last executing test programs: 18m13.514789872s ago: executing program 4 (id=5): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0\x00', 0x112) 18m12.483738745s ago: executing program 4 (id=11): socket(0x2a, 0x2, 0x0) r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0xa02, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0xfffffff9, 0x15f}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f00000000c0)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd=r0, 0x0, &(0x7f0000000340)=[{0x0}, {0x0}], 0x2}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x20044054) 18m11.240066744s ago: executing program 4 (id=16): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000006c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x4, 0x1, 0x41, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000200)={0x0, 0xfffffefc, 0x7c, 0xfffffffa, 0xc6, "84b53f5dc1d996eee7d479db86fe609ea2029b", 0x7f, 0x2}) 18m10.654048901s ago: executing program 32 (id=16): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000006c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x4, 0x1, 0x41, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000200)={0x0, 0xfffffefc, 0x7c, 0xfffffffa, 0xc6, "84b53f5dc1d996eee7d479db86fe609ea2029b", 0x7f, 0x2}) 17m46.855929464s ago: executing program 3 (id=219): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff86"], 0xfdef) 17m46.436236456s ago: executing program 3 (id=221): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f00000001c0)=0x4f90, 0x4) sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800) recvfrom(r2, 0x0, 0x0, 0x12162, 0x0, 0x0) 17m46.134798984s ago: executing program 3 (id=223): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) syz_emit_ethernet(0x66, &(0x7f00000000c0)={@multicast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010102, @multicast1=0xe000c800}, {{0x0, 0x0, 0x1, 0x0, 0xb, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{}, 0xfffff788}}}}}}}, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000940), 0x10) close(0x3) 17m45.960608403s ago: executing program 3 (id=225): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000a00)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00') 17m45.809850659s ago: executing program 3 (id=226): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x3, 0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {}, {0x2, 0xe}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x40018c49}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40004}, 0x4000800) 17m45.293591927s ago: executing program 3 (id=230): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x64, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {0xffee, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x38, 0x2, [@TCA_FW_ACT={0x34, 0x4, [@m_vlan={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x84}, 0x0) 17m44.903291362s ago: executing program 33 (id=230): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x64, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {0xffee, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x38, 0x2, [@TCA_FW_ACT={0x34, 0x4, [@m_vlan={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x84}, 0x0) 10m13.428987023s ago: executing program 6 (id=8687): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') 10m13.33053194s ago: executing program 6 (id=8688): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TCXONC(r2, 0x80045440, 0x3) 10m13.194248993s ago: executing program 6 (id=8691): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0x14, &(0x7f0000000000)=0x6ab7, 0x1) 10m12.944507108s ago: executing program 6 (id=8693): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0) 10m12.765566691s ago: executing program 6 (id=8697): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0x55af) 10m11.857041597s ago: executing program 6 (id=8707): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f0000000740)=[{&(0x7f0000000480)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000f003f0041010000aa11f6bbf44d00000000008984", 0x39}], 0x1) 10m11.324284082s ago: executing program 34 (id=8707): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f0000000740)=[{&(0x7f0000000480)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000f003f0041010000aa11f6bbf44d00000000008984", 0x39}], 0x1) 9m18.139212053s ago: executing program 1 (id=9614): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x7) 9m17.650056946s ago: executing program 1 (id=9625): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000007000000020000000900000042000000630e3266ec05c66719"], 0x50) 9m17.289158182s ago: executing program 1 (id=9634): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8936, &(0x7f0000000000)) 9m16.996408541s ago: executing program 1 (id=9641): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') sendfile(r3, r3, &(0x7f0000000000)=0x2eb4, 0x2000007ff) 9m16.05988856s ago: executing program 1 (id=9667): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) futex_waitv(&(0x7f0000004040)=[{0x0, &(0x7f00000001c0), 0x2}, {0x3, &(0x7f0000000140)=0x3, 0x2}], 0x2, 0x0, 0x0, 0x1) 9m15.535956059s ago: executing program 1 (id=9678): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffcc2}}], 0x1, 0x4) 9m15.257274864s ago: executing program 35 (id=9678): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffcc2}}], 0x1, 0x4) 4m45.50142339s ago: executing program 5 (id=14482): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) bind$tipc(r2, 0x0, 0x0) close(r2) 4m45.402714585s ago: executing program 5 (id=14484): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x304}, "55706e44cacc494f", "24ff0573669961d742cbfb62b94f9592", 'U~\'T', "d5c0017c6ee203ad"}, 0x28) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff004) close(0x3) 4m44.457123751s ago: executing program 5 (id=14498): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000080)={r3, 0x12, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf900000080149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d665f985881a350000ddffffff00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237601a8ca5b07dcc141802c4dacf162e43ac61f7ad330000000000a04100", [0xfffffffffffffce8, 0xa]}}) 4m44.057169532s ago: executing program 5 (id=14507): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080) ioctl$LOOP_SET_FD(r3, 0x4c00, r2) ioctl$LOOP_SET_FD(r3, 0x4c05, r3) dup2(r2, r0) 4m43.734431868s ago: executing program 5 (id=14514): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) connect$unix(r3, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e20}, 0x6e) 4m42.235713185s ago: executing program 5 (id=14539): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r2, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0xc0000, 0x0) 4m41.982252498s ago: executing program 36 (id=14539): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r2, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0xc0000, 0x0) 2.239311599s ago: executing program 7 (id=19856): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) timer_create(0x2, 0x0, &(0x7f0000000180)=0x0) timer_settime(r3, 0x0, &(0x7f0000000000)={{0x0, 0x989680}}, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f00000004c0)={'filter\x00', 0x7, 0x4, 0x3d8, 0x100, 0x208, 0x208, 0x2f0, 0x2f0, 0x2f0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x7, 0x3, {0x7fff}}}}, {{@uncond, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x7, 'syz0\x00', {0xffffffffffffffff}}}}, {{@arp={@multicast1, @rand_addr=0x64010101, 0xff, 0xffffff00, 0x5, 0x2, {@mac=@broadcast, {[0xff, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@random="1887e18f67b1", {[0x0, 0xff, 0xff, 0x0, 0x0, 0xff]}}, 0x3, 0x7ff, 0xf, 0x8001, 0x1, 0xfffc, 'vlan1\x00', 'lo\x00', {0xff}, {0xff}, 0x0, 0x4}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x6f3}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x428) 1.823814913s ago: executing program 0 (id=19865): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) accept$packet(r1, 0x0, 0x0) 1.753972159s ago: executing program 7 (id=19866): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) prctl$PR_SET_KEEPCAPS(0x8, 0x101) 1.655211239s ago: executing program 7 (id=19868): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0x22020600) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) 1.50271437s ago: executing program 0 (id=19870): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_clone3(&(0x7f0000000380)={0x200000000, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58) 1.411253235s ago: executing program 7 (id=19871): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) timer_create(0x2, 0x0, &(0x7f0000000140)) 1.271116399s ago: executing program 7 (id=19873): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) request_key(&(0x7f0000000540)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0) 1.17628908s ago: executing program 7 (id=19874): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}) socket$inet(0x2, 0x2, 0xfffffffe) close_range(r3, 0xffffffffffffffff, 0x0) 1.077600077s ago: executing program 0 (id=19875): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r4 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r3) add_key$keyring(&(0x7f0000000340), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, r4) keyctl$KEYCTL_MOVE(0x1e, r4, r4, r3, 0x1) 1.00221278s ago: executing program 0 (id=19877): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f000054e000/0x400000)=nil) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 846.120168ms ago: executing program 2 (id=19879): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000200), 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x48, &(0x7f00000000c0)=ANY=[@ANYBLOB="8c"], 0x8) 778.643874ms ago: executing program 9 (id=19880): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000040)=0xe5, 0x4) listen(r3, 0x0) 762.40301ms ago: executing program 2 (id=19882): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mlock2(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) 651.318194ms ago: executing program 8 (id=19883): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) close(r2) 650.432846ms ago: executing program 9 (id=19884): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000001c0)={0x1, &(0x7f0000000000)=[{0x2, 0xe, 0x5, 0x7fff0000}]}) 614.714496ms ago: executing program 0 (id=19885): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) timer_settime(0x0, 0x1, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) 613.874069ms ago: executing program 2 (id=19886): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b66, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x1000000000021, 0x0, 0x0) 571.765963ms ago: executing program 9 (id=19887): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0xc, &(0x7f0000000080)=0x4, 0x4) sendmsg$netlink(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="30000000120001000000000000000000100000000c00000000000000000000000d0003"], 0x30}], 0x1}, 0x0) 545.188115ms ago: executing program 8 (id=19888): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents(r4, &(0x7f0000000240)=""/46, 0x2e) 449.979366ms ago: executing program 2 (id=19889): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x2c, r4, 0xc4fc9e906872338b, 0x0, 0x25dfdc01, {{0x5}, {@void, @val={0xc, 0x99, {0x40}}}}, [@NL80211_ATTR_TID_CONFIG={0xc, 0x11d, 0x0, 0x1, [{0x4}, {0x4}]}]}, 0x2c}}, 0x0) 449.064074ms ago: executing program 9 (id=19890): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) 402.028201ms ago: executing program 8 (id=19891): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) msgget(0x3, 0x0) 350.380852ms ago: executing program 2 (id=19892): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x4200000, 0x0, 0x33, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) 335.254706ms ago: executing program 9 (id=19893): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000062c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r2, 0x0, 0x0) request_key(&(0x7f0000000100)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0) 304.93725ms ago: executing program 0 (id=19894): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x4, 0x10010, 0x7, 0x9008, 0x9, 0x8, 0xd, 0x2005, 0x49, 0x3ff, 0x5, 0x2, 0x4, 0x8, 0x7, 0xc1, 0xffffffffffffffff, 0x1000007ff, 0x2, 0x10001, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x7f, 0x4000000000006, 0x81, 0xb, 0xa, 0x888f, 0x4, 0x8, 0x46, 0x6, 0x10000000000003, 0xa3de, 0x5, 0xc, 0x6, 0x400, 0x3, 0xfffffffffffffff6, 0x9, 0x2, 0xe, 0x6, 0x4, 0xe6, 0x400000000003, 0x5, 0x9, 0x66, 0x20006, 0x7, 0x200040000007, 0xffffffff00000001, 0x7fffffff, 0xd, 0xfffffffffffffffb, 0xbbd9, 0x80000000, 0xfffffffffffffbfd, 0x2, 0x7, 0x2, 0xcdc, 0x4000000007, 0x2, 0x10006, 0x7, 0x2, 0xfff, 0x6, 0x4, 0x1, 0xab6, 0xffffffffffffffff, 0x7, 0x0, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x4, 0x4, 0x8061d, 0x2, 0x7, 0xf6, 0x40004, 0x6, 0x9, 0x7, 0x81, 0x4, 0x8, 0x2293332f, 0x6, 0x5, 0x1e, 0xd, 0x2, 0x4, 0xfffffffffffffffb, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x2, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x0, 0xfffffffffffffffe, 0xa692, 0xcc, 0x1, 0x3]}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f00000002c0)=ANY=[]) 283.695549ms ago: executing program 8 (id=19895): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) write(r0, 0x0, 0x0) unlinkat(0xffffffffffffff9c, 0x0, 0x200) 198.619717ms ago: executing program 8 (id=19896): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="05002abd7000fddbdf2501"], 0x74}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 197.838815ms ago: executing program 9 (id=19897): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) ioctl$TCXONC(r1, 0x540a, 0x2) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x6) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$int_in(r2, 0x5452, &(0x7f0000001080)=0x3) write(r2, &(0x7f0000000080)='g', 0x1) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000140)={0x6, 0x3, 0x6, 0x7fff, 0x1a, "ee1dd756f560f25a63b2f119c3439425ea59d8"}) 55.837933ms ago: executing program 2 (id=19898): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) lgetxattr(0x0, 0x0, 0x0, 0x0) 0s ago: executing program 8 (id=19899): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket(0x10, 0x803, 0x0) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0) bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10) kernel console output (not intermixed with test programs): ered promiscuous mode [ 937.148178][ T8073] syzkaller0: entered allmulticast mode [ 937.625364][ T5834] tipc: Node number set to 2886997039 [ 937.977588][ T24] usb 3-1: USB disconnect, device number 47 [ 939.478644][ T8190] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15405'. [ 939.609596][ T8193] netlink: 188 bytes leftover after parsing attributes in process `syz.9.15406'. [ 939.759014][ T8200] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15412'. [ 940.353022][ T5902] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 940.540695][ T5902] usb 1-1: Using ep0 maxpacket: 16 [ 940.556516][ T5902] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 940.610128][ T5902] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 940.632012][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 940.662659][ T5902] usb 1-1: Product: syz [ 940.666829][ T5902] usb 1-1: Manufacturer: syz [ 940.671418][ T5902] usb 1-1: SerialNumber: syz [ 940.705620][ T5902] usb 1-1: config 0 descriptor?? [ 940.751125][ T5902] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 940.776643][ T5902] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 940.784312][ T8241] netlink: 96 bytes leftover after parsing attributes in process `syz.8.15428'. [ 940.868622][ T8247] netlink: 96 bytes leftover after parsing attributes in process `syz.2.15432'. [ 941.400248][ T5902] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 941.536149][ T8240] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 941.543477][ T8240] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 941.549524][ T8240] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 941.555667][ T8240] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 941.561718][ T8240] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 941.567979][ T8240] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 941.579414][ T8240] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 942.768848][ T8324] netlink: 12 bytes leftover after parsing attributes in process `syz.8.15466'. [ 942.866495][ T925] Bluetooth: hci2: command 0x0406 tx timeout [ 943.325174][ T8354] netlink: 76 bytes leftover after parsing attributes in process `syz.9.15481'. [ 943.583020][ T925] Bluetooth: hci0: command 0x0c1a tx timeout [ 943.584668][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 943.589685][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 943.589730][ T5826] Bluetooth: hci4: command 0x0406 tx timeout [ 943.783707][ T5902] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 943.791732][ T5902] em28xx 1-1:0.0: board has no eeprom [ 943.902762][ T5902] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 943.910610][ T5902] em28xx 1-1:0.0: dvb set to bulk mode. [ 943.969915][ T10] em28xx 1-1:0.0: Binding DVB extension [ 943.992577][ T5902] usb 1-1: USB disconnect, device number 36 [ 944.011922][ T5902] em28xx 1-1:0.0: Disconnecting em28xx [ 944.136287][ T10] em28xx 1-1:0.0: Registering input extension [ 944.170845][ T5902] em28xx 1-1:0.0: Closing input extension [ 944.228929][ T5902] em28xx 1-1:0.0: Freeing device [ 944.289458][ T8400] netlink: 8 bytes leftover after parsing attributes in process `syz.8.15504'. [ 945.675033][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 946.034303][ T8490] netlink: 'syz.7.15549': attribute type 21 has an invalid length. [ 946.881464][ T8533] team0: Port device team_slave_0 removed [ 947.024853][ T8544] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15572'. [ 947.698099][ T8570] netlink: 4096 bytes leftover after parsing attributes in process `syz.9.15585'. [ 947.754130][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 948.761743][ T8633] tipc: New replicast peer: 2001:0000:0000:0000:0000:0000:0000:0002 [ 949.122722][T14247] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 949.302743][T14247] usb 10-1: Using ep0 maxpacket: 8 [ 949.325619][T14247] usb 10-1: config 0 has an invalid interface number: 55 but max is 0 [ 949.344940][T14247] usb 10-1: config 0 has no interface number 0 [ 949.363076][T14247] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 