last executing test programs: 6m27.081400554s ago: executing program 4 (id=10308): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f0000000040)={'filter\x00', 0x7003, [0xffff, 0x3ff, 0xa, 0x80000000]}, &(0x7f0000000000)=0x54) 6m27.010891052s ago: executing program 4 (id=10312): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_GET_MSRS_sys(r3, 0xc008ae88, &(0x7f00000002c0)) 6m26.82884764s ago: executing program 4 (id=10318): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_GET_MSRS_cpu(r4, 0xc008ae88, &(0x7f0000000100)={0x2, 0x0, [{0xfe, 0x0, 0x6}, {0x4b564d03, 0x0, 0x7}]}) 6m26.519867197s ago: executing program 4 (id=10328): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080) ioctl$LOOP_SET_FD(r3, 0x4c00, r2) ioctl$LOOP_SET_FD(r3, 0x4c05, r3) dup2(r2, r0) 6m26.223808553s ago: executing program 4 (id=10337): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0xa0401, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x1, 0x0}) 6m25.693463176s ago: executing program 4 (id=10347): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000280)={'ip_vti0\x00', &(0x7f00000001c0)={'gretap0\x00', 0x0, 0x67, 0x1, 0x80000001, 0x80000000, {{0x5, 0x4, 0x0, 0x2, 0x14, 0x67, 0x0, 0x6, 0x4, 0x0, @loopback, @private=0xa010100}}}}) 6m25.429425505s ago: executing program 32 (id=10347): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000280)={'ip_vti0\x00', &(0x7f00000001c0)={'gretap0\x00', 0x0, 0x67, 0x1, 0x80000001, 0x80000000, {{0x5, 0x4, 0x0, 0x2, 0x14, 0x67, 0x0, 0x6, 0x4, 0x0, @loopback, @private=0xa010100}}}}) 1.684380576s ago: executing program 1 (id=17067): socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0xffc, 0x0, 0x400007}, 0x0) r0 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x5ea3, 0x8, 0x8000, 0x400250}, &(0x7f0000000080)=0x0, &(0x7f0000000400)=0x0) ioctl(0xffffffffffffffff, 0x5309, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x0, @fd, 0x8006, 0x0, 0x0, 0x2, 0x1}) io_uring_enter(r0, 0x4be7, 0x4c3, 0x43, 0x0, 0x0) 1.36488143s ago: executing program 0 (id=17074): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) readahead(0xffffffffffffffff, 0xe, 0xffffffffffffffff) 1.31710343s ago: executing program 1 (id=17075): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = fsopen(&(0x7f00000000c0)='devtmpfs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, 0x0, 0x0) 1.199198543s ago: executing program 2 (id=17078): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x50) 1.125082172s ago: executing program 1 (id=17079): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x0}) 1.045461272s ago: executing program 1 (id=17082): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x11, 0x800000003, 0x0) bind$packet(r3, &(0x7f0000000d00)={0x11, 0x0, 0x0, 0x1, 0x7f, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb5}}, 0x14) writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) 1.007770423s ago: executing program 0 (id=17083): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0xa, {"a2e39b214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324d078b089b3b0838681a0890e0878f0e1ac6e7049b3d6d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b343b0d076c0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0d9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c30900004288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef7becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda930b000000cbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe505003d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6ae4effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d71eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d471c8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949d9a92587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15aa82000000000000a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000", 0x1000}}, 0x1006) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) 1.003015013s ago: executing program 2 (id=17084): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r3, 0x29, 0x40, &(0x7f00000001c0)=ANY=[@ANYBLOB="000a000000000fd60730000000000a0000000000000000000000000000000000000000000000000000000d00000000000000000000ef60fc4bd8ecc4e3200000000006004dee00000000000032acaace3269d47147"], 0xd0060) 897.122521ms ago: executing program 5 (id=17085): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x20000600}}, 0x0) 896.66364ms ago: executing program 3 (id=17086): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.dequeue\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0x2711, @local}, 0x10) listen(r3, 0x10001) accept4$vsock_stream(r3, 0x0, 0x0, 0x0) 858.02749ms ago: executing program 2 (id=17087): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) io_uring_register$IORING_REGISTER_IOWQ_AFF(r1, 0x11, 0x0, 0x0) 839.603704ms ago: executing program 0 (id=17088): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) fcntl$lock(r3, 0x25, &(0x7f0000000000)={0x1, 0x0, 0xc08, 0x2}) 812.267804ms ago: executing program 5 (id=17089): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) ppoll(&(0x7f0000000100)=[{r3, 0x408}], 0x1, 0x0, 0x0, 0x0) 793.455047ms ago: executing program 3 (id=17090): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) write(r0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000580)={0x10, 0x23, 0x10, 0x70bd2b, 0x25dfdbfd}, 0x10}], 0x1, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r3, 0xffffffffffffffff, r3, r3, r3]}}], 0x28, 0x4008040}, 0x80000) 792.445901ms ago: executing program 1 (id=17091): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0xb, 0x84) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000080)) 685.773694ms ago: executing program 1 (id=17092): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) 667.625146ms ago: executing program 2 (id=17093): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_TIOCINQ(r4, 0x541b, 0x0) 666.684724ms ago: executing program 5 (id=17094): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="80000000", @ANYRES16=r4, @ANYBLOB="0100"], 0x80}}, 0x0) 658.325118ms ago: executing program 3 (id=17095): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0xc4) r3 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xb0, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r4, {0x0, 0xf}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x80, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1], 0x0, [0x5, 0x6, 0x2, 0x0, 0x8, 0x0, 0x5, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0xfffc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x24, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x7}]}, {0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x2c2a1f44}]}]}]}}]}, 0xb0}}, 0x0) 531.915293ms ago: executing program 5 (id=17096): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) 515.254661ms ago: executing program 0 (id=17097): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) keyctl$KEYCTL_MOVE(0x3, 0x0, 0x0, 0x0, 0x0) 514.263399ms ago: executing program 2 (id=17098): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r0, 0x0, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) r3 = syz_open_pts(r2, 0x0) dup3(r3, r2, 0x0) close_range(r2, r3, 0x0) 372.938466ms ago: executing program 5 (id=17099): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) io_setup(0xf29, &(0x7f0000000040)=0x0) io_cancel(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x101, 0x0, 0x1}, 0x0) 371.88555ms ago: executing program 3 (id=17100): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) timer_create(0x8, 0x0, &(0x7f0000000000)=0x0) timer_delete(r3) 280.32681ms ago: executing program 2 (id=17101): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) ioctl$TCXONC(r1, 0x540a, 0x2) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x6) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$int_in(r2, 0x5452, &(0x7f0000001080)=0x3) write(r2, &(0x7f0000000080)='g', 0x1) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000140)={0x6, 0x3, 0x6, 0x7fff, 0x1a, "ee1dd756f560f25a63b2f119c3439425ea59d8"}) 279.405887ms ago: executing program 0 (id=17102): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r3, 0x0, 0x0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) 161.04152ms ago: executing program 3 (id=17103): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r2, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) 160.325067ms ago: executing program 5 (id=17104): r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000480)=[{0x0}, {0x0}, {&(0x7f00000003c0)="77cccb0deedbb94f1afd3ccb469a6721cc637e9cbc7f0685c4ab02897a615638b1ba209474e485e5c676dab2f779fc45e14a15eb8cab8dce71eaea08ea87db5609774523b75431043e4a32f82c5b61bea2b9b0eff207d81c7b175cfcb3e448d7fcac8844402e9401582eeb4a08d247096e183b9b7de727a818150a153b9397c4cc61a6bd461f30fb84b679bca11d47c56904a9d359442a5c3693048b8aa179cf9385", 0xa2}, {0x0}, {&(0x7f0000000680)}], 0x5, 0x4, 0x5) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000380), 0x80, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000180)="dd1d288b5c8531b217e88adadae889ff7355773058ea6786ff4a6ecea3cda128e134fe03c24723799d3b1c2b0b8fd7be23738420d4cabc76b1df249a7727b977c8", 0x0, 0x4, r4}, 0x38) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xdb, 0xd}) ioctl$KVM_RUN(r3, 0xae80, 0x0) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) 22.193136ms ago: executing program 0 (id=17105): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$cont(0x1f, r3, 0x0, 0xfffffffffffffffe) 0s ago: executing program 3 (id=17106): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./bus\x00', 0x2000018) r2 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40088a01, &(0x7f0000000000)) kernel console output (not intermixed with test programs): syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 805.338030][ T30] audit: type=1326 audit(1763261998.775:1156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1798 comm="syz.3.12894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 805.427807][ T30] audit: type=1326 audit(1763261998.775:1157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1798 comm="syz.3.12894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 806.765711][ T1854] netlink: 60 bytes leftover after parsing attributes in process `syz.5.12919'. [ 807.151596][ T1870] blkio.reset_stats is deprecated [ 807.429293][ T1882] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12933'. [ 808.080031][ T1916] netlink: 32 bytes leftover after parsing attributes in process `syz.5.12950'. [ 808.738823][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.745579][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.332260][ T2024] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12996'. [ 810.375205][T32351] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 810.552178][T32351] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 810.592655][T32351] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 810.623034][T32351] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 810.656388][T32351] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 810.690257][T32351] usb 2-1: Manufacturer: syz [ 810.738288][T32351] usb 2-1: config 0 descriptor?? [ 811.170292][T32351] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 811.178616][T32351] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 811.195191][T32351] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 811.205985][T32351] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 811.223142][T32351] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 811.234590][T32351] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 811.344027][ T2054] sch_tbf: burst 0 is lower than device lo mtu (18) ! [ 811.544933][T32351] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 811.566974][T32351] pyra 0003:1E7D:2CF6.0009: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 811.768387][ T2064] netlink: 68 bytes leftover after parsing attributes in process `syz.3.13012'. [ 813.389037][T32351] pyra 0003:1E7D:2CF6.0009: couldn't init struct pyra_device [ 813.396899][T32351] pyra 0003:1E7D:2CF6.0009: couldn't install mouse [ 813.446246][T32351] pyra 0003:1E7D:2CF6.0009: probe with driver pyra failed with error -71 [ 813.487821][T32351] usb 2-1: USB disconnect, device number 30 [ 813.717591][ T2096] fido_id[2096]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 815.854348][ T2176] binder_alloc: 2175: binder_alloc_buf size 1024 failed, no address space [ 815.868927][ T2176] binder_alloc: allocated: 12288 (num: 2 largest: 12280), free: 0 (num: 0 largest: 0) [ 816.684444][ T2219] netlink: 3672 bytes leftover after parsing attributes in process `syz.1.13083'. [ 817.304934][ T9] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 817.475023][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 817.487010][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 817.513007][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 817.545271][ T9] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 817.575812][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 817.583854][ T9] usb 2-1: Product: syz [ 817.595370][ T9] usb 2-1: Manufacturer: syz [ 817.600025][ T9] usb 2-1: SerialNumber: syz [ 817.619403][ T9] usb 2-1: config 0 descriptor?? [ 817.648543][ T9] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 817.672249][ T9] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 817.931309][ T2281] netlink: 188 bytes leftover after parsing attributes in process `syz.5.13110'. [ 818.113300][ T2290] input: syz0 as /devices/virtual/input/input55 [ 818.244138][ T9] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 818.257078][ T9] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 819.269775][ T9] em28xx 2-1:0.0: AC97 vendor ID = 0x00fc00fe [ 819.631306][ T2361] netlink: 'syz.3.13148': attribute type 4 has an invalid length. [ 819.679068][ T9] em28xx 2-1:0.0: Unknown AC97 audio processor detected! [ 819.686775][ T9] em28xx 2-1:0.0: couldn't setup AC97 register 2 [ 819.703641][ T9] em28xx 2-1:0.0: couldn't setup AC97 register 4 [ 819.727371][ T9] em28xx 2-1:0.0: couldn't setup AC97 register 6 [ 819.760045][ T9] em28xx 2-1:0.0: couldn't setup AC97 register 54 [ 819.781875][ T9] em28xx 2-1:0.0: couldn't setup AC97 register 56 [ 819.825165][ T9] usb 2-1: USB disconnect, device number 31 [ 821.139316][ T2406] fuse: Bad value for 'fd' [ 823.568580][ T2482] team_slave_0: Caught tx_queue_len zero misconfig [ 824.299863][ T2506] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13203'. [ 824.330424][ T2506] net_ratelimit: 10 callbacks suppressed [ 824.330442][ T2506] openvswitch: netlink: Missing key (keys=40, expected=80) [ 824.750041][ T30] kauditd_printk_skb: 60 callbacks suppressed [ 824.750053][ T30] audit: type=1326 audit(1763262019.195:1218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2489 comm="syz.0.13198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7fc00000 [ 824.845701][ T30] audit: type=1326 audit(1763262019.195:1219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2489 comm="syz.0.13198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4b8bf8f6c9 code=0x7fc00000 [ 824.868767][ T30] audit: type=1326 audit(1763262019.195:1220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2489 comm="syz.0.13198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7fc00000 [ 824.906569][ T30] audit: type=1326 audit(1763262019.195:1221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2489 comm="syz.0.13198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7fc00000 [ 824.935813][ T30] audit: type=1326 audit(1763262019.195:1222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2489 comm="syz.0.13198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7fc00000 [ 824.965569][ T30] audit: type=1326 audit(1763262019.195:1223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2489 comm="syz.0.13198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7fc00000 [ 825.026035][ T30] audit: type=1326 audit(1763262019.195:1224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2489 comm="syz.0.13198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7fc00000 [ 825.057376][ T30] audit: type=1326 audit(1763262019.195:1225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2489 comm="syz.0.13198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7fc00000 [ 825.094050][ T30] audit: type=1326 audit(1763262019.195:1226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2489 comm="syz.0.13198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7fc00000 [ 825.131846][ T30] audit: type=1326 audit(1763262019.195:1227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2489 comm="syz.0.13198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7fc00000 [ 825.403035][ T2381] syz.5.13153 (2381): drop_caches: 1 [ 826.363652][ T2574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13225'. [ 828.435878][ T2662] netlink: 'syz.2.13260': attribute type 4 has an invalid length. [ 829.875728][ T2744] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13292'. [ 830.945839][ T2772] syz.0.13296 (2772): drop_caches: 1 [ 832.061173][ T2834] trusted_key: encrypted_key: insufficient parameters specified [ 832.063185][ T2832] netlink: 'syz.5.13323': attribute type 11 has an invalid length. [ 832.078729][ T2832] netlink: 'syz.5.13323': attribute type 1 has an invalid length. [ 832.086907][ T2832] netlink: 3593 bytes leftover after parsing attributes in process `syz.5.13323'. [ 832.391520][ T2859] netlink: 20 bytes leftover