last executing test programs: 3m30.041805137s ago: executing program 0 (id=746): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000073000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e1f, @remote}, 0x10) sendmmsg$sock(r0, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=[@txtime={{0x14, 0x11, 0x67, 0x3}}], 0x14}}], 0x2, 0x20000844) 3m29.971350092s ago: executing program 0 (id=748): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x800) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x2012, r0, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r1, &(0x7f0000002f40)={0xa, 0x4e24, 0xa, @dev={0xfe, 0x80, '\x00', 0xf}, 0x3}, 0x1c) 3m29.971213245s ago: executing program 0 (id=749): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'bond0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x5, 0xb}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x9}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b40)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x80000, {0x0, 0x0, 0x0, r2, {0x0, 0xffed}, {0xe, 0xb}, {0xd, 0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0xe70, 0x6, 0x3, 0x0, 0x6960, 0xff}}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x2, 0x6, 0x1, 0x3, 0x1, 0x7, 0x7}}, {0x4}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x8021}, 0x4008000) 3m29.899450366s ago: executing program 0 (id=752): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x48) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x227) 3m29.845993167s ago: executing program 0 (id=755): openat$kvm(0xffffff9c, &(0x7f0000000040), 0x100, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000040), &(0x7f0000000100)=0x8) 3m29.701870125s ago: executing program 0 (id=758): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x14, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000180), 0x0, 0x80200) ioctl$HIDIOCGUSAGES(r1, 0xd01c4813, &(0x7f00000010c0)={{0x3, 0xffffffff, 0x5, 0xfff, 0x1000, 0x9}, 0x242, [0x6, 0xdab, 0xb, 0x9, 0x0, 0xe8c, 0x200, 0x7fff, 0x0, 0x6, 0x81, 0x896b, 0x7, 0x4, 0x400, 0xff, 0xfffff000, 0x3a, 0x1, 0x9, 0x71, 0x9, 0xea70, 0x3ec1, 0x1, 0xd96c, 0x24000000, 0x1, 0x2, 0x2, 0x0, 0xa2, 0xeda, 0xef8, 0x65, 0xff, 0x100, 0x7, 0x8, 0x3, 0x6, 0x7, 0xd, 0x1, 0x344054a0, 0x3, 0x100, 0x2, 0x4, 0xe1, 0x0, 0xf80, 0x1b0, 0x1, 0x4, 0x1, 0x492, 0x88, 0x5, 0x10, 0x401, 0x9, 0x0, 0x8000, 0x81, 0x7ff, 0x3ff, 0x6, 0x7, 0x2, 0x0, 0x3, 0x5, 0x1, 0x6c, 0x8, 0x3, 0x6, 0x8, 0x8001, 0x3, 0x0, 0x2, 0x8, 0x0, 0x0, 0x7, 0x10000, 0x1, 0xa20, 0xffffffff, 0x0, 0x5, 0x8, 0x6, 0x3, 0xe1, 0x4, 0x4, 0xfff, 0x5, 0x2, 0x84, 0x10000, 0x100, 0x3, 0xfffffff9, 0xc, 0xfff, 0xfffffff6, 0x0, 0x63, 0xfffffffd, 0x0, 0xfffff000, 0x200, 0x5, 0x1, 0xfffffffe, 0xff, 0x8, 0xfffffff8, 0xfffffff7, 0x2, 0x9, 0x2008, 0x8c, 0x8, 0x2, 0x9, 0xffff, 0xffff, 0xff, 0x2, 0x7, 0x5, 0xf, 0x3, 0x8, 0x9, 0x0, 0xa, 0x9, 0x5, 0xf, 0x3, 0x1, 0x9, 0x40, 0x10000001, 0x5, 0x1, 0x9, 0xbc4, 0x4032, 0x400, 0x8, 0x80000001, 0x5, 0x8, 0x800, 0x2, 0x94c, 0xec48, 0x6, 0x81, 0x0, 0x8, 0x4, 0x8, 0x7, 0x5, 0x1, 0x3, 0xa, 0x80000001, 0x7, 0x8, 0xfffffff3, 0x2, 0xffffff6e, 0x2, 0x6, 0x7, 0x3, 0xf7ea, 0x80000001, 0x5, 0x0, 0x7fff, 0x7, 0x3, 0x6e2fc2f6, 0x0, 0x7ff, 0x50, 0x9, 0x180, 0x4, 0xcc, 0x7, 0x0, 0x6, 0x6e, 0x9, 0xe0000000, 0x9, 0x3b5e, 0x4, 0x0, 0xda, 0x4, 0x9, 0xd, 0x0, 0x1, 0x1, 0x7fffffff, 0xf88, 0x3, 0xa58, 0x5, 0x6, 0x4e7, 0x7, 0x8, 0xe2d7, 0xd, 0x2, 0x5, 0xffff50ca, 0x9, 0x3, 0x3af1f10, 0x3, 0x1, 0x7ff8000, 0x4, 0x9, 0x4faa, 0x2, 0xecf, 0x9, 0x1, 0x3, 0x101, 0x3f3, 0xa, 0xfffffffd, 0x8, 0x0, 0x800, 0x13, 0x1, 0x4, 0x9, 0x4, 0x0, 0x6, 0xe, 0x94, 0x5, 0x3, 0xf05, 0x80, 0x0, 0x7, 0xc, 0xffff, 0x0, 0x1000, 0xe6, 0x200, 0xf, 0x42f, 0x10001, 0x6, 0x6, 0x6, 0x1a1, 0xa96, 0x3, 0xa69, 0x5, 0x2, 0x6, 0x2, 0xdf46, 0x401, 0x1, 0x80, 0x3, 0x1, 0x2800000, 0x3, 0xffffffbc, 0xfffffc00, 0x3b2, 0x45db, 0xfff, 0xef, 0x6, 0x7, 0x2, 0x7, 0x5ad9b8de, 0x8, 0x4, 0xfffff001, 0x8, 0x200, 0x101, 0x9, 0x5, 0x8, 0x2, 0x8, 0x2250, 0x1, 0x8, 0x8, 0x75d, 0xffffffff, 0x8, 0x3, 0x2d85, 0x3, 0x7ff, 0x8001, 0x0, 0x8, 0x7, 0x6, 0xe, 0x2, 0x2, 0xdf2a, 0x4, 0x10001, 0x7, 0x3, 0x0, 0x6, 0x3, 0x6, 0xfffffb04, 0x80000000, 0x1, 0x5, 0x100, 0xff, 0x7, 0xa8fb, 0x3, 0x2, 0x3, 0x5, 0x0, 0x8, 0x4, 0xfffffff9, 0x9, 0x3, 0x1000, 0x8, 0xd67, 0xffffffc0, 0x4, 0x1, 0x101, 0x43, 0x5, 0x723, 0x7, 0xffffffff, 0x95, 0xfff, 0x7, 0x57a8, 0x400, 0x74, 0xaa1, 0x2, 0x2, 0x4, 0x4, 0x1, 0x1000, 0x7, 0x4, 0x5, 0x2000000, 0x8, 0x5, 0x6d, 0x1, 0x5, 0x4080, 0x3, 0x5, 0xa372, 0xffffff81, 0x5, 0x5, 0x4d000000, 0x7, 0x9, 0x7ae, 0x2000, 0x7, 0xfffffffb, 0x4aa1, 0x7, 0x2, 0x0, 0x2, 0x298c, 0x989f, 0x1, 0x8, 0x1, 0x3, 0xfffffff7, 0x40, 0x2, 0xffff, 0x9, 0x200, 0x9, 0x3ff, 0x32c7, 0x400, 0x5, 0x7c1, 0x1f, 0x7, 0x7, 0x9, 0x8, 0x80000000, 0xd, 0x278e142d, 0x2, 0x5, 0x7f, 0xc0, 0x1, 0x3, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xfff, 0x6, 0x4, 0xaf9, 0x1, 0x8, 0x1ff, 0x7, 0x8, 0x7, 0x5, 0x800, 0x7, 0x8, 0x7, 0x2, 0x400, 0x800, 0xffffffff, 0x9, 0x0, 0x5, 0x9, 0x5, 0x4, 0x3, 0x8, 0x400, 0x6, 0xfffffff9, 0x100, 0x2, 0x3c, 0x2b51, 0xe3, 0x6, 0x3, 0x3e0f, 0x5, 0x2, 0x2, 0x99, 0x80000000, 0x2a3, 0x5, 0x1, 0x2, 0xe, 0x7ff, 0x4, 0x4, 0x80, 0x401, 0x7, 0xa, 0x10, 0x1, 0x9, 0x7fff, 0x2, 0x6, 0x8001, 0x0, 0x804e, 0xcc, 0x8, 0x8, 0xa, 0x9, 0x87, 0x4, 0x8, 0x6, 0xfffffbff, 0x3, 0x8, 0xbec, 0x9, 0x9, 0xbbf6, 0x2, 0x2, 0x0, 0x2, 0x5, 0xffff, 0x7f, 0x2, 0x7, 0x0, 0x4, 0x2, 0x9, 0x2, 0x55, 0xfffffa90, 0x92bf, 0x1, 0x40000, 0x9, 0x4, 0x2, 0x2, 0x7, 0x0, 0x9, 0x7, 0x9, 0xf6, 0x8, 0x3, 0x9a27, 0x6, 0x0, 0x4, 0x4, 0x2000, 0x5, 0x96, 0x1, 0x9, 0x1, 0x3, 0xff, 0x3, 0x3, 0x10, 0x688, 0x40, 0x3491, 0x8, 0xffffffff, 0x1, 0x1, 0xffff8001, 0x2, 0x6, 0x6, 0xe86, 0x7fffffff, 0xe, 0x18000, 0x401, 0xc, 0x2, 0xfffffff9, 0x8, 0xacb, 0x8, 0x72c, 0x1000, 0x0, 0x10, 0x4, 0x1, 0xffffffff, 0x8, 0x4, 0x5, 0x7fffffff, 0x0, 0x5, 0x8b, 0x4, 0x2, 0x6, 0x1000, 0xeb3a, 0x0, 0x2, 0x0, 0x101, 0x4, 0xfffffff9, 0x8, 0x9, 0x5, 0xffff, 0xc, 0x9, 0xff, 0x0, 0x8792, 0xfffffffd, 0xce, 0x1000, 0x9, 0xbab, 0x2, 0x80, 0x9, 0x8, 0x8, 0x1, 0x0, 0x8, 0x2, 0x3, 0x2, 0x2, 0x3ff, 0x5, 0x9, 0x9603, 0x7, 0x5, 0x44, 0x9, 0x6, 0x52000000, 0x5, 0x1ff, 0x1, 0x81, 0x30, 0x3, 0x0, 0x9, 0x2, 0x6, 0x3ff, 0x6, 0x6df1, 0x0, 0x60b3, 0x0, 0xa, 0xffd, 0x2, 0x8, 0x2, 0x2, 0x8, 0x1000, 0x50, 0x8, 0x898, 0x3, 0x0, 0x79d8, 0x1d06, 0x7, 0x200, 0x8, 0x60, 0x5, 0x9, 0x6, 0x3ff, 0x8, 0xbd, 0x7, 0xd, 0x2, 0xff, 0xc39, 0xfffffa5f, 0x100, 0x5, 0x1, 0x5f66, 0xe, 0x0, 0x4, 0xfff, 0x8001, 0x9, 0x8, 0x1, 0x8001, 0x6, 0x8, 0x8001, 0x81, 0x68c, 0x5, 0x571, 0x2, 0x1, 0x3, 0x5, 0x5, 0x0, 0x1ff, 0x7, 0x3, 0x5, 0x600, 0x3, 0x10000, 0x3, 0x7ff, 0x401, 0x80, 0x6, 0x20, 0x8, 0xe, 0x1000, 0xffff, 0x101, 0x2, 0x1ff, 0x8001, 0x403, 0x7, 0x80000000, 0x24, 0xf5, 0x10000, 0xf7d4, 0x4, 0x1ff, 0x9, 0x2, 0x10001, 0x8, 0x2, 0x0, 0x10001, 0x1cd, 0xffffffff, 0xd, 0x7, 0xac8f, 0xfffffffa, 0x9, 0x0, 0x3, 0xc1c3, 0x4, 0x1, 0x5, 0x5, 0x8, 0x8, 0x8, 0x1, 0x80000005, 0x7ff, 0x5, 0x7fff, 0xb, 0x6, 0x5, 0x5, 0x4, 0x9, 0x9, 0x1, 0x8001, 0x7f76, 0x8, 0x5, 0x1, 0x9, 0x0, 0x0, 0x800, 0x3, 0xe145, 0x9, 0xe94, 0x7, 0x8, 0x3, 0xfffffff7, 0x7, 0x100, 0x5, 0x5, 0x4, 0x723d3593, 0x40, 0x1, 0x5, 0x5dd3, 0x0, 0xfff, 0x4, 0x0, 0xe184, 0x7, 0x9, 0xe163, 0x4800000, 0xffffea27, 0x7f, 0x4, 0x80, 0x2a7f957d, 0x9, 0x6, 0x7ff, 0x1, 0xbc, 0x8, 0xe, 0x7f, 0x623, 0x5, 0x317b, 0x8001, 0x9, 0x3ff, 0x7fffffff, 0x1ff, 0x74b6, 0x9, 0x1, 0xb57, 0x6, 0x0, 0x800, 0xd, 0x400, 0x99, 0x2, 0x7fff, 0xb2, 0xfffffffe, 0xcd8, 0x80, 0xfffffffe, 0xfffffff7, 0x1000, 0xd, 0x4, 0x1, 0x0, 0x6, 0xfff, 0x4, 0x5, 0x7f, 0x7, 0x5, 0x0, 0xffffff01, 0xffffffff, 0x8, 0x8, 0x0, 0x8, 0xfffffff9, 0x7, 0x1, 0x35, 0xfffffffe, 0x7, 0x4, 0x1, 0x4, 0x1, 0x6, 0x8, 0x6, 0x8000, 0xd5, 0x7, 0x4, 0x5, 0x4, 0x359, 0x9, 0xaa90, 0x6, 0x101, 0x81, 0x1, 0x7, 0x1ab, 0x3, 0x10, 0x10000, 0xa, 0x80008, 0x8, 0x2, 0x1, 0x80, 0x4, 0x40, 0x4, 0x5e, 0xac2, 0x6911977, 0x0, 0xd2a, 0x2, 0x1c000, 0xf, 0x7, 0x11, 0x6, 0x7, 0x6, 0x4, 0x10001, 0x6, 0xffffffff, 0x4b8c70f6, 0xff5a, 0x301b, 0x8, 0xaa26, 0x5, 0x10, 0x6cfc, 0x2, 0xa00000, 0x2, 0x366, 0x5, 0x1800, 0x0, 0x800, 0x9, 0x1, 0xb, 0x479a74a, 0x6, 0x3b, 0x8, 0x2, 0x4, 0xfff, 0x98f, 0x0, 0x6, 0x36, 0x6, 0x10, 0x1, 0x1000, 0x3ff, 0x5, 0x9e6, 0x7, 0x200, 0xb1, 0x8, 0x9, 0x4, 0x3, 0x9, 0xffffffff, 0xa2, 0x40, 0x0, 0x8, 0x9, 0x7, 0x8c, 0x4, 0x3, 0xb8c, 0x8, 0x0, 0x5, 0x2, 0x7fff, 0x9400, 0x6, 0x0, 0x9, 0x7, 0x100]}) 3m29.677167082s ago: executing program 32 (id=758): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x14, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000180), 0x0, 0x80200) ioctl$HIDIOCGUSAGES(r1, 0xd01c4813, &(0x7f00000010c0)={{0x3, 0xffffffff, 0x5, 0xfff, 0x1000, 0x9}, 0x242, [0x6, 0xdab, 0xb, 0x9, 0x0, 0xe8c, 0x200, 0x7fff, 0x0, 0x6, 0x81, 0x896b, 0x7, 0x4, 0x400, 0xff, 0xfffff000, 0x3a, 0x1, 0x9, 0x71, 0x9, 0xea70, 0x3ec1, 0x1, 0xd96c, 0x24000000, 0x1, 0x2, 0x2, 0x0, 0xa2, 0xeda, 0xef8, 0x65, 0xff, 0x100, 0x7, 0x8, 0x3, 0x6, 0x7, 0xd, 0x1, 0x344054a0, 0x3, 0x100, 0x2, 0x4, 0xe1, 0x0, 0xf80, 0x1b0, 0x1, 0x4, 0x1, 0x492, 0x88, 0x5, 0x10, 0x401, 0x9, 0x0, 0x8000, 0x81, 0x7ff, 0x3ff, 0x6, 0x7, 0x2, 0x0, 0x3, 0x5, 0x1, 0x6c, 0x8, 0x3, 0x6, 0x8, 0x8001, 0x3, 0x0, 0x2, 0x8, 0x0, 0x0, 0x7, 0x10000, 0x1, 0xa20, 0xffffffff, 0x0, 0x5, 0x8, 0x6, 0x3, 0xe1, 0x4, 0x4, 0xfff, 0x5, 0x2, 0x84, 0x10000, 0x100, 0x3, 0xfffffff9, 0xc, 0xfff, 0xfffffff6, 0x0, 0x63, 0xfffffffd, 0x0, 0xfffff000, 0x200, 0x5, 0x1, 0xfffffffe, 0xff, 0x8, 0xfffffff8, 0xfffffff7, 0x2, 0x9, 0x2008, 0x8c, 0x8, 0x2, 0x9, 0xffff, 0xffff, 0xff, 0x2, 0x7, 0x5, 0xf, 0x3, 0x8, 0x9, 0x0, 0xa, 0x9, 0x5, 0xf, 0x3, 0x1, 0x9, 0x40, 0x10000001, 0x5, 0x1, 0x9, 0xbc4, 0x4032, 0x400, 0x8, 0x80000001, 0x5, 0x8, 0x800, 0x2, 0x94c, 0xec48, 0x6, 0x81, 0x0, 0x8, 0x4, 0x8, 0x7, 0x5, 0x1, 0x3, 0xa, 0x80000001, 0x7, 0x8, 0xfffffff3, 0x2, 0xffffff6e, 0x2, 0x6, 0x7, 0x3, 0xf7ea, 0x80000001, 0x5, 0x0, 0x7fff, 0x7, 0x3, 0x6e2fc2f6, 0x0, 0x7ff, 0x50, 0x9, 0x180, 0x4, 0xcc, 0x7, 0x0, 0x6, 0x6e, 0x9, 0xe0000000, 0x9, 0x3b5e, 0x4, 0x0, 0xda, 0x4, 0x9, 0xd, 0x0, 0x1, 0x1, 0x7fffffff, 0xf88, 0x3, 0xa58, 0x5, 0x6, 0x4e7, 0x7, 0x8, 0xe2d7, 0xd, 0x2, 0x5, 0xffff50ca, 0x9, 0x3, 0x3af1f10, 0x3, 0x1, 0x7ff8000, 0x4, 0x9, 0x4faa, 0x2, 0xecf, 0x9, 0x1, 0x3, 0x101, 0x3f3, 0xa, 0xfffffffd, 0x8, 0x0, 0x800, 0x13, 0x1, 0x4, 0x9, 0x4, 0x0, 0x6, 0xe, 0x94, 0x5, 0x3, 0xf05, 0x80, 0x0, 0x7, 0xc, 0xffff, 0x0, 0x1000, 0xe6, 0x200, 0xf, 0x42f, 0x10001, 0x6, 0x6, 0x6, 0x1a1, 0xa96, 0x3, 0xa69, 0x5, 0x2, 0x6, 0x2, 0xdf46, 0x401, 0x1, 0x80, 0x3, 0x1, 0x2800000, 0x3, 0xffffffbc, 0xfffffc00, 0x3b2, 0x45db, 0xfff, 0xef, 0x6, 0x7, 0x2, 0x7, 0x5ad9b8de, 0x8, 0x4, 0xfffff001, 0x8, 0x200, 0x101, 0x9, 0x5, 0x8, 0x2, 0x8, 0x2250, 0x1, 0x8, 0x8, 0x75d, 0xffffffff, 0x8, 0x3, 0x2d85, 0x3, 0x7ff, 0x8001, 0x0, 0x8, 0x7, 0x6, 0xe, 0x2, 0x2, 0xdf2a, 0x4, 0x10001, 0x7, 0x3, 0x0, 0x6, 0x3, 0x6, 0xfffffb04, 0x80000000, 0x1, 0x5, 0x100, 0xff, 0x7, 0xa8fb, 0x3, 0x2, 0x3, 0x5, 0x0, 0x8, 0x4, 0xfffffff9, 0x9, 0x3, 0x1000, 0x8, 0xd67, 0xffffffc0, 0x4, 0x1, 0x101, 0x43, 0x5, 0x723, 0x7, 0xffffffff, 0x95, 0xfff, 0x7, 0x57a8, 0x400, 0x74, 0xaa1, 0x2, 0x2, 0x4, 0x4, 0x1, 0x1000, 0x7, 0x4, 0x5, 0x2000000, 0x8, 0x5, 0x6d, 0x1, 0x5, 0x4080, 0x3, 0x5, 0xa372, 0xffffff81, 0x5, 0x5, 0x4d000000, 0x7, 0x9, 0x7ae, 0x2000, 0x7, 0xfffffffb, 0x4aa1, 0x7, 0x2, 0x0, 0x2, 0x298c, 0x989f, 0x1, 0x8, 0x1, 0x3, 0xfffffff7, 0x40, 0x2, 0xffff, 0x9, 0x200, 0x9, 0x3ff, 0x32c7, 0x400, 0x5, 0x7c1, 0x1f, 0x7, 0x7, 0x9, 0x8, 0x80000000, 0xd, 0x278e142d, 0x2, 0x5, 0x7f, 0xc0, 0x1, 0x3, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xfff, 0x6, 0x4, 0xaf9, 0x1, 0x8, 0x1ff, 0x7, 0x8, 0x7, 0x5, 0x800, 0x7, 0x8, 0x7, 0x2, 0x400, 0x800, 0xffffffff, 0x9, 0x0, 0x5, 0x9, 0x5, 0x4, 0x3, 0x8, 0x400, 0x6, 0xfffffff9, 0x100, 0x2, 0x3c, 0x2b51, 0xe3, 0x6, 0x3, 0x3e0f, 0x5, 0x2, 0x2, 0x99, 0x80000000, 0x2a3, 0x5, 0x1, 0x2, 0xe, 0x7ff, 0x4, 0x4, 0x80, 0x401, 0x7, 0xa, 0x10, 0x1, 0x9, 0x7fff, 0x2, 0x6, 0x8001, 0x0, 0x804e, 0xcc, 0x8, 0x8, 0xa, 0x9, 0x87, 0x4, 0x8, 0x6, 0xfffffbff, 0x3, 0x8, 0xbec, 0x9, 0x9, 0xbbf6, 0x2, 0x2, 0x0, 0x2, 0x5, 0xffff, 0x7f, 0x2, 0x7, 0x0, 0x4, 0x2, 0x9, 0x2, 0x55, 0xfffffa90, 0x92bf, 0x1, 0x40000, 0x9, 0x4, 0x2, 0x2, 0x7, 0x0, 0x9, 0x7, 0x9, 0xf6, 0x8, 0x3, 0x9a27, 0x6, 0x0, 0x4, 0x4, 0x2000, 0x5, 0x96, 0x1, 0x9, 0x1, 0x3, 0xff, 0x3, 0x3, 0x10, 0x688, 0x40, 0x3491, 0x8, 0xffffffff, 0x1, 0x1, 0xffff8001, 0x2, 0x6, 0x6, 0xe86, 0x7fffffff, 0xe, 0x18000, 0x401, 0xc, 0x2, 0xfffffff9, 0x8, 0xacb, 0x8, 0x72c, 0x1000, 0x0, 0x10, 0x4, 0x1, 0xffffffff, 0x8, 0x4, 0x5, 0x7fffffff, 0x0, 0x5, 0x8b, 0x4, 0x2, 0x6, 0x1000, 0xeb3a, 0x0, 0x2, 0x0, 0x101, 0x4, 0xfffffff9, 0x8, 0x9, 0x5, 0xffff, 0xc, 0x9, 0xff, 0x0, 0x8792, 0xfffffffd, 0xce, 0x1000, 0x9, 0xbab, 0x2, 0x80, 0x9, 0x8, 0x8, 0x1, 0x0, 0x8, 0x2, 0x3, 0x2, 0x2, 0x3ff, 0x5, 0x9, 0x9603, 0x7, 0x5, 0x44, 0x9, 0x6, 0x52000000, 0x5, 0x1ff, 0x1, 0x81, 0x30, 0x3, 0x0, 0x9, 0x2, 0x6, 0x3ff, 0x6, 0x6df1, 0x0, 0x60b3, 0x0, 0xa, 0xffd, 0x2, 0x8, 0x2, 0x2, 0x8, 0x1000, 0x50, 0x8, 0x898, 0x3, 0x0, 0x79d8, 0x1d06, 0x7, 0x200, 0x8, 0x60, 0x5, 0x9, 0x6, 0x3ff, 0x8, 0xbd, 0x7, 0xd, 0x2, 0xff, 0xc39, 0xfffffa5f, 0x100, 0x5, 0x1, 0x5f66, 0xe, 0x0, 0x4, 0xfff, 0x8001, 0x9, 0x8, 0x1, 0x8001, 0x6, 0x8, 0x8001, 0x81, 0x68c, 0x5, 0x571, 0x2, 0x1, 0x3, 0x5, 0x5, 0x0, 0x1ff, 0x7, 0x3, 0x5, 0x600, 0x3, 0x10000, 0x3, 0x7ff, 0x401, 0x80, 0x6, 0x20, 0x8, 0xe, 0x1000, 0xffff, 0x101, 0x2, 0x1ff, 0x8001, 0x403, 0x7, 0x80000000, 0x24, 0xf5, 0x10000, 0xf7d4, 0x4, 0x1ff, 0x9, 0x2, 0x10001, 0x8, 0x2, 0x0, 0x10001, 0x1cd, 0xffffffff, 0xd, 0x7, 0xac8f, 0xfffffffa, 0x9, 0x0, 0x3, 0xc1c3, 0x4, 0x1, 0x5, 0x5, 0x8, 0x8, 0x8, 0x1, 0x80000005, 0x7ff, 0x5, 0x7fff, 0xb, 0x6, 0x5, 0x5, 0x4, 0x9, 0x9, 0x1, 0x8001, 0x7f76, 0x8, 0x5, 0x1, 0x9, 0x0, 0x0, 0x800, 0x3, 0xe145, 0x9, 0xe94, 0x7, 0x8, 0x3, 0xfffffff7, 0x7, 0x100, 0x5, 0x5, 0x4, 0x723d3593, 0x40, 0x1, 0x5, 0x5dd3, 0x0, 0xfff, 0x4, 0x0, 0xe184, 0x7, 0x9, 0xe163, 0x4800000, 0xffffea27, 0x7f, 0x4, 0x80, 0x2a7f957d, 0x9, 0x6, 0x7ff, 0x1, 0xbc, 0x8, 0xe, 0x7f, 0x623, 0x5, 0x317b, 0x8001, 0x9, 0x3ff, 0x7fffffff, 0x1ff, 0x74b6, 0x9, 0x1, 0xb57, 0x6, 0x0, 0x800, 0xd, 0x400, 0x99, 0x2, 0x7fff, 0xb2, 0xfffffffe, 0xcd8, 0x80, 0xfffffffe, 0xfffffff7, 0x1000, 0xd, 0x4, 0x1, 0x0, 0x6, 0xfff, 0x4, 0x5, 0x7f, 0x7, 0x5, 0x0, 0xffffff01, 0xffffffff, 0x8, 0x8, 0x0, 0x8, 0xfffffff9, 0x7, 0x1, 0x35, 0xfffffffe, 0x7, 0x4, 0x1, 0x4, 0x1, 0x6, 0x8, 0x6, 0x8000, 0xd5, 0x7, 0x4, 0x5, 0x4, 0x359, 0x9, 0xaa90, 0x6, 0x101, 0x81, 0x1, 0x7, 0x1ab, 0x3, 0x10, 0x10000, 0xa, 0x80008, 0x8, 0x2, 0x1, 0x80, 0x4, 0x40, 0x4, 0x5e, 0xac2, 0x6911977, 0x0, 0xd2a, 0x2, 0x1c000, 0xf, 0x7, 0x11, 0x6, 0x7, 0x6, 0x4, 0x10001, 0x6, 0xffffffff, 0x4b8c70f6, 0xff5a, 0x301b, 0x8, 0xaa26, 0x5, 0x10, 0x6cfc, 0x2, 0xa00000, 0x2, 0x366, 0x5, 0x1800, 0x0, 0x800, 0x9, 0x1, 0xb, 0x479a74a, 0x6, 0x3b, 0x8, 0x2, 0x4, 0xfff, 0x98f, 0x0, 0x6, 0x36, 0x6, 0x10, 0x1, 0x1000, 0x3ff, 0x5, 0x9e6, 0x7, 0x200, 0xb1, 0x8, 0x9, 0x4, 0x3, 0x9, 0xffffffff, 0xa2, 0x40, 0x0, 0x8, 0x9, 0x7, 0x8c, 0x4, 0x3, 0xb8c, 0x8, 0x0, 0x5, 0x2, 0x7fff, 0x9400, 0x6, 0x0, 0x9, 0x7, 0x100]}) 3m6.707047849s ago: executing program 3 (id=1239): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) 3m6.637538783s ago: executing program 3 (id=1232): r0 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) syz_usb_disconnect(r0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 3m5.250325998s ago: executing program 3 (id=1269): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x48101, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0x1e0003, 0x0, [0x10001, 0x2, 0x7f, 0x4, 0x8000, 0x3ff, 0x5, 0x9]}) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f00000001c0)={0x1, 0x0, [0x0, 0x7, 0x7, 0x3, 0x5, 0x6, 0xfff, 0x5]}) 3m5.1623952s ago: executing program 3 (id=1276): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x48) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x227) 3m5.068215086s ago: executing program 3 (id=1277): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000004, 0x28011, r1, 0x0) ftruncate(r1, 0x796c) ioctl$COMEDI_CMDTEST(r0, 0x8040640a, &(0x7f00000000c0)={0x1, 0x30000, 0x4, 0x3, 0x100, 0x6, 0x1, 0x5, 0x1, 0x1, 0x10, 0x0, &(0x7f0000000000), 0x0, 0x0}) 3m4.824664276s ago: executing program 3 (id=1283): mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = io_uring_setup(0x1694, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x11a}, 0x20) 3m4.792339609s ago: executing program 33 (id=1283): mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = io_uring_setup(0x1694, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x11a}, 0x20) 2m55.858637949s ago: executing program 5 (id=1440): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x14, 0x0, 0x1, 0x70bd2c, 0x4, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000804) 2m55.811173115s ago: executing program 5 (id=1441): sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) setresuid(0x0, 0xee01, 0xee00) setrlimit(0x40000000000008, &(0x7f0000000000)={0x2, 0x8d96}) r0 = shmget$private(0x0, 0x3000, 0x40, &(0x7f0000877000/0x3000)=nil) shmctl$SHM_LOCK(r0, 0xb) 2m55.795256341s ago: executing program 5 (id=1443): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100002d0001000000000000000000030100800c0000000000000000000000140001000000000000000000000000000000000150bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94"], 0x114}], 0x1}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xffffffffffffff8a}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056842bb002552d215f6", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e00000018000280140011"], 0x48}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 2m55.730399068s ago: executing program 5 (id=1445): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x48) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x227) 2m55.718252877s ago: executing program 5 (id=1447): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x18) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast}) 2m55.441752845s ago: executing program 5 (id=1450): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000200)=0x1, 0x12) rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') 2m55.387337958s ago: executing program 34 (id=1450): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000200)=0x1, 0x12) rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') 1.1675978s ago: executing program 6 (id=5029): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000005240)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x8000}], 0x1, 0x0) recvfrom$rose(r1, &(0x7f0000000640)=""/4096, 0x1000, 0x44, 0x0, 0x0) 1.167067734s ago: executing program 6 (id=5031): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e) getsockopt(r2, 0x111, 0x2, 0x0, &(0x7f0000000080)) 1.131794171s ago: executing program 6 (id=5034): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) close(r2) 1.085711404s ago: executing program 6 (id=5036): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="020000000000ffffffff"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000003b80)={0x3, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080)) 1.085584964s ago: executing program 6 (id=5037): r0 = socket$inet_udplite(0x2, 0x2, 0x88) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10) recvmmsg(r0, &(0x7f0000001d80)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x10002, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r1, 0x11, 0xa, &(0x7f0000000040)=0x4, 0x4) sendmsg(r1, &(0x7f0000002c40)={&(0x7f0000000140)=@in={0x2, 0x4e24, @empty}, 0x80, &(0x7f0000001780)=[{&(0x7f00000001c0)='k', 0x1}], 0x1}, 0x0) 886.051137ms ago: executing program 4 (id=5046): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 885.670265ms ago: executing program 4 (id=5048): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x45bd}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000000)) 819.830246ms ago: executing program 4 (id=5050): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="09000000070000000000010003"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_kthread_stop\x00', r1}, 