last executing test programs: 22m21.017637892s ago: executing program 0 (id=4838): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$read(0xb, r2, &(0x7f0000000200)=""/4, 0x4) 22m20.879382179s ago: executing program 0 (id=4841): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) close(r1) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r2, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x20086}], 0x1}}], 0x1, 0x0) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getneigh={0x14, 0x1e, 0x4, 0x70bd2b, 0x25dfdbff, {}, [""]}, 0x14}}, 0x0) 22m19.945311751s ago: executing program 0 (id=4859): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_INIT(r2, 0x29, 0xc8, 0x0, 0x0) 22m19.8437496s ago: executing program 0 (id=4862): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 22m19.667769113s ago: executing program 0 (id=4868): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5401000010001307000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="20010000000000000000000000000002000004d632000000640101020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000002000000000000000000000000000000fdffffff0000000000000000020000c8d52117000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017"], 0x154}}, 0x80) 22m19.224828399s ago: executing program 0 (id=4877): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/rcu_expedited', 0x169a82, 0x131) read$FUSE(r2, &(0x7f0000000180)={0x2020}, 0x2020) 22m18.863472072s ago: executing program 32 (id=4877): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/rcu_expedited', 0x169a82, 0x131) read$FUSE(r2, &(0x7f0000000180)={0x2020}, 0x2020) 15m25.913242795s ago: executing program 2 (id=12223): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) shmget(0x1, 0x4000, 0x10, &(0x7f0000ffb000/0x4000)=nil) 15m25.715761839s ago: executing program 2 (id=12227): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000180)={0x98, 0x20, 0x8d, 0xd, 0x0, 0x2, 0x0, 0x7, 0x4, 0x0, 0x0, 0x2, 0x4}, 0xe) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f00000001c0)=0x5, 0x4) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) recvmsg(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x10001) 15m25.53389171s ago: executing program 2 (id=12231): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$SO_COOKIE(r3, 0x1, 0x39, 0x0, &(0x7f0000000100)) 15m25.325365617s ago: executing program 2 (id=12235): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') sendfile(r3, r3, &(0x7f0000000000)=0x2eb4, 0x2000007ff) 15m24.377370785s ago: executing program 2 (id=12261): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r2, 0x40304580, &(0x7f0000000b40)={0x57, 0x0, 0x8, {0x80c, 0x1}, {0x45, 0x400}, @rumble={0xdd, 0x5}}) write$char_usb(r2, &(0x7f0000000040)="e2", 0x2250) 15m24.116138047s ago: executing program 2 (id=12266): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f00000000c0), 0x10) sendmmsg$sock(r2, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="05000000eeca06ad54c456350da0a5f21f55e46e", 0x14}, {&(0x7f0000000100)="26373bfbfe0bcd2f21b430a9d6cd4fd9a216e3daba6bff56f74ccf39b3eed7ef2f557f95", 0x24}], 0x2}}, {{&(0x7f0000000000)=@phonet={0x23, 0x8, 0x7f, 0x4}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000140)="dd1d4d348677b58410a9bc8fc1830ebfc34fe976b4116fccc6ec1e10676fe7a98cd1bf4015d08677f800b502426625a55cb1346cb8da8957", 0x38}], 0x1}}], 0x2, 0x24000800) 15m23.876247103s ago: executing program 33 (id=12266): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f00000000c0), 0x10) sendmmsg$sock(r2, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="05000000eeca06ad54c456350da0a5f21f55e46e", 0x14}, {&(0x7f0000000100)="26373bfbfe0bcd2f21b430a9d6cd4fd9a216e3daba6bff56f74ccf39b3eed7ef2f557f95", 0x24}], 0x2}}, {{&(0x7f0000000000)=@phonet={0x23, 0x8, 0x7f, 0x4}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000140)="dd1d4d348677b58410a9bc8fc1830ebfc34fe976b4116fccc6ec1e10676fe7a98cd1bf4015d08677f800b502426625a55cb1346cb8da8957", 0x38}], 0x1}}], 0x2, 0x24000800) 10m20.911734083s ago: executing program 6 (id=17605): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket(0x1e, 0x5, 0x0) connect$tipc(r3, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) 10m20.67890136s ago: executing program 6 (id=17608): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0xffffffff, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x6, 0x3, 0x2, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x1ff, 0x9, 0x5, 0x1f461e2c, 0x7, 0x2000e665, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xa, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x1200000, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x7, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x6, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1000, 0xfffffffc, 0x0, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0xfffffffe, 0x8, 0x4, 0x8000, 0x9, 0x7fffffff, 0x401, 0xfff, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0x4, 0x1, 0x2, 0x2, 0x20009, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0xa, 0x3, 0x9, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x9, 0x200, 0x42, 0x400004], [0x6, 0x6, 0x80000001, 0x2, 0xff, 0x40000100, 0x8d2, 0x9, 0x20005, 0x7fff, 0x0, 0x20000001, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x3ff, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800003, 0x200, 0x80, 0x1, 0xcc52, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x403, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x80ce7, 0x1ff, 0x3, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x60a3, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x4, 0x2, 0x10002, 0x6, 0x1, 0x10080, 0x6, 0xb, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x8000200, 0xffff3441, 0xfff]}, 0x45c) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1000, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 10m20.356262917s ago: executing program 6 (id=17612): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) keyctl$clear(0x7, 0x0) 10m20.217567403s ago: executing program 6 (id=17615): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) unshare(0x26020480) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x80000, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) 10m19.236121179s ago: executing program 6 (id=17630): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) pselect6(0x40, &(0x7f0000000040)={0x4, 0x0, 0xffffffff, 0x8000000000000001, 0x9, 0xeb0a, 0x8, 0xfffffffffffffffe}, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x0) 10m17.72336129s ago: executing program 6 (id=17644): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x86, 0x4) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @loopback, 0xbf}, 0x1c) recvmmsg(r2, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=""/4110, 0x100e}, 0x7ffffffe}], 0x1, 0x40002000, 0x0) 10m17.258355038s ago: executing program 34 (id=17644): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x86, 0x4) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @loopback, 0xbf}, 0x1c) recvmmsg(r2, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=""/4110, 0x100e}, 0x7ffffffe}], 0x1, 0x40002000, 0x0) 5.822946074s ago: executing program 4 (id=28728): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8800) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) io_setup(0x8, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0) preadv(r2, &(0x7f0000004ec0)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0) setns(0xffffffffffffffff, 0x8020000) 5.265935715s ago: executing program 7 (id=28733): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) getsockname$unix(r3, 0x0, &(0x7f0000000080)) 5.135628098s ago: executing program 7 (id=28735): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil) 4.642370161s ago: executing program 7 (id=28738): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 4.436838066s ago: executing program 7 (id=28740): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000140), 0x4) 4.372644567s ago: executing program 7 (id=28742): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) socket$l2tp(0x2, 0x2, 0x73) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x351a, 0x100, 0x0, 0x0, 0x0) 4.257559609s ago: executing program 4 (id=28744): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x24000]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) ioctl$TUNSETCARRIER(r3, 0x400454e2, 0x0) 3.747341223s ago: executing program 4 (id=28750): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.dequeue\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) rt_sigtimedwait(&(0x7f00000000c0)={[0xfffffffffffffffb]}, 0x0, &(0x7f0000000200)={0x0, 0x3938700}, 0x8) 3.561018907s ago: executing program 4 (id=28753): r0 = socket$kcm(0x29, 0x2, 0x0) write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x45885, 0x80, 0x0, 0x8}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x20000000, 0x0, 0x0, 0x0) 2.722854842s ago: executing program 7 (id=28759): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) ioctl$TCXONC(r1, 0x540a, 0x2) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x6) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$int_in(r2, 0x5452, &(0x7f0000001080)=0x3) write(r2, &(0x7f0000000200)='#', 0x1) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000140)={0x6, 0x3, 0x6, 0x7fff, 0x1a, "ee1dd756f560f25a63b2f119c3439425ea59d8"}) 1.625113208s ago: executing program 5 (id=28770): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_print_times', 0x40901, 0x0) write$FUSE_NOTIFY_RETRIEVE(r4, 0x0, 0x0) 1.444242662s ago: executing program 5 (id=28772): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c12020", 0x44000004, 0x0}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f00000000c0), 0xf00) close(r3) 1.364312813s ago: executing program 1 (id=28773): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = dup(r0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) fcntl$addseals(r2, 0x409, 0x1) 1.253420828s ago: executing program 1 (id=28774): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) 1.24417486s ago: executing program 5 (id=28775): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = timerfd_create(0x1, 0x0) timerfd_settime(r3, 0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, 0x0) read(r3, &(0x7f0000000100)=""/162, 0xa2) 1.019947286s ago: executing program 1 (id=28776): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x4200000, 0x0, 0x33, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) 965.406585ms ago: executing program 5 (id=28777): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x4fa3e3ad9948be0d, {0x42}}, 0x10) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r3, &(0x7f0000000380)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x3, {{0x42, 0x1}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4) 718.417421ms ago: executing program 5 (id=28779): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000000010001fff000573d02eab8a35ea060000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00b8"], 0x40}}, 0x0) 586.988211ms ago: executing program 3 (id=28780): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_PEER_REMOVE(r3, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000003400)={0x18, r4, 0x239, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0) 528.222426ms ago: executing program 1 (id=28781): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r4, 0x1, 0x40, &(0x7f0000000000)=0x10, 0x4) 478.853785ms ago: executing program 3 (id=28782): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, 0x0, &(0x7f00000001c0)) 409.0589ms ago: executing program 3 (id=28783): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0xfcee) r3 = socket$netlink(0x10, 0x3, 0x0) connect$netlink(r3, 0x0, 0x0) 384.179063ms ago: executing program 1 (id=28784): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x7fff, &(0x7f0000000140)={[0x2]}, 0x8) 308.352612ms ago: executing program 4 (id=28785): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x50, 0x0, &(0x7f0000000980)=[@enter_looper, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 178.530286ms ago: executing program 3 (id=28786): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=@base={0x1, 0xa, 0x492f, 0x7f, 0x1, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xca, r2}, 0x38) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7}, 0x38) 127.458079ms ago: executing program 4 (id=28787): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) write(r0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mkdir(&(0x7f0000000140)='./file0\x00', 0xe8) 120.388756ms ago: executing program 1 (id=28788): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r2, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) r3 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r3, 0x29, 0xd1, &(0x7f0000000180)=0x5, 0x4) 89.38795ms ago: executing program 5 (id=28789): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket(0x10, 0x803, 0x0) sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000dc0)=""/4091, 0xffb}, {&(0x7f0000000940)=""/263, 0x107}, {&(0x7f0000003700)=""/213, 0xd5}, {&(0x7f0000002180)=""/205, 0xcd}, {&(0x7f0000000b40)=""/161, 0xa1}], 0x5}, 0x1009}], 0x2, 0x40012160, 0x0) 40.799882ms ago: executing program 3 (id=28790): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r3, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c) 0s ago: executing program 3 (id=28791): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x24000]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) close(r3) kernel console output (not intermixed with test programs): ][T22922] misc userio: Invalid payload size [ 1329.112334][T22927] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 1330.542183][T22943] veth1_macvtap: entered allmulticast mode [ 1331.042975][T22971] netlink: 'syz.4.22334': attribute type 2 has an invalid length. [ 1331.064488][T22971] netlink: 1 bytes leftover after parsing attributes in process `syz.4.22334'. [ 1331.259110][T22980] netlink: 4 bytes leftover after parsing attributes in process `syz.4.22338'. [ 1335.075512][T23139] netlink: 4 bytes leftover after parsing attributes in process `syz.5.22414'. [ 1336.075769][T32096] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 1336.239790][T32096] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1336.255168][T32096] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1336.268120][T23201] netlink: 20 bytes leftover after parsing attributes in process `syz.4.22442'. [ 1336.275161][T32096] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1336.307446][T32096] usb 2-1: config 0 descriptor?? [ 1336.316865][T32096] pwc: Askey VC010 type 2 USB webcam detected. [ 1336.440407][T23206] input: syz1 as /devices/virtual/input/input96 [ 1336.719751][T32096] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1336.752762][T32096] pwc: recv_control_msg error -32 req 02 val 2700 [ 1336.772514][T32096] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1336.793054][T32096] pwc: recv_control_msg error -32 req 04 val 1000 [ 1336.801040][T32096] pwc: recv_control_msg error -32 req 04 val 1300 [ 1336.815510][T32096] pwc: recv_control_msg error -32 req 04 val 1400 [ 1336.825173][T32096] pwc: recv_control_msg error -32 req 02 val 2000 [ 1336.843056][T32096] pwc: recv_control_msg error -32 req 02 val 2100 [ 1337.066353][T32096] pwc: recv_control_msg error -71 req 02 val 2500 [ 1337.080111][T32096] pwc: recv_control_msg error -71 req 02 val 2400 [ 1337.089001][T32096] pwc: recv_control_msg error -71 req 02 val 2600 [ 1337.108449][T32096] pwc: recv_control_msg error -71 req 02 val 2900 [ 1337.131268][T32096] pwc: recv_control_msg error -71 req 02 val 2800 [ 1337.140305][T32096] pwc: recv_control_msg error -71 req 04 val 1100 [ 1337.148391][T32096] pwc: recv_control_msg error -71 req 04 val 1200 [ 1337.341039][T32096] pwc: Registered as video103. [ 1337.353045][T32096] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input97 [ 1337.450280][T32096] usb 2-1: USB disconnect, device number 56 [ 1337.465919][T23242] netlink: 160 bytes leftover after parsing attributes in process `syz.4.22462'. [ 1337.533596][T23242] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 1337.682649][T23249] netlink: 57 bytes leftover after parsing attributes in process `syz.7.22464'. [ 1338.086190][T23260] sock: sock_timestamping_bind_phc: sock not bind to device [ 1338.197822][T23262] loop4: detected capacity change from 0 to 7 [ 1338.274718][T23262] loop4: [CUMANA/ADFS] p1 [ADFS] p1 [ 1338.341155][T23262] loop4: partition table partially beyond EOD, truncated [ 1338.398473][T23262] loop4: p1 size 2989602745 extends beyond EOD, truncated [ 1338.546144][T19570] udevd[19570]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 1338.780324][T23287] netlink: 'syz.7.22482': attribute type 13 has an invalid length. [ 1339.576518][T23326] netlink: 104 bytes leftover after parsing attributes in process `syz.4.22500'. [ 1340.170700][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 1340.170712][ T30] audit: type=1326 audit(1763520870.543:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23336 comm="syz.3.22508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1340.210823][ T30] audit: type=1326 audit(1763520870.583:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23336 comm="syz.3.22508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1340.235261][ T30] audit: type=1326 audit(1763520870.593:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23336 comm="syz.3.22508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1340.279011][ T30] audit: type=1326 audit(1763520870.593:1685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23336 comm="syz.3.22508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1340.327498][ T30] audit: type=1326 audit(1763520870.593:1686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23336 comm="syz.3.22508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1340.350903][ T30] audit: type=1326 audit(1763520870.593:1687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23336 comm="syz.3.22508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1340.379912][ T30] audit: type=1326 audit(1763520870.593:1688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23336 comm="syz.3.22508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1340.403615][ T30] audit: type=1326 audit(1763520870.593:1689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23336 comm="syz.3.22508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1340.429712][ T30] audit: type=1326 audit(1763520870.593:1690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23336 comm="syz.3.22508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1340.560095][ T30] audit: type=1326 audit(1763520870.593:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23336 comm="syz.3.22508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1340.870640][T23358] netlink: 'syz.5.22517': attribute type 4 has an invalid length. [ 1340.889545][T23358] netlink: 17 bytes leftover after parsing attributes in process `syz.5.22517'. [ 1341.587287][T23397] netlink: 8 bytes leftover after parsing attributes in process `syz.1.22534'. [ 1341.762068][T23403] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1341.895027][T23412] netlink: 'syz.7.22542': attribute type 6 has an invalid length. [ 1342.427180][T23438] netlink: 28 bytes leftover after parsing attributes in process `syz.1.22555'. [ 1342.456954][T23438] netlink: 28 bytes leftover after parsing attributes in process `syz.1.22555'. [ 1342.628453][T23449] input: syz1 as /devices/virtual/input/input98 [ 1343.040361][T23467] netlink: 8 bytes leftover after parsing attributes in process `syz.5.22568'. [ 1344.015030][T23494] netlink: 'syz.4.22580': attribute type 64 has an invalid length. [ 1344.022998][T23494] netlink: 5 bytes leftover after parsing attributes in process `syz.4.22580'. [ 1344.562840][T23519] netlink: 32 bytes leftover after parsing attributes in process `syz.1.22592'. [ 1345.172832][T23546] netlink: 32 bytes leftover after parsing attributes in process `syz.5.22605'. [ 1345.766133][T23568] binder: 23567:23568 ioctl c018620b 0 returned -14 [ 1346.560640][T23598] tipc: Enabling of bearer rejected, failed to enable media [ 1348.212478][T23661] netlink: 8 bytes leftover after parsing attributes in process `syz.1.22658'. [ 1349.584522][T12985] usb 2-1: new full-speed USB device number 57 using dummy_hcd [ 1349.604678][T13092] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1349.746632][T12985] usb 2-1: config 1 has an invalid interface number: 1 but max is 0 [ 1349.754829][T12985] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1349.765357][T12985] usb 2-1: config 1 has no interface number 0 [ 1349.771496][T12985] usb 2-1: too many endpoints for config 1 interface 1 altsetting 0: 253, using maximum allowed: 30 [ 1349.774698][T13092] usb 4-1: Using ep0 maxpacket: 8 [ 1349.782889][T12985] usb 2-1: config 1 interface 1 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1349.800866][T12985] usb 2-1: config 1 interface 1 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 253 [ 1349.817649][T13092] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1349.829037][T12985] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1349.834930][T13092] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1349.839187][T12985] usb 2-1: New USB device strings: Mfr=8, Product=0, SerialNumber=1 [ 1349.857519][T12985] usb 2-1: Manufacturer: syz [ 1349.862154][T12985] usb 2-1: SerialNumber: syz [ 1349.875424][T13092] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1349.892176][T13092] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1349.909371][T13092] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1349.939700][T13092] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1350.081348][T12985] usb 2-1: USB disconnect, device number 57 [ 1350.160447][T13092] usb 4-1: GET_CAPABILITIES returned 0 [ 1350.169160][T13092] usbtmc 4-1:16.0: can't read capabilities [ 1350.412825][T12985] usb 4-1: USB disconnect, device number 57 [ 1350.746437][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 1350.746454][ T30] audit: type=1326 audit(1763520881.123:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23767 comm="syz.5.22710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1350.779041][ T30] audit: type=1326 audit(1763520881.123:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23767 comm="syz.5.22710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1350.805110][ T30] audit: type=1326 audit(1763520881.123:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23767 comm="syz.5.22710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1350.828825][ T30] audit: type=1326 audit(1763520881.123:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23767 comm="syz.5.22710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1350.855988][ T30] audit: type=1326 audit(1763520881.123:1714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23767 comm="syz.5.22710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1350.880165][ T30] audit: type=1326 audit(1763520881.153:1715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23767 comm="syz.5.22710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1350.903445][ T30] audit: type=1326 audit(1763520881.153:1716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23767 comm="syz.5.22710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1350.929688][ T30] audit: type=1326 audit(1763520881.153:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23769 comm="syz.5.22710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa9ce9c1f85 code=0x7ffc0000 [ 1350.965387][T13092] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 1351.004531][ T30] audit: type=1326 audit(1763520881.183:1718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23767 comm="syz.5.22710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1351.028868][ T30] audit: type=1326 audit(1763520881.183:1719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23767 comm="syz.5.22710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1351.136354][T13092] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1351.151664][T13092] usb 2-1: config 0 has no interfaces? [ 1351.157765][T13092] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1351.170233][T13092] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1351.190428][T13092] usb 2-1: config 0 descriptor?? [ 1351.280485][T23787] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 1351.418845][T13092] usb 2-1: USB disconnect, device number 58 [ 1351.434572][ C1] ip6_tunnel: M xmit: Local address not yet configured! [ 1351.820185][T23811] binder: 23810:23811 ioctl c400941d 0 returned -22 [ 1354.927998][T23935] netlink: 'syz.3.22787': attribute type 1 has an invalid length. [ 1355.169560][T23947] netlink: 'syz.3.22791': attribute type 2 has an invalid length. [ 1356.031961][T23984] netlink: 12 bytes leftover after parsing attributes in process `syz.4.22811'. [ 1356.139002][T23992] netlink: 8 bytes leftover after parsing attributes in process `syz.3.22815'. [ 1356.946949][T24031] netlink: 8 bytes leftover after parsing attributes in process `syz.3.22833'. [ 1357.139332][T24039] netlink: 12 bytes leftover after parsing attributes in process `syz.3.22836'. [ 1357.218801][T24044] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 1357.225394][T24044] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1357.255266][T24044] vhci_hcd vhci_hcd.0: Device attached [ 1357.273649][T24053] netlink: 4 bytes leftover after parsing attributes in process `syz.3.22836'. [ 1357.283749][T24047] vhci_hcd: connection closed [ 1357.294922][T10245] vhci_hcd: stop threads [ 1357.315514][T10245] vhci_hcd: release socket [ 1357.320011][T10245] vhci_hcd: disconnect device [ 1357.423680][T24049] bond1: (slave geneve3): Enslaving as an active interface with an up link [ 1357.441559][T24053] bond1 (unregistering): (slave geneve3): Releasing backup interface [ 1357.536332][T24053] bond1 (unregistering): Released all slaves [ 1358.533367][T24110] netlink: 36 bytes leftover after parsing attributes in process `syz.3.22867'. [ 1359.026011][T24128] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1360.638974][T24203] syzkaller0: entered promiscuous mode [ 1360.664715][T24203] syzkaller0: entered allmulticast mode [ 1361.699478][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.706310][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1364.090075][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 1364.090094][ T30] audit: type=1326 audit(1763520894.463:1723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24314 comm="syz.5.22964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1364.151229][ T30] audit: type=1326 audit(1763520894.463:1724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24314 comm="syz.5.22964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1364.202229][ T30] audit: type=1326 audit(1763520894.463:1725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24314 comm="syz.5.22964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1364.293758][ T30] audit: type=1326 audit(1763520894.463:1726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24314 comm="syz.5.22964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1364.487314][T24334] binder: 24332:24334 ioctl c0306201 200000000440 returned -14 [ 1365.191578][T24372] netlink: 4 bytes leftover after parsing attributes in process `syz.7.22990'. [ 1365.211059][T24372] bridge_slave_1: left allmulticast mode [ 1365.218836][T24372] bridge_slave_1: left promiscuous mode [ 1365.264955][T24372] bridge0: port 2(bridge_slave_1) entered disabled state [ 1365.282738][T24372] bridge_slave_0: left allmulticast mode [ 1365.289880][T24372] bridge_slave_0: left promiscuous mode [ 1365.298161][T24372] bridge0: port 1(bridge_slave_0) entered disabled state [ 1365.378785][T24380] netlink: 36 bytes leftover after parsing attributes in process `syz.3.22994'. [ 1365.420610][T24380] netlink: 36 bytes leftover after parsing attributes in process `syz.3.22994'. [ 1366.120137][T24420] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23009'. [ 1366.961188][T24450] netlink: 20 bytes leftover after parsing attributes in process `syz.7.23021'. [ 1367.269671][T24456] netlink: 16 bytes leftover after parsing attributes in process `syz.5.23024'. [ 1367.958119][T24476] netlink: 308 bytes leftover after parsing attributes in process `syz.3.23033'. [ 1370.179787][T24531] netlink: 'syz.1.23059': attribute type 11 has an invalid length. [ 1370.824054][T24568] netlink: 4 bytes leftover after parsing attributes in process `syz.4.23077'. [ 1371.900884][T24613] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1372.764190][T24657] netlink: 68 bytes leftover after parsing attributes in process `syz.7.23119'. [ 1373.154465][T32096] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 1373.542488][T24677] binder: 24675:24677 ioctl c0306201 200000000440 returned -14 [ 1373.574685][T32096] usb 4-1: Using ep0 maxpacket: 8 [ 1373.581905][T32096] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1373.612809][T32096] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1373.687080][T32096] usb 4-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00 [ 1373.708776][T32096] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1373.735252][T32096] usb 4-1: config 0 descriptor?? [ 1374.165014][T32096] hid-multitouch 0003:0EEF:72C4.0027: unknown main item tag 0x0 [ 1374.197862][T32096] hid-multitouch 0003:0EEF:72C4.0027: unknown main item tag 0x0 [ 1374.226431][T32096] hid-multitouch 0003:0EEF:72C4.0027: unknown main item tag 0x0 [ 1374.251930][T32096] hid-multitouch 0003:0EEF:72C4.0027: unknown main item tag 0x0 [ 1374.270260][T32096] hid-multitouch 0003:0EEF:72C4.0027: unknown main item tag 0x0 [ 1374.291255][T32096] hid-multitouch 0003:0EEF:72C4.0027: hidraw0: USB HID v0.03 Device [HID 0eef:72c4] on usb-dummy_hcd.3-1/input0 [ 1374.364090][T32096] usb 4-1: USB disconnect, device number 58 [ 1374.537243][T24692] fido_id[24692]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 1375.713843][T24743] netlink: 28 bytes leftover after parsing attributes in process `syz.5.23156'. [ 1376.381725][T24772] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1377.010894][T24801] binder: 24800:24801 ioctl c0306201 200000000640 returned -22 [ 1377.046545][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1377.197356][T24804] netlink: 8 bytes leftover after parsing attributes in process `syz.1.23184'. [ 1378.814874][ T30] audit: type=1326 audit(1763520909.183:1727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24840 comm="syz.1.23200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x7ffc0000 [ 1378.881538][ T30] audit: type=1326 audit(1763520909.183:1728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24840 comm="syz.1.23200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x7ffc0000 [ 1378.974751][ T30] audit: type=1326 audit(1763520909.213:1729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24840 comm="syz.1.23200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efc9a12b789 code=0x7ffc0000 [ 1379.030041][ T30] audit: type=1326 audit(1763520909.213:1730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24840 comm="syz.1.23200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efc9a12b789 code=0x7ffc0000 [ 1379.118780][ T30] audit: type=1326 audit(1763520909.213:1731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24840 comm="syz.1.23200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x7ffc0000 [ 1379.215684][ T30] audit: type=1326 audit(1763520909.213:1732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24840 comm="syz.1.23200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x7ffc0000 [ 1379.298789][ T30] audit: type=1326 audit(1763520909.213:1733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24840 comm="syz.1.23200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efc9a12b789 code=0x7ffc0000 [ 1379.410818][ T30] audit: type=1326 audit(1763520909.213:1734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24840 comm="syz.1.23200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efc9a12b789 code=0x7ffc0000 [ 1379.521289][ T30] audit: type=1326 audit(1763520909.213:1735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24840 comm="syz.1.23200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x7ffc0000 [ 1379.594744][T24874] fuse: Bad value for 'fd' [ 1379.646616][ T30] audit: type=1326 audit(1763520909.213:1736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24840 comm="syz.1.23200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efc9a12b789 code=0x7ffc0000 [ 1382.815448][T24991] netlink: 'syz.1.23273': attribute type 10 has an invalid length. [ 1382.836966][T24991] netlink: 40 bytes leftover after parsing attributes in process `syz.1.23273'. [ 1382.862395][T24991] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1385.537672][T25078] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23313'. [ 1385.549324][T25078] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23313'. [ 1385.591675][ T44] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1385.602890][ T2919] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1385.607154][T25078] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23313'. [ 1385.621642][T25078] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23313'. [ 1385.631897][ T2919] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1385.654397][ T2919] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1387.942761][T25189] netlink: 9 bytes leftover after parsing attributes in process `syz.5.23366'. [ 1387.955241][T25189] gretap0: entered promiscuous mode [ 1387.960496][T25189] gretap0: left allmulticast mode [ 1389.100959][T25245] futex_wake_op: syz.1.23391 tries to shift op by 32; fix this program [ 1389.278846][T25255] netlink: 8 bytes leftover after parsing attributes in process `syz.7.23397'. [ 1389.381336][T25258] pim6reg1: entered promiscuous mode [ 1389.386993][T25258] pim6reg1: entered allmulticast mode [ 1389.441892][T25260] netlink: 'syz.5.23399': attribute type 4 has an invalid length. [ 1389.826591][T25278] netlink: 20 bytes leftover after parsing attributes in process `syz.4.23405'. [ 1389.858233][T25278] netlink: 20 bytes leftover after parsing attributes in process `syz.4.23405'. [ 1389.931488][T25282] netlink: 232 bytes leftover after parsing attributes in process `syz.1.23409'. [ 1390.101573][T25288] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1390.456303][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 1390.456322][ T30] audit: type=1326 audit(1763520920.803:1759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25301 comm="syz.4.23418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5767f8f6c9 code=0x7ffc0000 [ 1390.469255][T25306] netlink: 8 bytes leftover after parsing attributes in process `syz.1.23421'. [ 1390.534490][ T30] audit: type=1326 audit(1763520920.803:1760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25301 comm="syz.4.23418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5767f8f6c9 code=0x7ffc0000 [ 1390.614701][ T30] audit: type=1326 audit(1763520920.803:1761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25301 comm="syz.4.23418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5767f8f6c9 code=0x7ffc0000 [ 1390.664377][ T30] audit: type=1326 audit(1763520920.803:1762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25301 comm="syz.4.23418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5767f8f6c9 code=0x7ffc0000 [ 1390.724075][ T30] audit: type=1326 audit(1763520920.803:1763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25301 comm="syz.4.23418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5767f8f6c9 code=0x7ffc0000 [ 1390.748975][ T30] audit: type=1326 audit(1763520920.803:1764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25301 comm="syz.4.23418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5767f8f6c9 code=0x7ffc0000 [ 1390.772343][ T30] audit: type=1326 audit(1763520920.803:1765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25301 comm="syz.4.23418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5767f8f6c9 code=0x7ffc0000 [ 1390.775142][ T5889] usb 4-1: new full-speed USB device number 59 using dummy_hcd [ 1390.854617][T25319] netlink: 12 bytes leftover after parsing attributes in process `syz.7.23426'. [ 1390.858208][ T30] audit: type=1326 audit(1763520920.803:1766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25301 comm="syz.4.23418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f5767f8f6c9 code=0x7ffc0000 [ 1390.956019][ T30] audit: type=1326 audit(1763520920.803:1767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25301 comm="syz.4.23418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5767f8f6c9 code=0x7ffc0000 [ 1390.979380][ T30] audit: type=1326 audit(1763520920.803:1768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25301 comm="syz.4.23418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f5767f8f6c9 code=0x7ffc0000 [ 1391.028305][ T5889] usb 4-1: config 1 has an invalid interface number: 105 but max is 0 [ 1391.068811][ T5889] usb 4-1: config 1 has