after parsing attributes in process `syz.5.13331'. [ 834.412408][ T2929] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 834.426408][ T2929] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 834.635967][ T2954] netlink: 12 bytes leftover after parsing attributes in process `syz.5.13372'. [ 835.705684][ T5826] Bluetooth: hci3: command 0x0406 tx timeout [ 836.375991][ T30] kauditd_printk_skb: 42 callbacks suppressed [ 836.376007][ T30] audit: type=1326 audit(1763262030.825:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3037 comm="syz.1.13409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604d58f6c9 code=0x7ffc0000 [ 836.759696][ T3039] syz.2.13405 (3039): drop_caches: 1 [ 836.871729][ T30] audit: type=1326 audit(1763262030.825:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3037 comm="syz.1.13409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604d58f6c9 code=0x7ffc0000 [ 836.933683][ T30] audit: type=1326 audit(1763262030.865:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3037 comm="syz.1.13409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f604d58f6c9 code=0x7ffc0000 [ 837.250902][ T30] audit: type=1326 audit(1763262030.865:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3037 comm="syz.1.13409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604d58f6c9 code=0x7ffc0000 [ 837.280732][ T30] audit: type=1326 audit(1763262030.865:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3037 comm="syz.1.13409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604d58f6c9 code=0x7ffc0000 [ 837.385920][ T30] audit: type=1326 audit(1763262030.865:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3037 comm="syz.1.13409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f604d58f6c9 code=0x7ffc0000 [ 837.498181][ T30] audit: type=1326 audit(1763262030.865:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3037 comm="syz.1.13409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604d58f6c9 code=0x7ffc0000 [ 837.558620][ T30] audit: type=1326 audit(1763262030.865:1277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3037 comm="syz.1.13409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604d58f6c9 code=0x7ffc0000 [ 837.606971][ T30] audit: type=1326 audit(1763262030.865:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3037 comm="syz.1.13409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f604d58f6c9 code=0x7ffc0000 [ 837.632261][ T30] audit: type=1326 audit(1763262030.865:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3037 comm="syz.1.13409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604d58f6c9 code=0x7ffc0000 [ 837.871838][ T3067] netlink: 16 bytes leftover after parsing attributes in process `syz.0.13421'. [ 837.885873][ T3067] tipc: Enabling of bearer rejected, already enabled [ 837.942703][ T3069] netlink: 128 bytes leftover after parsing attributes in process `syz.3.13422'. [ 837.961052][ T3069] netlink: 20 bytes leftover after parsing attributes in process `syz.3.13422'. [ 838.120288][ T3074] netlink: 'syz.5.13424': attribute type 8 has an invalid length. [ 838.197873][ T3050] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 838.215787][ T3077] fuse: Bad value for 'user_id' [ 838.223085][ T3077] fuse: Bad value for 'user_id' [ 838.529688][ T3095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13433'. [ 838.612605][ T3093] IPv6: syztnl0: Disabled Multicast RS [ 838.655214][T32351] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 838.824958][T32351] usb 6-1: Using ep0 maxpacket: 32 [ 838.889380][T32351] usb 6-1: unable to get BOS descriptor or descriptor too short [ 838.937890][T32351] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 838.947900][T32351] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 838.958931][T32351] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 838.970631][T32351] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 838.983797][T32351] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 839.009474][T32351] usb 6-1: Product: syz [ 839.017247][T32351] usb 6-1: Manufacturer: syz [ 839.028561][T32351] usb 6-1: SerialNumber: syz [ 839.270138][T32351] usb 6-1: 0:2 : does not exist [ 839.308831][T32351] usb 6-1: USB disconnect, device number 6 [ 839.407158][T29980] udevd[29980]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 839.616119][ T5826] Bluetooth: hci3: command 0x0406 tx timeout [ 840.155222][T19260] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 840.226572][ T3147] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 840.305217][T19260] usb 6-1: Using ep0 maxpacket: 32 [ 840.312832][T19260] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 840.328828][T19260] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 840.353811][T19260] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 840.365265][T19260] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 840.386638][T19260] usb 6-1: config 0 descriptor?? [ 840.407808][T19260] hub 6-1:0.0: USB hub found [ 840.607374][T19260] hub 6-1:0.0: config failed, can't read hub descriptor (err -22) [ 840.636341][T19260] usbhid 6-1:0.0: can't add hid device: -71 [ 840.643662][T19260] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 840.698210][T19260] usb 6-1: USB disconnect, device number 7 [ 840.906291][ T3169] binder: 3168:3169 ioctl c0306201 2000000001c0 returned -14 [ 841.705379][ T5905] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 841.890101][ T5905] usb 2-1: Using ep0 maxpacket: 8 [ 841.895358][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 841.895373][ T30] audit: type=1326 audit(1763262036.325:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3231 comm="syz.2.13496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 841.935204][ T30] audit: type=1326 audit(1763262036.325:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3231 comm="syz.2.13496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 841.936419][ T5905] usb 2-1: config 0 interface 0 altsetting 247 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 841.998152][ T30] audit: type=1326 audit(1763262036.375:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3231 comm="syz.2.13496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 842.039918][ T30] audit: type=1326 audit(1763262036.375:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3231 comm="syz.2.13496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 842.066850][ T5905] usb 2-1: config 0 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 842.109967][ T5905] usb 2-1: config 0 interface 0 has no altsetting 0 [ 842.126496][ T30] audit: type=1326 audit(1763262036.375:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3231 comm="syz.2.13496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 842.145237][ T5905] usb 2-1: New USB device found, idVendor=054c, idProduct=09cc, bcdDevice= 0.00 [ 842.197141][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 842.226376][ T30] audit: type=1326 audit(1763262036.375:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3231 comm="syz.2.13496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 842.280917][ T30] audit: type=1326 audit(1763262036.375:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3231 comm="syz.2.13496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 842.295978][ T5905] usb 2-1: config 0 descriptor?? [ 842.354661][ T30] audit: type=1326 audit(1763262036.375:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3231 comm="syz.2.13496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 842.388267][ T30] audit: type=1326 audit(1763262036.375:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3231 comm="syz.2.13496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 842.437735][ T30] audit: type=1326 audit(1763262036.375:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3231 comm="syz.2.13496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 842.641377][ T3259] binder_alloc: 3258: pid 3258 spamming oneway? 1 buffers allocated for a total size of 4096 [ 842.745266][ T3207] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 842.764049][ T5905] playstation 0003:054C:09CC.000A: hidraw0: USB HID vff.ed Device [HID 054c:09cc] on usb-dummy_hcd.1-1/input0 [ 842.964444][ T5905] playstation 0003:054C:09CC.000A: Failed to retrieve feature with reportID 18: -71 [ 842.984952][ T5905] playstation 0003:054C:09CC.000A: Failed to retrieve DualShock4 pairing info: -71 [ 843.008704][ T5905] playstation 0003:054C:09CC.000A: Failed to get MAC address from DualShock4 [ 843.040613][ T5905] playstation 0003:054C:09CC.000A: Failed to create dualshock4. [ 843.064935][ T5905] playstation 0003:054C:09CC.000A: probe with driver playstation failed with error -71 [ 843.155364][ T5905] usb 2-1: USB disconnect, device number 32 [ 843.340764][ T3279] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13517'. [ 843.714305][ T3298] binder: 3294:3298 ioctl c0306201 2000000004c0 returned -22 [ 844.097708][T32351] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 844.275622][T32351] usb 4-1: Using ep0 maxpacket: 32 [ 844.285383][T32351] usb 4-1: config 0 has an invalid interface number: 138 but max is 0 [ 844.304443][T32351] usb 4-1: config 0 has no interface number 0 [ 844.328851][T32351] usb 4-1: New USB device found, idVendor=0b95, idProduct=7720, bcdDevice= b.93 [ 844.348531][T32351] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 844.370982][T32351] usb 4-1: Product: syz [ 844.387045][T32351] usb 4-1: Manufacturer: syz [ 844.398126][T32351] usb 4-1: SerialNumber: syz [ 844.419400][T32351] usb 4-1: config 0 descriptor?? [ 844.643065][T32351] asix 4-1:0.138: probe with driver asix failed with error -71 [ 844.689667][T32351] usb 4-1: USB disconnect, device number 22 [ 845.450465][ T3375] random: crng reseeded on system resumption [ 847.269853][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 847.269871][ T30] audit: type=1326 audit(1763262041.715:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3441 comm="syz.2.13588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 847.388286][ T30] audit: type=1326 audit(1763262041.715:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3441 comm="syz.2.13588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 847.454051][ T30] audit: type=1326 audit(1763262041.715:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3441 comm="syz.2.13588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 847.517716][ T30] audit: type=1326 audit(1763262041.715:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3441 comm="syz.2.13588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 847.544715][ T30] audit: type=1326 audit(1763262041.715:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3441 comm="syz.2.13588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 847.584150][ T30] audit: type=1326 audit(1763262041.745:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3441 comm="syz.2.13588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 848.142072][T32351] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 848.145178][ T3473] bond0: (slave macvlan2): Opening slave failed [ 848.355554][T32351] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 848.366049][T32351] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 848.400585][T32351] usb 3-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 848.421706][T32351] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 848.465885][T32351] usb 3-1: config 0 descriptor?? [ 848.675406][T19260] usb 2-1: new full-speed USB device number 33 using dummy_hcd [ 848.696043][ T3460] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 848.718628][ T3460] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 848.769221][ T3500] pim6reg: entered allmulticast mode [ 848.798805][ T3500] netlink: 'syz.3.13615': attribute type 10 has an invalid length. [ 848.800767][T32351] usb 3-1: USB disconnect, device number 25 [ 848.836942][T19260] usb 2-1: config 0 has an invalid interface number: 231 but max is 0 [ 848.845861][T19260] usb 2-1: config 0 has no interface number 0 [ 848.851995][T19260] usb 2-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 848.884076][ T3500] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 848.903949][T19260] usb 2-1: config 0 interface 231 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 848.917640][ T3500] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 848.927230][T19260] usb 2-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 848.940405][T19260] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 848.962141][T19260] usb 2-1: Product: syz [ 848.966876][T19260] usb 2-1: Manufacturer: syz [ 848.971476][T19260] usb 2-1: SerialNumber: syz [ 848.995602][T19260] usb 2-1: config 0 descriptor?? [ 849.003270][ T3487] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 849.016881][T19260] plusb 2-1:0.231: probe with driver plusb failed with error -22 [ 849.052835][ T3503] netlink: 720 bytes leftover after parsing attributes in process `syz.0.13616'. [ 849.097086][ T3503] veth5: entered promiscuous mode [ 849.203937][ T3511] netlink: 'syz.0.13620': attribute type 6 has an invalid length. [ 849.245856][T32351] usb 2-1: USB disconnect, device number 33 [ 849.410342][ T3520] netlink: 104 bytes leftover after parsing attributes in process `syz.5.13624'. [ 850.690706][ T3572] netlink: 104 bytes leftover after parsing attributes in process `syz.5.13646'. [ 851.617580][ T3622] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6) [ 851.624154][ T3622] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 851.648177][ T3622] vhci_hcd vhci_hcd.0: Device attached [ 851.658075][ T3623] usbip_core: unknown command [ 851.664026][ T3623] vhci_hcd: unknown pdu 0 [ 851.670015][ T3623] usbip_core: unknown command [ 851.695918][T26010] vhci_hcd: stop threads [ 851.700220][T26010] vhci_hcd: release socket [ 851.704660][T26010] vhci_hcd: disconnect device [ 851.790652][T26010] tipc: Subscription rejected, illegal request [ 851.834896][ T5905] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 851.984932][ T5905] usb 4-1: Using ep0 maxpacket: 8 [ 851.991738][ T5905] usb 4-1: config 0 has an invalid interface number: 200 but max is 0 [ 852.004880][ T5905] usb 4-1: config 0 has no interface number 0 [ 852.021301][ T5905] usb 4-1: config 0 interface 200 altsetting 2 has an endpoint descriptor with address 0xB5, changing to 0x85 [ 852.034929][ T5905] usb 4-1: config 0 interface 200 altsetting 2 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 852.095249][ T5905] usb 4-1: config 0 interface 200 altsetting 2 endpoint 0x85 has invalid maxpacket 1126, setting to 1024 [ 852.107384][ T5905] usb 4-1: config 0 interface 200 has no altsetting 0 [ 852.116604][ T5905] usb 4-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 852.135033][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 852.144973][ T5905] usb 4-1: Product: syz [ 852.150959][ T5905] usb 4-1: Manufacturer: syz [ 852.168620][ T5905] usb 4-1: SerialNumber: syz [ 852.357223][ T5905] usb 4-1: config 0 descriptor?? [ 852.378870][ T3620] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 852.687524][ T5905] input: Hanwang Art Master III 0906 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.200/input/input56 [ 852.710173][ C1] usb 4-1: hanwang_irq - nonzero urb status received: -71 [ 852.717555][ C1] usb 4-1: hanwang_irq - nonzero urb status received: -71 [ 852.718418][ T5905] usb 4-1: USB disconnect, device number 23 [ 852.724697][ C1] usb 4-1: hanwang_irq - usb_submit_urb failed with result -19 [ 854.569360][ T30] audit: type=1326 audit(1763262049.005:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3710 comm="syz.2.13706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 854.592399][ T30] audit: type=1326 audit(1763262049.005:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3710 comm="syz.2.13706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 854.799603][ T30] audit: type=1326 audit(1763262049.005:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3710 comm="syz.2.13706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 854.832819][ T30] audit: type=1326 audit(1763262049.005:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3710 comm="syz.2.13706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 854.859057][ T30] audit: type=1326 audit(1763262049.005:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3710 comm="syz.2.13706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 854.984964][ T30] audit: type=1326 audit(1763262049.005:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3710 comm="syz.2.13706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 855.141620][ T3729] netlink: 24 bytes leftover after parsing attributes in process `syz.0.13716'. [ 855.755220][T32351] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 855.939614][T32351] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 855.975158][T32351] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 856.001377][T32351] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 856.018322][T32351] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 856.032352][T32351] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 856.055933][T32351] usb 1-1: config 0 descriptor?? [ 856.184995][ T10] usb 2-1: new full-speed USB device number 34 using dummy_hcd [ 856.357173][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 856.383147][ T10] usb 2-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 