949.382708][T14247] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 949.405067][ T8666] netlink: 5 bytes leftover after parsing attributes in process `syz.2.15632'. [ 949.424350][T14247] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 949.462756][T14247] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 949.486073][T14247] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 949.506669][T14247] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 949.537607][T14247] usb 10-1: config 0 descriptor?? [ 949.582235][T14247] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 950.520170][T14247] usb 10-1: USB disconnect, device number 3 [ 950.545024][T14247] ldusb 10-1:0.55: LD USB Device #0 now disconnected [ 951.426825][ T30] audit: type=1326 audit(1763238912.762:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8760 comm="syz.9.15675" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1f44f8f6c9 code=0x0 [ 951.654004][ T8769] netlink: 12 bytes leftover after parsing attributes in process `syz.0.15674'. [ 952.626064][ T5834] usb 9-1: new full-speed USB device number 19 using dummy_hcd [ 952.644140][ T8805] netlink: 12 bytes leftover after parsing attributes in process `syz.0.15694'. [ 952.810534][ T5834] usb 9-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 952.874772][ T5834] usb 9-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 952.894126][ T5834] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 952.905765][ T5834] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 952.925496][ T5834] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 952.985574][ T5834] snd-usb-audio 9-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 952.987514][T14247] usb 3-1: new full-speed USB device number 48 using dummy_hcd [ 953.040853][T29707] udevd[29707]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 953.092756][ T6538] usb 10-1: new low-speed USB device number 4 using dummy_hcd [ 953.156626][T14247] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 953.166123][T14247] usb 3-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 953.177190][T14247] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 953.187717][T14247] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12336, setting to 64 [ 953.200851][T14247] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 953.210221][T14247] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 953.220058][T14247] usb 3-1: Product: syz [ 953.224674][T14247] usb 3-1: Manufacturer: syz [ 953.244701][ T6538] usb 10-1: config 0 has an invalid interface number: 1 but max is 0 [ 953.254369][T14247] cdc_wdm 3-1:1.0: skipping garbage [ 953.259911][ T6538] usb 10-1: config 0 has no interface number 0 [ 953.268584][T14247] cdc_wdm 3-1:1.0: skipping garbage [ 953.274101][ T6538] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 953.286723][ T6538] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 953.298003][T14247] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 953.307154][T14247] cdc_wdm 3-1:1.0: Unknown control protocol [ 953.317795][ T6538] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 953.336819][ T6538] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 953.369908][ T6538] usb 10-1: config 0 descriptor?? [ 953.402450][ T8815] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22 [ 953.437769][ T6538] iowarrior 10-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1 [ 953.508579][ T5834] usb 9-1: USB disconnect, device number 19 [ 953.605362][ T5902] usb 3-1: USB disconnect, device number 48 [ 953.710421][ T8815] binder: 8814:8815 ioctl 4018620d 0 returned -22 [ 953.741194][ T5834] usb 10-1: USB disconnect, device number 4 [ 954.783126][T14247] usb 10-1: new full-speed USB device number 5 using dummy_hcd [ 954.949521][T14247] usb 10-1: config index 0 descriptor too short (expected 55488, got 27) [ 954.962329][T14247] usb 10-1: config 0 has an invalid descriptor of length 216, skipping remainder of the config [ 954.974075][T14247] usb 10-1: config 0 has no interfaces? [ 954.986181][T14247] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 955.013161][T14247] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 955.041958][T14247] usb 10-1: Product: syz [ 955.049505][T14247] usb 10-1: Manufacturer: syz [ 955.074660][T14247] usb 10-1: SerialNumber: syz [ 955.094524][T14247] usb 10-1: config 0 descriptor?? [ 955.427221][ T5902] usb 10-1: USB disconnect, device number 5 [ 955.625035][ T10] hid_parser_main: 5 callbacks suppressed [ 955.625054][ T10] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0 [ 955.639910][ T10] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0 [ 955.649874][ T10] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0 [ 955.661952][ T10] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0 [ 955.677570][ T10] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0 [ 955.686180][ T10] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0 [ 955.696468][ T10] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0 [ 955.705237][ T10] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0 [ 955.714197][ T10] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0 [ 955.721800][ T10] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0 [ 955.734577][ T10] hid-generic 0003:0004:0000.001D: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 955.763300][ T5834] usb 9-1: new high-speed USB device number 20 using dummy_hcd [ 955.834336][ T8931] fido_id[8931]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 955.919290][ T8938] netlink: 'syz.2.15757': attribute type 1 has an invalid length. [ 955.935744][ T5834] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 955.946955][ T5834] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 955.966513][ T5834] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 955.969098][ T8938] bond0: entered promiscuous mode [ 955.982749][ T8938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 956.001422][ T5834] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 956.028299][ T5834] usb 9-1: config 0 descriptor?? [ 956.052117][ T8942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 956.062400][ T8938] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 956.069690][ T8938] IPv6: NLM_F_CREATE should be set when creating new route [ 956.070786][ T8942] bond0: (slave wireguard0): The slave device specified does not support setting the MAC address [ 956.076932][ T8938] IPv6: NLM_F_CREATE should be set when creating new route [ 956.089258][ T8938] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 956.106239][ T8942] bond0: (slave wireguard0): Setting fail_over_mac to active for active-backup mode [ 956.124013][ T8942] bond0: (slave wireguard0): making interface the new active one [ 956.133110][ T8942] wireguard0: entered promiscuous mode [ 956.140340][ T8942] bond0: (slave wireguard0): Enslaving as an active interface with an up link [ 956.187759][ T8938] bond0: (slave wireguard1): The slave device specified does not support setting the MAC address [ 956.210864][ T8938] bond0: (slave wireguard1): Enslaving as a backup interface with an up link [ 956.308067][ T5834] usbhid 9-1:0.0: can't add hid device: -71 [ 956.348322][ T5834] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 956.392917][ T5834] usb 9-1: USB disconnect, device number 20 [ 956.716309][ T8975] loop5: detected capacity change from 0 to 7 [ 956.725682][ C0] blk_print_req_error: 10 callbacks suppressed [ 956.725697][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 956.741387][ C0] buffer_io_error: 10 callbacks suppressed [ 956.741402][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 956.762715][ T6538] usb 10-1: new full-speed USB device number 6 using dummy_hcd [ 956.765201][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 956.779418][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 956.787490][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 956.796669][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 956.809197][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 956.818385][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 956.826760][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 956.835930][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 956.844437][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 956.853589][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 956.861800][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 956.870993][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 956.878868][T29707] ldm_validate_partition_table(): Disk read failed. [ 956.887764][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 956.896946][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 956.910367][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 956.919517][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 956.924318][ T6538] usb 10-1: config 0 has an invalid interface number: 133 but max is 0 [ 956.937134][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 956.946296][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 956.954384][T29707] Dev loop5: unable to read RDB block 0 [ 956.961429][T29707] loop5: unable to read partition table [ 956.970526][ T6538] usb 10-1: config 0 has no interface number 0 [ 956.981780][T29707] loop5: partition table beyond EOD, truncated [ 957.014469][ T6538] usb 10-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 957.053804][ T6538] usb 10-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 957.063136][ T6538] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 957.079154][ T8975] ldm_validate_partition_table(): Disk read failed. [ 957.086915][ T8975] Dev loop5: unable to read RDB block 0 [ 957.092493][ T6538] usb 10-1: Product: syz [ 957.097630][ T6538] usb 10-1: Manufacturer: syz [ 957.102475][ T6538] usb 10-1: SerialNumber: syz [ 957.109623][ T8975] loop5: unable to read partition table [ 957.119453][ T8975] loop5: partition table beyond EOD, truncated [ 957.130299][ T8975] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 957.141121][ T6538] usb 10-1: config 0 descriptor?? [ 957.359447][ T6538] keyspan 10-1:0.133: Keyspan 1 port adapter converter detected [ 957.373807][ T6538] keyspan 10-1:0.133: unsupported endpoint type 0 [ 957.390881][ T6538] keyspan 10-1:0.133: found no endpoint descriptor for endpoint 81 [ 957.399598][ T6538] keyspan 10-1:0.133: found no endpoint descriptor for endpoint 1 [ 957.408099][ T6538] keyspan 10-1:0.133: found no endpoint descriptor for endpoint 2 [ 957.453054][ T6538] usb 10-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 957.501682][ T6538] usb 10-1: USB disconnect, device number 6 [ 957.555007][ T6538] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 957.593767][ T6538] keyspan 10-1:0.133: device disconnected [ 958.417029][ T9017] xt_CT: No such helper "pptp" [ 960.046672][ T9073] binder: 9068:9073 ioctl c0306201 200000000100 returned -14 [ 960.188176][ T9081] binder: 9080:9081 ioctl c0306201 200000000000 returned -22 [ 960.728551][ T9107] binder: BINDER_SET_CONTEXT_MGR already set [ 960.761186][ T9107] binder: 9106:9107 ioctl 4018620d 200000000140 returned -16 [ 961.206893][ T9139] netlink: 16 bytes leftover after parsing attributes in process `syz.9.15847'. [ 961.758556][ T9171] netlink: 288 bytes leftover after parsing attributes in process `syz.7.15862'. [ 962.573766][ T5837] usb 3-1: new full-speed USB device number 49 using dummy_hcd [ 962.745163][ T5837] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 962.772284][ T5837] usb 3-1: config 0 has no interfaces? [ 962.789219][ T5837] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 962.802693][ T5837] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 962.823971][ T5837] usb 3-1: Product: syz [ 962.841400][ T5837] usb 3-1: Manufacturer: syz [ 962.855742][ T5837] usb 3-1: SerialNumber: syz [ 962.872543][ T5837] usb 3-1: config 0 descriptor?? [ 963.074509][ T9246] netlink: 4 bytes leftover after parsing attributes in process `syz.7.15890'. [ 963.316577][ T9255] netlink: 8 bytes leftover after parsing attributes in process `syz.9.15894'. [ 963.655441][ T6538] usb 3-1: USB disconnect, device number 49 [ 964.637972][ T30] audit: type=1326 audit(1763238925.972:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9319 comm="syz.7.15926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 964.700168][ T30] audit: type=1326 audit(1763238925.972:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9319 comm="syz.7.15926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 964.737809][ T30] audit: type=1326 audit(1763238925.972:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9319 comm="syz.7.15926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 964.760550][ T30] audit: type=1326 audit(1763238925.972:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9319 comm="syz.7.15926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 964.789032][ T30] audit: type=1326 audit(1763238925.972:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9319 comm="syz.7.15926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 964.817101][ T30] audit: type=1326 audit(1763238925.972:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9319 comm="syz.7.15926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 964.842812][ T30] audit: type=1326 audit(1763238925.992:1353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9319 comm="syz.7.15926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 964.925490][ T30] audit: type=1326 audit(1763238925.992:1354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9319 comm="syz.7.15926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 964.972032][ T30] audit: type=1326 audit(1763238925.992:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9319 comm="syz.7.15926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 964.989598][ T9335] netlink: 68 bytes leftover after parsing attributes in process `syz.7.15931'. [ 965.042682][ T30] audit: type=1326 audit(1763238925.992:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9319 comm="syz.7.15926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 965.343910][ T9352] netlink: 4 bytes leftover after parsing attributes in process `syz.9.15940'. [ 965.503325][ T10] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 965.587296][ T9368] team0: entered allmulticast mode [ 965.592545][ T9368] team_slave_0: entered allmulticast mode [ 965.598778][ T9368] team_slave_1: entered allmulticast mode [ 965.633023][ T9366] kvm: pic: non byte read [ 965.637718][ T9366] kvm: pic: non byte read [ 965.642243][ T9366] pic_ioport_write: 76 callbacks suppressed [ 965.642257][ T9366] kvm: pic: single mode not supported [ 965.648219][ T9366] kvm: pic: level sensitive irq not supported [ 965.654917][ T9366] kvm: pic: non byte read [ 965.666042][ T9366] kvm: pic: non byte read [ 965.673343][ T9366] kvm: pic: single mode not supported [ 965.673400][ T9366] kvm: pic: non byte read [ 965.686892][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 965.694430][ T9366] kvm: pic: non byte read [ 965.699511][ T10] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 965.713326][ T9366] kvm: pic: non byte read [ 965.723947][ T10] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 965.740698][ T9366] kvm: pic: non byte read [ 965.745708][ T9366] kvm: pic: non byte read [ 965.750209][ T10] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 965.761947][ T10] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 965.785395][ T10] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 965.801211][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 965.813471][ T10] usb 3-1: Product: syz [ 965.821440][ T10] usb 3-1: Manufacturer: syz [ 965.828111][ T10] usb 3-1: SerialNumber: syz [ 965.851049][ C0] imon 3-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 965.864187][ T10] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/input/input89 [ 965.956601][ T9379] @: renamed from vlan0 (while UP) [ 966.068887][ T10] imon 3-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 966.088718][ T10] (id 0x00) [ 966.223298][ T10] rc_core: IR keymap rc-imon-pad not found [ 966.230105][ T10] Registered IR keymap rc-empty [ 966.242310][ T10] imon 3-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 966.255076][ T10] imon 3-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 966.286041][ T10] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0 [ 966.336289][ T10] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0/input90 [ 966.355977][ T10] imon 3-1:155.0: iMON device (15c2:ffdc, intf0) on usb<3:50> initialized [ 966.487833][ T9398] netlink: 48 bytes leftover after parsing attributes in process `syz.0.15961'. [ 966.925696][ T9420] binder: BINDER_SET_CONTEXT_MGR already set [ 966.937081][ T9420] binder: 9418:9420 ioctl 40046207 0 returned -16 [ 967.115656][ T9434] netlink: 228 bytes leftover after parsing attributes in process `syz.8.15979'. [ 967.342740][ T5837] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 967.502685][ T5837] usb 8-1: Using ep0 maxpacket: 32 [ 967.509366][ T5837] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 967.517519][ T5837] usb 8-1: config 0 has no interface number 0 [ 967.543638][ T5837] usb 8-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=2c.d8 [ 967.581660][ T5837] usb 8-1: New USB device strings: Mfr=193, Product=2, SerialNumber=3 [ 967.591363][ T5837] usb 8-1: Product: syz [ 967.605777][ T5837] usb 8-1: Manufacturer: syz [ 967.615360][ T5837] usb 8-1: SerialNumber: syz [ 967.625457][ T5837] usb 8-1: config 0 descriptor?? [ 967.638794][ T5837] usb 8-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 967.647715][ T5837] usb 8-1: selecting invalid altsetting 1 [ 967.654093][ T5837] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 967.664234][ T5837] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 967.676068][ T5837] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 967.687761][ T5837] usb 8-1: media controller created [ 967.706502][ T5837] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 967.814026][ T9446] imon:send_packet: packet tx failed (-71) [ 967.820537][ T6538] usb 3-1: USB disconnect, device number 50 [ 967.844534][ T9446] imon:vfd_write: send packet #4 failed [ 968.782922][ T5837] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 968.854075][ T9429] usb 8-1: dvb_usb_ce6230: I2C read not implemented [ 968.861619][ T5837] zl10353_read_register: readreg error (reg=127, ret==-110) [ 968.917213][ T5837] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 