no interface number 0 [ 1391.096899][ T5889] usb 4-1: config 1 interface 105 has no altsetting 0 [ 1391.135604][ T5889] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1391.175411][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1391.196121][ T5889] usb 4-1: Product: syz [ 1391.209248][ T5889] usb 4-1: Manufacturer: syz [ 1391.224214][ T5889] usb 4-1: SerialNumber: syz [ 1391.461993][ T5889] aqc111 4-1:1.105: probe with driver aqc111 failed with error -71 [ 1391.510982][ T5889] usb 4-1: USB disconnect, device number 59 [ 1391.655308][T25343] x_tables: duplicate entry at hook 2 [ 1391.909215][T25354] netlink: 6 bytes leftover after parsing attributes in process `syz.5.23443'. [ 1391.940253][T25354] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1392.182402][T25372] netlink: 8 bytes leftover after parsing attributes in process `syz.7.23450'. [ 1392.216504][T25372] erspan0: default FDB implementation only supports local addresses [ 1393.254363][ T5889] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 1393.424847][ T5889] usb 6-1: Using ep0 maxpacket: 32 [ 1393.450962][ T5889] usb 6-1: config 0 has an invalid interface number: 12 but max is 0 [ 1393.464395][ T5889] usb 6-1: config 0 has no interface number 0 [ 1393.476433][ T5889] usb 6-1: config 0 interface 12 has no altsetting 0 [ 1393.486909][ T5889] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1393.501805][ T5889] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1393.525609][ T5889] usb 6-1: Product: syz [ 1393.529833][ T5889] usb 6-1: Manufacturer: syz [ 1393.542931][ T5889] usb 6-1: SerialNumber: syz [ 1393.561283][ T5889] usb 6-1: config 0 descriptor?? [ 1394.905960][T25499] IPv6: A: Disabled Multicast RS [ 1396.009892][ T5889] f81534 6-1:0.12: f81534_set_register: reg: 1003 data: b8 failed: -71 [ 1396.027342][ T5889] f81534 6-1:0.12: f81534_find_config_idx: read failed: -71 [ 1396.049596][ T5889] f81534 6-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 1396.078129][ T5889] f81534 6-1:0.12: probe with driver f81534 failed with error -71 [ 1396.102242][ T5889] usb 6-1: USB disconnect, device number 36 [ 1396.404886][T25531] netlink: 24 bytes leftover after parsing attributes in process `syz.3.23522'. [ 1396.767000][T25545] netlink: 132 bytes leftover after parsing attributes in process `syz.4.23527'. [ 1396.878035][T25548] netlink: 28 bytes leftover after parsing attributes in process `syz.1.23529'. [ 1397.043723][T25555] netlink: 'syz.1.23532': attribute type 4 has an invalid length. [ 1397.519678][T25573] netlink: 116 bytes leftover after parsing attributes in process `syz.1.23541'. [ 1397.559297][T25571] lo: Caught tx_queue_len zero misconfig [ 1397.733375][T25575] trusted_key: encrypted_key: insufficient parameters specified [ 1398.589871][T25617] netlink: 'syz.4.23561': attribute type 11 has an invalid length. [ 1398.733406][T25623] xt_CONNSECMARK: invalid mode: 0 [ 1398.916633][T25634] netlink: 56 bytes leftover after parsing attributes in process `syz.5.23569'. [ 1399.733688][T25685] fuse: Bad value for 'fd' [ 1399.940009][T25647] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1400.067220][T25692] netlink: 72 bytes leftover after parsing attributes in process `syz.1.23597'. [ 1400.636492][T25720] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1401.091769][ T3017] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1401.105522][ T3017] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1401.275984][ T628] Bluetooth: hci1: command 0x0c1a tx timeout [ 1401.715057][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1401.715080][ T30] audit: type=1326 audit(1763520932.073:1770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25770 comm="syz.1.23635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x50000 [ 1401.747210][ T30] audit: type=1326 audit(1763520932.073:1771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25770 comm="syz.1.23635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x50000 [ 1401.778455][ T30] audit: type=1326 audit(1763520932.073:1772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25770 comm="syz.1.23635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x50000 [ 1401.833365][T25773] netlink: 32 bytes leftover after parsing attributes in process `syz.7.23636'. [ 1401.856672][ T30] audit: type=1326 audit(1763520932.073:1773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25770 comm="syz.1.23635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x50000 [ 1401.912023][ T30] audit: type=1326 audit(1763520932.073:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25770 comm="syz.1.23635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x50000 [ 1401.985664][ T30] audit: type=1326 audit(1763520932.073:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25770 comm="syz.1.23635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x50000 [ 1402.034727][ T30] audit: type=1326 audit(1763520932.073:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25770 comm="syz.1.23635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x50000 [ 1402.104575][ T30] audit: type=1326 audit(1763520932.073:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25770 comm="syz.1.23635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x50000 [ 1402.164897][ T30] audit: type=1326 audit(1763520932.073:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25770 comm="syz.1.23635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x50000 [ 1402.198146][T25789] futex_wake_op: syz.4.23644 tries to shift op by -1; fix this program [ 1402.223232][ T30] audit: type=1326 audit(1763520932.073:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25770 comm="syz.1.23635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x50000 [ 1402.339500][T25793] netlink: 'syz.3.23646': attribute type 10 has an invalid length. [ 1402.367276][T25793] netlink: 40 bytes leftover after parsing attributes in process `syz.3.23646'. [ 1405.248901][T25910] kvm: apic: phys broadcast and lowest prio [ 1405.790161][T25940] netlink: 5 bytes leftover after parsing attributes in process `syz.1.23716'. [ 1407.751319][T26006] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23743'. [ 1409.449051][T26088] sit0: entered promiscuous mode [ 1409.468925][T26088] netlink: 'syz.3.23783': attribute type 1 has an invalid length. [ 1409.489511][T26088] netlink: 1 bytes leftover after parsing attributes in process `syz.3.23783'. [ 1410.198427][T26115] syzkaller0: Caught tx_queue_len zero misconfig [ 1410.853719][T26137] netlink: 4 bytes leftover after parsing attributes in process `syz.7.23804'. [ 1411.091659][T26154] netlink: 4 bytes leftover after parsing attributes in process `syz.4.23813'. [ 1411.251791][T26162] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1411.283038][ T30] kauditd_printk_skb: 3770 callbacks suppressed [ 1411.283057][ T30] audit: type=1326 audit(1763520941.653:5550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26160 comm="syz.5.23817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7fc00000 [ 1412.147035][ T30] audit: type=1326 audit(1763520942.523:5551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26160 comm="syz.5.23817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa9ce98f6c9 code=0x7fc00000 [ 1413.548582][T26233] misc userio: Invalid payload size [ 1413.607430][T26235] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1415.407204][T26317] netlink: 'syz.1.23890': attribute type 17 has an invalid length. [ 1415.480973][T26322] netlink: 'syz.5.23893': attribute type 1 has an invalid length. [ 1415.601896][T26322] netlink: 4 bytes leftover after parsing attributes in process `syz.5.23893'. [ 1415.668240][T26324] bond1: (slave veth9): Enslaving as an active interface with a down link [ 1415.697762][T26322] bond1 (unregistering): (slave veth9): Releasing active interface [ 1415.731281][T26322] bond1 (unregistering): Released all slaves [ 1415.762780][T26332] netlink: 20 bytes leftover after parsing attributes in process `syz.1.23897'. [ 1416.489902][T26359] binder: 26356:26359 ioctl c0306201 200000000940 returned -22 [ 1418.750498][T26436] @: renamed from vlan0 [ 1418.773332][T26436] tipc: Disabling bearer [ 1419.618989][T26471] netlink: 408 bytes leftover after parsing attributes in process `syz.3.23961'. [ 1419.648817][T26471] netlink: 12 bytes leftover after parsing attributes in process `syz.3.23961'. [ 1419.688385][T26471] netlink: 40 bytes leftover after parsing attributes in process `syz.3.23961'. [ 1419.868338][T26487] netlink: 68 bytes leftover after parsing attributes in process `syz.4.23969'. [ 1420.657918][T26510] netem: change failed [ 1421.297481][T26532] netlink: 72 bytes leftover after parsing attributes in process `syz.7.23987'. [ 1421.405517][T26538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.23991'. [ 1421.658475][T26548] netlink: 'syz.7.23995': attribute type 1 has an invalid length. [ 1421.803517][T26548] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1421.989966][ T30] audit: type=1800 audit(1763520952.363:5552): pid=26563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.24003" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1422.553324][T26592] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24015'. [ 1422.562788][T26592] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24015'. [ 1423.119751][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.126429][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.677012][T26635] netlink: 12 bytes leftover after parsing attributes in process `syz.7.24036'. [ 1424.265084][T26661] input: syz0 as /devices/virtual/input/input101 [ 1424.418163][T26666] netlink: 44 bytes leftover after parsing attributes in process `syz.3.24051'. [ 1424.477561][T26666] netlink: 51 bytes leftover after parsing attributes in process `syz.3.24051'. [ 1424.515866][T26666] netlink: 'syz.3.24051': attribute type 4 has an invalid length. [ 1425.095168][T26682] fuse: Bad value for 'fd' [ 1425.977704][T26703] netlink: 96 bytes leftover after parsing attributes in process `syz.5.24068'. [ 1426.229791][ T30] audit: type=1800 audit(1763520956.603:5553): pid=26689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.24062" name="bus" dev="ramfs" ino=278296 res=0 errno=0 [ 1427.304208][T26735] netlink: 96 bytes leftover after parsing attributes in process `syz.3.24084'. [ 1428.126828][T26759] netlink: 12 bytes leftover after parsing attributes in process `syz.3.24093'. [ 1432.482018][T26871] netlink: 388 bytes leftover after parsing attributes in process `syz.5.24142'. [ 1432.762303][T26882] netlink: 36 bytes leftover after parsing attributes in process `syz.5.24149'. [ 1432.786421][T26882] netlink: 36 bytes leftover after parsing attributes in process `syz.5.24149'. [ 1433.411537][T26912] netlink: 132 bytes leftover after parsing attributes in process `syz.7.24159'. [ 1434.519058][T26969] TCP: TCP_TX_DELAY enabled [ 1434.933995][T26996] netlink: 'syz.3.24199': attribute type 4 has an invalid length. [ 1434.939365][T26993] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1434.948951][T26993] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1435.817334][T27034] x_tables: duplicate underflow at hook 1 [ 1436.291532][T27062] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24232'. [ 1436.818274][T27089] netlink: 12 bytes leftover after parsing attributes in process `syz.7.24241'. [ 1437.426174][T27120] netlink: 'syz.3.24257': attribute type 16 has an invalid length. [ 1437.437054][T27120] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.24257'. [ 1437.805211][T27140] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1439.232480][T27178] netlink: 'syz.7.24285': attribute type 13 has an invalid length. [ 1441.174353][T32096] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 1441.329916][T32096] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1441.339441][T32096] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1441.349045][T32096] usb 4-1: Product: syz [ 1441.353517][T32096] usb 4-1: Manufacturer: syz [ 1441.359012][T32096] usb 4-1: SerialNumber: syz [ 1441.784990][T32096] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1441.797044][T32096] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 1442.137532][T27268] netlink: 'syz.4.24326': attribute type 13 has an invalid length. [ 1442.213969][T27271] netlink: 4 bytes leftover after parsing attributes in process `syz.5.24327'. [ 1442.464882][T13092] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1442.575830][T13092] ip6_tunnel: M xmit: Local address not yet configured! [ 1442.985220][T13092] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1443.013779][T32096] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 1443.031053][T32096] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPIPE [ 1443.244369][T32096] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000118. ret = -EPROTO [ 1443.260106][T32096] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1443.270324][T32096] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1443.310704][T32096] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 1443.341382][T32096] usb 4-1: USB disconnect, device number 60 [ 1443.394650][T13092] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 1443.513150][T27318] netlink: 12 bytes leftover after parsing attributes in process `syz.7.24349'. [ 1443.525819][ T5889] ip6_tunnel: M xmit: Local address not yet configured! [ 1443.556286][T13092] usb 2-1: config 0 interface 0 altsetting 10 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1443.567610][T13092] usb 2-1: config 0 interface 0 altsetting 10 endpoint 0xB has invalid wMaxPacketSize 0 [ 1443.578515][T27321] netlink: 12 bytes leftover after parsing attributes in process `syz.7.24349'. [ 1443.578574][T13092] usb 2-1: config 0 interface 0 altsetting 10 bulk endpoint 0xB has invalid maxpacket 0 [ 1443.599163][T13092] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1443.614928][T13092] usb 2-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=4c.b3 [ 1443.624319][T13092] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1443.632330][T13092] usb 2-1: Product: syz [ 1443.637112][T13092] usb 2-1: Manufacturer: syz [ 1443.641736][T13092] usb 2-1: SerialNumber: syz [ 1443.649911][T13092] usb 2-1: config 0 descriptor?? [ 1443.662265][T13092] ir_toy 2-1:0.0: required endpoints not found [ 1443.866672][T27329] netlink: 12 bytes leftover after parsing attributes in process `syz.7.24353'. [ 1444.538168][T27359] netlink: 16 bytes leftover after parsing attributes in process `syz.5.24365'. [ 1445.208517][T27388] binder: 27387:27388 ioctl c018620c 200000000000 returned -1 [ 1445.800821][ T30] audit: type=1326 audit(1763520976.173:5554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27400 comm="syz.5.24387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1445.828304][ T30] audit: type=1326 audit(1763520976.203:5555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27400 comm="syz.5.24387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1445.854087][ T30] audit: type=1326 audit(1763520976.233:5556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27400 comm="syz.5.24387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1445.879943][ T30] audit: type=1326 audit(1763520976.253:5557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27400 comm="syz.5.24387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1446.155441][T13092] usb 2-1: USB disconnect, device number 59 [ 1446.297269][T27422] netlink: 324 bytes leftover after parsing attributes in process `syz.5.24397'. [ 1448.178095][T27490] netlink: 'syz.1.24430': attribute type 13 has an invalid length. [ 1448.346760][T27477] fuse: Unknown parameter '0x0000000000000005' [ 1448.427538][ T30] audit: type=1326 audit(1763520978.773:5558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27496 comm="syz.1.24433" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efc9a18f6c9 code=0x0 [ 1448.534464][T32096] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 1448.684641][T32096] usb 4-1: Using ep0 maxpacket: 32 [ 1448.691920][T32096] usb 4-1: config 0 has an invalid interface number: 196 but max is 0 [ 1448.700938][T32096] usb 4-1: config 0 has no interface number 0 [ 1448.709314][T32096] usb 4-1: config 0 interface 196 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 1448.722493][T32096] usb 4-1: config 0 interface 196 has no altsetting 0 [ 1448.732856][T32096] usb 4-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 1448.742500][T32096] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1448.751220][T32096] usb 4-1: Product: syz [ 1448.755844][T32096] usb 4-1: Manufacturer: syz [ 1448.760458][T32096] usb 4-1: SerialNumber: syz [ 1448.768639][T32096] usb 4-1: config 0 descriptor?? [ 1448.990762][T32096] ipheth 4-1:0.196: Unable to find endpoints [ 1449.003285][T32096] usb 4-1: USB disconnect, device number 61 [ 1449.787230][T27549] netlink: 96 bytes leftover after parsing attributes in process `syz.5.24454'. [ 1450.072862][T27567] netlink: 68 bytes leftover after parsing attributes in process `syz.1.24467'. [ 1451.061404][T27607] netlink: 'syz.3.24485': attribute type 17 has an invalid length. [ 1451.386754][T27582] fuse: Bad value for 'fd' [ 1452.100250][T27664] netlink: 272 bytes leftover after parsing attributes in process `syz.3.24510'. [ 1453.736198][T27724] netlink: 16 bytes leftover after parsing attributes in process `syz.3.24538'. [ 1454.115219][T27735] netlink: 56 bytes leftover after parsing attributes in process `syz.3.24545'. [ 1454.315706][T27745] fuse: Bad value for 'group_id' [ 1454.320703][T27745] fuse: Bad value for 'group_id' [ 1454.389004][T27747] netlink: 28 bytes leftover after parsing attributes in process `syz.7.24549'. [ 1454.473168][T27747] netlink: 28 bytes leftover after parsing attributes in process `syz.7.24549'. [ 1454.629045][T27758] ip_vti0: left allmulticast mode [ 1454.641904][T27758] netlink: 148 bytes leftover after parsing attributes in process `syz.5.24555'. [ 1454.675975][T27758] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 1455.311450][T27788] netlink: 156 bytes leftover after parsing attributes in process `syz.7.24568'. [ 1455.386665][T12985] usb 6-1: new full-speed USB device number 37 using dummy_hcd [ 1455.548550][T12985] usb 6-1: config 0 has an invalid interface number: 231 but max is 0 [ 1455.557279][T12985] usb 6-1: config 0 has no interface number 0 [ 1455.563417][T12985] usb 6-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1455.604390][T12985] usb 6-1: config 0 interface 231 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1455.629679][T12985] usb 