856.404931][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 856.424256][ T10] usb 2-1: config 0 descriptor?? [ 856.433858][ T3766] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 856.510509][T32351] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 856.548496][ T30] audit: type=1326 audit(1763262050.995:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3787 comm="syz.5.13744" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x0 [ 856.650194][ T10] usbhid 2-1:0.0: can't add hid device: -71 [ 856.659790][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 856.702549][ T3794] netlink: 44 bytes leftover after parsing attributes in process `syz.5.13746'. [ 856.726924][ T10] usb 2-1: USB disconnect, device number 34 [ 856.746248][ T3794] netlink: 12 bytes leftover after parsing attributes in process `syz.5.13746'. [ 856.770199][ T3746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 856.793005][ T3746] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 856.886730][T32351] usb 1-1: USB disconnect, device number 25 [ 857.039253][ T3811] netlink: 44 bytes leftover after parsing attributes in process `syz.3.13754'. [ 857.050575][ T3811] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13754'. [ 857.061266][ T3811] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13754'. [ 857.437187][ T3832] sock: sock_timestamping_bind_phc: sock not bind to device [ 857.565572][ T3839] netlink: 20 bytes leftover after parsing attributes in process `syz.0.13769'. [ 859.835676][ T3950] netlink: 14 bytes leftover after parsing attributes in process `syz.0.13821'. [ 860.137160][ T3970] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13830'. [ 860.160939][ T3970] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13830'. [ 860.188185][ T3970] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13830'. [ 860.310513][ T3978] binder: 3977:3978 ioctl c0306201 0 returned -14 [ 861.167264][ T4007] netlink: 20 bytes leftover after parsing attributes in process `syz.1.13847'. [ 861.185880][ T4007] netlink: 20 bytes leftover after parsing attributes in process `syz.1.13847'. [ 862.231580][ T30] audit: type=1326 audit(1763262056.675:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.13872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 862.348579][ T30] audit: type=1326 audit(1763262056.705:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.13872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 862.465560][ T30] audit: type=1326 audit(1763262056.705:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.13872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 862.583156][ T30] audit: type=1326 audit(1763262056.705:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.13872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 862.662997][ T30] audit: type=1326 audit(1763262056.705:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.13872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 862.805709][ T30] audit: type=1326 audit(1763262056.705:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.13872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 862.830968][ T30] audit: type=1326 audit(1763262056.715:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.13872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 862.859746][ T30] audit: type=1326 audit(1763262056.715:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.13872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 863.016446][ T30] audit: type=1326 audit(1763262056.715:1353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.13872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 863.045112][ T4075] program syz.2.13877 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 863.104617][ T30] audit: type=1326 audit(1763262056.715:1354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.13872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 864.114731][ T4109] netlink: 1319 bytes leftover after parsing attributes in process `syz.1.13891'. [ 864.163329][ T4111] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13894'. [ 864.919563][ T4148] netlink: 'syz.3.13912': attribute type 27 has an invalid length. [ 865.016320][ T4153] netlink: 'syz.0.13913': attribute type 4 has an invalid length. [ 865.059585][ T4153] netlink: 'syz.0.13913': attribute type 4 has an invalid length. [ 866.957603][ T4265] loop2: detected capacity change from 0 to 7 [ 867.012619][ T4265] Dev loop2: unable to read RDB block 7 [ 867.035248][ T4265] loop2: AHDI p1 p2 p3 [ 867.039510][ T4265] loop2: partition table partially beyond EOD, truncated [ 867.056599][ T4265] loop2: p1 start 1601398130 is beyond EOD, truncated [ 867.063421][ T4265] loop2: p2 start 1702059890 is beyond EOD, truncated [ 868.125935][ T4335] netlink: 408 bytes leftover after parsing attributes in process `syz.0.14001'. [ 868.145179][ T4335] netlink: 12 bytes leftover after parsing attributes in process `syz.0.14001'. [ 868.161641][ T4335] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14001'. [ 868.544597][ T4361] netlink: 48 bytes leftover after parsing attributes in process `syz.0.14011'. [ 869.068768][ T4392] netlink: 204 bytes leftover after parsing attributes in process `syz.3.14029'. [ 869.215523][ T10] usb 2-1: new low-speed USB device number 35 using dummy_hcd [ 869.378011][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 869.407066][ T10] usb 2-1: config 0 has no interfaces? [ 869.428442][ T10] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 869.472415][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 869.507652][ T10] usb 2-1: config 0 descriptor?? [ 869.731315][T28841] usb 2-1: USB disconnect, device number 35 [ 870.095570][ T30] kauditd_printk_skb: 38 callbacks suppressed [ 870.095589][ T30] audit: type=1326 audit(1763262064.525:1393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4420 comm="syz.3.14041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 870.180320][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.191176][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.225133][ T30] audit: type=1326 audit(1763262064.525:1394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4420 comm="syz.3.14041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 870.267356][ T30] audit: type=1326 audit(1763262064.525:1395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4420 comm="syz.3.14041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 871.600771][ T4500] xt_CT: You must specify a L4 protocol and not use inversions on it [ 871.758816][ T4505] syzkaller0: entered promiscuous mode [ 871.764353][ T4505] syzkaller0: entered allmulticast mode [ 872.465952][ T4535] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 872.606639][ T24] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 872.798189][ T24] usb 2-1: config 0 has no interfaces? [ 872.803928][ T24] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 872.824182][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 872.859918][ T24] usb 2-1: config 0 descriptor?? [ 873.110301][ T24] usb 2-1: USB disconnect, device number 36 [ 874.562841][ T4615] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 875.536341][ T4649] syzkaller0: entered promiscuous mode [ 875.544862][ T4649] syzkaller0: entered allmulticast mode [ 875.744929][ T4659] netlink: 'syz.0.14154': attribute type 27 has an invalid length. [ 875.754890][ T24] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 875.907879][ T24] usb 6-1: config 0 has an invalid interface number: 41 but max is 0 [ 875.946761][ T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 875.985601][ T24] usb 6-1: config 0 has no interface number 0 [ 876.002466][ T24] usb 6-1: config 0 interface 41 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 876.034030][ T24] usb 6-1: config 0 interface 41 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 876.081835][ T24] usb 6-1: config 0 interface 41 has no altsetting 0 [ 876.118395][ T24] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 876.145904][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 876.181276][ T24] usb 6-1: Product: syz [ 876.191172][ T24] usb 6-1: Manufacturer: syz [ 876.201306][ T24] usb 6-1: SerialNumber: syz [ 876.220881][ T24] usb 6-1: config 0 descriptor?? [ 876.243828][ T24] CoreChips 6-1:0.41: probe with driver CoreChips failed with error -22 [ 876.516506][ T24] usb 6-1: USB disconnect, device number 8 [ 876.761930][ T4692] netlink: 68 bytes leftover after parsing attributes in process `syz.3.14169'. [ 876.790176][ T4690] usb usb8: usbfs: process 4690 (syz.1.14167) did not claim interface 0 before use [ 877.304830][ T30] audit: type=1326 audit(1763262071.745:1396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4705 comm="syz.0.14175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7fc00000 [ 878.319223][ T4751] netlink: 'syz.1.14196': attribute type 10 has an invalid length. [ 878.351151][ T4751] netlink: 40 bytes leftover after parsing attributes in process `syz.1.14196'. [ 878.619669][ T4766] fuse: Invalid rootmode [ 879.500094][ T4797] netlink: 20 bytes leftover after parsing attributes in process `syz.0.14217'. [ 879.731049][ T4804] sch_tbf: burst 1821 is lower than device lo mtu (11337746) ! [ 879.760728][ T4804] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14219'. [ 881.745668][ T4841] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14236'. [ 882.242341][ T4864] netlink: 44 bytes leftover after parsing attributes in process `syz.5.14246'. [ 882.320254][ T4867] binder: 4866:4867 ioctl 4018620d 0 returned -22 [ 882.736370][ T4886] netlink: 68 bytes leftover after parsing attributes in process `syz.1.14257'. [ 883.219529][ T4901] netlink: 'syz.1.14262': attribute type 11 has an invalid length. [ 883.254927][ T4901] netlink: 32 bytes leftover after parsing attributes in process `syz.1.14262'. [ 883.485459][ T30] audit: type=1326 audit(1763262077.895:1397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4908 comm="syz.0.14267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7ffc0000 [ 883.672238][ T30] audit: type=1326 audit(1763262077.895:1398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4908 comm="syz.0.14267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7ffc0000 [ 883.840006][ T30] audit: type=1326 audit(1763262077.895:1399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4908 comm="syz.0.14267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f4b8bf8f6c9 code=0x7ffc0000 [ 883.973485][ T30] audit: type=1326 audit(1763262077.895:1400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4908 comm="syz.0.14267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7ffc0000 [ 884.014371][ T30] audit: type=1326 audit(1763262077.895:1401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4908 comm="syz.0.14267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4b8bf8f6c9 code=0x7ffc0000 [ 884.037828][ T30] audit: type=1326 audit(1763262077.895:1402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4908 comm="syz.0.14267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7ffc0000 [ 884.090122][ T30] audit: type=1326 audit(1763262077.895:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4908 comm="syz.0.14267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f4b8bf8f6c9 code=0x7ffc0000 [ 884.151727][ T30] audit: type=1326 audit(1763262077.895:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4908 comm="syz.0.14267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x7ffc0000 [ 884.224690][ T4934] xt_TCPMSS: Only works on TCP SYN packets [ 884.242832][ T4934] hub 1-0:1.0: USB hub found [ 884.247946][ T4934] hub 1-0:1.0: 1 port detected [ 884.520664][ T4950] netlink: 'syz.5.14284': attribute type 4 has an invalid length. [ 884.530890][ T4950] netlink: 17 bytes leftover after parsing attributes in process `syz.5.14284'. [ 884.716338][ T4960] netlink: 12 bytes leftover after parsing attributes in process `syz.5.14289'. [ 887.705539][ T5051] netlink: 'syz.1.14328': attribute type 7 has an invalid length. [ 887.727249][ T5051] netlink: 'syz.1.14328': attribute type 8 has an invalid length. [ 889.382319][ T5127] veth1_macvtap: left allmulticast mode [ 889.428883][T28841] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 889.608309][T28841] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 889.620226][T28841] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 889.636944][T28841] usb 4-1: config 220 has 2 interfaces, different from the descriptor's value: 3 [ 889.650210][T28841] usb 4-1: config 220 has no interface number 1 [ 889.656925][T28841] usb 4-1: config 220 interface 0 has no altsetting 0 [ 889.688363][T28841] usb 4-1: config 220 interface 76 has no altsetting 0 [ 889.710542][T28841] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 889.733468][T28841] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 889.761602][T28841] usb 4-1: Product: syz [ 889.770984][T28841] usb 4-1: Manufacturer: syz [ 889.777676][T28841] usb 4-1: SerialNumber: syz [ 890.022180][T28841] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 890.052230][T28841] uvcvideo 4-1:220.0: No valid video chain found. [ 890.088638][T28841] usb 4-1: USB disconnect, device number 24 [ 890.322631][ T5188] netlink: 12 bytes leftover after parsing attributes in process `syz.5.14389'. [ 890.617000][ T5206] netlink: 'syz.5.14396': attribute type 64 has an invalid length. [ 890.626288][ T5206] netlink: 5 bytes leftover after parsing attributes in process `syz.5.14396'. [ 890.635566][ T5206] gretap0: entered allmulticast mode [ 890.651076][ T5206] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 891.032953][ T5231] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14409'. [ 891.043215][ T5231] netlink: 12 bytes leftover after parsing attributes in process `syz.3.14409'. [ 891.053401][ T5231] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14409'. [ 891.707059][ T5264] netlink: 24 bytes leftover after parsing attributes in process `syz.5.14424'. [ 892.246365][ T5285] syzkaller0: entered promiscuous mode [ 892.260512][ T5285] syzkaller0: entered allmulticast mode [ 893.656427][ T5354] fuse: Bad value for 'user_id' [ 893.661655][ T5354] fuse: Bad value for 'user_id' [ 895.869215][ T30] audit: type=1326 audit(1763262090.315:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5441 comm="syz.3.14507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 895.891403][ C1] vkms_vblank_simulate: vblank timer overrun [ 895.964877][ T30] audit: type=1326 audit(1763262090.315:1406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5441 comm="syz.3.14507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 895.987094][ C1] vkms_vblank_simulate: vblank timer overrun [ 896.059258][ T30] audit: type=1326 audit(1763262090.315:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5441 comm="syz.3.14507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 896.127040][ T30] audit: type=1326 audit(1763262090.315:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5441 comm="syz.3.14507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 896.206535][ T30] audit: type=1326 audit(1763262090.315:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5441 comm="syz.3.14507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 896.297624][ T30] audit: type=1326 audit(1763262090.315:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5441 comm="syz.3.14507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 896.319850][ C1] vkms_vblank_simulate: vblank timer overrun [ 896.385172][ T30] audit: type=1326 audit(1763262090.315:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5441 comm="syz.3.14507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 896.407367][ C1] vkms_vblank_simulate: vblank timer overrun [ 896.523324][ T5462] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14517'. [ 896.578084][ T30] audit: type=1326 audit(1763262090.315:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5441 comm="syz.3.14507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 896.662149][ T30] audit: type=1326 audit(1763262090.315:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5441 comm="syz.3.14507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 896.744235][ T30] audit: type=1326 audit(1763262090.315:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5441 comm="syz.3.14507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x50000 [ 896.882749][ T5470] netlink: 'syz.5.14521': attribute type 64 has an invalid length. [ 896.895034][ T5470] netlink: 5 bytes leftover after parsing attributes in process `syz.5.14521'. [ 898.476932][ T5567] netlink: 132 bytes leftover after parsing attributes in process `syz.2.14566'. [ 898.639779][ T5577] netlink: 20 bytes leftover after parsing attributes in process `syz.0.14570'. [ 899.073019][ T5607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 899.975130][T19260] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 900.135951][T19260] usb 1-1: Using ep0 maxpacket: 8 [ 900.147616][T19260] usb 1-1: config 0 has an invalid interface number: 200 but max is 0 [ 900.168105][T19260] usb 1-1: config 0 has no interface number 0 [ 900.178258][T19260] usb 1-1: config 0 interface 200 altsetting 2 has an endpoint descriptor with address 0xB5, changing to 0x85 [ 900.225135][T19260] usb 1-1: config 0 interface 200 altsetting 2 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 900.251063][T19260] usb 1-1: config 