969.086935][ T5837] usb 8-1: USB disconnect, device number 10 [ 969.498034][ T9484] netlink: 212360 bytes leftover after parsing attributes in process `syz.2.15998'. [ 971.311618][ T9565] fuse: Bad value for 'fd' [ 971.543238][ T9579] netem: change failed [ 971.818316][ T9593] netlink: 12 bytes leftover after parsing attributes in process `syz.9.16051'. [ 971.829461][ T9597] netlink: 8 bytes leftover after parsing attributes in process `syz.7.16053'. [ 971.838648][ T9597] netlink: 24 bytes leftover after parsing attributes in process `syz.7.16053'. [ 972.426441][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 972.439346][ T30] audit: type=1326 audit(1763238933.762:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9630 comm="syz.7.16070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 972.492240][ T30] audit: type=1326 audit(1763238933.762:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9630 comm="syz.7.16070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 972.576023][ T30] audit: type=1326 audit(1763238933.762:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9630 comm="syz.7.16070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 972.630417][ T30] audit: type=1326 audit(1763238933.762:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9630 comm="syz.7.16070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 972.679393][ T30] audit: type=1326 audit(1763238933.762:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9630 comm="syz.7.16070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 973.063303][ T9662] netlink: 8 bytes leftover after parsing attributes in process `syz.7.16084'. [ 973.082490][ T9662] netlink: 8 bytes leftover after parsing attributes in process `syz.7.16084'. [ 974.456499][ T9699] pim6reg: entered allmulticast mode [ 974.458204][ T9702] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16101'. [ 975.270906][ T9748] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 975.957129][ T9783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16142'. [ 975.967136][ T9783] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 975.998218][ T9783] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 976.736165][ T9822] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16162'. [ 976.781424][ T30] audit: type=1326 audit(1763238938.112:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9825 comm="syz.0.16159" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f601df8f6c9 code=0x0 [ 977.355060][ T9858] netlink: 188 bytes leftover after parsing attributes in process `syz.2.16177'. [ 977.563737][ T9867] binder: 9866:9867 ioctl c018620c 200000000000 returned -22 [ 978.152282][ T9890] netlink: 28 bytes leftover after parsing attributes in process `syz.2.16194'. [ 978.675323][ T30] audit: type=1800 audit(1763238940.012:1383): pid=9923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.16209" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 979.556895][ T9970] netlink: 12 bytes leftover after parsing attributes in process `syz.7.16230'. [ 981.500060][T10057] bridge0: entered allmulticast mode [ 983.363029][T10138] netlink: 8 bytes leftover after parsing attributes in process `syz.9.16310'. [ 984.533583][ T5902] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 984.694906][ T5902] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 984.708782][ T5902] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 984.721864][ T5902] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 984.731800][ T5902] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 984.745661][ T5902] usb 8-1: config 0 descriptor?? [ 985.170542][ T5902] hid_parser_main: 8 callbacks suppressed [ 985.170870][ T5902] cm6533_jd 0003:0D8C:0022.001E: unknown main item tag 0x0 [ 985.188605][ T5902] cm6533_jd 0003:0D8C:0022.001E: unknown main item tag 0x0 [ 985.213108][ T5902] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0D8C:0022.001E/input/input91 [ 985.248247][T10213] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 985.273305][ T5902] cm6533_jd 0003:0D8C:0022.001E: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.7-1/input0 [ 985.487600][ T5902] usb 8-1: USB disconnect, device number 11 [ 986.374119][ T5837] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0 [ 986.397374][ T5837] hid-generic 0000:0000:0000.001F: hidraw0: HID v0.00 Device [syz1] on syz0 [ 986.606431][T14247] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 986.764672][T14247] usb 9-1: config 0 has no interfaces? [ 986.779588][T14247] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 986.795094][T14247] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 986.823326][T14247] usb 9-1: SerialNumber: syz [ 986.865850][T14247] usb 9-1: config 0 descriptor?? [ 987.343653][T10304] syzkaller0: entered promiscuous mode [ 987.349225][T10304] syzkaller0: entered allmulticast mode [ 988.731440][T10351] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16406'. [ 989.238469][ T30] audit: type=1800 audit(1763238950.572:1384): pid=10368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.16414" name="file1" dev="tmpfs" ino=2267 res=0 errno=0 [ 989.318463][ T10] usb 9-1: USB disconnect, device number 21 [ 989.571550][T10381] netlink: 16 bytes leftover after parsing attributes in process `syz.0.16418'. [ 992.870010][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.876570][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.263103][ T5834] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 993.423251][ T5834] usb 8-1: Using ep0 maxpacket: 16 [ 993.434868][ T5834] usb 8-1: config 0 interface 0 has no altsetting 0 [ 993.441680][ T5834] usb 8-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 993.464731][ T5834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 993.481495][ T5834] usb 8-1: config 0 descriptor?? [ 993.778926][T10488] netlink: 24 bytes leftover after parsing attributes in process `syz.2.16470'. [ 993.984290][ T5834] hid (null): global environment stack underflow [ 994.019940][ T5834] hid (null): unknown global tag 0xd [ 994.059737][ T5834] hid (null): unknown global tag 0xc [ 994.083534][ T5834] hid (null): unknown global tag 0x22 [ 994.106997][ T5834] hid (null): report_id 1619789852 is invalid [ 994.136713][ T5834] hid (null): unknown global tag 0xc [ 994.158207][ T5834] hid (null): unknown global tag 0xd [ 994.197995][ T5834] hid (null): global environment stack underflow [ 994.211150][ T5834] hid (null): unknown global tag 0xc [ 994.225863][ T5834] hid (null): nested delimiters [ 994.259551][ T5834] hid (null): unknown global tag 0xc [ 994.268985][ T5834] hid (null): unknown global tag 0xd [ 994.288453][ T5834] hid (null): unknown global tag 0xe [ 994.405656][ T5834] usb 8-1: USB disconnect, device number 12 [ 996.006328][T10561] binder: 10559:10561 ioctl c0306201 200000000100 returned -14 [ 996.473768][T10579] netlink: 76 bytes leftover after parsing attributes in process `syz.9.16512'. [ 996.677147][T10589] netlink: 24 bytes leftover after parsing attributes in process `syz.0.16496'. [ 996.691845][ T30] audit: type=1326 audit(1763238958.022:1385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.2.16516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 996.718622][ T30] audit: type=1326 audit(1763238958.052:1386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.2.16516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 996.744006][ T30] audit: type=1326 audit(1763238958.052:1387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.2.16516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 996.768310][ T30] audit: type=1326 audit(1763238958.052:1388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.2.16516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 996.792406][ T30] audit: type=1326 audit(1763238958.082:1389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.2.16516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 996.822904][ T30] audit: type=1326 audit(1763238958.082:1390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.2.16516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 996.847627][ T30] audit: type=1326 audit(1763238958.082:1391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.2.16516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 996.871363][ T30] audit: type=1326 audit(1763238958.082:1392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.2.16516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 996.896118][ T30] audit: type=1326 audit(1763238958.082:1393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.2.16516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 996.918966][T14247] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 996.932135][ T30] audit: type=1326 audit(1763238958.082:1394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.2.16516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 996.941134][T10592] sch_tbf: burst 88 is lower than device veth7 mtu (1514) ! [ 997.072715][T14247] usb 10-1: Using ep0 maxpacket: 16 [ 997.079704][T14247] usb 10-1: config 1 has an invalid interface number: 64 but max is 0 [ 997.088271][T14247] usb 10-1: config 1 has no interface number 0 [ 997.097339][T14247] usb 10-1: config 1 interface 64 altsetting 0 endpoint 0xF has an invalid bInterval 121, changing to 7 [ 997.171317][T14247] usb 10-1: New USB device found, idVendor=19d2, idProduct=ffbf, bcdDevice=68.78 [ 997.203161][T14247] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 997.238610][T14247] usb 10-1: Product: syz [ 997.243422][T14247] usb 10-1: Manufacturer: syz [ 997.262196][T14247] usb 10-1: SerialNumber: syz [ 997.490382][T14247] option 10-1:1.64: GSM modem (1-port) converter detected [ 997.524447][T14247] usb 10-1: USB disconnect, device number 7 [ 997.539828][T14247] option 10-1:1.64: device disconnected [ 997.802767][ T5834] usb 9-1: new high-speed USB device number 22 using dummy_hcd [ 997.965596][ T5834] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 997.996930][ T5834] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 998.027953][ T5834] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 998.068834][ T5834] usb 9-1: config 0 descriptor?? [ 998.159650][T10656] netlink: 28 bytes leftover after parsing attributes in process `syz.0.16545'. [ 998.470346][T10666] netlink: 136 bytes leftover after parsing attributes in process `syz.9.16552'. [ 998.488827][T10666] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 998.507016][ T5834] keytouch 0003:0926:3333.0021: fixing up Keytouch IEC report descriptor [ 998.521957][ T5834] input: HID 0926:3333 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:0926:3333.0021/input/input92 [ 998.747702][ T5834] keytouch 0003:0926:3333.0021: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.8-1/input0 [ 998.954047][T14247] usb 9-1: USB disconnect, device number 22 [ 1002.159581][T10816] netlink: 72 bytes leftover after parsing attributes in process `syz.2.16621'. [ 1002.442443][T10826] netlink: 'syz.2.16626': attribute type 21 has an invalid length. [ 1002.749180][T10838] netlink: 104 bytes leftover after parsing attributes in process `syz.8.16632'. [ 1002.771699][T10838] netlink: 28 bytes leftover after parsing attributes in process `syz.8.16632'. [ 1002.786672][T10838] tc_dump_action: action bad kind [ 1003.224702][T10858] netlink: 32 bytes leftover after parsing attributes in process `syz.2.16643'. [ 1004.235897][T10875] blkio.reset_stats is deprecated [ 1004.530051][T10887] netlink: 104 bytes leftover after parsing attributes in process `syz.7.16652'. [ 1004.696397][T10892] loop5: detected capacity change from 0 to 7 [ 1005.001608][T10892] Dev loop5: unable to read RDB block 7 [ 1005.007407][T10892] loop5: unable to read partition table [ 1005.013486][T10892] loop5: partition table beyond EOD, truncated [ 1005.029837][T10892] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 1005.177196][ T5837] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0 [ 1005.221672][ T5837] hid-generic 0000:0000:0000.0022: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1006.938394][T10939] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1006.952069][T10939] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1006.960052][T10939] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1006.967749][T10939] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1006.977339][T10939] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1007.274451][T10981] fuse: Bad value for 'group_id' [ 1007.279486][T10981] fuse: Bad value for 'group_id' [ 1007.916695][T11034] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1007.923986][T11034] IPv6: NLM_F_CREATE should be set when creating new route [ 1007.931231][T11034] IPv6: NLM_F_CREATE should be set when creating new route [ 1007.989833][T11036] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1008.072901][ T5834] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 1008.243427][ T5834] usb 3-1: Using ep0 maxpacket: 16 [ 1008.250367][ T5834] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1008.263329][ T5834] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1008.276749][ T5834] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1008.295502][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1008.304764][ T5834] usb 3-1: Product: syz [ 1008.309905][ T5834] usb 3-1: Manufacturer: syz [ 1008.319217][ T5834] usb 3-1: SerialNumber: syz [ 1008.331092][ T5834] usb 3-1: config 0 descriptor?? [ 1008.341949][ T5834] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1008.351453][ T5834] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 1008.706393][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 1008.706411][ T30] audit: type=1326 audit(1763238970.032:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11063 comm="syz.8.16734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1008.741071][ T30] audit: type=1326 audit(1763238970.032:1432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11063 comm="syz.8.16734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1008.806028][ T30] audit: type=1326 audit(1763238970.042:1433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11063 comm="syz.8.16734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1008.855479][ T30] audit: type=1326 audit(1763238970.042:1434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11063 comm="syz.8.16734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1008.882906][ T5828] Bluetooth: hci2: command 0x0406 tx timeout [ 1008.888552][ T30] audit: type=1326 audit(1763238970.042:1435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11063 comm="syz.8.16734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1008.949671][ T5834] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 1008.957857][ T5834] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 1009.022889][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 1009.028968][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 1009.033469][ T925] Bluetooth: hci1: command 0x0c1a tx timeout [ 1009.035414][ T5827] Bluetooth: hci4: command 0x0406 tx timeout [ 1009.074956][T11075] bridge0: port 3(hsr0) entered blocking state [ 1009.081495][T11075] bridge0: port 3(hsr0) entered disabled state [ 1009.088390][T11075] hsr0: entered allmulticast mode [ 1009.096760][T11075] hsr_slave_0: entered allmulticast mode [ 1009.102415][T11075] hsr_slave_1: entered allmulticast mode [ 1009.119423][T11075] hsr0: entered promiscuous mode [ 1009.126846][T11075] bridge0: port 3(hsr0) entered blocking state [ 1009.133610][T11075] bridge0: port 3(hsr0) entered forwarding state [ 1009.437802][T11089] netlink: 36 bytes leftover after parsing attributes in process `syz.9.16746'. [ 1009.582644][ T5834] em28xx 3-1:0.0: AC97 command still being executed: not handled properly! [ 1009.603055][ T5834] em28xx 3-1:0.0: Unknown AC97 audio processor detected! [ 1009.643596][T11100] netlink: 'syz.9.16751': attribute type 1 has an invalid length. [ 1009.731773][T11100] bond1: (slave xfrm1): The slave device specified does not support setting the MAC address [ 1009.747994][T11100] bond1: (slave xfrm1): Setting fail_over_mac to active for active-backup mode [ 1009.760678][T11100] bond1: (slave xfrm1): making interface the new active one [ 1009.773082][T11100] bond1: (slave xfrm1): Enslaving as an active interface with an up link [ 1009.774961][T11109] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16751'. [ 1009.790938][ T5834] em28xx 3-1:0.0: AC97 command still being executed: not handled properly! [ 1009.806930][ T5834] em28xx 3-1:0.0: couldn't setup AC97 register 2 [ 1009.819393][T11109] bond1 (unregistering): (slave xfrm1): Releasing backup interface [ 1009.871744][T11109] bond1 (unregistering): Released all slaves [ 1009.987911][ T5834] em28xx 3-1:0.0: AC97 command still being executed: not handled properly! [ 1010.015979][ T5834] em28xx 3-1:0.0: couldn't setup AC97 register 4 [ 1010.174812][ T5834] em28xx 3-1:0.0: couldn't setup AC97 register 6 [ 1010.189882][ T5834] em28xx 3-1:0.0: couldn't setup AC97 register 54 [ 1010.217128][ T5834] em28xx 3-1:0.0: couldn't setup AC97 register 56 [ 1010.228361][ T5834] usb 3-1: USB disconnect, device number 51 [ 1010.645624][T11143] netlink: 8 bytes leftover after parsing attributes in process `syz.9.16771'. [ 1010.675386][T11143] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16771'. [ 1013.363499][T11282] fuse: Bad value for 'fd' [ 1013.646232][T11300] netlink: 'syz.8.16845': attribute type 28 has an invalid length. [ 1014.117091][T11324] netlink: 44 bytes leftover after parsing attributes in process `syz.2.16857'. [ 1014.472706][ T10] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 1014.642969][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 1014.791170][ T10] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 1014.807972][ T30] audit: type=1326 audit(1763238976.142:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.8.16878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1014.824475][ T10] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1014.843323][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1014.853090][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1014.865377][ T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1014.881970][ T30] audit: type=1326 audit(1763238976.172:1437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.8.16878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1014.882188][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1014.906277][ T30] audit: type=1326 audit(1763238976.172:1438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.8.16878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1014.940122][ T30] audit: type=1326 audit(1763238976.172:1439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.8.16878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1014.966587][ T30] audit: type=1326 audit(1763238976.172:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.8.16878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1015.005729][ T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1015.026515][ T30] audit: type=1326 audit(1763238976.172:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.8.16878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1015.050755][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1015.093116][ T30] audit: type=1326 audit(1763238976.172:1442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.8.16878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1015.100421][ T10] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1015.155513][ T30] audit: type=1326 audit(1763238976.172:1443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.8.16878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1015.173923][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1015.238917][ T30] audit: type=1326 audit(1763238976.172:1444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.8.16878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1015.244765][ T10] usb 1-1: config 0 descriptor?? [ 1015.326634][T11389] tipc: Trying to set illegal importance in message [ 1015.334175][ T30] audit: type=1326 audit(1763238976.172:1445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.8.16878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1015.744348][ T10] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 37 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1015.802752][ T10] usb 1-1: USB disconnect, device number 37 [ 1015.843477][ T10] usblp0: removed [ 1016.363572][ T6538] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 1016.562756][ T6538] usb 1-1: Using ep0 maxpacket: 32 [ 1016.628709][ T6538] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 1016.638235][ T6538] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1016.647369][ T6538] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1016.656837][ T6538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1016.667727][ T6538] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1016.685723][ T6538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1016.706077][ T6538] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1016.718452][ T6538] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1016.737217][ T6538] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1016.747535][ T6538] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1016.764218][ T6538] usb 1-1: config 0 descriptor?? [ 1016.799549][T11448] netlink: 'syz.9.16914': attribute type 4 has an invalid length. [ 1017.248598][ T6538] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 38 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1017.278007][ T6538] usb 1-1: USB disconnect, device number 38 [ 1017.306629][ T6538] usblp0: removed [ 1018.860724][T11531] netlink: 4 bytes leftover after parsing attributes in process `syz.7.16954'. [ 1018.916518][T11533] netlink: 12 bytes leftover after parsing attributes in process `syz.9.16955'. [ 1019.449292][T11564] pim6reg1: entered promiscuous mode [ 1019.468381][T11564] pim6reg1: entered allmulticast mode [ 1020.157092][T11580] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 1020.651642][T11613] netlink: 24 bytes leftover after parsing attributes in process `syz.8.16993'. [ 1020.947813][T11626] binder: 11624:11626 ioctl 80089418 0 returned -22 [ 1021.301140][T11649] netlink: 104 bytes leftover after parsing attributes in process `syz.2.17011'. [ 1022.057500][T11689] can: request_module (can-proto-0) failed. [ 1022.797656][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 1022.797667][ T30] audit: type=1326 audit(1763238984.132:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11705 comm="syz.7.17037" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x0 [ 1023.111435][T11718] binder_alloc: 11717: binder_alloc_buf, no vma [ 1023.912034][T11756] netlink: 44 bytes leftover after parsing attributes in process `syz.2.17059'. [ 1023.945167][T11756] netlink: 'syz.2.17059': attribute type 6 has an invalid length. [ 1023.962013][T11756] netlink: 'syz.2.17059': attribute type 5 has an invalid length. [ 1023.998941][T11756] netlink: 'syz.2.17059': attribute type 4 has an invalid length. [ 1024.766914][T11803] fuse: Bad value for 'fd' [ 1025.303004][T11789] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1025.310932][T11789] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1025.353461][T11789] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1025.375393][T11789] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1025.445753][T11789] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1025.621576][T11816] tipc: Started in network mode [ 1025.683583][T11816] tipc: Node identity fec993f09595, cluster identity 4711 [ 1025.782887][T11816] tipc: Enabled bearer , priority 0 [ 1025.799862][T11817] syzkaller0: entered promiscuous mode [ 1025.807719][T11817] syzkaller0: entered allmulticast mode [ 1026.022268][T11812] tipc: Resetting bearer [ 1026.284234][T11812] tipc: Disabling bearer [ 1026.542665][ T5827] Bluetooth: hci2: command 0x0406 tx timeout [ 1027.130383][T11864] netlink: 'syz.2.17109': attribute type 64 has an invalid length. [ 1027.187798][T11864] netlink: 5 bytes leftover after parsing attributes in process `syz.2.17109'. [ 1027.344678][ T5827] Bluetooth: hci4: command 0x0406 tx timeout [ 1027.430661][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 1027.437495][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 1027.502816][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout [ 1029.328122][T11930] random: crng reseeded on system resumption [ 1029.509002][T11936] netlink: 'syz.8.17140': attribute type 1 has an invalid length. [ 1029.517110][T11936] netlink: 1 bytes leftover after parsing attributes in process `syz.8.17140'. [ 1031.497866][T11996] fuse: Bad value for 'group_id' [ 1031.505815][T11996] fuse: Bad value for 'group_id' [ 1031.852327][T12031] netlink: 'syz.8.17184': attribute type 4 has an invalid length. [ 1032.339426][T12060] netlink: 'syz.2.17197': attribute type 16 has an invalid length. [ 1033.060025][T12095] netlink: 4 bytes leftover after parsing attributes in process `syz.7.17213'. [ 1033.588583][T12128] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17226'. [ 1033.607791][T12128] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17226'. [ 1034.969963][T12190] netlink: 108 bytes leftover after parsing attributes in process `syz.8.17259'. [ 1034.979352][T12190] netlink: 8 bytes leftover after parsing attributes in process `syz.8.17259'. [ 1035.658564][ T30] audit: type=1326 audit(1763238996.992:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.2.17274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1035.732775][ T30] audit: type=1326 audit(1763238996.992:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.2.17274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1035.765087][ T30] audit: type=1326 audit(1763238997.022:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.2.17274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1035.854010][ T30] audit: type=1326 audit(1763238997.042:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.2.17274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1035.918134][ T30] audit: type=1326 audit(1763238997.042:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12218 comm="syz.2.17274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1035.963239][ T30] audit: type=1326 audit(1763238997.042:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12222 comm="syz.2.17274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa28e3c1f85 code=0x7ffc0000 [ 1035.995018][ T30] audit: type=1326 audit(1763238997.192:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12222 comm="syz.2.17274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1036.719196][T12272] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17301'. [ 1036.746733][T12272] tc_dump_action: action bad kind [ 1038.314914][T12342] binfmt_misc: register: failed to install interpreter file ./file0 [ 1040.483384][ T1340] tipc: Subscription rejected, illegal request [ 1040.753928][T12438] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 1041.038657][ T10] usb 3-1: new full-speed USB device number 52 using dummy_hcd [ 1041.224501][ T10] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1041.254926][ T10] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 1041.266473][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1041.300206][ T10] usb 3-1: Product: syz [ 1041.312672][ T10] usb 3-1: Manufacturer: syz [ 1041.327449][ T10] usb 3-1: SerialNumber: syz [ 1041.348660][ T10] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 1041.838059][T12438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1041.854939][T12438] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1041.874031][ T10] usb 3-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 1042.090006][ T10] usb 3-1: USB disconnect, device number 52 [ 1042.755713][T12497] netlink: 'syz.2.17403': attribute type 4 has an invalid length. [ 1043.689999][T12539] usb usb9: usbfs: process 12539 (syz.2.17424) did not claim interface 0 before use [ 1043.997193][ T30] audit: type=1326 audit(1763239005.332:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12515 comm="syz.7.17412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7fc00000 [ 1044.240130][ T30] audit: type=1326 audit(1763239005.572:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12567 comm="syz.2.17436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1044.301084][ T30] audit: type=1326 audit(1763239005.572:1470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12567 comm="syz.2.17436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1044.352275][ T30] audit: type=1326 audit(1763239005.582:1471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12567 comm="syz.2.17436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1044.377742][ T30] audit: type=1326 audit(1763239005.582:1472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12567 comm="syz.2.17436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1044.421760][ T30] audit: type=1326 audit(1763239005.582:1473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12567 comm="syz.2.17436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1044.950946][ T10] hid-generic 0000:10000:0007.0023: unknown main item tag 0x0 [ 1044.972618][ T10] hid-generic 0000:10000:0007.0023: unknown main item tag 0x0 [ 1044.990364][ T10] hid-generic 0000:10000:0007.0023: unknown main item tag 0x0 [ 1045.033081][ T10] hid-generic 0000:10000:0007.0023: unknown main item tag 0x0 [ 1045.040579][ T10] hid-generic 0000:10000:0007.0023: unknown main item tag 0x0 [ 1045.074624][ T10] hid-generic 0000:10000:0007.0023: unknown main item tag 0x0 [ 1045.083762][ T10] hid-generic 0000:10000:0007.0023: unknown main item tag 0x0 [ 1045.091243][ T10] hid-generic 0000:10000:0007.0023: unknown main item tag 0x0 [ 1045.115693][ T10] hid-generic 0000:10000:0007.0023: unknown main item tag 0x0 [ 1045.144637][ T10] hid-generic 0000:10000:0007.0023: unknown main item tag 0x0 [ 1045.162862][ T10] hid-generic 0000:10000:0007.0023: hidraw0: HID v9.40 Device [syz1] on syz1 [ 1045.282232][T12612] fido_id[12612]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1045.302178][T12614] syzkaller0: entered promiscuous mode [ 1045.323511][T12614] syzkaller0: entered allmulticast mode [ 1046.117232][T12657] netlink: 4 bytes leftover after parsing attributes in process `syz.8.17480'. [ 1046.494146][T12676] netlink: 8 bytes leftover after parsing attributes in process `syz.8.17490'. [ 1046.514053][T12676] netlink: 12 bytes leftover after parsing attributes in process `syz.8.17490'. [ 1046.734350][T12687] binder: 12686:12687 ioctl c018620c 200000000000 returned -22 [ 1047.265515][T12709] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1047.378259][T12713] netlink: 17 bytes leftover after parsing attributes in process `syz.8.17505'. [ 1047.753606][T12737] netlink: 12 bytes leftover after parsing attributes in process `syz.7.17515'. [ 1047.864157][T12743] netlink: 'syz.8.17517': attribute type 16 has an invalid length. [ 1047.872183][T12743] netlink: 64122 bytes leftover after parsing attributes in process `syz.8.17517'. [ 1048.480138][T12779] netlink: 68 bytes leftover after parsing attributes in process `syz.7.17536'. [ 1048.906786][T12800] netlink: 160 bytes leftover after parsing attributes in process `syz.9.17547'. [ 1048.922642][T12800] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 1049.530080][T12812] netlink: 56 bytes leftover after parsing attributes in process `syz.0.17551'. [ 1049.829864][T12834] binder: 12833:12834 ioctl c0306201 2000000001c0 returned -14 [ 1049.956155][T12840] netlink: 96 bytes leftover after parsing attributes in process `syz.7.17565'. [ 1050.726965][T12866] input: syz0 as /devices/virtual/input/input94 [ 1050.865414][T12876] tipc: Enabling of bearer rejected, failed to enable media [ 1052.034513][ T30] audit: type=1326 audit(1763239013.362:1474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12926 comm="syz.7.17606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 1052.102703][ T30] audit: type=1326 audit(1763239013.362:1475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12926 comm="syz.7.17606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 1052.183432][ T30] audit: type=1326 audit(1763239013.362:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12926 comm="syz.7.17606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 1052.242182][ T30] audit: type=1326 audit(1763239013.362:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12926 comm="syz.7.17606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 1052.264733][ C1] vkms_vblank_simulate: vblank timer overrun [ 1052.310593][ T30] audit: type=1326 audit(1763239013.372:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12926 comm="syz.7.17606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f63db98df10 code=0x7ffc0000 [ 1052.333144][ C1] vkms_vblank_simulate: vblank timer overrun [ 1052.343129][ T10] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 1052.411800][ T30] audit: type=1326 audit(1763239013.372:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12926 comm="syz.7.17606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f63db98f2cb code=0x7ffc0000 [ 1052.502808][ T30] audit: type=1326 audit(1763239013.372:1480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12926 comm="syz.7.17606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f63db98f2cb code=0x7ffc0000 [ 1052.576094][ T30] audit: type=1326 audit(1763239013.402:1481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12926 comm="syz.7.17606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f63db98f2cb code=0x7ffc0000 [ 1052.600528][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1052.632228][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1052.673785][ T30] audit: type=1326 audit(1763239013.402:1482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12926 comm="syz.7.17606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f63db98f2cb code=0x7ffc0000 [ 1052.701666][ T10] usb 8-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 1052.722620][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1052.742647][ T10] usb 8-1: Product: syz [ 1052.761089][ T10] usb 8-1: Manufacturer: syz [ 1052.771224][ T10] usb 8-1: SerialNumber: syz [ 1052.791449][ T30] audit: type=1326 audit(1763239013.552:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12926 comm="syz.7.17606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f63db98f2cb code=0x7ffc0000 [ 1052.829400][ T10] usb 8-1: config 0 descriptor?? [ 1052.853205][ T10] uvcvideo 8-1:0.0: Found UVC 0.00 device syz (18ec:3288) [ 1052.880737][ T10] uvcvideo 8-1:0.0: No valid video chain found. [ 1053.105633][ T6538] usb 8-1: USB disconnect, device number 13 [ 1054.316456][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.324814][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.491007][T13013] __nla_validate_parse: 1 callbacks suppressed [ 1054.491024][T13013] netlink: 12 bytes leftover after parsing attributes in process `syz.9.17645'. [ 1054.577767][T13018] netlink: 'syz.7.17649': attribute type 32 has an invalid length. [ 1054.695740][T13024] netlink: 4 bytes leftover after parsing attributes in process `syz.9.17651'. [ 1055.268377][T13060] netlink: 'syz.9.17667': attribute type 5 has an invalid length. [ 1056.047849][T13099] warn_alloc: 1 callbacks suppressed [ 1056.047865][T13099] syz.9.17687: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1056.069248][T13105] netlink: 'syz.8.17691': attribute type 16 has an invalid length. [ 1056.069267][T13105] netlink: 64122 bytes leftover after parsing attributes in process `syz.8.17691'. [ 1056.092550][T13099] CPU: 1 UID: 0 PID: 13099 Comm: syz.9.17687 Not tainted syzkaller #0 PREEMPT(full) [ 1056.092571][T13099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1056.092584][T13099] Call Trace: [ 1056.092591][T13099] [ 1056.092600][T13099] dump_stack_lvl+0x189/0x250 [ 1056.092631][T13099] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1056.092654][T13099] ? __pfx__printk+0x10/0x10 [ 1056.092672][T13099] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1056.092696][T13099] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1056.092721][T13099] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 1056.092756][T13099] warn_alloc+0x214/0x310 [ 1056.092780][T13099] ? stack_depot_save_flags+0x40/0x860 [ 1056.092810][T13099] ? __pfx_warn_alloc+0x10/0x10 [ 1056.092836][T13099] ? kasan_save_track+0x3e/0x80 [ 1056.092857][T13099] ? __kasan_kmalloc+0x93/0xb0 [ 1056.092879][T13099] ? xsk_setsockopt+0x4dc/0x8d0 [ 1056.092899][T13099] ? do_sock_setsockopt+0x17c/0x1b0 [ 1056.092915][T13099] ? __x64_sys_setsockopt+0x13f/0x1b0 [ 1056.092929][T13099] ? do_syscall_64+0xfa/0xfa0 [ 