][T30467] [ 1729.439552][T30467] and this task is already holding: [ 1729.446903][T30467] ffff888028ddd468 (&tty->flow.lock){....}-{3:3}, at: start_tty+0x20/0x70 [ 1729.455433][T30467] which would create a new lock dependency: [ 1729.461304][T30467] (&tty->flow.lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1729.468961][T30467] [ 1729.468961][T30467] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1729.478395][T30467] (kbd_event_lock){..-.}-{3:3} [ 1729.478420][T30467] [ 1729.478420][T30467] ... which became SOFTIRQ-irq-safe at: [ 1729.490934][T30467] lock_acquire+0x120/0x360 [ 1729.495516][T30467] _raw_spin_lock+0x2e/0x40 [ 1729.500107][T30467] kbd_event+0xd2/0x3f70 [ 1729.504431][T30467] input_handle_events_default+0xd4/0x1a0 [ 1729.510231][T30467] input_pass_values+0x288/0x890 [ 1729.515252][T30467] input_event_dispose+0x3e5/0x6b0 [ 1729.520437][T30467] input_event+0x89/0xe0 [ 1729.524751][T30467] hidinput_hid_event+0x145e/0x1dd0 [ 1729.530033][T30467] hid_process_event+0x4be/0x620 [ 1729.535054][T30467] hid_report_raw_event+0xe91/0x16d0 [ 1729.540417][T30467] hid_input_report+0x43e/0x520 [ 1729.545349][T30467] hid_irq_in+0x47e/0x6d0 [ 1729.549760][T30467] __usb_hcd_giveback_urb+0x376/0x540 [ 1729.555211][T30467] dummy_timer+0x85f/0x44c0 [ 1729.559794][T30467] __hrtimer_run_queues+0x52c/0xc60 [ 1729.565159][T30467] hrtimer_run_softirq+0x187/0x2b0 [ 1729.570350][T30467] handle_softirqs+0x286/0x870 [ 1729.575191][T30467] __irq_exit_rcu+0xca/0x1f0 [ 1729.579857][T30467] irq_exit_rcu+0x9/0x30 [ 1729.584173][T30467] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1729.589889][T30467] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1729.595947][T30467] __sanitizer_cov_trace_pc+0x8/0x70 [ 1729.601316][T30467] folio_try_get+0x168/0x340 [ 1729.605982][T30467] next_uptodate_folio+0xcb/0x5d0 [ 1729.611083][T30467] filemap_map_pages+0x1379/0x1e20 [ 1729.616269][T30467] __handle_mm_fault+0x347e/0x5400 [ 1729.621462][T30467] handle_mm_fault+0x40a/0x8e0 [ 1729.626306][T30467] __get_user_pages+0x165c/0x2a00 [ 1729.631408][T30467] populate_vma_page_range+0x29f/0x3a0 [ 1729.636949][T30467] __mm_populate+0x24c/0x380 [ 1729.641616][T30467] vm_mmap_pgoff+0x387/0x4d0 [ 1729.646287][T30467] do_syscall_64+0xfa/0xfa0 [ 1729.650877][T30467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1729.656850][T30467] [ 1729.656850][T30467] to a SOFTIRQ-irq-unsafe lock: [ 1729.663853][T30467] (tasklist_lock){.+.+}-{3:3} [ 1729.663880][T30467] [ 1729.663880][T30467] ... which became SOFTIRQ-irq-unsafe at: [ 1729.676485][T30467] ... [ 1729.676493][T30467] lock_acquire+0x120/0x360 [ 1729.683641][T30467] _raw_read_lock+0x36/0x50 [ 1729.688225][T30467] __do_wait+0xde/0x740 [ 1729.692471][T30467] do_wait+0x1f8/0x510 [ 1729.696710][T30467] kernel_wait+0xab/0x170 [ 1729.701125][T30467] call_usermodehelper_exec_work+0xbe/0x230 [ 1729.707094][T30467] process_scheduled_works+0xae1/0x17b0 [ 1729.712715][T30467] worker_thread+0x8a0/0xda0 [ 1729.717384][T30467] kthread+0x711/0x8a0 [ 1729.721535][T30467] ret_from_fork+0x4bc/0x870 [ 1729.726211][T30467] ret_from_fork_asm+0x1a/0x30 [ 1729.731050][T30467] [ 1729.731050][T30467] other info that might help us debug this: [ 1729.731050][T30467] [ 