last executing test programs: 2m39.210523242s ago: executing program 4 (id=1506): r0 = socket$igmp6(0xa, 0x3, 0x2) socketpair(0x6, 0x800, 0x5, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x8110, r1, 0xc17a3000) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, 0x0, 0x0) 2m38.61733633s ago: executing program 4 (id=1510): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYRES32=0x0], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r4}, 0x18) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, 0x0) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000001840)=ANY=[@ANYBLOB="696f636861727365743d42000000000000006d65636173653d312c6572726f72733d72656d6f756e742d726f2c6572726f72733d636f6e74696e75652c666d61736b3d30303030303030303030303030303030303030303030352c696f636861727365743d63703836302c6769643d2a575415629829e5c89da02870a932a755a7", @ANYRESHEX=0x0, @ANYBLOB=',umask=00000000000000000000003,errors=continue,gid=', @ANYRESHEX=0x0, @ANYBLOB=',allow_utime=00002000000000020000000,\x00'], 0x1, 0x152c, &(0x7f0000000300)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP1ptcFkmSS5JckiRJktwSkiY5kpAYcksakpBchuQyhFwnJo37/X5JSJImSUJyS9b/M+HvdOr86vxOJ7/Pmef7+ezPrOfd+1l77fd533evvd+Z+abT4OoNa1SpT0Twb8ELPxIBIBYA+gPANQAQAECZuDJxmeuzS0z893bC/lwPp1zpEbArieuftXH9szauf9bG9c/auP5ZG9c/a+P6Z21cf8aysk1T81/LS9Zd+P5/Vsbn//8iGSVGf7GmxPWdAWL+aArX/7/T7CZ/bDuu/3+t4I9sxPXP2rj+WVXslR4A+z+A3/9ZQbZ/uobrn7Vx/RnLyq70/ecrvUAkaz8HV/r1xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsazjtL1MAcKl9pcfFGGOMMcYYY4yxP4/PdqVHwBhjjDHGGGOMsf88BAESFAQQA9kgFrJDDhAAcDXkgmsgAtdCHFwHueF6yAN5IR/kh3goAAVBgwELBCEUghsgCjdCYbgJikBRKAbFwUEJKAk3Qym4BUrDrVAGboOycDuUg/JQASrCHVAJ7oTKcBdUgbuhKlSD6lAD7oGacC/UgvugNtwPdeABqAsPQj14COrDw9AAHoGG8Cg0gsegMTSBptAMmv+v8l+EbvASdIcekAg9oRe8DL2hD/SFftAfXoEB8CoMhNcgCQbBYHgdhsAbMBTehGEwHEbAWzAS3oZRMBrGwFhIhnEwHt6BCfAuTIRJMBmmQApMhWnwHkyHGTAT3odZMBvmwFyYB/MhFT6ABbAQ0uBDWAQfQToshiWwFJbBclgBK2EVrIY1sBbWwXrYABthE2yGLbAVtsF22AEfw074BHbBbtgDn8Je+OxfzD/1D/mdERBQoECFCmMwBmMxFnNgDsyJOTEX5sIIRjAO4zA35sY8mAfzYT6Mx3gsiAXRoEFCwkJYCKMYxcJYGItgESyGxdChw5JYEkvhLVgaS2MZLINlsSyWw/JYHitiRayElbAyVsYqWAWrYlWsjtXxHrwHe2ItrIW1sTbWwTqXbk9hfayPDbABNsSG2AgbYWNsjE2xKTbH5tgCW2BLbImtsTW2wTbYFttiAiZgO2yH7bE9dsAO2BE7YifshJ2xC3bJeDEb4Ev4EvbAqqIn9sJe2BuTsvXFftgPX8EB+Cq+iq9hEg7Cwfg6vo5v4FA8icNwOI7AEVhJvI2jcDSSGIvJmIzjcTxOwAk4ESfhJJyCKTgVp+E0nI4zcAa+j7NwNs7GuTgX52MqpuICXIhpmIaL8BSm42JcgktxGS7HZbgSV+FKXINrcQ2ux/W4ETfiZtyMW3Erbsft+DEqAPwEd+NuTMK9uBf34T7cj/vxAB7ADMzAg3gQD+EhPIyH8QgewaN4DI/jMTyBJ/AknsLTeBrP4lk8h8/Hf9Xg46Krk0BkUkKJGBEjYkWsyCFyiJwip8glcomIiIg4ESdyi9wij8gj8ol8Il7Ei4KioDDCCBJhDACIqIiKwqKwKCKKiGKimHDCiZKipCglSonSorQoI24TZcXtopwoL1q5iqKiqCRau8riLlFFVBFVRTVRXdQQNURNUVPUErVEbVFb1BF1RF3xoKgnemJffFhkVqahGISNxGBsLJoIefETrIUYii1FK9FaPCmG4zBsK1q4BPGMaCdGYXvxNzEanxMdxVjsJF4QnUUX0VW8KLqJlq676CEmYk/RS0zB3qKP6Cv6ielYTbyPs7JXF6+JJDFIDBavi/n4hhgq3hTDxHAxQrwlRoq3xSgxWowRY0WyGCfGi3fEBPGumCgmicliikgRU8U08Z6YLmaImeJ9MUvMFnPEXDFPzBep4gOxQCwUaeJDsUh8JNLFYrFELBXLxHKxQqwUq8RqsUasFevEerFBbBSbxGaxRWwV28R2sUN8LHaKT8QusVvsEZ+KveIzsU98LvaLL8QB8aXIEF+Jg+JrcUh8Iw6Lb8UR8Z04Ko6J4+J7cUL8IE6KU+K0OCPOih/FOfGTOC+8AIlSSCmVDGSMzCZjZXaZQ14lc8rg4rN7rYyT18nc8nqZR+aV+WR+GS8LyIJSSyOtJBnKQvIGGZU3ysLyJllEFpXFZHHpZAlZUt4sS8lbZGl5qywjb5Nl5e2ynCwvK8iK8g5ZSd4pIXJhH1VlNVld1pD3yES4V9aS98na8n5ZRz4g68oHZT35kKwvH5YN5COyoXxUNpKPycayiWwqm8nm8nHZQj4hW8pWsrV8UraRT8m28mmZIJ+R7aS/+BJ5TnaUz8tO8gXZWXaRXeVP8rz0srvsIaEnyF7yZdlb9pF9ZT/ZX74iB8hX5UD5mkySg+Rg+bocIt+QQ+WbcpgcLkfIt+RI+bYcJUfLMXKsTJbj5Hj5jpwg35UT5SQ5WU6RKXKq7Huxp5lS/m7+O7+RP/DnvW+Um+RmuUVuldvkdrlDfix3yp1yl9wl98g9cq/cK/fJfXK/3C8PyAMyQ2bIg/KgPCQPycPysDwij8ij8pg8I7+XJ+QP8qQ8JU/JM/KsPCvPXXwOQKESSiqlAhWjsqlYlV3lUFepnOpqlUtdoyLqWhWnrlO51fUqj8qr8qn8Kl4VUAWVVkZZRSpUhdQNKqpuxIsvGFVMFVdOlVAl1c3/Sr4qrG5SRVTRX+RfGl/iPxlfc9VctVAtVEvVUrVWrVUb1Ua1VW1VgkpQ7VQ71V61Vx1UB9VRdVSdVCfVWXVWXVVX1U11U91Vd5WoElUv9bLqrfqovqqf6q9eUQPUADVQDVRJKkkNVoPVEDVEDVVD1TA1TI1QI9RINVKNUqPUGDVGJatkNV6NVxPUBDVRTVST1WSVolLUNDVNTVfT1Uw1U81Ss9QcNUfNU/NUqkpVC9QClabS1CK1SKWrxWqxWqqWquVquVqpVqrVarVaq9aq9Wq9Sleb1Ca1RW1R29Q2tUPtUDvVTrVL7VJ71B61V+1V+9Q+tV/tVwfUAZWhMtRBdVAdUofUYXVYHVFH1FF1VB1Xx9UJdUKdVCfVaXVanVVn1Tl1Tp1X5zOnfYEIRKACFcQEMUFsEBvkCHIEOYOcQa4gVxAJIkFcEBfkDq4P8gR5g3xB/iA+KBAUDHRgAhuIi0WPBjcGhYObgiJB0aBYUDxwQYmgZHBzUCq4JSgd3BqUCW4Lyga3B+WC8kGFoGJwR1ApuDOoHNwVVAnuDqoG1YLqQY3gnqBmcG9QK7gvqB3cH9QJHgjqBg8G9YKHgvrBw0GD4JGgYfBo0Ch4LGgcNAmaBs2C5n9q/96fzPuE66576ETdU/fSL+veuo/uq/vp/voVPUC/qgfq13SSHqQH69f1EP2GHqrf1MP0cD1Cv6VH6rf1KD1aj9FjdbIep8frd/QE/a6eqCfpyXqKTtFT9TT9np6uZ+iZ+n09S8/Wc/RcPU/P16n6A71AL9Rp+kO9SH+k0/VivUQv1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q3+sd+pP9C69W+/Rn+q9+jO9T3+u98d+oQ/oL3WG/kof1F/rQ/obfVh/q4/o7/RRfUwf19/rE/oHfVKf0qf1GX1W/6jP6Z/0ee0zJ/eZp3ejjDIxJsbEmliTw+QwOU1Ok8vkMhETMXEmzuQ2uU0ek8fkM/lMvIk3BU1Bk4kMmUKmkImaqClsCpsipogpZooZZ5wpaUqaUqaUKW1KmzKmjClryppyppypYCqYO8wd5k5zp7nL3GXuNnebaqaaqWFqmJqmpqllapnaprapY+qYuqauqWfqmfqmvmlgGpiGpqFpZBqZxqaxaWqamuamuWlhWpiWpqVpbVqbNqaNaWvamgSTYNqZdqa9aW86mA6mo+loOplOprPpbLqarqab6Wa6m+4m0SSaXqaX6W16m76mr+lv+psBZoAZaAaaJJNkBpvBZogZYoaaoWaYGW5GZE5UzdtmlBltxpixJtkkm/FmvJlgJpiJZqKZbCabFJNipplpZrqZbmaamWaWmWXmmDlmnplnUk2qWWAWmDSTZhaZRSbdpJslZolZZpaZFWaFWWVWmTVmjVkH68wGs8FsMpvMFrPFbDPbzA6zw+w0O80us8vsMXvMXrPX7DP7zH6z3xwwB0yGyTAHzUFzyBwyh81hc8QcMUfNUXPcHDcnzAlz0pw0p81pc9bkvXi+9CbWZrc57FU2p73a5rLX2H+M89n8Nt4WsAWttnls3l/ExlpbxBa1xWxx62wJW9Le/Ku4nC1vK9iK9g5byd5pK/8qrmnvtbXsfba2vd/WsPf8Iq5jH7B17aO2HiKAbWIb2Ga2oX3UNrKP2ca2iW1qm9k29inb1j5tE+wztp199lfxArvQrrKr7Rq71u6yu+1pe8Yest/Ys/ZH2932sP3tK3aAfdUOtK/ZJDvoV/EI+5Ydad+2o+xoO8aO/VU82U6xKXaqnWbfs9PtjF/FqfYDO8um2Tl2rp1n5/8cZ44pzX5oF9mPbLoNYIldapfZ5XaFXfn/x7rUrrcb7Ea7035it9itdpvdbndcmgjb3XaP/dTutZ/Zg/Zru99+YQ/YwzbDfvVznHl8h+239oj9zh61x+xx+709YX9Ql7Izj/17+5M9b70FQgKSpCigGMpGsZSdctBVlJOuplx0DUXoWoqj6yg3XU95KC/lo/wUTwWoIGkyZIkopEJ0A0XpRro0vGJUnByVoJJ0M5WiW6g03Upl6DYqS7dTOSpPFagi3UGV6E6qTHdRFbqbqlI1qk416B6qSfdSLbqPatP9VIceoLr0INWjh6g+PUwN6BFqSI9SI3qMGlMTakrNqDk9Ti3oCWpJrag1PUlt6ClqS09TAj1D7ehZak9/ow70HHWk56kTvUCdqQt1pRepG71E3akHJVJP6kUvU2/qQ32pH/WnV2gAvUoD6TVKokE0mF6nIfQGDaU3aRgNpxH0Fo2kt2kUjaYxNJaSaRyNp3doAr1LE2kSTaYplEJTaRq9R9NpBs2k92kWzaY5NJfm0XxKpQ9oAS2kNPqQFtFHlE6LaQktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtDHtJM+oV20m/bQp7SXPqN99Dntpy/oAH1JGfQVHaSv6RB9Q4fpW9+DvqOjdIyO0/d0gn6gk3SKTtMZOks/0jn6ic6TJwgxFKEMVRiEMWG2MDbMHuYIrwpzhleHucJrwkh4bRgXXhfmDq8P84R5w3xh/jA+LBAWDHVoQhtSGIaFwhvCaHhjWDi8KSwSFg2LhcVDF5YIS4Y3h6XCW8LS4a1hmfC2sGx4e1guLB8+en/F8I6wUnhnWDm8K6wS3h1WDauF1cMa4T1hzfDesFZ4X1g7vD8sHT4Q1g0fDOuFD4X1w4fDBuEjYcPw0bBR+FjYOGwSNg2bhc3Dx8MW4RNhy7BV2Dp8MmwTPhW2DZ8OE8Jnwnbhsz+vf2DhP1+fGPYMe4Uvhy+H3t8n50XnR1OjH0QXRBdG06IfRhdFP4qmRxdHl0SXRpdFl0dXRFdGV0VXR9dE10bXRddHN0Q3Rr2vkQ0cOuGkUy5wMS6bi3XZXQ53lcvprna53DUu4q51ce46l9td7/K4vC6fy+/iXQFX0GlnnHXkQlfI3eCi7kZX2N3kiriirpgr7pwr4Uq6Zq65a+5auCdcS9fKtXbXXnyfPe2eds+4du5Z1979zXVwz7mO7nn3vHvBdXZdXFf3ouvmxuW6sG2i6+V6ud6ut+vr+rr+rr8b4Aa4gW6gS3JJbrAb7Ia4IW6oG+qGuWFuhBvhRrqRbpQb5ca4MS7ZJbvxbryb4Ca4iW6im+wmuxSX4qa5aW66m+4qzbiwlzlujpvn5rlUl+oWuMw5Y5pb5Ba5dJfulrglbplb5la4FW6VW+XWuDVunVvnNrgNbpPb5La4LW6b2+Z2uB1up9vpdvlrLnTq9rp9bp/b7/a7A+5Ll+G+cgfd1+6Q+8Yddt+6I+47d9Qdc8fd9+6E+8GddKfcaXfGnXU/unPuJ3feeZccGRcZH3knMiHybmRiZFJkcmRKJCUyNTIt8l5kemRGZGbk/cisyOzInMjcyLzI/Ehq5IPIgsjCSFrkw8iiyEeR9MjiyJLI0siyyPKI9wW2hNkzT55Rf6Mv7G/yRXxRX8wX986X8CX9zb6Uv8WX9rf6Mv42X9bf7sv58r6Cf8w39k18U9/MN/eP+xb+Cd/St/Kt/ZO+jX/Kt/VP+wT/jG/nn/Xt/d98B/+c7+if9538C76z7+K7+hd9N/+S7+57+ETf0/fyL/vevo/v6/v5/v4VP8C/6gf613ySH+QH+9f9EP+GH+rf9MP8cD8i5i0/8tIlMoz1yX6cH+/f8RP8u36in+Qn+yk+xU/10/x7frqf4Wf69/0sP9vP8XP9PD/fp/oP/AK/0Kf5D/0i/5FP94sv3VT2K/xKv8qv9mv8Wr/Or/cb/Ea/yW/2W/xWv81v9zv8x36n/8Tv8rv9Hv+p3+s/8/v8536//8If8F/6DP+VP+i/9of8N/6w/9Yf8d/5o/6YP+6/9yf8D/6kP+VP+zP+rP/Rn/M/+fP8N2uMMcYYY3/IuMtN8cs1F27n9/yNHPF3G/cCgKu35s/4+/WZM8p1eS60+4j4NhEAeKZHp4cvLVWrJiYmXtw2XUJww1yAS98EZYqBy/FiaA1PQQK0glK/Of4+ostZ+p3+o7cB5Pi7nFi4HF/u/3MATPyN/h9/csSCsuHpuP+h/7kARW64nJN5EXApXgytf76/0gpK/5Px523xO+PP/kUyQMu/y8kJl+PL4y8JT8CzkPCLLRljjDHGGGOMsQv6iAodLl1/XvqNz9+6Po9Xl3OyweX4967PL1H/ofEzxhhjjDHGGGPs9z3XpevTjycktOrwrzcq/6+y/nCjEfyneubGbza8B7j0iAKAf7NDgMyG/CuPYvNfsq+ki2+df1y17IwP4P9GKf+MxhX+YGKMMcYYY4z96S5P+n/5OH9fzxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM/XX+in8ndqWPkTHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGLvS/l8AAAD//+cx/7A=") 2m37.695606794s ago: executing program 4 (id=1514): socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r5, &(0x7f0000000000)={0x24, @short={0x2, 0x0, 0xaaa3}}, 0x14) 2m36.167805437s ago: executing program 4 (id=1519): ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, 0x0) r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x9031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1, 0x21, 0x5, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x0, 0xfffffff5}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x15, &(0x7f00000005c0)={{r4}, &(0x7f00000002c0), 0x0}, 0x20) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) rename(&(0x7f0000000400)='./bus\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00'}, 0x18) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x400, &(0x7f0000000180)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c757466383d302c757365667265652c646973636172642c757466383d312c756e695f786c6174653d302c73686f72746e616d653d77696e39352c756e695f786c6174653d302c756e695f786c6174653d302c0008442895b66131b4e4d54b2ba6ae54da0e13047e9f62fbb85ccc774b3ec4c81a1a985232d16d0d934460e920a59172e764c68194b9d9d0be76c595bac1fc5a0a8256a7b77e071e9bdd6100f9ae"], 0xfd, 0x274, &(0x7f0000000500)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==") r5 = creat(0x0, 0xd931d3864d39dcca) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000040)={'syztnl2\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000000000001811", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r8}, 0x10) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1c42}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0x2}, @IFLA_XFRM_LINK={0x8, 0x1, 0x4}]}}}]}, 0x44}}, 0x4048010) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x401d031, 0xffffffffffffffff, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000dab000/0x4000)=nil, 0x4000) 2m35.542686537s ago: executing program 4 (id=1522): getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x4b, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d0000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="80000000000201040000000000000000020000052400028014000180080001000000000008000200ac1e00010c00028005000100000000002400038014000180080001000000cffd86d0aa046c4914000c0002800500010000000000240001"], 0x80}}, 0x0) write$uinput_user_dev(r6, &(0x7f0000000580)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x50, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x200006, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x6, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x4, 0xba55, 0x8da8, 0x2, 0x200, 0x3959, 0x8, 0xe, 0x3, 0x2, 0xde, 0x8, 0x9, 0x1, 0x1, 0x80000001, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x1], [0x6, 0x1e, 0x0, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0xc32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x800, 0xfffffffe, 0x4, 0x1000001, 0x10, 0x1, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x8, 0x6, 0x10001, 0x1, 0x1, 0x800008, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x1004, 0x7, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x7, 0xb, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x8, 0x5, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0x0, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2, 0x7, 0x4, 0xea, 0x2, 0x5, 0x6, 0xd9, 0x0, 0x8, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x3, 0x50, 0x2, 0x763, 0xb, 0x402, 0x800, 0x4, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x8, 0xe47, 0x3, 0x3, 0x4, 0x103, 0x1000, 0x3b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x2, 0xfffffff8, 0x3, 0x9, 0x200, 0x7, 0x4ee1, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0x2000b, 0x133, 0x6]}, 0x45c) socket(0x10, 0x6, 0x0) ioctl$UI_DEV_CREATE(r6, 0x5501) 2m33.89647713s ago: executing program 4 (id=1526): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"}) r1 = syz_open_pts(r0, 0x8182) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000000)={0x7, 0x9, 0x8, 0x8, 0x5, "6c2a0a5692c16ea0c38f93b1a2f388a5d2b72a"}) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB]) socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00') preadv(r6, &(0x7f00000003c0)=[{&(0x7f0000001180)=""/4084, 0xff4}], 0x1, 0x304, 0x21000008) 2m33.755662481s ago: executing program 32 (id=1526): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"}) r1 = syz_open_pts(r0, 0x8182) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000000)={0x7, 0x9, 0x8, 0x8, 0x5, "6c2a0a5692c16ea0c38f93b1a2f388a5d2b72a"}) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB]) socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00') preadv(r6, &(0x7f00000003c0)=[{&(0x7f0000001180)=""/4084, 0xff4}], 0x1, 0x304, 0x21000008) 4.820882472s ago: executing program 2 (id=2220): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000000440)={{0x2, 0x0, 0x80, {0x80a0000, 0x2000}}}) 4.768572057s ago: executing program 2 (id=2221): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fc, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0x8, 0x4f, 0x81, 0x7, 0xc0, 0x1, 0xff, 0x6, 0xc, 0x4, 0x9}, {0x8, 0xaff3, 0x0, 0x8, 0x4, 0x1, 0x8, 0x3, 0x4, 0x53, 0x1, 0x6, 0x10005}, {0x0, 0x7, 0x10, 0x10, 0x25, 0x2, 0x0, 0xfb, 0x4, 0x15, 0x1, 0x3, 0x40000000000002}], 0x9}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000100)=@x86={0xa, 0xd, 0x81, 0x0, 0x10002, 0x8, 0x0, 0x6, 0x5, 0x0, 0x5, 0x3, 0x0, 0x1, 0x1, 0x3, 0x8, 0xfc, 0x9, '\x00', 0x6, 0xe0000000000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.72306117s ago: executing program 2 (id=2223): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x85b, 0x0, 0x6}, {0x28c, 0x0, 0xffffffffffffffff}]}) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x11, 0x4, 0xb}) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x0, 0x200000a, 0x810, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000002640)={0x44, &(0x7f0000000240)={0x40, 0x3, 0x8, "065ef71c8d6a60d3"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.513394848s ago: executing program 2 (id=2252): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}}, 0x50) syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x3731, {0x0, 0x7f69ff17f1e1ab77}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x104) close_range(r0, 0xffffffffffffffff, 0x0) 3.504833498s ago: executing program 2 (id=2253): r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x604, 0x0) 2.773262857s ago: executing program 5 (id=2275): socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000d00)={0x2c, &(0x7f0000000a40)=ANY=[@ANYBLOB="003006"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000600)={0x1c, &(0x7f0000000200)={0x0, 0x10, 0x2, "9a71"}, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 2.262006288s ago: executing program 0 (id=2281): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000040)={[0x4, 0x2, 0x80, 0x5, 0x4, 0x7f, 0x4232, 0x0, 0x81, 0x9c1, 0x8001, 0x5, 0x7, 0x4db6, 0x0, 0xfffffdfffffffffd], 0xdddd1000, 0x80300}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff, 0xce}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.220562262s ago: executing program 0 (id=2282): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}}, 0x50) syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x3731, {0x0, 0x7f69ff17f1e1ab77}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x104) close_range(r0, 0xffffffffffffffff, 0x0) 2.212401402s ago: executing program 0 (id=2283): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setresuid(0xee01, 0xee01, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000740)="2e6726f30fc7ff66b8010000000f01c1b072ee6766c7442400000001006766c7442402000000006766c744240600000000670f011c2466b92d0300000f323e0f01fc0f01c90f01c566b8f2a97e630f23d00f21f86635300000050f23f8ba2100b000ee6766c7442400530000006766c7442402050000006766c744240600000000670f011c24", 0xffffffffffffff12}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 2.160450666s ago: executing program 0 (id=2284): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="010000000000000007"]) 2.160045247s ago: executing program 0 (id=2285): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_INPUT(r1, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_NESTED_STATE(r3, 0xc080aebe, &(0x7f0000000440)={{0x2, 0x0, 0x80, {0x80a0000, 0x2000}}}) 2.103042161s ago: executing program 0 (id=2286): syz_open_procfs(0xffffffffffffffff, 0x0) r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000002600)=ANY=[@ANYBLOB="0003020000000203a6"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41f}}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000001c0)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x83, 0x2, '\x00\x00'}, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x84, 0x2, "06ac"}, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000a00)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)={0x20, 0x84, 0x2, "46e2"}, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) 802.483305ms ago: executing program 1 (id=2304): write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x138) truncate(&(0x7f00000000c0)='./file1\x00', 0x8) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x40000104, 0x0, 0x6}]}) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000140)=0xa7, 0x4, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x7, 0x100000000, 0x0, 0x7dd, 0x100000, 0x0, 0x2004c8, 0x1, 0x0, 0x0, 0x7, 0xffffffffffffffff, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000500)={{{@in6=@mcast2, @in6=@dev}}, {{@in=@dev}, 0x0, @in6=@ipv4}}, &(0x7f00000000c0)=0xe8) sendmsg$nl_netfilter(r1, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x41}, 0x90) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 762.470339ms ago: executing program 1 (id=2305): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r3, &(0x7f0000000000)=ANY=[@ANYRES32=r2, @ANYRESHEX, @ANYRES8=r1, @ANYRES8=r1, @ANYRES16], 0xffdd) 712.304013ms ago: executing program 1 (id=2306): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f00000c6000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x40, 0x0, 0x0) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd) ioctl$KVM_RUN(r2, 0xae80, 0x0) 662.570367ms ago: executing program 1 (id=2307): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x100480, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4d549b, 0x0, [0x8000000000000001, 0x8, 0x0, 0x8, 0x10001, 0x80000000000006, 0x1000000006, 0x10007ffffe]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 539.207367ms ago: executing program 3 (id=2309): r0 = socket(0x200000000000011, 0x2, 0x8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000040)=0x46c, 0x4) sendto$packet(r2, &(0x7f00000005c0)="330320000c00140000007ef50000", 0xe, 0x40008c1, &(0x7f00000001c0)={0x11, 0x3, r1, 0x1, 0x9, 0x6, @multicast}, 0x14) 526.387298ms ago: executing program 3 (id=2310): openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x1e5102, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x7}}, 0x50) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000740), 0x20001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000180)=[@cr4={0x1, 0x40002}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 483.316061ms ago: executing program 2 (id=2311): ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x331, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 420.333737ms ago: executing program 3 (id=2312): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f0000000100), 0x0) 360.202691ms ago: executing program 5 (id=2313): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101201, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000d80)={0x1, &(0x7f0000000d40)=[{0x6, 0x6, 0x38, 0x7fffffff}]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2004cb, 0x200000000040, 0xb96b, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xff], 0x0, 0x200}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 276.543228ms ago: executing program 3 (id=2314): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x40000104, 0x0, 0x6}]}) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000140)=0xa7, 0x4, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x7, 0x100000000, 0x0, 0x7dd, 0x100000, 0x0, 0x2004c8, 0x1, 0x0, 0x0, 0x7, 0xffffffffffffffff, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000500)={{{@in6=@mcast2, @in6=@dev}}, {{@in=@dev}, 0x0, @in6=@ipv4}}, &(0x7f00000000c0)=0xe8) sendmsg$nl_netfilter(r1, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000000)={&(0x7f0000000600)={0x14, 0x4, 0x2, 0x201, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x90) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 260.518719ms ago: executing program 1 (id=2315): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000004c0)={0x1, 0x0, @pic={0x7, 0xff, 0x6, 0x40, 0x3, 0x7, 0x2f, 0x2, 0x6, 0x1, 0x40, 0x6, 0xa, 0x3, 0x8, 0x4}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x8000000000000035, 0xfff, 0x0, 0x40180, 0x5, 0x14, 0xf2, 0x3, 0x7fffffffffffe, 0x5, 0x5, 0xc6bd, 0x566, 0x45, 0x5, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 260.012869ms ago: executing program 5 (id=2316): write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x138) truncate(&(0x7f00000000c0)='./file1\x00', 0x8) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x40000104, 0x0, 0x6}]}) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000140)=0xa7, 0x4, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x7, 0x100000000, 0x0, 0x7dd, 0x100000, 0x0, 0x2004c8, 0x1, 0x0, 0x0, 0x7, 0xffffffffffffffff, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000500)={{{@in6=@mcast2, @in6=@dev}}, {{@in=@dev}, 0x0, @in6=@ipv4}}, &(0x7f00000000c0)=0xe8) sendmsg$nl_netfilter(r1, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x41}, 0x90) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x6, 0x4, 0xefffffffffffffff, 0x2, 0x1000, 0x2000000, 0x0, 0x18, 0xffffffffffffffff, 0xffffffffffffffff, 0x6], 0x0, 0x41900}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 210.356713ms ago: executing program 3 (id=2317): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r3, &(0x7f0000000000)=ANY=[@ANYRES32=r2, @ANYRESHEX, @ANYRES8=r1, @ANYRES8=r1, @ANYRES16], 0xffdd) 172.599876ms ago: executing program 1 (id=2318): openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88ce359bdb02163c, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) syz_usb_connect$hid(0x2, 0x0, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, 0x1}, 0x6) 145.856879ms ago: executing program 5 (id=2319): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f00000c6000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x40, 0x0, 0x0) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xffdd) ioctl$KVM_RUN(r2, 0xae80, 0x0) 136.658529ms ago: executing program 3 (id=2320): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000240)={0x94}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x12, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x4, 0x0, 0x2, 0x0, 0x7fffffff], 0x80a0000, 0x80}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 82.263804ms ago: executing program 5 (id=2321): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000500)='./file0/../file0\x00', 0x1) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000580)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) 0s ago: executing program 5 (id=2322): r0 = creat(&(0x7f0000001380)='./file0\x00', 0x4) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000003c0), 0x0, &(0x7f0000001680)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_client}, {@directio}], [], 0x6b}}) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4, 0x810, r0, 0x1e380000) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) open$dir(&(0x7f0000000300)='./file0\x00', 0x100, 0x195) kernel console output (not intermixed with test programs): g dummy_hcd [ 667.927353][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 667.939185][ T7508] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 667.960442][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 667.979390][ T7508] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 667.987623][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 668.009930][ T7508] loop1: detected capacity change from 0 to 256 [ 668.016560][ T39] hub 3-1:0.0: hub_hub_status failed (err = -32) [ 668.023343][ T6960] EXT4-fs (loop5): unmounting filesystem. [ 668.027049][ T39] hub 3-1:0.0: config failed, can't get hub status (err -32) [ 668.029790][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 668.039093][ T7508] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 668.057107][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 668.073069][ T39] usbhid 3-1:0.0: can't add hid device: -71 [ 668.079073][ T39] usbhid: probe of 3-1:0.0 failed with error -71 [ 668.091425][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 668.099541][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 668.107794][ T285] EXT4-fs (loop2): unmounting filesystem. [ 668.114153][ T6] usb 1-1: Using ep0 maxpacket: 16 [ 668.146865][ T6] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 668.157011][ T39] usb 3-1: USB disconnect, device number 62 [ 668.163821][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 668.171988][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 668.180189][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 668.188282][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 668.197578][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 668.205814][ T7508] overlayfs: filesystem on './file1' not supported [ 668.223804][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 668.227104][ T6] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 668.232207][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 668.241591][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 668.249325][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 668.257740][ T6] usb 1-1: Product: syz [ 668.265498][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 668.277878][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 668.286407][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 668.294946][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 668.303467][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 668.313692][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 668.344920][ T6] usb 1-1: Manufacturer: syz [ 668.345593][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 668.362851][ T6] usb 1-1: SerialNumber: syz [ 668.422888][ T7543] loop2: detected capacity change from 0 to 512 [ 668.439531][ T7543] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 668.489233][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 668.517832][ T7543] EXT4-fs (loop2): orphan cleanup on readonly fs [ 668.535724][ T7543] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5 [ 668.545537][ T7543] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 668.555051][ T7543] EXT4-fs error (device loop2): ext4_acquire_dquot:6801: comm syz.2.1672: Failed to acquire dquot type 1 [ 668.589139][ T7543] EXT4-fs (loop2): 1 truncate cleaned up [ 668.637140][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 668.643919][ T6] usb 1-1: config 0 descriptor?? [ 668.645750][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 668.663081][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 668.680972][ T7543] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 668.722056][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 668.739160][ T6] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 668.756409][ T65] usb 2-1: MIDIStreaming interface descriptor not found [ 668.775179][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 668.824655][ T439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 668.897992][ T65] usb 2-1: USB disconnect, device number 63 [ 669.121809][ T6] usb 1-1: Detected FT232R [ 669.129379][ T287] EXT4-fs (loop3): unmounting filesystem. [ 669.142220][ T6] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 669.389251][ T6] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 669.429071][ T285] EXT4-fs (loop2): unmounting filesystem. [ 669.440730][ T7548] loop5: detected capacity change from 0 to 512 [ 669.448958][ T7548] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 669.581848][ T7548] EXT4-fs (loop5): orphan cleanup on readonly fs [ 669.590735][ T7548] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5 [ 669.600412][ T7548] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 669.609934][ T7548] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1673: Failed to acquire dquot type 1 [ 669.623677][ T7548] EXT4-fs (loop5): 1 truncate cleaned up [ 669.651649][ T7548] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 670.389788][ T6960] EXT4-fs (loop5): unmounting filesystem. [ 670.608747][ T7567] loop5: detected capacity change from 0 to 128 [ 670.862154][ T7570] netlink: 'syz.0.1670': attribute type 3 has an invalid length. [ 670.922831][ T7558] usb usb8: usbfs: process 7558 (syz.3.1674) did not claim interface 0 before use [ 671.445936][ T7577] loop2: detected capacity change from 0 to 512 [ 671.534650][ T7577] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.1679: casefold flag without casefold feature [ 671.686450][ T7577] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.1679: couldn't read orphan inode 15 (err -117) [ 671.698781][ T7577] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 671.787360][ T7584] netlink: 'syz.5.1681': attribute type 4 has an invalid length. [ 671.795177][ T7584] netlink: 'syz.5.1681': attribute type 5 has an invalid length. [ 671.802944][ T7584] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.1681'. [ 671.871586][ T7584] loop5: detected capacity change from 0 to 512 [ 671.880137][ T7584] FAT-fs (loop5): Unrecognized mount option "ngnumta" or missing value [ 671.920783][ T4670] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 672.060111][ T65] usb 3-1: new full-speed USB device number 63 using dummy_hcd [ 672.112520][ T7588] loop3: detected capacity change from 0 to 512 [ 672.120146][ T7588] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 672.177971][ T7588] EXT4-fs (loop3): orphan cleanup on readonly fs [ 672.250785][ T6] usb 1-1: USB disconnect, device number 58 [ 672.261777][ T65] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 672.288072][ T6] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 672.306883][ T7588] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5 [ 672.316474][ T7588] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 672.325898][ T7588] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1682: Failed to acquire dquot type 1 [ 672.462523][ T7588] EXT4-fs (loop3): 1 truncate cleaned up [ 672.482453][ T6] ftdi_sio 1-1:0.0: device disconnected [ 672.489346][ T65] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 672.574877][ T65] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 672.594074][ T65] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 672.675973][ T65] usb 3-1: config 0 descriptor?? [ 672.684826][ T7588] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 674.421737][ T7601] netlink: 'syz.5.1686': attribute type 4 has an invalid length. [ 674.429489][ T7601] netlink: 'syz.5.1686': attribute type 5 has an invalid length. [ 674.437238][ T7601] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.1686'. [ 674.450698][ T7601] loop5: detected capacity change from 0 to 512 [ 674.457292][ T7601] FAT-fs (loop5): Unrecognized mount option "ngnumta" or missing value [ 674.500618][ T287] EXT4-fs (loop3): unmounting filesystem. [ 674.503009][ T65] hub 3-1:0.0: USB hub found [ 674.511940][ T4670] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 674.527677][ T285] EXT4-fs (loop2): unmounting filesystem. [ 674.535536][ T65] hub 3-1:0.0: config failed, can't read hub descriptor (err -22) [ 674.553343][ T65] usbhid 3-1:0.0: can't add hid device: -71 [ 674.564602][ T65] usbhid: probe of 3-1:0.0 failed with error -71 [ 674.700839][ T7609] loop3: detected capacity change from 0 to 512 [ 674.736807][ T19] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 674.771334][ T7609] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 674.826526][ T65] usb 3-1: USB disconnect, device number 63 [ 674.882851][ T7609] EXT4-fs (loop3): orphan cleanup on readonly fs [ 674.891331][ T7609] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5 [ 674.900880][ T7609] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 674.910303][ T7609] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1687: Failed to acquire dquot type 1 [ 674.924188][ T7609] EXT4-fs (loop3): 1 truncate cleaned up [ 674.970058][ T19] usb 2-1: Using ep0 maxpacket: 16 [ 675.001966][ T19] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 675.078227][ T7609] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 675.164225][ T19] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 675.215808][ T19] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 675.252986][ T19] usb 2-1: Product: syz [ 675.272206][ T19] usb 2-1: Manufacturer: syz [ 675.293991][ T19] usb 2-1: SerialNumber: syz [ 675.336101][ T19] usb 2-1: config 0 descriptor?? [ 675.370495][ T19] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 675.755868][ T65] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 675.764416][ T19] usb 2-1: Detected FT232R [ 675.772049][ T19] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 675.808279][ T287] EXT4-fs (loop3): unmounting filesystem. [ 675.950405][ T65] usb 3-1: Using ep0 maxpacket: 16 [ 675.956804][ T65] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 675.967488][ T65] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 675.976816][ T65] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 675.986252][ T19] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 675.994672][ T65] usb 3-1: Product: syz [ 676.849639][ T65] usb 3-1: Manufacturer: syz [ 676.854281][ T65] usb 3-1: SerialNumber: syz [ 676.859493][ T65] usb 3-1: config 0 descriptor?? [ 676.866415][ T65] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 676.874850][ T65] usb 3-1: Detected FT232R [ 676.931336][ T7591] netlink: 'syz.1.1683': attribute type 3 has an invalid length. [ 677.827534][ T65] ftdi_sio ttyUSB1: Unable to read latency timer: -32 [ 677.838679][ T6] usb 2-1: USB disconnect, device number 64 [ 677.851950][ T6] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 677.866156][ T6] ftdi_sio 2-1:0.0: device disconnected [ 680.190176][ T7653] loop3: detected capacity change from 0 to 512 [ 680.336546][ T7654] loop1: detected capacity change from 0 to 512 [ 680.353191][ T7653] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 680.362398][ T7654] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 680.482092][ T7653] EXT4-fs (loop3): orphan cleanup on readonly fs [ 680.490545][ T7653] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5 [ 680.500131][ T7653] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 680.509541][ T7653] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1696: Failed to acquire dquot type 1 [ 680.523298][ T7653] EXT4-fs (loop3): 1 truncate cleaned up [ 680.533618][ T7654] EXT4-fs (loop1): orphan cleanup on readonly fs [ 680.540500][ T65] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 680.549183][ T7654] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5 [ 680.558616][ T7654] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 680.565486][ T65] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 680.568018][ T7654] EXT4-fs error (device loop1): ext4_acquire_dquot:6801: comm syz.1.1698: Failed to acquire dquot type 1 [ 680.590141][ T7654] EXT4-fs (loop1): 1 truncate cleaned up [ 680.631871][ T65] usb 3-1: USB disconnect, device number 64 [ 680.653379][ T7653] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 680.669220][ T7654] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 680.692520][ T65] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 680.710725][ T65] ftdi_sio 3-1:0.0: device disconnected [ 680.861485][ T7667] netlink: 'syz.5.1702': attribute type 4 has an invalid length. [ 680.869303][ T7667] netlink: 'syz.5.1702': attribute type 5 has an invalid length. [ 680.877118][ T7667] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.1702'. [ 680.984834][ T7667] loop5: detected capacity change from 0 to 512 [ 680.997914][ T7667] FAT-fs (loop5): Unrecognized mount option "ngnumta" or missing value [ 681.330948][ T286] EXT4-fs (loop1): unmounting filesystem. [ 681.383721][ T335] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 681.393661][ T287] EXT4-fs (loop3): unmounting filesystem. [ 681.590067][ T65] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 681.740251][ T291] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 681.910082][ T65] usb 3-1: Using ep0 maxpacket: 16 [ 681.916310][ T65] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 681.926434][ T65] usb 3-1: config 0 has no interfaces? [ 681.933385][ T65] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 681.942474][ T65] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 681.950049][ T291] usb 4-1: Using ep0 maxpacket: 32 [ 681.950507][ T65] usb 3-1: Product: syz [ 681.957141][ T291] usb 4-1: unable to get BOS descriptor or descriptor too short [ 681.959740][ T65] usb 3-1: Manufacturer: syz [ 681.968452][ T291] usb 4-1: config 7 has an invalid interface number: 128 but max is 0 [ 681.971997][ T6] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 681.980374][ T291] usb 4-1: config 7 contains an unexpected descriptor of type 0x1, skipping [ 681.987626][ T65] usb 3-1: SerialNumber: syz [ 681.996497][ T291] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 682.004794][ T65] usb 3-1: config 0 descriptor?? [ 682.011181][ T291] usb 4-1: config 7 has no interface number 0 [ 682.022033][ T291] usb 4-1: config 7 interface 128 altsetting 2 has an invalid endpoint with address 0x17, skipping [ 682.032784][ T291] usb 4-1: config 7 interface 128 altsetting 2 endpoint 0x87 has an invalid bInterval 209, changing to 11 [ 682.044126][ T291] usb 4-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 682.057206][ T291] usb 4-1: config 7 interface 128 has no altsetting 0 [ 682.065260][ T291] usb 4-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13 [ 682.074331][ T291] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 682.082328][ T291] usb 4-1: Product: syz [ 682.086490][ T291] usb 4-1: Manufacturer: syz [ 682.091104][ T291] usb 4-1: SerialNumber: syz [ 682.096438][ T7673] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 682.180058][ T6] usb 6-1: Using ep0 maxpacket: 16 [ 682.186260][ T6] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 682.196539][ T6] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 682.205619][ T6] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 682.213628][ T6] usb 6-1: Product: syz [ 682.217824][ T6] usb 6-1: Manufacturer: syz [ 682.222692][ T6] usb 6-1: SerialNumber: syz [ 682.231114][ T6] usb 6-1: config 0 descriptor?? [ 682.238074][ T6] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 682.246671][ T6] usb 6-1: Detected FT232R [ 682.307105][ T291] usb 4-1: MIDIStreaming interface descriptor not found [ 682.319703][ T291] usb 4-1: USB disconnect, device number 50 [ 682.328197][ T370] udevd[370]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:7.128/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 682.454474][ T6] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 682.735207][ T6] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 682.741992][ T7697] loop1: detected capacity change from 0 to 512 [ 682.755576][ T7697] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.1714: casefold flag without casefold feature [ 682.768439][ T7697] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1714: couldn't read orphan inode 15 (err -117) [ 682.780722][ T7697] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 682.874370][ T7682] netlink: 'syz.5.1710': attribute type 3 has an invalid length. [ 682.956811][ T7704] loop3: detected capacity change from 0 to 512 [ 682.983833][ T7704] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 683.002762][ T19] usb 6-1: USB disconnect, device number 5 [ 683.024518][ T19] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 683.062038][ T7704] EXT4-fs (loop3): orphan cleanup on readonly fs [ 683.069211][ T6] usb 2-1: new full-speed USB device number 65 using dummy_hcd [ 683.077693][ T7704] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5 [ 683.087255][ T7704] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 683.096693][ T7704] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1715: Failed to acquire dquot type 1 [ 683.109766][ T7704] EXT4-fs (loop3): 1 truncate cleaned up [ 683.184259][ T19] ftdi_sio 6-1:0.0: device disconnected [ 683.311557][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 683.489092][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 683.557133][ T6] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 684.474498][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.776393][ T7718] loop5: detected capacity change from 0 to 512 [ 684.789377][ T7718] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 684.869414][ T7721] loop0: detected capacity change from 0 to 512 [ 684.880492][ T7718] EXT4-fs (loop5): orphan cleanup on readonly fs [ 684.888929][ T7718] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5 [ 684.898483][ T7718] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 684.907898][ T7718] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1718: Failed to acquire dquot type 1 [ 684.921369][ T7718] EXT4-fs (loop5): 1 truncate cleaned up [ 684.959175][ T6] usb 2-1: config 0 descriptor?? [ 685.020753][ T7704] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 685.082155][ T7718] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 685.143680][ T387] usb 3-1: USB disconnect, device number 65 [ 685.421672][ T7721] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.1729: casefold flag without casefold feature [ 685.546851][ T6] hub 2-1:0.0: USB hub found [ 685.567008][ T7721] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.1729: couldn't read orphan inode 15 (err -117) [ 685.579883][ T287] EXT4-fs (loop3): unmounting filesystem. [ 685.586993][ T7721] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 685.615405][ T6] hub 2-1:0.0: 1 port detected [ 685.681167][ T6960] EXT4-fs (loop5): unmounting filesystem. [ 686.500279][ T7730] loop3: detected capacity change from 0 to 40427 [ 686.510442][ T7730] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 686.518189][ T7730] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 686.529643][ T7730] F2FS-fs (loop3): invalid crc value [ 686.544857][ T7697] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7697 comm=syz.1.1714 [ 686.632297][ T7730] F2FS-fs (loop3): Found nat_bits in checkpoint [ 686.714518][ T7730] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 686.721709][ T7730] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 687.010979][ T6] hub 2-1:0.0: hub_hub_status failed (err = -71) [ 687.017341][ T6] hub 2-1:0.0: config failed, can't get hub status (err -71) [ 687.027395][ T6] usbhid 2-1:0.0: can't add hid device: -71 [ 687.033562][ T6] usbhid: probe of 2-1:0.0 failed with error -71 [ 687.070718][ T6] usb 2-1: USB disconnect, device number 65 [ 687.090088][ T387] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 687.170123][ T19] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 687.177746][ T65] usb 1-1: new full-speed USB device number 59 using dummy_hcd [ 687.388505][ T286] EXT4-fs (loop1): unmounting filesystem. [ 687.490062][ T387] usb 3-1: Using ep0 maxpacket: 16 [ 687.496459][ T387] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 687.512123][ T387] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 687.525542][ T387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.533621][ T387] usb 3-1: Product: syz [ 687.537830][ T387] usb 3-1: Manufacturer: syz [ 687.542665][ T387] usb 3-1: SerialNumber: syz [ 687.547916][ T387] usb 3-1: config 0 descriptor?? [ 687.554249][ T387] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 687.561742][ T19] usb 6-1: Using ep0 maxpacket: 32 [ 687.567346][ T387] usb 3-1: Detected FT232R [ 687.572320][ T65] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 687.583448][ T65] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 687.593777][ T19] usb 6-1: unable to get BOS descriptor or descriptor too short [ 687.601839][ T65] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 687.611508][ T65] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.619728][ T19] usb 6-1: config 7 has an invalid interface number: 128 but max is 0 [ 687.628386][ T65] usb 1-1: config 0 descriptor?? [ 687.633417][ T19] usb 6-1: config 7 contains an unexpected descriptor of type 0x1, skipping [ 687.642202][ T19] usb 6-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 687.652820][ T65] hub 1-1:0.0: USB hub found [ 687.657466][ T19] usb 6-1: config 7 has no interface number 0 [ 687.663566][ T19] usb 6-1: config 7 interface 128 altsetting 2 has an invalid endpoint with address 0x17, skipping [ 687.674260][ T19] usb 6-1: config 7 interface 128 altsetting 2 endpoint 0x87 has an invalid bInterval 209, changing to 11 [ 687.685553][ T19] usb 6-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 687.698636][ T19] usb 6-1: config 7 interface 128 has no altsetting 0 [ 687.706764][ T19] usb 6-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13 [ 687.715833][ T19] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.723852][ T19] usb 6-1: Product: syz [ 687.728022][ T19] usb 6-1: Manufacturer: syz [ 687.732634][ T19] usb 6-1: SerialNumber: syz [ 687.737994][ T7728] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 687.754999][ T387] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 687.818351][ T65] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 687.820244][ T284] EXT4-fs (loop0): unmounting filesystem. [ 687.828447][ T65] usbhid 1-1:0.0: can't add hid device: -71 [ 687.837975][ T65] usbhid: probe of 1-1:0.0 failed with error -71 [ 687.888607][ T65] usb 1-1: USB disconnect, device number 59 [ 687.950012][ T19] usb 6-1: MIDIStreaming interface descriptor not found [ 687.967170][ T19] usb 6-1: USB disconnect, device number 6 [ 688.011677][ T387] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 688.023335][ T335] udevd[335]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:7.128/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 688.086411][ T7751] loop3: detected capacity change from 0 to 512 [ 688.098402][ T7751] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 688.171782][ T7751] EXT4-fs (loop3): orphan cleanup on readonly fs [ 688.181139][ T7751] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5 [ 688.190850][ T7751] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 688.200396][ T7751] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1726: Failed to acquire dquot type 1 [ 688.215738][ T7751] EXT4-fs (loop3): 1 truncate cleaned up [ 688.248480][ T7751] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 688.590051][ T65] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 688.606447][ T7760] netlink: 'syz.2.1719': attribute type 3 has an invalid length. [ 688.750056][ T669] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 688.794654][ T65] usb 2-1: Using ep0 maxpacket: 16 [ 688.805166][ T65] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 688.815635][ T65] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 688.824899][ T65] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 688.832895][ T65] usb 2-1: Product: syz [ 688.837040][ T65] usb 2-1: Manufacturer: syz [ 688.844150][ T65] usb 2-1: SerialNumber: syz [ 688.849286][ T287] EXT4-fs (loop3): unmounting filesystem. [ 688.852981][ T65] usb 2-1: config 0 descriptor?? [ 688.926373][ T7765] loop0: detected capacity change from 0 to 512 [ 689.012156][ T7765] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 689.050419][ T65] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 689.069361][ T7765] EXT4-fs (loop0): orphan cleanup on readonly fs [ 689.077330][ T7765] Quota error (device loop0): do_check_range: Getting block 196613 out of range 1-5 [ 689.086879][ T7765] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 689.096277][ T7765] EXT4-fs error (device loop0): ext4_acquire_dquot:6801: comm syz.0.1731: Failed to acquire dquot type 1 [ 689.110033][ T7765] EXT4-fs (loop0): 1 truncate cleaned up [ 689.166966][ T65] usb 2-1: Detected FT232R [ 689.174164][ T7765] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 689.228769][ T65] ftdi_sio ttyUSB1: Unable to read latency timer: -32 [ 689.450217][ T6] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 689.472347][ T65] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 690.011836][ T39] usb 3-1: USB disconnect, device number 66 [ 690.038142][ T39] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 690.047547][ T669] usb 6-1: Using ep0 maxpacket: 16 [ 690.053326][ T284] EXT4-fs (loop0): unmounting filesystem. [ 690.060509][ T6] usb 4-1: Using ep0 maxpacket: 16 [ 690.060711][ T669] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 690.068141][ T6] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 690.085626][ T7771] loop2: detected capacity change from 0 to 512 [ 690.093077][ T6] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 690.102784][ T7772] netlink: 'syz.1.1727': attribute type 3 has an invalid length. [ 690.109804][ T39] ftdi_sio 3-1:0.0: device disconnected [ 690.110536][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 690.110570][ T6] usb 4-1: Product: syz [ 690.119135][ T669] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 690.132822][ T6] usb 4-1: Manufacturer: syz [ 690.142698][ T6] usb 4-1: SerialNumber: syz [ 690.143135][ T669] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 690.155658][ T669] usb 6-1: Product: syz [ 690.159824][ T669] usb 6-1: Manufacturer: syz [ 690.160628][ T6] usb 4-1: config 0 descriptor?? [ 690.165021][ T669] usb 6-1: SerialNumber: syz [ 690.170994][ T6] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 690.174684][ T669] usb 6-1: config 0 descriptor?? [ 690.186425][ T7771] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.1733: casefold flag without casefold feature [ 690.202496][ T6] usb 4-1: Detected FT232R [ 690.207923][ T7771] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.1733: couldn't read orphan inode 15 (err -117) [ 690.221804][ T19] usb 2-1: USB disconnect, device number 66 [ 690.270802][ T7778] loop0: detected capacity change from 0 to 512 [ 690.280596][ T7778] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 690.341771][ T7771] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 690.365224][ T19] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 690.377211][ T6] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 690.407043][ T7778] EXT4-fs (loop0): orphan cleanup on readonly fs [ 690.414961][ T7778] Quota error (device loop0): do_check_range: Getting block 196613 out of range 1-5 [ 690.424511][ T7778] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 690.433935][ T7778] EXT4-fs error (device loop0): ext4_acquire_dquot:6801: comm syz.0.1734: Failed to acquire dquot type 1 [ 690.447898][ T7778] EXT4-fs (loop0): 1 truncate cleaned up [ 690.488286][ T19] ftdi_sio 2-1:0.0: device disconnected [ 690.584952][ T7778] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 690.666447][ T6] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 691.053262][ T669] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 691.060358][ T284] EXT4-fs (loop0): unmounting filesystem. [ 691.061136][ T669] usb 6-1: Detected FT232R [ 691.071867][ T669] ftdi_sio ttyUSB1: Unable to read latency timer: -32 [ 691.165278][ T669] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 691.225260][ T7786] netlink: 'syz.0.1735': attribute type 4 has an invalid length. [ 691.233012][ T7786] netlink: 'syz.0.1735': attribute type 5 has an invalid length. [ 691.240744][ T7786] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.1735'. [ 691.253241][ T7786] loop0: detected capacity change from 0 to 512 [ 691.259833][ T7786] FAT-fs (loop0): Unrecognized mount option "ngnumta" or missing value [ 691.518841][ T7790] netlink: 'syz.3.1732': attribute type 3 has an invalid length. [ 691.571327][ T39] usb 3-1: new full-speed USB device number 67 using dummy_hcd [ 691.799813][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 691.810911][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 691.820698][ T39] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 691.829769][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 691.838300][ T39] usb 3-1: config 0 descriptor?? [ 691.844046][ T39] hub 3-1:0.0: USB hub found [ 691.892306][ T7780] netlink: 'syz.5.1730': attribute type 3 has an invalid length. [ 692.044522][ T39] hub 3-1:0.0: 1 port detected [ 692.245619][ T7771] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7771 comm=syz.2.1733 [ 692.416216][ T39] hub 3-1:0.0: hub_hub_status failed (err = -71) [ 692.422627][ T39] hub 3-1:0.0: config failed, can't get hub status (err -71) [ 692.431234][ T39] usbhid 3-1:0.0: can't add hid device: -71 [ 692.437391][ T39] usbhid: probe of 3-1:0.0 failed with error -71 [ 692.493538][ T7803] loop1: detected capacity change from 0 to 512 [ 692.501043][ T7803] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 692.555836][ T7803] EXT4-fs (loop1): orphan cleanup on readonly fs [ 692.563984][ T7803] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5 [ 692.573571][ T7803] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 