0 interface 200 altsetting 2 endpoint 0x85 has invalid maxpacket 1126, setting to 1024 [ 900.263369][T19260] usb 1-1: config 0 interface 200 has no altsetting 0 [ 900.273620][T19260] usb 1-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 900.306772][T19260] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 900.326011][T19260] usb 1-1: Product: syz [ 900.330325][T19260] usb 1-1: Manufacturer: syz [ 900.340451][T19260] usb 1-1: SerialNumber: syz [ 900.356677][T19260] usb 1-1: config 0 descriptor?? [ 900.372566][ T5647] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 900.609791][T19260] input: Hanwang Art Master III 0906 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.200/input/input59 [ 900.633465][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.640885][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.649056][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.658095][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.665857][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.673202][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.680788][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.689393][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.696740][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.704151][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.711735][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.719105][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.726514][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.733944][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.741589][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.748959][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.756309][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.763948][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.771920][ C1] usb 1-1: hanwang_irq - nonzero urb status received: -71 [ 900.779137][ C1] usb 1-1: hanwang_irq - usb_submit_urb failed with result -1 [ 900.793727][T19260] usb 1-1: USB disconnect, device number 26 [ 901.074129][ T5674] fuse: Bad value for 'fd' [ 901.898412][ T5737] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14643'. [ 901.965363][ T5743] kvm: apic: phys broadcast and lowest prio [ 903.198308][ T5813] netlink: 72 bytes leftover after parsing attributes in process `syz.2.14680'. [ 904.354884][T28841] usb 2-1: new full-speed USB device number 37 using dummy_hcd [ 904.522296][T28841] usb 2-1: config 0 has an invalid interface number: 133 but max is 0 [ 904.545153][T28841] usb 2-1: config 0 has no interface number 0 [ 904.563891][T28841] usb 2-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 904.583591][T28841] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 904.604211][T28841] usb 2-1: Product: syz [ 904.619980][T28841] usb 2-1: Manufacturer: syz [ 904.634923][T28841] usb 2-1: SerialNumber: syz [ 904.651610][T28841] usb 2-1: config 0 descriptor?? [ 904.882147][T28841] keyspan 2-1:0.133: Keyspan 1 port adapter converter detected [ 904.911468][T28841] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 81 [ 904.945627][T28841] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 1 [ 904.953832][T28841] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 2 [ 904.988480][T28841] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 905.000777][ T5953] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14723'. [ 905.145449][T19260] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 905.293236][T28841] usb 2-1: USB disconnect, device number 37 [ 905.324876][T19260] usb 6-1: Using ep0 maxpacket: 16 [ 905.331899][T19260] usb 6-1: config 1 has an invalid interface number: 64 but max is 0 [ 905.332353][T28841] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 905.344811][T19260] usb 6-1: config 1 has no interface number 0 [ 905.361324][T28841] keyspan 2-1:0.133: device disconnected [ 905.386431][T19260] usb 6-1: config 1 interface 64 altsetting 0 endpoint 0xF has an invalid bInterval 121, changing to 7 [ 905.437399][T19260] usb 6-1: New USB device found, idVendor=19d2, idProduct=ffbf, bcdDevice=68.78 [ 905.454031][T19260] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 905.464495][T19260] usb 6-1: Product: syz [ 905.473245][T19260] usb 6-1: Manufacturer: syz [ 905.481938][T19260] usb 6-1: SerialNumber: syz [ 905.656640][ T5985] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14739'. [ 905.716682][T19260] option 6-1:1.64: GSM modem (1-port) converter detected [ 905.758154][T19260] usb 6-1: USB disconnect, device number 9 [ 905.782912][T19260] option 6-1:1.64: device disconnected [ 905.982987][ T5997] tc_dump_action: action bad kind [ 906.264911][T19260] usb 1-1: new full-speed USB device number 27 using dummy_hcd [ 906.329389][ T6020] pim6reg1: entered promiscuous mode [ 906.339666][ T6020] pim6reg1: entered allmulticast mode [ 906.438272][T19260] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 906.470385][T19260] usb 1-1: config 0 has no interface number 0 [ 906.487170][T19260] usb 1-1: config 0 interface 41 has no altsetting 0 [ 906.509784][T19260] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 906.523165][T19260] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 906.533894][T19260] usb 1-1: Product: syz [ 906.539957][T19260] usb 1-1: Manufacturer: syz [ 906.545546][T19260] usb 1-1: SerialNumber: syz [ 906.564723][T19260] usb 1-1: config 0 descriptor?? [ 906.999297][T19260] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): set LINK LED failed : -71 [ 907.044177][T19260] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -71 [ 907.275105][T19260] usb 1-1: USB disconnect, device number 27 [ 907.520888][ T6053] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 908.141852][ T6084] IPv6: NLM_F_CREATE should be specified when creating new route [ 908.293934][ T6090] netlink: 132 bytes leftover after parsing attributes in process `syz.2.14783'. [ 908.602103][ T30] kauditd_printk_skb: 37 callbacks suppressed [ 908.602120][ T30] audit: type=1326 audit(1763262103.045:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6097 comm="syz.2.14787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 908.701819][ T30] audit: type=1326 audit(1763262103.045:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6097 comm="syz.2.14787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 908.765611][ T6106] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14788'. [ 908.846093][ T30] audit: type=1326 audit(1763262103.045:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6097 comm="syz.2.14787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 910.347455][ T6190] 0ªî{X¹¦: left allmulticast mode [ 910.352896][ T6190] dummy0: left promiscuous mode [ 910.385337][ T6190] macsec0: left promiscuous mode [ 910.397205][ T6190] macsec0: left allmulticast mode [ 910.425754][ T6190] bond0: left promiscuous mode [ 910.431010][ T6190] wireguard0: left promiscuous mode [ 910.623478][ T6194] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 910.648338][ T6194] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 910.931422][ T36] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 910.946482][ T36] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 911.086043][ T36] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 911.111096][ T36] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 912.477123][ T6264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14862'. [ 912.959987][ T6283] netlink: 96 bytes leftover after parsing attributes in process `syz.0.14871'. [ 913.527001][ T6310] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14883'. [ 913.798948][ T30] audit: type=1326 audit(1763262108.245:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.5.14880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc86f12b789 code=0x7ffc0000 [ 913.864949][ T30] audit: type=1326 audit(1763262108.245:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.5.14880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 913.919313][ T30] audit: type=1326 audit(1763262108.245:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.5.14880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc86f12b789 code=0x7ffc0000 [ 914.013969][ T30] audit: type=1326 audit(1763262108.245:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.5.14880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 914.042552][ T30] audit: type=1326 audit(1763262108.245:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.5.14880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc86f12b789 code=0x7ffc0000 [ 914.068317][ T30] audit: type=1326 audit(1763262108.245:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.5.14880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 914.094635][ T30] audit: type=1326 audit(1763262108.245:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.5.14880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 914.140939][ T30] audit: type=1326 audit(1763262108.245:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.5.14880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 914.164063][ T30] audit: type=1326 audit(1763262108.245:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.5.14880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 914.209616][ T30] audit: type=1326 audit(1763262108.265:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.5.14880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc86f12b789 code=0x7ffc0000 [ 916.197563][ T6422] trusted_key: encrypted_key: master key parameter is missing [ 916.756649][ T6450] netlink: 116 bytes leftover after parsing attributes in process `syz.0.14949'. [ 916.769228][ T6449] netlink: 56 bytes leftover after parsing attributes in process `syz.3.14952'. [ 917.157413][ T6464] x_tables: duplicate underflow at hook 1 [ 919.406836][ T6517] netlink: 72 bytes leftover after parsing attributes in process `syz.0.14979'. [ 921.180062][ T6573] netlink: 4 bytes leftover after parsing attributes in process `syz.3.15003'. [ 921.422867][ T6581] netlink: 4 bytes leftover after parsing attributes in process `syz.0.15006'. [ 921.508146][ T6587] netlink: 16 bytes leftover after parsing attributes in process `syz.3.15010'. [ 921.529144][ T6587] tipc: Enabling of bearer rejected, failed to enable media [ 923.976079][ T6664] fuse: Bad value for 'fd' [ 924.210847][ T6678] netlink: 80 bytes leftover after parsing attributes in process `syz.2.15052'. [ 925.896738][ T6745] netlink: 'syz.3.15083': attribute type 16 has an invalid length. [ 925.912521][ T6745] netlink: 'syz.3.15083': attribute type 2 has an invalid length. [ 925.951990][ T6745] netlink: 64086 bytes leftover after parsing attributes in process `syz.3.15083'. [ 926.325039][T28841] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 926.484842][T28841] usb 3-1: Using ep0 maxpacket: 32 [ 926.491826][T28841] usb 3-1: config 2 has an invalid interface number: 194 but max is 0 [ 926.509702][T28841] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 926.536374][T28841] usb 3-1: config 2 has no interface number 0 [ 926.542693][T28841] usb 3-1: config 2 interface 194 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 833 [ 926.556226][T28841] usb 3-1: config 2 interface 194 altsetting 0 endpoint 0xA has invalid maxpacket 1584, setting to 1024 [ 926.567795][T28841] usb 3-1: config 2 interface 194 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 926.601969][T28841] usb 3-1: New USB device found, idVendor=0499, idProduct=1025, bcdDevice=9c.f6 [ 926.654815][T28841] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 926.678701][ T6752] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 926.693947][ T6752] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 926.934655][T28841] usb 3-1: string descriptor 0 read error: -71 [ 926.950148][T28841] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 927.051675][T28841] usb 3-1: USB disconnect, device number 26 [ 927.069051][ T6788] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 927.689032][ T6818] netlink: 100 bytes leftover after parsing attributes in process `syz.5.15117'. [ 929.921225][ T6902] netlink: 8 bytes leftover after parsing attributes in process `syz.5.15157'. [ 930.359348][ T6914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15161'. [ 930.385647][ T6916] syzkaller0: entered promiscuous mode [ 930.391164][ T6916] syzkaller0: entered allmulticast mode [ 931.194067][ T30] kauditd_printk_skb: 32 callbacks suppressed [ 931.194084][ T30] audit: type=1326 audit(1763262125.635:1497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6938 comm="syz.2.15174" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x0 [ 931.620279][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.627021][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.935271][T28841] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 933.096156][T28841] usb 3-1: Using ep0 maxpacket: 32 [ 933.107642][T28841] usb 3-1: config 0 has an invalid interface number: 188 but max is 0 [ 933.125725][T28841] usb 3-1: config 0 has no interface number 0 [ 933.138752][T28841] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 933.173708][T28841] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 933.187619][T28841] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 933.192615][ T7035] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15220'. [ 933.206461][T28841] usb 3-1: Product: syz [ 933.218197][T28841] usb 3-1: Manufacturer: syz [ 933.222834][T28841] usb 3-1: SerialNumber: syz [ 933.235531][T28841] usb 3-1: config 0 descriptor?? [ 933.243677][ T7012] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 933.461519][T28841] asix 3-1:0.188: probe with driver asix failed with error -71 [ 933.506114][T28841] usb 3-1: USB disconnect, device number 27 [ 933.881422][ T7062] netlink: 'syz.5.15234': attribute type 15 has an invalid length. [ 933.889801][ T7062] netlink: 24 bytes leftover after parsing attributes in process `syz.5.15234'. [ 935.659460][T19260] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 935.849563][T19260] usb 4-1: Using ep0 maxpacket: 8 [ 935.871675][T19260] usb 4-1: too many endpoints for config 0 interface 0 altsetting 250: 251, using maximum allowed: 30 [ 935.894945][T19260] usb 4-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 251 [ 935.985001][T19260] usb 4-1: config 0 interface 0 has no altsetting 0 [ 935.991751][T19260] usb 4-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 936.026868][T19260] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 936.061148][T19260] usb 4-1: config 0 descriptor?? [ 936.286142][T19260] usbhid 4-1:0.0: can't add hid device: -71 [ 936.292187][T19260] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 936.353612][T19260] usb 4-1: USB disconnect, device number 25 [ 937.721358][ T7211] netlink: 20 bytes leftover after parsing attributes in process `syz.5.15301'. [ 938.777412][T28841] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 938.969186][T28841] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 938.981887][T28841] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 938.990126][ T9] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 939.015202][T28841] usb 1-1: Product: syz [ 939.019411][T28841] usb 1-1: Manufacturer: syz [ 939.024118][T28841] usb 1-1: SerialNumber: syz [ 939.055208][ T10] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 939.156510][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 939.168742][ T9] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 939.181959][ T9] usb 3-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 939.198586][ T9] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 939.212091][ T9] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0 [ 939.227725][ T10] usb 6-1: config 0 has an invalid interface number: 46 but max is 0 [ 939.236042][ T10] usb 6-1: config 0 has no interface number 0 [ 939.246053][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 939.256805][T28841] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 939.271493][T28841] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 939.301278][T28841] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 939.311455][ T10] usb 6-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01 [ 939.321458][ T9] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 939.330958][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 939.339405][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 939.347578][ T9] usb 3-1: Product: syz [ 939.351750][ T9] usb 3-1: Manufacturer: syz [ 939.356579][ T10] usb 6-1: Product: syz [ 939.362961][T28841] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71 [ 939.371323][ T10] usb 6-1: Manufacturer: syz [ 939.376303][ T9] usb 3-1: SerialNumber: syz [ 939.382746][ T10] usb 6-1: SerialNumber: syz [ 939.395690][ T9] usb 3-1: config 0 descriptor?? [ 939.405750][ T10] usb 6-1: config 0 descriptor?? [ 939.416866][T28841] usb 1-1: USB disconnect, device number 28 [ 939.427787][ T10] ums-karma 6-1:0.46: USB Mass Storage device detected [ 939.616330][ T9] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input60 [ 939.633120][ T5183] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 939.638000][ T24] usb 6-1: USB disconnect, device number 10 [ 939.654088][ T5183] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 939.666203][ T5183] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 939.681269][ T30] audit: type=1326 