1729.741266][T30467] Chain exists of: [ 1729.741266][T30467] kbd_event_lock --> &tty->flow.lock --> tasklist_lock [ 1729.741266][T30467] [ 1729.754038][T30467] Possible interrupt unsafe locking scenario: [ 1729.754038][T30467] [ 1729.762344][T30467] CPU0 CPU1 [ 1729.767695][T30467] ---- ---- [ 1729.773057][T30467] lock(tasklist_lock); [ 1729.777293][T30467] local_irq_disable(); [ 1729.784033][T30467] lock(kbd_event_lock); [ 1729.790873][T30467] lock(&tty->flow.lock); [ 1729.797798][T30467] [ 1729.801239][T30467] lock(kbd_event_lock); [ 1729.805733][T30467] [ 1729.805733][T30467] *** DEADLOCK *** [ 1729.805733][T30467] [ 1729.813862][T30467] 6 locks held by syz.2.24569/30467: [ 1729.819129][T30467] #0: ffff888028ddd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1729.828879][T30467] #1: ffff888028ddd2e8 (&tty->termios_rwsem/1){++++}-{4:4}, at: tty_set_termios+0x138/0x17e0 [ 1729.839150][T30467] #2: ffff888028ddd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1729.848470][T30467] #3: ffff888028ddd468 (&tty->flow.lock){....}-{3:3}, at: start_tty+0x20/0x70 [ 1729.857438][T30467] #4: ffff888028ddd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1729.867099][T30467] #5: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1729.876148][T30467] [ 1729.876148][T30467] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1729.886538][T30467] -> (kbd_event_lock){..-.}-{3:3} { [ 1729.891830][T30467] IN-SOFTIRQ-W at: [ 1729.895885][T30467] lock_acquire+0x120/0x360 [ 1729.902201][T30467] _raw_spin_lock+0x2e/0x40 [ 1729.908522][T30467] kbd_event+0xd2/0x3f70 [ 1729.914585][T30467] input_handle_events_default+0xd4/0x1a0 [ 1729.922120][T30467] input_pass_values+0x288/0x890 [ 1729.928875][T30467] input_event_dispose+0x3e5/0x6b0 [ 1729.935796][T30467] input_event+0x89/0xe0 [ 1729.941848][T30467] hidinput_hid_event+0x145e/0x1dd0 [ 1729.948866][T30467] hid_process_event+0x4be/0x620 [ 1729.955636][T30467] hid_report_raw_event+0xe91/0x16d0 [ 1729.962741][T30467] hid_input_report+0x43e/0x520 [ 1729.969412][T30467] hid_irq_in+0x47e/0x6d0 [ 1729.975551][T30467] __usb_hcd_giveback_urb+0x376/0x540 [ 1729.982739][T30467] dummy_timer+0x85f/0x44c0 [ 1729.989054][T30467] __hrtimer_run_queues+0x52c/0xc60 [ 1729.996071][T30467] hrtimer_run_softirq+0x187/0x2b0 [ 1730.002994][T30467] handle_softirqs+0x286/0x870 [ 1730.009572][T30467] __irq_exit_rcu+0xca/0x1f0 [ 1730.015987][T30467] irq_exit_rcu+0x9/0x30 [ 1730.022041][T30467] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1730.029499][T30467] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1730.037294][T30467] __sanitizer_cov_trace_pc+0x8/0x70 [ 1730.044411][T30467] folio_try_get+0x168/0x340 [ 1730.050831][T30467] next_uptodate_folio+0xcb/0x5d0 [ 1730.057766][T30467] filemap_map_pages+0x1379/0x1e20 [ 1730.064699][T30467] __handle_mm_fault+0x347e/0x5400 [ 1730.071635][T30467] handle_mm_fault+0x40a/0x8e0 [ 1730.078218][T30467] __get_user_pages+0x165c/0x2a00 [ 1730.085064][T30467] populate_vma_page_range+0x29f/0x3a0 [ 1730.092342][T30467] __mm_populate+0x24c/0x380 [ 1730.098750][T30467] vm_mmap_pgoff+0x387/0x4d0 [ 1730.105155][T30467] do_syscall_64+0xfa/0xfa0 [ 1730.111484][T30467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1730.119192][T30467] INITIAL