0x10) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00b8"], 0x40}}, 0x0) 668.379166ms ago: executing program 4 (id=5058): setreuid(0xee01, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_clone(0x120e1100, 0x0, 0x13, 0x0, 0x0, 0x0) 643.751904ms ago: executing program 2 (id=5059): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000005080)=[{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000002c0)="88fcc8c7051aa143ee24f4817a4552c2c9e3bbaae509f989892e177283b12dbb5796eff18a8a95ee6d2f8a1220c232e57a7c46bb6f1a92c3e80edc9c707c73d3d6a16c462ec18452a3c044824adeb4750a33f8e50eb06646c0826359411ebf5b3f7f97881eab0eaae0baf4e0b10159d701b85f4239e3128789f09e16c3b127b34af1d7fa4148aa", 0x87}, {&(0x7f0000000380)="2b2d6826108a168b76c87ea7056f88ee224964a5e23bcedcd7d726a36da4badb3ccee70ad66bc25339bdd27c59c719c6a2276a2f050048a4b9db9c4f4b0ee86eea786866fa6b94ac976a21bd9a1111921284f794d21ae2591e98576f6a437d44ce35e9bf2e07d4d5045d92e940099125a54da8225b4c6ad3654a2b76e56ce1ab96f69190d088fb43ae3c763537a4ef324995a6841e6d76a2437acd0e3bd797470d9fbac53ccb1a2243d9e195ef4fa666fa28782016e405cd64d040fc46cd88275d53fd557cd8a11d22d55804aa9e212d58c8766739f3473a29c4917017d70db82d364645c64b", 0xe6}, {&(0x7f0000000040)="c62263ffb987988d13a215309607752bf3852346cf7eafd9462a6fb616f9b8e0df39112fb3827a9c9e1b83e90b8375d032", 0x31}, {&(0x7f0000000600)="63bef0b3b9aded33b0ab6935569152c3fb4ba0bdd711f4b6d4ffeda7d84c5df9fdfa198e88f13b1cf2aeaa4d0fbc1ee2154886729cbdfc04568e2cc759edd2b98bb4d45b3daa9cfafe18ed565cc1ae8a723392792f031aec2b7c635d5c0de36f8e19bd55a979cb4a510ec39aeae0d40b9d28772729d22ef4e2b7162556e7ab7f079399a034c9b7769213482eca15e44ed00150b42f36bdca124c300cf5bfa99c078f67b5a3314ca24e411ecbbc08f18e4c8a28535044dfdd04d569e527f0fa4799c216aed20dc92a03d703e50ecd8afaa005242bb1e774001de2ddabbc51b7526de812aaadd6d5faab124d319a0d", 0xee}, {&(0x7f0000000080)="dd5b4c4ac29d438db766ff0ea1bd63d274c6fce77ccff8f33f7b5adfe33fc7afe52249f5d86c48722f42f25301a0fd", 0x2f}, {&(0x7f0000000140)="816ed96acbb78c5e30e0bb5ee583ed992f523918ee67e385a58e5866324efb74b4dac2cd861ae104f44601f342417ad61dbfe28cd8c9daefc57d002e53444d", 0x3f}, {&(0x7f0000000540)="3ada86af7eb5212fd966ab8954bce4c0d97ecb93f6c89f363a2ce2f40c12ef908fcc9a898e4f80461381bd919aa51e98c99bd258eb31e0863a7f27cb15cf859eee65c49ee7518d9fde00b22e2c35b45dc58c980d21a668f732ee5e70f7211ee4", 0x60}, {&(0x7f0000000700)="d94883a65b5d289f36cb0cab54562b36a0a61a7db21d096191e812c3e57724401b3f25b78c514106f8d3e33b22cdedb90078771d719754e56e563bae49a03e76e4abd93b58124b5c85ffcd8e734fb6c3402e6840eb50fb16d4671358903a9eb7362c600914b601", 0x67}, {&(0x7f0000000180)="435323830901d32db852b504012d6333c7df5ac1f02fe81fc465dea0871ab5c89812cf5dacd80a90b237cec7ef5600312d90cbad163c83320f4656", 0x3b}, {&(0x7f0000000780)="9fe50a477255f0af869c268d6d8dd263a6a2e344d6fbf5717a3e44d75b551c412b7b7eafad8d942328b656a86e19cd0d7165f5e2c835c399ea46428ea234c4f15b5e8efe89b9db91410244ae9b824d8ecceb82de2e2910dea7d1bb9149cc3e8b86e81f4af113d5f71fef6dda8d07dd3032d06c40740ccdbe49e9d4e592966bd962e19d41faa341368c4b4b1a7635ee48965f89876c6f703bfb1e4434266226a07097a98cf2287e434b4d90012c525ae51f9bae9f9c3c79b99b4313760d764a9c1cf992c440043abc9a14d81c5bcb086e4297e5f029f87eb513215e525fcdeb300bbf7f11a1f8047ee64e1fd2069c035a8f7bc5808f9f56a01885eb911b0d8e9e3c227b22", 0x104}], 0xa, &(0x7f0000001800)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10, 0x20008880}], 0x1, 0x4048004) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 641.628905ms ago: executing program 4 (id=5060): socket$packet(0x11, 0xa, 0x300) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @val={0x0, 0x4, 0x11, 0x4, 0x0, 0xa6b9}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x2, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x3, 0x4}, 0x1, {0x8100}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x2}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7a) 580.064031ms ago: executing program 2 (id=5061): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000161000/0xf000)=nil, &(0x7f00001df000/0x3000)=nil, 0xf000, 0x2, 0x2}) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3) 579.766774ms ago: executing program 2 (id=5063): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000140)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x0, 0x0, @loopback, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000002c0)=@gcm_128={{0x303}, "0400", "0d00e8ffff1a8600", "cf0d00", "0400000000000100"}, 0x28) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000500)=@gcm_256={{0x304}, "bf394f82740c669a", "8b43d96c87113c0614095f9a17616eb1b43edc9771181ba883e5c81151a0fd21", "095870ab", "0a9ef6976142f647"}, 0x38) 546.569335ms ago: executing program 2 (id=5064): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg$unix(r1, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000280)=""/91, 0x5b}, {&(0x7f0000000580)=""/155, 0x9b}], 0x2}}], 0x1, 0x2001, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) 542.981709ms ago: executing program 4 (id=5066): r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000100)=[{&(0x7f00000006c0)="10", 0x1}], 0x1}, 0x24000900) sendmsg$inet(r0, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)='W', 0x1}], 0x1}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x4) recvmsg(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x10000) sendmsg$inet(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 538.63619ms ago: executing program 1 (id=5067): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @local}, 0x2}}, 0x2e) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x81, @mcast2, 0x5}, 0x1c) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f00000005c0)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e22, @remote}, 0x2, 0x4, 0x3, 0x3}}, 0x2e) 449.299251ms ago: executing program 1 (id=5068): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r0, 0x4) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)="4c000000140097f87059ae08060c040002ff0f020000000000001a350182fa73a69d35a21429b17cd02941601d60ffc0cca84708f7abca1b4e7d06a60300000072f750375ed08a5604000000", 0x4c}], 0x1}, 0x0) 449.160492ms ago: executing program 1 (id=5069): r0 = socket$inet(0x2, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 448.965029ms ago: executing program 2 (id=5070): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bf8200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 384.163114ms ago: executing program 2 (id=5071): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r1) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newqdisc={0x104, 0x24, 0x4ee4e6a52ff56e73, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0xd, 0xfff1}, {0xfff2, 0x3}, {0x0, 0xf}}, [@TCA_STAB={0xe0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x8, 0x7, 0x5, 0x7, 0x2, 0x0, 0x280000, 0x9}}, {0x16, 0x2, [0xbda, 0x3, 0x2, 0x9, 0xfff, 0xd, 0x2, 0x8, 0x7]}}, {{0x1c, 0x1, {0x3e, 0x6, 0x6, 0xfd, 0x0, 0x5, 0xd12, 0x7}}, {0x12, 0x2, [0xc8b, 0x1ff, 0x40, 0x6, 0x5, 0x1000, 0x0]}}, {{0x1c, 0x1, {0x10, 0xff, 0x17ed, 0x8, 0x0, 0x3, 0xffff, 0x5}}, {0xe, 0x2, [0x9, 0x80, 0x3, 0x5, 0x79a]}}, {{0x1c, 0x1, {0x3, 0x7, 0x4, 0xe0, 0x2, 0x5, 0xed, 0x5}}, {0xe, 0x2, [0xa57, 0x87, 0x0, 0x6, 0xff]}}, {{0x1c, 0x1, {0xd, 0x3, 0x10, 0x3, 0x0, 0x101, 0xaa21}}, {0x4}}]}]}, 0x104}}, 0x0) 383.666669ms ago: executing program 1 (id=5072): r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup_pressure(r1, &(0x7f0000000040)='memory.pressure\x00', 0x2, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sendfile64(r3, r2, 0x0, 0x8) 381.551996ms ago: executing program 1 (id=5073): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x40282, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000044402, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0) ioctl$EVIOCGMASK(r2, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"}) ioctl$FS_IOC_RESVSP(r0, 0x402c5839, &(0x7f00000004c0)={0x0, 0x2, 0x0, 0x400}) 190.103862ms ago: executing program 6 (id=5074): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) fcntl$setstatus(r2, 0x4, 0x2000) syz_usb_disconnect(r1) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=5075): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d00, 0x0, 0x9}]}) 0s ago: executing program 1 (id=5077): syz_usb_connect(0x4, 0x0, 0x0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xf0ff}}]}) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) kernel console output (not intermixed with test programs): nfig 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.081211][ T53] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 159.085170][ T53] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 159.090236][ T53] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 159.093826][ T53] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.098416][ T53] usb 11-1: config 0 descriptor?? [ 159.284786][ T59] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 159.434630][ T59] usb 9-1: Using ep0 maxpacket: 8 [ 159.439617][ T59] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 159.442447][ T59] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.446160][ T59] usb 9-1: Product: syz [ 159.447503][ T59] usb 9-1: Manufacturer: syz [ 159.448961][ T59] usb 9-1: SerialNumber: syz [ 159.451834][ T59] usb 9-1: config 0 descriptor?? [ 159.515869][ T53] plantronics 0003:047F:FFFF.0027: reserved main item tag 0xd [ 159.521428][ T53] plantronics 0003:047F:FFFF.0027: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 159.663282][ T59] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 159.668450][ T59] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 159.674407][ T59] usb 9-1: USB disconnect, device number 11 [ 159.779800][ T6014] usb 11-1: USB disconnect, device number 7 [ 160.742661][T11505] syzkaller1: entered promiscuous mode [ 160.744494][T11505] syzkaller1: entered allmulticast mode [ 160.764607][ T40] audit: type=1326 audit(1755010502.253:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11460 comm="syz.2.2179" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7fc00000 [ 160.791578][T11511] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 160.796690][T11511] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 161.204333][T11552] syzkaller1: entered promiscuous mode [ 161.206438][T11552] syzkaller1: entered allmulticast mode [ 161.636404][T11573] netlink: 'syz.4.2233': attribute type 12 has an invalid length. [ 161.639597][T11573] netlink: 'syz.4.2233': attribute type 29 has an invalid length. [ 161.642817][T11573] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2233'. [ 161.842507][ T40] audit: type=1326 audit(1755010503.333:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11541 comm="syz.1.2219" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7fc00000 [ 161.964612][ T6014] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 162.137480][ T6014] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 162.141893][ T6014] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 162.146054][ T6014] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 162.149800][ T6014] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.158312][T11583] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 162.163147][ T6014] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 162.391037][ T6014] usb 9-1: USB disconnect, device number 12 [ 162.891141][ T40] audit: type=1326 audit(1755010504.383:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11614 comm="syz.6.2252" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000 [ 162.961715][ T40] audit: type=1326 audit(1755010504.453:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11622 comm="syz.1.2255" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7fc00000 [ 162.997354][T11637] loop5: detected capacity change from 0 to 13711 [ 163.012169][ T6108] Buffer I/O error on dev loop5, logical block 1713, async page read [ 163.015015][T11637] loop5: detected capacity change from 13711 to 17927 [ 163.020555][T11640] pim6reg1: entered promiscuous mode [ 163.022870][T11640] pim6reg1: entered allmulticast mode [ 163.024344][ T6108] Buffer I/O error on dev loop5, logical block 2240, async page read [ 163.094107][T11644] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2265'. [ 163.346480][T11680] loop5: detected capacity change from 0 to 12263 [ 163.352503][T11680] loop5: detected capacity change from 12263 to 13943 [ 163.359855][ T6108] Buffer I/O error on dev loop5, logical block 1742, async page read [ 163.371124][ T6108] Buffer I/O error on dev loop5, logical block 1742, async page read [ 163.602352][T11721] loop8: detected capacity change from 0 to 8 [ 163.609113][ T6108] Dev loop8: unable to read RDB block 8 [ 163.611397][ T6108] loop8: unable to read partition table [ 163.613802][ T6108] loop8: partition table beyond EOD, truncated [ 163.618512][T11721] Dev loop8: unable to read RDB block 8 [ 163.620382][T11721] loop8: unable to read partition table [ 163.622653][T11721] loop8: partition table beyond EOD, truncated [ 163.625332][T11721] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 163.712680][T11733] loop5: detected capacity change from 0 to 13535 [ 163.721924][ T6108] Buffer I/O error on dev loop5, logical block 1691, async page read [ 163.724415][T11733] loop5: detected capacity change from 13535 to 15751 [ 163.734967][ T6108] Buffer I/O error on dev loop5, logical block 1968, async page read [ 163.904409][T11749] loop5: detected capacity change from 0 to 13495 [ 163.912142][ T6108] Buffer I/O error on dev loop5, logical block 1686, async page read [ 163.920268][T11749] loop5: detected capacity change from 13495 to 16567 [ 163.928893][ T6108] Buffer I/O error on dev loop5, logical block 2070, async page read [ 164.209973][ T9890] hid_parser_main: 15 callbacks suppressed [ 164.209986][ T9890] hid-generic 0000:0000:0000.0028: unknown main item tag 0x0 [ 164.218909][ T9890] hid-generic 0000:0000:0000.0028: hidraw1: HID v0.00 Device [syz1] on syz0 [ 165.025986][ T6014] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 165.144818][ T10] usb 11-1: new high-speed USB device number 8 using dummy_hcd [ 165.194713][ T6014] usb 7-1: Using ep0 maxpacket: 16 [ 165.198588][ T6014] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.202269][ T6014] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.208421][ T6014] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 165.213703][ T6014] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 165.218067][ T6014] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.223028][ T6014] usb 7-1: config 0 descriptor?? [ 165.316600][ T10] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 165.319397][ T10] usb 11-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 165.322628][ T10] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 165.325567][ T10] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 165.329001][ T10] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 165.333828][ T10] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 165.336716][ T10] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 165.339269][ T10] usb 11-1: Product: syz [ 165.340653][ T10] usb 11-1: Manufacturer: syz [ 165.348645][ T10] cdc_wdm 11-1:1.0: skipping garbage [ 165.350400][ T10] cdc_wdm 11-1:1.0: skipping garbage [ 165.353429][ T10] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device [ 165.355447][ T10] cdc_wdm 11-1:1.0: Unknown control protocol [ 165.557478][ T9890] usb 11-1: USB disconnect, device number 8 [ 165.636473][ T6014] input: HID 0955:7214 Haptics as /devices/virtual/input/input35 [ 165.649295][ T6014] shield 0003:0955:7214.0029: Registered Thunderstrike controller [ 165.651916][ T6014] shield 0003:0955:7214.0029: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 165.838122][ T1023] shield 0003:0955:7214.0029: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 165.842635][ T10] usb 7-1: USB disconnect, device number 18 [ 165.846082][ T1023] shield 0003:0955:7214.0029: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 165.850443][ T1023] shield 0003:0955:7214.0029: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 165.853946][ T1023] shield 0003:0955:7214.0029: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 166.155018][T11855] sit0: entered promiscuous mode [ 166.160494][T11855] netlink: 'syz.1.2357': attribute type 1 has an invalid length. [ 166.163028][T11855] netlink: 1 bytes leftover after parsing attributes in process `syz.1.2357'. [ 166.208055][T11861] hub 6-0:1.0: USB hub found [ 166.209844][T11861] hub 6-0:1.0: 1 port detected [ 166.238309][T11865] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2362'. [ 166.250103][T11865] 8021q: adding VLAN 0 to HW filter on device bond1 [ 166.290371][T11872] input: syz0 as /devices/virtual/input/input36 [ 166.387566][T11884] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2371'. [ 166.425071][T11888] hub 6-0:1.0: USB hub found [ 166.426811][T11888] hub 6-0:1.0: 1 port detected [ 166.508741][T11907] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2383'. [ 166.533967][T11909] sit0: entered promiscuous mode [ 166.538968][T11909] netlink: 'syz.6.2384': attribute type 1 has an invalid length. [ 166.541439][T11909] netlink: 1 bytes leftover after parsing attributes in process `syz.6.2384'. [ 166.585754][T11921] unknown channel width for channel at 909000KHz? [ 166.589497][T11924] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2390'. [ 166.603896][T11924] 8021q: adding VLAN 0 to HW filter on device bond1 [ 166.804881][T11956] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2405'. [ 166.816646][T11956] 8021q: adding VLAN 0 to HW filter on device bond2 [ 167.304692][ T1023] usb 11-1: new high-speed USB device number 9 using dummy_hcd [ 167.454755][ T1023] usb 11-1: Using ep0 maxpacket: 16 [ 167.459522][ T1023] usb 11-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 167.462534][ T1023] usb 11-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 167.466131][ T1023] usb 11-1: Product: syz [ 167.467983][ T1023] usb 11-1: Manufacturer: syz [ 167.469515][ T1023] usb 11-1: SerialNumber: syz [ 167.475271][ T1023] usb 11-1: config 0 descriptor?? [ 167.548824][T12006] 9pnet: p9_errstr2errno: server reported unknown error @cF S+v3c/f [ 167.682775][ T53] usb 11-1: USB disconnect, device number 9 [ 167.726519][ T9890] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 167.730579][ T9890] hid-generic 0000:0000:0000.002A: hidraw1: HID v0.00 Device [syz1] on syz0 [ 167.797803][T12022] unknown channel width for channel at 909000KHz? [ 168.050078][T12042] netlink: 'syz.4.2445': attribute type 11 has an invalid length. [ 168.594765][ T841] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 168.597177][T12081] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2463'. [ 168.705427][T12088] 9pnet: p9_errstr2errno: server reported unknown error @cF S+v3c/f [ 168.776889][ T841] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 168.779773][ T841] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 168.783540][ T841] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 168.786465][ T59] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 168.788899][ T841] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 168.792556][ T841] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 168.804155][ T841] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 168.807313][ T841] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 168.809884][ T841] usb 6-1: Product: syz [ 168.811239][ T841] usb 6-1: Manufacturer: syz [ 168.817376][ T841] cdc_wdm 6-1:1.0: skipping garbage [ 168.819220][ T841] cdc_wdm 6-1:1.0: skipping garbage [ 168.827271][ T841] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 168.829234][ T841] cdc_wdm 6-1:1.0: Unknown control protocol [ 168.964658][ T59] usb 9-1: Using ep0 maxpacket: 16 [ 168.968980][ T59] usb 9-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 168.971792][ T59] usb 9-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 