last executing test programs: 21m37.842057582s ago: executing program 32 (id=1167): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) r1 = memfd_create(&(0x7f0000000100)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0) write(r1, &(0x7f00000004c0)="06", 0x1) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r1, 0x0) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f00000000c0)={&(0x7f0000320000/0x3000)=nil, 0x3000}) 19m42.624696634s ago: executing program 33 (id=2432): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="020000000000ffffffff"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000003b80)={0x3, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080)) 18m6.31606765s ago: executing program 4 (id=3328): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000780)={0xfc78, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x20, 0x1, 0x1, 0x1}, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000280)={0x40, 0xf, 0xb4, "0240cc30dc10efdb7aaf63cda8c15180fd798cf3c766ff825d44cb09e22534411b5672bd193be764580d28810527a6120d7e61ede394b4fa004ba49548007a5fa4bc593ba03d12f920e83739fced64b47a30f66ff216c47e5375b3ae2aafbfdbc6f04852fb96cc38aa036bd1a3f929f71ba2bda380cd6ec4b77388adf105df4fc2efc3a51f9286bc7425579f26d948afa6aab55351b51621af887f3e3b417d94bb57c10e8a527d1e849ae8979b700796a20283e0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) ioctl$EVIOCGMASK(r1, 0x5b03, 0x0) 18m3.413618705s ago: executing program 4 (id=3359): close(0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x2c000800) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x201, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a68100d7c727e7d63c1bb714e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028642b17832b10b386a6f73791010500a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ed7eff0d26ff199ee1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd1445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bcb7d08e36655c00"}) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000001c0)={0xa1, 0x0, 0xfffe, 0x3f00, 0x0, 0x2, 0x0}) 18m3.310747692s ago: executing program 4 (id=3361): r0 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x98) fcntl$setlease(r0, 0x400, 0x1) open(&(0x7f0000000000)='./file0\x00', 0x4000, 0x20) openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/locks\x00', 0x0, 0x0) truncate(&(0x7f0000000080)='./file0\x00', 0x0) pread64(r1, &(0x7f00000024c0)=""/209, 0xd1, 0x8) 18m2.397845363s ago: executing program 4 (id=3371): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0\x00', 0x112) 18m2.145474724s ago: executing program 0 (id=3375): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000340)=@gcm_256={{0x303}, '\x00', "ec094e071cc80f218d360356a936a7e3971a8c35c47e580400", '\x00', "fffffffffffffffd"}, 0x38) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4) writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) 18m2.028087397s ago: executing program 0 (id=3378): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x60, 0x2c, 0xd27, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x30, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x84}, @TCA_FLOWER_KEY_SCTP_DST={0x6}, @TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @local}]}}]}, 0x60}}, 0x24004000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 18m1.847095963s ago: executing program 0 (id=3382): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/160, 0xa0}, {&(0x7f0000002140)=""/4096, 0x694}], 0x2) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000100)=0x730) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 18m1.507302857s ago: executing program 0 (id=3384): r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x40100, 0x0) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002200)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) 18m1.399014434s ago: executing program 4 (id=3385): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x7c, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff3, 0x7}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4c, 0x2, [@TCA_CGROUP_EMATCHES={0x48, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_LIST={0x3c, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x38, 0x1, 0x0, 0x0, {{0xe38, 0x9, 0x4}, [@TCA_EM_IPT_HOOK={0x8}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xa}, @TCA_EM_IPT_MATCH_DATA={0xe, 0x5, "62ebc0326880cca8af89"}]}}]}]}]}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x40010) 18m1.222350116s ago: executing program 4 (id=3387): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000280)='2', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000001040)={{0x12, 0x1, 0x0, 0x40, 0x15, 0x42, 0x20, 0x5a9, 0x1550, 0xe4bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8e, 0xc4, 0x6f}}]}}]}}, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) shutdown(r0, 0x1) 18m0.954639667s ago: executing program 34 (id=3387): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000280)='2', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000001040)={{0x12, 0x1, 0x0, 0x40, 0x15, 0x42, 0x20, 0x5a9, 0x1550, 0xe4bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8e, 0xc4, 0x6f}}]}}]}}, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) shutdown(r0, 0x1) 18m0.504014319s ago: executing program 0 (id=3392): ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0), 0x0, 0x0, 0x0}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="020000000000000010"]) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) 18m0.22996886s ago: executing program 0 (id=3394): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0) vmsplice(r1, &(0x7f0000000280)=[{&(0x7f0000000100)='n', 0x1}], 0x1, 0x7) bpf$MAP_CREATE(0x0, 0x0, 0x50) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) fcntl$setstatus(r2, 0x4, 0x2800) splice(r0, 0x0, r3, 0x0, 0x8000000000000000, 0x0) 17m59.976374312s ago: executing program 35 (id=3394): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0) vmsplice(r1, &(0x7f0000000280)=[{&(0x7f0000000100)='n', 0x1}], 0x1, 0x7) bpf$MAP_CREATE(0x0, 0x0, 0x50) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) fcntl$setstatus(r2, 0x4, 0x2800) splice(r0, 0x0, r3, 0x0, 0x8000000000000000, 0x0) 13m10.378016742s ago: executing program 7 (id=7601): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5f114b66, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x41) syz_genetlink_get_family_id$wireguard(0xfffffffffffffffc, 0xffffffffffffffff) 13m10.074321085s ago: executing program 7 (id=7606): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x0, 0x0, 0x0, 0xd8, 0x0, 0x0, 0x40f00, 0x30, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300), 0x10, 0xa}, 0x94) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) listen(r0, 0x7ff) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000240)="7c220752098d1a03003fb4d50b17b9653538f559e8ca1a63dfa1a8f54135abe90913a7bb3930c14e8d1808268429578d92871b8681b42a7a264d4c578a7c26845616d98fc09729e3d8c0aa68e95af732c067f9dd1d9fdd4ee2008561e5a690de23248e60f4ab6390f520377d0a68cc822a17c773be19ee5b51b2428acd21725b17f5fadc10e18e574983e260010d619f74dd4c30", 0x94}], 0x1, &(0x7f0000000480)=ANY=[], 0x170}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000f40)="f48f2d", 0x7313485bca3e9141}], 0x1}}], 0x2, 0x0) recvmsg$kcm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=""/150, 0xcf}, {&(0x7f00000000c0)=""/3}, {&(0x7f0000000340)=""/27}, {&(0x7f00000004c0)=""/150}], 0x12}, 0x20000002) 13m9.148441087s ago: executing program 7 (id=7624): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0) 13m8.517774226s ago: executing program 7 (id=7634): r0 = getpid() r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r3 = syz_pidfd_open(r0, 0x0) setns(r3, 0x24020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x8100, &(0x7f0000000200)={0x87, 0x1, 0x80000}, 0x20) 13m7.533719439s ago: executing program 7 (id=7653): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet(0x2, 0xa, 0x14) sendmmsg$inet(r2, &(0x7f0000000f40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 13m7.218316738s ago: executing program 7 (id=7657): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'vlan1\x00', @random="0100c3201000"}) 13m6.955193645s ago: executing program 36 (id=7657): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'vlan1\x00', @random="0100c3201000"}) 6m3.529701453s ago: executing program 9 (id=14616): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000000)="240000001e005f0214fffffffffffff8070000000000000000000000070009001d000000", 0x24) 6m3.306861546s ago: executing program 9 (id=14619): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r2, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) fchmod(0xffffffffffffffff, 0x110) 6m2.896817039s ago: executing program 9 (id=14624): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) preadv(r3, &(0x7f00000015c0)=[{0x0}], 0x1, 0x0, 0x0) 6m2.663960765s ago: executing program 9 (id=14628): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) unshare(0x26020480) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x80000, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) 6m1.678323918s ago: executing program 9 (id=14649): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x400000000000051, 0x4040041) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) 6m1.094245546s ago: executing program 9 (id=14654): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r2, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) rt_sigaction(0x23, 0x0, 0x0, 0x0, 0x0) 6m0.573326123s ago: executing program 37 (id=14654): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r2, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) rt_sigaction(0x23, 0x0, 0x0, 0x0, 0x0) 5m32.125059141s ago: executing program 1 (id=14981): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x1e) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000100)={{0x100}, 'syz1\x00'}) ioctl$UI_DEV_CREATE(r2, 0x5501) 5m31.752006783s ago: executing program 1 (id=14986): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) writev(r3, &(0x7f0000000040)=[{&(0x7f00000000c0)='W', 0x1}], 0x1) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) syncfs(r2) 5m31.5320418s ago: executing program 1 (id=14989): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 5m31.269649667s ago: executing program 1 (id=14993): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080) ioctl$LOOP_SET_FD(r3, 0x4c00, r2) ioctl$LOOP_SET_FD(r3, 0x4c05, r3) dup2(r2, r0) 5m30.75428861s ago: executing program 1 (id=14997): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) syz_80211_join_ibss(&(0x7f0000000180)='wlan0\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x2) 5m29.750233956s ago: executing program 1 (id=15008): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) 5m29.242130611s ago: executing program 38 (id=15008): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) 2.560886774s ago: executing program 6 (id=20425): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000240)={r4, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, &(0x7f00000000c0)=0x84) 2.431333124s ago: executing program 6 (id=20430): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 2.321821728s ago: executing program 5 (id=20432): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x88fd537e5e114b6e, 0x100010, r0, 0x2000) 2.182576637s ago: executing program 5 (id=20434): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) write(r2, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f0000000040)=[{&(0x7f0000000180)="290000002000190f00003fffffffda0602000000ffe80001dd0000040d001800ea11c21d0005000000", 0x29}], 0x1) 1.992723579s ago: executing program 5 (id=20438): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0xc, 0x54404d0a08a4d8, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0x60000600) 1.652188449s ago: executing program 5 (id=20445): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x24000]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT_BATCH(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000030301"], 0x1c}, 0x1, 0x0, 0x0, 0x94f7cfd7d57de2ec}, 0x0) 1.258347765s ago: executing program 2 (id=20449): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x8000000) 1.258094798s ago: executing program 5 (id=20450): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendmsg$unix(r3, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="140000"], 0x18, 0x81}, 0x4c800) 1.209458669s ago: executing program 3 (id=20451): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) modify_ldt$write(0x1, 0x0, 0x0) 1.114777433s ago: executing program 2 (id=20452): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000180)=[{&(0x7f0000000900)="580000001400192340834b80040d8c560a066e0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200060c10000000010000000000", 0x58}], 0x1) 1.006305851s ago: executing program 3 (id=20454): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000007600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8011) modify_ldt$write2(0x11, &(0x7f0000000680)={0x8, 0x100000, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1}, 0x10) r2 = syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$setregs(0xd, r2, 0x7fff, &(0x7f0000000240)="12d6cacc400cb28384641a92606ff1d67f7718dadaa571f32ee2eb179974146cb14384e0e9a430de36da9cfa0941cbdb45400dbbf771a9f0d840b73de0cb08d1d3be1afc468f2a26a39cdfba80aa009e0b6b4bab31776e6f4b3cbe471b323c3e805335edbad98b115636442e777dce7bc27e899b8bc13ebd3a9b22f3813b493bcddc5ecc46eada6853") ptrace$setregset(0x4205, r2, 0x1, &(0x7f0000000000)={&(0x7f0000000100)="023a3b32a8530d0648444f138d9c176b04f0f91de6b9fe513adb984dcb636b3f33825c376f2b590fc63b5760e50b8a147a10ffe643c81b55", 0x38}) 1.001113573s ago: executing program 5 (id=20455): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000092ecc620ac05c2773aeb011703010902240001000020000904c40102fffd0180090502f10f020200000905"], 0x0) 914.918468ms ago: executing program 2 (id=20456): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="020300091b0000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000000000a00000000000000fe8000000000000000000000000000bb00000000000000000400040000000000000000000000000000000000000000000000000000000000020001000000000000000000000000ff05000500000000000a00000000000000fe8896380000000000000001000000010000000000000000030007000000000002004e24ac14141f0000000000000000020013"], 0xd8}}, 0x0) 841.645814ms ago: executing program 3 (id=20457): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) lstat(&(0x7f0000000140)='./file0\x00', 0x0) 798.233093ms ago: executing program 6 (id=20458): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f00000002c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) 794.786108ms ago: executing program 3 (id=20459): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) move_mount(r1, 0x0, 0xffffffffffffffff, 0x0, 0x142) 781.134044ms ago: executing program 8 (id=20460): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r3, 0x0, 0x22, &(0x7f0000000040)=0x3, 0x4) 726.67872ms ago: executing program 2 (id=20461): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400018008000100e000000108000200e00000010c00028005000100000000001c0010800800014000000000d974050100000000080002400000000008"], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 682.121236ms ago: executing program 6 (id=20462): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000040)={0xffffffff, 0x1, 0x8}) 672.863732ms ago: executing program 3 (id=20463): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r3, &(0x7f00000000c0)=""/4096, 0x1000) 606.316721ms ago: executing program 8 (id=20464): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) getresuid(0x0, 0x0, 0x0) 602.330777ms ago: executing program 2 (id=20465): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000780)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x48805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) fallocate(r3, 0x0, 0xbf5, 0x2000402) 547.0961ms ago: executing program 3 (id=20466): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f0000247000/0x1000)=nil, 0x1000, 0x0) munlockall() 546.932397ms ago: executing program 6 (id=20467): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x7000000) 491.437073ms ago: executing program 8 (id=20468): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000005000000fd0900008500"], 0x50) 297.564515ms ago: executing program 8 (id=20469): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) 296.595331ms ago: executing program 6 (id=20470): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) ioctl$TCXONC(r1, 0x540a, 0x2) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x6) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$int_in(r2, 0x5452, &(0x7f0000001080)=0x3) write(r2, &(0x7f0000000080)='g', 0x1) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000140)={0x6, 0x3, 0x6, 0x7fff, 0x1a, "ee1dd756f560f25a63b2f119c3439425ea59d8"}) 98.161717ms ago: executing program 2 (id=20471): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r3, 0x26, &(0x7f0000000380)={0x0, 0x1, 0x0, 0xf0a}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r4, 0x26, &(0x7f0000000140)={0x0, 0x0, 0x76, 0x6031}) 97.377246ms ago: executing program 8 (id=20472): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched_retired(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newtaction={0x18, 0x32, 0x1, 0x70bd2b, 0x25dfdbfa, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8080}, 0x9080) 0s ago: executing program 8 (id=20473): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) futex(&(0x7f0000004000), 0xd, 0x8, 0x0, 0x0, 0xb205ffff) kernel console output (not intermixed with test programs): tive one [ 1229.532780][T10909] wireguard0: entered promiscuous mode [ 1229.540295][T10909] bond0: (slave wireguard0): Enslaving as an active interface with an up link [ 1229.848241][T10901] bond0: (slave wireguard1): The slave device specified does not support setting the MAC address [ 1229.892714][T10901] bond0: (slave wireguard1): Enslaving as a backup interface with an up link [ 1230.523741][T10936] netlink: 'syz.5.16042': attribute type 6 has an invalid length. [ 1231.291058][T10972] netlink: 'syz.2.16060': attribute type 13 has an invalid length. [ 1231.632013][T10983] netlink: 4 bytes leftover after parsing attributes in process `syz.2.16065'. [ 1232.513802][T11027] netlink: 48 bytes leftover after parsing attributes in process `syz.6.16085'. [ 1233.589336][T11058] netlink: 20 bytes leftover after parsing attributes in process `syz.8.16099'. [ 1236.340604][T11117] netlink: 76 bytes leftover after parsing attributes in process `syz.6.16126'. [ 1236.356452][T11117] unsupported nlmsg_type 40 [ 1236.601352][T11146] netlink: 52 bytes leftover after parsing attributes in process `syz.5.16138'. [ 1236.662585][T11148] netlink: 44 bytes leftover after parsing attributes in process `syz.3.16139'. [ 1236.685511][T11148] netlink: 59 bytes leftover after parsing attributes in process `syz.3.16139'. [ 1236.715415][T11148] netlink: 59 bytes leftover after parsing attributes in process `syz.3.16139'. [ 1237.352519][T11172] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1237.968571][T11192] netlink: 'syz.2.16157': attribute type 4 has an invalid length. [ 1238.006798][T11192] netlink: 'syz.2.16157': attribute type 5 has an invalid length. [ 1238.025111][T11192] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.16157'. [ 1238.673207][T11210] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1238.855447][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.866317][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.731597][T26373] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 1239.811766][ T917] usb 9-1: new high-speed USB device number 48 using dummy_hcd [ 1239.844419][T11237] binder: 11236:11237 ioctl c0306201 200000000100 returned -14 [ 1239.884359][T26373] usb 6-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 1239.908747][T26373] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1239.963486][ T917] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1239.992048][T26373] usb 6-1: config 0 descriptor?? [ 1240.026949][ T917] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1240.039519][T26373] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 1240.049910][ T917] usb 9-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1240.095761][ T917] usb 9-1: Product: syz [ 1240.130438][ T917] usb 9-1: SerialNumber: syz [ 1240.446648][T11247] netlink: 268 bytes leftover after parsing attributes in process `syz.2.16183'. [ 1241.242854][ T917] cdc_ncm 9-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 1241.251213][ T917] cdc_ncm 9-1:1.0: setting rx_max = 16384 [ 1241.460514][ T917] cdc_ncm 9-1:1.0: setting tx_max = 16384 [ 1241.505034][ T917] cdc_ncm 9-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.8-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 1241.559227][ T917] usb 9-1: USB disconnect, device number 48 [ 1241.602176][ T917] cdc_ncm 9-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.8-1, CDC NCM (NO ZLP) [ 1241.668315][T26373] gspca_stv06xx: I2C: Read error writing address: -71 [ 1241.693342][T26373] usb 6-1: USB disconnect, device number 68 [ 1241.859345][T11272] : renamed from bond_slave_0 [ 1242.331070][T11286] netlink: 72 bytes leftover after parsing attributes in process `syz.6.16202'. [ 1243.520887][T11320] bridge0: port 1(erspan0) entered blocking state [ 1243.547924][T11320] bridge0: port 1(erspan0) entered disabled state [ 1243.577478][T11320] erspan0: entered allmulticast mode [ 1243.600948][T11320] erspan0: entered promiscuous mode [ 1243.621651][T11320] bridge0: port 1(erspan0) entered blocking state [ 1243.628294][T11320] bridge0: port 1(erspan0) entered forwarding state [ 1244.776985][T11349] fuse: Bad value for 'rootmode' [ 1245.276800][T11358] netlink: 84 bytes leftover after parsing