6-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 1455.642254][T12985] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1455.650759][T12985] usb 6-1: Product: syz [ 1455.664337][T12985] usb 6-1: Manufacturer: syz [ 1455.669021][T12985] usb 6-1: SerialNumber: syz [ 1455.683996][T12985] usb 6-1: config 0 descriptor?? [ 1455.690940][T27774] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1455.712857][T12985] plusb 6-1:0.231: probe with driver plusb failed with error -22 [ 1455.978023][T13092] usb 6-1: USB disconnect, device number 37 [ 1456.386107][T27848] netlink: 328 bytes leftover after parsing attributes in process `syz.1.24597'. [ 1456.870936][T27878] input: syz1 as /devices/virtual/input/input103 [ 1457.560792][T27916] netlink: 'syz.5.24629': attribute type 7 has an invalid length. [ 1457.599387][T27914] netlink: 16 bytes leftover after parsing attributes in process `syz.4.24628'. [ 1458.954661][ C1] ip6_tunnel: M xmit: Local address not yet configured! [ 1460.274507][T32096] usb 2-1: new full-speed USB device number 60 using dummy_hcd [ 1460.426523][T32096] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1460.437795][T32096] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1460.447248][T32096] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1460.458651][T32096] usb 2-1: config 0 descriptor?? [ 1460.465447][T28029] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1460.685329][T32096] usbhid 2-1:0.0: can't add hid device: -71 [ 1460.691430][T32096] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1460.702504][T32096] usb 2-1: USB disconnect, device number 60 [ 1462.248373][T28132] netlink: 68 bytes leftover after parsing attributes in process `syz.3.24728'. [ 1462.918322][T28172] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24747'. [ 1464.183352][T28239] kvm: user requested TSC rate below hardware speed [ 1464.269436][T28244] netlink: 72 bytes leftover after parsing attributes in process `syz.4.24780'. [ 1467.870184][T28410] loop5: detected capacity change from 0 to 7 [ 1468.114631][T28410] Dev loop5: unable to read RDB block 7 [ 1468.193047][T28410] loop5: unable to read partition table [ 1468.232594][T28410] loop5: partition table beyond EOD, truncated [ 1468.340810][T28410] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 1469.276742][T28471] lo: Caught tx_queue_len zero misconfig [ 1469.314743][T28471] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1470.070267][T28503] pim6reg1: entered promiscuous mode [ 1470.076137][T28503] pim6reg1: entered allmulticast mode [ 1470.163741][ T30] audit: type=1326 audit(1763521000.533:5559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28508 comm="syz.3.24906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1470.214897][ T30] audit: type=1326 audit(1763521000.573:5560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28508 comm="syz.3.24906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1470.242030][ T30] audit: type=1326 audit(1763521000.573:5561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28508 comm="syz.3.24906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1470.265981][ T30] audit: type=1326 audit(1763521000.573:5562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28508 comm="syz.3.24906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1470.294657][ T30] audit: type=1326 audit(1763521000.573:5563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28508 comm="syz.3.24906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1470.321167][ T30] audit: type=1326 audit(1763521000.573:5564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28508 comm="syz.3.24906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1470.346616][ T30] audit: type=1326 audit(1763521000.573:5565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28508 comm="syz.3.24906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1470.930210][T28546] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1472.041474][T28585] fuse: Bad value for 'fd' [ 1472.124582][T13092] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 1472.294602][T13092] usb 4-1: Using ep0 maxpacket: 32 [ 1472.302537][T13092] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1472.312748][T13092] usb 4-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 1472.322568][T13092] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1472.349059][T28595] netlink: 24 bytes leftover after parsing attributes in process `syz.1.24944'. [ 1472.352450][T13092] usb 4-1: config 0 descriptor?? [ 1472.577258][T28579] netlink: 20 bytes leftover after parsing attributes in process `syz.3.24938'. [ 1472.586995][T28579] netlink: 32 bytes leftover after parsing attributes in process `syz.3.24938'. [ 1472.596888][T28579] tc_dump_action: action bad kind [ 1472.619974][T13092] usbhid 4-1:0.0: can't add hid device: -71 [ 1472.644953][T13092] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1472.662015][T13092] usb 4-1: USB disconnect, device number 62 [ 1473.106434][T28610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1473.615635][T32096] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 1473.774333][T32096] usb 6-1: Using ep0 maxpacket: 8 [ 1473.781887][T32096] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1473.810932][T32096] usb 6-1: config 2 has an invalid interface number: 184 but max is 0 [ 1473.824816][T32096] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1473.836687][T32096] usb 6-1: config 2 has no interface number 0 [ 1473.842916][T32096] usb 6-1: config 2 interface 184 altsetting 200 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 1473.868451][T32096] usb 6-1: config 2 interface 184 altsetting 200 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1473.883282][T32096] usb 6-1: config 2 interface 184 has no altsetting 0 [ 1473.893815][T32096] usb 6-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 2.2c [ 1473.903302][T32096] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1473.913753][T32096] usb 6-1: Product: syz [ 1473.922295][T32096] usb 6-1: Manufacturer: syz [ 1473.927538][T32096] usb 6-1: SerialNumber: syz [ 1474.011997][T28645] netlink: 'syz.3.24970': attribute type 11 has an invalid length. [ 1474.021133][T28645] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.24970'. [ 1474.150319][T32096] usb-storage 6-1:2.184: USB Mass Storage device detected [ 1474.190257][T32096] usb-storage 6-1:2.184: Quirks match for vid 054c pid 002e: 1 [ 1474.243413][T32096] usb 6-1: USB disconnect, device number 38 [ 1474.894337][ T5889] usb 4-1: new low-speed USB device number 63 using dummy_hcd [ 1475.045966][ T5889] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1475.067368][ T5889] usb 4-1: config 0 has no interfaces? [ 1475.078601][ T5889] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1475.088290][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1475.099366][ T5889] usb 4-1: config 0 descriptor?? [ 1475.315705][ T5889] usb 4-1: USB disconnect, device number 63 [ 1475.543888][T28713] netlink: 12 bytes leftover after parsing attributes in process `syz.1.24999'. [ 1476.529818][T12985] hid-generic 0000:0000:0000.0028: unknown main item tag 0x0 [ 1476.539408][T12985] hid-generic 0000:0000:0000.0028: unknown main item tag 0x0 [ 1476.552017][T12985] hid-generic 0000:0000:0000.0028: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1476.652439][T28768] fido_id[28768]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1476.713643][T28774] netlink: 8 bytes leftover after parsing attributes in process `syz.5.25026'. [ 1477.455508][T28812] random: crng reseeded on system resumption [ 1477.923590][T28835] x_tables: duplicate underflow at hook 2 [ 1478.032945][T28838] trusted_key: encrypted_key: master key parameter is missing [ 1478.563515][T28871] netlink: 12 bytes leftover after parsing attributes in process `syz.3.25074'. [ 1479.432565][T28901] x_tables: duplicate underflow at hook 1 [ 1479.810971][ T30] audit: type=1326 audit(1763521010.183:5566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28915 comm="syz.5.25096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1479.868519][ T30] audit: type=1326 audit(1763521010.183:5567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28915 comm="syz.5.25096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1479.891888][T28922] netlink: 252 bytes leftover after parsing attributes in process `syz.3.25098'. [ 1479.905313][ T30] audit: type=1326 audit(1763521010.183:5568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28915 comm="syz.5.25096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1479.928753][ T30] audit: type=1326 audit(1763521010.203:5569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28920 comm="syz.5.25096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa9ce9c1f85 code=0x7ffc0000 [ 1479.952271][ T30] audit: type=1326 audit(1763521010.203:5570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28915 comm="syz.5.25096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1479.978550][ T30] audit: type=1326 audit(1763521010.203:5571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28915 comm="syz.5.25096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1480.011462][ T30] audit: type=1326 audit(1763521010.383:5572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28920 comm="syz.5.25096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1482.228780][T28938] syz.3.25100 (28938): drop_caches: 1 [ 1482.551297][T28962] netlink: 12 bytes leftover after parsing attributes in process `syz.3.25115'. [ 1482.913484][T28981] netlink: 'syz.1.25121': attribute type 19 has an invalid length. [ 1483.574436][T32096] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 1483.726252][T32096] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1483.737446][T32096] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 1483.747122][T32096] usb 4-1: config 220 interface 0 has no altsetting 0 [ 1483.758634][T32096] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1483.769773][T32096] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1483.778498][T32096] usb 4-1: Product: syz [ 1483.783396][T32096] usb 4-1: Manufacturer: syz [ 1483.789026][T32096] usb 4-1: SerialNumber: syz [ 1484.082177][T29030] netlink: 16 bytes leftover after parsing attributes in process `syz.1.25146'. [ 1484.152944][T29036] netlink: 'syz.4.25148': attribute type 4 has an invalid length. [ 1484.178516][T32096] usb 4-1: USB disconnect, device number 64 [ 1484.529086][T29048] netlink: 84 bytes leftover after parsing attributes in process `syz.5.25154'. [ 1484.558084][T29048] netlink: 16 bytes leftover after parsing attributes in process `syz.5.25154'. [ 1484.562670][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.573854][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1487.793849][T29159] netlink: 28 bytes leftover after parsing attributes in process `syz.5.25202'. [ 1487.817796][T29159] syzkaller1: entered promiscuous mode [ 1487.826816][T29159] syzkaller1: entered allmulticast mode [ 1490.143826][T29266] netlink: 96 bytes leftover after parsing attributes in process `syz.5.25250'. [ 1490.285700][T29274] netlink: 12 bytes leftover after parsing attributes in process `syz.3.25255'. [ 1490.427206][T29281] netlink: 52 bytes leftover after parsing attributes in process `syz.3.25258'. [ 1490.436536][T29281] netlink: 52 bytes leftover after parsing attributes in process `syz.3.25258'. [ 1490.516627][T29281] netlink: 52 bytes leftover after parsing attributes in process `syz.3.25258'. [ 1490.526237][T29281] netlink: 52 bytes leftover after parsing attributes in process `syz.3.25258'. [ 1490.629577][T29281] netlink: 52 bytes leftover after parsing attributes in process `syz.3.25258'. [ 1490.645051][T29281] netlink: 52 bytes leftover after parsing attributes in process `syz.3.25258'. [ 1490.896342][T29302] binder: 29301:29302 ioctl 4018620d 0 returned -22 [ 1491.038021][T32096] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1491.058270][T32096] ip6_tunnel: M xmit: Local address not yet configured! [ 1491.250308][T29319] netlink: 100 bytes leftover after parsing attributes in process `syz.4.25274'. [ 1491.260349][T32096] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1491.585120][T32096] ip6_tunnel: M xmit: Local address not yet configured! [ 1492.403679][T29379] netlink: 44 bytes leftover after parsing attributes in process `syz.3.25302'. [ 1492.416844][T29379] netlink: 'syz.3.25302': attribute type 5 has an invalid length. [ 1492.822876][ T30] audit: type=1326 audit(1763521023.193:5573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29344 comm="syz.7.25288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52aa58f6c9 code=0x7fc00000 [ 1495.515376][ T30] audit: type=1326 audit(1763521025.883:5574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29488 comm="syz.5.25351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1495.538844][ T30] audit: type=1326 audit(1763521025.883:5575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29488 comm="syz.5.25351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1495.562525][ T30] audit: type=1326 audit(1763521025.893:5576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29488 comm="syz.5.25351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1495.601611][ T30] audit: type=1326 audit(1763521025.893:5577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29488 comm="syz.5.25351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1495.624759][ T30] audit: type=1326 audit(1763521025.943:5578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29488 comm="syz.5.25351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1496.339984][ T30] audit: type=1326 audit(1763521026.713:5579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29488 comm="syz.5.25351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1497.248223][T29546] __nla_validate_parse: 4 callbacks suppressed [ 1497.248245][T29546] netlink: 8 bytes leftover after parsing attributes in process `syz.7.25376'. [ 1497.266772][T29550] misc userio: No port type given on /dev/userio [ 1497.311216][T29546] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1497.327811][T29546] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1497.406882][T29546] bond0: (slave batadv0): Releasing backup interface [ 1497.435278][T29546] batadv0 (unregistering): left promiscuous mode [ 1497.441689][T29546] batadv0 (unregistering): left allmulticast mode [ 1497.554997][T12985] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 1497.714513][T12985] usb 6-1: Using ep0 maxpacket: 32 [ 1497.744641][T12985] usb 6-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1497.774400][T12985] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1497.781075][T12985] usb 6-1: New USB device found, idVendor=0c70, idProduct=f00e, bcdDevice= 0.00 [ 1497.792753][T12985] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1497.803911][T12985] usb 6-1: config 0 descriptor?? [ 1498.297751][T12985] aquacomputer_d5next 0003:0C70:F00E.0029: hidraw0: USB HID v4.06 Device [HID 0c70:f00e] on usb-dummy_hcd.5-1/input0 [ 1498.777865][T29554] dvmrp8: entered allmulticast mode [ 1498.800870][T29554] dvmrp8: left allmulticast mode [ 1498.870596][T29625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1498.892635][T29625] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1498.930554][T12985] usb 6-1: USB disconnect, device number 39 [ 1500.525079][T29701] netlink: 52 bytes leftover after parsing attributes in process `syz.7.25450'. [ 1500.937122][T29716] syzkaller0: entered promiscuous mode [ 1500.942732][T29716] syzkaller0: entered allmulticast mode [ 1502.773519][T29778] netlink: 84 bytes leftover after parsing attributes in process `syz.3.25489'. [ 1503.257364][T29801] netlink: 4 bytes leftover after parsing attributes in process `syz.7.25498'. [ 1503.917185][T29825] netlink: 'syz.5.25507': attribute type 4 has an invalid length. [ 1503.941311][T29830] netlink: 72 bytes leftover after parsing attributes in process `syz.3.25511'. [ 1503.995929][T29825] netlink: 'syz.5.25507': attribute type 5 has an invalid length. [ 1504.006199][T29825] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.25507'. [ 1504.376195][T29848] netlink: 72 bytes leftover after parsing attributes in process `syz.1.25518'. [ 1504.578888][T29859] netlink: 40 bytes leftover after parsing attributes in process `syz.3.25525'. [ 1504.923527][T29870] syzkaller0: Caught tx_queue_len zero misconfig [ 1505.549192][T29894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1505.677770][T13092] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 1505.690400][T13092] hid-generic 0000:0000:0000.002A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1505.776344][T29904] fido_id[29904]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1506.087606][ T30] audit: type=1326 audit(1763521036.463:5580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29902 comm="syz.3.25544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1506.134696][ T30] audit: type=1326 audit(1763521036.463:5581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29902 comm="syz.3.25544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1506.184354][ T30] audit: type=1326 audit(1763521036.503:5582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29902 comm="syz.3.25544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1506.216810][ T30] audit: type=1326 audit(1763521036.513:5583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29902 comm="syz.3.25544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1506.903975][T29931] netlink: 52 bytes leftover after parsing attributes in process `syz.7.25554'. [ 1507.217260][T29940] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1507.781002][T29960] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1508.402827][T29980] netlink: 8 bytes leftover after parsing attributes in process `syz.5.25573'. [ 1508.927460][T29990] kernel read not supported for file /cpuacct.usage_percpu (pid: 29990 comm: syz.7.25584) [ 1508.968813][ T30] audit: type=1800 audit(1763521039.343:5584): pid=29990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.25584" name="cpuacct.usage_percpu" dev="mqueue" ino=298040 res=0 errno=0 [ 1509.251371][T29988] netlink: 8 bytes leftover after parsing attributes in process `syz.1.25582'. [ 1510.413942][T30057] fuse: Bad value for 'fd' [ 1511.580129][T30105] syzkaller0: entered promiscuous mode [ 1511.586617][T30105] syzkaller0: entered allmulticast mode [ 1512.474040][T30151] netlink: 132 bytes leftover after parsing