168.974620][ T59] usb 9-1: Product: syz [ 168.975944][ T59] usb 9-1: Manufacturer: syz [ 168.977388][ T59] usb 9-1: SerialNumber: syz [ 168.980388][ T59] usb 9-1: config 0 descriptor?? [ 169.022825][ T59] usb 6-1: USB disconnect, device number 19 [ 169.189216][ T59] usb 9-1: USB disconnect, device number 13 [ 169.323646][T12121] netlink: 'syz.6.2481': attribute type 11 has an invalid length. [ 169.355165][T12125] pim6reg1: entered allmulticast mode [ 169.660275][T12149] input: syz1 as /devices/virtual/input/input37 [ 169.944745][ T53] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 170.030544][T12171] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2503'. [ 170.106077][ T53] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 170.109543][ T53] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 170.113695][ T53] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 170.117864][ T53] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 170.122406][ T53] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 170.128153][ T53] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 170.131065][ T53] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 170.133759][ T53] usb 7-1: Product: syz [ 170.135525][ T53] usb 7-1: Manufacturer: syz [ 170.139731][ T53] cdc_wdm 7-1:1.0: skipping garbage [ 170.141380][ T53] cdc_wdm 7-1:1.0: skipping garbage [ 170.144920][ T53] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 170.147357][ T53] cdc_wdm 7-1:1.0: Unknown control protocol [ 170.347104][ T6040] usb 7-1: USB disconnect, device number 19 [ 170.359987][T12191] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2514'. [ 170.362781][T12191] netlink: 'syz.6.2514': attribute type 30 has an invalid length. [ 170.370149][ T1057] netdevsim netdevsim6 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.372796][ T1057] netdevsim netdevsim6 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.376131][ T1057] netdevsim netdevsim6 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.379448][ T1057] netdevsim netdevsim6 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.398103][T12193] netlink: 'syz.4.2515': attribute type 19 has an invalid length. [ 171.056430][T12260] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2547'. [ 171.922532][T12352] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2588'. [ 172.024740][ T53] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 172.194610][ T53] usb 7-1: Using ep0 maxpacket: 8 [ 172.199412][ T53] usb 7-1: config 0 interface 0 has no altsetting 0 [ 172.201913][ T53] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 172.205710][ T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.210160][ T53] usb 7-1: config 0 descriptor?? [ 172.624221][ T53] mcp2221 0003:04D8:00DD.002B: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 172.823449][ T59] usb 7-1: USB disconnect, device number 20 [ 173.635698][T12474] overlayfs: upper fs does not support tmpfile. [ 173.864693][ T10] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 174.024634][ T10] usb 9-1: Using ep0 maxpacket: 8 [ 174.027701][ T10] usb 9-1: config 0 interface 0 has no altsetting 0 [ 174.030123][ T10] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 174.033249][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.038934][ T10] usb 9-1: config 0 descriptor?? [ 174.458872][ T10] mcp2221 0003:04D8:00DD.002C: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 174.500602][T12524] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2662'. [ 174.505057][T12524] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2662'. [ 174.527485][T12528] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 174.657144][ T10] usb 9-1: USB disconnect, device number 14 [ 174.707945][T12553] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2671'. [ 174.712487][T12553] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2671'. [ 174.739461][T12559] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2673'. [ 175.007578][T12587] nbd: device at index 2 is going down [ 175.025610][T12591] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 175.142115][T12609] 8021q: VLANs not supported on lo [ 175.200880][T12617] netlink: 48 bytes leftover after parsing attributes in process `syz.6.2698'. [ 175.307776][T12622] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2700'. [ 175.312226][T12622] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2700'. [ 175.436596][ T841] usb 9-1: new low-speed USB device number 15 using dummy_hcd [ 175.605891][ T841] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 175.608250][ T841] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 175.611694][ T841] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 175.620285][ T841] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 175.623906][ T841] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 175.628786][ T841] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 175.631139][ T841] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 175.634483][ T841] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 175.638716][ T841] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 175.642258][ T841] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 175.646799][ T841] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 175.649129][ T841] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 175.652498][ T841] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 175.659218][ T841] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 175.662676][ T841] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 175.669115][ T841] usb 9-1: string descriptor 0 read error: -22 [ 175.671104][ T841] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 175.673910][ T841] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.682427][ T841] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 175.965523][ T10] usb 9-1: USB disconnect, device number 15 [ 176.294629][ T53] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 176.454656][ T53] usb 6-1: Using ep0 maxpacket: 8 [ 176.462559][ T53] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 176.465255][ T53] usb 6-1: config 179 has no interface number 0 [ 176.467277][ T53] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 176.471260][ T53] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 176.475810][ T53] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 176.479370][ T53] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 176.482969][ T53] usb 6-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 176.487392][ T53] usb 6-1: config 179 interface 65 has no altsetting 0 [ 176.489590][ T53] usb 6-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 176.492483][ T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.508327][ T53] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:179.65/input/input38 [ 176.556865][ T5370] input input38: unable to receive magic message: -110 [ 176.563422][ T5370] input input38: unable to receive magic message: -32 [ 176.567038][ T5370] input input38: unable to receive magic message: -32 [ 176.570772][ T5370] input input38: unable to receive magic message: -32 [ 176.575376][ T5370] input input38: unable to receive magic message: -32 [ 176.581339][ T5370] input input38: unable to receive magic message: -32 [ 176.586128][ T5370] input input38: unable to receive magic message: -32 [ 176.708578][T12670] input input38: unable to receive magic message: -32 [ 176.714160][ T9890] usb 6-1: USB disconnect, device number 20 [ 176.716562][ C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 177.262499][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804fe62000: rx timeout, send abort [ 177.266660][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88804fe62000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 177.362707][T12735] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2755'. [ 177.366853][T12735] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2755'. [ 177.369618][T12735] netlink: 'syz.4.2755': attribute type 18 has an invalid length. [ 177.954114][T12801] syzkaller1: entered promiscuous mode [ 177.956748][T12801] syzkaller1: entered allmulticast mode [ 179.124675][ T6021] usb 9-1: new high-speed USB device number 16 using dummy_hcd [ 179.164716][ T6040] usb 7-1: new low-speed USB device number 21 using dummy_hcd [ 179.274746][ T6021] usb 9-1: Using ep0 maxpacket: 8 [ 179.282071][ T6021] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 179.285527][ T6021] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 179.288321][ T6021] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 179.291798][ T6021] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 179.295743][ T6021] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 179.298908][ T6021] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.307104][ T6021] hub 9-1:1.0: bad descriptor, ignoring hub [ 179.309148][ T6021] hub 9-1:1.0: probe with driver hub failed with error -5 [ 179.311718][ T6021] cdc_wdm 9-1:1.0: skipping garbage [ 179.313427][ T6021] cdc_wdm 9-1:1.0: skipping garbage [ 179.318137][ T6040] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 179.320715][ T6040] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 179.324215][ T6021] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 179.326393][ T6021] cdc_wdm 9-1:1.0: Unknown control protocol [ 179.331874][ T6040] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 179.336593][ T6040] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 179.340339][ T6040] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 179.346237][ T6040] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 179.348566][ T6040] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 179.352262][ T6040] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 179.356594][ T6040] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 179.360787][ T6040] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 179.366143][ T6040] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 179.368476][ T6040] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 179.371905][ T6040] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 179.375602][ T6040] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 179.379155][ T6040] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 179.384965][ T6040] usb 7-1: string descriptor 0 read error: -22 [ 179.387898][ T6040] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 179.390840][ T6040] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.397421][ T6040] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 179.511382][T12880] input input39: cannot allocate more than FF_MAX_EFFECTS effects [ 179.768321][T12867] usb 9-1: reset high-speed USB device number 16 using dummy_hcd [ 179.926445][T12867] usb 9-1: device firmware changed [ 179.930389][T12867] cdc_wdm 9-1:1.0: Error autopm - -16 [ 179.932628][ T6040] usb 9-1: USB disconnect, device number 16 [ 179.932633][T12871] cdc_wdm 9-1:1.0: Error autopm - -16 [ 179.944097][ T6021] usb 7-1: USB disconnect, device number 21 [ 180.008937][T12912] input input40: cannot allocate more than FF_MAX_EFFECTS effects [ 180.044618][ T40] audit: type=1326 audit(1755010521.533:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12915 comm="syz.2.2833" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0 [ 180.244757][ T6040] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 180.404843][ T6040] usb 9-1: Using ep0 maxpacket: 8 [ 180.407867][ T6040] usb 9-1: config 0 has no interfaces? [ 180.410436][ T6040] usb 9-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 180.413213][ T6040] usb 9-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 180.416504][ T6040] usb 9-1: Product: syz [ 180.421130][ T6040] usb 9-1: config 0 descriptor?? [ 180.625212][ T59] usb 9-1: USB disconnect, device number 17 [ 180.870706][T12945] bond0: entered promiscuous mode [ 180.872367][T12945] bond_slave_0: entered promiscuous mode [ 180.874242][T12945] bond_slave_1: entered promiscuous mode [ 180.878621][T12945] batadv0: entered promiscuous mode [ 180.880860][T12945] debugfs: 'hsr1' already exists in 'hsr' [ 180.882687][T12945] Cannot create hsr debugfs directory [ 180.884743][T12945] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 180.887611][T12945] bond0: left promiscuous mode [ 180.889664][T12945] bond_slave_0: left promiscuous mode [ 180.891518][T12945] bond_slave_1: left promiscuous mode [ 180.894595][T12945] batadv0: left promiscuous mode [ 181.500096][ T40] audit: type=1326 audit(1755010522.993:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12965 comm="syz.1.2856" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x0 [ 181.584738][ T6021] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 181.725357][T12979] kvm: apic: phys broadcast and lowest prio [ 181.734605][ T6021] usb 9-1: Using ep0 maxpacket: 16 [ 181.737623][ T6021] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 181.740872][ T6021] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.744330][ T6021] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 181.747460][ T6021] usb 9-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 181.752388][ T6021] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 181.755539][ T6021] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 181.758592][ T6021] usb 9-1: SerialNumber: syz [ 181.763317][ T6021] hub 9-1:1.0: bad descriptor, ignoring hub [ 181.765295][ T6021] hub 9-1:1.0: probe with driver hub failed with error -5 [ 181.768018][ T6021] cdc_ether 9-1:1.0: probe with driver cdc_ether failed with error -22 [ 182.104700][ T10] usb 11-1: new high-speed USB device number 10 using dummy_hcd [ 182.274748][ T10] usb 11-1: Using ep0 maxpacket: 8 [ 182.287985][ T10] usb 11-1: config index 0 descriptor too short (expected 301, got 45) [ 182.290552][ T10] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 182.303197][ T10] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 182.306295][ T10] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 182.309354][ T10] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 182.313365][ T10] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 182.316268][ T10] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.525596][ T10] usb 11-1: usb_control_msg returned -32 [ 182.527468][ T10] usbtmc 11-1:16.0: can't read capabilities [ 182.762699][T13016] netlink: 27 bytes leftover after parsing attributes in process `syz.2.2877'. [ 182.826567][T13025] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2881'. [ 182.883352][T13029] usbtmc 11-1:16.0: usb_control_msg returned -32 [ 182.886661][ T53] usb 11-1: USB disconnect, device number 10 [ 182.931840][ T9890] kernel write not supported for file [eventfd] (pid: 9890 comm: kworker/1:5) [ 182.999284][ T40] audit: type=1326 audit(1755010524.493:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13044 comm="syz.1.2891" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 183.006060][ T40] audit: type=1326 audit(1755010524.493:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13044 comm="syz.1.2891" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 183.012724][ T40] audit: type=1326 audit(1755010524.493:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13044 comm="syz.1.2891" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 183.019920][ T40] audit: type=1326 audit(1755010524.493:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13044 comm="syz.1.2891" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 183.027101][ T40] audit: type=1326 audit(1755010524.503:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13044 comm="syz.1.2891" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 183.033616][ T40] audit: type=1326 audit(1755010524.503:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13044 comm="syz.1.2891" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 183.040517][ T40] audit: type=1326 audit(1755010524.503:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13044 comm="syz.1.2891" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 183.047178][ T40] audit: type=1326 audit(1755010524.503:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13044 comm="syz.1.2891" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 183.614387][T13080] netlink: 27 bytes leftover after parsing attributes in process `syz.1.2905'. [ 183.669963][T13092] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2909'. [ 184.276268][ T59] usb 9-1: USB disconnect, device number 18 [ 184.355700][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 184.484935][ T5986] Bluetooth: hci4: sending frame failed (-49) [ 184.488940][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 185.270060][ T53] usb 9-1: new high-speed USB device number 19 using dummy_hcd [ 185.379954][ T6040] kernel write not supported for file /comedi4 (pid: 6040 comm: kworker/2:4) [ 185.454642][ T53] usb 9-1: Using ep0 maxpacket: 16 [ 185.457714][ T53] usb 9-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 185.460890][ T53] usb 9-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 185.464275][ T53] usb 9-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 185.468651][ T53] usb 9-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 185.472606][ T53] usb 9-1: config 7 interface 0 has no altsetting 0 [ 185.474884][ T53] usb 9-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 185.477702][ T53] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.905715][ T53] input: HID 0458:5010 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:7.0/0003:0458:5010.002D/input/input41 [ 185.920401][ T53] kye 0003:0458:5010.002D: input,hiddev0,hidraw1: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.4-1/input0 [ 187.025861][ C1] kye 0003:0458:5010.002D: usb_submit_urb(ctrl) failed: -1 [ 187.572395][ T40] kauditd_printk_skb: 295 callbacks suppressed [ 187.572407][ T40] audit: type=1326 audit(1755010529.063:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13180 comm="syz.4.2946" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 187.584648][ T40] audit: type=1326 audit(1755010529.073:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13180 comm="syz.4.2946" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 187.591332][ T40] audit: type=1326 audit(1755010529.073:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13180 comm="syz.4.2946" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 187.598476][ T40] audit: type=1326 audit(1755010529.073:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13180 comm="syz.4.2946" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 187.605274][ T40] audit: type=1326 audit(1755010529.073:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13180 comm="syz.4.2946" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 187.612532][ T40] audit: type=1326 audit(1755010529.073:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13180 comm="syz.4.2946" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 187.619678][ T40] audit: type=1326 audit(1755010529.073:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13180 comm="syz.4.2946" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 187.627247][ T40] audit: type=1326 audit(1755010529.073:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13180 comm="syz.4.2946" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fa8598 code=0x7ffc0000 [ 187.634863][ T40] audit: type=1326 audit(1755010529.073:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13180 comm="syz.4.2946" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 187.641483][ T40] audit: type=1326 audit(1755010529.073:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13180 comm="syz.4.2946" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 187.648630][T13192] syzkaller1: entered promiscuous mode [ 187.650482][T13192] syzkaller1: entered allmulticast mode [ 188.074698][ T29] usb 9-1: reset high-speed USB device number 19 using dummy_hcd [ 188.155476][ T6021] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 188.235087][ T29] usb 9-1: device firmware changed [ 188.238268][ T53] usb 9-1: USB disconnect, device number 19 [ 188.325298][ T6021] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 188.328161][ T6021] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.330654][ T6021] usb 6-1: Product: syz [ 188.331975][ T6021] usb 6-1: Manufacturer: syz [ 188.333432][ T6021] usb 6-1: SerialNumber: syz [ 188.338439][ T6021] usb 6-1: config 0 descriptor?? [ 188.374680][ T53] usb 9-1: new high-speed USB device number 20 using dummy_hcd [ 188.525610][ T53] usb 9-1: Using ep0 maxpacket: 16 [ 188.528485][ T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.531852][ T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 188.535204][ T53] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 188.539166][ T53] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 188.541966][ T53] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.552357][ T841] usb 6-1: USB disconnect, device number 22 [ 188.554492][ T53] usb 9-1: config 0 descriptor?? [ 188.969565][ T53] shield 0003:0955:7214.002E: unknown main item tag 0x0 [ 188.970662][T13265] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2987'. [ 188.971686][ T53] shield 0003:0955:7214.002E: unknown main item tag 0x0 [ 188.977654][ T53] shield 0003:0955:7214.002E: unknown main item tag 0x0 [ 188.980159][ T53] shield 0003:0955:7214.002E: unknown main item tag 0x0 [ 188.980485][T13265] netlink: 'syz.2.2987': attribute type 1 has an invalid length. [ 188.982343][ T53] shield 0003:0955:7214.002E: unknown main item tag 0x0 [ 188.985974][T13265] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2987'. [ 188.989317][ T53] input: HID 0955:7214 Haptics as /devices/virtual/input/input42 [ 189.012039][ T53] shield 0003:0955:7214.002E: Registered Thunderstrike controller [ 189.015264][ T53] shield 0003:0955:7214.002E: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 189.175161][ T53] shield 0003:0955:7214.002E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 189.178713][ T29] usb 9-1: USB disconnect, device number 20 [ 189.182868][ T53] shield 0003:0955:7214.002E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 189.187022][ T53] shield 0003:0955:7214.002E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 189.190443][ T53] shield 0003:0955:7214.002E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 189.396226][T13293] syzkaller1: entered promiscuous mode [ 189.398166][T13293] syzkaller1: entered allmulticast mode [ 189.412236][T13295] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3000'. [ 189.417123][T13295] netlink: 'syz.1.3000': attribute type 1 has an invalid length. [ 189.419554][T13295] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3000'. [ 189.802651][T13321] bridge0: port 3(veth0_to_bridge) entered blocking state [ 189.805682][T13321] bridge0: port 3(veth0_to_bridge) entered disabled state [ 189.808027][T13321] veth0_to_bridge: entered allmulticast mode [ 189.810663][T13321] veth0_to_bridge: entered promiscuous mode [ 189.812594][T13321] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 189.817879][ T1143] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.994788][ T61] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 190.148807][ T61] usb 9-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 190.154677][ T61] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.157191][ T61] usb 9-1: Product: syz [ 190.158512][ T61] usb 9-1: Manufacturer: syz [ 190.159975][ T61] usb 9-1: SerialNumber: syz [ 190.168203][ T61] usb 9-1: config 0 descriptor?? [ 190.284300][T13340] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3019'. [ 190.290727][T13340] ipvlan2: entered promiscuous mode [ 190.377908][ T29] usb 9-1: USB disconnect, device number 21 [ 191.108941][T13352] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3023'. [ 191.115749][T13352] netlink: 'syz.4.3023': attribute type 1 has an invalid length. [ 191.118164][T13352] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3023'. [ 192.368042][T13397] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3041'. [ 192.374332][T13397] ipvlan2: entered promiscuous mode [ 192.519805][T13416] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3054'. [ 192.766950][T13448] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3069'. [ 193.014674][ T841] usb 9-1: new full-speed USB device number 22 using dummy_hcd [ 193.089012][T13480] "syz.2.3085" (13480) uses obsolete ecb(arc4) skcipher [ 193.179907][ T841] usb 9-1: unable to read config index 0 descriptor/start: -71 [ 193.182896][ T841] usb 9-1: can't read configurations, error -71 [ 193.782786][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.786567][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.864406][T13529] loop7: detected capacity change from 0 to 7 [ 193.980311][T12929] Dev loop7: unable to read RDB block 7 [ 193.982344][T12929] loop7: unable to read partition table [ 193.983406][ C2] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 193.984265][T12929] loop7: partition table beyond EOD, [ 193.987339][ C2] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 193.989445][ C2] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 193.994098][T12929] truncated [ 193.994801][ C2] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 194.088862][T13552] overlayfs: invalid origin (00000000d1d3e81a820eee8a94416592a5356da96db48150eae08457fbc30ece5e7e7e318cb2b4b2f8bddb73e65c239a40942f00000000000000000000000000) [ 194.111704][T13529] Dev loop7: unable to read RDB block 7 [ 194.114207][T13529] loop7: unable to read partition table [ 194.116949][T13529] loop7: partition table beyond EOD, truncated [ 194.119234][T13529] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 194.142759][T13556] binder: BINDER_SET_CONTEXT_MGR already set [ 194.146804][T13556] binder: 13555:13556 ioctl 4018620d 80000040 returned -16 [ 194.306325][ T841] kernel read not supported for file /dsp (pid: 841 comm: kworker/3:2) [ 194.310566][T13574] input: syz0 as /devices/virtual/input/input43 [ 194.619596][T13604] bridge1: entered allmulticast mode [ 195.519867][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805f100800: rx timeout, send abort [ 195.522864][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f100800: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 195.723997][T13638] binder: BINDER_SET_CONTEXT_MGR already set [ 195.726717][T13638] binder: 13637:13638 ioctl 4018620d 80000040 returned -16 [ 195.760019][T13642] input: syz0 as /devices/virtual/input/input44 [ 195.799430][T13646] overlayfs: invalid origin (00000000d1d3e81a820eee8a94416592a5356da96db48150eae08457fbc30ece5e7e7e318cb2b4b2f8bddb73e65c239a40942f00000000000000000000000000) [ 195.814308][T13648] loop7: detected capacity change from 0 to 7 [ 195.923699][T13648] Dev loop7: unable to read RDB block 7 [ 195.923814][ C0] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 195.925647][T13648] loop7: unable to read partition table [ 195.928552][ C0] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 195.930507][T13648] loop7: partition table beyond EOD, truncated [ 195.934007][ C3] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 195.936577][T13648] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 195.938274][ C3] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 196.052714][ T5385] Dev loop7: unable to read RDB block 7 [ 196.054664][ T5385] loop7: unable to read partition table [ 196.056578][ T5385] loop7: partition table beyond EOD, truncated [ 196.359002][T13684] loop7: detected capacity change from 0 to 7 [ 196.422765][T13693] input: syz0 as /devices/virtual/input/input45 [ 196.450700][ C2] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 196.453812][ C2] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 196.454717][T13684] Dev loop7: unable to read RDB block 7 [ 196.458444][ C1] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 196.459022][T13684] loop7: unable to read partition table [ 196.462414][ C1] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 196.464285][T13684] loop7: partition table beyond EOD, truncated [ 196.468828][T13684] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 198.606392][T13725] input: syz0 as /devices/virtual/input/input46 [ 199.172927][ T61] kernel read not supported for file /dsp (pid: 61 comm: kworker/2:1) [ 199.948299][ T61] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 200.100707][ T61] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.104188][ T61] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.108330][ T61] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 200.113727][ T61] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 200.118140][ T61] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.123495][ T61] usb 6-1: config 0 descriptor?? [ 200.292467][T13796] input: syz0 as /devices/virtual/input/input47 [ 200.533675][ T61] plantronics 0003:047F:FFFF.002F: reserved main item tag 0xd [ 200.539603][ T61] plantronics 0003:047F:FFFF.002F: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 200.658416][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804c18b800: rx timeout, send abort [ 200.661116][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88804c18b800: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 201.273671][T13860] nullb0: AHDI p1 [ 202.605836][ T59] usb 6-1: USB disconnect, device number 23 [ 202.703293][ T40] kauditd_printk_skb: 60 callbacks suppressed [ 202.703304][ T40] audit: type=1326 audit(1755010544.193:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13900 comm="syz.6.3266" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf7fe5579 code=0x0 [ 203.359809][T13915] nullb0: AHDI p1 [ 203.568917][T13937] nullb0: AHDI p1 [ 203.607969][T13944] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 206.360182][T13975] nullb0: AHDI p1 [ 206.645978][T14003] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 207.392226][T14037] all: renamed from bridge_slave_0 (while UP) [ 208.932219][T14082] netlink: 'syz.1.3339': attribute type 5 has an invalid length. [ 208.935480][T14082] netlink: 'syz.1.3339': attribute type 11 has an invalid length. [ 209.010590][T14094] __nla_validate_parse: 1 callbacks suppressed [ 209.010602][T14094] netlink: 164 bytes leftover after parsing attributes in process `syz.2.3348'. [ 209.214892][T14115] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3355'. [ 209.449909][T14141] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 209.522390][T14149] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3372'. [ 209.609671][T14152] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3382'. [ 209.685851][T14159] netlink: 'syz.4.3384': attribute type 5 has an invalid length. [ 209.688293][T14159] netlink: 'syz.4.3384': attribute type 11 has an invalid length. [ 209.760730][T14167] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 209.783948][T14170] netlink: 164 bytes leftover after parsing attributes in process `syz.1.3380'. [ 209.926045][T14190] all: renamed from bridge_slave_0 (while UP) [ 210.213457][T14223] loop8: detected capacity change from 0 to 79 [ 210.285096][T14223] loop8: detected capacity change from 79 to 78 [ 210.790721][T14264] input: syz0 as /devices/virtual/input/input48 [ 210.880552][T14270] input: syz0 as /devices/virtual/input/input49 [ 211.090583][T14287] netlink: 'syz.4.3431': attribute type 1 has an invalid length. [ 211.110282][T14287] bond2: entered promiscuous mode [ 211.112083][T14287] bond2: entered allmulticast mode [ 211.124387][T14287] bond2: (slave erspan1): making interface the new active one [ 211.128866][T14287] erspan1: entered promiscuous mode [ 211.130624][T14287] erspan1: entered allmulticast mode [ 211.133002][T14287] bond2: (slave erspan1): Enslaving as an active interface with an up link [ 211.351057][T14309] input: syz0 as /devices/virtual/input/input50 [ 211.492289][T14325] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3443'. [ 211.543353][T14333] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3456'. [ 211.670812][T14339] loop6: detected capacity change from 0 to 7 [ 211.675546][T14339] Dev loop6: unable to read RDB block 7 [ 211.677718][T14339] loop6: unable to read partition table [ 211.679670][T14339] loop6: partition table beyond EOD, truncated [ 211.681716][T14339] loop_reread_partitions: partition scan of loop6 (被x) failed (rc=-5) [ 212.348514][T14362] loop7: detected capacity change from 0 to 7 [ 212.436203][T14371] kvm: user requested TSC rate below hardware speed [ 212.440711][T14371] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 212.547562][T14362] Dev loop7: unable to read RDB block 7 [ 212.548707][T14372] support for the xor transformation has been removed. [ 212.549426][T14362] loop7: unable to read partition table [ 212.552327][ C2] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 212.553649][T14362] loop7: partition table beyond EOD, [ 212.557256][ C2] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 212.562096][T14362] truncated [ 212.563670][T14362] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 212.584239][ T40] audit: type=1326 audit(1755010554.073:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14345 comm="syz.4.3457" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7fc00000 [ 212.673780][T14383] overlayfs: failed to set uuid (683/file0, err=-1); falling back to uuid=null. [ 212.676768][T14383] overlayfs: failed to verify upper root origin [ 212.749595][T14392] tls_set_device_offload_rx: netdev not found [ 212.806670][ T80] Bluetooth: (null): Invalid header checksum [ 212.808701][ T80] Bluetooth: (null): Invalid header checksum [ 212.924838][ T1143] Bluetooth: (null): Invalid header checksum [ 212.955359][ T1023] usb 11-1: new high-speed USB device number 11 using dummy_hcd [ 213.034982][ T46] Bluetooth: (null): Invalid header checksum [ 213.106865][T14402] loop6: detected capacity change from 0 to 7 [ 213.109422][T14402] Dev loop6: unable to read RDB block 7 [ 213.111191][T14402] loop6: unable to read partition table [ 213.112872][T14402] loop6: partition table beyond EOD, truncated [ 213.114870][T14402] loop_reread_partitions: partition scan of loop6 (被x) failed (rc=-5) [ 213.118446][ T1023] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 213.121382][ T1023] usb 11-1: config 0 has no interfaces? [ 213.125731][ T1023] usb 11-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 213.128295][ T1023] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.135263][ T1023] usb 11-1: Product: syz [ 213.136501][ T1023] usb 11-1: Manufacturer: syz [ 213.137843][ T1023] usb 11-1: SerialNumber: syz [ 213.141677][ T1023] usb 11-1: config 0 descriptor?? [ 213.155555][ T1057] Bluetooth: (null): Invalid header checksum [ 213.209106][T14415] netlink: 'syz.2.3485': attribute type 1 has an invalid length. [ 213.211622][T14415] netlink: 16074 bytes leftover after parsing attributes in process `syz.2.3485'. [ 213.275761][ T1057] Bluetooth: (null): Invalid header checksum [ 213.312216][T14425] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 213.315715][T14425] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 213.353144][ T1023] usb 11-1: USB disconnect, device number 11 [ 213.893524][T14440] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3505'. [ 213.898932][T14440] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3505'. [ 213.976443][T14447] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 213.979544][T14447] bond_slave_0: left allmulticast mode [ 213.983015][T14447] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 213.989290][T14447] bond_slave_1: left allmulticast mode [ 213.991911][T14447] bond0 (unregistering): Released all slaves [ 214.057827][T14461] overlayfs: failed to set uuid (851/file0, err=-1); falling back to uuid=null. [ 214.061869][T14461] overlayfs: failed to verify upper root origin [ 214.205507][T14478] kvm: user requested TSC rate below hardware speed [ 214.207377][ T1143] Bluetooth: (null): Invalid header checksum [ 214.210450][ T1143] Bluetooth: (null): Invalid header checksum [ 214.215394][T14478] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 214.315107][ T1143] Bluetooth: (null): Invalid header checksum [ 214.334857][ T7083] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 214.364680][ T10] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 214.380216][T14490] loop7: detected capacity change from 0 to 7 [ 214.425848][ T1057] Bluetooth: (null): Invalid header checksum [ 214.488711][ T7083] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 214.503635][ T7083] usb 7-1: config 0 has no interfaces? [ 214.507948][ T7083] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 214.511030][ T7083] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.513809][ T7083] usb 7-1: Product: syz [ 214.515389][ T7083] usb 7-1: Manufacturer: syz [ 214.517077][ T7083] usb 7-1: SerialNumber: syz [ 214.521098][ T7083] usb 7-1: config 0 descriptor?? [ 214.526899][ T10] usb 6-1: config index 0 descriptor too short (expected 45, got 36) [ 214.533957][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 214.537919][ T1057] Bluetooth: (null): Invalid header checksum [ 214.538551][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 214.545180][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 214.550077][ T10] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 214.552961][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.570517][ T10] usb 6-1: config 0 descriptor?? [ 214.575921][T14469] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 214.649025][ T1057] Bluetooth: (null): Invalid header checksum [ 214.656700][T14493] support for the xor transformation has been removed. [ 214.656702][T14490] Dev loop7: unable to read RDB block 7 [ 214.656725][T14490] loop7: unable to read partition table [ 214.660447][ C1] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 214.660952][T14490] loop7: partition table beyond EOD, [ 214.662653][ C1] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 214.665850][T14490] truncated [ 214.671016][T14490] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 214.729205][ T7083] usb 7-1: USB disconnect, device number 22 [ 214.963380][T14502] tls_set_device_offload_rx: netdev not found [ 214.988147][ T10] plantronics 0003:047F:FFFF.0030: reserved main item tag 0xd [ 214.996563][ T10] plantronics 0003:047F:FFFF.0030: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 215.069400][T14509] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.075667][T14509] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 215.081941][T14509] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 215.086339][T14509] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.088863][T14509] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.104965][T14509] bond0 (unregistering): Released all slaves [ 215.246171][ T7083] usb 6-1: USB disconnect, device number 24 [ 215.624722][ T59] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 215.777641][ T59] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 215.781709][ T59] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 215.788333][ T59] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 215.792003][ T59] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.797346][ T59] usb 7-1: config 0 descriptor?? [ 215.808694][T14555] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 215.811697][T14555] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 215.815294][ T59] usb 7-1: can't set config #0, error -71 [ 215.819159][ T59] usb 7-1: USB disconnect, device number 23 [ 216.501331][T14584] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3558'. [ 216.504621][T14584] netlink: 'syz.2.3558': attribute type 1 has an invalid length. [ 216.509645][T14584] netlink: 