audit(1763262134.125:1498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.3.15340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7fc00000 [ 939.708285][ T5183] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 939.758085][ T5183] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 939.770476][ T5183] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 939.787009][T31446] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 939.814631][T32351] usb 3-1: USB disconnect, device number 28 [ 940.443279][ T7326] random: crng reseeded on system resumption [ 940.453502][ T30] audit: type=1326 audit(1763262134.885:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.3.15340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffbd918f6c9 code=0x7fc00000 [ 940.544715][ T30] audit: type=1326 audit(1763262134.885:1500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.3.15340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7fc00000 [ 940.605881][ T30] audit: type=1326 audit(1763262134.885:1501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.3.15340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7fc00000 [ 940.629243][ T30] audit: type=1326 audit(1763262134.885:1502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.3.15340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7fc00000 [ 940.652279][ T30] audit: type=1326 audit(1763262134.885:1503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.3.15340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7fc00000 [ 940.740299][ T30] audit: type=1326 audit(1763262134.885:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.3.15340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7fc00000 [ 940.844945][ T30] audit: type=1326 audit(1763262134.885:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.3.15340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7fc00000 [ 940.952650][ T30] audit: type=1326 audit(1763262134.885:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.3.15340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7fc00000 [ 940.975704][ T30] audit: type=1326 audit(1763262134.885:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.3.15340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7fc00000 [ 941.744154][ T7373] ip6erspan0: entered promiscuous mode [ 941.815443][ T7369] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15371'. [ 943.603242][ T7442] netlink: 'syz.1.15404': attribute type 1 has an invalid length. [ 943.777277][ T7448] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15404'. [ 943.926888][ T7446] 8021q: adding VLAN 0 to HW filter on device bond3 [ 943.967637][ T7446] bond2: (slave bond3): making interface the new active one [ 944.013522][ T7446] bond2: (slave bond3): Enslaving as an active interface with an up link [ 944.076983][ T7448] bond2 (unregistering): (slave bond3): Releasing backup interface [ 944.121567][ T7448] bond2 (unregistering): Released all slaves [ 944.362438][ T7471] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15413'. [ 944.538546][ T7475] netlink: 76 bytes leftover after parsing attributes in process `syz.2.15416'. [ 945.053270][ T7501] syzkaller0: entered promiscuous mode [ 945.074193][ T7501] syzkaller0: entered allmulticast mode [ 945.774020][ T7530] tipc: Enabled bearer , priority 0 [ 945.829480][ T7528] tipc: Disabling bearer [ 945.943020][ T7541] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7) [ 945.949587][ T7541] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 945.989410][ T7541] vhci_hcd vhci_hcd.0: Device attached [ 946.017968][ T7544] vhci_hcd: connection closed [ 946.018227][ T50] vhci_hcd: stop threads [ 946.031048][ T50] vhci_hcd: release socket [ 946.036588][ T50] vhci_hcd: disconnect device [ 946.076817][ T7550] netlink: 80 bytes leftover after parsing attributes in process `syz.3.15448'. [ 946.445761][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 946.445781][ T30] audit: type=1326 audit(1763262140.885:1539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7572 comm="syz.3.15461" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffbd918f6c9 code=0x0 [ 947.622327][T19260] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 947.779711][T19260] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 947.792794][T19260] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 947.824527][T19260] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 948.063612][T19260] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 948.078516][T19260] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 948.096591][T19260] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 948.128697][T19260] usb 6-1: config 0 descriptor?? [ 948.721655][T19260] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 950.145720][ T9] usb 6-1: reset high-speed USB device number 11 using dummy_hcd [ 951.433552][T28841] usb 6-1: USB disconnect, device number 11 [ 951.790549][ T7731] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15528'. [ 951.815316][ T7731] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15528'. [ 952.070832][ T7737] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15532'. [ 952.764163][ T7773] x_tables: unsorted underflow at hook 1 [ 952.825709][ T7774] netlink: 92 bytes leftover after parsing attributes in process `syz.3.15549'. [ 953.726769][ T7809] netlink: 60 bytes leftover after parsing attributes in process `syz.5.15566'. [ 954.132138][ T7828] binder: BINDER_SET_CONTEXT_MGR already set [ 954.148228][ T7828] binder: 7827:7828 ioctl 4018620d 200000000000 returned -16 [ 954.242819][ T7833] netlink: 'syz.3.15577': attribute type 11 has an invalid length. [ 954.267247][ T7833] netlink: 32 bytes leftover after parsing attributes in process `syz.3.15577'. [ 954.632338][ T7851] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15585'. [ 954.665201][ T7851] netlink: 52 bytes leftover after parsing attributes in process `syz.0.15585'. [ 954.680660][ T7851] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15585'. [ 954.710244][ T7851] netlink: 52 bytes leftover after parsing attributes in process `syz.0.15585'. [ 955.107195][ T7868] netlink: 'syz.5.15592': attribute type 5 has an invalid length. [ 956.516942][T19260] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 956.606138][ T7938] binder: 7936:7938 ioctl c0306201 2000000001c0 returned -14 [ 956.685214][T19260] usb 4-1: Using ep0 maxpacket: 16 [ 956.692850][T19260] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 956.725087][T19260] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 956.743236][T19260] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 956.782237][T19260] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 956.813816][T19260] usb 4-1: Product: syz [ 956.828180][T19260] usb 4-1: Manufacturer: syz [ 956.833630][T19260] usb 4-1: SerialNumber: syz [ 956.850936][T19260] usb 4-1: config 0 descriptor?? [ 956.876052][T19260] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 956.897136][T19260] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 957.291325][ T7968] __nla_validate_parse: 1 callbacks suppressed [ 957.291342][ T7968] netlink: 36 bytes leftover after parsing attributes in process `syz.1.15639'. [ 957.475975][T19260] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 957.495615][T19260] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 958.229280][T19260] em28xx 4-1:0.0: Unknown AC97 audio processor detected! [ 958.238076][T19260] em28xx 4-1:0.0: couldn't setup AC97 register 2 [ 958.482554][ T8006] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 958.701646][T19260] em28xx 4-1:0.0: couldn't setup AC97 register 4 [ 958.711747][T19260] em28xx 4-1:0.0: couldn't setup AC97 register 6 [ 958.737846][T19260] em28xx 4-1:0.0: couldn't setup AC97 register 54 [ 958.755153][T19260] em28xx 4-1:0.0: couldn't setup AC97 register 56 [ 958.774910][T19260] usb 4-1: USB disconnect, device number 26 [ 959.162197][ T30] audit: type=1326 audit(1763262153.605:1540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8024 comm="syz.2.15665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 959.241641][ T30] audit: type=1326 audit(1763262153.605:1541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8024 comm="syz.2.15665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 959.323670][ T30] audit: type=1326 audit(1763262153.645:1542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8024 comm="syz.2.15665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 959.424033][ T30] audit: type=1326 audit(1763262153.645:1543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8024 comm="syz.2.15665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 961.254978][ T10] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 961.416773][ T10] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 961.439145][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 961.476644][ T10] usb 3-1: config 0 descriptor?? [ 961.527222][ T8129] input: syz1 as /devices/virtual/input/input62 [ 962.054454][ T8157] kernel read not supported for file /cpuacct.usage_percpu (pid: 8157 comm: syz.5.15725) [ 962.087180][ T30] audit: type=1800 audit(1763262156.535:1544): pid=8157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.15725" name="cpuacct.usage_percpu" dev="mqueue" ino=195870 res=0 errno=0 [ 962.340653][ T4595] kworker/u8:7 (4595) used greatest stack depth: 18520 bytes left [ 962.417752][ T8178] netlink: 4 bytes leftover after parsing attributes in process `syz.5.15735'. [ 962.607566][ T30] audit: type=1326 audit(1763262157.055:1545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8183 comm="syz.3.15737" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x0 [ 963.116339][ T30] audit: type=1326 audit(1763262157.565:1546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8212 comm="syz.1.15751" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f604d58f6c9 code=0x0 [ 963.116803][ T8214] netlink: 'syz.5.15750': attribute type 11 has an invalid length. [ 963.331798][ T8222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15754'. [ 963.771565][ T8247] netlink: 20 bytes leftover after parsing attributes in process `syz.3.15767'. [ 963.922110][ T10] usb 3-1: Cannot set autoneg [ 963.931682][ T10] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 963.972190][ T10] usb 3-1: USB disconnect, device number 29 [ 964.275168][ T8282] netlink: 4 bytes leftover after parsing attributes in process `syz.0.15783'. [ 964.284572][ T8282] netlink: 4 bytes leftover after parsing attributes in process `syz.0.15783'. [ 964.540166][ T8295] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15790'. [ 964.938213][T32351] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 964.971908][T32351] hid-generic 0000:0000:0000.000D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 965.092267][ T8320] netlink: 28 bytes leftover after parsing attributes in process `syz.3.15797'. [ 965.773092][ T8348] binder: 8347:8348 ioctl 400c620e 0 returned -14 [ 967.542509][ T8427] netlink: 68 bytes leftover after parsing attributes in process `syz.5.15846'. [ 967.974251][ T8443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15854'. [ 968.237600][ T8453] netlink: 4 bytes leftover after parsing attributes in process `syz.0.15856'. [ 968.538571][ T8439] netlink: 104 bytes leftover after parsing attributes in process `syz.5.15852'. [ 968.877753][ T8485] netem: change failed [ 968.973079][ T8493] netlink: 24 bytes leftover after parsing attributes in process `syz.3.15877'. [ 969.225458][ T8505] netlink: 4 bytes leftover after parsing attributes in process `syz.5.15882'. [ 969.240613][ T8505] tc_dump_action: action bad kind [ 969.254234][ T8509] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15884'. [ 970.533378][ T8546] create_pit_timer: 2 callbacks suppressed [ 970.533399][ T8546] kvm: requested 73752 ns i8254 timer period limited to 200000 ns [ 970.552723][ T8546] kvm: requested 181866 ns i8254 timer period limited to 200000 ns [ 970.564449][ T8546] kvm: requested 136609 ns i8254 timer period limited to 200000 ns [ 970.588033][ T8546] kvm: requested 129904 ns i8254 timer period limited to 200000 ns [ 970.606190][ T8546] kvm: requested 198628 ns i8254 timer period limited to 200000 ns [ 970.615900][ T8546] kvm: requested 198628 ns i8254 timer period limited to 200000 ns [ 970.705092][ T30] audit: type=1326 audit(1763262165.145:1547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.2.15901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 970.770345][ T30] audit: type=1326 audit(1763262165.145:1548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.2.15901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 970.826297][ T30] audit: type=1326 audit(1763262165.145:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.2.15901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 970.962138][ T30] audit: type=1326 audit(1763262165.145:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.2.15901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 971.145494][ T30] audit: type=1326 audit(1763262165.145:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.2.15901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 971.174866][ T30] audit: type=1326 audit(1763262165.145:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.2.15901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 971.198358][ T30] audit: type=1326 audit(1763262165.145:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.2.15901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 971.226370][ T30] audit: type=1326 audit(1763262165.145:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.2.15901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 971.739841][ T8572] netlink: 96 bytes leftover after parsing attributes in process `syz.3.15911'. [ 972.103911][ T8584] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15917'. [ 972.176149][ T8588] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 972.535711][ T30] audit: type=1326 audit(1763262166.985:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8600 comm="syz.0.15925" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b8bf8f6c9 code=0x0 [ 973.649102][ T8652] binder: 8651:8652 ioctl c018620c 0 returned -14 [ 974.201062][ T8678] netlink: 164 bytes leftover after parsing attributes in process `syz.1.15963'. [ 974.505202][T19260] usb 3-1: new full-speed USB device number 30 using dummy_hcd [ 974.770385][T19260] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 974.785026][T19260] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 974.793658][ T8699] netlink: 128 bytes leftover after parsing attributes in process `syz.5.15972'. [ 974.798345][T19260] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 974.965069][T19260] usb 3-1: config 0 descriptor?? [ 974.974587][ T8685] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 975.212685][ T8704] netlink: 84 bytes leftover after parsing attributes in process `syz.5.15974'. [ 975.438334][ T8708] tipc: Started in network mode [ 975.443359][ T8708] tipc: Node identity ac14140f, cluster identity 4711 [ 975.454433][ T8708] tipc: New replicast peer: 255.255.255.255 [ 975.470302][ T8708] tipc: Enabled bearer , priority 10 [ 976.631935][ T10] tipc: Node number set to 2886997007 [ 977.292302][T19260] usbhid 3-1:0.0: can't add hid device: -71 [ 977.341458][T19260] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 977.486052][T19260] usb 3-1: USB disconnect, device number 30 [ 978.335431][ T8796] netlink: 92 bytes leftover after parsing attributes in process `syz.3.16015'. [ 979.099642][ T8822] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 979.557109][ T8839] netlink: 'syz.0.16036': attribute type 1 has an invalid length. [ 979.675067][ T8845] bond0: (slave veth7): Enslaving as an active interface with a down link [ 979.715848][ T8839] netlink: 4 bytes leftover after parsing attributes in process `syz.0.16036'. [ 979.748777][ T8839] bond0 (unregistering): (slave veth7): Releasing active interface [ 979.808830][ T8839] bond0 (unregistering): Released all slaves [ 980.735053][T19260] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 980.792347][ T8893] netlink: 'syz.5.16059': attribute type 4 has an invalid length. [ 980.907994][T19260] usb 3-1: Using ep0 maxpacket: 8 [ 980.926566][T19260] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 980.951791][T19260] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 980.991336][T19260] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 981.021914][T19260] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 981.056184][T19260] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 981.071173][T19260] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 981.309941][T19260] usb 3-1: GET_CAPABILITIES returned 0 [ 981.315895][T19260] usbtmc 3-1:16.0: can't read capabilities [ 981.463799][ T8929] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16077'. [ 981.514589][T19260] usb 3-1: USB disconnect, device number 31 [ 981.649605][ T8939] binder: 8938:8939 ioctl c0306201 200000000440 returned -14 [ 981.990655][ T8960] netlink: 16 bytes leftover after parsing attributes in process `syz.0.16092'. [ 982.003161][ T8960] sit0: left promiscuous mode [ 982.017370][ T8960] sit0: left allmulticast mode [ 982.476508][ T8989] netlink: 'syz.0.16105': attribute type 10 has an invalid length. [ 982.504121][ T8986] delete_channel: no stack [ 984.945101][ T10] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 