1056.092952][T13099] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1056.092976][T13099] __vmalloc_node_range_noprof+0x125/0x12d0 [ 1056.093028][T13099] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1056.093056][T13099] ? __kasan_kmalloc+0x93/0xb0 [ 1056.093084][T13099] vmalloc_user_noprof+0xad/0xf0 [ 1056.093107][T13099] ? xskq_create+0xbf/0x170 [ 1056.093128][T13099] xskq_create+0xbf/0x170 [ 1056.093153][T13099] xsk_init_queue+0xb0/0x110 [ 1056.093176][T13099] xsk_setsockopt+0x4dc/0x8d0 [ 1056.093197][T13099] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1056.093220][T13099] ? __pfx_aa_sk_perm+0x10/0x10 [ 1056.093244][T13099] ? aa_sock_opt_perm+0xff/0x1b0 [ 1056.093271][T13099] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 1056.093287][T13099] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1056.093310][T13099] do_sock_setsockopt+0x17c/0x1b0 [ 1056.093333][T13099] __x64_sys_setsockopt+0x13f/0x1b0 [ 1056.093356][T13099] do_syscall_64+0xfa/0xfa0 [ 1056.093378][T13099] ? lockdep_hardirqs_on+0x9c/0x150 [ 1056.093402][T13099] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1056.093419][T13099] ? clear_bhb_loop+0x60/0xb0 [ 1056.093440][T13099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1056.093456][T13099] RIP: 0033:0x7f1f44f8f6c9 [ 1056.093472][T13099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1056.093488][T13099] RSP: 002b:00007f1f45ea3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1056.093508][T13099] RAX: ffffffffffffffda RBX: 00007f1f451e5fa0 RCX: 00007f1f44f8f6c9 [ 1056.093521][T13099] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006 [ 1056.093533][T13099] RBP: 00007f1f45011f91 R08: 0000000000000004 R09: 0000000000000000 [ 1056.093544][T13099] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1056.093555][T13099] R13: 00007f1f451e6038 R14: 00007f1f451e5fa0 R15: 00007f1f4530fa28 [ 1056.093585][T13099] [ 1056.642698][T13099] Mem-Info: [ 1056.682762][T13099] active_anon:24337 inactive_anon:1 isolated_anon:0 [ 1056.682762][T13099] active_file:17387 inactive_file:3947 isolated_file:0 [ 1056.682762][T13099] unevictable:768 dirty:669 writeback:0 [ 1056.682762][T13099] slab_reclaimable:11949 slab_unreclaimable:105740 [ 1056.682762][T13099] mapped:40407 shmem:15245 pagetables:2986 [ 1056.682762][T13099] sec_pagetables:0 bounce:0 [ 1056.682762][T13099] kernel_misc_reclaimable:0 [ 1056.682762][T13099] free:1306659 free_pcp:16959 free_cma:0 [ 1056.762995][T13099] Node 0 active_anon:100876kB inactive_anon:4kB active_file:69492kB inactive_file:15656kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:161624kB dirty:2668kB writeback:0kB shmem:62936kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14340kB pagetables:11700kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1056.826656][T13099] Node 1 active_anon:0kB inactive_anon:0kB active_file:56kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:56kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:184kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1056.890606][T13099] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1056.946808][T13099] lowmem_reserve[]: 0 2505 2505 2505 2505 [ 1056.955704][T13099] Node 0 DMA32 free:1313252kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:106192kB inactive_anon:4kB active_file:69492kB inactive_file:15656kB unevictable:1536kB writepending:2692kB zspages:0kB present:3129332kB managed:2565152kB mlocked:0kB bounce:0kB free_pcp:37196kB local_pcp:15012kB free_cma:0kB [ 1057.063432][T13099] lowmem_reserve[]: 0 0 0 0 0 [ 1057.070219][T13099] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1057.109640][T13099] lowmem_reserve[]: 0 0 0 0 0 [ 1057.114728][T13099] Node 1 Normal free:3898808kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:56kB inactive_file:132kB unevictable:1536kB writepending:8kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:21856kB local_pcp:12256kB free_cma:0kB [ 1057.149593][T13099] lowmem_reserve[]: 0 0 0 0 0 [ 1057.156577][T13099] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1057.172213][T13099] Node 0 DMA32: 2293*4kB (UME) 874*8kB (UME) 427*16kB (UME) 293*32kB (UME) 645*64kB (UME) 392*128kB (UME) 347*256kB (UME) 189*512kB (UME) 74*1024kB (UME) 9*2048kB (UE) 222*4096kB (UM) = 1312948kB [ 1057.205828][T13099] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1057.259363][T13099] Node 1 Normal: 240*4kB (UME) 57*8kB (UE) 45*16kB (UME) 183*32kB (UME) 52*64kB (UME) 11*128kB (UME) 10*256kB (UME) 9*512kB (UME) 6*1024kB (UME) 5*2048kB (UME) 943*4096kB (UM) = 3898808kB [ 1057.313472][T13099] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1057.324132][T13099] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 1057.334172][T13099] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1057.344434][T13099] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1057.387671][T13099] 38456 total pagecache pages [ 1057.399439][T13099] 1 pages in swap cache [ 1057.410698][T13099] Free swap = 124992kB [ 1057.414893][T13099] Total swap = 124996kB [ 1057.419105][T13099] 2097051 pages RAM [ 1057.429229][T13099] 0 pages HighMem/MovableOnly [ 1057.439338][T13099] 424121 pages reserved [ 1057.446964][T13099] 0 pages cma reserved [ 1058.335355][T13196] netlink: 8 bytes leftover after parsing attributes in process `syz.8.17734'. [ 1059.305594][T13238] netlink: 'syz.0.17754': attribute type 1 has an invalid length. [ 1059.414155][T13238] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1059.544999][T13244] bond1: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 1059.628886][T13244] bond1: entered allmulticast mode [ 1059.650791][T13253] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1059.664733][T13238] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 1059.790018][T13261] netlink: 36 bytes leftover after parsing attributes in process `syz.7.17764'. [ 1059.963725][T13269] binder: 13266:13269 ioctl 40046205 0 returned -22 [ 1059.978903][T13269] binder: 13266:13269 ioctl c0306201 200000000300 returned -11 [ 1060.572271][T13300] random: crng reseeded on system resumption [ 1061.413824][T13345] xt_TCPMSS: Only works on TCP SYN packets [ 1061.640161][T13359] can: request_module (can-proto-0) failed. [ 1061.727991][ T30] kauditd_printk_skb: 44 callbacks suppressed [ 1061.728006][ T30] audit: type=1326 audit(1763239023.062:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13366 comm="syz.2.17817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1061.763326][ T30] audit: type=1326 audit(1763239023.102:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13366 comm="syz.2.17817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1061.788845][T13365] netlink: 72 bytes leftover after parsing attributes in process `syz.7.17816'. [ 1061.852446][ T30] audit: type=1326 audit(1763239023.102:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13366 comm="syz.2.17817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1061.906415][ T30] audit: type=1326 audit(1763239023.102:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13366 comm="syz.2.17817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1062.020169][ T30] audit: type=1326 audit(1763239023.102:1532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13366 comm="syz.2.17817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1062.064336][ T30] audit: type=1326 audit(1763239023.102:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13366 comm="syz.2.17817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1062.094515][ T30] audit: type=1326 audit(1763239023.102:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13366 comm="syz.2.17817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1062.123017][ T30] audit: type=1326 audit(1763239023.102:1535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13366 comm="syz.2.17817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa28e38f6c9 code=0x7ffc0000 [ 1062.404890][T13400] sch_tbf: burst 0 is lower than device veth0_to_bridge mtu (1514) ! [ 1063.196138][T13435] bridge0: port 3(hsr0) entered disabled state [ 1063.202594][T13435] bridge0: port 2(bridge_slave_1) entered disabled state [ 1063.209918][T13435] bridge0: port 1(bridge_slave_0) entered disabled state [ 1063.661839][T13435] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1063.692959][T13435] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1063.930626][T13435] veth1_macvtap: left allmulticast mode [ 1064.237408][ T1340] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1064.247603][ T1340] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1064.264871][ T1340] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1064.276090][ T1340] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1065.038467][T13523] fuse: Bad value for 'group_id' [ 1065.045956][T13523] fuse: Bad value for 'group_id' [ 1065.286484][T13532] netlink: 100 bytes leftover after parsing attributes in process `syz.2.17897'. [ 1065.571447][ T30] audit: type=1326 audit(1763239026.902:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13548 comm="syz.7.17904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 1065.613016][T13533] netlink: 12 bytes leftover after parsing attributes in process `syz.0.17881'. [ 1065.658216][ T30] audit: type=1326 audit(1763239026.902:1537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13548 comm="syz.7.17904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 1066.124954][T13582] netlink: 24 bytes leftover after parsing attributes in process `syz.2.17921'. [ 1066.301394][T13589] binder: 13588:13589 ioctl c0306201 200000004a40 returned -14 [ 1066.619934][T13602] input: syz0 as /devices/virtual/input/input95 [ 1067.325291][T13631] netlink: 37 bytes leftover after parsing attributes in process `syz.7.17942'. [ 1068.851794][T13694] netlink: 4 bytes leftover after parsing attributes in process `syz.7.17969'. [ 1068.860929][T13694] tc_dump_action: action bad kind [ 1070.752801][T13763] netlink: 260 bytes leftover after parsing attributes in process `syz.8.18001'. [ 1071.501085][T13802] netlink: 4 bytes leftover after parsing attributes in process `syz.9.18020'. [ 1072.918567][T13861] bridge0: port 3(gretap0) entered disabled state [ 1073.012295][T13861] bridge0: port 2(bridge_slave_1) entered disabled state [ 1073.019768][T13861] bridge0: port 1(bridge_slave_0) entered disabled state [ 1073.530069][T13861] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1073.567702][T13861] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1073.592883][T13894] loop9: detected capacity change from 0 to 7 [ 1073.604972][T29707] Dev loop9: unable to read RDB block 7 [ 1073.610741][T29707] loop9: unable to read partition table [ 1073.617532][T29707] loop9: partition table beyond EOD, truncated [ 1073.769934][T13894] Dev loop9: unable to read RDB block 7 [ 1073.782022][T13894] loop9: unable to read partition table [ 1073.789985][T13894] loop9: partition table beyond EOD, truncated [ 1073.796464][T13894] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1074.102265][T13861] batman_adv: batadv0: Interface deactivated: gretap1 [ 1074.146177][T13885] 8021q: VLANs not supported on gre0 [ 1074.163822][ T60] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1074.202704][ T60] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1074.211602][ T60] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1074.247700][ T60] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1075.632791][T14248] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 1075.782813][T14248] usb 8-1: Using ep0 maxpacket: 32 [ 1075.790106][T14248] usb 8-1: unable to get BOS descriptor or descriptor too short [ 1075.800318][T14248] usb 8-1: config 9 has an invalid interface number: 254 but max is 0 [ 1075.831826][T14248] usb 8-1: config 9 has no interface number 0 [ 1075.860745][T14248] usb 8-1: config 9 interface 254 altsetting 2 bulk endpoint 0xC has invalid maxpacket 16 [ 1075.871011][T14248] usb 8-1: config 9 interface 254 has no altsetting 0 [ 1075.883967][T14248] usb 8-1: New USB device found, idVendor=0af0, idProduct=7601, bcdDevice=53.6c [ 1075.904110][T14248] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1075.912078][T14248] usb 8-1: Product: syz [ 1075.938056][T14248] usb 8-1: Manufacturer: syz [ 1075.952708][T14248] usb 8-1: SerialNumber: syz [ 1075.965710][T13953] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 1076.271243][T13974] input: syz0 as /devices/virtual/input/input96 [ 1076.323977][T14248] hso 8-1:9.254: Not our interface [ 1076.343402][T14248] usb 8-1: USB disconnect, device number 14 [ 1076.616788][T13984] netlink: 408 bytes leftover after parsing attributes in process `syz.8.18101'. [ 1076.635844][T13984] netlink: 12 bytes leftover after parsing attributes in process `syz.8.18101'. [ 1076.672669][T13984] netlink: 40 bytes leftover after parsing attributes in process `syz.8.18101'. [ 1077.965191][T14028] netlink: 16 bytes leftover after parsing attributes in process `syz.2.18122'. [ 1078.532622][T28516] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 1078.675785][T14055] netlink: 8 bytes leftover after parsing attributes in process `syz.8.18134'. [ 1078.692756][T28516] usb 3-1: Using ep0 maxpacket: 8 [ 1078.699962][T28516] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1078.742245][T28516] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1078.756524][T28516] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1078.776754][T28516] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1078.822713][T28516] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1078.852058][T28516] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1079.017923][T14072] netlink: 36 bytes leftover after parsing attributes in process `syz.9.18140'. [ 1079.028847][T14072] netlink: 32 bytes leftover after parsing attributes in process `syz.9.18140'. [ 1079.082764][T28516] usb 3-1: GET_CAPABILITIES returned 0 [ 1079.098523][T28516] usbtmc 3-1:16.0: can't read capabilities [ 1079.341421][ C0] usbtmc 3-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 1079.357666][T14044] usbtmc 3-1:16.0: Unable to send data, error -71 [ 1079.368386][T28516] usb 3-1: USB disconnect, device number 53 [ 1079.451845][T14089] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18148'. [ 1079.461422][T14089] netlink: 12 bytes leftover after parsing attributes in process `syz.0.18148'. [ 1079.471308][T14089] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18148'. [ 1081.363828][T28516] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 1081.532613][T28516] usb 1-1: Using ep0 maxpacket: 8 [ 1081.579814][T14213] tipc: Started in network mode [ 1081.598445][T14213] tipc: Node identity 7, cluster identity 4711 [ 1081.610350][T28516] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1081.625134][T14213] tipc: Node number set to 7 [ 1081.641713][T28516] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1081.659547][T28516] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1081.690138][T28516] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1081.704588][T28516] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1081.714291][T28516] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1081.878239][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 1081.878256][ T30] audit: type=1326 audit(1763239043.212:1544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14222 comm="syz.9.18213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f44f8f6c9 code=0x7ffc0000 [ 1081.956198][ T30] audit: type=1326 audit(1763239043.212:1545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14222 comm="syz.9.18213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f44f8f6c9 code=0x7ffc0000 [ 1082.085083][ T30] audit: type=1326 audit(1763239043.212:1546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14222 comm="syz.9.18213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f44f8f6c9 code=0x7ffc0000 [ 1082.152767][ T30] audit: type=1326 audit(1763239043.212:1547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14222 comm="syz.9.18213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f44f8f6c9 code=0x7ffc0000 [ 1082.176466][T28516] usb 1-1: GET_CAPABILITIES returned 0 [ 1082.181972][T28516] usbtmc 1-1:16.0: can't read capabilities [ 1082.241202][ T30] audit: type=1326 audit(1763239043.212:1548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14222 comm="syz.9.18213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f44f8f6c9 code=0x7ffc0000 [ 1082.413812][T13890] usb 1-1: USB disconnect, device number 39 [ 1082.790412][T14261] binder: 14260:14261 ioctl c0306201 200000000940 returned -22 [ 1083.044040][T14274] binder: BINDER_SET_CONTEXT_MGR already set [ 1083.057302][T14274] binder: 14273:14274 ioctl 40046207 0 returned -16 [ 1083.098678][T14278] binder_alloc: 14277: binder_alloc_buf size 1024 failed, no address space [ 1083.119394][T14278] binder_alloc: allocated: 12280 (num: 1 largest: 12280), free: 8 (num: 1 largest: 8) [ 1083.239876][T14280] ptrace attach of "./syz-executor exec"[14284] was attempted by "./syz-executor exec"[14280] [ 1083.302933][T14287] __nla_validate_parse: 3 callbacks suppressed [ 1083.302950][T14287] netlink: 12 bytes leftover after parsing attributes in process `syz.9.18243'. [ 1083.624518][T14300] netlink: 4 bytes leftover after parsing attributes in process `syz.9.18249'. [ 1084.491357][T14332] netlink: 24 bytes leftover after parsing attributes in process `syz.9.18263'. [ 1084.861621][T14351] trusted_key: encrypted_key: master key parameter 'd' is invalid [ 1085.632694][ T30] audit: type=1326 audit(1763239046.962:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14380 comm="syz.8.18287" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x0 [ 1088.641595][ T30] audit: type=1326 audit(1763239049.972:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14514 comm="syz.8.18347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7fc00000 [ 1088.692710][ T30] audit: type=1326 audit(1763239049.972:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14514 comm="syz.8.18347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7fc00000 [ 1089.252969][T14525] netlink: 104 bytes leftover after parsing attributes in process `syz.8.18353'. [ 1090.483152][ T30] audit: type=1326 audit(1763239051.822:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14569 comm="syz.7.18373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 1090.527115][ T30] audit: type=1326 audit(1763239051.822:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14569 comm="syz.7.18373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 