attributes in process `syz.7.25661'. [ 1513.555167][T30209] netlink: 16 bytes leftover after parsing attributes in process `syz.7.25682'. [ 1513.988934][T32096] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 1514.192226][T32096] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1514.201863][T32096] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1514.215999][T32096] usb 2-1: Product: syz [ 1514.220681][T32096] usb 2-1: Manufacturer: syz [ 1514.245700][T32096] usb 2-1: SerialNumber: syz [ 1514.467522][T30254] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method [ 1514.540634][T32096] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 1514.553581][T32096] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 1514.565270][T32096] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1514.617604][T32096] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 1514.670376][T32096] usb 2-1: USB disconnect, device number 61 [ 1515.577616][T30303] netlink: 8 bytes leftover after parsing attributes in process `syz.4.25730'. [ 1515.648444][T30314] binder: 30313:30314 ioctl c0306201 200000000100 returned -14 [ 1516.674791][T12985] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 1516.695361][ T5889] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 1516.835373][T12985] usb 4-1: Using ep0 maxpacket: 16 [ 1516.842285][T12985] usb 4-1: config 8 has an invalid interface number: 108 but max is 0 [ 1516.851620][T12985] usb 4-1: config 8 has no interface number 0 [ 1516.856221][ T5889] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1516.860514][T12985] usb 4-1: New USB device found, idVendor=0421, idProduct=04c9, bcdDevice=6e.97 [ 1516.866555][ T5889] usb 2-1: config 0 has no interface number 0 [ 1516.875500][T12985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1516.889813][T12985] usb 4-1: Product: syz [ 1516.893995][T12985] usb 4-1: Manufacturer: syz [ 1516.897342][ T5889] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1516.898640][T12985] usb 4-1: SerialNumber: syz [ 1516.908290][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1516.921299][ T5889] usb 2-1: Product: syz [ 1516.925909][ T5889] usb 2-1: Manufacturer: syz [ 1516.930529][ T5889] usb 2-1: SerialNumber: syz [ 1516.938695][ T5889] usb 2-1: config 0 descriptor?? [ 1517.133759][T12985] usb 4-1: bad CDC descriptors [ 1517.143440][T12985] cdc_acm 4-1:8.108: Zero length descriptor references [ 1517.150941][T12985] cdc_acm 4-1:8.108: probe with driver cdc_acm failed with error -22 [ 1517.168819][T12985] usb 4-1: USB disconnect, device number 65 [ 1517.203740][ T5889] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 1517.220151][ T5889] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1517.231588][ T5889] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 1517.240257][ T5889] usb 2-1: media controller created [ 1517.265228][ T5889] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1517.614021][T30393] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 1517.989227][T30414] netlink: 'syz.3.25781': attribute type 13 has an invalid length. [ 1518.192633][T30422] netlink: 32 bytes leftover after parsing attributes in process `syz.3.25786'. [ 1518.320283][ T5889] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 1518.388517][ T5889] usb 2-1: USB disconnect, device number 62 [ 1519.419087][T30482] netlink: 24 bytes leftover after parsing attributes in process `syz.1.25812'. [ 1520.016143][T30510] misc userio: Can't change port type on an already running userio instance [ 1520.114339][T30513] loop2: detected capacity change from 0 to 7 [ 1520.123995][T28659] Dev loop2: unable to read RDB block 7 [ 1520.131669][T28659] loop2: AHDI p1 p2 p3 [ 1520.136293][T28659] loop2: partition table partially beyond EOD, truncated [ 1520.154750][T28659] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1520.161571][T28659] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1520.190327][T30513] Dev loop2: unable to read RDB block 7 [ 1520.199349][T30513] loop2: AHDI p1 p2 p3 [ 1520.213978][T30513] loop2: partition table partially beyond EOD, truncated [ 1520.225058][T30513] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1520.231877][T30513] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1520.394485][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1520.597621][T30530] netlink: 9 bytes leftover after parsing attributes in process `syz.3.25833'. [ 1520.638506][T30530] gretap0: entered promiscuous mode [ 1520.643781][T30530] gretap0: left allmulticast mode [ 1520.651643][T30536] netlink: 5 bytes leftover after parsing attributes in process `syz.3.25833'. [ 1520.680721][T30536] 0ªî{X¹¦: renamed from gretap0 [ 1520.689706][T30536] 0ªî{X¹¦: left promiscuous mode [ 1520.696390][T30536] 0ªî{X¹¦: entered allmulticast mode [ 1520.703947][T30536] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 1521.444578][ T30] audit: type=1800 audit(1763521051.823:5585): pid=30573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.25852" name="bus" dev="tmpfs" ino=9211 res=0 errno=0 [ 1521.675165][T30577] netlink: 8 bytes leftover after parsing attributes in process `syz.3.25854'. [ 1523.971329][T30671] netlink: 12 bytes leftover after parsing attributes in process `syz.3.25898'. [ 1526.052477][T30748] netlink: 8 bytes leftover after parsing attributes in process `syz.5.25932'. [ 1526.342026][T30762] xt_l2tp: wrong L2TP version: 0 [ 1529.199515][T30815] netlink: 8 bytes leftover after parsing attributes in process `syz.4.25959'. [ 1530.382542][T30823] ip6tnl0: left promiscuous mode [ 1530.417664][T30823] ip6tnl0: left allmulticast mode [ 1532.999487][ T30] audit: type=1326 audit(1763521063.373:5586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30932 comm="syz.3.26019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1533.034331][ T30] audit: type=1326 audit(1763521063.373:5587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30932 comm="syz.3.26019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1533.058044][ T30] audit: type=1326 audit(1763521063.373:5588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30932 comm="syz.3.26019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1533.081476][ T30] audit: type=1326 audit(1763521063.373:5589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30932 comm="syz.3.26019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1533.105273][ T30] audit: type=1326 audit(1763521063.373:5590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30932 comm="syz.3.26019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1533.990545][T12985] usb 6-1: new full-speed USB device number 40 using dummy_hcd [ 1534.171699][T12985] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1534.182437][T12985] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1534.193794][T12985] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 1534.224472][T12985] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1534.246328][T12985] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1534.255741][T12985] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1534.272140][T30957] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1534.332287][T12985] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1534.340722][T12985] usb 6-1: invalid MIDI out EP 0 [ 1534.533258][T12985] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 1534.576565][T12985] usb 6-1: USB disconnect, device number 40 [ 1534.616311][T30989] netlink: 68 bytes leftover after parsing attributes in process `syz.4.26046'. [ 1534.714501][T30996] netlink: 4 bytes leftover after parsing attributes in process `syz.1.26049'. [ 1534.739175][T30996] bridge_slave_1: left allmulticast mode [ 1534.769648][T30996] bridge_slave_1: left promiscuous mode [ 1534.788930][T30996] bridge0: port 2(bridge_slave_1) entered disabled state [ 1534.832830][T30996] bridge_slave_0: left allmulticast mode [ 1534.851163][T30996] bridge_slave_0: left promiscuous mode [ 1534.998583][T30996] bridge0: port 1(bridge_slave_0) entered disabled state [ 1536.350272][ T30] audit: type=1326 audit(1763521066.723:5591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31037 comm="syz.3.26070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1536.376058][ T30] audit: type=1326 audit(1763521066.753:5592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31037 comm="syz.3.26070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1536.430063][ T30] audit: type=1326 audit(1763521066.773:5593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31037 comm="syz.3.26070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1536.488584][ T30] audit: type=1326 audit(1763521066.773:5594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31037 comm="syz.3.26070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1536.513411][ T30] audit: type=1326 audit(1763521066.773:5595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31037 comm="syz.3.26070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1538.553287][T31112] random: crng reseeded on system resumption [ 1539.581331][T31154] netlink: 44 bytes leftover after parsing attributes in process `syz.7.26122'. [ 1539.591866][T31154] netlink: 12 bytes leftover after parsing attributes in process `syz.7.26122'. [ 1539.608284][T31154] netlink: 16 bytes leftover after parsing attributes in process `syz.7.26122'. [ 1541.721014][T31222] netlink: 8 bytes leftover after parsing attributes in process `syz.3.26153'. [ 1542.194495][ T5896] usb 6-1: new full-speed USB device number 41 using dummy_hcd [ 1542.349109][ T5896] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1542.371944][ T5896] usb 6-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 1542.382556][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1542.402576][ T5896] usb 6-1: config 0 descriptor?? [ 1542.615313][ T5896] usbhid 6-1:0.0: can't add hid device: -71 [ 1542.621465][ T5896] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1542.647122][ T5896] usb 6-1: USB disconnect, device number 41 [ 1543.154005][T31301] netlink: 76 bytes leftover after parsing attributes in process `syz.7.26191'. [ 1544.383893][ T36] tipc: Subscription rejected, illegal request [ 1545.615537][T31402] netlink: 100 bytes leftover after parsing attributes in process `syz.4.26236'. [ 1545.984069][T31418] netlink: 'syz.3.26244': attribute type 64 has an invalid length. [ 1545.992516][T31418] netlink: 5 bytes leftover after parsing attributes in process `syz.3.26244'. [ 1546.001490][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.001546][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.018893][T31418] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 1547.173268][T31464] netlink: 8 bytes leftover after parsing attributes in process `syz.5.26264'. [ 1547.712699][T31480] netlink: 16 bytes leftover after parsing attributes in process `syz.7.26272'. [ 1547.740935][T31480] sit0: left promiscuous mode [ 1547.748307][T31482] program syz.3.26276 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1547.870199][T31480] sit0: left allmulticast mode [ 1549.141291][T31544] netlink: 44 bytes leftover after parsing attributes in process `syz.7.26307'. [ 1550.313339][T31599] netlink: 324 bytes leftover after parsing attributes in process `syz.5.26331'. [ 1550.329233][T31599] netlink: 12 bytes leftover after parsing attributes in process `syz.5.26331'. [ 1551.891299][T31632] netlink: 'syz.1.26343': attribute type 29 has an invalid length. [ 1551.908730][T31632] netlink: 8 bytes leftover after parsing attributes in process `syz.1.26343'. [ 1552.517988][T31646] netlink: 8 bytes leftover after parsing attributes in process `syz.3.26353'. [ 1557.962251][T31827] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 1558.006463][T31831] binder: 31830:31831 ioctl 4018620d 0 returned -22 [ 1559.727625][T31886] fuse: Bad value for 'user_id' [ 1559.744930][T31886] fuse: Bad value for 'user_id' [ 1559.850188][T31892] netlink: 12 bytes leftover after parsing attributes in process `syz.4.26457'. [ 1559.954276][ T5896] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 1560.033810][T31902] loop5: detected capacity change from 0 to 7 [ 1560.124231][ T5896] usb 4-1: Using ep0 maxpacket: 8 [ 1560.132043][ T5896] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1560.141209][ T5896] usb 4-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 1560.152130][ T5896] usb 4-1: config 6 has 0 interfaces, different from the descriptor's value: 1 [ 1560.158393][T28659] Dev loop5: unable to read RDB block 7 [ 1560.163597][ T5896] usb 4-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 0.01 [ 1560.167428][T28659] loop5: unable to read partition table [ 1560.176600][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1560.182590][T28659] loop5: partition table beyond EOD, truncated [ 1560.189864][ T5896] usb 4-1: Product: syz [ 1560.200600][ T5896] usb 4-1: Manufacturer: syz [ 1560.205572][ T5896] usb 4-1: SerialNumber: syz [ 1560.352383][T31902] Dev loop5: unable to read RDB block 7 [ 1560.374054][T31902] loop5: unable to read partition table [ 1560.378372][T31908] netlink: 'syz.7.26464': attribute type 4 has an invalid length. [ 1560.388235][T31908] netlink: 'syz.7.26464': attribute type 5 has an invalid length. [ 1560.396717][T31908] netlink: 3657 bytes leftover after parsing attributes in process `syz.7.26464'. [ 1560.397022][T31902] loop5: partition table beyond EOD, [ 1560.426921][ T5896] usb 4-1: USB disconnect, device number 66 [ 1560.514469][T31902] truncated [ 1560.519953][T31902] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 1560.686957][ T5201] Dev loop5: unable to read RDB block 7 [ 1560.692687][ T5201] loop5: unable to read partition table [ 1560.699034][ T5201] loop5: partition table beyond EOD, truncated [ 1560.960305][T31922] netlink: 104 bytes leftover after parsing attributes in process `syz.5.26469'. [ 1560.980973][T31927] netlink: 12 bytes leftover after parsing attributes in process `syz.7.26473'. [ 1561.228764][T31938] netlink: 100 bytes leftover after parsing attributes in process `syz.3.26481'. [ 1561.316880][ T30] audit: type=1326 audit(1763521091.693:5596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31942 comm="syz.3.26482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1561.343194][ T30] audit: type=1326 audit(1763521091.693:5597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31942 comm="syz.3.26482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1561.367933][ T30] audit: type=1326 audit(1763521091.693:5598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31942 comm="syz.3.26482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1561.390836][ T30] audit: type=1326 audit(1763521091.693:5599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31942 comm="syz.3.26482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1561.415353][ T30] audit: type=1326 audit(1763521091.693:5600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31942 comm="syz.3.26482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1561.924297][T12985] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 1561.944315][T32096] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 1562.079626][T12985] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1562.089169][T12985] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1562.097470][T32096] usb 4-1: Using ep0 maxpacket: 32 [ 1562.102848][T12985] usb 6-1: Product: syz [ 1562.107615][T12985] usb 6-1: Manufacturer: syz [ 1562.113361][T12985] usb 6-1: SerialNumber: syz [ 1562.119791][T32096] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 1562.128606][T32096] usb 4-1: config 0 has no interface number 0 [ 1562.136563][T32096] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1562.150928][T32096] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 1562.162016][T12985] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1562.180763][T32096] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1562.189659][T32096] usb 4-1: Product: syz [ 1562.193936][T32096] usb 4-1: Manufacturer: syz [ 1562.198843][T32096] usb 4-1: SerialNumber: syz [ 1562.215335][T32096] usb 4-1: config 0 descriptor?? [ 1562.221557][T31962] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1562.275827][T31963] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1562.443066][T31962] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1562.623625][T12985] usb 6-1: USB disconnect, device number 42 [ 1563.355954][T31963] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 1563.363726][T31963] ath9k_htc: Failed to initialize the device [ 1563.375643][T12985] usb 6-1: ath9k_htc: USB layer deinitialized [ 1563.934344][ T5896] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 1564.131025][ T5896] usb 6-1: Using ep0 maxpacket: 32 [ 1564.139560][ T5896] usb 6-1: config 0 has no interfaces? [ 1564.153776][ T5896] usb 6-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a [ 1564.164198][ T5896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1564.172837][ T5896] usb 6-1: Product: syz [ 1564.179892][ T5896] usb 6-1: Manufacturer: syz [ 1564.184881][ T5896] usb 6-1: SerialNumber: syz [ 1564.200449][ T5896] usb 6-1: config 0 descriptor?? [ 1564.427315][ T5896] usb 6-1: USB disconnect, device number 43 [ 1564.704352][T32096] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1564.715633][T32096] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 1564.736381][T32096] asix 4-1:0.188: probe with driver asix failed with error -71 [ 1564.748515][T32096] usb 4-1: USB disconnect, device number 67 [ 1566.925886][T32076] fuse: Bad value for 'fd' [ 1567.012450][T32082] netlink: 20 bytes leftover after parsing attributes in process `syz.3.26541'. [ 1567.279571][T32091] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 1567.286140][T32091] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1567.294848][T32091] vhci_hcd vhci_hcd.0: Device attached [ 1567.295265][T32092] netlink: 20 bytes leftover after parsing attributes in process `syz.7.26545'. [ 1567.311973][T32091] vhci_hcd vhci_hcd.0: port 0 already used [ 1567.321545][T32093] vhci_hcd: connection closed [ 1567.321998][ T2919] vhci_hcd: stop threads [ 1567.338117][ T2919] vhci_hcd: release socket [ 1567.342583][ T2919] vhci_hcd: disconnect device [ 1567.804458][ T30] audit: type=1326 audit(1763521098.173:5601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32114 comm="syz.5.26555" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x0 [ 1568.139878][T32125] netlink: 4 bytes leftover after parsing attributes in process `syz.3.26562'. [ 1570.682723][T32228] netlink: 8 bytes leftover