USE at: [ 1730.123161][T30467] lock_acquire+0x120/0x360 [ 1730.129394][T30467] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1730.136322][T30467] vt_reset_unicode+0x2b/0x160 [ 1730.142832][T30467] reset_vc+0x68/0x1b0 [ 1730.148645][T30467] vc_init+0x70/0x4a0 [ 1730.154362][T30467] con_init+0x385/0x9c0 [ 1730.160257][T30467] console_init+0x10e/0x430 [ 1730.166499][T30467] start_kernel+0x254/0x410 [ 1730.172728][T30467] x86_64_start_reservations+0x24/0x30 [ 1730.180008][T30467] x86_64_start_kernel+0x143/0x1c0 [ 1730.186849][T30467] common_startup_64+0x13e/0x147 [ 1730.193522][T30467] } [ 1730.196098][T30467] ... key at: [] kbd_event_lock+0x18/0xa0 [ 1730.204079][T30467] -> (&tty->flow.lock){....}-{3:3} { [ 1730.209385][T30467] INITIAL USE at: [ 1730.213271][T30467] lock_acquire+0x120/0x360 [ 1730.219325][T30467] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1730.226084][T30467] start_tty+0x20/0x70 [ 1730.231706][T30467] n_tty_set_termios+0xa7c/0x1090 [ 1730.238303][T30467] tty_set_termios+0xda4/0x17e0 [ 1730.244723][T30467] set_termios+0x516/0x6c0 [ 1730.250704][T30467] tty_mode_ioctl+0x47e/0x740 [ 1730.256944][T30467] tty_ioctl+0x9c6/0xde0 [ 1730.262748][T30467] __se_sys_ioctl+0xfc/0x170 [ 1730.268896][T30467] do_syscall_64+0xfa/0xfa0 [ 1730.274961][T30467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1730.282411][T30467] } [ 1730.284894][T30467] ... key at: [] alloc_tty_struct.__key.35+0x0/0x20 [ 1730.293571][T30467] ... acquired at: [ 1730.297360][T30467] lock_acquire+0x120/0x360 [ 1730.302027][T30467] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1730.307391][T30467] stop_tty+0x2f/0x150 [ 1730.311625][T30467] kbd_event+0x2b72/0x3f70 [ 1730.316211][T30467] input_handle_events_default+0xd4/0x1a0 [ 1730.322106][T30467] input_pass_values+0x288/0x890 [ 1730.327208][T30467] input_event_dispose+0x330/0x6b0 [ 1730.332484][T30467] input_inject_event+0x1dd/0x340 [ 1730.337668][T30467] evdev_write+0x2fc/0x480 [ 1730.342250][T30467] vfs_write+0x27e/0xb30 [ 1730.346664][T30467] ksys_write+0x145/0x250 [ 1730.351245][T30467] do_syscall_64+0xfa/0xfa0 [ 1730.355924][T30467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1730.361976][T30467] [ 1730.364286][T30467] [ 1730.364286][T30467] the dependencies between the lock to be acquired [ 1730.364295][T30467] and SOFTIRQ-irq-unsafe lock: [ 1730.377774][T30467] -> (tasklist_lock){.+.+}-{3:3} { [ 1730.383069][T30467] HARDIRQ-ON-R at: [ 1730.387210][T30467] lock_acquire+0x120/0x360 [ 1730.393701][T30467] _raw_read_lock+0x36/0x50 [ 1730.400208][T30467] __do_wait+0xde/0x740 [ 1730.406374][T30467] do_wait+0x1f8/0x510 [ 1730.412437][T30467] kernel_wait+0xab/0x170 [ 1730.418763][T30467] call_usermodehelper_exec_work+0xbe/0x230 [ 1730.426646][T30467] process_scheduled_works+0xae1/0x17b0 [ 1730.434184][T30467] worker_thread+0x8a0/0xda0 [ 1730.440764][T30467] kthread+0x711/0x8a0 [ 1730.446824][T30467] ret_from_fork+0x4bc/0x870 [ 1730.453414][T30467] ret_from_fork_asm+0x1a/0x30 [ 1730.460162][T30467] SOFTIRQ-ON-R at: [ 1730.464328][T30467] lock_acquire+0x120/0x360 [ 1730.470818][T30467] _raw_read_lock+0x36/0x50 [ 1730.477313][T30467] __do_wait+0xde/0x740 [ 