1090.602046][ T30] audit: type=1326 audit(1763239051.842:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14569 comm="syz.7.18373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 1090.624519][ C1] vkms_vblank_simulate: vblank timer overrun [ 1090.634428][ T30] audit: type=1326 audit(1763239051.842:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14569 comm="syz.7.18373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 1090.657248][ C1] vkms_vblank_simulate: vblank timer overrun [ 1090.699901][ T30] audit: type=1326 audit(1763239051.842:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14569 comm="syz.7.18373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x7ffc0000 [ 1091.011157][T14590] netlink: 32 bytes leftover after parsing attributes in process `syz.7.18381'. [ 1091.353866][T14248] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 1091.515083][T14248] usb 3-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1091.532676][T14248] usb 3-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1091.589266][T14248] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1091.606190][T14248] usb 3-1: New USB device found, idVendor=044f, idProduct=b651, bcdDevice= 0.00 [ 1091.628570][T14248] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1091.647900][T14248] usb 3-1: config 0 descriptor?? [ 1091.855364][T14634] netlink: 8 bytes leftover after parsing attributes in process `syz.7.18402'. [ 1092.075690][T14248] hid_parser_main: 118 callbacks suppressed [ 1092.075711][T14248] thrustmaster 0003:044F:B651.0024: unknown main item tag 0x0 [ 1092.123583][T14248] thrustmaster 0003:044F:B651.0024: unknown main item tag 0x0 [ 1092.141258][T14248] thrustmaster 0003:044F:B651.0024: item fetching failed at offset 2/7 [ 1092.156326][T14248] thrustmaster 0003:044F:B651.0024: parse failed [ 1092.175213][T14248] thrustmaster 0003:044F:B651.0024: probe with driver thrustmaster failed with error -22 [ 1092.240626][T14653] netlink: 'syz.8.18411': attribute type 4 has an invalid length. [ 1092.320052][T14248] usb 3-1: USB disconnect, device number 54 [ 1093.133824][T14699] sch_tbf: burst 0 is lower than device veth0_to_bridge mtu (1514) ! [ 1093.598409][T14729] netlink: 68 bytes leftover after parsing attributes in process `syz.8.18447'. [ 1093.655415][T14732] netlink: 24 bytes leftover after parsing attributes in process `syz.2.18449'. [ 1094.033025][T14248] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 1094.302120][T14248] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1094.312926][T13890] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 1094.341241][T14248] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1094.360636][T14248] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1094.374119][T14248] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1094.413508][T14248] usb 1-1: config 0 descriptor?? [ 1094.493994][T13890] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1094.513249][T13890] usb 10-1: config 0 has no interfaces? [ 1094.535455][T13890] usb 10-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1094.557131][T13890] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1094.574979][T13890] usb 10-1: Product: syz [ 1094.580287][T13890] usb 10-1: Manufacturer: syz [ 1094.612734][T13890] usb 10-1: SerialNumber: syz [ 1094.638837][T13890] usb 10-1: config 0 descriptor?? [ 1094.732745][T14248] usb 1-1: string descriptor 0 read error: -71 [ 1094.754424][T14248] usb 1-1: USB disconnect, device number 40 [ 1094.812324][T14794] netlink: 324 bytes leftover after parsing attributes in process `syz.7.18477'. [ 1094.821597][T14794] netlink: 12 bytes leftover after parsing attributes in process `syz.7.18477'. [ 1094.901352][T13890] usb 10-1: USB disconnect, device number 8 [ 1096.062877][T13875] usb 9-1: new high-speed USB device number 23 using dummy_hcd [ 1096.242800][T13875] usb 9-1: Using ep0 maxpacket: 8 [ 1096.256323][T13875] usb 9-1: unable to get BOS descriptor or descriptor too short [ 1096.321422][T13875] usb 9-1: config 12 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 108 [ 1096.355652][T13875] usb 9-1: config 12 interface 0 has no altsetting 0 [ 1096.380089][T13875] usb 9-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 1096.397078][T13875] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1096.421178][T13875] usb 9-1: Product: syz [ 1096.430748][T13875] usb 9-1: Manufacturer: syz [ 1096.440652][T13875] usb 9-1: SerialNumber: syz [ 1096.459354][T14840] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 1096.718456][T13875] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 1096.760925][T13875] usb 9-1: selecting invalid altsetting 0 [ 1096.817370][T13875] usb 9-1: USB disconnect, device number 23 [ 1096.981842][ T4208] udevd[4208]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:12.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1097.571844][T14890] binder: 14889:14890 ioctl c018620c 200000000240 returned -22 [ 1097.672994][T14894] binder: 14893:14894 ioctl c0306201 2000000001c0 returned -14 [ 1098.728335][T14953] pim6reg1: entered promiscuous mode [ 1098.739812][T14953] pim6reg1: entered allmulticast mode [ 1098.817853][T14957] netlink: 12 bytes leftover after parsing attributes in process `syz.7.18556'. [ 1098.952630][T13875] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 1099.142894][T13875] usb 1-1: Using ep0 maxpacket: 8 [ 1099.190787][T14974] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1099.223153][T13875] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1099.268101][T13875] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1099.279205][T13875] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1099.292188][T13875] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1099.306964][T13875] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1099.320547][T13875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1099.566090][T13875] usb 1-1: GET_CAPABILITIES returned 0 [ 1099.571625][T13875] usbtmc 1-1:16.0: can't read capabilities [ 1100.024279][T13875] usb 1-1: USB disconnect, device number 41 [ 1100.395912][T15043] netlink: 12 bytes leftover after parsing attributes in process `syz.7.18597'. [ 1101.674504][T15085] netlink: 13 bytes leftover after parsing attributes in process `syz.2.18615'. [ 1105.720299][T15210] netlink: 'syz.7.18673': attribute type 6 has an invalid length. [ 1105.926526][T15221] netlink: 'syz.7.18678': attribute type 11 has an invalid length. [ 1105.935852][T15227] netlink: 20 bytes leftover after parsing attributes in process `syz.2.18681'. [ 1106.274483][T15236] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1106.653580][T15248] netlink: 8 bytes leftover after parsing attributes in process `syz.8.18691'. [ 1109.085052][T15333] netlink: 'syz.9.18729': attribute type 12 has an invalid length. [ 1109.539310][T15351] netlink: 60 bytes leftover after parsing attributes in process `syz.8.18737'. [ 1109.918374][T15366] netlink: 'syz.2.18746': attribute type 13 has an invalid length. [ 1110.507637][T15392] tc_dump_action: action bad kind [ 1110.731868][T15408] netlink: 8 bytes leftover after parsing attributes in process `syz.7.18764'. [ 1112.556255][T15490] netlink: 4 bytes leftover after parsing attributes in process `syz.9.18804'. [ 1112.566482][T15490] netlink: 4 bytes leftover after parsing attributes in process `syz.9.18804'. [ 1112.683939][T15499] sit0: entered promiscuous mode [ 1112.694923][T15499] netlink: 'syz.9.18806': attribute type 1 has an invalid length. [ 1112.703662][T15499] netlink: 1 bytes leftover after parsing attributes in process `syz.9.18806'. [ 1112.714241][T15502] trusted_key: encrypted_key: insufficient parameters specified [ 1113.053122][T13890] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 1113.219532][T13890] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1113.245414][T13890] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1113.273863][T13890] usb 10-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1113.292997][T13890] usb 10-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 1113.311475][T13890] usb 10-1: Manufacturer: syz [ 1113.355336][T13890] usb 10-1: config 0 descriptor?? [ 1114.202454][T13890] input: syz as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:256C:006D.0025/input/input99 [ 1114.316470][T13890] input: syz as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:256C:006D.0025/input/input100 [ 1114.346517][T13890] input: syz Touch Strip as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:256C:006D.0025/input/input101 [ 1114.386136][T13890] input: syz Dial as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:256C:006D.0025/input/input102 [ 1114.457343][T13890] uclogic 0003:256C:006D.0025: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.9-1/input0 [ 1115.146613][T28516] usb 10-1: USB disconnect, device number 9 [ 1115.498196][T15615] netlink: 'syz.7.18860': attribute type 13 has an invalid length. [ 1115.528037][T15615] erspan0: refused to change device tx_queue_len [ 1115.749252][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.755716][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1115.833962][T15628] pim6reg1: entered promiscuous mode [ 1115.839285][T15628] pim6reg1: entered allmulticast mode [ 1117.222786][T15685] netlink: 12 bytes leftover after parsing attributes in process `syz.7.18895'. [ 1117.282350][T15685] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1117.350885][T15689] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1117.447175][T15689] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 1117.971771][T15714] binder: 15713:15714 ioctl c0306201 200000000940 returned -22 [ 1119.171025][T15768] netlink: 57 bytes leftover after parsing attributes in process `syz.7.18916'. [ 1119.337272][T15776] usb usb7: usbfs: process 15776 (syz.8.18935) did not claim interface 0 before use [ 1119.612762][T15787] Invalid logical block size (34372) [ 1119.987510][T15804] netlink: 'syz.2.18950': attribute type 28 has an invalid length. [ 1120.160558][T15816] netlink: 52 bytes leftover after parsing attributes in process `syz.0.18941'. [ 1120.545187][T15839] netlink: 100 bytes leftover after parsing attributes in process `syz.2.18967'. [ 1121.259420][T15876] netlink: 'syz.9.18984': attribute type 1 has an invalid length. [ 1121.352105][T15880] bond1: (slave vcan0): The slave device specified does not support setting the MAC address [ 1121.382368][T15880] bond1: (slave vcan0): Setting fail_over_mac to active for active-backup mode [ 1121.409445][T15880] bond1: (slave vcan0): making interface the new active one [ 1121.426353][T15880] bond1: (slave vcan0): Enslaving as an active interface with an up link [ 1121.440352][T15876] bond1: entered allmulticast mode [ 1121.449866][T15876] vcan0: entered allmulticast mode [ 1121.767036][T15904] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1122.095492][T15915] x_tables: duplicate underflow at hook 2 [ 1122.192677][T15919] netlink: 8 bytes leftover after parsing attributes in process `syz.8.19001'. [ 1122.615839][T15943] netlink: 4 bytes leftover after parsing attributes in process `syz.8.19011'. [ 1122.798465][T15953] netlink: 104 bytes leftover after parsing attributes in process `syz.2.19018'. [ 1123.297666][T15980] netlink: 28 bytes leftover after parsing attributes in process `syz.9.19029'. [ 1124.560958][T16043] netlink: 12 bytes leftover after parsing attributes in process `syz.0.19052'. [ 1125.614304][T16095] netlink: 164 bytes leftover after parsing attributes in process `syz.8.19082'. [ 1125.772910][T16101] netlink: 12 bytes leftover after parsing attributes in process `syz.9.19086'. [ 1126.053724][T16121] netlink: 'syz.8.19094': attribute type 4 has an invalid length. [ 1126.497907][T16137] netlink: 4 bytes leftover after parsing attributes in process `syz.9.19102'. [ 1126.587731][T16143] netlink: 'syz.7.19103': attribute type 10 has an invalid length. [ 1126.628010][T16143] netlink: 40 bytes leftover after parsing attributes in process `syz.7.19103'. [ 1126.649534][T16143] dummy0: entered promiscuous mode [ 1127.182826][T13890] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 1127.344196][T13890] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1127.372453][T13890] usb 8-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 1127.386431][T13890] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1127.405848][T13890] usb 8-1: config 0 descriptor?? [ 1127.422899][T28516] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 1127.572611][T28516] usb 1-1: device descriptor read/64, error -71 [ 1127.824204][T28516] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 1127.982662][T28516] usb 1-1: device descriptor read/64, error -71 [ 1128.115116][T28516] usb usb1-port1: attempt power cycle [ 1128.482607][T28516] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 1128.524021][T28516] usb 1-1: device descriptor read/8, error -71 [ 1128.772648][T28516] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 1128.808835][T28516] usb 1-1: device descriptor read/8, error -71 [ 1128.932905][T28516] usb usb1-port1: unable to enumerate USB device [ 1130.534029][T13890] usbhid 8-1:0.0: can't add hid device: -71 [ 1130.540349][T13890] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 1130.560657][T13890] usb 8-1: USB disconnect, device number 15 [ 1131.646798][T16304] netlink: 68 bytes leftover after parsing attributes in process `syz.9.19178'. [ 1131.760216][T16311] binder: 16309:16311 ioctl c0306201 2000000004c0 returned -22 [ 1132.096265][ T30] audit: type=1326 audit(1763239093.432:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16328 comm="syz.9.19191" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1f44f8f6c9 code=0x0 [ 1133.053149][T14248] usb 3-1: new full-speed USB device number 55 using dummy_hcd [ 1133.210689][T14248] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1133.226131][T14248] usb 3-1: not running at top speed; connect to a high speed hub [ 1133.236318][T14248] usb 3-1: config 1 has an invalid interface number: 138 but max is 0 [ 1133.245074][T14248] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1133.256315][T14248] usb 3-1: config 1 has no interface number 0 [ 1133.263055][T14248] usb 3-1: config 1 interface 138 has no altsetting 0 [ 1133.284768][T14248] usb 3-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae [ 1133.301330][T14248] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1133.314416][T14248] usb 3-1: Product: syz [ 1133.318582][T14248] usb 3-1: Manufacturer: syz [ 1133.324686][T14248] usb 3-1: SerialNumber: syz [ 1133.578965][T14248] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1133.693839][T14248] usb 3-1: USB disconnect, device number 55 [ 1134.641860][T16465] netlink: 28 bytes leftover after parsing attributes in process `syz.0.19250'. [ 1135.313376][T16506] netlink: 44 bytes leftover after parsing attributes in process `syz.8.19271'. [ 1135.327125][T16506] netlink: 12 bytes leftover after parsing attributes in process `syz.8.19271'. [ 1135.337201][T16506] netlink: 8 bytes leftover after parsing attributes in process `syz.8.19271'. [ 1136.354163][T16553] netlink: 76 bytes leftover after parsing attributes in process `syz.8.19294'. [ 1138.042891][T13875] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 1138.195421][T16619] netlink: 56 bytes leftover after parsing attributes in process `syz.0.19324'. [ 1138.223818][T13875] usb 3-1: Using ep0 maxpacket: 16 [ 1138.230950][T13875] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1138.244964][T13875] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1138.257637][T13875] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1138.270561][T13875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1138.280217][T13875] usb 3-1: Product: syz [ 1138.284786][T13875] usb 3-1: Manufacturer: syz [ 1138.289436][T13875] usb 3-1: SerialNumber: syz [ 1138.614737][T13875] usb 3-1: 0:2 : does not exist [ 1138.619646][T13875] usb 3-1: unit 6 not found! [ 1138.706177][T13875] usb 3-1: USB disconnect, device number 56 [ 1138.813460][T29707] udevd[29707]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1139.403026][T14248] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 1139.643143][T14248] usb 8-1: Using ep0 maxpacket: 32 [ 1139.690576][T14248] usb 8-1: unable to get BOS descriptor or descriptor too short [ 1139.734289][T14248] usb 8-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1139.750479][T14248] usb 8-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1139.763358][T14248] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1139.793591][T14248] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1139.802812][T14248] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1139.810873][T14248] usb 8-1: Product: syz [ 1139.815192][T14248] usb 8-1: Manufacturer: syz [ 1139.819788][T14248] usb 8-1: SerialNumber: syz [ 1140.044249][T14248] usb 8-1: 0:2 : does not exist [ 1140.071621][T14248] usb 8-1: USB disconnect, device number 16 [ 1140.129048][T29707] udevd[29707]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1140.509447][T16706] netlink: 308 bytes leftover after parsing attributes in process `syz.2.19366'. [ 1140.881462][T16722] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1140.926184][T16727] ip6gre1: entered promiscuous mode [ 1140.931489][T16727] ip6gre1: entered allmulticast mode [ 1141.045515][T13875] usb 3-1: new full-speed USB device number 57 using dummy_hcd [ 1141.205876][T13875] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 1141.216433][T13875] usb 3-1: config 1 has no interface number 0 [ 1141.230798][T13875] usb 3-1: config 1 interface 105 has no altsetting 0 [ 1141.244745][T13875] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1141.254921][T13875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1141.264330][T13875] usb 3-1: Product: syz [ 1141.268699][T13875] usb 3-1: Manufacturer: syz [ 1141.274592][T13875] usb 3-1: SerialNumber: syz [ 1141.508598][T13875] aqc111 3-1:1.105: probe with driver aqc111 failed with error -71 [ 1141.544499][T13875] usb 3-1: USB disconnect, device number 57 [ 1143.026728][T16852] netlink: 4 bytes leftover after parsing attributes in process `syz.9.19435'. [ 1143.037857][T16852] bridge_slave_1: left allmulticast mode [ 1143.045597][T16852] bridge_slave_1: left promiscuous mode [ 1143.054789][T16852] bridge0: port 2(bridge_slave_1) entered disabled state [ 1143.085399][T16852] bridge_slave_0: left allmulticast mode [ 1143.091050][T16852] bridge_slave_0: left promiscuous mode [ 1143.113027][T16852] bridge0: port 1(bridge_slave_0) entered disabled state [ 1143.241645][T16862] netlink: 37 bytes leftover after parsing attributes in process `syz.7.19437'. [ 1143.541258][T16878] netlink: 8 bytes leftover after parsing attributes in process `syz.9.19447'. [ 1144.017574][ T30] audit: type=1326 audit(1763239105.352:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16899 comm="syz.8.19458" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x0 [ 1144.294534][T16919] loop2: detected capacity change from 0 to 7 [ 1144.310925][T16919] Dev loop2: unable to read RDB block 7 [ 1144.316774][T16919] loop2: AHDI p1 p2 p3 [ 1144.321646][T16919] loop2: partition table partially beyond EOD, truncated [ 1144.335756][T16919] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1144.343044][T16919] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1144.791053][T16936] netlink: 'syz.2.19475': attribute type 4 has an invalid length. [ 1144.924873][T16941] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.19478' sets config #0 [ 1145.636605][T16986] batadv_slave_1: entered promiscuous mode [ 1145.650275][T16985] batadv_slave_1: left promiscuous mode [ 1146.353170][ T30] audit: type=1326 audit(1763239107.692:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17012 comm="syz.7.19511" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x0 [ 1147.833677][T17072] netlink: 92 bytes leftover after parsing attributes in process `syz.2.19539'. [ 1148.102110][T17083] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1149.022739][T14248] usb 1-1: new full-speed USB device number 46 using dummy_hcd [ 1149.102750][T13875] usb 9-1: new high-speed USB device number 24 using dummy_hcd [ 1149.199510][T14248] usb 1-1: config 0 has an invalid interface number: 133 but max is 0 [ 1149.208884][T14248] usb 1-1: config 0 has no interface number 0 [ 1149.216067][T14248] usb 1-1: config 0 interface 133 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1149.276021][T14248] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 1149.282896][T13875] usb 9-1: Using ep0 maxpacket: 16 [ 1149.285746][T14248] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1149.298920][T14248] usb 1-1: Product: syz [ 1149.303295][T14248] usb 1-1: Manufacturer: syz [ 1149.307870][T14248] usb 1-1: SerialNumber: syz [ 1149.341788][T14248] usb 1-1: config 0 descriptor?? [ 1149.341804][T13875] usb 9-1: config 8 has an invalid interface number: 108 but max is 0 [ 1149.384701][T13875] usb 9-1: config 8 has no interface number 0 [ 1149.563988][T13875] usb 9-1: New USB device found, idVendor=0421, idProduct=04c9, bcdDevice=6e.97 [ 1149.573306][T13875] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1149.581297][T13875] usb 9-1: Product: syz [ 1149.586160][T13875] usb 9-1: Manufacturer: syz [ 1149.590761][T13875] usb 9-1: SerialNumber: syz [ 1149.605867][T14248] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected [ 1149.638630][T14248] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 82 [ 1149.665500][T14248] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81 [ 1149.717034][T14248] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1 [ 1149.742974][T14248] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2 [ 1149.818305][T13875] usb 9-1: bad CDC descriptors [ 1149.827820][T13875] cdc_acm 9-1:8.108: Zero length descriptor references [ 1149.835448][T13875] cdc_acm 9-1:8.108: probe with driver cdc_acm failed with error -22 [ 1149.846225][T13875] usb 9-1: USB disconnect, device number 24 [ 1149.945474][T14248] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1149.984531][T14248] usb 1-1: USB disconnect, device number 46 [ 1150.023460][T14248] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1150.045728][T14248] keyspan 1-1:0.133: device disconnected [ 1150.372186][T17138] binder: 17137:17138 ioctl 400c620e 0 returned -14 [ 1150.645756][T17149] netlink: 'syz.9.19570': attribute type 4 has an invalid length. [ 1151.524918][T17195] input: syz0 as /devices/virtual/input/input103 [ 1152.087106][T17217] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1152.169743][T17222] binder: 17219:17222 ioctl c0306201 2000000001c0 returned -14 [ 1152.316831][ T30] audit: type=1326 audit(1763239113.652:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.0.19604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601df8f6c9 code=0x7ffc0000 [ 1152.350851][ T30] audit: type=1326 audit(1763239113.652:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.0.19604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601df8f6c9 code=0x7ffc0000 [ 1152.378593][ T30] audit: type=1326 audit(1763239113.652:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.0.19604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f601df8f6c9 code=0x7ffc0000 [ 1152.402573][ T30] audit: type=1326 audit(1763239113.652:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.0.19604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601df8f6c9 code=0x7ffc0000 [ 1152.426325][ T30] audit: type=1326 audit(1763239113.652:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.0.19604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601df8f6c9 code=0x7ffc0000 [ 1152.449861][ T30] audit: type=1326 audit(1763239113.652:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.0.19604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f601df8f6c9 code=0x7ffc0000 [ 1152.493037][ T30] audit: type=1326 audit(1763239113.652:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.0.19604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601df8f6c9 code=0x7ffc0000 [ 1152.515997][ T30] audit: type=1326 audit(1763239113.652:1567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.0.19604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601df8f6c9 code=0x7ffc0000 [ 1152.543705][ T30] audit: type=1326 audit(1763239113.652:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.0.19604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f601df8f6c9 code=0x7ffc0000 [ 1152.546519][T13875] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 1152.589672][ T30] audit: type=1326 audit(1763239113.652:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.0.19604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601df8f6c9 code=0x7ffc0000 [ 1152.812866][T13875] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1152.824316][T13875] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1152.834076][T13875] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1152.874888][T13875] usb 8-1: config 0 descriptor?? [ 1153.121717][T17262] netlink: 4 bytes leftover after parsing attributes in process `syz.0.19622'. [ 1153.230340][T17262] bond0: left allmulticast mode [ 1153.231334][T13875] usbhid 8-1:0.0: can't add hid device: -71 [ 1153.235849][T17262] bond_slave_0: left allmulticast mode [ 1153.261715][T17262] bond_slave_1: left allmulticast mode [ 1153.261759][T13875] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 1153.268716][T17262] bond0: left promiscuous mode [ 1153.285821][T13875] usb 8-1: USB disconnect, device number 17 [ 1153.291684][T17262] bond_slave_0: left promiscuous mode [ 1153.300506][T17262] bond_slave_1: left promiscuous mode [ 1153.306818][T17262] bridge0: port 3(bond0) entered disabled state [ 1153.315829][T17262] bridge_slave_1: left allmulticast mode [ 1153.321467][T17262] bridge_slave_1: left promiscuous mode [ 1153.327303][T17262] bridge0: port 2(bridge_slave_1) entered disabled state [ 1153.337031][T17262] bridge_slave_0: left allmulticast mode [ 1153.344764][T17262] bridge_slave_0: left promiscuous mode [ 1153.350616][T17262] bridge0: port 1(bridge_slave_0) entered disabled state [ 1153.503118][T17281] netlink: 12 bytes leftover after parsing attributes in process `syz.8.19628'. [ 1153.646089][T17281] hsr0: left allmulticast mode [ 1153.651129][T17281] hsr_slave_0: left allmulticast mode [ 1153.659601][T17281] hsr_slave_1: left allmulticast mode [ 1153.667586][T17281] hsr0: left promiscuous mode [ 1153.672568][T17281] bridge0: port 3(hsr0) entered disabled state [ 1153.702213][T17281] bridge_slave_1: left allmulticast mode [ 1153.708349][T17281] bridge_slave_1: left promiscuous mode [ 1153.715403][T17281] bridge0: port 2(bridge_slave_1) entered disabled state [ 1153.726295][T17281] bridge_slave_0: left allmulticast mode [ 1153.732073][T17281] bridge_slave_0: left promiscuous mode [ 1153.739060][T17281] bridge0: port 1(bridge_slave_0) entered disabled state [ 1153.933748][T17293] netlink: 'syz.9.19635': attribute type 16 has an invalid length. [ 1153.942074][T17293] netlink: 'syz.9.19635': attribute type 2 has an invalid length. [ 1153.949995][T17293] netlink: 64086 bytes leftover after parsing attributes in process `syz.9.19635'. [ 1153.976336][T17281] bridge0 (unregistering): left allmulticast mode [ 1154.602625][ T5895] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 1154.793037][ T5895] usb 8-1: Using ep0 maxpacket: 32 [ 1154.844348][ T5895] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1154.855273][ T5895] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 1154.875981][ T5895] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1154.910726][ T5895] usb 8-1: config 0 descriptor?? [ 1154.958809][ T5895] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1155.023011][ T5895] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1155.280647][T17319] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19647'. [ 1155.291310][T17319] erspan0: entered promiscuous mode [ 1155.463381][T17328] netlink: 9 bytes leftover after parsing attributes in process `syz.2.19650'. [ 1155.514738][T17329] netlink: 5 bytes leftover after parsing attributes in process `syz.2.19650'. [ 1155.575409][T17329] 1ªî{X¹¦: renamed from 30ªî{X¹¦ [ 1155.794766][T17329] A link change request failed with some changes committed already. Interface 31ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 1156.193264][T28135] usb 8-1: USB disconnect, device number 18 [ 1156.225088][T28135] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 1156.675269][T17312] syz.9.19641 (17312): drop_caches: 1 [ 1157.061292][T17382] netlink: 12 bytes leftover after parsing attributes in process `syz.9.19675'. [ 1158.630292][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 1158.630309][ T30] audit: type=1326 audit(1763239119.962:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17435 comm="syz.8.19699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1158.703510][ T30] audit: type=1326 audit(1763239119.962:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17435 comm="syz.8.19699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1158.792755][ T30] audit: type=1326 audit(1763239119.962:1591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17435 comm="syz.8.19699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1158.845841][ T30] audit: type=1326 audit(1763239119.962:1592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17435 comm="syz.8.19699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1158.869001][ T30] audit: type=1326 audit(1763239119.962:1593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17435 comm="syz.8.19699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1158.927569][ T30] audit: type=1326 audit(1763239119.992:1594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17435 comm="syz.8.19699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1158.954974][ T30] audit: type=1326 audit(1763239119.992:1595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17435 comm="syz.8.19699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1159.026066][ T30] audit: type=1326 audit(1763239119.992:1596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17435 comm="syz.8.19699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1159.065819][ T30] audit: type=1326 audit(1763239120.002:1597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17435 comm="syz.8.19699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1159.088701][ T30] audit: type=1326 audit(1763239120.002:1598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17435 comm="syz.8.19699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd496b8f6c9 code=0x7ffc0000 [ 1159.362608][ T5895] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 1159.535281][ T5895] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10 [ 1159.556838][ T5895] usb 10-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00 [ 1159.582680][ T5895] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1159.613672][ T5895] usb 10-1: config 0 descriptor?? [ 1160.119215][ T5895] usbhid 10-1:0.0: can't add hid device: -71 [ 1160.137016][ T5895] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 1160.165549][ T5895] usb 10-1: USB disconnect, device number 10 [ 1160.566426][T17484] netlink: 48 bytes leftover after parsing attributes in process `syz.2.19720'. [ 1160.577624][T17484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19720'. [ 1161.764284][T17526] netlink: 20 bytes leftover after parsing attributes in process `syz.2.19739'. [ 1164.261860][T17608] fuse: Bad value for 'group_id' [ 1164.269253][T17608] fuse: Bad value for 'group_id' [ 1164.813987][T17630] netlink: 4 bytes leftover after parsing attributes in process `syz.9.19785'. [ 1165.583813][T17630] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1165.618330][T17630] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1165.647920][T17630] bond0 (unregistering): Released all slaves [ 1166.879127][T17683] netlink: 52 bytes leftover after parsing attributes in process `syz.2.19808'. [ 1166.898503][T17683] lo: Caught tx_queue_len zero misconfig [ 1167.672592][T13875] usb 9-1: new high-speed USB device number 25 using dummy_hcd [ 1167.834205][T13875] usb 9-1: config 0 has an invalid interface number: 182 but max is 1 [ 1167.843454][T13875] usb 9-1: config 0 has no interface number 1 [ 1167.849803][T13875] usb 9-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=9c.af [ 1167.862203][T13875] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1167.879941][T13875] usb 9-1: config 0 descriptor?? [ 1168.104877][T13890] usb 9-1: USB disconnect, device number 25 [ 1169.038181][T17725] netlink: 12 bytes leftover after parsing attributes in process `syz.8.19826'. [ 1169.198284][T17728] tipc: Enabling of bearer rejected, failed to enable media [ 1169.477126][T17558] syz.0.19731 (17558): drop_caches: 1 [ 1170.200811][T17750] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 1170.437662][T17750] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1170.744391][ T1016] ip6_tunnel: M xmit: Local address not yet configured! [ 1170.806462][T17760] sit0: left promiscuous mode [ 1170.930484][T17794] x_tables: duplicate underflow at hook 1 [ 1171.252377][T17760] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1171.280276][T17815] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1171.294359][T17760] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1171.769058][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1171.769493][ T30] audit: type=1326 audit(1763239133.092:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17826 comm="syz.7.19874" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f63db98f6c9 code=0x0 [ 1171.850257][T17760] bond1: left allmulticast mode [ 1171.856911][T17760] vcan0: left allmulticast mode [ 1171.916155][ T1340] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1171.940977][ T3461] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1171.971687][ T3461] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1172.037670][ T3461] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1172.043151][ T12] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1172.065214][ T12] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1172.082606][ T12] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1172.102607][ T12] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1172.231519][ T1016] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1172.239399][ T1016] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1172.352677][ T12] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1172.370456][ T12] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1172.502573][ T1016] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1172.510336][ T1016] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1172.657310][T17874] netlink: 96 bytes leftover after parsing attributes in process `syz.8.19896'. [ 1172.871170][T17879] [ 1172.873528][T17879] ===================================================== [ 1172.880454][T17879] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1172.887911][T17879] syzkaller #0 Not tainted [ 1172.892327][T17879] ----------------------------------------------------- [ 1172.899251][T17879] syz.9.19897/17879 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1172.907053][T17879] ffff88807db75de0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1172.915770][T17879] [ 1172.915770][T17879] and this task is already holding: [ 1172.923125][T17879] ffff88807658a468 (&tty->flow.lock){....}-{3:3}, at: start_tty+0x20/0x70 [ 1172.931643][T17879] which would create a new lock dependency: [ 1172.937506][T17879] (&tty->flow.lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1172.945148][T17879] [ 1172.945148][T17879] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1172.954572][T17879] (kbd_event_lock){..-.}-{3:3} [ 1172.954592][T17879] [ 1172.954592][T17879] ... which became SOFTIRQ-irq-safe at: [ 1172.967092][T17879] lock_acquire+0x120/0x360 [ 1172.971666][T17879] _raw_spin_lock+0x2e/0x40 [ 1172.976238][T17879] kbd_event+0xd2/0x3f70 [ 1172.980554][T17879] input_handle_events_default+0xd4/0x1a0 [ 1172.986340][T17879] input_pass_values+0x288/0x890 [ 1172.991345][T17879] input_event_dispose+0x3e5/0x6b0 [ 1172.996528][T17879] input_event+0x89/0xe0 [ 1173.000833][T17879] hidinput_hid_event+0x145e/0x1dd0 [ 1173.006107][T17879] hid_process_event+0x4be/0x620 [ 1173.011124][T17879] hid_report_raw_event+0xe91/0x16d0 [ 1173.016476][T17879] hid_input_report+0x43e/0x520 [ 1173.021393][T17879] hid_irq_in+0x47e/0x6d0 [ 1173.025788][T17879] __usb_hcd_giveback_urb+0x376/0x540 [ 1173.031229][T17879] dummy_timer+0x85f/0x44c0 [ 1173.035798][T17879] __hrtimer_run_queues+0x52c/0xc60 [ 1173.041060][T17879] hrtimer_run_softirq+0x187/0x2b0 [ 1173.046239][T17879] handle_softirqs+0x286/0x870 [ 1173.051070][T17879] __irq_exit_rcu+0xca/0x1f0 [ 1173.055725][T17879] irq_exit_rcu+0x9/0x30 [ 1173.060033][T17879] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1173.065740][T17879] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1173.071789][T17879] filemap_map_pages+0xe45/0x1e20 [ 1173.076879][T17879] __handle_mm_fault+0x347e/0x5400 [ 1173.082064][T17879] handle_mm_fault+0x40a/0x8e0 [ 1173.086896][T17879] do_user_addr_fault+0xa7c/0x1380 [ 1173.092079][T17879] exc_page_fault+0x82/0x100 [ 1173.096738][T17879] asm_exc_page_fault+0x26/0x30 [ 1173.101654][T17879] [ 1173.101654][T17879] to a SOFTIRQ-irq-unsafe lock: [ 1173.108647][T17879] (tasklist_lock){.