'syz.2.3558': attribute type 2 has an invalid length. [ 216.513352][T14584] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3558'. [ 216.593140][T14601] netlink: 'syz.4.3566': attribute type 12 has an invalid length. [ 216.596223][T14601] netlink: 'syz.4.3566': attribute type 29 has an invalid length. [ 216.598666][T14601] netlink: 148 bytes leftover after parsing attributes in process `syz.4.3566'. [ 216.601482][T14601] netlink: 59 bytes leftover after parsing attributes in process `syz.4.3566'. [ 217.034739][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 217.038449][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 217.046276][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 217.055320][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 217.060010][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 217.065999][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 217.074999][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 217.249165][T14650] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.3589'. [ 217.592799][T14663] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 217.643170][T14665] wireguard0: entered promiscuous mode [ 217.646324][T14665] wireguard0: entered allmulticast mode [ 218.274053][T14741] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 218.277026][T14741] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 218.424623][ T9890] usb 11-1: new high-speed USB device number 12 using dummy_hcd [ 218.576803][ T9890] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.580350][ T9890] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.583625][ T9890] usb 11-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 218.586534][ T9890] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.590190][ T9890] usb 11-1: config 0 descriptor?? [ 219.006183][ T9890] cm6533_jd 0003:0D8C:0022.0031: unknown main item tag 0x0 [ 219.008770][ T9890] cm6533_jd 0003:0D8C:0022.0031: unknown main item tag 0x0 [ 219.012984][ T9890] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/0003:0D8C:0022.0031/input/input52 [ 219.026449][ T9890] cm6533_jd 0003:0D8C:0022.0031: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.6-1/input0 [ 219.028688][T14758] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3634'. [ 219.213404][ T59] usb 11-1: USB disconnect, device number 12 [ 219.474785][ T61] usb 7-1: new full-speed USB device number 24 using dummy_hcd [ 219.625911][ T61] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 219.630014][ T61] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 219.634111][ T61] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 219.636990][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.806036][T14793] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 219.851994][ T61] usb 7-1: usb_control_msg returned -32 [ 219.853962][ T61] usbtmc 7-1:16.0: can't read capabilities [ 220.777041][ T10] libceph: connect (1)[c::]:6789 error -101 [ 220.779501][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 220.944800][ T1023] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 221.036382][ T6021] libceph: connect (1)[c::]:6789 error -101 [ 221.038363][ T6021] libceph: mon0 (1)[c::]:6789 connect error [ 221.094631][ T1023] usb 6-1: Using ep0 maxpacket: 32 [ 221.097503][ T1023] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.100778][ T1023] usb 6-1: config 0 has no interfaces? [ 221.102544][ T1023] usb 6-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 221.105459][ T1023] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.109084][ T1023] usb 6-1: config 0 descriptor?? [ 221.211105][T14856] wireguard0: entered promiscuous mode [ 221.212929][T14856] wireguard0: entered allmulticast mode [ 221.316775][ T9890] usb 6-1: USB disconnect, device number 25 [ 221.545235][ T6021] libceph: connect (1)[c::]:6789 error -101 [ 221.547774][ T6021] libceph: mon0 (1)[c::]:6789 connect error [ 221.599938][T14846] ceph: No mds server is up or the cluster is laggy [ 222.234054][ T10] usb 7-1: USB disconnect, device number 24 [ 222.286971][T14885] input input53: cannot allocate more than FF_MAX_EFFECTS effects [ 222.676937][ T61] Process accounting resumed [ 222.830060][ T40] audit: type=1326 audit(1755010564.323:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.1.3703" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 222.836773][ T40] audit: type=1326 audit(1755010564.323:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.1.3703" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 222.843327][ T40] audit: type=1326 audit(1755010564.323:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.1.3703" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 222.849999][ T40] audit: type=1326 audit(1755010564.323:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.1.3703" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 222.856645][ T40] audit: type=1326 audit(1755010564.323:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.1.3703" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 222.863282][ T40] audit: type=1326 audit(1755010564.323:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.1.3703" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 222.870004][ T40] audit: type=1326 audit(1755010564.323:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.1.3703" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 222.876589][ T40] audit: type=1326 audit(1755010564.323:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.1.3703" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 222.883259][ T40] audit: type=1326 audit(1755010564.323:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.1.3703" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 222.889859][ T40] audit: type=1326 audit(1755010564.323:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.1.3703" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc3598 code=0x7ffc0000 [ 222.892586][T14917] netlink: 'syz.1.3706': attribute type 12 has an invalid length. [ 222.899289][T14917] netlink: 'syz.1.3706': attribute type 29 has an invalid length. [ 222.901784][T14917] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3706'. [ 223.043824][ T61] Process accounting resumed [ 223.455781][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 223.545406][T14963] wireguard0: entered promiscuous mode [ 223.547664][T14963] wireguard0: entered allmulticast mode [ 223.734660][ T1023] usb 11-1: new high-speed USB device number 13 using dummy_hcd [ 223.750404][T14969] binder: 14968:14969 ioctl c0306201 80000640 returned -22 [ 223.820841][T14973] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.823360][T14973] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.825659][T14973] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.884665][ T1023] usb 11-1: Using ep0 maxpacket: 8 [ 223.887563][ T1023] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 223.890999][ T1023] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 223.893790][ T1023] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.897676][ T1023] usb 11-1: config 0 descriptor?? [ 224.106927][ T1023] iowarrior 11-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 224.509329][T14959] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.513100][T14959] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.518538][ T61] usb 11-1: USB disconnect, device number 13 [ 225.050873][T15022] wireguard0: entered promiscuous mode [ 225.052839][T15022] wireguard0: entered allmulticast mode [ 225.216097][T15035] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.284599][ T53] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 225.444696][ T53] usb 6-1: Using ep0 maxpacket: 8 [ 225.448467][ T53] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 225.452050][ T53] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 225.455444][ T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.459000][ T53] usb 6-1: config 0 descriptor?? [ 225.666630][ T53] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 226.070111][T15025] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 226.073001][T15025] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 226.077635][ T9890] usb 6-1: USB disconnect, device number 26 [ 226.716899][T15092] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 226.917367][ T5979] block nbd6: Receive control failed (result -32) [ 226.940965][T15103] block nbd6: shutting down sockets [ 227.130639][T15121] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 227.218932][T15124] block device autoloading is deprecated and will be removed. [ 227.518955][T15149] binder: 15148:15149 ioctl c0306201 80000380 returned -14 [ 227.614805][T15155] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 228.884102][T15198] netlink: 'syz.2.3828': attribute type 11 has an invalid length. [ 229.151898][ T40] kauditd_printk_skb: 178 callbacks suppressed [ 229.151933][ T40] audit: type=1326 audit(1755010570.643:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15175 comm="syz.6.3818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000 [ 229.160823][ T40] audit: type=1326 audit(1755010570.643:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15175 comm="syz.6.3818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000 [ 229.168515][ T40] audit: type=1326 audit(1755010570.643:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15175 comm="syz.6.3818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000 [ 229.176845][ T40] audit: type=1326 audit(1755010570.643:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15175 comm="syz.6.3818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000 [ 229.187588][ T40] audit: type=1326 audit(1755010570.643:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15175 comm="syz.6.3818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000 [ 229.195238][ T40] audit: type=1326 audit(1755010570.643:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15175 comm="syz.6.3818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000 [ 229.203895][ T40] audit: type=1326 audit(1755010570.643:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15175 comm="syz.6.3818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000 [ 229.211150][ T40] audit: type=1326 audit(1755010570.643:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15175 comm="syz.6.3818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000 [ 229.231032][ T40] audit: type=1326 audit(1755010570.643:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15175 comm="syz.6.3818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000 [ 229.244653][ T40] audit: type=1326 audit(1755010570.643:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15175 comm="syz.6.3818" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000 [ 229.265757][T15217] pim6reg1: entered promiscuous mode [ 229.267654][T15217] pim6reg1: entered allmulticast mode [ 229.312402][T15223] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.314969][T15223] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.379559][T15223] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.392007][T15223] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.466599][T15223] batman_adv: batadv0: Interface deactivated: macvlan2 [ 229.474132][ T95] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 229.477147][ T95] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.480183][ T95] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 229.482909][ T95] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.487983][ T95] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 229.490673][ T95] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.493413][ T95] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 229.497416][ T95] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.564905][T15279] netlink: 'syz.6.3863': attribute type 1 has an invalid length. [ 231.808667][T15351] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.811305][T15351] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.864436][T15351] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 231.870975][T15351] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 231.935357][ T46] netdevsim netdevsim6 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 231.938139][ T46] netdevsim netdevsim6 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.941069][ T46] netdevsim netdevsim6 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 231.943826][ T46] netdevsim netdevsim6 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.948676][ T46] netdevsim netdevsim6 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 231.951644][ T46] netdevsim netdevsim6 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.954720][ T13] netdevsim netdevsim6 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 231.957418][ T13] netdevsim netdevsim6 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.218236][T15365] netlink: 'syz.6.3902': attribute type 10 has an invalid length. [ 232.220858][T15365] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3902'. [ 232.306160][T15374] netlink: 'syz.2.3906': attribute type 1 has an invalid length. [ 232.664454][T15411] binder: 15410:15411 ioctl c0306201 800001c0 returned -22 [ 232.964695][ T1023] usb 9-1: new high-speed USB device number 24 using dummy_hcd [ 233.114656][ T1023] usb 9-1: Using ep0 maxpacket: 32 [ 233.117583][ T1023] usb 9-1: config index 0 descriptor too short (expected 156, got 27) [ 233.120145][ T1023] usb 9-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 233.123546][ T1023] usb 9-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 233.127208][ T1023] usb 9-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 233.131251][ T1023] usb 9-1: config 0 interface 0 has no altsetting 0 [ 233.135267][ T1023] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 233.138090][ T1023] usb 9-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 233.140708][ T1023] usb 9-1: Product: syz [ 233.142045][ T1023] usb 9-1: Manufacturer: syz [ 233.143503][ T1023] usb 9-1: SerialNumber: syz [ 233.146207][ T1023] usb 9-1: config 0 descriptor?? [ 233.149058][ T1023] ldusb 9-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 233.154074][ T1023] ldusb 9-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 233.219452][T15440] input: syz1 as /devices/virtual/input/input54 [ 233.366552][T15450] batman_adv: batadv0: Adding interface: macsec1 [ 233.368650][T15450] batman_adv: batadv0: Interface activated: macsec1 [ 233.392697][ T61] usb 9-1: USB disconnect, device number 24 [ 233.397340][ T61] ldusb 9-1:0.0: LD USB Device #0 now disconnected [ 233.740615][T15461] veth0_to_bridge: left allmulticast mode [ 233.742547][T15461] veth0_to_bridge: left promiscuous mode [ 233.745627][T15461] bridge0: port 3(veth0_to_bridge) entered disabled state [ 233.751053][T15461] bridge_slave_0: left allmulticast mode [ 233.752884][T15461] bridge_slave_0: left promiscuous mode [ 233.755408][T15461] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.759881][T15461] bridge_slave_1: left allmulticast mode [ 233.761935][T15461] bridge_slave_1: left promiscuous mode [ 233.763792][T15461] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.770617][T15461] bond0: (slave bond_slave_0): Releasing backup interface [ 233.773236][T15461] bond_slave_0: left promiscuous mode [ 233.775604][T15461] bond_slave_0: left allmulticast mode [ 233.779650][T15461] bond0: (slave bond_slave_1): Releasing backup interface [ 233.783558][T15461] bond_slave_1: left promiscuous mode [ 233.786357][T15461] bond_slave_1: left allmulticast mode [ 233.791140][T15461] team0: Port device team_slave_0 removed [ 233.797113][T15461] team0: Port device team_slave_1 removed [ 233.799670][T15461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 233.802232][T15461] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 234.033442][T15473] ceph: No mds server is up or the cluster is laggy [ 234.273122][T15504] bridge0: entered promiscuous mode [ 234.277012][T15504] batman_adv: batadv0: Adding interface: macsec1 [ 234.279174][T15504] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.290323][T15504] batman_adv: batadv0: Interface activated: macsec1 [ 234.313534][ T40] kauditd_printk_skb: 69 callbacks suppressed [ 234.313545][ T40] audit: type=1326 audit(1755010575.803:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15507 comm="syz.4.3964" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 234.324136][ T40] audit: type=1326 audit(1755010575.803:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15507 comm="syz.4.3964" exe="/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 234.332396][ T40] audit: type=1326 audit(1755010575.813:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15507 comm="syz.4.3964" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 234.339754][ T40] audit: type=1326 audit(1755010575.813:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15507 comm="syz.4.3964" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 234.346421][ T40] audit: type=1326 audit(1755010575.813:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15507 comm="syz.4.3964" exe="/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 234.353007][ T40] audit: type=1326 audit(1755010575.813:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15507 comm="syz.4.3964" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 234.360161][ T40] audit: type=1326 audit(1755010575.813:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15507 comm="syz.4.3964" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 234.368396][ T40] audit: type=1326 audit(1755010575.813:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15507 comm="syz.4.3964" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 234.375163][ T40] audit: type=1326 audit(1755010575.813:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15507 comm="syz.4.3964" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 234.381769][ T40] audit: type=1326 audit(1755010575.813:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15507 comm="syz.4.3964" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8579 code=0x7ffc0000 [ 234.434756][ T61] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 236.562176][T15594] syzkaller1: entered promiscuous mode [ 236.563935][T15594] syzkaller1: entered allmulticast mode [ 236.844000][T15626] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4016'. [ 236.852543][T15626] pim6reg: entered allmulticast mode [ 236.855690][T15626] pim6reg: left allmulticast mode [ 236.982574][T15635] syzkaller1: entered promiscuous mode [ 236.984452][T15635] syzkaller1: entered allmulticast mode [ 237.180929][T15652] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4026'. [ 237.552246][T15681] Invalid ELF header magic: != ELF [ 237.762474][T15706] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4050'. [ 237.822949][T15708] evm: overlay not supported [ 240.572111][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 240.572124][ T40] audit: type=1326 audit(1755010582.063:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15741 comm="syz.2.4063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 240.582200][ T40] audit: type=1326 audit(1755010582.063:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15741 comm="syz.2.4063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 240.589348][ T40] audit: type=1326 audit(1755010582.063:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15741 comm="syz.2.4063" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 240.595916][ T40] audit: type=1326 audit(1755010582.063:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15741 comm="syz.2.4063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 240.602485][ T40] audit: type=1326 audit(1755010582.063:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15741 comm="syz.2.4063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 