692.582994][ T7803] EXT4-fs error (device loop1): ext4_acquire_dquot:6801: comm syz.1.1739: Failed to acquire dquot type 1 [ 692.596924][ T7803] EXT4-fs (loop1): 1 truncate cleaned up [ 692.603004][ T7803] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 692.672264][ T387] usb 4-1: USB disconnect, device number 51 [ 692.772123][ T387] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 692.930282][ T285] EXT4-fs (loop2): unmounting filesystem. [ 693.045569][ T387] ftdi_sio 4-1:0.0: device disconnected [ 693.181576][ T7809] loop3: detected capacity change from 0 to 512 [ 693.190941][ T7809] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 693.410906][ T39] usb 3-1: USB disconnect, device number 67 [ 693.455718][ T19] usb 6-1: USB disconnect, device number 7 [ 693.473558][ T7815] loop2: detected capacity change from 0 to 512 [ 693.508346][ T19] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 693.525507][ T286] EXT4-fs (loop1): unmounting filesystem. [ 693.525706][ T7809] EXT4-fs (loop3): orphan cleanup on readonly fs [ 693.540613][ T19] ftdi_sio 6-1:0.0: device disconnected [ 693.546473][ T7809] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5 [ 693.555988][ T7809] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 693.556752][ T7815] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 693.565394][ T7809] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1742: Failed to acquire dquot type 1 [ 693.567724][ T7809] EXT4-fs (loop3): 1 truncate cleaned up [ 693.579342][ T7818] loop5: detected capacity change from 0 to 512 [ 693.587438][ T7809] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 693.598468][ T7818] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 693.618705][ T7818] EXT4-fs (loop5): orphan cleanup on readonly fs [ 693.646918][ T7815] EXT4-fs (loop2): 1 orphan inode deleted [ 693.652788][ T7818] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5 [ 693.662237][ T7818] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 693.671631][ T7818] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1744: Failed to acquire dquot type 1 [ 693.683357][ T7818] EXT4-fs (loop5): 1 truncate cleaned up [ 693.694307][ T7815] EXT4-fs (loop2): 1 truncate cleaned up [ 693.700261][ T7815] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 693.714611][ T7818] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 693.724346][ T28] audit: type=1400 audit(1756279745.324:270): avc: denied { ioctl } for pid=7810 comm="syz.2.1741" path="/341/file0/bus" dev="loop2" ino=17 ioctlcmd=0x5201 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 693.825436][ T7824] loop1: detected capacity change from 0 to 128 [ 693.976096][ T287] EXT4-fs (loop3): unmounting filesystem. [ 694.034883][ T285] EXT4-fs (loop2): unmounting filesystem. [ 694.392800][ T6960] EXT4-fs (loop5): unmounting filesystem. [ 694.690091][ T65] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 694.749736][ T7835] loop3: detected capacity change from 0 to 512 [ 694.828668][ T7835] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 694.880324][ T65] usb 1-1: Using ep0 maxpacket: 32 [ 694.887446][ T65] usb 1-1: unable to get BOS descriptor or descriptor too short [ 694.914504][ T7835] EXT4-fs (loop3): orphan cleanup on readonly fs [ 694.922404][ T7835] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5 [ 694.931946][ T7835] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 694.941346][ T7835] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1746: Failed to acquire dquot type 1 [ 694.955140][ T7835] EXT4-fs (loop3): 1 truncate cleaned up [ 695.042700][ T7837] loop1: detected capacity change from 0 to 512 [ 695.059229][ T7835] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 695.092669][ T65] usb 1-1: config 7 has an invalid interface number: 128 but max is 0 [ 695.159624][ T65] usb 1-1: config 7 contains an unexpected descriptor of type 0x1, skipping [ 695.169853][ T65] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 695.245527][ T7837] EXT4-fs error (device loop1): __ext4_iget:5079: inode #3: block 258826: comm syz.1.1750: invalid block [ 695.305022][ T65] usb 1-1: config 7 has no interface number 0 [ 695.347227][ T7837] EXT4-fs error (device loop1): ext4_quota_enable:7012: comm syz.1.1750: Bad quota inode: 3, type: 0 [ 695.373807][ T65] usb 1-1: config 7 interface 128 altsetting 2 has an invalid endpoint with address 0x17, skipping [ 697.351728][ T7852] loop5: detected capacity change from 0 to 512 [ 697.363731][ T7852] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 697.372495][ T7837] EXT4-fs warning (device loop1): ext4_enable_quotas:7053: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 697.387502][ T65] usb 1-1: config 7 interface 128 altsetting 2 endpoint 0x87 has an invalid bInterval 209, changing to 11 [ 697.389183][ T287] EXT4-fs (loop3): unmounting filesystem. [ 697.406244][ T65] usb 1-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 697.414359][ T7837] EXT4-fs (loop1): mount failed [ 697.419800][ T7852] EXT4-fs (loop5): orphan cleanup on readonly fs [ 697.431941][ T65] usb 1-1: config 7 interface 128 has no altsetting 0 [ 697.438890][ T7852] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5 [ 697.448363][ T7852] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 697.457754][ T7852] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1751: Failed to acquire dquot type 1 [ 697.469605][ T7852] EXT4-fs (loop5): 1 truncate cleaned up [ 697.476943][ T7852] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 697.491917][ T65] usb 1-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13 [ 697.501050][ T65] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 697.509036][ T65] usb 1-1: Product: syz [ 697.520062][ T65] usb 1-1: Manufacturer: syz [ 697.537240][ T65] usb 1-1: SerialNumber: syz [ 697.543117][ T7817] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 697.566218][ T7864] loop1: detected capacity change from 0 to 512 [ 697.589545][ T7864] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.1756: casefold flag without casefold feature [ 697.631925][ T6960] EXT4-fs (loop5): unmounting filesystem. [ 697.638095][ T7864] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1756: couldn't read orphan inode 15 (err -117) [ 697.657970][ T7864] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 697.680064][ T669] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 697.761283][ T65] usb 1-1: MIDIStreaming interface descriptor not found [ 697.804195][ T7871] loop5: detected capacity change from 0 to 512 [ 697.817728][ T7871] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 697.843629][ T7871] EXT4-fs (loop5): orphan cleanup on readonly fs [ 697.851515][ T7871] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5 [ 697.861089][ T7871] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1757: Failed to acquire dquot type 1 [ 697.885742][ T65] usb 1-1: USB disconnect, device number 60 [ 697.912375][ T7874] loop3: detected capacity change from 0 to 512 [ 697.921830][ T7874] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 697.934308][ T7871] EXT4-fs (loop5): 1 truncate cleaned up [ 698.044570][ T7871] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 698.102521][ T7874] EXT4-fs (loop3): orphan cleanup on readonly fs [ 698.110796][ T7874] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1758: Failed to acquire dquot type 1 [ 698.124070][ T7874] EXT4-fs (loop3): 1 truncate cleaned up [ 698.139759][ T7874] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 698.393607][ T335] udevd[335]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:7.128/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 698.573413][ T287] EXT4-fs (loop3): unmounting filesystem. [ 698.637863][ T6960] EXT4-fs (loop5): unmounting filesystem. [ 698.661691][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 698.661694][ T7883] netlink: 404 bytes leftover after parsing attributes in process `syz.5.1762'. [ 698.661706][ T28] audit: type=1400 audit(1756279750.274:271): avc: denied { nlmsg_read } for pid=7882 comm="syz.5.1762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 698.697184][ T669] usb 3-1: Using ep0 maxpacket: 16 [ 698.704938][ T669] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 699.192400][ T39] usb 2-1: new full-speed USB device number 67 using dummy_hcd [ 699.310565][ T669] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 699.320197][ T669] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 699.407838][ T669] usb 3-1: Product: syz [ 699.416269][ T669] usb 3-1: Manufacturer: syz [ 699.463345][ T669] usb 3-1: SerialNumber: syz [ 699.470766][ T7898] loop5: detected capacity change from 0 to 512 [ 699.478239][ T7898] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 699.495978][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 699.512634][ T7898] EXT4-fs (loop5): orphan cleanup on readonly fs [ 699.521075][ T7898] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5 [ 699.530769][ T7898] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 699.540820][ T7898] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1765: Failed to acquire dquot type 1 [ 699.555112][ T7898] EXT4-fs (loop5): 1 truncate cleaned up [ 699.561168][ T7898] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 699.719462][ T669] usb 3-1: config 0 descriptor?? [ 699.725477][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 700.497262][ T7905] loop0: detected capacity change from 0 to 512 [ 700.505943][ T7905] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 700.535707][ T6960] EXT4-fs (loop5): unmounting filesystem. [ 700.676212][ T7905] EXT4-fs (loop0): orphan cleanup on readonly fs [ 700.684072][ T7905] Quota error (device loop0): do_check_range: Getting block 196613 out of range 1-5 [ 700.693590][ T7905] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 700.703111][ T7905] EXT4-fs error (device loop0): ext4_acquire_dquot:6801: comm syz.0.1767: Failed to acquire dquot type 1 [ 700.717144][ T7905] EXT4-fs (loop0): 1 truncate cleaned up [ 700.723105][ T7905] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 700.792046][ T286] EXT4-fs (loop1): unmounting filesystem. [ 700.925060][ T7910] loop2: detected capacity change from 0 to 256 [ 701.032025][ T7912] loop3: detected capacity change from 0 to 512 [ 704.530277][ T7912] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 704.542056][ T669] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 704.550963][ T39] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 704.560544][ T669] usb 3-1: Detected FT232R [ 704.565073][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 704.573176][ T669] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 704.581648][ T669] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 704.588795][ T669] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 704.600951][ T7912] EXT4-fs: failed to create workqueue [ 704.606326][ T7912] EXT4-fs (loop3): mount failed [ 704.625220][ T7910] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 704.647404][ T39] usb 2-1: config 0 descriptor?? [ 704.654724][ T39] usb 2-1: can't set config #0, error -71 [ 704.661575][ T669] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 704.662422][ T284] EXT4-fs (loop0): unmounting filesystem. [ 704.670745][ T39] usb 2-1: USB disconnect, device number 67 [ 704.681666][ T669] usb 3-1: USB disconnect, device number 68 [ 704.688082][ T669] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 704.698318][ T669] ftdi_sio 3-1:0.0: device disconnected [ 704.789970][ T7917] loop5: detected capacity change from 0 to 512 [ 704.798999][ T7917] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 704.954548][ T7917] EXT4-fs (loop5): orphan cleanup on readonly fs [ 704.962722][ T7917] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5 [ 704.972304][ T7917] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 704.981733][ T7917] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1768: Failed to acquire dquot type 1 [ 704.995605][ T7917] EXT4-fs (loop5): 1 truncate cleaned up [ 705.001638][ T7917] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 705.131652][ T7927] loop3: detected capacity change from 0 to 512 [ 705.171787][ T7926] loop0: detected capacity change from 0 to 512 [ 705.319095][ T7926] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 705.376072][ T7927] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.1774: casefold flag without casefold feature [ 705.835534][ T7927] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.1774: couldn't read orphan inode 15 (err -117) [ 705.848595][ T7926] EXT4-fs (loop0): orphan cleanup on readonly fs [ 705.856660][ T6960] EXT4-fs (loop5): unmounting filesystem. [ 705.862963][ T7927] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 705.873364][ T7926] Quota error (device loop0): do_check_range: Getting block 196613 out of range 1-5 [ 705.893980][ T7926] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 705.903515][ T7926] EXT4-fs error (device loop0): ext4_acquire_dquot:6801: comm syz.0.1772: Failed to acquire dquot type 1 [ 705.915977][ T7926] EXT4-fs (loop0): 1 truncate cleaned up [ 705.921866][ T7926] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 706.038528][ T284] EXT4-fs (loop0): unmounting filesystem. [ 706.180040][ T291] usb 4-1: new full-speed USB device number 52 using dummy_hcd [ 706.309616][ T7943] loop5: detected capacity change from 0 to 512 [ 706.331950][ T7943] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 706.375943][ T39] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 706.376067][ T669] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 706.475814][ T7943] EXT4-fs (loop5): orphan cleanup on readonly fs [ 706.503058][ T7943] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5 [ 706.512932][ T7943] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 706.522764][ T7943] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1778: Failed to acquire dquot type 1 [ 706.557546][ T7943] EXT4-fs (loop5): 1 truncate cleaned up [ 706.564229][ T7943] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 706.802135][ T669] usb 3-1: Using ep0 maxpacket: 16 [ 706.835075][ T669] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 706.860385][ T291] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 706.879562][ T291] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 707.012949][ T39] usb 2-1: Using ep0 maxpacket: 32 [ 707.018159][ T291] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 707.027267][ T291] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 707.035960][ T291] usb 4-1: config 0 descriptor?? [ 707.107105][ T39] usb 2-1: unable to get BOS descriptor or descriptor too short [ 707.114866][ T669] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 707.124168][ T291] hub 4-1:0.0: USB hub found [ 707.128945][ T669] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 707.137199][ T669] usb 3-1: Product: syz [ 707.141767][ T39] usb 2-1: config 7 has an invalid interface number: 128 but max is 0 [ 707.150949][ T669] usb 3-1: Manufacturer: syz [ 707.288769][ T39] usb 2-1: config 7 contains an unexpected descriptor of type 0x1, skipping [ 707.297584][ T669] usb 3-1: SerialNumber: syz [ 707.298084][ T6960] EXT4-fs (loop5): unmounting filesystem. [ 707.307244][ T291] hub 4-1:0.0: 1 port detected [ 707.312855][ T669] usb 3-1: config 0 descriptor?? [ 707.317866][ T39] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 707.328064][ T39] usb 2-1: config 7 has no interface number 0 [ 707.334211][ T39] usb 2-1: config 7 interface 128 altsetting 2 has an invalid endpoint with address 0x17, skipping [ 707.345542][ T669] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 707.353072][ T39] usb 2-1: config 7 interface 128 altsetting 2 endpoint 0x87 has an invalid bInterval 209, changing to 11 [ 707.364744][ T669] usb 3-1: Detected FT232R [ 707.369213][ T39] usb 2-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 707.382268][ T39] usb 2-1: config 7 interface 128 has no altsetting 0 [ 707.397199][ T39] usb 2-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13 [ 707.398215][ T7950] loop5: detected capacity change from 0 to 512 [ 707.406333][ T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 707.420676][ T39] usb 2-1: Product: syz [ 707.424898][ T39] usb 2-1: Manufacturer: syz [ 707.429323][ T7950] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.1780: casefold flag without casefold feature [ 707.429526][ T39] usb 2-1: SerialNumber: syz [ 707.442284][ T7950] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.1780: couldn't read orphan inode 15 (err -117) [ 707.451506][ T7923] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 707.459823][ T7950] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 707.508354][ T7927] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7927 comm=syz.3.1774 [ 707.546111][ T669] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 707.671671][ T39] usb 2-1: MIDIStreaming interface descriptor not found [ 707.681372][ T291] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 707.687735][ T291] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 707.698953][ T39] usb 2-1: USB disconnect, device number 68 [ 707.706716][ T291] usbhid 4-1:0.0: can't add hid device: -71 [ 707.712703][ T291] usbhid: probe of 4-1:0.0 failed with error -71 [ 707.750118][ T387] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 707.750474][ T291] usb 4-1: USB disconnect, device number 52 [ 707.764688][ T669] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 707.951208][ T387] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 707.962196][ T387] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 707.972376][ T387] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 708.027451][ T7957] netlink: 'syz.0.1781': attribute type 4 has an invalid length. [ 708.035278][ T7957] netlink: 'syz.0.1781': attribute type 5 