+.+}-{3:3} [ 1173.108668][T17879] [ 1173.108668][T17879] ... which became SOFTIRQ-irq-unsafe at: [ 1173.121252][T17879] ... [ 1173.121259][T17879] lock_acquire+0x120/0x360 [ 1173.128387][T17879] _raw_read_lock+0x36/0x50 [ 1173.132960][T17879] __do_wait+0xde/0x740 [ 1173.137186][T17879] do_wait+0x1f8/0x510 [ 1173.141323][T17879] kernel_wait+0xab/0x170 [ 1173.145719][T17879] call_usermodehelper_exec_work+0xbe/0x230 [ 1173.151678][T17879] process_scheduled_works+0xae1/0x17b0 [ 1173.157287][T17879] worker_thread+0x8a0/0xda0 [ 1173.161942][T17879] kthread+0x711/0x8a0 [ 1173.166077][T17879] ret_from_fork+0x4bc/0x870 [ 1173.170734][T17879] ret_from_fork_asm+0x1a/0x30 [ 1173.175562][T17879] [ 1173.175562][T17879] other info that might help us debug this: [ 1173.175562][T17879] [ 1173.185765][T17879] Chain exists of: [ 1173.185765][T17879] kbd_event_lock --> &tty->flow.lock --> tasklist_lock [ 1173.185765][T17879] [ 1173.198520][T17879] Possible interrupt unsafe locking scenario: [ 1173.198520][T17879] [ 1173.206817][T17879] CPU0 CPU1 [ 1173.212163][T17879] ---- ---- [ 1173.217503][T17879] lock(tasklist_lock); [ 1173.221725][T17879] local_irq_disable(); [ 1173.228458][T17879] lock(kbd_event_lock); [ 1173.235288][T17879] lock(&tty->flow.lock); [ 1173.242202][T17879] [ 1173.245631][T17879] lock(kbd_event_lock); [ 1173.250114][T17879] [ 1173.250114][T17879] *** DEADLOCK *** [ 1173.250114][T17879] [ 1173.258230][T17879] 6 locks held by syz.9.19897/17879: [ 1173.263488][T17879] #0: ffff88807658a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1173.273222][T17879] #1: ffff88807658a2e8 (&tty->termios_rwsem/1){++++}-{4:4}, at: tty_set_termios+0x138/0x17e0 [ 1173.283474][T17879] #2: ffff88807658a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1173.292764][T17879] #3: ffff88807658a468 (&tty->flow.lock){....}-{3:3}, at: start_tty+0x20/0x70 [ 1173.301705][T17879] #4: ffff88807658a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1173.310994][T17879] #5: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1173.320020][T17879] [ 1173.320020][T17879] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1173.330400][T17879] -> (kbd_event_lock){..-.}-{3:3} { [ 1173.335677][T17879] IN-SOFTIRQ-W at: [ 1173.339724][T17879] lock_acquire+0x120/0x360 [ 1173.346028][T17879] _raw_spin_lock+0x2e/0x40 [ 1173.352335][T17879] kbd_event+0xd2/0x3f70 [ 1173.358383][T17879] input_handle_events_default+0xd4/0x1a0 [ 1173.365912][T17879] input_pass_values+0x288/0x890 [ 1173.372654][T17879] input_event_dispose+0x3e5/0x6b0 [ 1173.379571][T17879] input_event+0x89/0xe0 [ 1173.385616][T17879] hidinput_hid_event+0x145e/0x1dd0 [ 1173.392622][T17879] hid_process_event+0x4be/0x620 [ 1173.399367][T17879] hid_report_raw_event+0xe91/0x16d0 [ 1173.406455][T17879] hid_input_report+0x43e/0x520 [ 1173.413111][T17879] hid_irq_in+0x47e/0x6d0 [ 1173.419245][T17879] __usb_hcd_giveback_urb+0x376/0x540 [ 1173.426418][T17879] dummy_timer+0x85f/0x44c0 [ 1173.432725][T17879] __hrtimer_run_queues+0x52c/0xc60 [ 1173.439723][T17879] hrtimer_run_softirq+0x187/0x2b0 [ 1173.446639][T17879] handle_softirqs+0x286/0x870 [ 1173.453209][T17879] __irq_exit_rcu+0xca/0x1f0 [ 1173.459601][T17879] irq_exit_rcu+0x9/0x30 [ 1173.465645][T17879] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1173.473086][T17879] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1173.480869][T17879] filemap_map_pages+0xe45/0x1e20 [ 1173.487703][T17879] __handle_mm_fault+0x347e/0x5400 [ 1173.494619][T17879] handle_mm_fault+0x40a/0x8e0 [ 1173.501186][T17879] do_user_addr_fault+0xa7c/0x1380 [ 1173.508097][T17879] exc_page_fault+0x82/0x100 [ 1173.514496][T17879] asm_exc_page_fault+0x26/0x30 [ 1173.521151][T17879] INITIAL USE at: [ 1173.525112][T17879] lock_acquire+0x120/0x360 [ 1173.531330][T17879] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1173.538246][T17879] vt_reset_unicode+0x2b/0x160 [ 1173.544729][T17879] reset_vc+0x68/0x1b0 [ 1173.550512][T17879] vc_init+0x70/0x4a0 [ 1173.556211][T17879] con_init+0x385/0x9c0 [ 1173.562086][T17879] console_init+0x10e/0x430 [ 1173.568307][T17879] start_kernel+0x254/0x410 [ 1173.574528][T17879] x86_64_start_reservations+0x24/0x30 [ 1173.581711][T17879] x86_64_start_kernel+0x143/0x1c0 [ 1173.588543][T17879] common_startup_64+0x13e/0x147 [ 1173.595200][T17879] } [ 1173.597763][T17879] ... key at: [] kbd_event_lock+0x18/0xa0 [ 1173.605718][T17879] -> (&tty->flow.lock){....}-{3:3} { [ 1173.610995][T17879] INITIAL USE at: [ 1173.614870][T17879] lock_acquire+0x120/0x360 [ 1173.620916][T17879] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1173.627657][T17879] start_tty+0x20/0x70 [ 1173.633268][T17879] n_tty_set_termios+0xa7c/0x1090 [ 1173.639833][T17879] tty_set_termios+0xda4/0x17e0 [ 1173.646317][T17879] set_termios+0x516/0x6c0 [ 1173.652275][T17879] tty_mode_ioctl+0x47e/0x740 [ 1173.658494][T17879] tty_ioctl+0x9c6/0xde0 [ 1173.664283][T17879] __se_sys_ioctl+0xfc/0x170 [ 1173.670416][T17879] do_syscall_64+0xfa/0xfa0 [ 1173.676465][T17879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1173.683901][T17879] } [ 1173.686379][T17879] ... key at: [] alloc_tty_struct.__key.35+0x0/0x20 [ 1173.695037][T17879] ... acquired at: [ 1173.698814][T17879] lock_acquire+0x120/0x360 [ 1173.703469][T17879] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1173.708824][T17879] stop_tty+0x2f/0x150 [ 1173.713051][T17879] kbd_event+0x2b72/0x3f70 [ 1173.717625][T17879] input_handle_events_default+0xd4/0x1a0 [ 1173.723499][T17879] input_pass_values+0x288/0x890 [ 1173.728586][T17879] input_event_dispose+0x330/0x6b0 [ 1173.733856][T17879] input_inject_event+0x1dd/0x340 [ 1173.739028][T17879] evdev_write+0x2fc/0x480 [ 1173.743596][T17879] vfs_write+0x27e/0xb30 [ 1173.747994][T17879] ksys_write+0x145/0x250 [ 1173.752478][T17879] do_syscall_64+0xfa/0xfa0 [ 1173.757140][T17879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1173.763183][T17879] [ 1173.765487][T17879] [ 1173.765487][T17879] the dependencies between the lock to be acquired [ 1173.765495][T17879] and SOFTIRQ-irq-unsafe lock: [ 1173.778962][T17879] -> (tasklist_lock){.+.+}-{3:3} { [ 1173.784242][T17879] HARDIRQ-ON-R at: [ 1173.788375][T17879] lock_acquire+0x120/0x360 [ 1173.794857][T17879] _raw_read_lock+0x36/0x50 [ 1173.801339][T17879] __do_wait+0xde/0x740 [ 1173.807474][T17879] do_wait+0x1f8/0x510 [ 1173.813522][T17879] kernel_wait+0xab/0x170 [ 1173.819832][T17879] call_usermodehelper_exec_work+0xbe/0x230 [ 1173.827703][T17879] process_scheduled_works+0xae1/0x17b0 [ 1173.835221][T17879] worker_thread+0x8a0/0xda0 [ 1173.841785][T17879] kthread+0x711/0x8a0 [ 1173.847833][T17879] ret_from_fork+0x4bc/0x870 [ 1173.854400][T17879] ret_from_fork_asm+0x1a/0x30 [ 1173.861137][T17879] SOFTIRQ-ON-R at: [ 1173.865267][T17879] lock_acquire+0x120/0x360 [ 1173.871747][T17879] _raw_read_lock+0x36/0x50 [ 1173.878227][T17879] __do_wait+0xde/0x740 [ 1173.884363][T17879] do_wait+0x1f8/0x510 [ 1173.890409][T17879] kernel_wait+0xab/0x170 [ 1173.896721][T17879] call_usermodehelper_exec_work+0xbe/0x230 [ 1173.904589][T17879] process_scheduled_works+0xae1/0x17b0 [ 1173.912111][T17879] worker_thread+0x8a0/0xda0 [ 1173.918677][T17879] kthread+0x711/0x8a0 [ 1173.924726][T17879] ret_from_fork+0x4bc/0x870 [ 1173.931288][T17879] ret_from_fork_asm+0x1a/0x30 [ 1173.938025][T17879] INITIAL USE at: [ 1173.942071][T17879] lock_acquire+0x120/0x360 [ 1173.948461][T17879] _raw_write_lock_irq+0xa2/0xf0 [ 1173.955292][T17879] copy_process+0x224f/0x3c00 [ 1173.961855][T17879] kernel_clone+0x21e/0x840 [ 1173.968250][T17879] user_mode_thread+0xdd/0x140 [ 1173.974903][T17879] rest_init+0x23/0x300 [ 1173.980949][T17879] start_kernel+0x3ae/0x410 [ 1173.987341][T17879] x86_64_start_reservations+0x24/0x30 [ 1173.994690][T17879] x86_64_start_kernel+0x143/0x1c0 [ 1174.001699][T17879] common_startup_64+0x13e/0x147 [ 1174.008528][T17879] INITIAL READ USE at: [ 1174.013010][T17879] lock_acquire+0x120/0x360 [ 1174.019835][T17879] _raw_read_lock+0x36/0x50 [ 1174.026662][T17879] __do_wait+0xde/0x740 [ 1174.033144][T17879] do_wait+0x1f8/0x510 [ 1174.039539][T17879] kernel_wait+0xab/0x170 [ 1174.046193][T17879] call_usermodehelper_exec_work+0xbe/0x230 [ 1174.054409][T17879] process_scheduled_works+0xae1/0x17b0 [ 1174.062276][T17879] worker_thread+0x8a0/0xda0 [ 1174.069189][T17879] kthread+0x711/0x8a0 [ 1174.075585][T17879] ret_from_fork+0x4bc/0x870 [ 1174.082497][T17879] ret_from_fork_asm+0x1a/0x30 [ 1174.089586][T17879] } [ 1174.092236][T17879] ... key at: [] tasklist_lock+0x18/0x40 [ 1174.100186][T17879] ... acquired at: [ 1174.104139][T17879] lock_acquire+0x120/0x360 [ 1174.108792][T17879] _raw_read_lock+0x36/0x50 [ 1174.113454][T17879] send_sigurg+0x12b/0x420 [ 1174.118025][T17879] sk_send_sigurg+0x6c/0x2e0 [ 1174.122769][T17879] queue_oob+0x420/0x4f0 [ 1174.127165][T17879] unix_stream_sendmsg+0xc3f/0xdf0 [ 1174.132428][T17879] __sock_sendmsg+0x21c/0x270 [ 1174.137258][T17879] ____sys_sendmsg+0x52d/0x830 [ 1174.142171][T17879] ___sys_sendmsg+0x21f/0x2a0 [ 1174.146998][T17879] __sys_sendmmsg+0x227/0x430 [ 1174.151831][T17879] __x64_sys_sendmmsg+0xa0/0xc0 [ 1174.156835][T17879] do_syscall_64+0xfa/0xfa0 [ 1174.161496][T17879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.167543][T17879] [ 1174.169847][T17879] -> (&f_owner->lock){....}-{3:3} { [ 1174.175128][T17879] INITIAL USE at: [ 1174.179084][T17879] lock_acquire+0x120/0x360 [ 1174.185300][T17879] _raw_write_lock_irq+0xa2/0xf0 [ 1174.191957][T17879] __f_setown+0x67/0x370 [ 1174.197914][T17879] fcntl_dirnotify+0x3fa/0x6a0 [ 1174.204396][T17879] do_fcntl+0x6d0/0x1910 [ 1174.210354][T17879] __se_sys_fcntl+0xc8/0x150 [ 1174.216659][T17879] do_syscall_64+0xfa/0xfa0 [ 1174.222881][T17879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.230488][T17879] INITIAL READ USE at: [ 1174.234881][T17879] lock_acquire+0x120/0x360 [ 1174.241531][T17879] _raw_read_lock_irqsave+0xaf/0x100 [ 1174.248971][T17879] send_sigio+0x38/0x370 [ 1174.255362][T17879] dnotify_handle_event+0x169/0x440 [ 1174.262710][T17879] fsnotify+0x1814/0x1a80 [ 1174.269186][T17879] vfs_mkdir+0x477/0x510 [ 1174.275581][T17879] do_mkdirat+0x247/0x590 [ 1174.282066][T17879] __x64_sys_mkdir+0x6c/0x80 [ 1174.288809][T17879] do_syscall_64+0xfa/0xfa0 [ 1174.295466][T17879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.303508][T17879] } [ 1174.306073][T17879] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1174.314989][T17879] ... acquired at: [ 1174.318858][T17879] lock_acquire+0x120/0x360 [ 1174.323513][T17879] _raw_read_lock_irqsave+0xaf/0x100 [ 1174.328950][T17879] send_sigio+0x38/0x370 [ 1174.333345][T17879] kill_fasync+0x24d/0x4d0 [ 1174.337915][T17879] lease_break_callback+0x26/0x30 [ 1174.343097][T17879] __break_lease+0x6a5/0x1620 [ 1174.347931][T17879] do_dentry_open+0x8b7/0x13f0 [ 1174.352845][T17879] vfs_open+0x3b/0x340 [ 1174.357064][T17879] path_openat+0x2ee5/0x3830 [ 1174.361806][T17879] do_filp_open+0x1fa/0x410 [ 1174.366464][T17879] do_sys_openat2+0x121/0x1c0 [ 1174.371305][T17879] __x64_sys_open+0x11e/0x150 [ 1174.376153][T17879] do_syscall_64+0xfa/0xfa0 [ 1174.380819][T17879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.386866][T17879] [ 1174.389169][T17879] -> (&new->fa_lock){....}-{3:3} { [ 1174.394276][T17879] INITIAL USE at: [ 1174.398153][T17879] lock_acquire+0x120/0x360 [ 1174.404201][T17879] _raw_write_lock_irq+0xa2/0xf0 [ 1174.410687][T17879] fasync_remove_entry+0xf1/0x1c0 [ 1174.417258][T17879] pipe_fasync+0xff/0x1e0 [ 1174.423131][T17879] __fput+0x8a2/0xa70 [ 1174.428659][T17879] task_work_run+0x1d4/0x260 [ 1174.434795][T17879] get_signal+0x11ec/0x1340 [ 1174.440840][T17879] arch_do_signal_or_restart+0xa0/0x790 [ 1174.447932][T17879] exit_to_user_mode_loop+0x72/0x130 [ 1174.454757][T17879] do_syscall_64+0x2bd/0xfa0 [ 1174.460895][T17879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.468334][T17879] INITIAL READ USE at: [ 1174.472646][T17879] lock_acquire+0x120/0x360 [ 1174.479129][T17879] _raw_read_lock_irqsave+0xaf/0x100 [ 1174.486391][T17879] kill_fasync+0x199/0x4d0 [ 1174.492785][T17879] splice_to_socket+0xe2a/0xf00 [ 1174.499616][T17879] do_splice+0xc79/0x1660 [ 1174.505919][T17879] __se_sys_splice+0x2e1/0x460 [ 1174.512662][T17879] do_syscall_64+0xfa/0xfa0 [ 1174.519144][T17879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.527011][T17879] } [ 1174.529490][T17879] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1174.538158][T17879] ... acquired at: [ 1174.541943][T17879] lock_acquire+0x120/0x360 [ 1174.546600][T17879] _raw_read_lock_irqsave+0xaf/0x100 [ 1174.552042][T17879] kill_fasync+0x199/0x4d0 [ 1174.556611][T17879] __start_tty+0x18c/0x220 [ 1174.561181][T17879] start_tty+0x2b/0x70 [ 1174.565405][T17879] n_tty_set_termios+0xa7c/0x1090 [ 1174.570588][T17879] tty_set_termios+0xda4/0x17e0 [ 1174.575595][T17879] set_termios+0x516/0x6c0 [ 1174.580168][T17879] tty_mode_ioctl+0x47e/0x740 [ 1174.585000][T17879] tty_ioctl+0x9c6/0xde0 [ 1174.589400][T17879] __se_sys_ioctl+0xfc/0x170 [ 1174.594150][T17879] do_syscall_64+0xfa/0xfa0 [ 1174.598817][T17879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.604875][T17879] [ 1174.607183][T17879] [ 1174.607183][T17879] stack backtrace: [ 1174.613054][T17879] CPU: 0 UID: 0 PID: 17879 Comm: syz.9.19897 Not tainted syzkaller #0 PREEMPT(full) [ 1174.613073][T17879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1174.613082][T17879] Call Trace: [ 1174.613089][T17879] [ 1174.613095][T17879] dump_stack_lvl+0x189/0x250 [ 1174.613117][T17879] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1174.613133][T17879] ? __pfx__printk+0x10/0x10 [ 1174.613149][T17879] validate_chain+0x1f05/0x2140 [ 1174.613172][T17879] __lock_acquire+0xab9/0xd20 [ 1174.613186][T17879] ? kill_fasync+0x199/0x4d0 [ 1174.613200][T17879] lock_acquire+0x120/0x360 [ 1174.613212][T17879] ? kill_fasync+0x199/0x4d0 [ 1174.613231][T17879] _raw_read_lock_irqsave+0xaf/0x100 [ 1174.613248][T17879] ? kill_fasync+0x199/0x4d0 [ 1174.613262][T17879] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1174.613281][T17879] kill_fasync+0x199/0x4d0 [ 1174.613295][T17879] ? kill_fasync+0x53/0x4d0 [ 1174.613310][T17879] ? __pfx_n_tty_write_wakeup+0x10/0x10 [ 1174.613324][T17879] __start_tty+0x18c/0x220 [ 1174.613341][T17879] start_tty+0x2b/0x70 [ 1174.613356][T17879] n_tty_set_termios+0xa7c/0x1090 [ 1174.613372][T17879] ? __pfx_n_tty_set_termios+0x10/0x10 [ 1174.613385][T17879] tty_set_termios+0xda4/0x17e0 [ 1174.613403][T17879] ? __pfx_tty_set_termios+0x10/0x10 [ 1174.613422][T17879] set_termios+0x516/0x6c0 [ 1174.613438][T17879] ? __pfx_set_termios+0x10/0x10 [ 1174.613454][T17879] ? tty_ldisc_ref_wait+0x25/0x70 [ 1174.613475][T17879] tty_mode_ioctl+0x47e/0x740 [ 1174.613492][T17879] ? __pfx_tty_mode_ioctl+0x10/0x10 [ 1174.613506][T17879] ? tty_ldisc_ref_wait+0x25/0x70 [ 1174.613522][T17879] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 1174.613541][T17879] ? n_tty_ioctl_helper+0x8e/0x340 [ 1174.613557][T17879] ? __pfx_n_tty_ioctl+0x10/0x10 [ 1174.613569][T17879] tty_ioctl+0x9c6/0xde0 [ 1174.613586][T17879] ? __pfx_tty_ioctl+0x10/0x10 [ 1174.613603][T17879] __se_sys_ioctl+0xfc/0x170 [ 1174.613619][T17879] do_syscall_64+0xfa/0xfa0 [ 1174.613636][T17879] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.613649][T17879] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1174.613662][T17879] ? clear_bhb_loop+0x60/0xb0 [ 1174.613676][T17879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.613689][T17879] RIP: 0033:0x7f1f44f8f6c9 [ 1174.613703][T17879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1174.613716][T17879] RSP: 002b:00007f1f45e82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1174.613731][T17879] RAX: ffffffffffffffda RBX: 00007f1f451e6090 RCX: 00007f1f44f8f6c9 [ 1174.613741][T17879] RDX: 0000200000000140 RSI: 0000000000005402 RDI: 0000000000000004 [ 1174.613750][T17879] RBP: 00007f1f45011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1174.613759][T17879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1174.613767][T17879] R13: 00007f1f451e6128 R14: 00007f1f451e6090 R15: 00007f1f4530fa28 [ 1174.613782][T17879] [ 1175.022653][ C1] ip6_tunnel: M xmit: Local address not yet configured! [ 1176.982719][ T12] net_ratelimit: 38 callbacks suppressed [ 1176.982737][ T12] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1176.998043][ T12] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1177.112622][ T12] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1177.120411][ T12] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1177.184187][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.190453][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.232573][T13486] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1177.240287][T13486] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1177.352615][ T1016] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1177.360342][ T1016] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1177.472736][ T12] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1177.480462][ T12] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1182.052617][T18581] net_ratelimit: 80 callbacks suppressed [ 1182.052636][T18581] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1182.066073][T18581] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1182.182578][T18581] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1182.190293][T18581] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1182.303104][ T1016] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1182.310858][ T1016] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1182.422596][T18581] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1182.430319][T18581] bond1: (slave ip6gretap1): failed to get link speed/duplex [ 1182.542648][T13486] bond1: (slave ip6gretap1): link status up, enabling it in 0 ms [ 1182.550401][T13486] bond1: (slave ip6gretap1): failed to get link speed/duplex