1730.483462][T30467] do_wait+0x1f8/0x510 [ 1730.489523][T30467] kernel_wait+0xab/0x170 [ 1730.495848][T30467] call_usermodehelper_exec_work+0xbe/0x230 [ 1730.503747][T30467] process_scheduled_works+0xae1/0x17b0 [ 1730.511303][T30467] worker_thread+0x8a0/0xda0 [ 1730.517898][T30467] kthread+0x711/0x8a0 [ 1730.523956][T30467] ret_from_fork+0x4bc/0x870 [ 1730.530536][T30467] ret_from_fork_asm+0x1a/0x30 [ 1730.537287][T30467] INITIAL USE at: [ 1730.541345][T30467] lock_acquire+0x120/0x360 [ 1730.547745][T30467] _raw_write_lock_irq+0xa2/0xf0 [ 1730.554591][T30467] copy_process+0x224f/0x3c00 [ 1730.561174][T30467] kernel_clone+0x21e/0x840 [ 1730.567593][T30467] user_mode_thread+0xdd/0x140 [ 1730.574258][T30467] rest_init+0x23/0x300 [ 1730.580318][T30467] start_kernel+0x3ae/0x410 [ 1730.586724][T30467] x86_64_start_reservations+0x24/0x30 [ 1730.594089][T30467] x86_64_start_kernel+0x143/0x1c0 [ 1730.601115][T30467] common_startup_64+0x13e/0x147 [ 1730.607966][T30467] INITIAL READ USE at: [ 1730.612462][T30467] lock_acquire+0x120/0x360 [ 1730.619298][T30467] _raw_read_lock+0x36/0x50 [ 1730.626140][T30467] __do_wait+0xde/0x740 [ 1730.632635][T30467] do_wait+0x1f8/0x510 [ 1730.639042][T30467] kernel_wait+0xab/0x170 [ 1730.645725][T30467] call_usermodehelper_exec_work+0xbe/0x230 [ 1730.653955][T30467] process_scheduled_works+0xae1/0x17b0 [ 1730.661838][T30467] worker_thread+0x8a0/0xda0 [ 1730.668774][T30467] kthread+0x711/0x8a0 [ 1730.675179][T30467] ret_from_fork+0x4bc/0x870 [ 1730.682111][T30467] ret_from_fork_asm+0x1a/0x30 [ 1730.689226][T30467] } [ 1730.691884][T30467] ... key at: [] tasklist_lock+0x18/0x40 [ 1730.699855][T30467] ... acquired at: [ 1730.703819][T30467] lock_acquire+0x120/0x360 [ 1730.708483][T30467] _raw_read_lock+0x36/0x50 [ 1730.713153][T30467] send_sigio+0x101/0x370 [ 1730.717655][T30467] dnotify_handle_event+0x169/0x440 [ 1730.723018][T30467] fsnotify+0x1671/0x1a80 [ 1730.727508][T30467] __fsnotify_parent+0x3fe/0x540 [ 1730.732607][T30467] notify_change+0xc55/0xf40 [ 1730.737362][T30467] do_truncate+0x1a4/0x220 [ 1730.741945][T30467] vfs_truncate+0x493/0x520 [ 1730.746618][T30467] do_sys_truncate+0xdb/0x190 [ 1730.751464][T30467] __x64_sys_truncate+0x5b/0x70 [ 1730.756483][T30467] do_syscall_64+0xfa/0xfa0 [ 1730.761155][T30467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1730.767214][T30467] [ 1730.769521][T30467] -> (&f_owner->lock){....}-{3:3} { [ 1730.774816][T30467] INITIAL USE at: [ 1730.778784][T30467] lock_acquire+0x120/0x360 [ 1730.785018][T30467] _raw_write_lock_irq+0xa2/0xf0 [ 1730.791687][T30467] __f_setown+0x67/0x370 [ 1730.797657][T30467] fcntl_dirnotify+0x3fa/0x6a0 [ 1730.804159][T30467] do_fcntl+0x6d0/0x1910 [ 1730.810137][T30467] __se_sys_fcntl+0xc8/0x150 [ 1730.816459][T30467] do_syscall_64+0xfa/0xfa0 [ 1730.822697][T30467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1730.830336][T30467] INITIAL READ USE at: [ 1730.834751][T30467] lock_acquire+0x120/0x360 [ 1730.841419][T30467] _raw_read_lock_irqsave+0xaf/0x100 [ 1730.848892][T30467] send_sigio+0x38/0x370 [ 1730.855298][T30467] dnotify_handle_event+0x169/0x440 [ 1730.862678][T30467] fsnotify+0x1814/0x1a80 [ 1730.869164][T30467] vfs_mkdir+0x477/0x510 [ 