after parsing attributes in process `syz.4.26605'. [ 1570.705919][T32228] openvswitch: netlink: Missing key (keys=40, expected=80) [ 1571.548069][T32249] netlink: 172 bytes leftover after parsing attributes in process `syz.5.26618'. [ 1571.879725][T32259] netlink: 'syz.3.26623': attribute type 28 has an invalid length. [ 1572.045034][T32263] netlink: 40 bytes leftover after parsing attributes in process `syz.1.26622'. [ 1572.550304][T32290] sock: sock_timestamping_bind_phc: sock not bind to device [ 1573.337633][T32322] netlink: 20 bytes leftover after parsing attributes in process `syz.5.26651'. [ 1573.729166][T32346] netlink: 5 bytes leftover after parsing attributes in process `syz.3.26666'. [ 1573.740495][T32346] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1574.560412][T32392] binder: 32391:32392 ioctl c0306201 200000000180 returned -14 [ 1576.338314][ T30] audit: type=1326 audit(1763521106.713:5602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32470 comm="syz.3.26724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1576.361601][ T30] audit: type=1326 audit(1763521106.743:5603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32470 comm="syz.3.26724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1576.385113][ T30] audit: type=1326 audit(1763521106.763:5604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32470 comm="syz.3.26724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1576.410114][ T30] audit: type=1326 audit(1763521106.763:5605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32470 comm="syz.3.26724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1576.433601][ T30] audit: type=1326 audit(1763521106.763:5606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32470 comm="syz.3.26724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1576.464566][ T30] audit: type=1326 audit(1763521106.783:5607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32470 comm="syz.3.26724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1576.487826][ T30] audit: type=1326 audit(1763521106.783:5608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32470 comm="syz.3.26724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1576.534302][ T30] audit: type=1326 audit(1763521106.783:5609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32470 comm="syz.3.26724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1576.557552][ T30] audit: type=1326 audit(1763521106.813:5610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32470 comm="syz.3.26724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1576.586305][ T30] audit: type=1326 audit(1763521106.813:5611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32470 comm="syz.3.26724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1577.203295][T32507] x_tables: unsorted underflow at hook 1 [ 1577.237795][T32509] netlink: 'syz.1.26741': attribute type 13 has an invalid length. [ 1578.731825][T32584] netlink: 'syz.3.26778': attribute type 13 has an invalid length. [ 1578.876258][ T5896] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 1579.036516][ T5896] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1579.049933][ T5896] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1579.060839][ T5896] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1579.073464][ T5896] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1579.092451][ T5896] usb 2-1: config 0 descriptor?? [ 1579.569699][ T5896] cp2112 0003:10C4:EA90.002B: unknown main item tag 0x0 [ 1579.585756][ T5896] cp2112 0003:10C4:EA90.002B: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 1579.680194][T32629] netlink: 36 bytes leftover after parsing attributes in process `syz.4.26798'. [ 1579.816270][ T5896] cp2112 0003:10C4:EA90.002B: Part Number: 0x82 Device Version: 0xFE [ 1580.263645][ T5896] cp2112 0003:10C4:EA90.002B: error setting SMBus config [ 1580.295872][ T5896] cp2112 0003:10C4:EA90.002B: probe with driver cp2112 failed with error -71 [ 1580.343771][ T5896] usb 2-1: USB disconnect, device number 63 [ 1580.379925][T32655] netlink: 40 bytes leftover after parsing attributes in process `syz.5.26809'. [ 1582.392177][T32712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.26836'. [ 1582.546940][T32720] netlink: 84 bytes leftover after parsing attributes in process `syz.1.26838'. [ 1582.583018][T32720] netlink: 16 bytes leftover after parsing attributes in process `syz.1.26838'. [ 1583.478349][T32766] fuse: Unknown parameter '&' [ 1583.482132][T32764] netlink: 148 bytes leftover after parsing attributes in process `syz.5.26859'. [ 1583.498554][T32764] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 1583.676331][ T305] netlink: 12 bytes leftover after parsing attributes in process `syz.5.26864'. [ 1584.829267][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 1584.829294][ T30] audit: type=1326 audit(1763521115.203:5628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=359 comm="syz.3.26889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1584.865336][ T30] audit: type=1326 audit(1763521115.233:5629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=359 comm="syz.3.26889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1584.888873][ T30] audit: type=1326 audit(1763521115.233:5630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=359 comm="syz.3.26889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1584.911793][ T30] audit: type=1326 audit(1763521115.233:5631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=359 comm="syz.3.26889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1584.940525][ T30] audit: type=1326 audit(1763521115.233:5632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=359 comm="syz.3.26889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1585.802464][ T389] netlink: 28 bytes leftover after parsing attributes in process `syz.5.26901'. [ 1585.976729][ T398] netlink: 720 bytes leftover after parsing attributes in process `syz.3.26908'. [ 1586.003866][ T398] veth7: entered promiscuous mode [ 1586.256651][ T412] netlink: 8 bytes leftover after parsing attributes in process `syz.3.26914'. [ 1586.884453][ T434] x_tables: ip_tables: TCPMSS target: only valid for protocol 6 [ 1588.965828][ T510] netlink: 8 bytes leftover after parsing attributes in process `syz.7.26962'. [ 1589.322689][ T524] netlink: 328 bytes leftover after parsing attributes in process `syz.5.26968'. [ 1589.938504][ T552] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 1590.206362][ T565] fuse: Bad value for 'user_id' [ 1590.216919][ T565] fuse: Bad value for 'user_id' [ 1590.353625][ T567] netlink: 24 bytes leftover after parsing attributes in process `syz.5.26989'. [ 1590.632918][ T577] netlink: 8 bytes leftover after parsing attributes in process `syz.4.26993'. [ 1591.285024][T32096] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 1591.448365][T32096] usb 4-1: New USB device found, idVendor=2001, idProduct=b301, bcdDevice=45.a9 [ 1591.457865][T32096] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1591.466138][T32096] usb 4-1: Product: syz [ 1591.470624][T32096] usb 4-1: Manufacturer: syz [ 1591.475400][T32096] usb 4-1: SerialNumber: syz [ 1591.483478][T32096] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1591.493505][T32096] r8152-cfgselector 4-1: config 0 descriptor?? [ 1591.501821][T32096] r8152 4-1:0.0: Expected endpoints are not found [ 1591.724601][ T600] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1591.743785][ T600] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1591.767757][T32096] r8152-cfgselector 4-1: USB disconnect, device number 68 [ 1591.894311][ T5896] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 1592.010690][ T626] lo: Caught tx_queue_len zero misconfig [ 1592.060715][ T5896] usb 6-1: Using ep0 maxpacket: 32 [ 1592.067913][ T5896] usb 6-1: config 0 has an invalid interface number: 85 but max is 0 [ 1592.077014][ T5896] usb 6-1: config 0 has no interface number 0 [ 1592.083153][ T5896] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1592.095555][ T5896] usb 6-1: config 0 interface 85 has no altsetting 0 [ 1592.105158][ T5896] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1592.114637][ T5896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1592.122658][ T5896] usb 6-1: Product: syz [ 1592.127992][ T5896] usb 6-1: Manufacturer: syz [ 1592.132612][ T5896] usb 6-1: SerialNumber: syz [ 1592.145056][ T5896] usb 6-1: config 0 descriptor?? [ 1593.030771][ T5896] appletouch 6-1:0.85: Geyser mode initialized. [ 1593.060439][ T5896] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input113 [ 1593.374931][ T5896] usb 6-1: USB disconnect, device number 44 [ 1593.378947][ C0] appletouch 6-1:0.85: atp_complete: usb_submit_urb failed with result -19 [ 1593.464862][ T663] netlink: 24 bytes leftover after parsing attributes in process `syz.3.27035'. [ 1593.499669][ T5896] appletouch 6-1:0.85: input: appletouch disconnected [ 1594.452443][ T711] netlink: 12 bytes leftover after parsing attributes in process `syz.3.27058'. [ 1595.460198][ T744] netlink: 20 bytes leftover after parsing attributes in process `syz.1.27073'. [ 1598.069587][ T811] syzkaller0: entered promiscuous mode [ 1598.075383][ T811] syzkaller0: entered allmulticast mode [ 1600.588647][ T893] fuse: Invalid rootmode [ 1601.703674][ T916] netlink: 'syz.3.27141': attribute type 4 has an invalid length. [ 1601.712001][ T916] netlink: 'syz.3.27141': attribute type 5 has an invalid length. [ 1601.722575][ T916] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.27141'. [ 1604.055627][ T1026] netlink: 12 bytes leftover after parsing attributes in process `syz.3.27184'. [ 1604.204795][ T1039] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27189'. [ 1604.501409][ T1056] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1605.111300][ T1086] netlink: 'syz.1.27207': attribute type 13 has an invalid length. [ 1607.438858][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.445435][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1609.421026][ T1220] netlink: 244 bytes leftover after parsing attributes in process `syz.5.27266'. [ 1609.741919][ T1233] kvm: requested 18438 ns i8254 timer period limited to 200000 ns [ 1610.418324][ T1265] netlink: 'syz.7.27283': attribute type 4 has an invalid length. [ 1611.574365][ T5889] usb 2-1: new full-speed USB device number 64 using dummy_hcd [ 1611.751226][ T5889] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB3, changing to 0x83 [ 1611.782053][ T5889] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 235, setting to 64 [ 1611.801102][ T5889] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1611.819088][ T5889] usb 2-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 1611.830483][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1611.838184][ T1338] netlink: 48 bytes leftover after parsing attributes in process `syz.3.27316'. [ 1611.860818][ T5889] usb 2-1: config 0 descriptor?? [ 1611.878754][ T5889] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1612.102695][T32096] usb 2-1: USB disconnect, device number 64 [ 1612.915031][ T1397] netlink: 36 bytes leftover after parsing attributes in process `syz.5.27344'. [ 1613.155460][ T1410] netlink: 12 bytes leftover after parsing attributes in process `syz.1.27352'. [ 1613.243323][ T1415] netlink: 8 bytes leftover after parsing attributes in process `syz.5.27354'. [ 1613.433847][ T1423] netlink: 'syz.1.27357': attribute type 64 has an invalid length. [ 1613.458926][ T1423] netlink: 5 bytes leftover after parsing attributes in process `syz.1.27357'. [ 1613.490058][ T1423] gretap0: left promiscuous mode [ 1614.028378][ T30] audit: type=1804 audit(1763521144.403:5633): pid=1458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.27374" name="/newroot/5346/bus" dev="tmpfs" ino=31953 res=1 errno=0 [ 1614.214943][ T1472] netlink: 108 bytes leftover after parsing attributes in process `syz.7.27382'. [ 1614.229485][ T1472] netlink: 20 bytes leftover after parsing attributes in process `syz.7.27382'. [ 1614.971804][ T1511] netlink: 4 bytes leftover after parsing attributes in process `syz.1.27399'. [ 1615.918301][ T1556] netlink: 92 bytes leftover after parsing attributes in process `syz.1.27419'. [ 1615.952565][ T1556] netlink: 12 bytes leftover after parsing attributes in process `syz.1.27419'. [ 1616.331856][ T1578] binder: 1577:1578 ioctl c018620c 0 returned -14 [ 1616.695695][ T1599] fuse: Bad value for 'group_id' [ 1616.717637][ T1599] fuse: Bad value for 'group_id' [ 1617.197819][ T1627] netlink: 172 bytes leftover after parsing attributes in process `syz.4.27454'. [ 1619.000524][ T1694] binder: 1693:1694 ioctl c0306201 0 returned -14 [ 1619.149274][ T1701] netlink: 16 bytes leftover after parsing attributes in process `syz.4.27489'. [ 1619.464859][ T1718] netlink: 28 bytes leftover after parsing attributes in process `syz.1.27498'. [ 1619.874354][ T5889] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 1620.035068][ T5889] usb 2-1: Using ep0 maxpacket: 8 [ 1620.043120][ T5889] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1620.065703][ T5889] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1620.089674][ T5889] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1620.105683][ T5889] usb 2-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1620.124449][ T5889] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1620.133750][ T1753] netlink: 16 bytes leftover after parsing attributes in process `syz.4.27513'. [ 1620.153740][ T5889] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1620.165307][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1620.173435][ T5889] usb 2-1: Product: syz [ 1620.178411][ T5889] usb 2-1: Manufacturer: syz [ 1620.183365][ T5889] usb 2-1: SerialNumber: syz [ 1620.422662][ T5889] usb 2-1: Audio class v2/v3 interfaces need an interface association [ 1620.466206][ T5889] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1620.489072][ T5889] usb 2-1: USB disconnect, device number 65 [ 1620.533420][T28659] udevd[28659]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1620.608811][ T1766] netlink: 128 bytes leftover after parsing attributes in process `syz.3.27519'. [ 1622.235325][ T1838] netlink: 12 bytes leftover after parsing attributes in process `syz.3.27553'. [ 1622.260755][ T1838] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1622.817142][ T1872] netlink: 16 bytes leftover after parsing attributes in process `syz.1.27569'. [ 1622.837026][ T1872] openvswitch: netlink: Flow key attr not present in new flow. [ 1623.109850][ T1882] netlink: 'syz.5.27574': attribute type 4 has an invalid length. [ 1623.132215][ T1882] netlink: 'syz.5.27574': attribute type 5 has an invalid length. [ 1623.161860][ T1882] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.27574'. [ 1623.414672][ T1892] netlink: 536 bytes leftover after parsing attributes in process `syz.1.27579'. [ 1623.430861][ T1896] netlink: 'syz.7.27581': attribute type 5 has an invalid length. [ 1623.495728][ T1896] ip6erspan0: entered promiscuous mode [ 1623.516427][ T1892] netlink: 52 bytes leftover after parsing attributes in process `syz.1.27579'. [ 1624.332024][ T1935] netlink: 44 bytes leftover after parsing attributes in process `syz.3.27600'. [ 1624.513513][ T1946] netlink: 72 bytes leftover after parsing attributes in process `syz.1.27607'. [ 1627.801305][ T2051] netlink: 8 bytes leftover after parsing attributes in process `syz.3.27651'. [ 1628.062980][ T2062] netlink: 'syz.3.27657': attribute type 32 has an invalid length. [ 1628.485569][ T2073] netlink: 'syz.5.27664': attribute type 4 has an invalid length. [ 1628.511366][ T2073] netlink: 17 bytes leftover after parsing attributes in process `syz.5.27664'. [ 1629.256255][ T2107] netlink: 8 bytes leftover after parsing attributes in process `syz.5.27679'. [ 1632.740161][ T2216] netlink: 12 bytes leftover after parsing attributes in process `syz.7.27730'. [ 1633.799615][ T2264] syzkaller1: entered promiscuous mode [ 1633.824432][ T2264] syzkaller1: entered allmulticast mode [ 1634.323343][ T2281] SET target dimension over the limit! [ 1634.675316][ T2295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.27768'. [ 1634.686059][ T2295] tc_dump_action: action bad kind [ 1635.695713][ T2326] netlink: 5 bytes leftover after parsing attributes in process `syz.3.27783'. [ 1636.237651][ T2359] netlink: 8 bytes leftover after parsing attributes in process `syz.5.27796'. [ 1636.719004][ T2388] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode [ 1637.112559][ T2415] netlink: 116 bytes leftover after parsing attributes in process `syz.5.27819'. [ 1637.125127][ T2415] netlink: 8 bytes leftover after parsing attributes in process `syz.5.27819'. [ 1637.165343][ T30] audit: type=1326 audit(1763521167.533:5634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2362 comm="syz.3.27799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7fc00000 [ 1637.695113][ T2451] netlink: 12 bytes leftover after parsing attributes in process `syz.5.27835'. [ 1638.164462][ T5889] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 1638.338890][ T5889] usb 2-1: Using ep0 maxpacket: 16 [ 1638.356979][ T5889] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 1638.373481][ T5889] usb 2-1: config 0 has no interface number 0 [ 1638.382993][ T5889] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 1638.393633][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1638.417537][ T2496] netlink: 28 bytes leftover after parsing attributes in process `syz.5.27851'. [ 1638.427100][ T5889] usb 2-1: Product: syz [ 1638.432023][ T5889] usb 2-1: Manufacturer: syz [ 1638.437227][ T5889] usb 2-1: SerialNumber: syz [ 1638.465030][ T5889] usb 2-1: config 0 descriptor?? [ 1638.484799][ T5889] hub 2-1:0.132: bad descriptor, ignoring hub [ 1638.501261][ T5889] hub 2-1:0.132: probe with driver hub failed with error -5 [ 1638.521182][ T5889] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.132/input/input115 [ 1639.026773][T31963] usb 2-1: USB disconnect, device number 66 [ 1639.998534][ T2593] netlink: 8 bytes leftover after parsing attributes in process `syz.3.27892'. [ 1640.025172][ T2593] netlink: 20 bytes leftover after parsing attributes in process `syz.3.27892'. [ 1641.653873][ T2664] netlink: 68 bytes leftover after parsing attributes in process `syz.4.27916'. [ 1643.138631][ T2719] netlink: 12 bytes leftover after parsing attributes in process `syz.7.27937'. [ 1643.356147][ T2730] netlink: 8 bytes leftover after parsing attributes in process `syz.3.27945'. [ 1643.816623][ T2758] netlink: 4 bytes leftover after