985.097329][ T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 985.119211][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 985.205001][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 985.234793][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 985.264941][ T10] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 985.274024][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 985.339657][ T10] usb 1-1: config 0 descriptor?? [ 985.778910][ T10] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 985.804975][ T10] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 985.812430][ T10] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 985.832866][ T10] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 985.856541][ T10] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 985.885313][ T10] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 985.893298][ T30] audit: type=1326 audit(1763262180.335:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9078 comm="syz.1.16146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604d58f6c9 code=0x7fc00000 [ 986.064137][ T9] usb 1-1: USB disconnect, device number 29 [ 986.462245][ T9103] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16156'. [ 986.472318][ T9103] netlink: 12 bytes leftover after parsing attributes in process `syz.3.16156'. [ 987.263288][ T9142] netlink: 8 bytes leftover after parsing attributes in process `syz.5.16174'. [ 987.444846][ T10] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 987.600239][ T10] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 987.619779][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 987.652395][ T10] usb 2-1: Product: syz [ 987.657042][ T9] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 987.673946][ T10] usb 2-1: Manufacturer: syz [ 987.689455][ T10] usb 2-1: SerialNumber: syz [ 987.721974][ T10] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 987.766928][T28841] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 987.816743][ T9163] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 987.845361][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 987.858372][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 987.875589][ T9] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 987.905095][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 987.929213][ T9] usb 3-1: config 0 descriptor?? [ 988.084833][ T5891] usb 2-1: USB disconnect, device number 38 [ 988.359326][ T9] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0 [ 988.389844][ T9] cp2112 0003:10C4:EA90.000F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 988.557211][ T9] cp2112 0003:10C4:EA90.000F: Part Number: 0x82 Device Version: 0xFE [ 988.815622][T28841] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 988.855184][T28841] ath9k_htc: Failed to initialize the device [ 988.862078][ T5891] usb 2-1: ath9k_htc: USB layer deinitialized [ 988.990099][ T9] cp2112 0003:10C4:EA90.000F: error setting SMBus config [ 989.012423][ T9] cp2112 0003:10C4:EA90.000F: probe with driver cp2112 failed with error -71 [ 989.053147][ T9] usb 3-1: USB disconnect, device number 32 [ 989.113327][ T30] audit: type=1326 audit(1763262183.555:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.5.16207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 989.194987][ T30] audit: type=1326 audit(1763262183.555:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.5.16207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 989.245055][ T30] audit: type=1326 audit(1763262183.555:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.5.16207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 989.271555][ T30] audit: type=1326 audit(1763262183.555:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.5.16207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 989.312620][ T30] audit: type=1326 audit(1763262183.555:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.5.16207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 989.378800][ T30] audit: type=1326 audit(1763262183.555:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.5.16207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 989.403190][ T30] audit: type=1326 audit(1763262183.555:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.5.16207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 989.495967][ T30] audit: type=1326 audit(1763262183.555:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.5.16207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 989.519114][ T30] audit: type=1326 audit(1763262183.555:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.5.16207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fc86f18f6c9 code=0x7ffc0000 [ 992.935106][ T9354] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 992.982194][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 992.982215][ T30] audit: type=1804 audit(1763262187.425:1567): pid=9358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.16276" name="/newroot/3257/bus" dev="tmpfs" ino=19571 res=1 errno=0 [ 993.058459][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.067408][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.112351][ T9366] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 993.443427][ T9387] netlink: 'syz.0.16290': attribute type 4 has an invalid length. [ 993.457366][ T9387] netlink: 17 bytes leftover after parsing attributes in process `syz.0.16290'. [ 993.759422][ T9407] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16300'. [ 993.769212][ T9407] netlink: 48 bytes leftover after parsing attributes in process `syz.1.16300'. [ 993.781568][ T9407] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16300'. [ 993.791132][ T9407] netlink: 48 bytes leftover after parsing attributes in process `syz.1.16300'. [ 993.962417][ T9417] netlink: 36 bytes leftover after parsing attributes in process `syz.3.16305'. [ 994.765568][ T9448] wg2: Caught tx_queue_len zero misconfig [ 996.870718][ T9513] netlink: 72 bytes leftover after parsing attributes in process `syz.2.16347'. [ 996.939336][ T9516] netlink: 72 bytes leftover after parsing attributes in process `syz.1.16348'. [ 998.205274][ T30] audit: type=1326 audit(1763262192.655:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9572 comm="syz.2.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 998.313632][ T30] audit: type=1326 audit(1763262192.675:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9572 comm="syz.2.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 998.342915][ T30] audit: type=1326 audit(1763262192.695:1570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9572 comm="syz.2.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 998.366317][ T30] audit: type=1326 audit(1763262192.695:1571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9572 comm="syz.2.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 998.399030][ T30] audit: type=1326 audit(1763262192.695:1572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9572 comm="syz.2.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 998.423131][ T30] audit: type=1326 audit(1763262192.695:1573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9572 comm="syz.2.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 998.470399][ T30] audit: type=1326 audit(1763262192.695:1574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9572 comm="syz.2.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 998.550650][ T30] audit: type=1326 audit(1763262192.695:1575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9572 comm="syz.2.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 998.655661][ T30] audit: type=1326 audit(1763262192.735:1576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9572 comm="syz.2.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 998.743034][ T30] audit: type=1326 audit(1763262192.735:1577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9572 comm="syz.2.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x7ffc0000 [ 999.569040][ T9596] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 999.607972][ T9596] kvm: pic: non byte read [ 999.625632][ T9596] kvm: pic: level sensitive irq not supported [ 999.625743][ T9596] kvm: pic: non byte read [ 999.645481][ T9596] kvm: pic: level sensitive irq not supported [ 999.645544][ T9596] kvm: pic: non byte read [ 999.998795][ T9615] netlink: 248 bytes leftover after parsing attributes in process `syz.1.16392'. [ 1000.807110][ T9651] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16407'. [ 1001.025053][ T9661] netlink: 52 bytes leftover after parsing attributes in process `syz.5.16409'. [ 1002.001678][ T9691] loop5: detected capacity change from 0 to 7 [ 1002.704025][T29980] Dev loop5: unable to read RDB block 7 [ 1002.711092][T29980] loop5: unable to read partition table [ 1002.719004][T29980] loop5: partition table beyond EOD, truncated [ 1003.068012][ T9691] Dev loop5: unable to read RDB block 7 [ 1003.094005][ T9691] loop5: unable to read partition table [ 1003.110216][ T9691] loop5: partition table beyond EOD, truncated [ 1003.121298][ T9691] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 1004.109735][ T9717] binder: 9716:9717 ioctl c0306201 200000000100 returned -14 [ 1004.369006][ T9730] netlink: 4 bytes leftover after parsing attributes in process `syz.1.16439'. [ 1004.795477][T19260] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 1004.956832][T19260] usb 6-1: config 0 has no interfaces? [ 1004.968710][T19260] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1004.986764][T19260] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1005.011073][T19260] usb 6-1: Product: syz [ 1005.022545][T19260] usb 6-1: Manufacturer: syz [ 1005.038261][T19260] usb 6-1: SerialNumber: syz [ 1005.049383][T19260] usb 6-1: config 0 descriptor?? [ 1005.230003][ T9773] netlink: 24 bytes leftover after parsing attributes in process `syz.2.16453'. [ 1005.270859][T19260] usb 6-1: USB disconnect, device number 12 [ 1005.768368][ T9796] netlink: 20 bytes leftover after parsing attributes in process `syz.2.16462'. [ 1006.402949][ T9832] @: renamed from vlan0 (while UP) [ 1007.515094][ T24] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 1007.756391][ T24] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1007.766829][ T24] usb 1-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 1007.776610][ T24] usb 1-1: config 220 interface 0 has no altsetting 0 [ 1007.791899][ T24] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1007.801306][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1007.809466][ T24] usb 1-1: Product: syz [ 1007.815177][ T24] usb 1-1: Manufacturer: syz [ 1007.819808][ T24] usb 1-1: SerialNumber: syz [ 1008.156142][ T24] usb 1-1: USB disconnect, device number 30 [ 1008.735637][ T9] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1008.924833][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 1008.932130][ T9] usb 6-1: config 8 has an invalid interface number: 108 but max is 0 [ 1008.945813][ T9] usb 6-1: config 8 has no interface number 0 [ 1008.963030][ T9] usb 6-1: New USB device found, idVendor=0421, idProduct=04c9, bcdDevice=6e.97 [ 1008.976538][ T9916] netlink: 56 bytes leftover after parsing attributes in process `syz.0.16513'. [ 1008.979298][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1009.014345][ T9] usb 6-1: Product: syz [ 1009.035704][ T9] usb 6-1: Manufacturer: syz [ 1009.041321][ T9] usb 6-1: SerialNumber: syz [ 1009.267777][ T9] usb 6-1: bad CDC descriptors [ 1009.281256][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 1009.281274][ T30] audit: type=1326 audit(1763262203.725:1596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9928 comm="syz.3.16520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1009.311684][ T9] cdc_acm 6-1:8.108: Zero length descriptor references [ 1009.320197][ T9] cdc_acm 6-1:8.108: probe with driver cdc_acm failed with error -22 [ 1009.354012][ T9] usb 6-1: USB disconnect, device number 13 [ 1009.374084][ T30] audit: type=1326 audit(1763262203.725:1597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9928 comm="syz.3.16520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1009.475127][ T30] audit: type=1326 audit(1763262203.765:1598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9928 comm="syz.3.16520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1009.553302][ T30] audit: type=1326 audit(1763262203.765:1599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9928 comm="syz.3.16520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1009.605511][ T30] audit: type=1326 audit(1763262203.765:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9928 comm="syz.3.16520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1009.650922][ T30] audit: type=1326 audit(1763262203.765:1601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9928 comm="syz.3.16520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1009.711662][ T30] audit: type=1326 audit(1763262203.765:1602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9928 comm="syz.3.16520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1009.764857][ T30] audit: type=1326 audit(1763262203.765:1603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9928 comm="syz.3.16520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1009.804807][ T24] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1009.845115][ T30] audit: type=1326 audit(1763262203.785:1604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9928 comm="syz.3.16520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1009.922680][ T30] audit: type=1326 audit(1763262203.785:1605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9928 comm="syz.3.16520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1009.992407][ T24] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 1010.002667][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1010.018780][ T24] usb 4-1: Product: syz [ 1010.024674][ T24] usb 4-1: Manufacturer: syz [ 1010.031908][ T24] usb 4-1: SerialNumber: syz [ 1010.303230][ T24] rtl8150 4-1:1.0: couldn't reset the device [ 1010.326538][ T24] rtl8150 4-1:1.0: probe with driver rtl8150 failed with error -5 [ 1010.353786][ T9965] input: syz1 as /devices/virtual/input/input64 [ 1010.380192][ T24] usb 4-1: USB disconnect, device number 27 [ 1010.735701][ T9985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.16545'. [ 1011.986233][ T9] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1012.144952][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 1012.152088][ T9] usb 3-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf [ 1012.163138][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1012.611274][ T9] pegasus 3-1:2.0: probe with driver pegasus failed with error -71 [ 1012.646773][ T9] usb 3-1: USB disconnect, device number 33 [ 1013.445134][T32351] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 1013.626946][T32351] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1013.638859][T32351] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1013.680271][T32351] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1013.724840][T32351] usb 2-1: config 0 descriptor?? [ 1013.739339][T32351] pwc: Askey VC010 type 2 USB webcam detected. [ 1013.791920][T10134] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16617'. [ 1014.148810][T32351] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1014.162367][T32351] pwc: recv_control_msg error -32 req 02 val 2700 [ 1014.182811][T32351] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1014.215794][T32351] pwc: recv_control_msg error -32 req 04 val 1000 [ 1014.238680][T32351] pwc: recv_control_msg error -32 req 04 val 1300 [ 1014.257733][T32351] pwc: recv_control_msg error -32 req 04 val 1400 [ 1014.310075][T32351] pwc: recv_control_msg error -32 req 02 val 2000 [ 1014.321301][T32351] pwc: recv_control_msg error -32 req 02 val 2100 [ 1014.333720][T32351] pwc: recv_control_msg error -32 req 04 val 1500 [ 1014.547759][T32351] pwc: recv_control_msg error -71 req 02 val 2400 [ 1014.559274][T32351] pwc: recv_control_msg error -71 req 02 val 2600 [ 1014.585952][T32351] pwc: recv_control_msg error -71 req 02 val 2900 [ 1014.661263][T32351] pwc: recv_control_msg error -71 req 02 val 2800 [ 1014.674939][T32351] pwc: recv_control_msg error -71 req 04 val 1100 [ 1014.813319][T32351] pwc: recv_control_msg error -71 req 04 val 1200 [ 1014.950069][T32351] pwc: Registered as video103. [ 1015.049497][T32351] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input65 [ 1015.073728][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 1015.073741][ T30] audit: type=1326 audit(1763262209.515:1636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10180 comm="syz.2.16636" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x0 [ 1015.275663][T32351] usb 2-1: USB disconnect, device number 39 [ 1017.373892][T10249] netlink: 'syz.5.16668': attribute type 6 has an invalid length. [ 1017.648577][ T30] audit: type=1326 audit(1763262212.075:1637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10250 comm="syz.1.16669" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f604d58f6c9 code=0x0 [ 1018.730640][T10289] loop6: detected capacity change from 0 to 2560 [ 1018.755265][T10289] buffer_io_error: 10 callbacks suppressed [ 1018.755281][T10289] Buffer I/O error on dev loop6, logical block 0, async page read [ 1018.774619][T10290] netlink: 36 bytes leftover after parsing attributes in