has an invalid length. [ 708.043059][ T7957] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.1781'. [ 708.109188][ T7957] loop0: detected capacity change from 0 to 512 [ 708.117526][ T7957] FAT-fs (loop0): Unrecognized mount option "ngnumta" or missing value [ 708.171545][ T387] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 708.180128][ T387] usb 6-1: config 0 descriptor?? [ 708.185986][ T4670] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 708.210320][ T7931] netlink: 'syz.2.1775': attribute type 3 has an invalid length. [ 708.227001][ T387] hub 6-1:0.0: USB hub found [ 708.227156][ T287] EXT4-fs (loop3): unmounting filesystem. [ 708.272000][ T857] usb 3-1: USB disconnect, device number 69 [ 708.284966][ T857] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 708.519178][ T7969] netlink: 'syz.2.1784': attribute type 4 has an invalid length. [ 708.527070][ T7969] netlink: 'syz.2.1784': attribute type 5 has an invalid length. [ 708.534867][ T7969] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.1784'. [ 708.603206][ T7969] loop2: detected capacity change from 0 to 512 [ 708.614096][ T7969] FAT-fs (loop2): Unrecognized mount option "ngnumta" or missing value [ 710.418299][ T7966] loop1: detected capacity change from 0 to 512 [ 710.475395][ T7968] loop3: detected capacity change from 0 to 512 [ 710.492524][ T7968] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 710.573034][ T7966] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 710.619538][ T857] ftdi_sio 3-1:0.0: device disconnected [ 710.625585][ T7968] EXT4-fs (loop3): orphan cleanup on readonly fs [ 710.635618][ T7966] EXT4-fs (loop1): orphan cleanup on readonly fs [ 710.643909][ T387] hub 6-1:0.0: config failed, can't read hub descriptor (err -22) [ 710.656019][ T387] usbhid 6-1:0.0: can't add hid device: -71 [ 710.663905][ T387] usbhid: probe of 6-1:0.0 failed with error -71 [ 710.724229][ T387] usb 6-1: USB disconnect, device number 8 [ 710.751632][ T7968] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5 [ 710.761207][ T7968] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 710.770637][ T7968] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1782: Failed to acquire dquot type 1 [ 710.784954][ T7966] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5 [ 710.794559][ T7966] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 710.804001][ T7966] EXT4-fs error (device loop1): ext4_acquire_dquot:6801: comm syz.1.1783: Failed to acquire dquot type 1 [ 710.817756][ T7968] EXT4-fs (loop3): 1 truncate cleaned up [ 710.825696][ T7966] EXT4-fs (loop1): 1 truncate cleaned up [ 710.842044][ T6960] EXT4-fs (loop5): unmounting filesystem. [ 710.968888][ T7968] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 711.032866][ T7966] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 711.510865][ T286] EXT4-fs (loop1): unmounting filesystem. [ 711.517034][ T287] EXT4-fs (loop3): unmounting filesystem. [ 711.640398][ T7984] loop3: detected capacity change from 0 to 512 [ 711.664010][ T7984] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 712.314302][ T7990] netlink: 'syz.1.1786': attribute type 4 has an invalid length. [ 712.322128][ T7990] netlink: 'syz.1.1786': attribute type 5 has an invalid length. [ 712.329875][ T7990] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.1786'. [ 712.347854][ T7990] loop1: detected capacity change from 0 to 512 [ 712.354966][ T7990] FAT-fs (loop1): Unrecognized mount option "ngnumta" or missing value [ 713.150350][ T7991] loop5: detected capacity change from 0 to 512 [ 713.188349][ T7991] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 713.228755][ T7984] EXT4-fs (loop3): orphan cleanup on readonly fs [ 713.237689][ T7984] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5 [ 713.247290][ T7984] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 713.256729][ T7984] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1787: Failed to acquire dquot type 1 [ 713.269948][ T7984] EXT4-fs (loop3): 1 truncate cleaned up [ 713.276103][ T7984] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 713.312715][ T7991] EXT4-fs (loop5): orphan cleanup on readonly fs [ 713.321802][ T7991] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5 [ 713.331575][ T7991] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 713.341008][ T7991] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1785: Failed to acquire dquot type 1 [ 713.381688][ T7991] EXT4-fs (loop5): 1 truncate cleaned up [ 713.428354][ T7991] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 713.505515][ T287] EXT4-fs (loop3): unmounting filesystem. [ 715.894557][ T8003] loop1: detected capacity change from 0 to 512 [ 715.990530][ T8003] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 716.020719][ T6960] EXT4-fs (loop5): unmounting filesystem. [ 716.031449][ T8003] EXT4-fs (loop1): orphan cleanup on readonly fs [ 716.038295][ T8003] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5 [ 716.047747][ T8003] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 716.057152][ T8003] EXT4-fs error (device loop1): ext4_acquire_dquot:6801: comm syz.1.1791: Failed to acquire dquot type 1 [ 716.075044][ T8003] EXT4-fs (loop1): 1 truncate cleaned up [ 716.080906][ T8003] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 718.264674][ T286] EXT4-fs (loop1): unmounting filesystem. [ 718.639926][ T8032] loop2: detected capacity change from 0 to 512 [ 718.683346][ T535] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 718.698941][ T8032] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 719.188140][ T8032] EXT4-fs (loop2): orphan cleanup on readonly fs [ 719.195922][ T8032] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5 [ 719.205467][ T8032] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 719.214941][ T8032] EXT4-fs error (device loop2): ext4_acquire_dquot:6801: comm syz.2.1797: Failed to acquire dquot type 1 [ 719.229043][ T8032] EXT4-fs (loop2): 1 truncate cleaned up [ 719.254903][ T8032] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 719.583632][ T8044] loop5: detected capacity change from 0 to 512 [ 719.590973][ T8044] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 719.686027][ T8047] netlink: 'syz.0.1803': attribute type 4 has an invalid length. [ 719.693912][ T8047] netlink: 'syz.0.1803': attribute type 5 has an invalid length. [ 719.701747][ T8047] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.1803'. [ 719.919625][ T8047] loop0: detected capacity change from 0 to 512 [ 719.932240][ T8047] FAT-fs (loop0): Unrecognized mount option "ngnumta" or missing value [ 720.209471][ T8044] EXT4-fs (loop5): orphan cleanup on readonly fs [ 720.216683][ T8044] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5 [ 720.226169][ T8044] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 720.235566][ T8044] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1802: Failed to acquire dquot type 1 [ 720.247743][ T8044] EXT4-fs (loop5): 1 truncate cleaned up [ 720.284834][ T8044] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 720.364014][ T285] EXT4-fs (loop2): unmounting filesystem. [ 720.939535][ T8059] netlink: 'syz.2.1805': attribute type 4 has an invalid length. [ 720.947298][ T8059] netlink: 'syz.2.1805': attribute type 5 has an invalid length. [ 720.955043][ T8059] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.1805'. [ 720.968783][ T8059] loop2: detected capacity change from 0 to 512 [ 720.975426][ T8059] FAT-fs (loop2): Unrecognized mount option "ngnumta" or missing value [ 722.267593][ T8069] netlink: 'syz.2.1809': attribute type 4 has an invalid length. [ 722.275434][ T8069] netlink: 'syz.2.1809': attribute type 5 has an invalid length. [ 722.283237][ T8069] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.1809'. [ 722.297683][ T8069] loop2: detected capacity change from 0 to 512 [ 722.304293][ T8069] FAT-fs (loop2): Unrecognized mount option "ngnumta" or missing value [ 722.651400][ T8064] usb usb8: usbfs: process 8064 (syz.0.1808) did not claim interface 0 before use [ 722.833766][ T8077] loop1: detected capacity change from 0 to 512 [ 723.169000][ T8077] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 723.692820][ T8077] EXT4-fs (loop1): orphan cleanup on readonly fs [ 723.701175][ T8077] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5 [ 723.710731][ T8077] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 723.720235][ T8077] EXT4-fs error (device loop1): ext4_acquire_dquot:6801: comm syz.1.1811: Failed to acquire dquot type 1 [ 723.733446][ T8077] EXT4-fs (loop1): 1 truncate cleaned up [ 723.742394][ T8077] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 724.441602][ T286] EXT4-fs (loop1): unmounting filesystem. [ 724.900647][ T8088] usb usb8: usbfs: process 8088 (syz.0.1815) did not claim interface 0 before use [ 725.691700][ T8101] loop1: detected capacity change from 0 to 512 [ 725.762219][ T8101] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 725.955941][ T8101] EXT4-fs (loop1): 1 truncate cleaned up [ 725.961727][ T8101] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 726.080160][ T28] audit: type=1400 audit(1756279777.624:272): avc: denied { mounton } for pid=8094 comm="syz.1.1817" path="/343/bus/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 726.138409][ T8107] loop2: detected capacity change from 0 to 256 [ 726.576814][ T8107] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 726.607649][ T286] EXT4-fs (loop1): unmounting filesystem. [ 726.692667][ T6960] EXT4-fs (loop5): unmounting filesystem. [ 727.537812][ T8117] netlink: 'syz.1.1829': attribute type 4 has an invalid length. [ 727.545658][ T8117] netlink: 'syz.1.1829': attribute type 5 has an invalid length. [ 727.553472][ T8117] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.1829'. [ 727.570365][ T8117] loop1: detected capacity change from 0 to 512 [ 727.577666][ T8117] FAT-fs (loop1): Unrecognized mount option "ngnumta" or missing value [ 727.588092][ T8119] netlink: 'syz.0.1822': attribute type 4 has an invalid length. [ 727.595911][ T8119] netlink: 'syz.0.1822': attribute type 5 has an invalid length. [ 727.603683][ T8119] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.1822'. [ 727.623227][ T8119] loop0: detected capacity change from 0 to 512 [ 727.630508][ T8119] FAT-fs (loop0): Unrecognized mount option "ngnumta" or missing value [ 728.378198][ T8120] loop2: detected capacity change from 0 to 512 [ 728.402041][ T8120] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 728.467774][ T4670] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 728.493439][ T8120] EXT4-fs (loop2): orphan cleanup on readonly fs [ 728.501816][ T8120] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5 [ 728.511347][ T8120] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 728.520794][ T8120] EXT4-fs error (device loop2): ext4_acquire_dquot:6801: comm syz.2.1823: Failed to acquire dquot type 1 [ 728.534449][ T8120] EXT4-fs (loop2): 1 truncate cleaned up [ 728.540512][ T8120] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 729.157726][ T8129] netlink: 'syz.5.1824': attribute type 4 has an invalid length. [ 729.165573][ T8129] netlink: 'syz.5.1824': attribute type 5 has an invalid length. [ 729.173380][ T8129] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.1824'. [ 729.325700][ T8129] loop5: detected capacity change from 0 to 512 [ 729.339134][ T8129] FAT-fs (loop5): Unrecognized mount option "ngnumta" or missing value [ 729.523237][ T8133] loop0: detected capacity change from 0 to 512 [ 733.385781][ T8133] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 733.405174][ T2442] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 733.432657][ T285] EXT4-fs (loop2): unmounting filesystem. [ 733.440363][ T8133] EXT4-fs: failed to create workqueue [ 733.445799][ T8133] EXT4-fs (loop0): mount failed [ 733.469526][ T8135] loop1: detected capacity change from 0 to 512 [ 733.594737][ T8135] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 733.638453][ T8135] EXT4-fs (loop1): orphan cleanup on readonly fs [ 733.646398][ T8135] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5 [ 733.655930][ T8135] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 733.665342][ T8135] EXT4-fs error (device loop1): ext4_acquire_dquot:6801: comm syz.1.1826: Failed to acquire dquot type 1 [ 733.679385][ T8135] EXT4-fs (loop1): 1 truncate cleaned up [ 733.685439][ T8135] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 734.390707][ T286] EXT4-fs (loop1): unmounting filesystem. [ 736.429671][ T8148] loop3: detected capacity change from 0 to 512 [ 736.441045][ T8154] loop2: detected capacity change from 0 to 512 [ 736.452574][ T8154] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 736.462357][ T8148] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 736.599134][ T8154] EXT4-fs (loop2): orphan cleanup on readonly fs [ 736.606992][ T8154] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5 [ 736.616511][ T8154] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 736.625960][ T8154] EXT4-fs error (device loop2): ext4_acquire_dquot:6801: comm syz.2.1827: Failed to acquire dquot type 1 [ 736.803484][ T8154] EXT4-fs (loop2): 1 truncate cleaned up [ 736.810230][ T8154] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 737.628870][ T8148] EXT4-fs: failed to create workqueue [ 737.635265][ T8148] EXT4-fs (loop3): mount failed [ 738.220776][ T285] EXT4-fs (loop2): unmounting filesystem. [ 738.234573][ T8182] device syzkaller0 entered promiscuous mode [ 738.325208][ T28] audit: type=1400 audit(1756279789.934:273): avc: denied { ioctl } for pid=8193 comm="syz.5.1845" path="socket:[47410]" dev="sockfs" ino=47410 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 738.420040][ T411] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 738.600043][ T411] usb 2-1: Using ep0 maxpacket: 32 [ 738.606205][ T411] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 738.617111][ T411] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 738.626863][ T8036] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 738.634346][ T411] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 738.643412][ T411] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 738.650044][ T1625] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 738.652215][ T411] usb 2-1: config 0 descriptor?? [ 738.664633][ T411] hub 2-1:0.0: USB hub found [ 738.831146][ T8036] usb 6-1: config 9 has an invalid interface number: 81 but max is 0 [ 738.831151][ T1625] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 738.831179][ T1625] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 738.839300][ T8036] usb 6-1: config 9 has no interface number 0 [ 738.850647][ T1625] usb 3-1: config 0 interface 0 has no altsetting 0 [ 738.860355][ T8036] usb 6-1: config 9 interface 81 altsetting 7 endpoint 0x4 has invalid maxpacket 1024, setting to 64 [ 738.866419][ T1625] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 738.873450][ T411] hub 2-1:0.0: 1 port detected [ 738.883864][ T1625] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 738.892852][ T8036] usb 6-1: config 9 interface 81 has no altsetting 0 [ 738.901190][ T1625] usb 3-1: config 0 descriptor?? [ 738.906971][ T8036] usb 6-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=f0.f4 [ 738.926187][ T8036] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 738.934194][ T8036] usb 6-1: Product: syz [ 738.938354][ T8036] usb 6-1: Manufacturer: syz [ 738.942968][ T8036] usb 6-1: SerialNumber: syz [ 738.948477][ T8197] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 739.023840][ T28] audit: type=1400 audit(1756279790.634:274): avc: denied { write } for pid=8201 comm="syz.0.1848" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 739.023934][ T8202] random: crng reseeded on system resumption [ 739.046880][ T28] audit: type=1400 audit(1756279790.634:275): avc: denied { open } for pid=8201 comm="syz.0.1848" path="/dev/snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 739.076228][ T28] audit: type=1400 audit(1756279790.674:276): avc: denied { ioctl } for pid=8201 comm="syz.0.1848" path="/dev/snapshot" dev="devtmpfs" ino=91 ioctlcmd=0x3305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 739.159284][ T8036] usbserial_generic 6-1:9.81: The "generic" usb-serial driver is only for testing and one-off prototypes. [ 739.170611][ T8036] usbserial_generic 6-1:9.81: Tell linux-usb@vger.kernel.org to add your device to a proper driver. [ 739.182688][ T8036] usbserial_generic 6-1:9.81: generic converter detected [ 739.194050][ T8036] usb 6-1: generic converter now attached to ttyUSB0 [ 739.202846][ T8036] usb 6-1: generic converter now attached to ttyUSB1 [ 739.230899][ T8036] usb 6-1: USB disconnect, device number 9 [ 739.237745][ T8036] generic ttyUSB0: generic converter now disconnected from ttyUSB0 [ 739.248037][ T8036] generic ttyUSB1: generic converter now disconnected from ttyUSB1 [ 739.256586][ T8036] usbserial_generic 6-1:9.81: device disconnected [ 739.315377][ T1625] usbhid 3-1:0.0: can't add hid device: -71 [ 739.321718][ T1625] usbhid: probe of 3-1:0.0 failed with error -71 [ 739.329776][ T8202] Restarting kernel threads ... done. [ 739.330591][ T1625] usb 3-1: USB disconnect, device number 70 [ 739.366993][ T28] audit: type=1400 audit(1756279790.974:277): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 739.513650][ T8036] hub 2-1:0.0: activate --> -90 [ 739.533420][ T8223] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2819718256 (180461968384 ns) > initial count (8435122816 ns). Using initial count to start timer. [ 739.552824][ T8223] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 739.751563][ T8242] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 739.761443][ T8242] kvm: pic: non byte read [ 739.765991][ T8242] kvm: pic: level sensitive irq not supported [ 739.766031][ T8242] kvm: pic: non byte read [ 739.776704][ T8242] kvm: pic: level sensitive irq not supported [ 739.776740][ T8242] kvm: pic: non byte read [ 739.787666][ T8242] kvm: pic: level sensitive irq not supported [ 739.787714][ T8242] kvm: pic: non byte read [ 739.798896][ T8242] kvm: pic: level sensitive irq not supported [ 739.798946][ T8242] kvm: pic: non byte read [ 739.801727][ T28] audit: type=1400 audit(1756279791.414:278): avc: denied { remove_name } for pid=8245 comm="syz.0.1864" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 739.832124][ T28] audit: type=1400 audit(1756279791.414:279): avc: denied { unlink } for pid=8245 comm="syz.0.1864" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 739.871787][ T8249] device syzkaller0 left promiscuous mode [ 739.912022][ T39] usb 2-1: USB disconnect, device number 69 [ 739.923894][ T8251] kvm: pic: non byte read [ 739.928873][ T8251] kvm: pic: single mode not supported [ 739.929244][ T8251] kvm: pic: level sensitive irq not supported [ 739.935088][ T8251] kvm: pic: level sensitive irq not supported [ 739.941616][ T8251] kvm: pic: single mode not supported [ 739.947676][ T8251] kvm: pic: level sensitive irq not supported [ 739.953614][ T8251] kvm: pic: single mode not supported [ 739.959929][ T8251] kvm: pic: level sensitive irq not supported [ 739.965745][ T8251] kvm: pic: level sensitive irq not supported [ 739.972306][ T8251] kvm: pic: single mode not supported [ 739.978369][ T8251] kvm: pic: level sensitive irq not supported [ 739.984789][ T8251] kvm: pic: single mode not supported [ 739.991045][ T8251] kvm: pic: single mode not supported [ 739.996484][ T8251] kvm: pic: single mode not supported [ 740.002218][ T8251] kvm: pic: single mode not supported [ 740.007700][ T8251] kvm: pic: single mode not supported [ 740.013431][ T8251] kvm: pic: single mode not supported [ 740.108905][ T8264] 9pnet_fd: p9_fd_create_tcp (8264): problem connecting socket to 127.0.0.1 [ 740.170060][ T1625] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 740.186733][ T439] Bluetooth: hci0: Frame reassembly failed (-84) [ 740.239540][ T28] audit: type=1400 audit(1756279791.844:280): avc: denied { setopt } for pid=8270 comm="syz.2.1874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 740.351122][ T1625] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 740.361376][ T1625] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 740.371618][ T1625] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 740.380684][ T1625] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 740.388655][ T1625] usb 6-1: Product: syz [ 740.392810][ T1625] usb 6-1: Manufacturer: syz [ 740.397389][ T1625] usb 6-1: SerialNumber: syz [ 740.598104][ T8284] kvm: pic: non byte write [ 740.605948][ T1625] usb 6-1: 0:2 : does not exist [ 740.612618][ T1625] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 740.623086][ T1625] usb 6-1: USB disconnect, device number 10 [ 740.830553][ T4670] udevd[4670]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 741.186200][ T28] audit: type=1400 audit(1756279792.794:281): avc: denied { map } for pid=8303 comm="syz.5.1885" path="socket:[48494]" dev="sockfs" ino=48494 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 741.340915][ T8317] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 741.388517][ T28] audit: type=1400 audit(1756279792.994:282): avc: denied { map } for pid=8321 comm="syz.0.1892" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=179 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 741.471169][ T8329] binder: 8328:8329 ioctl c0306201 0 returned -14 [ 741.478277][ T28] audit: type=1326 audit(1756279793.084:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8328 comm="syz.1.1894" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f349978ebe9 code=0x0 [ 741.787171][ T8351] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 741.890413][ T8356] kvm: pic: non byte write [ 741.930081][ T8036] usb 1-1: new high-speed USB device number 62 using dummy_hcd [ 742.111090][ T8036] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 742.121239][ T8036] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 742.130797][ T8036] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 742.139865][ T8036] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 742.147875][ T8036] usb 1-1: SerialNumber: syz [ 742.220064][ T8273] Bluetooth: hci0: command 0x1003 tx timeout [ 742.220064][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 742.356512][ T8036] usb 1-1: 0:2 : does not exist [ 742.373234][ T8036] usb 1-1: USB disconnect, device number 62 [ 742.765207][ T8378] overlayfs: failed to resolve './file1': -2 [ 742.900067][ T8036] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 742.986732][ T8407] overlayfs: failed to resolve './file1': -2 [ 743.090051][ T8036] usb 2-1: Using ep0 maxpacket: 8 [ 743.096137][ T8036] usb 2-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 743.107102][ T8036] usb 2-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 743.116898][ T8036] usb 2-1: config 0 interface 0 has no altsetting 0 [ 743.123896][ T8036] usb 2-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 743.132971][ T8036] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 743.140048][ T1625] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 743.141949][ T8036] usb 2-1: config 0 descriptor?? [ 743.321359][ T1625] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 743.330449][ T1625] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 743.339041][ T1625] usb 4-1: config 0 descriptor?? [ 743.350048][ T39] usb 1-1: new high-speed USB device number 63 using dummy_hcd [ 743.540052][ T39] usb 1-1: Using ep0 maxpacket: 32 [ 743.546323][ T39] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 743.557137][ T8036] samsung 0003:0419:0001.0004: hidraw0: USB HID v0.00 Device [HID 0419:0001] on usb-dummy_hcd.1-1/input0 [ 743.559194][ T39] usb 1-1: New USB device found, idVendor=04b4, idProduct=ed81, bcdDevice= 0.00 [ 743.579518][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 743.590317][ T39] usb 1-1: config 0 descriptor?? [ 743.758740][ T669] usb 2-1: USB disconnect, device number 70 [ 743.998140][ T39] cypress 0003:04B4:ED81.0005: unknown main item tag 0x0 [ 744.005349][ T39] cypress 0003:04B4:ED81.0005: item fetching failed at offset 3/5 [ 744.013402][ T39] cypress 0003:04B4:ED81.0005: parse failed [ 744.019316][ T39] cypress: probe of 0003:04B4:ED81.0005 failed with error -22 [ 744.212584][ T39] usb 1-1: USB disconnect, device number 63 [ 744.354903][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 744.354916][ T28] audit: type=1400 audit(1756279795.964:288): avc: denied { mounton } for pid=8431 comm="syz.5.1934" path="/proc/272/task" dev="proc" ino=50557 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 744.590094][ T8036] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 744.720064][ T39] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 744.770113][ T8036] usb 2-1: Using ep0 maxpacket: 16 [ 744.776376][ T8036] usb 2-1: config 0 interface 0 has no altsetting 0 [ 744.787722][ T8036] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 744.809747][ T8036] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 744.825224][ T8036] usb 2-1: config 0 descriptor?? [ 744.921191][ T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 744.940047][ T39] usb 6-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 744.949185][ T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 744.958727][ T39] usb 6-1: config 0 descriptor?? [ 745.158658][ T1625] usb 4-1: Cannot set autoneg [ 745.163540][ T1625] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71 [ 745.174834][ T1625] usb 4-1: USB disconnect, device number 53 [ 745.210110][ T387] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 745.235036][ T8036] usbhid 2-1:0.0: can't add hid device: -71 [ 745.241065][ T8036] usbhid: probe of 2-1:0.0 failed with error -71 [ 745.250448][ T8036] usb 2-1: USB disconnect, device number 71 [ 745.375180][ T39] lenovo 0003:17EF:6047.0006: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.5-1/input0 [ 745.382285][ T8480] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1953'. [ 745.395301][ T387] usb 3-1: Using ep0 maxpacket: 8 [ 745.401469][ T387] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 745.411607][ T387] usb 3-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 745.420704][ T387] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 745.429928][ T387] usb 3-1: config 0 descriptor?? [ 745.839270][ T387] kye 0003:0458:5015.0007: item fetching failed at offset 0/2 [ 745.846978][ T387] kye 0003:0458:5015.0007: parse failed [ 745.852577][ T387] kye: probe of 0003:0458:5015.0007 failed with error -22 [ 745.882306][ T343] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 745.893047][ T343] hid-generic 0000:0000:0000.0008: hidraw1: HID v0.00 Device [syz1] on syz0 [ 745.906931][ T8511] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 745.941475][ T8511] pic_ioport_write: 5 callbacks suppressed [ 745.941490][ T8511] kvm: pic: level sensitive irq not supported [ 745.960334][ T8511] kvm: pic: non byte read [ 745.971112][ T8511] kvm: pic: level sensitive irq not supported [ 745.971193][ T8511] kvm: pic: non byte read [ 745.985659][ T8511] kvm: pic: level sensitive irq not supported [ 745.991829][ T8511] kvm: pic: non byte read [ 746.005636][ T8511] kvm: pic: level sensitive irq not supported [ 746.005682][ T8511] kvm: pic: non byte read [ 746.017045][ T8519] kvm: pic: non byte read [ 746.023103][ T8511] kvm: pic: level sensitive irq not supported [ 746.023184][ T8511] kvm: pic: non byte read [ 746.034667][ T8519] pic_ioport_write: 1 callbacks suppressed [ 746.034680][ T8519] kvm: pic: single mode not supported [ 746.048733][ T8519] kvm: pic: level sensitive irq not supported [ 746.051493][ T343] usb 3-1: USB disconnect, device number 71 [ 746.054796][ T8519] kvm: pic: level sensitive irq not supported [ 746.066633][ T8519] kvm: pic: single mode not supported [ 746.072848][ T8519] kvm: pic: level sensitive irq not supported [ 746.079872][ T8519] kvm: pic: single mode not supported [ 746.086484][ T8519] kvm: pic: level sensitive irq not supported [ 746.092189][ T8519] kvm: pic: level sensitive irq not supported [ 746.098612][ T8519] kvm: pic: single mode not supported [ 746.105254][ T8519] kvm: pic: single mode not supported [ 746.110878][ T8519] kvm: pic: single mode not supported [ 746.116427][ T8519] kvm: pic: single mode not supported [ 746.122118][ T8519] kvm: pic: single mode not supported [ 746.127592][ T8519] kvm: pic: single mode not supported [ 746.133439][ T8519] kvm: pic: single mode not supported [ 746.340088][ T1625] usb 1-1: new high-speed USB device number 64 using dummy_hcd [ 746.388772][ T411] usb 6-1: USB disconnect, device number 11 [ 746.428330][ T28] audit: type=1400 audit(1756279798.034:289): avc: denied { relabelfrom } for pid=8547 comm="syz.1.1977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 746.448214][ T28] audit: type=1400 audit(1756279798.034:290): avc: denied { relabelto } for pid=8547 comm="syz.1.1977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 746.543312][ T8552] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2819718256 (180461968384 ns) > initial count (8435122816 ns). Using initial count to start timer. [ 746.562435][ T1625] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 746.571741][ T1625] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 746.580746][ T1625] usb 1-1: config 0 descriptor?? [ 746.770054][ T343] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 746.788951][ T1625] usb 1-1: string descriptor 0 read error: -32 [ 746.850082][ T387] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 746.881809][ T28] audit: type=1400 audit(1756279798.494:291): avc: denied { mount } for pid=8572 comm="syz.1.1987" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 746.904594][ T28] audit: type=1400 audit(1756279798.514:292): avc: denied { unmount } for pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 746.961151][ T343] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 746.972429][ T343] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 746.982216][ T343] usb 4-1: config 0 interface 0 has no altsetting 0 [ 746.989019][ T343] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 746.998825][ T1625] usb 1-1: Cannot set MAC address [ 747.005677][ T1625] MOSCHIP usb-ethernet driver: probe of 1-1:0.0 failed with error -71 [ 747.014350][ T343] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 747.023286][ T1625] usb 1-1: USB disconnect, device number 64 [ 747.030127][ T387] usb 3-1: Using ep0 maxpacket: 16 [ 747.030685][ T343] usb 4-1: config 0 descriptor?? [ 747.043824][ T387] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 747.052577][ T387] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 747.063386][ T387] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 747.081418][ T387] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 747.095039][ T387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 747.103089][ T387] usb 3-1: Product: syz [ 747.111825][ T387] usb 3-1: Manufacturer: syz [ 747.116480][ T387] usb 3-1: SerialNumber: syz [ 747.443973][ T343] usbhid 4-1:0.0: can't add hid device: -71 [ 747.450062][ T343] usbhid: probe of 4-1:0.0 failed with error -71 [ 747.459211][ T343] usb 4-1: USB disconnect, device number 54 [ 747.513554][ T8036] usb 6-1: new full-speed USB device number 12 using dummy_hcd [ 747.529663][ T387] usb 3-1: 0:2 : does not exist [ 747.569006][ T28] audit: type=1400 audit(1756279799.174:293): avc: denied { mount } for pid=8600 comm="syz.0.1998" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 747.701184][ T8036] usb 6-1: config 0 has an invalid interface number: 214 but max is 0 [ 747.709575][ T8036] usb 6-1: config 0 has no interface number 0 [ 747.719614][ T8036] usb 6-1: config 0 interface 214 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 747.730751][ T8036] usb 6-1: config 0 interface 214 has no altsetting 0 [ 747.738953][ T8036] usb 6-1: New USB device found, idVendor=07c9, idProduct=000e, bcdDevice=5d.4f [ 747.748082][ T8036] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 747.756103][ T8036] usb 6-1: Product: syz [ 747.760318][ T8036] usb 6-1: Manufacturer: syz [ 747.764914][ T8036] usb 6-1: SerialNumber: syz [ 747.771144][ T8036] usb 6-1: config 0 descriptor?? [ 747.776379][ T8596] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 747.986920][ T8596] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 748.145403][ T387] usb 3-1: USB disconnect, device number 72 [ 748.657249][ T1156] Bluetooth: hci1: Frame reassembly failed (-84) [ 749.331870][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0006: -71 [ 749.342714][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): invalid MAC address, using random [ 749.353450][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0006: -71 [ 749.364501][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0005: -71 [ 749.375392][ T411] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 749.383215][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71 [ 749.394366][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71 [ 749.405451][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71 [ 749.416486][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71 [ 749.427549][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0002: -71 [ 749.438596][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71 [ 749.449757][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0002: -71 [ 749.460892][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71 [ 749.471975][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71 [ 749.482917][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71 [ 749.493960][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x001f: -71 [ 749.504995][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0019: -71 [ 749.516031][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x001f: -71 [ 749.527070][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71 [ 749.538134][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71 [ 749.549222][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71 [ 749.560274][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x000e: -71 [ 749.571263][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71 [ 749.582626][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71 [ 749.593698][ T411] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 749.604902][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71 [ 749.615796][ T411] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 749.625623][ T411] usb 1-1: config 0 interface 0 has no altsetting 0 [ 749.632309][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71 [ 749.643173][ T411] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 749.652351][ T411] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 749.660409][ T8036] ax88179_178a 6-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 749.671682][ T411] usb 1-1: config 0 descriptor?? [ 749.678008][ T8036] ax88179_178a 6-1:0.214 eth1: register 'ax88179_178a' at usb-dummy_hcd.5-1, AT-UMC2000 USB 3.0/USB 3.1 Gen 1 to Gigabit Ethernet Adapter, 26:4a:fb:af:db:a0 [ 749.696852][ T8036] usb 6-1: USB disconnect, device number 12 [ 749.703107][ T8036] ax88179_178a 6-1:0.214 eth1: unregister 'ax88179_178a' usb-dummy_hcd.5-1, AT-UMC2000 USB 3.0/USB 3.1 Gen 1 to Gigabit Ethernet Adapter [ 749.870383][ T8663] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 749.952055][ T28] audit: type=1400 audit(1756279801.564:294): avc: denied { read } for pid=142 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 750.082789][ T411] usbhid 1-1:0.0: can't add hid device: -71 [ 750.088876][ T411] usbhid: probe of 1-1:0.0 failed with error -71 [ 750.101632][ T411] usb 1-1: USB disconnect, device number 65 [ 750.240086][ T343] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 