240.609142][ T40] audit: type=1326 audit(1755010582.063:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15741 comm="syz.2.4063" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 240.616003][ T40] audit: type=1326 audit(1755010582.063:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15741 comm="syz.2.4063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 240.622457][ T40] audit: type=1326 audit(1755010582.063:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15741 comm="syz.2.4063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 240.629197][ T40] audit: type=1326 audit(1755010582.063:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15741 comm="syz.2.4063" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 240.635629][ T40] audit: type=1326 audit(1755010582.063:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15741 comm="syz.2.4063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 240.983600][T15769] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.4079'. [ 241.454367][T15794] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.4091'. [ 241.764675][ T29] usb 9-1: new high-speed USB device number 25 using dummy_hcd [ 241.917037][ T29] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 241.920891][ T29] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 241.924160][ T29] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 241.927542][ T29] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.931858][T15800] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 241.936238][ T29] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 241.944621][ T6021] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 242.096453][ T6021] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 242.099892][ T6021] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 242.102842][ T6021] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 242.106782][ T6021] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 242.109567][ T6021] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.113464][ T6021] usb 6-1: config 0 descriptor?? [ 242.140394][ T61] usb 9-1: USB disconnect, device number 25 [ 242.520288][ T6021] plantronics 0003:047F:FFFF.0032: unknown main item tag 0x0 [ 242.522747][ T6021] plantronics 0003:047F:FFFF.0032: unknown main item tag 0x0 [ 242.525182][ T6021] plantronics 0003:047F:FFFF.0032: unknown main item tag 0x0 [ 242.527519][ T6021] plantronics 0003:047F:FFFF.0032: unknown main item tag 0x0 [ 242.529821][ T6021] plantronics 0003:047F:FFFF.0032: unknown main item tag 0x0 [ 242.532139][ T6021] plantronics 0003:047F:FFFF.0032: unknown main item tag 0x0 [ 242.534494][ T6021] plantronics 0003:047F:FFFF.0032: unknown main item tag 0x0 [ 242.536972][ T6021] plantronics 0003:047F:FFFF.0032: unknown main item tag 0x0 [ 242.539219][ T6021] plantronics 0003:047F:FFFF.0032: unknown main item tag 0x0 [ 242.541447][ T6021] plantronics 0003:047F:FFFF.0032: unknown main item tag 0x0 [ 242.545952][ T6021] plantronics 0003:047F:FFFF.0032: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 242.578070][T15822] overlayfs: statfs failed on './file0' [ 242.776296][ T59] usb 6-1: USB disconnect, device number 27 [ 243.379132][T15868] binder: 15867:15868 ioctl c0306201 0 returned -14 [ 243.382272][T15868] binder: 15867:15868 ioctl 8912 80000200 returned -22 [ 243.410046][T15872] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4127'. [ 243.921544][T15887] netlink: 'syz.4.4134': attribute type 5 has an invalid length. [ 245.187947][T15939] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 245.509105][T15962] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 245.609666][T15979] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4171'. [ 245.613304][T15979] bridge_slave_1: left allmulticast mode [ 245.615401][T15979] bridge_slave_1: left promiscuous mode [ 245.617467][T15979] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.622100][T15979] bridge_slave_0: left allmulticast mode [ 245.624160][T15979] bridge_slave_0: left promiscuous mode [ 245.626599][T15979] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.662672][T15979] batman_adv: batadv0: Interface deactivated: macsec1 [ 245.676986][T15979] batman_adv: batadv0: Removing interface: macsec1 [ 245.687213][T15989] kvm: kvm [15988]: vcpu0, guest rIP: 0xeeee8000 Unhandled WRMSR(0x40000006) = 0x0 [ 246.038647][T16023] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4189'. [ 246.451957][T15982] ceph: No mds server is up or the cluster is laggy [ 246.497261][T16050] "syz.4.4201" (16050) uses obsolete ecb(arc4) skcipher [ 246.704880][ T61] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 246.739257][T16068] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4209'. [ 246.740590][T16069] input: syz1 as /devices/virtual/input/input55 [ 246.748463][T16068] pim6reg: entered allmulticast mode [ 246.755144][T16068] pim6reg: left allmulticast mode [ 246.831534][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 246.831547][ T40] audit: type=1326 audit(1755010588.323:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16075 comm="syz.1.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 246.840398][ T40] audit: type=1326 audit(1755010588.323:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16075 comm="syz.1.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 246.847144][ T40] audit: type=1326 audit(1755010588.323:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16075 comm="syz.1.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 246.853833][ T40] audit: type=1326 audit(1755010588.323:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16075 comm="syz.1.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 246.860773][ T40] audit: type=1326 audit(1755010588.323:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16075 comm="syz.1.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 246.867593][ T40] audit: type=1326 audit(1755010588.323:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16075 comm="syz.1.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 246.874137][ T40] audit: type=1326 audit(1755010588.323:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16075 comm="syz.1.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 246.882347][ T40] audit: type=1326 audit(1755010588.323:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16075 comm="syz.1.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 246.891035][ T40] audit: type=1326 audit(1755010588.333:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16075 comm="syz.1.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 246.899632][ T40] audit: type=1326 audit(1755010588.333:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16075 comm="syz.1.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 247.904706][ T61] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 247.959848][T16094] input: syz1 as /devices/virtual/input/input56 [ 248.686598][T16098] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4222'. [ 248.692999][T16098] pim6reg: entered allmulticast mode [ 248.699652][T16098] pim6reg: left allmulticast mode [ 249.745053][ T61] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 249.781570][T16129] netlink: 'syz.2.4231': attribute type 5 has an invalid length. [ 250.954849][ T61] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 251.052287][T16159] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 252.003978][T16182] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4257'. [ 252.058772][T16192] input: syz1 as /devices/virtual/input/input57 [ 252.349103][T16226] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4276'. [ 252.437912][T16234] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4280'. [ 252.463091][T16234] batman_adv: batadv0: Interface deactivated: macsec1 [ 252.476093][T16234] batman_adv: batadv0: Removing interface: macsec1 [ 252.632640][ T7083] libceph: connect (1)[c::]:6789 error -101 [ 252.634853][ T7083] libceph: mon0 (1)[c::]:6789 connect error [ 252.673815][T16251] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4286'. [ 252.895954][ T7083] libceph: connect (1)[c::]:6789 error -101 [ 252.898155][ T7083] libceph: mon0 (1)[c::]:6789 connect error [ 253.405470][ T7083] libceph: connect (1)[c::]:6789 error -101 [ 253.407872][ T7083] libceph: mon0 (1)[c::]:6789 connect error [ 253.461966][T16246] ceph: No mds server is up or the cluster is laggy [ 253.799046][T16286] serio: Serial port ptm0 [ 254.140034][T16294] tipc: Started in network mode [ 254.141660][T16294] tipc: Node identity 080211000001, cluster identity 4711 [ 254.144049][T16294] tipc: Enabled bearer , priority 0 [ 254.186814][T16306] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4307'. [ 254.265323][T16306] team0: Port device team_slave_0 removed [ 254.371718][T16315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4310'. [ 254.770605][T16338] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4320'. [ 254.789879][T16340] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4318'. [ 254.889170][T16340] team0: Port device team_slave_0 removed [ 254.978539][T16344] netlink: 48 bytes leftover after parsing attributes in process `syz.6.4322'. [ 255.008292][T16302] ceph: No mds server is up or the cluster is laggy [ 255.236903][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.239058][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.248523][T16365] tipc: Enabled bearer , priority 0 [ 255.271545][ T61] tipc: Node number set to 134418688 [ 255.297114][T16365] tipc: Disabling bearer [ 255.471720][T16373] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4332'. [ 255.623666][T16373] team0: Port device team_slave_0 removed [ 256.008339][ T29] libceph: connect (1)[c::]:6789 error -101 [ 256.010817][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 256.090013][T16394] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 256.284802][ T29] libceph: connect (1)[c::]:6789 error -101 [ 256.286802][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 256.476705][T16410] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4346'. [ 256.490483][T16410] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4346'. [ 256.794753][ T29] libceph: connect (1)[c::]:6789 error -101 [ 256.797133][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 256.837357][T16383] ceph: No mds server is up or the cluster is laggy [ 257.354765][ T7083] usb 9-1: new full-speed USB device number 26 using dummy_hcd [ 257.518369][ T7083] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 257.521458][ T7083] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 257.536426][ T7083] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 257.539271][ T7083] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.757636][ T7083] usb 9-1: usb_control_msg returned -32 [ 257.759440][ T7083] usbtmc 9-1:16.0: can't read capabilities [ 257.828873][T16419] syz.4.4348 (16419) used greatest stack depth: 19832 bytes left [ 258.550601][T16499] input: syz1 as /devices/virtual/input/input58 [ 259.305325][ C2] vcan0: j1939_tp_rxtimer: 0xffff888023804400: rx timeout, send abort [ 259.307961][ C2] vcan0: j1939_tp_rxtimer: 0xffff888023806400: rx timeout, send abort [ 259.310600][ C2] vcan0: j1939_xtp_rx_abort_one: 0xffff888023804400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 259.315892][ C2] vcan0: j1939_xtp_rx_abort_one: 0xffff888023806400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 259.554756][T16510] input: syz1 as /devices/virtual/input/input59 [ 259.643479][T16525] input: syz0 as /devices/virtual/input/input60 [ 259.804173][T16551] input: syz0 as /devices/virtual/input/input61 [ 260.121323][ T53] usb 9-1: USB disconnect, device number 26 [ 260.856486][T16601] netlink: 104 bytes leftover after parsing attributes in process `syz.6.4426'. [ 260.896240][T16607] syzkaller1: entered promiscuous mode [ 260.898404][T16607] syzkaller1: entered allmulticast mode [ 261.117953][T16623] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4437'. [ 261.169479][T16630] input: syz1 as /devices/virtual/input/input62 [ 261.416909][T16652] syzkaller1: entered promiscuous mode [ 261.418678][T16652] syzkaller1: entered allmulticast mode [ 261.634678][ T53] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 261.784723][ T53] usb 7-1: Using ep0 maxpacket: 32 [ 261.788096][ T53] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 261.791391][ T53] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 261.797375][ T53] usb 7-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 261.800305][ T53] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.802896][ T53] usb 7-1: Product: syz [ 261.804269][ T53] usb 7-1: Manufacturer: syz [ 261.805866][ T53] usb 7-1: SerialNumber: syz [ 261.808839][ T53] usb 7-1: config 0 descriptor?? [ 261.812777][ T53] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 261.821906][ T53] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 261.922644][T16658] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.4450'. [ 262.014011][ T53] usb 7-1: USB disconnect, device number 25 [ 262.346333][T16684] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4464'. [ 262.350818][T16684] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4464'. [ 262.812176][T16712] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4484'. [ 262.816392][T16712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4484'. [ 263.241342][T16734] syz.1.4485: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 263.248893][T16734] CPU: 3 UID: 0 PID: 16734 Comm: syz.1.4485 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) [ 263.248923][T16734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 263.248933][T16734] Call Trace: [ 263.248939][T16734] [ 263.248947][T16734] dump_stack_lvl+0x16c/0x1f0 [ 263.248987][T16734] warn_alloc+0x248/0x3a0 [ 263.249016][T16734] ? __pfx_warn_alloc+0x10/0x10 [ 263.249040][T16734] ? __pfx_stack_trace_save+0x10/0x10 [ 263.249068][T16734] ? kasan_save_stack+0x42/0x60 [ 263.249086][T16734] ? kasan_save_stack+0x33/0x60 [ 263.249104][T16734] ? kasan_save_track+0x14/0x30 [ 263.249123][T16734] ? xskq_create+0x52/0x1d0 [ 263.249139][T16734] ? xsk_setsockopt+0x792/0x9a0 [ 263.249154][T16734] ? do_sock_setsockopt+0xf3/0x1d0 [ 263.249182][T16734] ? xskq_create+0xfb/0x1d0 [ 263.249201][T16734] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 263.249239][T16734] ? xskq_create+0xfb/0x1d0 [ 263.249264][T16734] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 263.249299][T16734] ? xskq_create+0xfb/0x1d0 [ 263.249315][T16734] vmalloc_user_noprof+0x9e/0xe0 [ 263.249331][T16734] ? xskq_create+0xfb/0x1d0 [ 263.249347][T16734] xskq_create+0xfb/0x1d0 [ 263.249367][T16734] xsk_setsockopt+0x792/0x9a0 [ 263.249408][T16734] ? __pfx_xsk_setsockopt+0x10/0x10 [ 263.249426][T16734] ? find_held_lock+0x2b/0x80 [ 263.249451][T16734] ? aa_sock_opt_perm+0xfd/0x1c0 [ 263.249482][T16734] ? __pfx_xsk_setsockopt+0x10/0x10 [ 263.249501][T16734] do_sock_setsockopt+0xf3/0x1d0 [ 263.249554][T16734] __sys_setsockopt+0x120/0x1a0 [ 263.249582][T16734] __ia32_sys_setsockopt+0xbc/0x160 [ 263.249603][T16734] ? lockdep_hardirqs_on+0x7c/0x110 [ 263.249625][T16734] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 263.249649][T16734] __do_fast_syscall_32+0x7c/0x3a0 [ 263.249675][T16734] do_fast_syscall_32+0x32/0x80 [ 263.249699][T16734] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 263.249721][T16734] RIP: 0023:0xf7fc3579 [ 263.249737][T16734] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 263.249753][T16734] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 263.249770][T16734] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b [ 263.249780][T16734] RDX: 0000000000000002 RSI: 0000000080000900 RDI: 0000000000000004 [ 263.249790][T16734] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 263.249799][T16734] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 263.249810][T16734] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 263.249835][T16734] [ 263.249859][T16734] Mem-Info: [ 263.351176][T16734] active_anon:20732 inactive_anon:19651 isolated_anon:0 [ 263.351176][T16734] active_file:6239 inactive_file:12783 isolated_file:0 [ 263.351176][T16734] unevictable:1768 dirty:278 writeback:0 [ 263.351176][T16734] slab_reclaimable:6851 slab_unreclaimable:56438 [ 263.351176][T16734] mapped:24657 shmem:40537 pagetables:1412 [ 263.351176][T16734] sec_pagetables:324 bounce:0 [ 263.351176][T16734] kernel_misc_reclaimable:0 [ 263.351176][T16734] free:17247 free_pcp:6176 free_cma:0 [ 263.366718][T16734] Node 0 active_anon:28kB inactive_anon:4884kB active_file:4kB inactive_file:420kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:1160kB dirty:0kB writeback:0kB shmem:8416kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7724kB pagetables:1184kB sec_pagetables:1172kB all_unreclaimable? yes Balloon:0kB [ 263.376996][T16734] Node 1 active_anon:82888kB inactive_anon:73568kB active_file:18952kB inactive_file:50600kB unevictable:3536kB isolated(anon):0kB isolated(file):6144kB mapped:95384kB dirty:1124kB writeback:0kB shmem:153836kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5292kB pagetables:4168kB sec_pagetables:124kB all_unreclaimable? no Balloon:0kB [ 263.388262][T16734] Node 0 DMA free:1876kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:180kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:416kB local_pcp:24kB free_cma:0kB [ 263.400148][T16734] lowmem_reserve[]: 0 288 288 288 288 [ 263.402271][T16734] Node 0 DMA32 free:16312kB boost:0kB min:13220kB low:16524kB high:19828kB reserved_highatomic:4096KB free_highatomic:3168KB active_anon:32kB inactive_anon:4700kB active_file:0kB inactive_file:424kB unevictable:3536kB writepending:0kB present:1032196kB managed:295164kB mlocked:0kB bounce:0kB free_pcp:12820kB local_pcp:3536kB free_cma:0kB [ 263.414905][T16734] lowmem_reserve[]: 0 0 0 0 0 [ 263.417138][T16734] Node 1 DMA32 free:71640kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:8192KB free_highatomic:1844KB active_anon:82788kB inactive_anon:73568kB active_file:12856kB inactive_file:50600kB unevictable:3536kB writepending:1124kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:3188kB local_pcp:660kB free_cma:0kB [ 263.430113][T16734] lowmem_reserve[]: 0 0 0 0 0 [ 263.432144][T16734] Node 0 DMA: 1*4kB (U) 10*8kB (U) 8*16kB (UM) 2*32kB (UM) 1*64kB (U) 0*128kB 0*256kB 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 1876kB [ 263.437034][T16734] Node 0 DMA32: 62*4kB (UMEH) 42*8kB (UMEH) 39*16kB (UMEH) 94*32kB (UMEH) 61*64kB (UMEH) 28*128kB (UMEH) 12*256kB (UMEH) 3*512kB (MH) 0*1024kB 0*2048kB 0*4096kB = 16312kB [ 263.443089][T16734] Node 1 DMA32: 312*4kB (UMEH) 428*8kB (UMEH) 263*16kB (UMEH) 192*32kB (UMEH) 191*64kB (UMEH) 70*128kB (UMEH) 34*256kB (UME) 2*512kB (U) 1*1024kB (M) 8*2048kB (UM) 2*4096kB (U) = 71536kB [ 263.449083][T16734] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 263.452179][T16734] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 263.456440][T16734] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 263.460147][T16734] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 263.463756][T16734] 56962 total pagecache pages [ 263.465840][T16734] 474 pages in swap cache [ 263.467539][T16734] Free swap = 88232kB [ 263.469186][T16734] Total swap = 124996kB [ 263.470892][T16734] 524155 pages RAM [ 263.472370][T16734] 0 pages HighMem/MovableOnly [ 263.474265][T16734] 209469 pages reserved [ 263.476077][T16734] 0 pages cma reserved [ 263.824660][ T53] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 263.845742][ T40] kauditd_printk_skb: 6 callbacks suppressed [ 263.845756][ T40] audit: type=1326 audit(1755010605.343:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16728 comm="syz.6.4483" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000 [ 263.995214][ T53] usb 6-1: Using ep0 maxpacket: 8 [ 263.998810][ T53] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 264.001365][ T53] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 264.004491][ T53] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 264.007540][ T53] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 264.010659][ T53] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 264.015447][ T53] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 264.018642][ T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.226572][ T53] usb 6-1: GET_CAPABILITIES returned 0 [ 264.228325][ T53] usbtmc 6-1:16.0: can't read capabilities [ 264.430595][ T6021] usb 6-1: USB disconnect, device number 28 [ 266.075279][ T1023] usb 9-1: new high-speed USB device number 27 using dummy_hcd [ 266.227409][ T1023] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 266.230838][ T1023] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 266.235158][ T1023] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 266.238132][ T1023] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.242794][T16787] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 266.246612][ T1023] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 266.456201][ T1023] usb 9-1: USB disconnect, device number 27 [ 266.963865][T16806] batadv_slave_1: entered promiscuous mode [ 266.967292][T16806] batadv_slave_1: left promiscuous mode [ 267.082218][T16820] netlink: 64 bytes leftover after parsing attributes in process `syz.6.4524'. [ 267.092854][T16820] netlink: 64 bytes leftover after parsing attributes in process `syz.6.4524'. [ 267.285274][ T40] audit: type=1326 audit(1755010608.783:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16837 comm="syz.4.4531" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa8579 code=0x0 [ 268.937321][ T40] audit: type=1326 audit(1755010610.433:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16854 comm="syz.1.4538" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7fc00000 [ 269.185850][ T7083] libceph: connect (1)[c::]:6789 error -101 [ 269.187837][ T7083] libceph: mon0 (1)[c::]:6789 connect error [ 269.237088][ T53] libceph: connect (1)[c::]:6789 error -101 [ 269.238859][ T53] libceph: mon0 (1)[c::]:6789 connect error [ 269.444802][ T7083] libceph: connect (1)[c::]:6789 error -101 [ 269.446788][ T7083] libceph: mon0 (1)[c::]:6789 connect error [ 269.463938][T16902] batadv_slave_1: entered promiscuous mode [ 269.467706][T16902] batadv_slave_1: left promiscuous mode [ 269.506810][ T53] libceph: connect (1)[c::]:6789 error -101 [ 269.509138][ T53] libceph: mon0 (1)[c::]:6789 connect error [ 269.925751][T16925] syz_tun: entered allmulticast mode [ 269.928804][T16924] syz_tun: left allmulticast mode [ 269.964893][ T7083] libceph: connect (1)[c::]:6789 error -101 [ 269.967135][ T7083] libceph: mon0 (1)[c::]:6789 connect error [ 270.013813][T16891] ceph: No mds server is up or the cluster is laggy [ 270.014908][T16894] ceph: No mds server is up or the cluster is laggy [ 270.028325][ T9890] libceph: connect (1)[c::]:6789 error -101 [ 270.030434][ T9890] libceph: mon0 (1)[c::]:6789 connect error [ 270.265424][T16957] Bluetooth: hci0: too big key_count value 34945 [ 270.504192][T16982] Bluetooth: hci0: too big key_count value 34945 [ 270.585745][T16988] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4591'. [ 270.605628][T16988] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.628363][T16988] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.630778][T16988] bond0: (slave vxcan1): The slave device specified does not support setting the MAC address [ 270.635734][T16988] bond0: (slave vxcan1): Error -95 calling set_mac_address [ 270.840769][T17015] Bluetooth: hci0: invalid len left 7, exp >= 195 [ 271.004678][ T6021] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 271.154773][ T6021] usb 6-1: Using ep0 maxpacket: 32 [ 271.157985][ T6021] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 271.160628][ T6021] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 271.163521][ T6021] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 271.167721][ T6021] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 271.170768][ T6021] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 271.174061][ T6021] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 271.178266][ T6021] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 271.181351][ T6021] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.185124][ T6021] usb 6-1: config 0 descriptor?? [ 271.390948][ T6021] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 29 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 271.395967][ T6021] usb 6-1: USB disconnect, device number 29 [ 271.399607][ T6021] usblp0: removed [ 271.824696][ T1023] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 271.974628][ T1023] usb 6-1: Using ep0 maxpacket: 32 [ 271.981163][ T1023] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 271.986831][ T1023] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 271.990090][ T1023] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 271.993094][ T1023] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 271.997166][ T1023] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 272.001216][ T1023] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 272.006626][ T1023] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 272.011105][ T1023] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.017670][ T1023] usb 6-1: config 0 descriptor?? [ 272.199027][T17065] Bluetooth: hci0: invalid len left 7, exp >= 195 [ 272.427425][ T1023] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 30 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 272.429004][ T1023] usb 6-1: USB disconnect, device number 30 [ 272.430432][ T1023] usblp0: removed [ 272.548275][T17089] 9pnet: p9_errstr2errno: server reported unknown error pA;KZ44/@qk [ 272.949406][T17108] input: syz0 as /devices/virtual/input/input64 [ 272.971078][T17110] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4644'. [ 273.466323][T17158] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4663'. [ 273.856105][T17194] netlink: 'syz.2.4680': attribute type 1 has an invalid length. [ 273.858706][T17194] netlink: 'syz.2.4680': attribute type 4 has an invalid length. [ 273.861224][T17194] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.4680'. [ 274.102896][ T40] audit: type=1326 audit(1755010615.593:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17207 comm="syz.6.4687" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fe5579 code=0x0 [ 274.154679][ T1023] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 274.326842][ T1023] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 274.330311][ T1023] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 274.333351][ T1023] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 274.336223][ T1023] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.340405][T17198] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 274.344239][ T1023] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 274.519668][T17219] macsec1: entered promiscuous mode [ 274.521383][T17219] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 274.523664][T17219] macsec1: entered allmulticast mode [ 274.525558][T17219] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 274.548389][ T53] usb 7-1: USB disconnect, device number 26 [ 274.814733][ T7083] usb 6-1: new full-speed USB device number 31 using dummy_hcd [ 274.834659][ T1023] usb 9-1: new high-speed USB device number 28 using dummy_hcd [ 274.976462][ T7083] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 274.980359][ T7083] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.983698][ T7083] usb 6-1: config 0 interface 0 has no altsetting 0 [ 274.986079][ T7083] usb 6-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 274.988836][ T7083] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.992601][ T7083] usb 6-1: config 0 descriptor?? [ 274.994711][ T1023] usb 9-1: Using ep0 maxpacket: 32 [ 274.997666][ T1023] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 275.002859][ T1023] usb 9-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 275.006418][ T1023] usb 9-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 275.009097][ T1023] usb 9-1: Product: syz [ 275.010519][ T1023] usb 9-1: Manufacturer: syz [ 275.012040][ T1023] usb 9-1: SerialNumber: syz [ 275.014949][ T1023] usb 9-1: config 0 descriptor?? [ 275.017078][T17225] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 275.227978][ T59] usb 9-1: USB disconnect, device number 28 [ 275.401082][ T7083] hid_parser_main: 5 callbacks suppressed [ 275.401095][ T7083] hid-steam 0003:28DE:1102.0033: unknown main item tag 0x0 [ 275.405375][ T7083] hid-steam 0003:28DE:1102.0033: unknown main item tag 0x0 [ 275.408075][ T7083] hid-steam 0003:28DE:1102.0033: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.1-1/input0 [ 275.475060][ T7083] hid-steam 0003:28DE:1102.0033: Steam Controller 'XXXXXXXXXX' connected [ 275.479048][ T7083] input: Steam Controller as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:28DE:1102.0033/input/input65 [ 275.488235][ T7083] hid-steam 0003:28DE:1102.0034: unknown main item tag 0x0 [ 275.490864][ T7083] hid-steam 0003:28DE:1102.0034: unknown main item tag 0x0 [ 275.496892][ T7083] hid-steam 0003:28DE:1102.0034: hidraw1: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.1-1/input0 [ 275.609854][ T1023] usb 6-1: USB disconnect, device number 31 [ 275.632030][ T1023] hid-steam 0003:28DE:1102.0033: Steam Controller 'XXXXXXXXXX' disconnected [ 276.153777][T17260] fuse: Bad value for 'fd' [ 276.190043][T17265] overlayfs: failed to clone lowerpath [ 276.334753][ T1057] wlan1: Trigger new scan to find an IBSS to join [ 276.660337][T17335] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 276.736507][T17350] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4749'. [ 276.960147][T17365] netlink: 51 bytes leftover after parsing attributes in process `syz.4.4755'. [ 277.104807][T17371] ALSA: seq fatal error: cannot create timer (-16) [ 277.387507][T17406] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 277.390837][T17406] batadv_slave_0: entered promiscuous mode [ 277.423260][ T40] audit: type=1326 audit(1755010618.913:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17407 comm="syz.1.4773" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 277.430034][ T40] audit: type=1326 audit(1755010618.913:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17407 comm="syz.1.4773" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 277.437997][ T40] audit: type=1326 audit(1755010618.913:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17407 comm="syz.1.4773" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 277.444713][ T40] audit: type=1326 audit(1755010618.913:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17407 comm="syz.1.4773" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 277.452290][ T40] audit: type=1326 audit(1755010618.913:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17407 comm="syz.1.4773" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 277.459414][ T40] audit: type=1326 audit(1755010618.923:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17407 comm="syz.1.4773" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 277.466166][ T40] audit: type=1326 audit(1755010618.923:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17407 comm="syz.1.4773" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 277.473106][ T40] audit: type=1326 audit(1755010618.923:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17407 comm="syz.1.4773" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 277.479782][ T40] audit: type=1326 audit(1755010618.923:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17407 comm="syz.1.4773" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 277.635017][ T5979] Bluetooth: hci2: unexpected event for opcode 0x0c6d [ 278.174861][ T1023] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 278.336091][ T1023] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 278.339911][ T1023] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 278.343980][ T1023] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 278.347446][ T1023] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 278.352823][ T1023] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 278.356059][ T1023] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 278.358881][ T1023] usb 6-1: Manufacturer: syz [ 278.361867][ T1023] usb 6-1: config 0 descriptor?? [ 278.494864][ T53] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 278.646151][ T53] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 278.650044][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 278.653420][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 278.656822][ T53] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 278.661885][ T53] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 278.664773][ T53] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 278.667255][ T53] usb 7-1: Manufacturer: syz [ 278.669937][ T53] usb 7-1: config 0 descriptor?? [ 278.773526][ T1023] appleir 0003:05AC:8243.0035: unknown main item tag 0x0 [ 278.777876][ T1023] appleir 0003:05AC:8243.0035: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 279.077592][ T53] appleir 0003:05AC:8243.0036: unknown main item tag 0x0 [ 279.081862][ T53] appleir 0003:05AC:8243.0036: hiddev1,hidraw2: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 279.304816][ T1057] wlan1: Trigger new scan to find an IBSS to join [ 279.963213][T17474] Set syz1 is full, maxelem 65536 reached [ 280.865203][ T6040] usb 6-1: USB disconnect, device number 32 [ 281.273266][ T6040] usb 7-1: USB disconnect, device number 27 [ 281.288044][T17519] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4819'. [ 281.420809][T17538] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 282.019555][T17593] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4853'. [ 282.032269][T17593] 8021q: adding VLAN 0 to HW filter on device bond2 [ 282.053693][T17593] 8021q: adding VLAN 0 to HW filter on device bond2 [ 282.056838][T17593] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 282.061729][T17593] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 282.254762][ T1057] wlan1: Trigger new scan to find an IBSS to join [ 282.541944][T17602] netlink: 'syz.6.4856': attribute type 2 has an invalid length. [ 282.544391][T17602] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4856'. [ 282.654742][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 282.654779][ T5986] Bluetooth: hci4: command 0x1003 tx timeout [ 282.808732][T17618] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4863'. [ 282.814211][T17620] netlink: 'syz.6.4864': attribute type 1 has an invalid length. [ 282.817092][T17620] netlink: 'syz.6.4864': attribute type 4 has an invalid length. [ 282.819784][T17620] netlink: 9462 bytes leftover after parsing attributes in process `syz.6.4864'. [ 282.821210][T17618] 8021q: adding VLAN 0 to HW filter on device bond1 [ 282.840077][T17624] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 282.846054][T17618] 8021q: adding VLAN 0 to HW filter on device bond1 [ 282.848341][T17618] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 282.852229][T17618] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 282.920211][T17632] netlink: 156 bytes leftover after parsing attributes in process `syz.6.4869'. [ 283.196025][ T1057] wlan1: Creating new IBSS network, BSSID 4e:04:14:8e:a0:d7 [ 283.358537][T17669] binder: 17668:17669 ioctl c0306201 800003c0 returned -14 [ 284.190164][T17695] 9pnet: p9_errstr2errno: server reported unknown error pA;KZ44/@qk [ 284.546462][T17724] loop6: detected capacity change from 0 to 63 [ 284.552046][T17724] Buffer I/O error on dev loop6, logical block 0, async page read [ 284.556466][T17724] Buffer I/O error on dev loop6, logical block 0, async page read [ 284.559255][T17724] Buffer I/O error on dev loop6, logical block 0, async page read [ 284.562135][T17724] Buffer I/O error on dev loop6, logical block 0, async page read [ 284.564784][T17724] Buffer I/O error on dev loop6, logical block 0, async page read [ 284.567309][T17724] Buffer I/O error on dev loop6, logical block 0, async page read [ 284.569792][T17724] Buffer I/O error on dev loop6, logical block 0, async page read [ 284.572342][T17724] Buffer I/O error on dev loop6, logical block 0, async page read [ 284.574921][T17724] Buffer I/O error on dev loop6, logical block 0, async page read [ 284.577431][T17724] Buffer I/O error on dev loop6, logical block 0, async page read [ 284.670292][T17741] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4916'. [ 285.210837][T17768] input: syz0 as /devices/virtual/input/input66 [ 285.794024][ T5986] Bluetooth: hci4: sending frame failed (-49) [ 285.797436][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 286.329628][T17817] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4949'. [ 286.390918][T17819] overlayfs: failed to clone upperpath [ 286.515360][T17832] 9pnet_fd: Insufficient options for proto=fd [ 287.518724][ T10] IPVS: starting estimator thread 0... [ 287.521809][T17882] tipc: Enabled bearer , priority 10 [ 287.604708][T17883] IPVS: using max 45 ests per chain, 108000 per kthread [ 288.334632][ T5986] Bluetooth: hci4: command 0x1003 tx timeout [ 288.334657][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 288.386147][T17913] binder: 17912:17913 ioctl c0306201 800003c0 returned -14 [ 288.772165][T17947] overlayfs: failed to clone upperpath [ 288.808363][T17949] overlayfs: failed to clone lowerpath [ 289.339364][T17988] overlayfs: failed to clone lowerpath [ 289.391185][T17995] capability: warning: `syz.6.5025' uses 32-bit capabilities (legacy support in use) [ 290.700927][T18112] [ 290.701820][T18112] ===================================================== [ 290.704181][T18112] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 290.706661][T18112] 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 Not tainted [ 290.710607][T18112] ----------------------------------------------------- [ 290.713840][T18112] syz.1.5077/18112 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 290.716489][T18112] ffff888053bbcd38 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 290.719848][T18112] [ 290.719848][T18112] and this task is already holding: [ 290.722669][T18112] ffff88802612f028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 290.725747][T18112] which would create a new lock dependency: [ 290.727609][T18112] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 290.730189][T18112] [ 290.730189][T18112] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 290.733955][T18112] (&dev->event_lock#2){..-.}-{3:3} [ 290.733982][T18112] [ 290.733982][T18112] ... which became SOFTIRQ-irq-safe at: [ 290.739678][T18112] lock_acquire+0x179/0x350 [ 290.741472][T18112] _raw_spin_lock_irqsave+0x3a/0x60 [ 290.743351][T18112] input_inject_event+0x9f/0x3b0 [ 290.745288][T18112] led_set_brightness+0x217/0x290 [ 290.747024][T18112] led_trigger_event+0xda/0x270 [ 290.748698][T18112] kbd_bh+0x21b/0x300 [ 290.750003][T18112] tasklet_action_common+0x284/0x400 [ 290.751722][T18112] handle_softirqs+0x219/0x8e0 [ 290.753414][T18112] run_ksoftirqd+0x3a/0x60 [ 290.754999][T18112] smpboot_thread_fn+0x3f4/0xae0 [ 290.756699][T18112] kthread+0x3c5/0x780 [ 290.758550][T18112] ret_from_fork+0x5d4/0x6f0 [ 290.760597][T18112] ret_from_fork_asm+0x1a/0x30 [ 290.762167][T18112] [ 290.762167][T18112] to a SOFTIRQ-irq-unsafe lock: [ 290.764346][T18112] (tasklist_lock){.+.