process `syz.3.16687'. [ 1018.795656][T10289] Buffer I/O error on dev loop6, logical block 0, async page read [ 1018.823260][T10289] Buffer I/O error on dev loop6, logical block 0, async page read [ 1018.843951][T10289] Buffer I/O error on dev loop6, logical block 0, async page read [ 1018.854024][T10289] Buffer I/O error on dev loop6, logical block 0, async page read [ 1018.862994][T10289] Buffer I/O error on dev loop6, logical block 0, async page read [ 1018.872863][T10289] Buffer I/O error on dev loop6, logical block 0, async page read [ 1018.893442][T10289] Buffer I/O error on dev loop6, logical block 0, async page read [ 1018.922060][T10289] ldm_validate_partition_table(): Disk read failed. [ 1018.929523][T32351] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 1018.960266][T10289] Buffer I/O error on dev loop6, logical block 0, async page read [ 1018.989597][T10289] Buffer I/O error on dev loop6, logical block 0, async page read [ 1019.025106][T10289] Dev loop6: unable to read RDB block 0 [ 1019.041741][T10289] loop6: unable to read partition table [ 1019.057867][T10289] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 1019.109218][T32351] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1019.132574][T32351] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1019.178484][T32351] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1019.201951][T32351] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 1019.228534][T32351] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1019.248262][T32351] usb 1-1: Product: syz [ 1019.287121][T32351] usb 1-1: Manufacturer: syz [ 1019.291776][T32351] usb 1-1: SerialNumber: syz [ 1019.317361][T32351] usb 1-1: config 0 descriptor?? [ 1019.332565][T10284] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1019.343842][T32351] uvcvideo 1-1:0.0: Found UVC 0.00 device syz (18ec:3288) [ 1019.359287][T32351] uvcvideo 1-1:0.0: No valid video chain found. [ 1019.598029][T32351] usb 1-1: USB disconnect, device number 31 [ 1019.925182][ T24] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1020.055050][T28841] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 1020.087069][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 1020.100858][ T24] usb 4-1: config 8 has an invalid interface number: 108 but max is 0 [ 1020.110262][ T24] usb 4-1: config 8 has no interface number 0 [ 1020.169585][ T24] usb 4-1: New USB device found, idVendor=0421, idProduct=04c9, bcdDevice=6e.97 [ 1020.190512][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1020.209116][ T24] usb 4-1: Product: syz [ 1020.213328][ T24] usb 4-1: Manufacturer: syz [ 1020.222877][ T24] usb 4-1: SerialNumber: syz [ 1020.468478][ T24] usb 4-1: bad CDC descriptors [ 1020.488026][ T24] cdc_acm 4-1:8.108: Zero length descriptor references [ 1020.525676][ T24] cdc_acm 4-1:8.108: probe with driver cdc_acm failed with error -22 [ 1020.540611][T28841] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 1020.550052][T28841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1020.564985][T28841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1020.575325][ T24] usb 4-1: USB disconnect, device number 28 [ 1020.586978][T28841] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1020.601813][T28841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1020.619023][T28841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1020.645904][T28841] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1020.662187][T28841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1020.676062][T28841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1020.704786][T28841] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1020.726532][T28841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1020.748848][T28841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1020.762573][T28841] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1020.770892][T28841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1020.780751][T28841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1020.792630][T28841] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1020.800830][T28841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1020.810158][T28841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1020.822623][T28841] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1020.830947][T28841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1020.840479][T28841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1020.854129][T28841] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1020.874413][T28841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1020.883877][T28841] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1020.915188][T28841] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1020.933731][T28841] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1020.945061][T28841] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1020.960274][T28841] usb 2-1: Product: syz [ 1020.964491][T28841] usb 2-1: Manufacturer: syz [ 1020.970351][T28841] usb 2-1: SerialNumber: syz [ 1020.986161][T28841] usb 2-1: config 0 descriptor?? [ 1021.003885][T28841] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 1021.333878][ T24] usb 2-1: USB disconnect, device number 40 [ 1021.343080][ T24] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 1022.354099][T10401] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16730'. [ 1023.004995][ T9] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1023.195105][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 1023.209382][ T9] usb 4-1: config 0 has an invalid interface number: 85 but max is 0 [ 1023.234272][ T9] usb 4-1: config 0 has no interface number 0 [ 1023.244780][ T9] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1023.269557][ T9] usb 4-1: config 0 interface 85 has no altsetting 0 [ 1023.289508][ T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1023.301355][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1023.306857][T10426] binder: BINDER_SET_CONTEXT_MGR already set [ 1023.331367][ T9] usb 4-1: Product: syz [ 1023.341326][ T9] usb 4-1: Manufacturer: syz [ 1023.351714][ T9] usb 4-1: SerialNumber: syz [ 1023.353939][T10426] binder: 10425:10426 ioctl 4018620d 200000004a80 returned -16 [ 1023.383947][ T9] usb 4-1: config 0 descriptor?? [ 1023.760416][T10439] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16747'. [ 1023.815963][T10439] netlink: 12 bytes leftover after parsing attributes in process `syz.0.16747'. [ 1023.885490][T10439] netlink: 16 bytes leftover after parsing attributes in process `syz.0.16747'. [ 1024.071630][T10446] tipc: Failed to remove unknown binding: 66,1,1/4:1030764383/1030764385 [ 1024.155570][T10446] tipc: Failed to remove unknown binding: 66,1,1/4:1030764383/1030764385 [ 1024.205003][T10446] tipc: Failed to remove unknown binding: 66,1,1/4:1030764383/1030764385 [ 1024.225111][ T9] appletouch 4-1:0.85: Geyser mode initialized. [ 1024.261541][ T9] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input66 [ 1024.678045][T10458] netlink: 4 bytes leftover after parsing attributes in process `syz.1.16758'. [ 1024.859253][ T9] usb 4-1: USB disconnect, device number 29 [ 1024.859294][ C1] appletouch 4-1:0.85: atp_complete: usb_submit_urb failed with result -19 [ 1024.952486][ T9] appletouch 4-1:0.85: input: appletouch disconnected [ 1025.814152][T10503] netlink: 12 bytes leftover after parsing attributes in process `syz.1.16779'. [ 1026.003685][ T30] audit: type=1326 audit(1763262220.445:1638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10515 comm="syz.3.16786" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x0 [ 1026.200190][T10526] netlink: 12 bytes leftover after parsing attributes in process `syz.2.16790'. [ 1026.474824][T32351] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 1026.653290][T32351] usb 2-1: Using ep0 maxpacket: 32 [ 1026.666420][T32351] usb 2-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1026.717842][T32351] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1026.724806][T32351] usb 2-1: New USB device found, idVendor=0c70, idProduct=f00e, bcdDevice= 0.00 [ 1026.744866][T32351] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1026.784952][T32351] usb 2-1: config 0 descriptor?? [ 1026.849016][T10556] xt_CT: No such helper "pptp" [ 1027.408640][T32351] aquacomputer_d5next 0003:0C70:F00E.0010: hidraw0: USB HID v4.06 Device [HID 0c70:f00e] on usb-dummy_hcd.1-1/input0 [ 1027.772987][T10529] dvmrp8: entered allmulticast mode [ 1027.783804][T10529] dvmrp8: left allmulticast mode [ 1027.848501][T10584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1027.863265][T10584] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1027.906742][ T10] usb 2-1: USB disconnect, device number 41 [ 1028.545358][T10619] netlink: 68 bytes leftover after parsing attributes in process `syz.2.16827'. [ 1029.347715][ T30] audit: type=1326 audit(1763262223.795:1639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10667 comm="syz.3.16849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1029.375269][T28841] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 1029.415269][ T30] audit: type=1326 audit(1763262223.795:1640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10667 comm="syz.3.16849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1029.453928][ T30] audit: type=1326 audit(1763262223.795:1641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10667 comm="syz.3.16849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1029.462821][T10673] binder: 10672:10673 unknown command 0 [ 1029.499830][ T30] audit: type=1326 audit(1763262223.795:1642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10667 comm="syz.3.16849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd918f6c9 code=0x7ffc0000 [ 1029.508490][T10673] binder: 10672:10673 ioctl c0306201 200000000100 returned -22 [ 1029.565010][T28841] usb 1-1: Using ep0 maxpacket: 8 [ 1029.572491][T28841] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1029.582365][T28841] usb 1-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 1029.594899][T28841] usb 1-1: config 6 has 0 interfaces, different from the descriptor's value: 1 [ 1029.613916][ T30] audit: type=1326 audit(1763262224.045:1643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10680 comm="syz.2.16856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1df8f6c9 code=0x50000 [ 1029.658084][T28841] usb 1-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 0.01 [ 1029.668032][T28841] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1029.684845][T28841] usb 1-1: Product: syz [ 1029.689302][ T30] audit: type=1326 audit(1763262224.055:1644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10680 comm="syz.2.16856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fbd1df8f6c9 code=0x50000 [ 1029.720035][T28841] usb 1-1: Manufacturer: syz [ 1029.735081][T28841] usb 1-1: SerialNumber: syz [ 1029.754167][ T30] audit: type=1326 audit(1763262224.055:1645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10680 comm="syz.2.16856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fbd1dfc1f85 code=0x50000 [ 1029.823771][ T30] audit: type=1326 audit(1763262224.055:1646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10680 comm="syz.2.16856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fbd1df8f6c9 code=0x50000 [ 1029.846032][ C0] vkms_vblank_simulate: vblank timer overrun [ 1029.872987][ T30] audit: type=1326 audit(1763262224.125:1647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10680 comm="syz.2.16856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x50000 [ 1029.895562][ C0] vkms_vblank_simulate: vblank timer overrun [ 1029.949152][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 1029.971214][T28841] usb 1-1: USB disconnect, device number 32 [ 1030.875696][T19260] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 1030.947118][T32351] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 1031.038470][T19260] usb 2-1: config 0 has no interfaces? [ 1031.046829][T19260] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1031.061653][T19260] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1031.077040][T19260] usb 2-1: Product: syz [ 1031.086893][T19260] usb 2-1: Manufacturer: syz [ 1031.097301][T19260] usb 2-1: SerialNumber: syz [ 1031.114024][T32351] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1031.136794][T19260] usb 2-1: config 0 descriptor?? [ 1031.145025][T32351] usb 6-1: config 0 has no interfaces? [ 1031.147450][T10743] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16882'. [ 1031.161375][T10743] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16882'. [ 1031.166996][T32351] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1031.190858][T32351] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1031.223128][T32351] usb 6-1: config 0 descriptor?? [ 1031.461256][T32351] usb 6-1: USB disconnect, device number 14 [ 1031.550825][T10761] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16890'. [ 1031.870081][T10771] fuse: Bad value for 'fd' [ 1031.918679][T32351] usb 2-1: USB disconnect, device number 42 [ 1033.335687][T10854] netlink: 'syz.3.16935': attribute type 1 has an invalid length. [ 1033.355166][T10854] netlink: 1 bytes leftover after parsing attributes in process `syz.3.16935'. [ 1033.798993][T10887] netlink: 'syz.3.16951': attribute type 1 has an invalid length. [ 1033.815506][T10887] netlink: 1 bytes leftover after parsing attributes in process `syz.3.16951'. [ 1034.064596][T10901] netlink: 4 bytes leftover after parsing attributes in process `syz.1.16959'. [ 1036.041474][T10959] netlink: 104 bytes leftover after parsing attributes in process `syz.3.16984'. [ 1037.328712][T11015] netlink: 72 bytes leftover after parsing attributes in process `syz.0.17008'. [ 1037.405954][T28841] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 1037.569021][T28841] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1037.585927][T28841] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 1037.609341][T28841] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1037.609791][T11034] input: syz1 as /devices/virtual/input/input68 [ 1037.648730][T28841] usb 2-1: config 0 descriptor?? [ 1037.853267][T11046] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17022'. [ 1037.865896][T11046] netlink: 16 bytes leftover after parsing attributes in process `syz.3.17022'. [ 1037.889951][T11046] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17022'. [ 1037.899396][T28841] usbhid 2-1:0.0: can't add hid device: -71 [ 1037.908911][T28841] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1037.928362][T28841] usb 2-1: USB disconnect, device number 43 [ 1037.944926][T11046] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17022'. [ 1037.948264][T26010] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1037.962840][T11046] netlink: 16 bytes leftover after parsing attributes in process `syz.3.17022'. [ 1037.978630][T11046] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17022'. [ 1037.991096][T26010] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1038.017055][T26010] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1038.039569][T26010] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1040.479600][T11174] netlink: 'syz.1.17082': attribute type 4 has an invalid length. [ 1040.876527][T11198] bond0: Caught tx_queue_len zero misconfig [ 1041.627576][T11226] [ 1041.629950][T11226] ===================================================== [ 1041.636882][T11226] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1041.644340][T11226] syzkaller #0 Not tainted [ 1041.648743][T11226] ----------------------------------------------------- [ 1041.655658][T11226] syz.2.17101/11226 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1041.663449][T11226] ffff88807d25cb40 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1041.672146][T11226] [ 1041.672146][T11226] and this task is already holding: [ 1041.679492][T11226] ffff88802eb43468 (&tty->flow.lock){....}-{3:3}, at: start_tty+0x20/0x70 [ 1041.688020][T11226] which would create a new lock dependency: [ 1041.693904][T11226] (&tty->flow.lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1041.701552][T11226] [ 1041.701552][T11226] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1041.710982][T11226] (&dev->event_lock#2){..-.}-{3:3} [ 1041.711013][T11226] [ 1041.711013][T11226] ... which became SOFTIRQ-irq-safe at: [ 1041.723885][T11226] lock_acquire+0x120/0x360 [ 1041.728465][T11226] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1041.733789][T11226] input_inject_event+0xa5/0x340 [ 1041.738800][T11226] led_trigger_event+0x138/0x210 [ 1041.743812][T11226] kbd_bh+0x1c6/0x2e0 [ 1041.747877][T11226] tasklet_action_common+0x36c/0x580 [ 1041.753237][T11226] handle_softirqs+0x286/0x870 [ 1041.758070][T11226] run_ksoftirqd+0x9b/0x100 [ 1041.762651][T11226] smpboot_thread_fn+0x542/0xa60 [ 1041.767680][T11226] kthread+0x711/0x8a0 [ 1041.771826][T11226] ret_from_fork+0x4bc/0x870 [ 1041.776490][T11226] ret_from_fork_asm+0x1a/0x30 [ 1041.781324][T11226] [ 1041.781324][T11226] to a SOFTIRQ-irq-unsafe lock: [ 1041.788343][T11226] (tasklist_lock){.+.