750.420059][ T343] usb 6-1: Using ep0 maxpacket: 16 [ 750.426161][ T343] usb 6-1: config 0 interface 0 has no altsetting 0 [ 750.433080][ T343] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 750.442107][ T343] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 750.450525][ T343] usb 6-1: config 0 descriptor?? [ 750.600788][ T669] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 750.660052][ T1625] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 750.700058][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 750.700071][ T8272] Bluetooth: hci1: command 0x1003 tx timeout [ 750.790394][ T669] usb 4-1: Using ep0 maxpacket: 16 [ 750.798040][ T669] usb 4-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 750.807180][ T669] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 750.815191][ T669] usb 4-1: Product: syz [ 750.819399][ T669] usb 4-1: Manufacturer: syz [ 750.824038][ T669] usb 4-1: SerialNumber: syz [ 750.829140][ T669] usb 4-1: config 0 descriptor?? [ 750.834894][ T669] usb-storage 4-1:0.0: USB Mass Storage device detected [ 750.842535][ T669] usb-storage 4-1:0.0: Quirks match for vid 054c pid 002e: 1 [ 750.857890][ T343] usbhid 6-1:0.0: can't add hid device: -71 [ 750.860079][ T411] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 750.863821][ T1625] usb 2-1: Using ep0 maxpacket: 32 [ 750.876442][ T343] usbhid: probe of 6-1:0.0 failed with error -71 [ 750.886263][ T1625] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 750.899531][ T343] usb 6-1: USB disconnect, device number 13 [ 750.906354][ T1625] usb 2-1: New USB device found, idVendor=04b4, idProduct=ed81, bcdDevice= 0.00 [ 750.915447][ T1625] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 750.923848][ T1625] usb 2-1: config 0 descriptor?? [ 751.036537][ T669] usb 4-1: USB disconnect, device number 55 [ 751.051328][ T411] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 751.061164][ T411] usb 1-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 751.070369][ T411] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 751.078929][ T411] usb 1-1: config 0 descriptor?? [ 751.332061][ T1625] usbhid 2-1:0.0: can't add hid device: -71 [ 751.338060][ T1625] usbhid: probe of 2-1:0.0 failed with error -71 [ 751.346046][ T1625] usb 2-1: USB disconnect, device number 72 [ 751.379677][ T28] audit: type=1400 audit(1756279802.984:295): avc: denied { mounton } for pid=8702 comm="syz.5.2035" path="/100/file0" dev="tmpfs" ino=593 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 751.487390][ T411] lenovo 0003:17EF:6047.0009: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.0-1/input0 [ 751.498639][ T8036] usb 3-1: new full-speed USB device number 73 using dummy_hcd [ 751.681044][ T8036] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 751.691263][ T8036] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 751.702401][ T8036] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 751.711642][ T8036] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 751.719721][ T8036] usb 3-1: Product: syz [ 751.723931][ T8036] usb 3-1: Manufacturer: syz [ 751.728527][ T8036] usb 3-1: SerialNumber: syz [ 751.820379][ T669] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 751.930090][ T1625] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 751.940480][ T8036] usb 3-1: 0:2 : does not exist [ 751.947399][ T8036] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 751.959688][ T8036] usb 3-1: USB disconnect, device number 73 [ 751.967203][ T4670] udevd[4670]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 752.021086][ T669] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 752.032285][ T669] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 752.042195][ T669] usb 4-1: config 0 interface 0 has no altsetting 0 [ 752.048822][ T669] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 752.057879][ T669] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 752.066440][ T669] usb 4-1: config 0 descriptor?? [ 752.110090][ T1625] usb 6-1: Using ep0 maxpacket: 16 [ 752.116429][ T1625] usb 6-1: config 0 interface 0 has no altsetting 0 [ 752.123102][ T1625] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 752.132167][ T1625] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 752.141085][ T1625] usb 6-1: config 0 descriptor?? [ 752.292384][ T411] lenovo 0003:17EF:6047.0009: Sensitivity setting failed: -71 [ 752.301507][ T411] usb 1-1: USB disconnect, device number 66 [ 752.317876][ T8733] fido_id[8733]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 752.380067][ T343] usb 2-1: new full-speed USB device number 73 using dummy_hcd [ 752.474177][ T669] usbhid 4-1:0.0: can't add hid device: -71 [ 752.480517][ T669] usbhid: probe of 4-1:0.0 failed with error -71 [ 752.492458][ T669] usb 4-1: USB disconnect, device number 56 [ 752.513080][ T8741] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 752.548732][ T1625] usbhid 6-1:0.0: can't add hid device: -71 [ 752.554811][ T1625] usbhid: probe of 6-1:0.0 failed with error -71 [ 752.562231][ T1625] usb 6-1: USB disconnect, device number 14 [ 752.568518][ T343] usb 2-1: config 0 has no interfaces? [ 752.576745][ T343] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 752.585805][ T343] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 752.593857][ T343] usb 2-1: SerialNumber: syz [ 752.598828][ T343] usb 2-1: config 0 descriptor?? [ 752.700544][ T666] Bluetooth: hci1: Frame reassembly failed (-84) [ 752.808066][ T8036] usb 2-1: USB disconnect, device number 73 [ 753.220081][ T65] usb 1-1: new full-speed USB device number 67 using dummy_hcd [ 753.330141][ T8036] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 753.360133][ T1625] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 753.370973][ T28] audit: type=1400 audit(1756279804.984:296): avc: denied { read write } for pid=8782 comm="syz.1.2068" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 753.393449][ T28] audit: type=1400 audit(1756279804.984:297): avc: denied { open } for pid=8782 comm="syz.1.2068" path="/385/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 753.401265][ T65] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 753.426559][ T65] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 753.445065][ T65] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 753.454272][ T65] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 753.462497][ T65] usb 1-1: Product: syz [ 753.466664][ T65] usb 1-1: Manufacturer: syz [ 753.471690][ T65] usb 1-1: SerialNumber: syz [ 753.520177][ T8036] usb 6-1: Using ep0 maxpacket: 32 [ 753.526410][ T8036] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 753.534549][ T8036] usb 6-1: config 0 has no interface number 0 [ 753.541943][ T8036] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 753.551041][ T8036] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 753.551236][ T1625] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 753.559043][ T8036] usb 6-1: Product: syz [ 753.559059][ T8036] usb 6-1: Manufacturer: syz [ 753.569104][ T1625] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 753.573091][ T8036] usb 6-1: SerialNumber: syz [ 753.577839][ T1625] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 753.591945][ T8036] usb 6-1: config 0 descriptor?? [ 753.600073][ T1625] usb 4-1: config 0 descriptor?? [ 753.610334][ T8036] smsc95xx v2.0.0 [ 753.682898][ T65] usb 1-1: 0:2 : does not exist [ 753.689903][ T65] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 753.703775][ T65] usb 1-1: USB disconnect, device number 67 [ 754.011330][ T8036] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 754.012878][ T1625] lenovo 0003:17EF:6047.000A: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.3-1/input0 [ 754.022124][ T8036] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 754.410049][ T669] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 754.470063][ T65] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 754.590052][ T669] usb 2-1: Using ep0 maxpacket: 8 [ 754.596360][ T669] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 754.606192][ T669] usb 2-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 754.615245][ T669] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.623959][ T669] usb 2-1: config 0 descriptor?? [ 754.645427][ T8036] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71 [ 754.656365][ T8036] smsc95xx: probe of 6-1:0.67 failed with error -71 [ 754.666334][ T65] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 754.675446][ T8036] usb 6-1: USB disconnect, device number 15 [ 754.681922][ T65] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.691144][ T65] usb 1-1: config 0 descriptor?? [ 754.780075][ T8273] Bluetooth: hci1: command 0x1003 tx timeout [ 754.780074][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 754.823928][ T1625] lenovo 0003:17EF:6047.000A: Sensitivity setting failed: -71 [ 754.834316][ T1625] usb 4-1: USB disconnect, device number 57 [ 754.852852][ T8808] fido_id[8808]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 755.033399][ T669] usbhid 2-1:0.0: can't add hid device: -71 [ 755.039403][ T669] usbhid: probe of 2-1:0.0 failed with error -71 [ 755.048419][ T669] usb 2-1: USB disconnect, device number 74 [ 755.256748][ T8815] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 755.582508][ T1156] Bluetooth: hci1: Frame reassembly failed (-84) [ 755.700120][ T669] usb 4-1: new full-speed USB device number 58 using dummy_hcd [ 755.881232][ T669] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 755.891410][ T669] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 755.903780][ T669] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 755.912847][ T669] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 755.920848][ T669] usb 4-1: Product: syz [ 755.925025][ T669] usb 4-1: Manufacturer: syz [ 755.929606][ T669] usb 4-1: SerialNumber: syz [ 756.137530][ T669] usb 4-1: 0:2 : does not exist [ 756.144472][ T669] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 756.155384][ T669] usb 4-1: USB disconnect, device number 58 [ 756.308967][ T65] usb 1-1: Cannot set autoneg [ 756.314178][ T65] MOSCHIP usb-ethernet driver: probe of 1-1:0.0 failed with error -71 [ 756.323153][ T65] usb 1-1: USB disconnect, device number 68 [ 756.360519][ T4670] udevd[4670]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 756.558241][ T8864] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 756.719472][ T8880] device syzkaller0 entered promiscuous mode [ 757.032412][ T8921] kvm: pic: non byte read [ 757.037375][ T8921] pic_ioport_write: 1 callbacks suppressed [ 757.037385][ T8921] kvm: pic: single mode not supported [ 757.043991][ T8921] pic_ioport_write: 6 callbacks suppressed [ 757.044018][ T8921] kvm: pic: level sensitive irq not supported [ 757.055565][ T8921] kvm: pic: level sensitive irq not supported [ 757.062184][ T8921] kvm: pic: single mode not supported [ 757.068384][ T8921] kvm: pic: level sensitive irq not supported [ 757.076474][ T8921] kvm: pic: single mode not supported [ 757.082911][ T8921] kvm: pic: level sensitive irq not supported [ 757.088705][ T8921] kvm: pic: level sensitive irq not supported [ 757.095478][ T8921] kvm: pic: single mode not supported [ 757.101603][ T8921] kvm: pic: level sensitive irq not supported [ 757.107329][ T8921] kvm: pic: level sensitive irq not supported [ 757.114010][ T8921] kvm: pic: single mode not supported [ 757.120175][ T65] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 757.125769][ T8921] kvm: pic: single mode not supported [ 757.133286][ T8921] kvm: pic: single mode not supported [ 757.138679][ T8921] kvm: pic: level sensitive irq not supported [ 757.144263][ T8921] kvm: pic: single mode not supported [ 757.150321][ T8921] kvm: pic: level sensitive irq not supported [ 757.155824][ T8921] kvm: pic: single mode not supported [ 757.161895][ T8921] kvm: pic: level sensitive irq not supported [ 757.167462][ T8921] kvm: pic: single mode not supported [ 757.311251][ T65] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 757.332257][ T65] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 757.342323][ T65] usb 4-1: config 0 interface 0 has no altsetting 0 [ 757.348912][ T65] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 757.358056][ T65] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 757.370739][ T65] usb 4-1: config 0 descriptor?? [ 757.416093][ T8938] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.2127' sets config #81 [ 757.660088][ T8272] Bluetooth: hci1: command 0x1003 tx timeout [ 757.666104][ T8807] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 757.791266][ T8959] overlayfs: failed to resolve './file1': -2 [ 757.978292][ T65] usb 4-1: string descriptor 0 read error: -22 [ 758.100056][ T411] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 758.180459][ T65] uclogic 0003:256C:006D.000B: failed retrieving string descriptor #200: -71 [ 758.189467][ T65] uclogic 0003:256C:006D.000B: failed retrieving pen parameters: -71 [ 758.197595][ T65] uclogic 0003:256C:006D.000B: failed probing pen v2 parameters: -71 [ 758.205793][ T65] uclogic 0003:256C:006D.000B: failed probing parameters: -71 [ 758.213368][ T65] uclogic: probe of 0003:256C:006D.000B failed with error -71 [ 758.222686][ T65] usb 4-1: USB disconnect, device number 59 [ 758.231160][ T8966] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 758.283883][ T411] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 758.293110][ T411] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 758.302715][ T411] usb 1-1: config 0 descriptor?? [ 758.510139][ T411] usb 1-1: string descriptor 0 read error: -32 [ 758.517641][ T411] usb 1-1: Cannot read MAC address [ 758.523067][ T411] MOSCHIP usb-ethernet driver: probe of 1-1:0.0 failed with error -71 [ 758.533551][ T411] usb 1-1: USB disconnect, device number 69 [ 758.759245][ T666] Bluetooth: hci0: Frame reassembly failed (-84) [ 758.870444][ T666] Bluetooth: hci1: Frame reassembly failed (-84) [ 759.440066][ T411] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 759.620039][ T411] usb 1-1: Using ep0 maxpacket: 16 [ 759.626211][ T411] usb 1-1: config 0 interface 0 has no altsetting 0 [ 759.632892][ T411] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 759.641955][ T411] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 759.650871][ T411] usb 1-1: config 0 descriptor?? [ 760.259478][ T1625] usb 1-1: USB disconnect, device number 70 [ 760.294346][ T9032] overlayfs: failed to resolve './file1': -2 [ 760.520082][ T411] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 760.570055][ T669] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 760.700083][ T411] usb 2-1: Using ep0 maxpacket: 8 [ 760.706249][ T411] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 760.716043][ T411] usb 2-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 760.725117][ T411] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 760.733750][ T411] usb 2-1: config 0 descriptor?? [ 760.751105][ T669] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 760.770027][ T669] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 760.779806][ T669] usb 3-1: config 0 interface 0 has no altsetting 0 [ 760.786471][ T8272] Bluetooth: hci0: command 0x1003 tx timeout [ 760.790392][ T8996] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 760.792543][ T669] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 760.807699][ T669] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 760.816255][ T669] usb 3-1: config 0 descriptor?? [ 760.940061][ T8272] Bluetooth: hci1: command 0x1003 tx timeout [ 760.940076][ T8807] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 761.142169][ T411] usbhid 2-1:0.0: can't add hid device: -71 [ 761.148146][ T411] usbhid: probe of 2-1:0.0 failed with error -71 [ 761.156996][ T411] usb 2-1: USB disconnect, device number 75 [ 761.223608][ T669] kovaplus 0003:1E7D:2D50.000D: unknown main item tag 0x0 [ 761.230804][ T669] kovaplus 0003:1E7D:2D50.000D: unknown main item tag 0x0 [ 761.237903][ T669] kovaplus 0003:1E7D:2D50.000D: item fetching failed at offset 4/5 [ 761.246901][ T669] kovaplus 0003:1E7D:2D50.000D: parse failed [ 761.252918][ T669] kovaplus: probe of 0003:1E7D:2D50.000D failed with error -22 [ 761.312676][ T9039] overlayfs: failed to resolve './file1': -2 [ 761.425820][ T669] usb 3-1: USB disconnect, device number 74 [ 762.127874][ T9114] device syzkaller0 left promiscuous mode [ 762.270039][ T669] usb 1-1: new full-speed USB device number 71 using dummy_hcd [ 762.430067][ T857] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 762.451133][ T669] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 762.461366][ T669] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 762.471811][ T669] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 762.480944][ T669] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 762.488973][ T669] usb 1-1: Product: syz [ 762.493154][ T669] usb 1-1: Manufacturer: syz [ 762.497731][ T669] usb 1-1: SerialNumber: syz [ 762.610046][ T857] usb 4-1: Using ep0 maxpacket: 32 [ 762.616178][ T857] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 762.627092][ T857] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 762.636844][ T857] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 762.645906][ T857] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 762.654587][ T857] usb 4-1: config 0 descriptor?? [ 762.660673][ T857] hub 4-1:0.0: USB hub found [ 762.705419][ T669] usb 1-1: 0:2 : does not exist [ 762.714634][ T669] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 762.726935][ T669] usb 1-1: USB disconnect, device number 71 [ 762.860718][ T857] hub 4-1:0.0: 1 port detected [ 762.940557][ T4670] udevd[4670]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 763.140043][ T343] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 763.224717][ T9151] bpf: Bad value for 'mode' [ 763.321016][ T343] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 