attributes in process `syz.2.16234'. [ 1246.195411][T11394] netdevsim netdevsim3: Direct firmware load for . [ 1246.195411][T11394] failed with error -2 [ 1246.215066][T11394] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 1246.215066][T11394] [ 1246.424091][T11399] netlink: 20 bytes leftover after parsing attributes in process `syz.6.16255'. [ 1246.495855][T11392] fuse: Bad value for 'user_id' [ 1246.507678][T11392] fuse: Bad value for 'user_id' [ 1246.840695][T11411] mac80211_hwsim hwsim27 wlan1: Caught tx_queue_len zero misconfig [ 1247.158691][T11425] netlink: 12 bytes leftover after parsing attributes in process `syz.5.16267'. [ 1248.750304][ T30] audit: type=1326 audit(1763541247.507:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.16285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7fc00000 [ 1248.811885][ T30] audit: type=1326 audit(1763541247.507:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.16285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7fc00000 [ 1248.847060][ T30] audit: type=1326 audit(1763541247.507:1302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.16285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7fc00000 [ 1248.872103][ T30] audit: type=1326 audit(1763541247.507:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.16285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7fc00000 [ 1248.896298][T11457] fuse: Bad value for 'fd' [ 1248.905041][ T30] audit: type=1326 audit(1763541247.507:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.16285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7fc00000 [ 1248.927843][ T30] audit: type=1326 audit(1763541247.507:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.16285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7fc00000 [ 1248.965696][T11470] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 1248.974577][ T30] audit: type=1326 audit(1763541247.507:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.16285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7fc00000 [ 1249.048967][ T30] audit: type=1326 audit(1763541247.507:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.16285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7fc00000 [ 1249.144474][ T30] audit: type=1326 audit(1763541247.507:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.16285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7fc00000 [ 1249.231923][ T30] audit: type=1326 audit(1763541247.507:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.16285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7fc00000 [ 1249.597248][T11491] netlink: 536 bytes leftover after parsing attributes in process `syz.6.16298'. [ 1249.609068][T11491] netlink: 40 bytes leftover after parsing attributes in process `syz.6.16298'. [ 1249.895566][T11500] dummy0: entered allmulticast mode [ 1249.912643][T11497] dummy0: left allmulticast mode [ 1250.778605][T11541] fuse: Bad value for 'user_id' [ 1250.794125][T11541] fuse: Bad value for 'user_id' [ 1251.838787][T11584] usb usb8: usbfs: process 11584 (syz.8.16340) did not claim interface 0 before use [ 1252.205689][T11600] dns_resolver: Unsupported server list version (0) [ 1253.394399][T11631] netlink: 'syz.3.16363': attribute type 10 has an invalid length. [ 1253.431846][T11631] netlink: 40 bytes leftover after parsing attributes in process `syz.3.16363'. [ 1253.949472][T11647] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16371'. [ 1254.045029][T11653] binder: 11649:11653 ioctl c0306201 200000000940 returned -22 [ 1254.937774][T11683] netlink: 'syz.5.16388': attribute type 28 has an invalid length. [ 1256.767683][T11743] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1258.346674][T11802] binder: 11801:11802 ioctl c0306201 200000000100 returned -14 [ 1260.005238][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 1260.005250][ T30] audit: type=1326 audit(1763541258.787:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11837 comm="syz.3.16457" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff753f8f6c9 code=0x0 [ 1261.267616][T11870] tipc: Enabling of bearer rejected, failed to enable media [ 1261.827337][T11859] fuse: Bad value for 'group_id' [ 1261.841725][T11859] fuse: Bad value for 'group_id' [ 1262.588257][T11909] netlink: 'syz.8.16488': attribute type 11 has an invalid length. [ 1262.618543][T11909] netlink: 32 bytes leftover after parsing attributes in process `syz.8.16488'. [ 1262.942757][T11919] netlink: 5 bytes leftover after parsing attributes in process `syz.3.16493'. [ 1262.958993][T11919] 0{X: renamed from gretap0 (while UP) [ 1262.972677][T11921] netlink: 388 bytes leftover after parsing attributes in process `syz.8.16494'. [ 1263.005585][T11919] 0{X: entered allmulticast mode [ 1263.011323][T11919] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 1263.152733][ T8961] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 1263.311633][ T8961] usb 6-1: Using ep0 maxpacket: 16 [ 1263.324425][ T8961] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1263.343287][ T8961] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1263.355725][ T8961] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1263.377726][ T8961] usb 6-1: Product: syz [ 1263.390427][ T8961] usb 6-1: Manufacturer: syz [ 1263.403618][ T8961] usb 6-1: SerialNumber: syz [ 1263.433501][ T8961] usb 6-1: config 0 descriptor?? [ 1263.453865][ T8961] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1263.471003][ T8961] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 1264.070665][ T8961] em28xx 6-1:0.0: chip ID is em2765 [ 1264.306966][T11962] netlink: 24 bytes leftover after parsing attributes in process `syz.8.16511'. [ 1264.692113][ T8961] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1264.700875][ T8961] em28xx 6-1:0.0: board has no eeprom [ 1265.105343][T11994] netlink: 68 bytes leftover after parsing attributes in process `syz.3.16525'. [ 1265.525728][T12020] netlink: 8 bytes leftover after parsing attributes in process `syz.8.16533'. [ 1265.701652][T27584] usb 7-1: new high-speed USB device number 69 using dummy_hcd [ 1265.817426][T11917] em28xx 6-1:0.0: writing to i2c device at 0x0 failed (error=-5) [ 1265.853834][T27584] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1265.868241][T27584] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1265.879245][ T8961] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1265.893769][T27584] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1265.903822][ T8961] em28xx 6-1:0.0: dvb set to bulk mode. [ 1265.909472][T27570] em28xx 6-1:0.0: Binding DVB extension [ 1265.925964][T27584] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1265.934814][ T8961] usb 6-1: USB disconnect, device number 69 [ 1265.943306][ T8961] em28xx 6-1:0.0: Disconnecting em28xx [ 1265.954056][T27584] usb 7-1: config 0 descriptor?? [ 1265.994288][T27570] em28xx 6-1:0.0: Registering input extension [ 1266.000819][ T8961] em28xx 6-1:0.0: Closing input extension [ 1266.029486][ T8961] em28xx 6-1:0.0: Freeing device [ 1266.178879][T27584] usbhid 7-1:0.0: can't add hid device: -71 [ 1266.191645][T27584] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1266.202823][T27584] usb 7-1: USB disconnect, device number 69 [ 1268.022962][T12070] netlink: 'syz.6.16554': attribute type 63 has an invalid length. [ 1268.061239][T12070] netlink: 5 bytes leftover after parsing attributes in process `syz.6.16554'. [ 1270.262625][T12157] bridge0: port 1(hsr0) entered blocking state [ 1270.289505][T12157] bridge0: port 1(hsr0) entered disabled state [ 1270.309650][T12157] hsr0: entered allmulticast mode [ 1270.358884][T12157] hsr_slave_0: entered allmulticast mode [ 1270.376235][T12157] hsr_slave_1: entered allmulticast mode [ 1270.406437][T12157] hsr0: entered promiscuous mode [ 1270.431542][T12157] bridge0: port 1(hsr0) entered blocking state [ 1270.437885][T12157] bridge0: port 1(hsr0) entered forwarding state [ 1270.932023][T12166] netlink: 56 bytes leftover after parsing attributes in process `syz.6.16599'. [ 1271.396170][T12197] netlink: 388 bytes leftover after parsing attributes in process `syz.5.16611'. [ 1271.577478][T12207] netlink: 16 bytes leftover after parsing attributes in process `syz.8.16615'. [ 1271.620673][T12207] tipc: Enabling of bearer rejected, already enabled [ 1273.912170][T12273] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 1274.145137][T12282] netlink: 'syz.2.16647': attribute type 4 has an invalid length. [ 1274.178329][T12282] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.16647'. [ 1274.621991][T12300] netlink: 152 bytes leftover after parsing attributes in process `syz.5.16655'. [ 1275.578419][T12342] netlink: 20 bytes leftover after parsing attributes in process `syz.5.16675'. [ 1278.287109][ T30] audit: type=1326 audit(1763541277.067:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12464 comm="syz.6.16733" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x0 [ 1278.497698][T12471] netlink: 'syz.8.16736': attribute type 25 has an invalid length. [ 1279.813520][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1281.135914][T26373] IPVS: starting estimator thread 0... [ 1281.235818][T12586] IPVS: using max 30 ests per chain, 72000 per kthread [ 1282.755845][ T30] audit: type=1804 audit(1763541281.537:1318): pid=12638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.16816" name="/newroot/2885/file0" dev="fuse" ino=1 res=1 errno=0 [ 1283.170495][ T30] audit: type=1326 audit(1763541281.947:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12662 comm="syz.8.16829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1283.229757][ T30] audit: type=1326 audit(1763541281.977:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12662 comm="syz.8.16829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1283.308411][ T30] audit: type=1326 audit(1763541281.977:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12662 comm="syz.8.16829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1283.338502][ T30] audit: type=1326 audit(1763541281.977:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12662 comm="syz.8.16829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1283.364811][ T30] audit: type=1326 audit(1763541281.987:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12662 comm="syz.8.16829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1283.389021][ T30] audit: type=1326 audit(1763541281.987:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12662 comm="syz.8.16829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1283.486747][ T30] audit: type=1326 audit(1763541281.987:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12662 comm="syz.8.16829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1283.521110][ T30] audit: type=1326 audit(1763541281.987:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12662 comm="syz.8.16829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1283.548615][ T30] audit: type=1326 audit(1763541281.987:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12662 comm="syz.8.16829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1283.577283][ T30] audit: type=1326 audit(1763541281.987:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12662 comm="syz.8.16829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1283.663571][ T30] audit: type=1326 audit(1763541281.987:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12662 comm="syz.8.16829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1283.700656][T12681] netlink: 'syz.3.16838': attribute type 10 has an invalid length. [ 1283.740556][ T30] audit: type=1326 audit(1763541282.007:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12662 comm="syz.8.16829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1283.766262][T12681] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1283.795405][T12681] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1284.379252][T12699] netlink: 44 bytes leftover after parsing attributes in process `syz.5.16844'. [ 1284.420098][T12699] netlink: 59 bytes leftover after parsing attributes in process `syz.5.16844'. [ 1284.591848][T12699] netlink: 59 bytes leftover after parsing attributes in process `syz.5.16844'. [ 1285.000001][T12711] netlink: 'syz.3.16851': attribute type 2 has an invalid length. [ 1287.456647][T12783] x_tables: duplicate entry at hook 1 [ 1288.461435][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 1288.499916][ T30] audit: type=1326 audit(1763541287.237:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12830 comm="syz.6.16910" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x0 [ 1288.675090][ T30] audit: type=1326 audit(1763541287.457:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12838 comm="syz.5.16913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa51898f6c9 code=0x7ffc0000 [ 1288.761615][ T30] audit: type=1326 audit(1763541287.457:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12838 comm="syz.5.16913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa51898f6c9 code=0x7ffc0000 [ 1288.799134][ T30] audit: type=1326 audit(1763541287.457:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12838 comm="syz.5.16913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fa51898f6c9 code=0x7ffc0000 [ 1288.822612][ T30] audit: type=1326 audit(1763541287.457:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12838 comm="syz.5.16913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa51898f6c9 code=0x7ffc0000 [ 1288.846548][ T30] audit: type=1326 audit(1763541287.457:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12838 comm="syz.5.16913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa51898f6c9 code=0x7ffc0000 [ 1288.884190][ T30] audit: type=1326 audit(1763541287.457:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12838 comm="syz.5.16913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7fa51898f6c9 code=0x7ffc0000 [ 1288.961636][ T30] audit: type=1326 audit(1763541287.457:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12838 comm="syz.5.16913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa51898f6c9 code=0x7ffc0000 [ 1289.019898][ T30] audit: type=1326 audit(1763541287.457:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12838 comm="syz.5.16913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa51898f6c9 code=0x7ffc0000 [ 1289.043741][ T30] audit: type=1326 audit(1763541287.457:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12838 comm="syz.5.16913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fa51898f6c9 code=0x7ffc0000 [ 1289.531948][ T917] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 1289.703450][ T917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1289.715013][ T917] usb 4-1: New USB device found, idVendor=056a, idProduct=032f, bcdDevice= 0.00 [ 1289.751122][ T917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1289.786097][ T917] usb 4-1: config 0 descriptor?? [ 1289.794684][T12864] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1290.019182][ T917] usbhid 4-1:0.0: can't add hid device: -71 [ 1290.026586][ T917] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1290.147712][ T917] usb 4-1: USB disconnect, device number 37 [ 1291.393811][T12920] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16949'. [ 1291.783259][T12937] netlink: 12 bytes leftover after parsing attributes in process `syz.5.16956'. [ 1291.911842][T12939] netlink: 'syz.3.16957': attribute type 2 has an invalid length. [ 1291.919707][T12939] netlink: 1 bytes leftover after parsing attributes in process `syz.3.16957'. [ 1292.958443][T12989] netlink: 8 bytes leftover after parsing attributes in process `syz.5.16982'. [ 1293.583674][T13020] binder: binder_mmap: 13016 2000004cd000-2000004ce000 bad vm_flags failed -1 [ 1293.775664][T13032] netlink: 12 bytes leftover after parsing attributes in process `syz.2.17003'. [ 1293.981919][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 1293.981938][ T30] audit: type=1326 audit(1763541292.757:1383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13039 comm="syz.3.17006" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x0 [ 1294.504498][T13063] netlink: 84 bytes leftover after parsing attributes in process `syz.8.17017'. [ 1294.525970][T13063] netlink: 'syz.8.17017': attribute type 2 has an invalid length. [ 1294.536191][T13065] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17019'. [ 1294.557380][T13065] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17019'. [ 1294.557425][ T60] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1294.598303][T13068] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17019'. [ 1294.616125][ T60] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1294.647629][ T60] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1294.665055][ T60] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1294.687165][T13068] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17019'. [ 1294.750110][T13074] netlink: 'syz.8.17023': attribute type 4 has an invalid length. [ 1294.760004][T13074] netlink: 'syz.8.17023': attribute type 5 has an invalid length. [ 1296.718192][T13144] SET target dimension over the limit! [ 1296.966365][T13152] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1297.045675][T13154] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1297.539301][T13173] __nla_validate_parse: 1 callbacks suppressed [ 1297.539320][T13173] netlink: 12 bytes leftover after parsing attributes in process `syz.8.17070'. [ 1297.574688][T13176] netlink: 212360 bytes leftover after parsing attributes in process `syz.3.17072'. [ 1297.720286][T13173] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1298.540698][T13222] kvm: kvm [13221]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x40000034) = 0x8 [ 1298.558779][T13224] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1298.622851][T13228] netlink: 'syz.8.17096': attribute type 4 has an invalid length. [ 1298.661206][T13230] binder: binder_mmap: 13229 2000004cd000-2000004ce000 bad vm_flags failed -1 [ 1299.241383][T13253] netlink: 'syz.6.17107': attribute type 64 has an invalid length. [ 1299.270063][T13253] netlink: 5 bytes leftover after parsing attributes in process `syz.6.17107'. [ 1299.332614][T13253] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1299.454350][T13264] tipc: Enabling of bearer rejected, failed to enable media [ 1300.303492][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.314150][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1302.728461][T13374] netlink: 156 bytes leftover after parsing attributes in process `syz.3.17163'. [ 1303.400097][T13408] netlink: 'syz.5.17180': attribute type 4 has an invalid length. [ 1303.415566][T13408] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.17180'. [ 1303.674657][T13418] netlink: 9 bytes leftover after parsing attributes in process `syz.6.17184'. [ 1303.735068][T13418] gretap0: entered promiscuous mode [ 1303.750659][T13418] gretap0: left allmulticast mode [ 1304.472599][T13454] netlink: 'syz.5.17200': attribute type 16 has an invalid length. [ 1305.079743][T13467] netlink: 'syz.5.17206': attribute type 16 has an invalid length. [ 1305.101766][T13467] netlink: 64122 bytes leftover after parsing attributes in process `syz.5.17206'. [ 1306.612159][ T5888] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1306.786073][T13508] netlink: 12 bytes leftover after parsing attributes in process `syz.8.17224'. [ 1306.861844][T13512] netlink: 48 bytes leftover after parsing attributes in process `syz.3.17225'. [ 1307.081832][T26373] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1307.158355][T13520] tap1: tun_chr_ioctl cmd 1074025672 [ 1307.188112][T13520] tap1: ignored: set checksum enabled [ 1307.836324][T13551] netlink: 'syz.5.17244': attribute type 6 has an invalid length. [ 1307.845679][T13551] netlink: 'syz.5.17244': attribute type 4 has an invalid length. [ 1307.853720][T13551] netlink: 17 bytes leftover after parsing attributes in process `syz.5.17244'. [ 1309.867816][T13619] netlink: 'syz.3.17276': attribute type 13 has an invalid length. [ 1309.901993][T13619] netlink: 'syz.3.17276': attribute type 27 has an invalid length. [ 1309.963197][T13621] netlink: 16 bytes leftover after parsing attributes in process `syz.6.17277'. [ 1310.136612][T13631] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17281'. [ 1310.173417][T13631] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17281'. [ 1310.368601][T13641] netlink: 8 bytes leftover after parsing attributes in process `syz.6.17286'. [ 1310.391597][T27570] usb 9-1: new high-speed USB device number 49 using dummy_hcd [ 1310.566162][T27570] usb 9-1: Using ep0 maxpacket: 16 [ 1310.587609][T27570] usb 9-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1310.615359][T27570] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1310.632062][T27570] usb 9-1: Product: syz [ 1310.638793][T27570] usb 9-1: Manufacturer: syz [ 1310.644255][T27570] usb 9-1: SerialNumber: syz [ 1310.665056][T27570] r8152-cfgselector 9-1: Unknown version 0x0000 [ 1310.678263][T27570] r8152-cfgselector 9-1: config 0 descriptor?? [ 1310.761605][ T5888] usb 7-1: new high-speed USB device number 70 using dummy_hcd [ 1310.914675][T27570] r8152-cfgselector 9-1: Unknown version 0x0000 [ 1310.923634][ T5888] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1310.923857][T27570] r8152-cfgselector 9-1: bad CDC descriptors [ 1310.944400][ T5888] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1310.969035][ T5888] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1310.976526][T27570] r8152-cfgselector 9-1: USB disconnect, device number 49 [ 1311.033946][ T5888] usb 7-1: config 0 descriptor?? [ 1311.055049][ T5888] pwc: Askey VC010 type 2 USB webcam detected. [ 1311.452833][T13683] fuseblk: Bad value for 'fd' [ 1311.459867][ T5888] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1311.467778][ T5888] pwc: recv_control_msg error -32 req 02 val 2700 [ 1311.478120][ T5888] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1311.488475][ T5888] pwc: recv_control_msg error -32 req 04 val 1000 [ 1311.496898][ T5888] pwc: recv_control_msg error -32 req 04 val 1300 [ 1311.504739][ T5888] pwc: recv_control_msg error -32 req 04 val 1400 [ 1311.512732][ T5888] pwc: recv_control_msg error -32 req 02 val 2000 [ 1311.520061][ T5888] pwc: recv_control_msg error -32 req 02 val 2100 [ 1311.621886][T13690] trusted_key: encrypted_key: master key parameter is missing [ 1311.733472][ T5888] pwc: recv_control_msg error -71 req 02 val 2500 [ 1311.747308][ T5888] pwc: recv_control_msg error -71 req 02 val 2400 [ 1311.762872][ T5888] pwc: recv_control_msg error -71 req 02 val 2600 [ 1311.769952][ T5888] pwc: recv_control_msg error -71 req 02 val 2900 [ 1311.784338][ T5888] pwc: recv_control_msg error -71 req 02 val 2800 [ 1311.802223][ T5888] pwc: recv_control_msg error -71 req 04 val 1100 [ 1311.809219][ T5888] pwc: recv_control_msg error -71 req 04 val 1200 [ 1311.829202][ T5888] pwc: Registered as video103. [ 1311.861092][ T5888] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input149 [ 1311.939330][ T5888] usb 7-1: USB disconnect, device number 70 [ 1312.289288][ T30] audit: type=1326 audit(1763541311.067:1384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13713 comm="syz.8.17322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1312.316948][ T30] audit: type=1326 audit(1763541311.067:1385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13713 comm="syz.8.17322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1312.420507][ T30] audit: type=1326 audit(1763541311.067:1386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13713 comm="syz.8.17322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1313.466839][T13756] netlink: 8 bytes leftover after parsing attributes in process `syz.8.17342'. [ 1313.529116][T13756] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1314.006143][T13782] netlink: 72 bytes leftover after parsing attributes in process `syz.3.17355'. [ 1314.470529][T13807] binder: 13806:13807 ioctl c0306201 200000004a40 returned -22 [ 1315.474545][T13844] netlink: 8 bytes leftover after parsing attributes in process `syz.6.17383'. [ 1316.017877][T13862] netlink: 20 bytes leftover after parsing attributes in process `syz.6.17393'. [ 1316.134943][ T5888] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 1316.310608][ T5888] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1316.331602][ T5888] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1316.361980][ T5888] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 1316.381928][ T5888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1316.422800][ T5888] usb 6-1: config 0 descriptor?? [ 1316.844660][ T5888] cm6533_jd 0003:0D8C:0022.0052: unknown main item tag 0x0 [ 1316.868141][ T5888] cm6533_jd 0003:0D8C:0022.0052: unknown main item tag 0x0 [ 1316.888350][ T5888] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0D8C:0022.0052/input/input150 [ 1316.937792][ T5888] cm6533_jd 0003:0D8C:0022.0052: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.5-1/input0 [ 1317.067492][ T5888] usb 6-1: USB disconnect, device number 70 [ 1317.098676][T13902] fido_id[13902]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory [ 1317.329919][T13914] netlink: 'syz.6.17417': attribute type 13 has an invalid length. [ 1317.425792][ T30] audit: type=1326 audit(1763541316.207:1387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13919 comm="syz.3.17420" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x0 [ 1318.473261][T13956] netlink: 'syz.2.17436': attribute type 11 has an invalid length. [ 1320.583255][T14027] binder: 14025:14027 ioctl c018620b 0 returned -14 [ 1320.617702][T14030] netlink: 20 bytes leftover after parsing attributes in process `syz.8.17471'. [ 1322.013706][T14065] netlink: 628 bytes leftover after parsing attributes in process `syz.3.17486'. [ 1323.163494][T14117] pim6reg1: entered promiscuous mode [ 1323.168838][T14117] pim6reg1: entered allmulticast mode [ 1323.517446][T14129] netlink: 44 bytes leftover after parsing attributes in process `syz.6.17519'. [ 1323.602841][T14137] netlink: 'syz.8.17523': attribute type 13 has an invalid length. [ 1323.619241][T14137] netlink: 'syz.8.17523': attribute type 17 has an invalid length. [ 1323.740734][T14137] 8021q: adding VLAN 0 to HW filter on device team0 [ 1323.793134][T14137] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1324.017829][T14153] netlink: 12 bytes leftover after parsing attributes in process `syz.2.17530'. [ 1324.056498][T14153] netlink: 20 bytes leftover after parsing attributes in process `syz.2.17530'. [ 1324.100399][ T30] audit: type=1326 audit(1763541322.877:1388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14159 comm="syz.3.17534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1324.183437][ T30] audit: type=1326 audit(1763541322.877:1389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14159 comm="syz.3.17534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1324.283252][ T30] audit: type=1326 audit(1763541322.877:1390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14159 comm="syz.3.17534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1324.370795][ T30] audit: type=1326 audit(1763541322.877:1391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14159 comm="syz.3.17534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1324.464169][ T30] audit: type=1326 audit(1763541322.877:1392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14159 comm="syz.3.17534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1324.520695][ T30] audit: type=1326 audit(1763541322.877:1393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14159 comm="syz.3.17534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1324.641887][ T30] audit: type=1326 audit(1763541322.877:1394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14159 comm="syz.3.17534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1324.665432][ T30] audit: type=1326 audit(1763541322.877:1395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14159 comm="syz.3.17534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1324.721725][ T30] audit: type=1326 audit(1763541322.877:1396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14159 comm="syz.3.17534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1324.744678][ T30] audit: type=1326 audit(1763541322.877:1397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14159 comm="syz.3.17534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1326.202855][T14224] tipc: Started in network mode [ 1326.208418][T14224] tipc: Node identity ac14142f, cluster identity 4711 [ 1326.233731][T14224] tipc: New replicast peer: 0.0.0.0 [ 1326.240185][T14224] tipc: Enabled bearer , priority 10 [ 1326.962889][T14251] netlink: 32 bytes leftover after parsing attributes in process `syz.5.17576'. [ 1327.351619][ T5888] tipc: Node number set to 2886997039 [ 1327.698635][T14279] bridge0: port 2(bridge_slave_1) entered disabled state [ 1327.706458][T14279] bridge0: port 1(bridge_slave_0) entered disabled state [ 1328.164747][T14301] kvm: pic: non byte write [ 1328.222808][T14279] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1328.245740][T14279] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1328.568771][T14320] netlink: 4 bytes leftover after parsing attributes in process `syz.6.17609'. [ 1328.870130][ T8828] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1328.891968][ T8828] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1328.970200][ T8828] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1329.010402][ T8828] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1329.690965][T14377] syzkaller0: entered promiscuous mode [ 1329.697263][T14377] syzkaller0: entered allmulticast mode [ 1330.100731][T14388] CUSE: unknown device info "" [ 1330.131965][T14388] CUSE: zero length info key specified [ 1330.138872][ T917] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1330.316258][T14403] netlink: 'syz.8.17646': attribute type 1 has an invalid length. [ 1330.324977][T14403] netlink: 'syz.8.17646': attribute type 2 has an invalid length. [ 1330.334050][T14403] netlink: 20 bytes leftover after parsing attributes in process `syz.8.17646'. [ 1330.371804][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1330.382178][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1330.392516][ T8827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1330.963111][T14428] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1330.990546][T14428] kvm: pic: non byte read [ 1331.005748][T14428] kvm: pic: level sensitive irq not supported [ 1331.005907][T14428] kvm: pic: non byte read [ 1331.084142][T14428] kvm: pic: level sensitive irq not supported [ 1331.084230][T14428] kvm: pic: non byte read [ 1331.137505][T14428] kvm: pic: level sensitive irq not supported [ 1331.137592][T14428] kvm: pic: non byte read [ 1331.197314][ T917] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1331.411619][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1331.420324][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1332.223183][ T917] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1332.366318][T14477] netlink: 'syz.3.17677': attribute type 13 has an invalid length. [ 1332.387087][T14477] netlink: 'syz.3.17677': attribute type 17 has an invalid length. [ 1332.451707][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1332.461147][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1332.943187][T14485] tipc: Started in network mode [ 1332.962595][T14485] tipc: Node identity ac14140f, cluster identity 4711 [ 1332.981957][T14485] tipc: New replicast peer: 255.255.255.255 [ 1332.988585][T14485] tipc: Enabled bearer , priority 10 [ 1334.111630][T27584] tipc: Node number set to 2886997007 [ 1334.609779][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 1334.609799][ T30] audit: type=1326 audit(1763541333.387:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14573 comm="syz.8.17721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1334.615195][T14575] netlink: 16 bytes leftover after parsing attributes in process `syz.5.17720'. [ 1334.627822][ T30] audit: type=1326 audit(1763541333.387:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14573 comm="syz.8.17721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1334.724372][ T30] audit: type=1326 audit(1763541333.397:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14573 comm="syz.8.17721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1334.748555][ T30] audit: type=1326 audit(1763541333.397:1418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14573 comm="syz.8.17721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1334.775473][ T30] audit: type=1326 audit(1763541333.397:1419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14573 comm="syz.8.17721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1334.869872][T14583] netlink: 104 bytes leftover after parsing attributes in process `syz.5.17725'. [ 1335.340888][ T5888] net_ratelimit: 10 callbacks suppressed [ 1335.340907][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1335.438318][T14609] netlink: 20 bytes leftover after parsing attributes in process `syz.5.17736'. [ 1335.571611][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1335.582244][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1335.663060][T14620] netlink: 'syz.2.17742': attribute type 13 has an invalid length. [ 1335.692577][T14620] netlink: 'syz.2.17742': attribute type 17 has an invalid length. [ 1335.869371][T14620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1335.878987][T14620] 8021q: adding VLAN 0 to HW filter on device team0 [ 1335.938287][T14620] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1336.133185][ T8827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1336.290301][ T30] audit: type=1326 audit(1763541335.067:1420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14650 comm="syz.6.17754" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x0 [ 1336.381291][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1336.397797][ T8828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1336.407408][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1336.416944][ T5823] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1336.611665][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1337.354911][T14671] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1337.409224][T14671] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1337.444487][T14671] bridge0: port 1(hsr0) entered disabled state [ 1337.458670][T14671] bridge0: port 1(hsr0) entered disabled state [ 1337.971891][ T36] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1338.002636][ T36] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1338.045943][ T36] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1338.059506][ T36] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1338.070150][ T36] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1338.131233][ T36] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1338.155681][ T36] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1338.175470][ T36] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1338.698879][T14737] netlink: 44 bytes leftover after parsing attributes in process `syz.2.17794'. [ 1338.723352][T27584] usb 7-1: new high-speed USB device number 71 using dummy_hcd [ 1338.895179][T27584] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1338.919363][T27584] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1338.975185][T27584] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1339.000990][T27584] usb 7-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 1339.049090][T27584] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1339.068736][T27584] usb 7-1: Product: syz [ 1339.076830][T27584] usb 7-1: Manufacturer: syz [ 1339.089670][T27584] usb 7-1: SerialNumber: syz [ 1339.110301][T27584] usb 7-1: config 0 descriptor?? [ 1339.126919][T14731] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1339.343406][T27584] powermate: unknown product id 0240 [ 1339.348828][T27584] powermate: Expected payload of 3--6 bytes, found 1024 bytes! [ 1339.389152][T27584] input: Griffin SoundKnob as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input151 [ 1339.531208][T14775] netlink: 8 bytes leftover after parsing attributes in process `syz.8.17811'. [ 1339.541013][T14775] erspan0: default FDB implementation only supports local addresses [ 1339.712012][ T5888] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 1339.773631][ C1] powermate: config urb returned -71 [ 1339.774149][ T917] usb 7-1: USB disconnect, device number 71 [ 1339.779053][ C1] powermate: usb_submit_urb(config) failed [ 1339.785434][ C1] powermate 7-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 1339.871816][ T5888] usb 6-1: Using ep0 maxpacket: 16 [ 1339.879318][ T5888] usb 6-1: config 0 has an invalid interface number: 126 but max is 0 [ 1339.892257][ T5888] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1339.921676][ T5888] usb 6-1: config 0 has no interface number 0 [ 1339.938151][ T5888] usb 6-1: config 0 interface 126 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1339.952073][ T5888] usb 6-1: config 0 interface 126 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1339.967586][ T5888] usb 6-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88 [ 1339.978861][ T5888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1339.993223][ T5888] usb 6-1: config 0 descriptor?? [ 1340.003843][ T5888] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1340.109214][ T6183] udevd[6183]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.126/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1340.130186][ T5888] snd-usb-audio 6-1:0.126: probe with driver snd-usb-audio failed with error -2 [ 1340.223070][ T5888] usb 6-1: USB disconnect, device number 71 [ 1341.995820][T14868] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17853'. [ 1342.875716][T14900] IPv6: A: Disabled Multicast RS [ 1344.082257][T14954] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5) [ 1344.088822][T14954] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1344.136098][T14954] vhci_hcd vhci_hcd.0: Device attached [ 1344.156488][T14956] vhci_hcd: connection closed [ 1344.157721][ T36] vhci_hcd: stop threads [ 1344.173772][ T36] vhci_hcd: release socket [ 1344.209970][ T36] vhci_hcd: disconnect device [ 1344.789186][T14965] netlink: 76 bytes leftover after parsing attributes in process `syz.2.17895'. [ 1345.065800][T15002] misc userio: No port type given on /dev/userio [ 1345.957476][T15038] netlink: 'syz.2.17930': attribute type 64 has an invalid length. [ 1345.976817][T15038] netlink: 5 bytes leftover after parsing attributes in process `syz.2.17930'. [ 1346.015078][T15038] gretap0: entered allmulticast mode [ 1346.021331][T15038] net_ratelimit: 1 callbacks suppressed [ 1346.021350][T15038] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1346.482270][T15061] bridge0: port 1(erspan0) entered disabled state [ 1347.468191][ T30] audit: type=1326 audit(1763541346.247:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15091 comm="syz.3.17954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1347.538866][ T30] audit: type=1326 audit(1763541346.247:1422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15091 comm="syz.3.17954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1347.631630][ T30] audit: type=1326 audit(1763541346.247:1423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15091 comm="syz.3.17954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1347.723326][ T30] audit: type=1326 audit(1763541346.247:1424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15091 comm="syz.3.17954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1347.771585][ T30] audit: type=1326 audit(1763541346.247:1425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15091 comm="syz.3.17954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1347.844189][ T30] audit: type=1326 audit(1763541346.247:1426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15091 comm="syz.3.17954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1347.938512][ T30] audit: type=1326 audit(1763541346.247:1427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15091 comm="syz.3.17954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1349.262959][ T30] audit: type=1326 audit(1763541348.037:1428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15172 comm="syz.5.17989" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa51898f6c9 code=0x0 [ 1350.294794][ T8960] hid-generic 00AB:0804:0005.0053: unknown main item tag 0x7 [ 1350.303546][ T8960] hid-generic 00AB:0804:0005.0053: item fetching failed at offset 2/4 [ 1350.312909][ T8960] hid-generic 00AB:0804:0005.0053: probe with driver hid-generic failed with error -22 [ 1352.725461][T15282] netlink: 280 bytes leftover after parsing attributes in process `syz.6.18033'. [ 1352.728594][T15283] netlink: 8 bytes leftover after parsing attributes in process `syz.8.18034'. [ 1353.150037][T15296] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1353.733216][T15326] netlink: 'syz.8.18053': attribute type 4 has an invalid length. [ 1353.772276][T15326] netlink: 17 bytes leftover after parsing attributes in process `syz.8.18053'. [ 1355.141375][T15380] netlink: 136 bytes leftover after parsing attributes in process `syz.3.18079'. [ 1355.153434][T15380] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1356.480285][T15435] team0: entered allmulticast mode [ 1356.501663][T15435] team_slave_0: entered allmulticast mode [ 1356.509726][T15435] team_slave_1: entered allmulticast mode [ 1357.413586][ T5888] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1357.581651][ T5888] usb 4-1: Using ep0 maxpacket: 16 [ 1357.599013][ T5888] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1357.619015][ T5888] usb 4-1: config 1 has no interface number 1 [ 1357.661693][ T5888] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1357.686204][ T5888] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1357.710099][ T5888] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1357.717752][T15482] netlink: 36 bytes leftover after parsing attributes in process `syz.8.18127'. [ 1357.741686][ T5888] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1357.751306][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1357.768191][T15482] netlink: 76 bytes leftover after parsing attributes in process `syz.8.18127'. [ 1357.772663][ T5888] usb 4-1: Product: syz [ 1357.790950][ T5888] usb 4-1: Manufacturer: syz [ 1357.796461][ T5888] usb 4-1: SerialNumber: syz [ 1358.039216][ T5888] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1358.111632][ T5888] usb 4-1: USB disconnect, device number 38 [ 1359.428772][T15566] loop5: detected capacity change from 0 to 7 [ 1359.594538][T15566] Dev loop5: unable to read RDB block 7 [ 1359.601743][T15566] loop5: unable to read partition table [ 1359.621959][T15566] loop5: partition table beyond EOD, truncated [ 1359.628321][T15566] loop_reread_partitions: partition scan of loop5 () failed (rc=-5) [ 1359.677610][T15574] netlink: 72 bytes leftover after parsing attributes in process `syz.8.18173'. [ 1360.092085][T27583] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 1360.274206][T27583] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1360.323896][T27583] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1360.360578][T27583] usb 4-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 1360.408801][T27583] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1360.442662][T27583] usb 