+}-{3:3} [ 1041.788368][T11226] [ 1041.788368][T11226] ... which became SOFTIRQ-irq-unsafe at: [ 1041.800967][T11226] ... [ 1041.800974][T11226] lock_acquire+0x120/0x360 [ 1041.808128][T11226] _raw_read_lock+0x36/0x50 [ 1041.812710][T11226] __do_wait+0xde/0x740 [ 1041.816944][T11226] do_wait+0x1f8/0x510 [ 1041.821094][T11226] kernel_wait+0xab/0x170 [ 1041.825512][T11226] call_usermodehelper_exec_work+0xbe/0x230 [ 1041.831481][T11226] process_scheduled_works+0xae1/0x17b0 [ 1041.837103][T11226] worker_thread+0x8a0/0xda0 [ 1041.841771][T11226] kthread+0x711/0x8a0 [ 1041.845921][T11226] ret_from_fork+0x4bc/0x870 [ 1041.850602][T11226] ret_from_fork_asm+0x1a/0x30 [ 1041.855438][T11226] [ 1041.855438][T11226] other info that might help us debug this: [ 1041.855438][T11226] [ 1041.865649][T11226] Chain exists of: [ 1041.865649][T11226] &dev->event_lock#2 --> &tty->flow.lock --> tasklist_lock [ 1041.865649][T11226] [ 1041.878768][T11226] Possible interrupt unsafe locking scenario: [ 1041.878768][T11226] [ 1041.887076][T11226] CPU0 CPU1 [ 1041.892430][T11226] ---- ---- [ 1041.897776][T11226] lock(tasklist_lock); [ 1041.902007][T11226] local_irq_disable(); [ 1041.908745][T11226] lock(&dev->event_lock#2); [ 1041.915978][T11226] lock(&tty->flow.lock); [ 1041.922906][T11226] [ 1041.926345][T11226] lock(&dev->event_lock#2); [ 1041.931186][T11226] [ 1041.931186][T11226] *** DEADLOCK *** [ 1041.931186][T11226] [ 1041.939312][T11226] 6 locks held by syz.2.17101/11226: [ 1041.944579][T11226] #0: ffff88802eb430a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1041.954322][T11226] #1: ffff88802eb432e8 (&tty->termios_rwsem/1){++++}-{4:4}, at: tty_set_termios+0x138/0x17e0 [ 1041.964609][T11226] #2: ffff88802eb430a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1041.973914][T11226] #3: ffff88802eb43468 (&tty->flow.lock){....}-{3:3}, at: start_tty+0x20/0x70 [ 1041.982866][T11226] #4: ffff88802eb430a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1041.992168][T11226] #5: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1042.001207][T11226] [ 1042.001207][T11226] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1042.011595][T11226] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1042.017321][T11226] IN-SOFTIRQ-W at: [ 1042.021462][T11226] lock_acquire+0x120/0x360 [ 1042.027949][T11226] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1042.035140][T11226] input_inject_event+0xa5/0x340 [ 1042.042065][T11226] led_trigger_event+0x138/0x210 [ 1042.048990][T11226] kbd_bh+0x1c6/0x2e0 [ 1042.054956][T11226] tasklet_action_common+0x36c/0x580 [ 1042.062233][T11226] handle_softirqs+0x286/0x870 [ 1042.068981][T11226] run_ksoftirqd+0x9b/0x100 [ 1042.075472][T11226] smpboot_thread_fn+0x542/0xa60 [ 1042.082393][T11226] kthread+0x711/0x8a0 [ 1042.088448][T11226] ret_from_fork+0x4bc/0x870 [ 1042.095021][T11226] ret_from_fork_asm+0x1a/0x30 [ 1042.101768][T11226] INITIAL USE at: [ 1042.105822][T11226] lock_acquire+0x120/0x360 [ 1042.112226][T11226] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1042.119328][T11226] input_inject_event+0xa5/0x340 [ 1042.126166][T11226] kbd_led_trigger_activate+0xbc/0x100 [ 1042.133524][T11226] led_trigger_set+0x52d/0x950 [ 1042.140275][T11226] led_trigger_set_default+0x260/0x2a0 [ 1042.147631][T11226] led_classdev_register_ext+0x73d/0x930 [ 1042.155188][T11226] input_leds_connect+0x517/0x790 [ 1042.162114][T11226] input_register_device+0xd00/0x1140 [ 1042.169384][T11226] atkbd_connect+0x72e/0xa00 [ 1042.175970][T11226] serio_driver_probe+0x82/0xd0 [ 1042.182739][T11226] really_probe+0x26d/0x9e0 [ 1042.189146][T11226] __driver_probe_device+0x18c/0x2f0 [ 1042.196417][T11226] driver_probe_device+0x4f/0x430 [ 1042.203342][T11226] __driver_attach+0x452/0x700 [ 1042.210008][T11226] bus_for_each_dev+0x233/0x2b0 [ 1042.216755][T11226] serio_handle_event+0x1f9/0x8d0 [ 1042.223677][T11226] process_scheduled_works+0xae1/0x17b0 [ 1042.231122][T11226] worker_thread+0x8a0/0xda0 [ 1042.237613][T11226] kthread+0x711/0x8a0 [ 1042.243582][T11226] ret_from_fork+0x4bc/0x870 [ 1042.250069][T11226] ret_from_fork_asm+0x1a/0x30 [ 1042.256733][T11226] } [ 1042.259436][T11226] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 1042.268751][T11226] -> (kbd_event_lock){....}-{3:3} { [ 1042.274039][T11226] INITIAL USE at: [ 1042.278004][T11226] lock_acquire+0x120/0x360 [ 1042.284227][T11226] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1042.291156][T11226] vt_reset_unicode+0x2b/0x160 [ 1042.297656][T11226] reset_vc+0x68/0x1b0 [ 1042.303449][T11226] vc_init+0x70/0x4a0 [ 1042.309158][T11226] con_init+0x385/0x9c0 [ 1042.315075][T11226] console_init+0x10e/0x430 [ 1042.321392][T11226] start_kernel+0x254/0x410 [ 1042.327626][T11226] x86_64_start_reservations+0x24/0x30 [ 1042.334822][T11226] x86_64_start_kernel+0x143/0x1c0 [ 1042.341701][T11226] common_startup_64+0x13e/0x147 [ 1042.348375][T11226] } [ 1042.350944][T11226] ... key at: [] kbd_event_lock+0x18/0xa0 [ 1042.358948][T11226] ... acquired at: [ 1042.362841][T11226] lock_acquire+0x120/0x360 [ 1042.367503][T11226] _raw_spin_lock+0x2e/0x40 [ 1042.372169][T11226] kbd_event+0xd2/0x3f70 [ 1042.376576][T11226] input_handle_events_default+0xd4/0x1a0 [ 1042.382460][T11226] input_pass_values+0x288/0x890 [ 1042.387561][T11226] input_event_dispose+0x330/0x6b0 [ 1042.392851][T11226] input_inject_event+0x1dd/0x340 [ 1042.398047][T11226] evdev_write+0x2fc/0x480 [ 1042.402646][T11226] vfs_write+0x27e/0xb30 [ 1042.407055][T11226] ksys_write+0x145/0x250 [ 1042.411547][T11226] do_syscall_64+0xfa/0xfa0 [ 1042.416211][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1042.422265][T11226] [ 1042.424576][T11226] -> (&tty->flow.lock){....}-{3:3} { [ 1042.429866][T11226] INITIAL USE at: [ 1042.433755][T11226] lock_acquire+0x120/0x360 [ 1042.439808][T11226] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1042.446567][T11226] start_tty+0x20/0x70 [ 1042.452191][T11226] n_tty_set_termios+0xa7c/0x1090 [ 1042.458767][T11226] tty_set_termios+0xda4/0x17e0 [ 1042.465176][T11226] set_termios+0x516/0x6c0 [ 1042.471157][T11226] tty_mode_ioctl+0x47e/0x740 [ 1042.477386][T11226] tty_ioctl+0x9c6/0xde0 [ 1042.483180][T11226] __se_sys_ioctl+0xfc/0x170 [ 1042.489325][T11226] do_syscall_64+0xfa/0xfa0 [ 1042.495384][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1042.502828][T11226] } [ 1042.505308][T11226] ... key at: [] alloc_tty_struct.__key.35+0x0/0x20 [ 1042.513975][T11226] ... acquired at: [ 1042.517764][T11226] lock_acquire+0x120/0x360 [ 1042.522434][T11226] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1042.527795][T11226] stop_tty+0x2f/0x150 [ 1042.532030][T11226] kbd_event+0x2b72/0x3f70 [ 1042.536613][T11226] input_handle_events_default+0xd4/0x1a0 [ 1042.542589][T11226] input_pass_values+0x288/0x890 [ 1042.547706][T11226] input_event_dispose+0x330/0x6b0 [ 1042.552980][T11226] input_inject_event+0x1dd/0x340 [ 1042.558169][T11226] evdev_write+0x2fc/0x480 [ 1042.562751][T11226] vfs_write+0x27e/0xb30 [ 1042.567244][T11226] ksys_write+0x145/0x250 [ 1042.571737][T11226] do_syscall_64+0xfa/0xfa0 [ 1042.576402][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1042.582461][T11226] [ 1042.584770][T11226] [ 1042.584770][T11226] the dependencies between the lock to be acquired [ 1042.584780][T11226] and SOFTIRQ-irq-unsafe lock: [ 1042.598282][T11226] -> (tasklist_lock){.+.+}-{3:3} { [ 1042.603569][T11226] HARDIRQ-ON-R at: [ 1042.607709][T11226] lock_acquire+0x120/0x360 [ 1042.614196][T11226] _raw_read_lock+0x36/0x50 [ 1042.620683][T11226] __do_wait+0xde/0x740 [ 1042.626824][T11226] do_wait+0x1f8/0x510 [ 1042.632882][T11226] kernel_wait+0xab/0x170 [ 1042.639200][T11226] call_usermodehelper_exec_work+0xbe/0x230 [ 1042.647078][T11226] process_scheduled_works+0xae1/0x17b0 [ 1042.654608][T11226] worker_thread+0x8a0/0xda0 [ 1042.661183][T11226] kthread+0x711/0x8a0 [ 1042.667239][T11226] ret_from_fork+0x4bc/0x870 [ 1042.673814][T11226] ret_from_fork_asm+0x1a/0x30 [ 1042.680561][T11226] SOFTIRQ-ON-R at: [ 1042.684700][T11226] lock_acquire+0x120/0x360 [ 1042.691276][T11226] _raw_read_lock+0x36/0x50 [ 1042.697769][T11226] __do_wait+0xde/0x740 [ 1042.703952][T11226] do_wait+0x1f8/0x510 [ 1042.710015][T11226] kernel_wait+0xab/0x170 [ 1042.716334][T11226] call_usermodehelper_exec_work+0xbe/0x230 [ 1042.724211][T11226] process_scheduled_works+0xae1/0x17b0 [ 1042.731826][T11226] worker_thread+0x8a0/0xda0 [ 1042.738424][T11226] kthread+0x711/0x8a0 [ 1042.744681][T11226] ret_from_fork+0x4bc/0x870 [ 1042.751258][T11226] ret_from_fork_asm+0x1a/0x30 [ 1042.758029][T11226] INITIAL USE at: [ 1042.762094][T11226] lock_acquire+0x120/0x360 [ 1042.768505][T11226] _raw_write_lock_irq+0xa2/0xf0 [ 1042.775348][T11226] copy_process+0x224f/0x3c00 [ 1042.781925][T11226] kernel_clone+0x21e/0x840 [ 1042.788327][T11226] user_mode_thread+0xdd/0x140 [ 1042.794991][T11226] rest_init+0x23/0x300 [ 1042.801047][T11226] start_kernel+0x3ae/0x410 [ 1042.807449][T11226] x86_64_start_reservations+0x24/0x30 [ 1042.814815][T11226] x86_64_start_kernel+0x143/0x1c0 [ 1042.821835][T11226] common_startup_64+0x13e/0x147 [ 1042.828676][T11226] INITIAL READ USE at: [ 1042.833175][T11226] lock_acquire+0x120/0x360 [ 1042.840018][T11226] _raw_read_lock+0x36/0x50 [ 1042.846858][T11226] __do_wait+0xde/0x740 [ 1042.853364][T11226] do_wait+0x1f8/0x510 [ 1042.859787][T11226] kernel_wait+0xab/0x170 [ 1042.866448][T11226] call_usermodehelper_exec_work+0xbe/0x230 [ 1042.874668][T11226] process_scheduled_works+0xae1/0x17b0 [ 1042.882544][T11226] worker_thread+0x8a0/0xda0 [ 1042.889478][T11226] kthread+0x711/0x8a0 [ 1042.895965][T11226] ret_from_fork+0x4bc/0x870 [ 1042.902878][T11226] ret_from_fork_asm+0x1a/0x30 [ 1042.910056][T11226] } [ 1042.912713][T11226] ... key at: [] tasklist_lock+0x18/0x40 [ 1042.920697][T11226] ... acquired at: [ 1042.924653][T11226] lock_acquire+0x120/0x360 [ 1042.929311][T11226] _raw_read_lock+0x36/0x50 [ 1042.933971][T11226] send_sigurg+0x12b/0x420 [ 1042.938545][T11226] sk_send_sigurg+0x6c/0x2e0 [ 1042.943299][T11226] queue_oob+0x420/0x4f0 [ 1042.947702][T11226] unix_stream_sendmsg+0xc3f/0xdf0 [ 1042.953405][T11226] __sock_sendmsg+0x21c/0x270 [ 1042.958241][T11226] ____sys_sendmsg+0x52d/0x830 [ 1042.963157][T11226] ___sys_sendmsg+0x21f/0x2a0 [ 1042.967985][T11226] __sys_sendmmsg+0x227/0x430 [ 1042.972822][T11226] __x64_sys_sendmmsg+0xa0/0xc0 [ 1042.977913][T11226] do_syscall_64+0xfa/0xfa0 [ 1042.982591][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1042.988659][T11226] [ 1042.990977][T11226] -> (&f_owner->lock){....}-{3:3} { [ 1042.996266][T11226] INITIAL USE at: [ 1043.000237][T11226] lock_acquire+0x120/0x360 [ 1043.006466][T11226] _raw_write_lock_irq+0xa2/0xf0 [ 1043.013135][T11226] __f_setown+0x67/0x370 [ 1043.019101][T11226] generic_setlease+0xd60/0x1240 [ 1043.025769][T11226] fcntl_setlease+0x3a2/0x4c0 [ 1043.032175][T11226] do_fcntl+0x6a9/0x1910 [ 1043.038142][T11226] __se_sys_fcntl+0xc8/0x150 [ 1043.044460][T11226] do_syscall_64+0xfa/0xfa0 [ 1043.050700][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.058320][T11226] INITIAL READ USE at: [ 1043.062725][T11226] lock_acquire+0x120/0x360 [ 1043.069387][T11226] _raw_read_lock_irqsave+0xaf/0x100 [ 1043.076834][T11226] send_sigio+0x38/0x370 [ 1043.083236][T11226] kill_fasync+0x24d/0x4d0 [ 1043.089817][T11226] lease_break_callback+0x26/0x30 [ 1043.097009][T11226] __break_lease+0x6a5/0x1620 [ 1043.103851][T11226] do_dentry_open+0x8b7/0x13f0 [ 1043.110779][T11226] vfs_open+0x3b/0x340 [ 1043.117789][T11226] path_openat+0x2ee5/0x3830 [ 1043.124541][T11226] do_filp_open+0x1fa/0x410 [ 1043.131211][T11226] do_sys_openat2+0x121/0x1c0 [ 1043.138047][T11226] __x64_sys_open+0x11e/0x150 [ 1043.144888][T11226] do_syscall_64+0xfa/0xfa0 [ 1043.151570][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.159623][T11226] } [ 1043.162199][T11226] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1043.171124][T11226] ... acquired at: [ 1043.174997][T11226] lock_acquire+0x120/0x360 [ 1043.179661][T11226] _raw_read_lock_irqsave+0xaf/0x100 [ 1043.185110][T11226] send_sigio+0x38/0x370 [ 1043.189511][T11226] kill_fasync+0x24d/0x4d0 [ 1043.194086][T11226] lease_break_callback+0x26/0x30 [ 1043.199275][T11226] __break_lease+0x6a5/0x1620 [ 1043.204116][T11226] do_dentry_open+0x8b7/0x13f0 [ 1043.209040][T11226] vfs_open+0x3b/0x340 [ 1043.213265][T11226] path_openat+0x2ee5/0x3830 [ 1043.218016][T11226] do_filp_open+0x1fa/0x410 [ 1043.222678][T11226] do_sys_openat2+0x121/0x1c0 [ 1043.227514][T11226] __x64_sys_open+0x11e/0x150 [ 1043.232349][T11226] do_syscall_64+0xfa/0xfa0 [ 1043.237017][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.243161][T11226] [ 1043.245473][T11226] -> (&new->fa_lock){....}-{3:3} { [ 1043.250657][T11226] INITIAL USE at: [ 1043.254534][T11226] lock_acquire+0x120/0x360 [ 1043.260585][T11226] _raw_write_lock_irq+0xa2/0xf0 [ 1043.267076][T11226] fasync_remove_entry+0xf1/0x1c0 [ 1043.273651][T11226] lease_modify+0x1ca/0x3c0 [ 1043.279704][T11226] locks_remove_file+0x4bf/0xea0 [ 1043.286199][T11226] __fput+0x3ab/0xa70 [ 1043.291733][T11226] task_work_run+0x1d4/0x260 [ 1043.297881][T11226] exit_to_user_mode_loop+0xe9/0x130 [ 1043.304717][T11226] do_syscall_64+0x2bd/0xfa0 [ 1043.310954][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.318398][T11226] INITIAL READ USE at: [ 1043.322710][T11226] lock_acquire+0x120/0x360 [ 1043.329204][T11226] _raw_read_lock_irqsave+0xaf/0x100 [ 1043.336481][T11226] kill_fasync+0x199/0x4d0 [ 1043.342883][T11226] lease_break_callback+0x26/0x30 [ 1043.349932][T11226] __break_lease+0x6a5/0x1620 [ 1043.356686][T11226] do_dentry_open+0x8b7/0x13f0 [ 1043.363446][T11226] vfs_open+0x3b/0x340 [ 1043.369501][T11226] path_openat+0x2ee5/0x3830 [ 1043.376076][T11226] do_filp_open+0x1fa/0x410 [ 1043.382568][T11226] do_sys_openat2+0x121/0x1c0 [ 1043.389234][T11226] __x64_sys_open+0x11e/0x150 [ 1043.395900][T11226] do_syscall_64+0xfa/0xfa0 [ 1043.402390][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.410265][T11226] } [ 1043.412747][T11226] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1043.421412][T11226] ... acquired at: [ 1043.425198][T11226] lock_acquire+0x120/0x360 [ 1043.429857][T11226] _raw_read_lock_irqsave+0xaf/0x100 [ 1043.435302][T11226] kill_fasync+0x199/0x4d0 [ 1043.439876][T11226] __start_tty+0x18c/0x220 [ 1043.444454][T11226] start_tty+0x2b/0x70 [ 1043.449126][T11226] n_tty_set_termios+0xa7c/0x1090 [ 1043.454311][T11226] tty_set_termios+0xda4/0x17e0 [ 1043.459322][T11226] set_termios+0x516/0x6c0 [ 1043.463898][T11226] tty_mode_ioctl+0x47e/0x740 [ 1043.468740][T11226] tty_ioctl+0x9c6/0xde0 [ 1043.473143][T11226] __se_sys_ioctl+0xfc/0x170 [ 1043.477892][T11226] do_syscall_64+0xfa/0xfa0 [ 1043.482564][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.488614][T11226] [ 1043.490920][T11226] [ 1043.490920][T11226] stack backtrace: [ 1043.496797][T11226] CPU: 1 UID: 0 PID: 11226 Comm: syz.2.17101 Not tainted syzkaller #0 PREEMPT(full) [ 1043.496815][T11226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1043.496823][T11226] Call Trace: [ 1043.496830][T11226] [ 1043.496837][T11226] dump_stack_lvl+0x189/0x250 [ 1043.496858][T11226] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1043.496874][T11226] ? __pfx__printk+0x10/0x10 [ 1043.496890][T11226] validate_chain+0x1f05/0x2140 [ 1043.496913][T11226] __lock_acquire+0xab9/0xd20 [ 1043.496926][T11226] ? kill_fasync+0x199/0x4d0 [ 1043.496941][T11226] lock_acquire+0x120/0x360 [ 1043.496952][T11226] ? kill_fasync+0x199/0x4d0 [ 1043.496969][T11226] _raw_read_lock_irqsave+0xaf/0x100 [ 1043.496988][T11226] ? kill_fasync+0x199/0x4d0 [ 1043.497002][T11226] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1043.497021][T11226] kill_fasync+0x199/0x4d0 [ 1043.497035][T11226] ? kill_fasync+0x53/0x4d0 [ 1043.497049][T11226] ? __pfx_n_tty_write_wakeup+0x10/0x10 [ 1043.497063][T11226] __start_tty+0x18c/0x220 [ 1043.497079][T11226] start_tty+0x2b/0x70 [ 1043.497093][T11226] n_tty_set_termios+0xa7c/0x1090 [ 1043.497109][T11226] ? __pfx_n_tty_set_termios+0x10/0x10 [ 1043.497122][T11226] tty_set_termios+0xda4/0x17e0 [ 1043.497138][T11226] ? __pfx_tty_set_termios+0x10/0x10 [ 1043.497158][T11226] set_termios+0x516/0x6c0 [ 1043.497174][T11226] ? __pfx_set_termios+0x10/0x10 [ 1043.497189][T11226] ? tty_ldisc_ref_wait+0x25/0x70 [ 1043.497210][T11226] tty_mode_ioctl+0x47e/0x740 [ 1043.497226][T11226] ? __pfx_tty_mode_ioctl+0x10/0x10 [ 1043.497241][T11226] ? tty_ldisc_ref_wait+0x25/0x70 [ 1043.497256][T11226] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 1043.497274][T11226] ? n_tty_ioctl_helper+0x8e/0x340 [ 1043.497290][T11226] ? __pfx_n_tty_ioctl+0x10/0x10 [ 1043.497302][T11226] tty_ioctl+0x9c6/0xde0 [ 1043.497319][T11226] ? __pfx_tty_ioctl+0x10/0x10 [ 1043.497335][T11226] __se_sys_ioctl+0xfc/0x170 [ 1043.497350][T11226] do_syscall_64+0xfa/0xfa0 [ 1043.497368][T11226] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.497380][T11226] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1043.497394][T11226] ? clear_bhb_loop+0x60/0xb0 [ 1043.497407][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.497420][T11226] RIP: 0033:0x7fbd1df8f6c9 [ 1043.497434][T11226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1043.497446][T11226] RSP: 002b:00007fbd1ed77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1043.497461][T11226] RAX: ffffffffffffffda RBX: 00007fbd1e1e6090 RCX: 00007fbd1df8f6c9 [ 1043.497471][T11226] RDX: 0000200000000140 RSI: 0000000000005402 RDI: 0000000000000004 [ 1043.497480][T11226] RBP: 00007fbd1e011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1043.497489][T11226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1043.497497][T11226] R13: 00007fbd1e1e6128 R14: 00007fbd1e1e6090 R15: 00007fbd1e30fa28 [ 1043.497511][T11226]