763.329015][ T343] usb 2-1: config 0 has no interface number 0 [ 763.335167][ T343] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 763.346064][ T343] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 763.355788][ T343] usb 2-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 763.368603][ T343] usb 2-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 763.377635][ T343] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 763.386327][ T343] usb 2-1: config 0 descriptor?? [ 763.671143][ T669] usb 4-1: USB disconnect, device number 60 [ 763.861232][ T9173] fuse: Bad value for 'fd' [ 763.994125][ T343] input: HID 28bd:0042 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0042.000E/input/input6 [ 764.006629][ T343] uclogic 0003:28BD:0042.000E: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.1-1/input1 [ 764.019513][ T343] usb 2-1: USB disconnect, device number 76 [ 764.036062][ T9186] fido_id[9186]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 764.219583][ T9191] tipc: Started in network mode [ 764.224559][ T9191] tipc: Node identity caa7d289cc4d, cluster identity 4711 [ 764.231811][ T9191] tipc: Enabled bearer , priority 0 [ 764.239277][ T9191] tipc: Resetting bearer [ 764.240059][ T669] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 764.252874][ T9190] tipc: Disabling bearer [ 764.260168][ T65] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 764.441100][ T65] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 764.441395][ T669] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 764.450221][ T65] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 764.460172][ T669] usb 1-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 764.472675][ T65] usb 3-1: config 0 descriptor?? [ 764.485103][ T669] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 764.500963][ T669] usb 1-1: config 0 descriptor?? [ 764.684998][ T65] usb 3-1: string descriptor 0 read error: -71 [ 764.693472][ T65] usb 3-1: Cannot read MAC address [ 764.698596][ T65] MOSCHIP usb-ethernet driver: probe of 3-1:0.0 failed with error -71 [ 764.709356][ T65] usb 3-1: USB disconnect, device number 75 [ 764.784164][ T1156] Bluetooth: hci0: Frame reassembly failed (-84) [ 764.918105][ T669] lenovo 0003:17EF:6047.000F: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.0-1/input0 [ 765.084542][ T9249] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 765.480157][ T65] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 765.494341][ T9278] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 765.545535][ T9286] binder: 9285:9286 ioctl c018620c 200000000180 returned -22 [ 765.567644][ T666] Bluetooth: hci1: Frame reassembly failed (-84) [ 765.620141][ T9243] Bluetooth: hci0: Opcode 0x1003 failed: -4 [ 765.651090][ T9299] overlayfs: missing 'lowerdir' [ 765.660059][ T65] usb 3-1: Using ep0 maxpacket: 16 [ 765.669784][ T65] usb 3-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 765.686831][ T65] usb 3-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 765.696733][ T65] usb 3-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 765.709735][ T65] usb 3-1: config 1 interface 0 has no altsetting 0 [ 765.720918][ T669] lenovo 0003:17EF:6047.000F: Sensitivity setting failed: -71 [ 765.728607][ T65] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 765.738196][ T65] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.741498][ T669] usb 1-1: USB disconnect, device number 72 [ 765.756019][ T65] usb 3-1: Product: syz [ 765.760750][ T65] usb 3-1: Manufacturer: syz [ 765.765357][ T65] usb 3-1: SerialNumber: syz [ 765.772772][ T9310] fido_id[9310]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 765.974169][ T65] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 76 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 766.220176][ T1625] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 766.324594][ T28] audit: type=1400 audit(1756279817.934:298): avc: denied { read write } for pid=9261 comm="syz.2.2253" name="lp0" dev="devtmpfs" ino=4715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 766.348482][ T28] audit: type=1400 audit(1756279817.934:299): avc: denied { open } for pid=9261 comm="syz.2.2253" path="/dev/usb/lp0" dev="devtmpfs" ino=4715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 766.372370][ T28] audit: type=1400 audit(1756279817.954:300): avc: denied { ioctl } for pid=9261 comm="syz.2.2253" path="/dev/usb/lp0" dev="devtmpfs" ino=4715 ioctlcmd=0x604 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 766.421083][ T1625] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 766.430155][ T1625] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 766.440394][ T1625] usb 6-1: config 0 descriptor?? [ 766.721676][ T9350] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 766.773111][ T9353] device syzkaller0 entered promiscuous mode [ 766.880062][ T411] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 767.060052][ T411] usb 1-1: Using ep0 maxpacket: 16 [ 767.066260][ T411] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 767.074995][ T411] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 767.085095][ T411] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 767.095522][ T411] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 767.105158][ T411] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.113198][ T411] usb 1-1: Product: syz [ 767.117350][ T411] usb 1-1: Manufacturer: syz [ 767.126758][ T411] usb 1-1: SerialNumber: syz [ 767.544623][ T411] usb 1-1: 0:2 : does not exist [ 767.580047][ T45] Bluetooth: hci1: command 0x1003 tx timeout [ 767.580063][ T8807] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 767.797440][ T9382] device syzkaller0 entered promiscuous mode [ 767.848749][ T1625] usb 6-1: Cannot set autoneg [ 767.853556][ T1625] MOSCHIP usb-ethernet driver: probe of 6-1:0.0 failed with error -71 [ 767.862627][ T1625] usb 6-1: USB disconnect, device number 16 [ 768.224993][ T65] usb 3-1: USB disconnect, device number 76 [ 768.252145][ T65] usblp0: removed [ 768.334476][ T9413] device syzkaller0 entered promiscuous mode [ 768.551972][ T1156] Bluetooth: hci1: Frame reassembly failed (-84) [ 768.552926][ T411] usb 1-1: 1:0: failed to get current value for ch 0 (-22) [ 768.594537][ T411] usb 1-1: USB disconnect, device number 73 [ 768.642733][ T6960] ------------[ cut here ]------------ [ 768.648206][ T6960] WARNING: CPU: 0 PID: 6960 at fs/inode.c:332 drop_nlink+0xc5/0x110 [ 768.656232][ T6960] Modules linked in: [ 768.660201][ T6960] CPU: 0 PID: 6960 Comm: syz-executor Not tainted syzkaller #0 [ 768.667726][ T6960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 768.677792][ T6960] RIP: 0010:drop_nlink+0xc5/0x110 [ 768.682828][ T6960] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 03 ea f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 eb 8b ac ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 768.702483][ T6960] RSP: 0018:ffffc90013f7fc38 EFLAGS: 00010293 [ 768.708545][ T6960] RAX: ffffffff81c37b75 RBX: ffff88813054cbd8 RCX: ffff88811b4b9440 [ 768.716682][ T6960] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 768.724716][ T6960] RBP: ffffc90013f7fc60 R08: 0000000000000004 R09: 0000000000000003 [ 768.732787][ T6960] R10: fffff520027eff78 R11: 1ffff920027eff78 R12: dffffc0000000000 [ 768.740847][ T6960] R13: 1ffff110260a9984 R14: ffff88813054cc20 R15: 0000000000000000 [ 768.748812][ T6960] FS: 0000555592677500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 768.757749][ T6960] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 768.764337][ T6960] CR2: 000055559269a4e8 CR3: 0000000120161000 CR4: 00000000003526b0 [ 768.772322][ T6960] Call Trace: [ 768.775592][ T6960] [ 768.778516][ T6960] shmem_rmdir+0x5b/0x90 [ 768.782872][ T6960] vfs_rmdir+0x393/0x500 [ 768.787189][ T6960] incfs_kill_sb+0x105/0x220 [ 768.791816][ T6960] deactivate_locked_super+0xb5/0x120 [ 768.797187][ T6960] deactivate_super+0xaf/0xe0 [ 768.801888][ T6960] cleanup_mnt+0x45f/0x4e0 [ 768.806350][ T6960] __cleanup_mnt+0x19/0x20 [ 768.810765][ T6960] task_work_run+0x1db/0x240 [ 768.815346][ T6960] ? __cfi_task_work_run+0x10/0x10 [ 768.820452][ T6960] ? __x64_sys_umount+0x125/0x160 [ 768.825469][ T6960] ? __cfi___x64_sys_umount+0x10/0x10 [ 768.830842][ T6960] exit_to_user_mode_loop+0x9b/0xb0 [ 768.836088][ T6960] exit_to_user_mode_prepare+0x5a/0xa0 [ 768.841549][ T6960] syscall_exit_to_user_mode+0x1a/0x30 [ 768.846998][ T6960] do_syscall_64+0x58/0xa0 [ 768.851415][ T6960] ? clear_bhb_loop+0x30/0x80 [ 768.856085][ T6960] ? clear_bhb_loop+0x30/0x80 [ 768.860773][ T6960] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 768.866658][ T6960] RIP: 0033:0x7f629af8ff17 [ 768.871081][ T6960] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 768.890701][ T6960] RSP: 002b:00007ffd05cee7e8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 768.899110][ T6960] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f629af8ff17 [ 768.907089][ T6960] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd05cee8a0 [ 768.915063][ T6960] RBP: 00007ffd05cee8a0 R08: 0000000000000000 R09: 0000000000000000 [ 768.923031][ T6960] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd05cef930 [ 768.931021][ T6960] R13: 00007f629b011c05 R14: 00000000000bba68 R15: 00007ffd05cef970 [ 768.938986][ T6960] [ 768.942002][ T6960] ---[ end trace 0000000000000000 ]--- [ 768.947528][ T6960] ================================================================== [ 768.948349][ T65] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 768.955585][ T6960] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 768.955610][ T6960] Write of size 4 at addr 0000000000000170 by task syz-executor/6960 [ 768.955624][ T6960] [ 768.979718][ T6960] CPU: 1 PID: 6960 Comm: syz-executor Tainted: G W syzkaller #0 [ 768.988718][ T6960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 768.998753][ T6960] Call Trace: [ 769.002027][ T6960] [ 769.004935][ T6960] __dump_stack+0x21/0x24 [ 769.009245][ T6960] dump_stack_lvl+0xee/0x150 [ 769.013811][ T6960] ? __cfi_dump_stack_lvl+0x8/0x8 [ 769.018813][ T6960] ? ihold+0x20/0x60 [ 769.022683][ T6960] ? ihold+0x20/0x60 [ 769.026570][ T6960] print_report+0x3d/0x60 [ 769.030939][ T6960] kasan_report+0x122/0x150 [ 769.035420][ T6960] ? ihold+0x20/0x60 [ 769.039287][ T6960] kasan_check_range+0x280/0x290 [ 769.044288][ T6960] __kasan_check_write+0x14/0x20 [ 769.049206][ T6960] ihold+0x20/0x60 [ 769.052901][ T6960] vfs_rmdir+0x25f/0x500 [ 769.057120][ T6960] incfs_kill_sb+0x105/0x220 [ 769.061686][ T6960] deactivate_locked_super+0xb5/0x120 [ 769.067036][ T6960] deactivate_super+0xaf/0xe0 [ 769.071695][ T6960] cleanup_mnt+0x45f/0x4e0 [ 769.076087][ T6960] __cleanup_mnt+0x19/0x20 [ 769.080479][ T6960] task_work_run+0x1db/0x240 [ 769.085046][ T6960] ? __cfi_task_work_run+0x10/0x10 [ 769.090148][ T6960] ? __x64_sys_umount+0x125/0x160 [ 769.095166][ T6960] ? __cfi___x64_sys_umount+0x10/0x10 [ 769.100519][ T6960] exit_to_user_mode_loop+0x9b/0xb0 [ 769.105691][ T6960] exit_to_user_mode_prepare+0x5a/0xa0 [ 769.111125][ T6960] syscall_exit_to_user_mode+0x1a/0x30 [ 769.116562][ T6960] do_syscall_64+0x58/0xa0 [ 769.120954][ T6960] ? clear_bhb_loop+0x30/0x80 [ 769.125605][ T6960] ? clear_bhb_loop+0x30/0x80 [ 769.130257][ T6960] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 769.136128][ T6960] RIP: 0033:0x7f629af8ff17 [ 769.140517][ T6960] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 769.160100][ T6960] RSP: 002b:00007ffd05cee7e8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 769.168492][ T6960] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f629af8ff17 [ 769.176443][ T6960] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd05cee8a0 [ 769.184394][ T6960] RBP: 00007ffd05cee8a0 R08: 0000000000000000 R09: 0000000000000000 [ 769.190100][ T65] usb 3-1: Using ep0 maxpacket: 16 [ 769.192358][ T6960] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd05cef930 [ 769.192379][ T6960] R13: 00007f629b011c05 R14: 00000000000bba68 R15: 00007ffd05cef970 [ 769.198646][ T65] usb 3-1: config 0 interface 0 has no altsetting 0 [ 769.205420][ T6960] [ 769.205431][ T6960] ================================================================== [ 769.206097][ T6960] Disabling lock debugging due to kernel taint [ 769.227921][ T65] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 769.231951][ T6960] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 769.242556][ T28] audit: type=1400 audit(1756279820.844:301): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 769.246802][ T6960] #PF: supervisor write access in kernel mode [ 769.257113][ T65] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 769.276248][ T6960] #PF: error_code(0x0002) - not-present page [ 769.276269][ T6960] PGD 132ebf067 P4D 132ebf067 PUD 0 [ 769.276292][ T6960] Oops: 0002 [#1] PREEMPT SMP KASAN [ 769.282808][ T28] audit: type=1400 audit(1756279820.844:302): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 769.290285][ T6960] CPU: 1 PID: 6960 Comm: syz-executor Tainted: G B W syzkaller #0 [ 769.290304][ T6960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 769.290314][ T6960] RIP: 0010:ihold+0x26/0x60 [ 769.290335][ T6960] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 51 83 ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 40 e1 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 41 [ 769.296613][ T28] audit: type=1400 audit(1756279820.844:303): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 769.301552][ T6960] RSP: 0018:ffffc90013f7fc78 EFLAGS: 00010246 [ 769.301575][ T6960] RAX: ffff88811b4b9400 RBX: 0000000000000000 RCX: ffff88811b4b9440 [ 769.310282][ T65] usb 3-1: config 0 descriptor?? [ 769.327977][ T6960] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 769.327992][ T6960] RBP: ffffc90013f7fc88 R08: dffffc0000000000 R09: fffffbfff0f2d4fd [ 769.328005][ T6960] R10: fffffbfff0f2d4fd R11: 1ffffffff0f2d4fc R12: ffff88813054cbe4 [ 769.328018][ T6960] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 769.337111][ T28] audit: type=1400 audit(1756279820.844:304): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 769.347032][ T6960] FS: 0000555592677500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 769.347055][ T6960] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 769.347068][ T6960] CR2: 0000000000000170 CR3: 0000000120161000 CR4: 00000000003506a0 [ 769.352002][ T28] audit: type=1400 audit(1756279820.844:305): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 769.371114][ T6960] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 769.371128][ T6960] DR3: 00000000000032e7 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 769.371140][ T6960] Call Trace: [ 769.371146][ T6960] [ 769.371152][ T6960] vfs_rmdir+0x25f/0x500 [ 769.392822][ T28] audit: type=1400 audit(1756279820.844:306): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 769.398332][ T6960] incfs_kill_sb+0x105/0x220 [ 769.398354][ T6960] deactivate_locked_super+0xb5/0x120 [ 769.398376][ T6960] deactivate_super+0xaf/0xe0 [ 769.407928][ T28] audit: type=1400 audit(1756279820.844:307): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 769.411223][ T6960] cleanup_mnt+0x45f/0x4e0 [ 769.411250][ T6960] __cleanup_mnt+0x19/0x20 [ 769.411270][ T6960] task_work_run+0x1db/0x240 [ 769.411290][ T6960] ? __cfi_task_work_run+0x10/0x10 [ 769.612686][ T6960] ? __x64_sys_umount+0x125/0x160 [ 769.617709][ T6960] ? __cfi___x64_sys_umount+0x10/0x10 [ 769.623067][ T6960] exit_to_user_mode_loop+0x9b/0xb0 [ 769.628247][ T6960] exit_to_user_mode_prepare+0x5a/0xa0 [ 769.633696][ T6960] syscall_exit_to_user_mode+0x1a/0x30 [ 769.639140][ T6960] do_syscall_64+0x58/0xa0 [ 769.643544][ T6960] ? clear_bhb_loop+0x30/0x80 [ 769.648205][ T6960] ? clear_bhb_loop+0x30/0x80 [ 769.652864][ T6960] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 769.658743][ T6960] RIP: 0033:0x7f629af8ff17 [ 769.663147][ T6960] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 769.682738][ T6960] RSP: 002b:00007ffd05cee7e8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 769.691136][ T6960] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f629af8ff17 [ 769.699090][ T6960] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd05cee8a0 [ 769.707042][ T6960] RBP: 00007ffd05cee8a0 R08: 0000000000000000 R09: 0000000000000000 [ 769.715017][ T6960] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd05cef930 [ 769.722975][ T6960] R13: 00007f629b011c05 R14: 00000000000bba68 R15: 00007ffd05cef970 [ 769.730940][ T6960] [ 769.733942][ T6960] Modules linked in: [ 769.737826][ T6960] CR2: 0000000000000170 [ 769.741956][ T6960] ---[ end trace 0000000000000000 ]--- [ 769.747388][ T6960] RIP: 0010:ihold+0x26/0x60 [ 769.751878][ T6960] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 51 83 ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 40 e1 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 41 [ 769.771558][ T6960] RSP: 0018:ffffc90013f7fc78 EFLAGS: 00010246 [ 769.777616][ T6960] RAX: ffff88811b4b9400 RBX: 0000000000000000 RCX: ffff88811b4b9440 [ 769.785571][ T6960] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 769.793527][ T6960] RBP: ffffc90013f7fc88 R08: dffffc0000000000 R09: fffffbfff0f2d4fd [ 769.801482][ T6960] R10: fffffbfff0f2d4fd R11: 1ffffffff0f2d4fc R12: ffff88813054cbe4 [ 769.809454][ T6960] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 769.817410][ T6960] FS: 0000555592677500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 769.826415][ T6960] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 769.832992][ T6960] CR2: 0000000000000170 CR3: 0000000120161000 CR4: 00000000003506a0 [ 769.840955][ T6960] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 769.848904][ T6960] DR3: 00000000000032e7 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 769.856920][ T6960] Kernel panic - not syncing: Fatal exception [ 769.863168][ T6960] Kernel Offset: disabled [ 769.867479][ T6960] Rebooting in 86400 seconds..