4-1: config 0 descriptor?? [ 1360.808979][T27583] usbhid 4-1:0.0: can't add hid device: -71 [ 1360.821807][T27583] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1360.844843][T27583] usb 4-1: USB disconnect, device number 39 [ 1360.876822][T15611] netlink: 8 bytes leftover after parsing attributes in process `syz.8.18191'. [ 1360.992713][T15615] netlink: 36 bytes leftover after parsing attributes in process `syz.6.18193'. [ 1361.736687][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.743999][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1363.573862][T15731] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1364.571606][ T917] usb 9-1: new high-speed USB device number 50 using dummy_hcd [ 1364.724193][ T917] usb 9-1: config index 0 descriptor too short (expected 45, got 36) [ 1364.737039][ T917] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1364.770949][ T917] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1364.787040][ T917] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1364.799132][ T917] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1364.816638][ T917] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1364.839645][ T917] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1364.861840][ T917] usb 9-1: config 0 descriptor?? [ 1364.871331][T15764] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 1365.098448][ T917] usbhid 9-1:0.0: can't add hid device: -71 [ 1365.135469][ T917] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 1365.164682][ T917] usb 9-1: USB disconnect, device number 50 [ 1365.970432][ T30] audit: type=1326 audit(1763541364.747:1429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15793 comm="syz.6.18278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x7fc00000 [ 1366.668751][T15868] netlink: 4 bytes leftover after parsing attributes in process `syz.5.18311'. [ 1368.205910][T15897] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1368.213187][T15897] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1368.219611][T15897] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1368.226216][T15897] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1368.471655][T27583] usb 7-1: new high-speed USB device number 72 using dummy_hcd [ 1368.603700][T15936] netlink: 388 bytes leftover after parsing attributes in process `syz.5.18344'. [ 1368.653708][T27583] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1368.672433][T27583] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1368.698124][T27583] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1368.729173][T27583] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1368.754060][T27583] usb 7-1: config 0 descriptor?? [ 1368.869120][T15946] netlink: 40 bytes leftover after parsing attributes in process `syz.3.18348'. [ 1368.974055][ C1] raw-gadget.0 gadget.6: ignoring, device is not running [ 1368.982724][T27583] usb 7-1: string descriptor 0 read error: -71 [ 1368.990900][T27583] usb 7-1: USB disconnect, device number 72 [ 1369.447766][T15970] sctp: [Deprecated]: syz.8.18359 (pid 15970) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1369.447766][T15970] Use struct sctp_sack_info instead [ 1369.572553][ T432] Bluetooth: hci4: command 0x0406 tx timeout [ 1369.843980][T15984] netlink: 'syz.8.18366': attribute type 28 has an invalid length. [ 1370.291957][ T432] Bluetooth: hci0: command 0x0419 tx timeout [ 1370.298655][ T432] Bluetooth: hci2: command 0x0c1a tx timeout [ 1370.306011][ T432] Bluetooth: hci1: command 0x0c1a tx timeout [ 1370.409970][T16017] netlink: 388 bytes leftover after parsing attributes in process `syz.5.18380'. [ 1370.512452][T16023] netlink: 8 bytes leftover after parsing attributes in process `syz.8.18382'. [ 1370.729916][T16032] netlink: 8 bytes leftover after parsing attributes in process `syz.6.18385'. [ 1371.034311][T16047] netlink: 'syz.2.18393': attribute type 4 has an invalid length. [ 1371.071775][T16047] netlink: 'syz.2.18393': attribute type 5 has an invalid length. [ 1371.079637][T16047] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.18393'. [ 1372.303936][ T30] audit: type=1326 audit(1763541371.087:1430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16094 comm="syz.3.18415" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff753f8f6c9 code=0x0 [ 1373.605852][T16151] netlink: 44 bytes leftover after parsing attributes in process `syz.5.18443'. [ 1373.711597][ T5888] usb 9-1: new high-speed USB device number 51 using dummy_hcd [ 1373.895557][ T5888] usb 9-1: config 15 has an invalid descriptor of length 224, skipping remainder of the config [ 1373.914259][ T5888] usb 9-1: config 15 has 0 interfaces, different from the descriptor's value: 1 [ 1373.936277][ T5888] usb 9-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00 [ 1373.976529][ T5888] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1374.390692][ T5888] usb 9-1: string descriptor 0 read error: -71 [ 1374.430836][ T5888] usb 9-1: USB disconnect, device number 51 [ 1374.630046][T16171] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 1374.669527][T16197] netlink: 'syz.2.18464': attribute type 46 has an invalid length. [ 1374.687290][T16197] netlink: 44 bytes leftover after parsing attributes in process `syz.2.18464'. [ 1375.283791][T16228] netlink: 'syz.2.18478': attribute type 1 has an invalid length. [ 1375.466413][T16232] bond1: (slave vcan0): The slave device specified does not support setting the MAC address [ 1375.520812][T16232] bond1: (slave vcan0): Setting fail_over_mac to active for active-backup mode [ 1375.593746][T16232] bond1: (slave vcan0): making interface the new active one [ 1375.646221][T16232] bond1: (slave vcan0): Enslaving as an active interface with an up link [ 1375.655472][T16236] bond1: entered allmulticast mode [ 1375.672281][T16236] vcan0: entered allmulticast mode [ 1376.041728][T27583] usb 9-1: new high-speed USB device number 52 using dummy_hcd [ 1376.202279][T27583] usb 9-1: Using ep0 maxpacket: 32 [ 1376.210138][T27583] usb 9-1: config 0 has an invalid interface number: 67 but max is 0 [ 1376.221037][T27583] usb 9-1: config 0 has no interface number 0 [ 1376.235001][T27583] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1376.251724][T27583] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1376.270190][ T8960] usb 4-1: new full-speed USB device number 40 using dummy_hcd [ 1376.280480][T27583] usb 9-1: Product: syz [ 1376.290387][T27583] usb 9-1: Manufacturer: syz [ 1376.301666][T27583] usb 9-1: SerialNumber: syz [ 1376.317664][T27583] usb 9-1: config 0 descriptor?? [ 1376.337892][T27583] smsc95xx v2.0.0 [ 1376.434980][ T8960] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1376.449681][ T8960] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1376.463286][ T8960] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 1376.465464][T16270] fuse: Bad value for 'fd' [ 1376.480604][ T8960] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1376.500311][ T8960] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1376.536479][ T8960] usb 4-1: Product: syz [ 1376.552791][ T8960] usb 4-1: Manufacturer: syz [ 1376.561379][ T8960] usb 4-1: SerialNumber: syz [ 1376.577478][T16254] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1376.589981][ T8960] usb 4-1: selecting invalid altsetting 1 [ 1376.609539][T16272] netlink: 72 bytes leftover after parsing attributes in process `syz.6.18497'. [ 1376.753671][T27583] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1376.770794][T27583] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1376.950034][T16286] netlink: 'syz.2.18504': attribute type 64 has an invalid length. [ 1376.959288][T16286] netlink: 5 bytes leftover after parsing attributes in process `syz.2.18504'. [ 1376.968472][ T5888] usb 7-1: new high-speed USB device number 73 using dummy_hcd [ 1377.002681][ T8960] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 1377.018461][ T8960] cdc_ncm 4-1:1.0: bind() failure [ 1377.053531][ T8960] usb 4-1: USB disconnect, device number 40 [ 1377.152732][ T5888] usb 7-1: Using ep0 maxpacket: 16 [ 1377.160294][ T5888] usb 7-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1377.190634][ T5888] usb 7-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 1377.211915][ T5888] usb 7-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1377.226422][ T5888] usb 7-1: config 1 interface 0 has no altsetting 0 [ 1377.243607][ T5888] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1377.259621][ T5888] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1377.270015][ T5888] usb 7-1: Product: syz [ 1377.298381][ T5888] usb 7-1: Manufacturer: syz [ 1377.312069][ T5888] usb 7-1: SerialNumber: syz [ 1377.563517][ T5888] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 73 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 1377.600914][ T5888] usb 7-1: USB disconnect, device number 73 [ 1377.634239][ T5888] usblp0: removed [ 1377.910810][T16317] xt_hashlimit: max too large, truncated to 1048576 [ 1377.918088][T16317] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 1378.132800][T16329] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18524'. [ 1378.142525][T16329] netlink: 16 bytes leftover after parsing attributes in process `syz.2.18524'. [ 1378.296284][ T30] audit: type=1800 audit(1763541377.077:1431): pid=16338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.18527" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0 [ 1378.400511][T27583] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000038: -71 [ 1378.427117][T27583] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -71 [ 1378.482998][T27583] usb 9-1: USB disconnect, device number 52 [ 1379.859028][T16409] netlink: 'syz.5.18562': attribute type 28 has an invalid length. [ 1380.294675][T16431] qrtr: Invalid version 0 [ 1380.467430][T16438] netlink: 'syz.6.18574': attribute type 16 has an invalid length. [ 1380.482956][T16438] netlink: 64130 bytes leftover after parsing attributes in process `syz.6.18574'. [ 1380.748503][T16454] netlink: 12 bytes leftover after parsing attributes in process `syz.8.18581'. [ 1380.811898][T16454] netlink: 40 bytes leftover after parsing attributes in process `syz.8.18581'. [ 1381.329775][T16479] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 1381.849095][T16506] input: syz0 as /devices/virtual/input/input155 [ 1382.592576][T16534] netlink: 12 bytes leftover after parsing attributes in process `syz.8.18618'. [ 1382.630245][T16534] netlink: 16 bytes leftover after parsing attributes in process `syz.8.18618'. [ 1384.628148][T16600] trusted_key: encrypted_key: master key parameter 'trusted:' is invalid [ 1385.691252][T16648] netlink: 36 bytes leftover after parsing attributes in process `syz.5.18667'. [ 1385.914983][T16655] netlink: 48 bytes leftover after parsing attributes in process `syz.2.18670'. [ 1386.555163][T16682] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18683'. [ 