+}-{3:3} [ 290.764364][T18112] [ 290.764364][T18112] ... which became SOFTIRQ-irq-unsafe at: [ 290.768284][T18112] ... [ 290.768290][T18112] lock_acquire+0x179/0x350 [ 290.770993][T18112] _raw_read_lock+0x5f/0x70 [ 290.772449][T18112] __do_wait+0x105/0x890 [ 290.773957][T18112] do_wait+0x21e/0x5a0 [ 290.775393][T18112] kernel_wait+0x9f/0x160 [ 290.776935][T18112] call_usermodehelper_exec_work+0xf1/0x170 [ 290.779060][T18112] process_one_work+0x9cc/0x1b70 [ 290.780672][T18112] worker_thread+0x6c8/0xf10 [ 290.782113][T18112] kthread+0x3c5/0x780 [ 290.783421][T18112] ret_from_fork+0x5d4/0x6f0 [ 290.784906][T18112] ret_from_fork_asm+0x1a/0x30 [ 290.786444][T18112] [ 290.786444][T18112] other info that might help us debug this: [ 290.786444][T18112] [ 290.789604][T18112] Chain exists of: [ 290.789604][T18112] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 290.789604][T18112] [ 290.793762][T18112] Possible interrupt unsafe locking scenario: [ 290.793762][T18112] [ 290.796519][T18112] CPU0 CPU1 [ 290.798239][T18112] ---- ---- [ 290.799931][T18112] lock(tasklist_lock); [ 290.801293][T18112] local_irq_disable(); [ 290.803414][T18112] lock(&dev->event_lock#2); [ 290.805698][T18112] lock(&client->buffer_lock); [ 290.808022][T18112] [ 290.809153][T18112] lock(&dev->event_lock#2); [ 290.810747][T18112] [ 290.810747][T18112] *** DEADLOCK *** [ 290.810747][T18112] [ 290.813310][T18112] 7 locks held by syz.1.5077/18112: [ 290.814977][T18112] #0: ffff8880206af118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x184/0x440 [ 290.818084][T18112] #1: ffff888043cf9230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 [ 290.821196][T18112] #2: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 [ 290.824240][T18112] #3: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 [ 290.827176][T18112] #4: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 290.830012][T18112] #5: ffff88802612f028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 290.833878][T18112] #6: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 290.837809][T18112] [ 290.837809][T18112] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 290.841835][T18112] -> (&dev->event_lock#2){..-.}-{3:3} { [ 290.843691][T18112] IN-SOFTIRQ-W at: [ 290.844941][T18112] lock_acquire+0x179/0x350 [ 290.846951][T18112] _raw_spin_lock_irqsave+0x3a/0x60 [ 290.849136][T18112] input_inject_event+0x9f/0x3b0 [ 290.851234][T18112] led_set_brightness+0x217/0x290 [ 290.853640][T18112] led_trigger_event+0xda/0x270 [ 290.855917][T18112] kbd_bh+0x21b/0x300 [ 290.857708][T18112] tasklet_action_common+0x284/0x400 [ 290.859892][T18112] handle_softirqs+0x219/0x8e0 [ 290.861989][T18112] run_ksoftirqd+0x3a/0x60 [ 290.863874][T18112] smpboot_thread_fn+0x3f4/0xae0 [ 290.865989][T18112] kthread+0x3c5/0x780 [ 290.867859][T18112] ret_from_fork+0x5d4/0x6f0 [ 290.869882][T18112] ret_from_fork_asm+0x1a/0x30 [ 290.871981][T18112] INITIAL USE at: [ 290.873236][T18112] lock_acquire+0x179/0x350 [ 290.875207][T18112] _raw_spin_lock_irqsave+0x3a/0x60 [ 290.877332][T18112] input_inject_event+0x9f/0x3b0 [ 290.879390][T18112] led_set_brightness+0x217/0x290 [ 290.881511][T18112] kbd_led_trigger_activate+0xcb/0x110 [ 290.883719][T18112] led_trigger_set+0x59a/0xc50 [ 290.885683][T18112] led_trigger_set_default+0x1e0/0x2e0 [ 290.887883][T18112] led_classdev_register_ext+0x7b8/0xa10 [ 290.890329][T18112] input_leds_connect+0x552/0x8e0 [ 290.892558][T18112] input_attach_handler.isra.0+0x176/0x250 [ 290.895018][T18112] input_register_device+0xab9/0x1180 [ 290.897931][T18112] atkbd_connect+0x5f8/0xa40 [ 290.900281][T18112] serio_driver_probe+0x7f/0xd0 [ 290.902521][T18112] really_probe+0x23e/0xa90 [ 290.904476][T18112] __driver_probe_device+0x1de/0x440 [ 290.906671][T18112] driver_probe_device+0x4c/0x1b0 [ 290.908803][T18112] __driver_attach+0x283/0x580 [ 290.910852][T18112] bus_for_each_dev+0x13e/0x1d0 [ 290.912899][T18112] serio_handle_event+0x335/0xc30 [ 290.914997][T18112] process_one_work+0x9cc/0x1b70 [ 290.917297][T18112] worker_thread+0x6c8/0xf10 [ 290.919279][T18112] kthread+0x3c5/0x780 [ 290.921156][T18112] ret_from_fork+0x5d4/0x6f0 [ 290.923168][T18112] ret_from_fork_asm+0x1a/0x30 [ 290.925225][T18112] } [ 290.926094][T18112] ... key at: [] __key.7+0x0/0x40 [ 290.928367][T18112] -> (&client->buffer_lock){....}-{3:3} { [ 290.930241][T18112] INITIAL USE at: [ 290.931498][T18112] lock_acquire+0x179/0x350 [ 290.933437][T18112] _raw_spin_lock+0x2e/0x40 [ 290.935444][T18112] evdev_pass_values+0x10e/0x9b0 [ 290.937539][T18112] evdev_events+0x1bb/0x390 [ 290.939481][T18112] input_pass_values+0x74e/0x880 [ 290.941564][T18112] input_handle_event+0xf00/0x14d0 [ 290.943660][T18112] input_inject_event+0x1e8/0x3b0 [ 290.945668][T18112] evdev_write+0x2e1/0x440 [ 290.947555][T18112] vfs_write+0x29d/0x11d0 [ 290.949785][T18112] ksys_write+0x1f8/0x250 [ 290.951808][T18112] __do_fast_syscall_32+0x7c/0x3a0 [ 290.954101][T18112] do_fast_syscall_32+0x32/0x80 [ 290.956294][T18112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 290.959146][T18112] } [ 290.960170][T18112] ... key at: [] __key.1+0x0/0x40 [ 290.962365][T18112] ... acquired at: [ 290.963575][T18112] _raw_spin_lock+0x2e/0x40 [ 290.965117][T18112] evdev_pass_values+0x10e/0x9b0 [ 290.967115][T18112] evdev_events+0x1bb/0x390 [ 290.968615][T18112] input_pass_values+0x74e/0x880 [ 290.970291][T18112] input_handle_event+0xf00/0x14d0 [ 290.972070][T18112] input_inject_event+0x1e8/0x3b0 [ 290.974022][T18112] evdev_write+0x2e1/0x440 [ 290.975519][T18112] vfs_write+0x29d/0x11d0 [ 290.976952][T18112] ksys_write+0x1f8/0x250 [ 290.978530][T18112] __do_fast_syscall_32+0x7c/0x3a0 [ 290.980321][T18112] do_fast_syscall_32+0x32/0x80 [ 290.982131][T18112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 290.984211][T18112] [ 290.985007][T18112] [ 290.985007][T18112] the dependencies between the lock to be acquired [ 290.985013][T18112] and SOFTIRQ-irq-unsafe lock: [ 290.989300][T18112] -> (tasklist_lock){.+.+}-{3:3} { [ 290.991026][T18112] HARDIRQ-ON-R at: [ 290.992454][T18112] lock_acquire+0x179/0x350 [ 290.994491][T18112] _raw_read_lock+0x5f/0x70 [ 290.996512][T18112] __do_wait+0x105/0x890 [ 290.999006][T18112] do_wait+0x21e/0x5a0 [ 291.001306][T18112] kernel_wait+0x9f/0x160 [ 291.003311][T18112] call_usermodehelper_exec_work+0xf1/0x170 [ 291.005758][T18112] process_one_work+0x9cc/0x1b70 [ 291.007906][T18112] worker_thread+0x6c8/0xf10 [ 291.009970][T18112] kthread+0x3c5/0x780 [ 291.011891][T18112] ret_from_fork+0x5d4/0x6f0 [ 291.013953][T18112] ret_from_fork_asm+0x1a/0x30 [ 291.016049][T18112] SOFTIRQ-ON-R at: [ 291.017359][T18112] lock_acquire+0x179/0x350 [ 291.019378][T18112] _raw_read_lock+0x5f/0x70 [ 291.021408][T18112] __do_wait+0x105/0x890 [ 291.023305][T18112] do_wait+0x21e/0x5a0 [ 291.025194][T18112] kernel_wait+0x9f/0x160 [ 291.027126][T18112] call_usermodehelper_exec_work+0xf1/0x170 [ 291.029670][T18112] process_one_work+0x9cc/0x1b70 [ 291.031908][T18112] worker_thread+0x6c8/0xf10 [ 291.033981][T18112] kthread+0x3c5/0x780 [ 291.035901][T18112] ret_from_fork+0x5d4/0x6f0 [ 291.038464][T18112] ret_from_fork_asm+0x1a/0x30 [ 291.040704][T18112] INITIAL USE at: [ 291.042022][T18112] lock_acquire+0x179/0x350 [ 291.044037][T18112] _raw_write_lock_irq+0x36/0x50 [ 291.046167][T18112] copy_process+0x4caf/0x7690 [ 291.048215][T18112] kernel_clone+0xfc/0x930 [ 291.050241][T18112] user_mode_thread+0xc7/0x110 [ 291.052324][T18112] rest_init+0x23/0x2b0 [ 291.054057][T18112] start_kernel+0x3ee/0x4d0 [ 291.055998][T18112] x86_64_start_reservations+0x18/0x30 [ 291.058302][T18112] x86_64_start_kernel+0x130/0x190 [ 291.060611][T18112] common_startup_64+0x13e/0x148 [ 291.062775][T18112] INITIAL READ USE at: [ 291.064245][T18112] lock_acquire+0x179/0x350 [ 291.066417][T18112] _raw_read_lock+0x5f/0x70 [ 291.068572][T18112] __do_wait+0x105/0x890 [ 291.070685][T18112] do_wait+0x21e/0x5a0 [ 291.072704][T18112] kernel_wait+0x9f/0x160 [ 291.074837][T18112] call_usermodehelper_exec_work+0xf1/0x170 [ 291.077491][T18112] process_one_work+0x9cc/0x1b70 [ 291.080195][T18112] worker_thread+0x6c8/0xf10 [ 291.082539][T18112] kthread+0x3c5/0x780 [ 291.084648][T18112] ret_from_fork+0x5d4/0x6f0 [ 291.086830][T18112] ret_from_fork_asm+0x1a/0x30 [ 291.089032][T18112] } [ 291.089887][T18112] ... key at: [] tasklist_lock+0x18/0x40 [ 291.092531][T18112] ... acquired at: [ 291.093925][T18112] _raw_read_lock+0x5f/0x70 [ 291.095613][T18112] send_sigurg+0xed/0xc80 [ 291.097204][T18112] sk_send_sigurg+0x76/0x360 [ 291.098889][T18112] unix_stream_sendmsg+0xfa5/0x1340 [ 291.100613][T18112] ____sys_sendmsg+0xa95/0xc70 [ 291.102225][T18112] ___sys_sendmsg+0x134/0x1d0 [ 291.103772][T18112] __sys_sendmsg+0x16d/0x220 [ 291.105300][T18112] __do_fast_syscall_32+0x7c/0x3a0 [ 291.106936][T18112] do_fast_syscall_32+0x32/0x80 [ 291.108530][T18112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 291.110616][T18112] [ 291.111405][T18112] -> (&f_owner->lock){....}-{3:3} { [ 291.113358][T18112] INITIAL USE at: [ 291.114712][T18112] lock_acquire+0x179/0x350 [ 291.116787][T18112] _raw_write_lock_irq+0x36/0x50 [ 291.118901][T18112] __f_setown+0x61/0x3c0 [ 291.120890][T18112] fcntl_dirnotify+0x7b1/0xb60 [ 291.122916][T18112] do_fcntl+0xe62/0x15a0 [ 291.124806][T18112] do_compat_fcntl64+0x367/0x710 [ 291.126917][T18112] __do_fast_syscall_32+0x7c/0x3a0 [ 291.129093][T18112] do_fast_syscall_32+0x32/0x80 [ 291.131207][T18112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 291.134007][T18112] INITIAL READ USE at: [ 291.135572][T18112] lock_acquire+0x179/0x350 [ 291.137835][T18112] _raw_read_lock_irqsave+0x74/0x90 [ 291.140165][T18112] send_sigurg+0x5f/0xc80 [ 291.142193][T18112] sk_send_sigurg+0x76/0x360 [ 291.144386][T18112] unix_stream_sendmsg+0xfa5/0x1340 [ 291.146968][T18112] ____sys_sendmsg+0xa95/0xc70 [ 291.149125][T18112] ___sys_sendmsg+0x134/0x1d0 [ 291.151321][T18112] __sys_sendmsg+0x16d/0x220 [ 291.153576][T18112] __do_fast_syscall_32+0x7c/0x3a0 [ 291.156092][T18112] do_fast_syscall_32+0x32/0x80 [ 291.158300][T18112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 291.160949][T18112] } [ 291.162040][T18112] ... key at: [] __key.1+0x0/0x40 [ 291.164432][T18112] ... acquired at: [ 291.165682][T18112] _raw_read_lock_irqsave+0x74/0x90 [ 291.167370][T18112] send_sigio+0x31/0x3e0 [ 291.168795][T18112] kill_fasync+0x214/0x510 [ 291.170299][T18112] lease_break_callback+0x23/0x30 [ 291.171835][T18112] __break_lease+0x671/0x1810 [ 291.173408][T18112] do_dentry_open+0x91f/0x1530 [ 291.175130][T18112] vfs_open+0x82/0x3f0 [ 291.176581][T18112] path_openat+0x1de4/0x2cb0 [ 291.178189][T18112] do_filp_open+0x20b/0x470 [ 291.179729][T18112] do_sys_openat2+0x11b/0x1d0 [ 291.181437][T18112] __ia32_sys_creat+0xcb/0x120 [ 291.183060][T18112] __do_fast_syscall_32+0x7c/0x3a0 [ 291.184701][T18112] do_fast_syscall_32+0x32/0x80 [ 291.186253][T18112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 291.188278][T18112] [ 291.189048][T18112] -> (&new->fa_lock){....}-{3:3} { [ 291.190709][T18112] INITIAL USE at: [ 291.191945][T18112] lock_acquire+0x179/0x350 [ 291.194175][T18112] _raw_write_lock_irq+0x36/0x50 [ 291.196328][T18112] fasync_remove_entry+0xb2/0x1e0 [ 291.198444][T18112] fasync_helper+0xaf/0xd0 [ 291.200364][T18112] pipe_fasync+0xc7/0x200 [ 291.202253][T18112] __fput+0x968/0xb70 [ 291.204010][T18112] task_work_run+0x150/0x240 [ 291.205959][T18112] exit_to_user_mode_loop+0xeb/0x110 [ 291.208098][T18112] __do_fast_syscall_32+0x2ac/0x3a0 [ 291.210229][T18112] do_fast_syscall_32+0x32/0x80 [ 291.212335][T18112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 291.215143][T18112] INITIAL READ USE at: [ 291.216651][T18112] lock_acquire+0x179/0x350 [ 291.218837][T18112] _raw_read_lock_irqsave+0x74/0x90 [ 291.221396][T18112] kill_fasync+0x138/0x510 [ 291.223425][T18112] splice_to_socket+0x50b/0x1110 [ 291.225568][T18112] do_splice+0x1478/0x1fc0 [ 291.227584][T18112] __do_splice+0x32a/0x360 [ 291.229617][T18112] __ia32_sys_splice+0x189/0x250 [ 291.231918][T18112] __do_fast_syscall_32+0x7c/0x3a0 [ 291.234292][T18112] do_fast_syscall_32+0x32/0x80 [ 291.236456][T18112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 291.239332][T18112] } [ 291.240382][T18112] ... key at: [] __key.0+0x0/0x40 [ 291.243322][T18112] ... acquired at: [ 291.244546][T18112] lock_acquire+0x179/0x350 [ 291.246208][T18112] _raw_read_lock_irqsave+0x74/0x90 [ 291.247913][T18112] kill_fasync+0x138/0x510 [ 291.249408][T18112] evdev_pass_values+0x619/0x9b0 [ 291.251066][T18112] evdev_events+0x1bb/0x390 [ 291.252690][T18112] input_pass_values+0x74e/0x880 [ 291.255240][T18112] input_handle_event+0xf00/0x14d0 [ 291.256928][T18112] input_inject_event+0x1e8/0x3b0 [ 291.258882][T18112] evdev_write+0x2e1/0x440 [ 291.260488][T18112] vfs_write+0x29d/0x11d0 [ 291.262123][T18112] ksys_write+0x1f8/0x250 [ 291.263601][T18112] __do_fast_syscall_32+0x7c/0x3a0 [ 291.265276][T18112] do_fast_syscall_32+0x32/0x80 [ 291.266872][T18112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 291.268916][T18112] [ 291.269709][T18112] [ 291.269709][T18112] stack backtrace: [ 291.271532][T18112] CPU: 1 UID: 0 PID: 18112 Comm: syz.1.5077 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) [ 291.271553][T18112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 291.271560][T18112] Call Trace: [ 291.271565][T18112] [ 291.271570][T18112] dump_stack_lvl+0x116/0x1f0 [ 291.271586][T18112] check_irq_usage+0x7dc/0x920 [ 291.271600][T18112] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 291.271620][T18112] ? check_path.constprop.0+0x24/0x50 [ 291.271634][T18112] ? __lock_acquire+0x12bc/0x1ce0 [ 291.271648][T18112] __lock_acquire+0x12bc/0x1ce0 [ 291.271664][T18112] lock_acquire+0x179/0x350 [ 291.271678][T18112] ? kill_fasync+0x138/0x510 [ 291.271695][T18112] _raw_read_lock_irqsave+0x74/0x90 [ 291.271709][T18112] ? kill_fasync+0x138/0x510 [ 291.271724][T18112] kill_fasync+0x138/0x510 [ 291.271739][T18112] evdev_pass_values+0x619/0x9b0 [ 291.271759][T18112] evdev_events+0x1bb/0x390 [ 291.271769][T18112] input_pass_values+0x74e/0x880 [ 291.271781][T18112] input_handle_event+0xf00/0x14d0 [ 291.271790][T18112] ? _copy_from_user+0x59/0xd0 [ 291.271808][T18112] input_inject_event+0x1e8/0x3b0 [ 291.271820][T18112] evdev_write+0x2e1/0x440 [ 291.271830][T18112] ? __pfx_evdev_write+0x10/0x10 [ 291.271839][T18112] ? common_file_perm+0x1a9/0x340 [ 291.271852][T18112] ? bpf_lsm_file_permission+0x9/0x10 [ 291.271868][T18112] ? security_file_permission+0x71/0x210 [ 291.271884][T18112] ? rw_verify_area+0xcf/0x6c0 [ 291.271894][T18112] ? __pfx_evdev_write+0x10/0x10 [ 291.271903][T18112] vfs_write+0x29d/0x11d0 [ 291.271916][T18112] ? __pfx_vfs_write+0x10/0x10 [ 291.271928][T18112] ? find_held_lock+0x2b/0x80 [ 291.271938][T18112] ? __fget_files+0x204/0x3c0 [ 291.271950][T18112] ? __fget_files+0x20e/0x3c0 [ 291.271963][T18112] ksys_write+0x1f8/0x250 [ 291.271975][T18112] ? __pfx_ksys_write+0x10/0x10 [ 291.271987][T18112] ? rcu_is_watching+0x12/0xc0 [ 291.272000][T18112] __do_fast_syscall_32+0x7c/0x3a0 [ 291.272015][T18112] do_fast_syscall_32+0x32/0x80 [ 291.272029][T18112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 291.272042][T18112] RIP: 0023:0xf7fc3579 [ 291.272050][T18112] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 291.272062][T18112] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 291.272073][T18112] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 291.272080][T18112] RDX: 0000000000001068 RSI: 0000000000000000 RDI: 0000000000000000 [ 291.272086][T18112] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 291.272092][T18112] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 291.272098][T18112] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 291.272107][T18112] VM DIAGNOSIS: 14:52:54 Registers: info registers vcpu 0 CPU#0 RAX=00000000002e8e8c RBX=0000000000000000 RCX=ffffffff8b903bf9 RDX=ffffed1005646656 RSI=ffffffff8c162880 RDI=ffffffff8190cd41 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08 R8 =0000000000000000 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90ab6b90 R15=0000000000000000 RIP=ffffffff8b90275f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000807da000 CR3=000000002b258000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff85613650 RDI=ffffffff9b0f6600 RBP=ffffffff9b0f65c0 RSP=ffffc90002c37298 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e37312e36 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff361ed12 R15=dffffc0000000000 RIP=ffffffff85613677 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880975c6000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7486285 CR3=000000007857b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 61610890241fe7ad ec371539dc05b60f ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e576178cbdb623c3 4aaea135718e2864 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5bdea8dfa3d9d4cd 5d27f75290297ab5 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 71f2ebb30629b3b6 8e185c7574315a19 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000077c0 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b12854d9b12a2060 6e0000003a000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b12a1ccc000084d8 b12c2f27b12bca9e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00004894b2000000 8100000032000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1600000070000000 b12b5ec2a2000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 26c911a721ef40d6 431a546a40e17527 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d296cb360a45966a f81eb79c9fa55caf ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000001 RBX=0000000000000002 RCX=ffffffff821218c5 RDX=fffffbfff2156d73 RSI=0000000000000008 RDI=ffffffff90ab6b90 RBP=0000000000152c4a RSP=ffffc90003747568 R8 =0000000000000000 R9 =fffffbfff2156d72 R10=ffffffff90ab6b97 R11=00000000000a9029 R12=ffff88803fffbb80 R13=1ffff920006e8ec8 R14=ffffea0001672cc0 R15=0000000000000000 RIP=ffffffff81a04c20 RFL=00000247 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f695581a300 ffffffff 00c00000 GS =0000 ffff8880976c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00005557e5f35f40 CR3=000000004bc6c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=3c6029112b105521 a61852e691f649a1 3c6029112b105521 a61852e691f649a1 3c6029112b105521 a61852e691f649a1 3c6029112b105521 a61852e691f649a1 ZMM18=75f278f8e92c0978 38b98ddb0c054497 75f278f8e92c0978 38b98ddb0c054497 75f278f8e92c0978 38b98ddb0c054497 75f278f8e92c0978 38b98ddb0c054497 ZMM19=911d000000000000 0000000000000004 911d000000000000 0000000000000003 911d000000000000 0000000000000002 911d000000000000 0000000000000001 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffef0801800300 0800108008000100 00000806060106b2 07a4080030a18008 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0009f0c080020600 439a0030656c6966 2f2e01ffffffffff ffffffef0809f0c0 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 800300080007b882 080007b882080006 0169ce4a08003808 0004014cfa0c0000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0300000000000008 ffffffce00000000 ffffffff813fe453 ffffffff813feefa ZMM25=38b98ddb38b98ddb 38b98ddb38b98ddb 38b98ddb38b98ddb 38b98ddb38b98ddb 38b98ddb38b98ddb 38b98ddb38b98ddb 38b98ddb38b98ddb 38b98ddb38b98ddb ZMM26=e92c0978e92c0978 e92c0978e92c0978 e92c0978e92c0978 e92c0978e92c0978 e92c0978e92c0978 e92c0978e92c0978 e92c0978e92c0978 e92c0978e92c0978 ZMM27=75f278f875f278f8 75f278f875f278f8 75f278f875f278f8 75f278f875f278f8 75f278f875f278f8 75f278f875f278f8 75f278f875f278f8 75f278f875f278f8 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=8f1d00008f1d0000 8f1d00008f1d0000 8f1d00008f1d0000 8f1d00008f1d0000 8f1d00008f1d0000 8f1d00008f1d0000 8f1d00008f1d0000 8f1d00008f1d0000 info registers vcpu 3 CPU#3 RAX=ffffc90000415000 RBX=ffff888043d3b800 RCX=ffffffff819b8517 RDX=1ffff110087a7686 RSI=ffffffff866a3fa4 RDI=ffff888043d3b430 RBP=0000000000000001 RSP=ffffc900005e8ea0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=ffffc900005e8ff8 R12=ffffc90000415008 R13=ffff888043d3b428 R14=ffff888042c42000 R15=0000000000000000 RIP=ffffffff866a3ff2 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3c0a98 CR3=000000002b258000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000