1730.875574][T30467] do_mkdirat+0x247/0x590 [ 1730.882071][T30467] __x64_sys_mkdirat+0x87/0xa0 [ 1730.889001][T30467] do_syscall_64+0xfa/0xfa0 [ 1730.895671][T30467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1730.903724][T30467] } [ 1730.906296][T30467] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1730.915231][T30467] ... acquired at: [ 1730.919115][T30467] lock_acquire+0x120/0x360 [ 1730.923781][T30467] _raw_read_lock_irqsave+0xaf/0x100 [ 1730.929232][T30467] send_sigio+0x38/0x370 [ 1730.933642][T30467] kill_fasync+0x24d/0x4d0 [ 1730.938226][T30467] lease_break_callback+0x26/0x30 [ 1730.943413][T30467] __break_lease+0x6a5/0x1620 [ 1730.948538][T30467] do_dentry_open+0x8b7/0x13f0 [ 1730.953467][T30467] vfs_open+0x3b/0x340 [ 1730.957705][T30467] path_openat+0x2ee5/0x3830 [ 1730.962462][T30467] do_filp_open+0x1fa/0x410 [ 1730.967132][T30467] do_sys_openat2+0x121/0x1c0 [ 1730.971975][T30467] __x64_sys_open+0x11e/0x150 [ 1730.976814][T30467] do_syscall_64+0xfa/0xfa0 [ 1730.981485][T30467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1730.987539][T30467] [ 1730.989849][T30467] -> (&new->fa_lock){....}-{3:3} { [ 1730.994965][T30467] INITIAL USE at: [ 1730.998845][T30467] lock_acquire+0x120/0x360 [ 1731.004900][T30467] _raw_write_lock_irq+0xa2/0xf0 [ 1731.011395][T30467] fasync_insert_entry+0xc3/0x270 [ 1731.017984][T30467] lease_setup+0x86/0x110 [ 1731.023864][T30467] generic_setlease+0xd60/0x1240 [ 1731.030358][T30467] fcntl_setlease+0x3a2/0x4c0 [ 1731.036593][T30467] do_fcntl+0x6a9/0x1910 [ 1731.042390][T30467] __se_sys_fcntl+0xc8/0x150 [ 1731.048535][T30467] do_syscall_64+0xfa/0xfa0 [ 1731.054601][T30467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1731.062050][T30467] INITIAL READ USE at: [ 1731.066379][T30467] lock_acquire+0x120/0x360 [ 1731.072882][T30467] _raw_read_lock_irqsave+0xaf/0x100 [ 1731.080178][T30467] kill_fasync+0x199/0x4d0 [ 1731.086593][T30467] sock_wake_async+0x137/0x160 [ 1731.093360][T30467] sk_wake_async+0x184/0x280 [ 1731.099943][T30467] mptcp_destroy_common+0x152/0x320 [ 1731.107133][T30467] mptcp_disconnect+0x23d/0x700 [ 1731.113981][T30467] inet_shutdown+0x1c4/0x390 [ 1731.120563][T30467] __x64_sys_shutdown+0x13f/0x1a0 [ 1731.127578][T30467] do_syscall_64+0xfa/0xfa0 [ 1731.134079][T30467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1731.141957][T30467] } [ 1731.144446][T30467] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1731.153121][T30467] ... acquired at: [ 1731.156909][T30467] lock_acquire+0x120/0x360 [ 1731.161583][T30467] _raw_read_lock_irqsave+0xaf/0x100 [ 1731.167054][T30467] kill_fasync+0x199/0x4d0 [ 1731.171647][T30467] __start_tty+0x18c/0x220 [ 1731.176234][T30467] start_tty+0x2b/0x70 [ 1731.180469][T30467] n_tty_set_termios+0xa7c/0x1090 [ 1731.185657][T30467] tty_set_termios+0xda4/0x17e0 [ 1731.190673][T30467] set_termios+0x516/0x6c0 [ 1731.195256][T30467] tty_mode_ioctl+0x47e/0x740 [ 1731.200095][T30467] tty_ioctl+0x9c6/0xde0 [ 1731.204521][T30467] __se_sys_ioctl+0xfc/0x170 [ 1731.209275][T30467] do_syscall_64+0xfa/0xfa0 [ 1731.213947][T30467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1731.220000][T30467] [ 1731.222309][T30467] [ 1731.222309][T30467] stack backtrace: [ 1731.228203][T30467] CPU: 