parsing attributes in process `syz.1.27954'. [ 1645.011628][ T2824] binder: 2823:2824 ioctl c0306201 0 returned -14 [ 1645.933507][ T2879] netlink: 48 bytes leftover after parsing attributes in process `syz.1.27993'. [ 1646.113462][ T2887] netlink: 40 bytes leftover after parsing attributes in process `syz.3.27996'. [ 1646.566369][ T2911] fuse: Bad value for 'user_id' [ 1646.571505][ T2911] fuse: Bad value for 'user_id' [ 1646.877512][ T30] audit: type=1326 audit(1763521177.243:5635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2929 comm="syz.3.28015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1646.946625][ T30] audit: type=1326 audit(1763521177.243:5636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2929 comm="syz.3.28015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1647.004263][ T30] audit: type=1326 audit(1763521177.253:5637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2929 comm="syz.3.28015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1647.026657][ C0] vkms_vblank_simulate: vblank timer overrun [ 1647.066040][ T30] audit: type=1326 audit(1763521177.253:5638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2929 comm="syz.3.28015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1647.122133][ T30] audit: type=1326 audit(1763521177.253:5639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2929 comm="syz.3.28015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1647.144494][ C0] vkms_vblank_simulate: vblank timer overrun [ 1647.204518][ T30] audit: type=1326 audit(1763521177.253:5640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2929 comm="syz.3.28015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1647.226996][ C0] vkms_vblank_simulate: vblank timer overrun [ 1647.294588][ T30] audit: type=1326 audit(1763521177.253:5641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2929 comm="syz.3.28015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1647.349919][ T30] audit: type=1326 audit(1763521177.253:5642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2929 comm="syz.3.28015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1647.424461][ T30] audit: type=1326 audit(1763521177.253:5643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2929 comm="syz.3.28015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1647.475752][ T30] audit: type=1326 audit(1763521177.253:5644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2929 comm="syz.3.28015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7ffc0000 [ 1648.139312][ T2919] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1648.163312][ T2919] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1648.179755][ T2919] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1648.189048][ T2919] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1649.202474][ T3002] netlink: 12 bytes leftover after parsing attributes in process `syz.1.28043'. [ 1649.645729][ T3024] netlink: 12 bytes leftover after parsing attributes in process `syz.1.28052'. [ 1650.677750][ T3079] netlink: 8 bytes leftover after parsing attributes in process `syz.1.28081'. [ 1651.130372][ T3108] netlink: 188 bytes leftover after parsing attributes in process `syz.3.28094'. [ 1651.462138][ T3129] netlink: 60 bytes leftover after parsing attributes in process `syz.5.28104'. [ 1651.782603][ T3147] netlink: 128 bytes leftover after parsing attributes in process `syz.5.28113'. [ 1654.395627][ T3243] netlink: 9 bytes leftover after parsing attributes in process `syz.5.28156'. [ 1654.773301][ T3263] netlink: 24 bytes leftover after parsing attributes in process `syz.7.28165'. [ 1654.911167][ T3269] Context (ID=0x1) not attached to queue pair (handle=0x0:0x2) [ 1655.999476][ T3329] netlink: 36 bytes leftover after parsing attributes in process `syz.1.28195'. [ 1656.520143][ T3356] netlink: 84 bytes leftover after parsing attributes in process `syz.1.28207'. [ 1656.573571][ T3356] netlink: 24 bytes leftover after parsing attributes in process `syz.1.28207'. [ 1657.014346][T32096] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 1657.174418][T32096] usb 4-1: Using ep0 maxpacket: 8 [ 1657.186572][T32096] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1657.203915][T32096] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1657.237261][T32096] usb 4-1: Product: syz [ 1657.243754][T32096] usb 4-1: Manufacturer: syz [ 1657.262359][T32096] usb 4-1: SerialNumber: syz [ 1657.278387][T32096] usb 4-1: config 0 descriptor?? [ 1657.297771][T32096] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1657.504949][ T3365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1657.514608][ T3365] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1657.790707][T32096] gspca_sonixj: reg_w1 err -71 [ 1657.806771][T32096] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 1657.837422][ T3419] netlink: 8 bytes leftover after parsing attributes in process `syz.1.28233'. [ 1657.845815][T32096] usb 4-1: USB disconnect, device number 69 [ 1658.242193][ T3444] netlink: 8 bytes leftover after parsing attributes in process `syz.1.28244'. [ 1658.711756][ T3471] fuse: Bad value for 'fd' [ 1659.098005][ T3493] netlink: 68 bytes leftover after parsing attributes in process `syz.3.28267'. [ 1660.062205][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 1660.062223][ T30] audit: type=1326 audit(1763521190.433:5666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3551 comm="syz.3.28295" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x0 [ 1660.810909][ T3589] netlink: 16 bytes leftover after parsing attributes in process `syz.5.28313'. [ 1661.456948][ T3616] netlink: 24 bytes leftover after parsing attributes in process `syz.1.28325'. [ 1661.574634][ T3620] netlink: 'syz.3.28327': attribute type 4 has an invalid length. [ 1661.598133][ T3620] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.28327'. [ 1663.089335][ T3680] netlink: 16 bytes leftover after parsing attributes in process `syz.5.28353'. [ 1664.883426][ T3737] netlink: 108 bytes leftover after parsing attributes in process `syz.3.28380'. [ 1664.915673][ T3737] netlink: 8 bytes leftover after parsing attributes in process `syz.3.28380'. [ 1665.648376][ T3772] netlink: 12 bytes leftover after parsing attributes in process `syz.5.28397'. [ 1665.860083][ T3786] netlink: 9 bytes leftover after parsing attributes in process `syz.1.28406'. [ 1665.883620][ T3786] 0·: renamed from hsr0 [ 1665.909786][ T3786] 0·: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1665.920727][ T3786] 0·: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1665.954828][ T3786] 0·: entered allmulticast mode [ 1665.970196][ T3786] hsr_slave_0: entered allmulticast mode [ 1665.976470][ T3786] hsr_slave_1: entered allmulticast mode [ 1665.998621][ T3786] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 1666.876928][ T3821] netlink: 28 bytes leftover after parsing attributes in process `syz.3.28422'. [ 1667.829309][ T3837] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in; [ 1667.829309][ T3837] program syz.3.28428 not setting count and/or reply_len properly [ 1668.274830][ T5889] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 1668.450470][ T5889] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 1668.490796][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1668.556733][ T5889] usb 2-1: config 0 descriptor?? [ 1668.629549][ T5889] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 1668.878794][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.885315][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.684651][ T30] audit: type=1326 audit(1763521200.053:5667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3908 comm="syz.5.28463" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x0 [ 1670.468655][ T3926] trusted_key: encrypted_key: master key parameter 'd' is invalid [ 1670.861813][ T30] audit: type=1326 audit(1763521201.223:5668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3937 comm="syz.5.28474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1670.929270][ T5889] usb 2-1: USB disconnect, device number 67 [ 1670.987071][ T30] audit: type=1326 audit(1763521201.223:5669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3937 comm="syz.5.28474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1671.065096][ T30] audit: type=1326 audit(1763521201.233:5670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3937 comm="syz.5.28474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1671.121780][ T30] audit: type=1326 audit(1763521201.233:5671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3937 comm="syz.5.28474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1671.254227][ T30] audit: type=1326 audit(1763521201.233:5672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3937 comm="syz.5.28474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1671.338782][ T30] audit: type=1326 audit(1763521201.233:5673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3937 comm="syz.5.28474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1671.351853][ T3952] netlink: 4 bytes leftover after parsing attributes in process `syz.7.28482'. [ 1671.398882][ T3955] fuse: Bad value for 'fd' [ 1671.434392][ T30] audit: type=1326 audit(1763521201.233:5674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3937 comm="syz.5.28474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1671.506427][ T30] audit: type=1326 audit(1763521201.263:5675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3937 comm="syz.5.28474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1671.594348][ T30] audit: type=1326 audit(1763521201.263:5676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3937 comm="syz.5.28474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9ce98f6c9 code=0x7ffc0000 [ 1673.017422][ T4030] netlink: 156 bytes leftover after parsing attributes in process `syz.4.28519'. [ 1673.994341][ C1] ip6_tunnel: M xmit: Local address not yet configured! [ 1675.160098][ T4149] netlink: 32 bytes leftover after parsing attributes in process `syz.7.28577'. [ 1675.923248][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 1675.923265][ T30] audit: type=1326 audit(1763521206.293:5706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4146 comm="syz.3.28575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7fc00000 [ 1676.002777][ T30] audit: type=1326 audit(1763521206.323:5707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4146 comm="syz.3.28575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f11f438f6c9 code=0x7fc00000 [ 1676.055536][ T30] audit: type=1326 audit(1763521206.323:5708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4146 comm="syz.3.28575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7fc00000 [ 1676.133438][ T30] audit: type=1326 audit(1763521206.323:5709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4146 comm="syz.3.28575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7fc00000 [ 1676.159752][ T30] audit: type=1326 audit(1763521206.323:5710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4146 comm="syz.3.28575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7fc00000 [ 1676.234303][ T30] audit: type=1326 audit(1763521206.323:5711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4146 comm="syz.3.28575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7fc00000 [ 1676.282296][ T30] audit: type=1326 audit(1763521206.323:5712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4146 comm="syz.3.28575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7fc00000 [ 1676.335974][ T30] audit: type=1326 audit(1763521206.323:5713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4146 comm="syz.3.28575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7fc00000 [ 1676.365186][ T30] audit: type=1326 audit(1763521206.323:5714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4146 comm="syz.3.28575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11f438f6c9 code=0x7fc00000 [ 1678.575041][ T4281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.28633'. [ 1678.813180][ T2919] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1678.844393][ T2919] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1678.864896][ T2919] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1678.890031][ T2919] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1682.255243][ T4456] netlink: 72 bytes leftover after parsing attributes in process `syz.5.28713'. [ 1682.652607][ T4476] wg2: Caught tx_queue_len zero misconfig [ 1682.774508][T31963] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 1682.823868][ T4483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.28726'. [ 1682.933244][T31963] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1682.942305][T31963] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1682.977644][T31963] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1683.000544][T31963] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1683.023546][T31963] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1683.086000][T31963] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1683.095654][T31963] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1683.103644][T31963] usb 4-1: Product: syz [ 1683.127366][T31963] usb 4-1: Manufacturer: syz [ 1683.167116][T31963] cdc_wdm 4-1:1.0: skipping garbage [ 1683.177041][T31963] cdc_wdm 4-1:1.0: skipping garbage [ 1683.191595][T31963] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 1683.206673][T31963] cdc_wdm 4-1:1.0: Unknown control protocol [ 1683.482740][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1683.489406][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1683.496852][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1683.503500][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1683.509943][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1683.516554][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1683.522991][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1683.529617][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1683.536248][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1683.542888][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1683.549206][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1683.555827][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1683.562155][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1683.568774][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1683.575207][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1683.581823][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1683.588128][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1683.594750][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1683.601293][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1683.607905][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1683.622421][T31963] usb 4-1: USB disconnect, device number 70 [ 1683.628541][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 1684.079418][ T4518] netlink: 'syz.1.28737': attribute type 10 has an invalid length. [ 1684.124233][ T4518] netlink: 'syz.1.28737': attribute type 10 has an invalid length. [ 1684.474880][ T5889] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 1684.704857][ T4539] netlink: 4 bytes leftover after parsing attributes in process `syz.1.28747'. [ 1684.715113][ T5889] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1684.731537][ T5889] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1684.754628][ T5889] usb 6-1: config 1 has no interface number 0 [ 1684.770931][ T5889] usb 6-1: config 1 interface 1 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1684.880842][ T5889] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1684.942272][ T5889] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1685.025869][ T5889] usb 6-1: Product: syz [ 1685.031716][ T5889] usb 6-1: Manufacturer: syz [ 1685.042883][ T5889] usb 6-1: SerialNumber: syz [ 1685.074284][ T5889] usb 6-1: selecting invalid altsetting 1 [ 1685.280399][ T5889] cdc_ncm 6-1:1.1: bind() failure [ 1685.313777][ T5889] usb 6-1: USB disconnect, device number 45 [ 1685.326905][ T4542] kvm: pic: non byte write [ 1688.550747][ T4639] [ 1688.553135][ T4639] ===================================================== [ 1688.560076][ T4639] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1688.567557][ T4639] syzkaller #0 Not tainted [ 1688.571984][ T4639] ----------------------------------------------------- [ 1688.578932][ T4639] syz.7.28759/4639 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1688.586679][ T4639] ffff88805a3389f0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1688.595425][ T4639] [ 1688.595425][ T4639] and this task is already holding: [ 1688.602803][ T4639] ffff8880793e7468 (&tty->flow.lock){....}-{3:3}, at: start_tty+0x20/0x70 [ 1688.611373][ T4639] which would create a new lock dependency: [ 1688.617277][ T4639] (&tty->flow.lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1688.624970][ T4639] [ 1688.624970][ T4639] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1688.634416][ T4639] (kbd_event_lock){..-.}-{3:3} [ 1688.634447][ T4639] [ 1688.634447][ T4639] ... which became SOFTIRQ-irq-safe at: [ 1688.646985][ T4639] lock_acquire+0x120/0x360 [ 1688.651651][ T4639] _raw_spin_lock+0x2e/0x40 [ 1688.656252][ T4639] kbd_event+0xd2/0x3f70 [ 1688.660588][ T4639] input_handle_events_default+0xd4/0x1a0 [ 1688.666409][ T4639] input_pass_values+0x288/0x890 [ 1688.671432][ T4639] input_event_dispose+0x3e5/0x6b0 [ 1688.676625][ T4639] input_event+0x89/0xe0 [ 1688.680959][ T4639] hidinput_hid_event+0x1404/0x1dd0 [ 1688.686250][ T4639] hid_process_event+0x4be/0x620 [ 1688.691290][ T4639] hid_report_raw_event+0xe91/0x16d0 [ 1688.696674][ T4639] hid_input_report+0x43e/0x520 [ 1688.701620][ T4639] hid_irq_in+0x47e/0x6d0 [ 1688.706043][ T4639] __usb_hcd_giveback_urb+0x376/0x540 [ 1688.711514][ T4639] dummy_timer+0x85f/0x44c0 [ 1688.716103][ T4639] __hrtimer_run_queues+0x52c/0xc60 [ 1688.721479][ T4639] hrtimer_run_softirq+0x187/0x2b0 [ 1688.726676][ T4639] handle_softirqs+0x286/0x870 [ 1688.731523][ T4639] __irq_exit_rcu+0xca/0x1f0 [ 1688.736284][ T4639] irq_exit_rcu+0x9/0x30 [ 1688.740619][ T4639] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1688.746348][ T4639] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1688.752418][ T4639] __sanitizer_cov_trace_cmp8+0x0/0x90 [ 1688.757972][ T4639] page_ext_lookup+0x4d/0x180 [ 1688.762739][ T4639] __update_page_owner_handle+0x12f/0x570 [ 1688.768563][ T4639] __set_page_owner+0x10b/0x4c0 [ 1688.773571][ T4639] post_alloc_hook+0x234/0x290 [ 1688.778439][ T4639] get_page_from_freelist+0x2365/0x2440 [ 1688.784067][ T4639] __alloc_frozen_pages_noprof+0x181/0x370 [ 1688.789958][ T4639] alloc_pages_mpol+0x232/0x4a0 [ 1688.794892][ T4639] folio_alloc_mpol_noprof+0x39/0x70 [ 1688.800259][ T4639] shmem_alloc_and_add_folio+0x423/0xf40 [ 1688.805993][ T4639] shmem_get_folio_gfp+0x59d/0x1660 [ 1688.811279][ T4639] shmem_write_begin+0xf7/0x2b0 [ 1688.816221][ T4639] generic_perform_write+0x2c5/0x900 [ 1688.821594][ T4639] shmem_file_write_iter+0xf8/0x120 [ 1688.826891][ T4639] __kernel_write_iter+0x428/0x910 [ 1688.832134][ T4639] dump_user_range+0x8a0/0xc90 [ 1688.836985][ T4639] elf_core_dump+0x3369/0x3960 [ 1688.841834][ T4639] coredump_write+0x116c/0x1900 [ 1688.846766][ T4639] vfs_coredump+0x1db5/0x2a60 [ 1688.851526][ T4639] get_signal+0x1108/0x1340 [ 1688.856114][ T4639] arch_do_signal_or_restart+0xa0/0x790 [ 1688.861841][ T4639] irqentry_exit_to_user_mode+0x7e/0x110 [ 1688.867568][ T4639] asm_exc_invalid_op+0x1a/0x20 [ 1688.872508][ T4639] [ 1688.872508][ T4639] to a SOFTIRQ-irq-unsafe lock: [ 1688.879519][ T4639] (tasklist_lock){.