1 UID: 0 PID: 30467 Comm: syz.2.24569 Not tainted syzkaller #0 PREEMPT(full) [ 1731.228227][T30467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1731.228239][T30467] Call Trace: [ 1731.228248][T30467] [ 1731.228257][T30467] dump_stack_lvl+0x189/0x250 [ 1731.228287][T30467] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1731.228309][T30467] ? __pfx__printk+0x10/0x10 [ 1731.228330][T30467] validate_chain+0x1f05/0x2140 [ 1731.228358][T30467] __lock_acquire+0xab9/0xd20 [ 1731.228377][T30467] ? kill_fasync+0x199/0x4d0 [ 1731.228397][T30467] lock_acquire+0x120/0x360 [ 1731.228411][T30467] ? kill_fasync+0x199/0x4d0 [ 1731.228435][T30467] _raw_read_lock_irqsave+0xaf/0x100 [ 1731.228457][T30467] ? kill_fasync+0x199/0x4d0 [ 1731.228476][T30467] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1731.228501][T30467] kill_fasync+0x199/0x4d0 [ 1731.228520][T30467] ? kill_fasync+0x53/0x4d0 [ 1731.228539][T30467] ? __pfx_n_tty_write_wakeup+0x10/0x10 [ 1731.228557][T30467] __start_tty+0x18c/0x220 [ 1731.228579][T30467] start_tty+0x2b/0x70 [ 1731.228600][T30467] n_tty_set_termios+0xa7c/0x1090 [ 1731.228620][T30467] ? __pfx_n_tty_set_termios+0x10/0x10 [ 1731.228637][T30467] tty_set_termios+0xda4/0x17e0 [ 1731.228659][T30467] ? __pfx_tty_set_termios+0x10/0x10 [ 1731.228685][T30467] set_termios+0x516/0x6c0 [ 1731.228706][T30467] ? __pfx_set_termios+0x10/0x10 [ 1731.228728][T30467] ? tty_ldisc_ref_wait+0x25/0x70 [ 1731.228750][T30467] ? get_signal+0x1150/0x1340 [ 1731.228770][T30467] tty_mode_ioctl+0x47e/0x740 [ 1731.228792][T30467] ? __pfx_tty_mode_ioctl+0x10/0x10 [ 1731.228811][T30467] ? tty_ldisc_ref_wait+0x25/0x70 [ 1731.228833][T30467] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 1731.228857][T30467] ? n_tty_ioctl_helper+0x8e/0x340 [ 1731.228878][T30467] ? __pfx_n_tty_ioctl+0x10/0x10 [ 1731.228895][T30467] tty_ioctl+0x9c6/0xde0 [ 1731.228917][T30467] ? __pfx_tty_ioctl+0x10/0x10 [ 1731.228939][T30467] __se_sys_ioctl+0xfc/0x170 [ 1731.228961][T30467] do_syscall_64+0xfa/0xfa0 [ 1731.228985][T30467] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1731.229001][T30467] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1731.229019][T30467] ? clear_bhb_loop+0x60/0xb0 [ 1731.229037][T30467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1731.229053][T30467] RIP: 0033:0x7f3026d8f749 [ 1731.229079][T30467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1731.229099][T30467] RSP: 002b:00007f3027c93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1731.229118][T30467] RAX: ffffffffffffffda RBX: 00007f3026fe6090 RCX: 00007f3026d8f749 [ 1731.229131][T30467] RDX: 0000200000000140 RSI: 0000000000005402 RDI: 0000000000000004 [ 1731.229142][T30467] RBP: 00007f3026e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 1731.229153][T30467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1731.229164][T30467] R13: 00007f3026fe6128 R14: 00007f3026fe6090 R15: 00007f302710fa28 [ 1731.229182][T30467] [ 1731.229227][ C1] vkms_vblank_simulate: vblank timer overrun [ 1731.233110][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1731.531827][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1735.325382][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!