+.+}-{3:3} [ 1688.879559][ T4639] [ 1688.879559][ T4639] ... which became SOFTIRQ-irq-unsafe at: [ 1688.892179][ T4639] ... [ 1688.892189][ T4639] lock_acquire+0x120/0x360 [ 1688.899342][ T4639] _raw_read_lock+0x36/0x50 [ 1688.903934][ T4639] __do_wait+0xde/0x740 [ 1688.908182][ T4639] do_wait+0x1f8/0x510 [ 1688.912348][ T4639] kernel_wait+0xab/0x170 [ 1688.916774][ T4639] call_usermodehelper_exec_work+0xbe/0x230 [ 1688.922755][ T4639] process_scheduled_works+0xae1/0x17b0 [ 1688.928386][ T4639] worker_thread+0x8a0/0xda0 [ 1688.933061][ T4639] kthread+0x711/0x8a0 [ 1688.937217][ T4639] ret_from_fork+0x4bc/0x870 [ 1688.941890][ T4639] ret_from_fork_asm+0x1a/0x30 [ 1688.946743][ T4639] [ 1688.946743][ T4639] other info that might help us debug this: [ 1688.946743][ T4639] [ 1688.957000][ T4639] Chain exists of: [ 1688.957000][ T4639] kbd_event_lock --> &tty->flow.lock --> tasklist_lock [ 1688.957000][ T4639] [ 1688.969779][ T4639] Possible interrupt unsafe locking scenario: [ 1688.969779][ T4639] [ 1688.978101][ T4639] CPU0 CPU1 [ 1688.983461][ T4639] ---- ---- [ 1688.988817][ T4639] lock(tasklist_lock); [ 1688.993061][ T4639] local_irq_disable(); [ 1688.999805][ T4639] lock(kbd_event_lock); [ 1689.006656][ T4639] lock(&tty->flow.lock); [ 1689.013594][ T4639] [ 1689.017050][ T4639] lock(kbd_event_lock); [ 1689.021552][ T4639] [ 1689.021552][ T4639] *** DEADLOCK *** [ 1689.021552][ T4639] [ 1689.029686][ T4639] 6 locks held by syz.7.28759/4639: [ 1689.034875][ T4639] #0: ffff8880793e70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1689.044633][ T4639] #1: ffff8880793e72e8 (&tty->termios_rwsem/1){++++}-{4:4}, at: tty_set_termios+0x138/0x17e0 [ 1689.054914][ T4639] #2: ffff8880793e70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1689.064238][ T4639] #3: ffff8880793e7468 (&tty->flow.lock){....}-{3:3}, at: start_tty+0x20/0x70 [ 1689.073211][ T4639] #4: ffff8880793e70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1689.082644][ T4639] #5: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1689.091706][ T4639] [ 1689.091706][ T4639] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1689.102104][ T4639] -> (kbd_event_lock){..-.}-{3:3} { [ 1689.107420][ T4639] IN-SOFTIRQ-W at: [ 1689.111482][ T4639] lock_acquire+0x120/0x360 [ 1689.117893][ T4639] _raw_spin_lock+0x2e/0x40 [ 1689.124223][ T4639] kbd_event+0xd2/0x3f70 [ 1689.130296][ T4639] input_handle_events_default+0xd4/0x1a0 [ 1689.137845][ T4639] input_pass_values+0x288/0x890 [ 1689.144608][ T4639] input_event_dispose+0x3e5/0x6b0 [ 1689.151550][ T4639] input_event+0x89/0xe0 [ 1689.157620][ T4639] hidinput_hid_event+0x1404/0x1dd0 [ 1689.164652][ T4639] hid_process_event+0x4be/0x620 [ 1689.171422][ T4639] hid_report_raw_event+0xe91/0x16d0 [ 1689.178540][ T4639] hid_input_report+0x43e/0x520 [ 1689.185229][ T4639] hid_irq_in+0x47e/0x6d0 [ 1689.191383][ T4639] __usb_hcd_giveback_urb+0x376/0x540 [ 1689.198624][ T4639] dummy_timer+0x85f/0x44c0 [ 1689.204965][ T4639] __hrtimer_run_queues+0x52c/0xc60 [ 1689.212000][ T4639] hrtimer_run_softirq+0x187/0x2b0 [ 1689.218955][ T4639] handle_softirqs+0x286/0x870 [ 1689.225551][ T4639] __irq_exit_rcu+0xca/0x1f0 [ 1689.231965][ T4639] irq_exit_rcu+0x9/0x30 [ 1689.238030][ T4639] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1689.245617][ T4639] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1689.253434][ T4639] __sanitizer_cov_trace_cmp8+0x0/0x90 [ 1689.260893][ T4639] page_ext_lookup+0x4d/0x180 [ 1689.267417][ T4639] __update_page_owner_handle+0x12f/0x570 [ 1689.274977][ T4639] __set_page_owner+0x10b/0x4c0 [ 1689.281663][ T4639] post_alloc_hook+0x234/0x290 [ 1689.288311][ T4639] get_page_from_freelist+0x2365/0x2440 [ 1689.295680][ T4639] __alloc_frozen_pages_noprof+0x181/0x370 [ 1689.303311][ T4639] alloc_pages_mpol+0x232/0x4a0 [ 1689.310112][ T4639] folio_alloc_mpol_noprof+0x39/0x70 [ 1689.317223][ T4639] shmem_alloc_and_add_folio+0x423/0xf40 [ 1689.324690][ T4639] shmem_get_folio_gfp+0x59d/0x1660 [ 1689.331720][ T4639] shmem_write_begin+0xf7/0x2b0 [ 1689.338399][ T4639] generic_perform_write+0x2c5/0x900 [ 1689.345525][ T4639] shmem_file_write_iter+0xf8/0x120 [ 1689.352556][ T4639] __kernel_write_iter+0x428/0x910 [ 1689.359539][ T4639] dump_user_range+0x8a0/0xc90 [ 1689.366131][ T4639] elf_core_dump+0x3369/0x3960 [ 1689.372749][ T4639] coredump_write+0x116c/0x1900 [ 1689.379421][ T4639] vfs_coredump+0x1db5/0x2a60 [ 1689.385921][ T4639] get_signal+0x1108/0x1340 [ 1689.392432][ T4639] arch_do_signal_or_restart+0xa0/0x790 [ 1689.399832][ T4639] irqentry_exit_to_user_mode+0x7e/0x110 [ 1689.407312][ T4639] asm_exc_invalid_op+0x1a/0x20 [ 1689.413993][ T4639] INITIAL USE at: [ 1689.417981][ T4639] lock_acquire+0x120/0x360 [ 1689.424220][ T4639] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1689.431163][ T4639] vt_reset_unicode+0x2b/0x160 [ 1689.437687][ T4639] reset_vc+0x68/0x1b0 [ 1689.443493][ T4639] vc_init+0x70/0x4a0 [ 1689.449212][ T4639] con_init+0x385/0x9c0 [ 1689.455112][ T4639] console_init+0x10e/0x430 [ 1689.461360][ T4639] start_kernel+0x254/0x410 [ 1689.467598][ T4639] x86_64_start_reservations+0x24/0x30 [ 1689.474800][ T4639] x86_64_start_kernel+0x143/0x1c0 [ 1689.481652][ T4639] common_startup_64+0x13e/0x147 [ 1689.488332][ T4639] } [ 1689.490912][ T4639] ... key at: [] kbd_event_lock+0x18/0xa0 [ 1689.498905][ T4639] -> (&tty->flow.lock){....}-{3:3} { [ 1689.504204][ T4639] INITIAL USE at: [ 1689.508091][ T4639] lock_acquire+0x120/0x360 [ 1689.514159][ T4639] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1689.520927][ T4639] start_tty+0x20/0x70 [ 1689.526561][ T4639] n_tty_set_termios+0xa7c/0x1090 [ 1689.533147][ T4639] tty_set_termios+0xda4/0x17e0 [ 1689.539564][ T4639] set_termios+0x516/0x6c0 [ 1689.545549][ T4639] tty_mode_ioctl+0x47e/0x740 [ 1689.551793][ T4639] tty_ioctl+0x9c6/0xde0 [ 1689.557609][ T4639] __se_sys_ioctl+0xfc/0x170 [ 1689.563775][ T4639] do_syscall_64+0xfa/0xfa0 [ 1689.569933][ T4639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1689.577390][ T4639] } [ 1689.579884][ T4639] ... key at: [] alloc_tty_struct.__key.35+0x0/0x20 [ 1689.588564][ T4639] ... acquired at: [ 1689.592451][ T4639] lock_acquire+0x120/0x360 [ 1689.597124][ T4639] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1689.602585][ T4639] stop_tty+0x2f/0x150 [ 1689.606831][ T4639] kbd_event+0x2b72/0x3f70 [ 1689.611425][ T4639] input_handle_events_default+0xd4/0x1a0 [ 1689.617321][ T4639] input_pass_values+0x288/0x890 [ 1689.622440][ T4639] input_event_dispose+0x330/0x6b0 [ 1689.627717][ T4639] input_inject_event+0x1dd/0x340 [ 1689.632910][ T4639] evdev_write+0x2fc/0x480 [ 1689.637502][ T4639] vfs_write+0x27e/0xb30 [ 1689.641920][ T4639] ksys_write+0x145/0x250 [ 1689.646443][ T4639] do_syscall_64+0xfa/0xfa0 [ 1689.651125][ T4639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1689.657198][ T4639] [ 1689.659516][ T4639] [ 1689.659516][ T4639] the dependencies between the lock to be acquired [ 1689.659526][ T4639] and SOFTIRQ-irq-unsafe lock: [ 1689.673113][ T4639] -> (tasklist_lock){.+.+}-{3:3} { [ 1689.678415][ T4639] HARDIRQ-ON-R at: [ 1689.682573][ T4639] lock_acquire+0x120/0x360 [ 1689.689071][ T4639] _raw_read_lock+0x36/0x50 [ 1689.695577][ T4639] __do_wait+0xde/0x740 [ 1689.701739][ T4639] do_wait+0x1f8/0x510 [ 1689.707812][ T4639] kernel_wait+0xab/0x170 [ 1689.714144][ T4639] call_usermodehelper_exec_work+0xbe/0x230 [ 1689.722033][ T4639] process_scheduled_works+0xae1/0x17b0 [ 1689.729576][ T4639] worker_thread+0x8a0/0xda0 [ 1689.736181][ T4639] kthread+0x711/0x8a0 [ 1689.742247][ T4639] ret_from_fork+0x4bc/0x870 [ 1689.748831][ T4639] ret_from_fork_asm+0x1a/0x30 [ 1689.755592][ T4639] SOFTIRQ-ON-R at: [ 1689.759834][ T4639] lock_acquire+0x120/0x360 [ 1689.766334][ T4639] _raw_read_lock+0x36/0x50 [ 1689.772839][ T4639] __do_wait+0xde/0x740 [ 1689.779000][ T4639] do_wait+0x1f8/0x510 [ 1689.785067][ T4639] kernel_wait+0xab/0x170 [ 1689.791400][ T4639] call_usermodehelper_exec_work+0xbe/0x230 [ 1689.799287][ T4639] process_scheduled_works+0xae1/0x17b0 [ 1689.807008][ T4639] worker_thread+0x8a0/0xda0 [ 1689.813595][ T4639] kthread+0x711/0x8a0 [ 1689.819663][ T4639] ret_from_fork+0x4bc/0x870 [ 1689.826248][ T4639] ret_from_fork_asm+0x1a/0x30 [ 1689.833005][ T4639] INITIAL USE at: [ 1689.837068][ T4639] lock_acquire+0x120/0x360 [ 1689.843477][ T4639] _raw_write_lock_irq+0xa2/0xf0 [ 1689.850333][ T4639] copy_process+0x224f/0x3c00 [ 1689.856932][ T4639] kernel_clone+0x21e/0x840 [ 1689.863348][ T4639] user_mode_thread+0xdd/0x140 [ 1689.870024][ T4639] rest_init+0x23/0x300 [ 1689.876093][ T4639] start_kernel+0x3ae/0x410 [ 1689.882592][ T4639] x86_64_start_reservations+0x24/0x30 [ 1689.889964][ T4639] x86_64_start_kernel+0x143/0x1c0 [ 1689.896990][ T4639] common_startup_64+0x13e/0x147 [ 1689.903853][ T4639] INITIAL READ USE at: [ 1689.908363][ T4639] lock_acquire+0x120/0x360 [ 1689.915213][ T4639] _raw_read_lock+0x36/0x50 [ 1689.922060][ T4639] __do_wait+0xde/0x740 [ 1689.928573][ T4639] do_wait+0x1f8/0x510 [ 1689.934991][ T4639] kernel_wait+0xab/0x170 [ 1689.941685][ T4639] call_usermodehelper_exec_work+0xbe/0x230 [ 1689.949921][ T4639] process_scheduled_works+0xae1/0x17b0 [ 1689.957812][ T4639] worker_thread+0x8a0/0xda0 [ 1689.964749][ T4639] kthread+0x711/0x8a0 [ 1689.971167][ T4639] ret_from_fork+0x4bc/0x870 [ 1689.978113][ T4639] ret_from_fork_asm+0x1a/0x30 [ 1689.985220][ T4639] } [ 1689.987887][ T4639] ... key at: [] tasklist_lock+0x18/0x40 [ 1689.995875][ T4639] ... acquired at: [ 1689.999844][ T4639] lock_acquire+0x120/0x360 [ 1690.004513][ T4639] _raw_read_lock+0x36/0x50 [ 1690.009204][ T4639] send_sigurg+0x12b/0x420 [ 1690.013791][ T4639] sk_send_sigurg+0x6c/0x2e0 [ 1690.018567][ T4639] queue_oob+0x420/0x4f0 [ 1690.022982][ T4639] unix_stream_sendmsg+0xc3f/0xdf0 [ 1690.028360][ T4639] __sock_sendmsg+0x21c/0x270 [ 1690.033213][ T4639] ____sys_sendmsg+0x52d/0x830 [ 1690.038146][ T4639] ___sys_sendmsg+0x21f/0x2a0 [ 1690.042993][ T4639] __sys_sendmmsg+0x227/0x430 [ 1690.047839][ T4639] __x64_sys_sendmmsg+0xa0/0xc0 [ 1690.052864][ T4639] do_syscall_64+0xfa/0xfa0 [ 1690.057557][ T4639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1690.063624][ T4639] [ 1690.065939][ T4639] -> (&f_owner->lock){....}-{3:3} { [ 1690.071236][ T4639] INITIAL USE at: [ 1690.075303][ T4639] lock_acquire+0x120/0x360 [ 1690.081548][ T4639] _raw_write_lock_irq+0xa2/0xf0 [ 1690.088231][ T4639] __f_setown+0x67/0x370 [ 1690.094212][ T4639] generic_setlease+0xd60/0x1240 [ 1690.100888][ T4639] fcntl_setlease+0x3a2/0x4c0 [ 1690.107307][ T4639] do_fcntl+0x6a9/0x1910 [ 1690.113285][ T4639] __se_sys_fcntl+0xc8/0x150 [ 1690.119610][ T4639] do_syscall_64+0xfa/0xfa0 [ 1690.125857][ T4639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1690.133489][ T4639] INITIAL READ USE at: [ 1690.137906][ T4639] lock_acquire+0x120/0x360 [ 1690.144575][ T4639] _raw_read_lock_irqsave+0xaf/0x100 [ 1690.152036][ T4639] send_sigio+0x38/0x370 [ 1690.158450][ T4639] kill_fasync+0x24d/0x4d0 [ 1690.165124][ T4639] lease_break_callback+0x26/0x30 [ 1690.172326][ T4639] __break_lease+0x6a5/0x1620 [ 1690.179204][ T4639] do_dentry_open+0x8b7/0x13f0 [ 1690.186158][ T4639] vfs_open+0x3b/0x340 [ 1690.192407][ T4639] path_openat+0x2ee5/0x3830 [ 1690.199169][ T4639] do_filp_open+0x1fa/0x410 [ 1690.205842][ T4639] do_sys_openat2+0x121/0x1c0 [ 1690.212693][ T4639] __x64_sys_open+0x11e/0x150 [ 1690.219543][ T4639] do_syscall_64+0xfa/0xfa0 [ 1690.226231][ T4639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1690.234293][ T4639] } [ 1690.236875][ T4639] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1690.245816][ T4639] ... acquired at: [ 1690.249704][ T4639] lock_acquire+0x120/0x360 [ 1690.254377][ T4639] _raw_read_lock_irqsave+0xaf/0x100 [ 1690.259839][ T4639] send_sigio+0x38/0x370 [ 1690.264251][ T4639] kill_fasync+0x24d/0x4d0 [ 1690.268838][ T4639] lease_break_callback+0x26/0x30 [ 1690.274031][ T4639] __break_lease+0x6a5/0x1620 [ 1690.278889][ T4639] do_dentry_open+0x8b7/0x13f0 [ 1690.283824][ T4639] vfs_open+0x3b/0x340 [ 1690.288060][ T4639] path_openat+0x2ee5/0x3830 [ 1690.292823][ T4639] do_filp_open+0x1fa/0x410 [ 1690.297499][ T4639] do_sys_openat2+0x121/0x1c0 [ 1690.302349][ T4639] __x64_sys_open+0x11e/0x150 [ 1690.307284][ T4639] do_syscall_64+0xfa/0xfa0 [ 1690.311965][ T4639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1690.318030][ T4639] [ 1690.320432][ T4639] -> (&new->fa_lock){....}-{3:3} { [ 1690.325560][ T4639] INITIAL USE at: [ 1690.329468][ T4639] lock_acquire+0x120/0x360 [ 1690.335530][ T4639] _raw_write_lock_irq+0xa2/0xf0 [ 1690.342046][ T4639] fasync_remove_entry+0xf1/0x1c0 [ 1690.348688][ T4639] lease_modify+0x1ca/0x3c0 [ 1690.354757][ T4639] locks_remove_file+0x4bf/0xea0 [ 1690.361269][ T4639] __fput+0x3ab/0xa70 [ 1690.366819][ T4639] task_work_run+0x1d4/0x260 [ 1690.372981][ T4639] exit_to_user_mode_loop+0xe9/0x130 [ 1690.379824][ T4639] do_syscall_64+0x2bd/0xfa0 [ 1690.385982][ T4639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1690.393436][ T4639] INITIAL READ USE at: [ 1690.397762][ T4639] lock_acquire+0x120/0x360 [ 1690.404261][ T4639] _raw_read_lock_irqsave+0xaf/0x100 [ 1690.411548][ T4639] kill_fasync+0x199/0x4d0 [ 1690.418068][ T4639] lease_break_callback+0x26/0x30 [ 1690.425135][ T4639] __break_lease+0x6a5/0x1620 [ 1690.431814][ T4639] do_dentry_open+0x8b7/0x13f0 [ 1690.438575][ T4639] vfs_open+0x3b/0x340 [ 1690.444639][ T4639] path_openat+0x2ee5/0x3830 [ 1690.451236][ T4639] do_filp_open+0x1fa/0x410 [ 1690.457740][ T4639] do_sys_openat2+0x121/0x1c0 [ 1690.464414][ T4639] __x64_sys_open+0x11e/0x150 [ 1690.471094][ T4639] do_syscall_64+0xfa/0xfa0 [ 1690.477600][ T4639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1690.485574][ T4639] } [ 1690.488067][ T4639] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1690.496747][ T4639] ... acquired at: [ 1690.500543][ T4639] lock_acquire+0x120/0x360 [ 1690.505223][ T4639] _raw_read_lock_irqsave+0xaf/0x100 [ 1690.510772][ T4639] kill_fasync+0x199/0x4d0 [ 1690.515360][ T4639] __start_tty+0x18c/0x220 [ 1690.519951][ T4639] start_tty+0x2b/0x70 [ 1690.524193][ T4639] n_tty_set_termios+0xa7c/0x1090 [ 1690.529398][ T4639] tty_set_termios+0xda4/0x17e0 [ 1690.534422][ T4639] set_termios+0x516/0x6c0 [ 1690.539012][ T4639] tty_mode_ioctl+0x47e/0x740 [ 1690.543864][ T4639] tty_ioctl+0x9c6/0xde0 [ 1690.548284][ T4639] __se_sys_ioctl+0xfc/0x170 [ 1690.553047][ T4639] do_syscall_64+0xfa/0xfa0 [ 1690.557729][ T4639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1690.563800][ T4639] [ 1690.566118][ T4639] [ 1690.566118][ T4639] stack backtrace: [ 1690.571997][ T4639] CPU: 1 UID: 0 PID: 4639 Comm: syz.7.28759 Not tainted syzkaller #0 PREEMPT(full) [ 1690.572020][ T4639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1690.572031][ T4639] Call Trace: [ 1690.572041][ T4639] [ 1690.572049][ T4639] dump_stack_lvl+0x189/0x250 [ 1690.572075][ T4639] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1690.572097][ T4639] ? __pfx__printk+0x10/0x10 [ 1690.572117][ T4639] validate_chain+0x1f05/0x2140 [ 1690.572146][ T4639] __lock_acquire+0xab9/0xd20 [ 1690.572163][ T4639] ? kill_fasync+0x199/0x4d0 [ 1690.572182][ T4639] lock_acquire+0x120/0x360 [ 1690.572202][ T4639] ? kill_fasync+0x199/0x4d0 [ 1690.572226][ T4639] _raw_read_lock_irqsave+0xaf/0x100 [ 1690.572249][ T4639] ? kill_fasync+0x199/0x4d0 [ 1690.572267][ T4639] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1690.572292][ T4639] kill_fasync+0x199/0x4d0 [ 1690.572311][ T4639] ? kill_fasync+0x53/0x4d0 [ 1690.572331][ T4639] ? __pfx_n_tty_write_wakeup+0x10/0x10 [ 1690.572350][ T4639] __start_tty+0x18c/0x220 [ 1690.572371][ T4639] start_tty+0x2b/0x70 [ 1690.572391][ T4639] n_tty_set_termios+0xa7c/0x1090 [ 1690.572412][ T4639] ? __pfx_n_tty_set_termios+0x10/0x10 [ 1690.572429][ T4639] tty_set_termios+0xda4/0x17e0 [ 1690.572451][ T4639] ? __pfx_tty_set_termios+0x10/0x10 [ 1690.572477][ T4639] set_termios+0x516/0x6c0 [ 1690.572498][ T4639] ? __pfx_set_termios+0x10/0x10 [ 1690.572519][ T4639] ? tty_ldisc_ref_wait+0x25/0x70 [ 1690.572546][ T4639] tty_mode_ioctl+0x47e/0x740 [ 1690.572568][ T4639] ? __pfx_tty_mode_ioctl+0x10/0x10 [ 1690.572588][ T4639] ? tty_ldisc_ref_wait+0x25/0x70 [ 1690.572608][ T4639] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 1690.572633][ T4639] ? n_tty_ioctl_helper+0x8e/0x340 [ 1690.572654][ T4639] ? __pfx_n_tty_ioctl+0x10/0x10 [ 1690.572671][ T4639] tty_ioctl+0x9c6/0xde0 [ 1690.572694][ T4639] ? __pfx_tty_ioctl+0x10/0x10 [ 1690.572716][ T4639] __se_sys_ioctl+0xfc/0x170 [ 1690.572737][ T4639] do_syscall_64+0xfa/0xfa0 [ 1690.572761][ T4639] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1690.572777][ T4639] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1690.572795][ T4639] ? clear_bhb_loop+0x60/0xb0 [ 1690.572812][ T4639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1690.572829][ T4639] RIP: 0033:0x7f52aa58f6c9 [ 1690.572845][ T4639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1690.572874][ T4639] RSP: 002b:00007f52ab415038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1690.572892][ T4639] RAX: ffffffffffffffda RBX: 00007f52aa7e6090 RCX: 00007f52aa58f6c9 [ 1690.572906][ T4639] RDX: 0000200000000140 RSI: 0000000000005402 RDI: 0000000000000004 [ 1690.572917][ T4639] RBP: 00007f52aa611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1690.572928][ T4639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1690.572939][ T4639] R13: 00007f52aa7e6128 R14: 00007f52aa7e6090 R15: 00007f52aa90fa28 [ 1690.572957][ T4639]