1387.517669][T16737] netlink: 52 bytes leftover after parsing attributes in process `syz.8.18709'. [ 1387.876571][T16755] netlink: 8 bytes leftover after parsing attributes in process `syz.5.18719'. [ 1388.018883][T16766] trusted_key: encrypted_key: insufficient parameters specified [ 1388.511852][ T917] hid-generic 0003:0004:0000.0054: unknown main item tag 0x0 [ 1388.525489][ T917] hid-generic 0003:0004:0000.0054: unknown main item tag 0x0 [ 1388.551966][ T917] hid-generic 0003:0004:0000.0054: unknown main item tag 0x0 [ 1388.565317][ T917] hid-generic 0003:0004:0000.0054: unknown main item tag 0x0 [ 1388.577674][ T917] hid-generic 0003:0004:0000.0054: unknown main item tag 0x0 [ 1388.585774][ T917] hid-generic 0003:0004:0000.0054: unknown main item tag 0x0 [ 1388.597063][ T917] hid-generic 0003:0004:0000.0054: unknown main item tag 0x0 [ 1388.605140][ T917] hid-generic 0003:0004:0000.0054: unknown main item tag 0x0 [ 1388.613885][ T917] hid-generic 0003:0004:0000.0054: unknown main item tag 0x0 [ 1388.621320][ T917] hid-generic 0003:0004:0000.0054: unknown main item tag 0x0 [ 1388.625255][T16797] trusted_key: encrypted_key: insufficient parameters specified [ 1388.637926][ T917] hid-generic 0003:0004:0000.0054: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 1388.706723][T16798] fido_id[16798]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1388.853853][T16804] netlink: 'syz.5.18742': attribute type 1 has an invalid length. [ 1388.936344][T16804] bond4: (slave ip6gretap0): Enslaving as a backup interface with an up link [ 1388.987635][T16804] netlink: 28 bytes leftover after parsing attributes in process `syz.5.18742'. [ 1389.036448][T16804] bond4 (unregistering): (slave ip6gretap0): Releasing backup interface [ 1389.068025][T16804] bond4 (unregistering): Released all slaves [ 1389.514524][T16835] netlink: 12 bytes leftover after parsing attributes in process `syz.6.18754'. [ 1389.611433][T16839] netlink: 20 bytes leftover after parsing attributes in process `syz.5.18757'. [ 1389.816106][ T30] audit: type=1326 audit(1763541388.597:1432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.18745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7fc00000 [ 1389.856696][T16849] netlink: 'syz.5.18762': attribute type 1 has an invalid length. [ 1389.868139][T16849] netlink: 'syz.5.18762': attribute type 1 has an invalid length. [ 1389.876246][T16849] netlink: 24 bytes leftover after parsing attributes in process `syz.5.18762'. [ 1389.913780][ T30] audit: type=1326 audit(1763541388.597:1433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.18745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff753f8f6c9 code=0x7fc00000 [ 1389.938920][ T30] audit: type=1326 audit(1763541388.597:1434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.18745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7fc00000 [ 1389.962235][ T30] audit: type=1326 audit(1763541388.597:1435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.18745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7fc00000 [ 1389.987182][ T30] audit: type=1326 audit(1763541388.597:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.18745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7fc00000 [ 1390.039084][ T30] audit: type=1326 audit(1763541388.597:1437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.18745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7fc00000 [ 1390.111931][ T30] audit: type=1326 audit(1763541388.597:1438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.18745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7fc00000 [ 1390.135710][ T30] audit: type=1326 audit(1763541388.597:1439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.18745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7fc00000 [ 1390.160745][ T30] audit: type=1326 audit(1763541388.597:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.18745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7fc00000 [ 1390.186424][ T30] audit: type=1326 audit(1763541388.597:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16812 comm="syz.3.18745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7fc00000 [ 1390.252826][T16863] netlink: 'syz.6.18769': attribute type 16 has an invalid length. [ 1390.281612][T16863] netlink: 'syz.6.18769': attribute type 2 has an invalid length. [ 1390.290088][T16863] netlink: 64094 bytes leftover after parsing attributes in process `syz.6.18769'. [ 1390.477780][T16874] netlink: 'syz.3.18775': attribute type 4 has an invalid length. [ 1390.490761][T16874] .`: renamed from bond0 [ 1390.502930][T16875] netlink: 'syz.6.18774': attribute type 5 has an invalid length. [ 1390.630881][T16881] netlink: 'syz.6.18779': attribute type 21 has an invalid length. [ 1391.454814][T16923] pim6reg1: entered promiscuous mode [ 1391.472056][T16923] pim6reg1: entered allmulticast mode [ 1391.719339][T16936] fuse: Unknown parameter '&' [ 1393.202246][T27583] usb 9-1: new high-speed USB device number 53 using dummy_hcd [ 1393.402143][T27583] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1393.424703][T27583] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1393.466313][T27583] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1393.494977][T27583] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1393.511938][T16999] __nla_validate_parse: 1 callbacks suppressed [ 1393.511957][T16999] netlink: 188 bytes leftover after parsing attributes in process `syz.6.18833'. [ 1393.532847][T27583] usb 9-1: config 0 descriptor?? [ 1393.573563][T17000] netlink: 188 bytes leftover after parsing attributes in process `syz.2.18834'. [ 1393.969769][T27583] cp2112 0003:10C4:EA90.0055: item fetching failed at offset 5/7 [ 1394.010100][T27583] cp2112 0003:10C4:EA90.0055: parse failed [ 1394.028428][T27583] cp2112 0003:10C4:EA90.0055: probe with driver cp2112 failed with error -22 [ 1394.421853][ T917] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 1394.593634][ T917] usb 6-1: config 0 has too many interfaces: 204, using maximum allowed: 32 [ 1394.602711][ T917] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 204 [ 1394.627079][ T917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1394.651603][ T917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1394.673946][ T917] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1394.702497][ T917] usb 6-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 1394.713430][ T917] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1394.729285][ T917] usb 6-1: config 0 descriptor?? [ 1394.789826][T17054] atomic_op ffff88801c7e6998 conn xmit_atomic 0000000000000000 [ 1394.915869][T17059] binder: BINDER_SET_CONTEXT_MGR already set [ 1394.927830][T17059] binder: 17058:17059 ioctl 40046207 0 returned -16 [ 1395.207269][ T917] input: HID 28bd:0909 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:28BD:0909.0056/input/input156 [ 1395.309579][ T917] uclogic 0003:28BD:0909.0056: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0909] on usb-dummy_hcd.5-1/input0 [ 1395.458378][ T917] usb 6-1: USB disconnect, device number 72 [ 1395.482508][T17075] fido_id[17075]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory [ 1395.890795][T17102] netlink: 12 bytes leftover after parsing attributes in process `syz.6.18883'. [ 1395.967129][T27583] usb 9-1: USB disconnect, device number 53 [ 1398.060227][T17185] netlink: 'syz.6.18921': attribute type 21 has an invalid length. [ 1398.068483][T17185] netlink: 128 bytes leftover after parsing attributes in process `syz.6.18921'. [ 1398.078889][T17185] netlink: 'syz.6.18921': attribute type 6 has an invalid length. [ 1398.090362][T17187] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18922'. [ 1398.107442][T17185] netlink: 3 bytes leftover after parsing attributes in process `syz.6.18921'. [ 1398.257628][T17193] netlink: 20 bytes leftover after parsing attributes in process `syz.2.18925'. [ 1398.572506][ T917] usb 9-1: new high-speed USB device number 54 using dummy_hcd [ 1398.742882][ T917] usb 9-1: Using ep0 maxpacket: 32 [ 1398.764916][ T917] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 1398.780239][ T917] usb 9-1: config 0 has no interface number 0 [ 1398.789249][ T917] usb 9-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1398.813218][ T917] usb 9-1: config 0 interface 1 has no altsetting 0 [ 1398.827496][ T917] usb 9-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 1398.840775][ T917] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1398.849316][ T917] usb 9-1: Product: syz [ 1398.855144][ T917] usb 9-1: Manufacturer: syz [ 1398.879774][ T917] usb 9-1: SerialNumber: syz [ 1398.895235][ T917] usb 9-1: config 0 descriptor?? [ 1399.015960][T17235] netlink: 'syz.3.18945': attribute type 1 has an invalid length. [ 1399.042745][T17235] netlink: 'syz.3.18945': attribute type 2 has an invalid length. [ 1399.127778][ T917] cx231xx 9-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 1399.153122][ T917] cx231xx 9-1:0.1: Failed to read PCB config [ 1399.166544][ T917] cx231xx 9-1:0.1: probe with driver cx231xx failed with error -71 [ 1399.196452][ T917] usb 9-1: USB disconnect, device number 54 [ 1399.264866][T17245] netlink: 'syz.3.18950': attribute type 4 has an invalid length. [ 1399.651595][ T917] usb 9-1: new high-speed USB device number 55 using dummy_hcd [ 1399.841772][ T917] usb 9-1: Using ep0 maxpacket: 32 [ 1399.852236][ T917] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 1399.870606][ T917] usb 9-1: config 0 has no interface number 0 [ 1399.877399][ T917] usb 9-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1399.908775][ T917] usb 9-1: config 0 interface 1 has no altsetting 0 [ 1399.950054][ T917] usb 9-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 1399.970468][ T917] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1399.991120][ T917] usb 9-1: Product: syz [ 1399.999840][ T917] usb 9-1: Manufacturer: syz [ 1400.006579][ T917] usb 9-1: SerialNumber: syz [ 1400.025747][ T917] usb 9-1: config 0 descriptor?? [ 1400.263400][ T917] cx231xx 9-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 1400.284665][ T917] cx231xx 9-1:0.1: Identified as Conexant Hybrid TV - RDU253S (card=4) [ 1400.429261][ T917] cx231xx 9-1:0.1: cx231xx_send_gpio_cmd: failed with status --110 [ 1400.439460][ T917] cx231xx 9-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 1400.473981][ T917] cx231xx 9-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 1400.493651][ T917] cx231xx 9-1:0.1: cx231xx_send_gpio_cmd: failed with status --71 [ 1400.511353][ T917] cx231xx 9-1:0.1: cx231xx_send_gpio_cmd: failed with status --71 [ 1400.531615][ T917] cx231xx 9-1:0.1: Failed to set devmode to analog: error: -71 [ 1400.603996][ T917] i2c i2c-3: Added multiplexed i2c bus 5 [ 1400.637959][ T917] i2c i2c-3: Added multiplexed i2c bus 6 [ 1400.655938][ T917] cx231xx 9-1:0.1: cx231xx_dev_init: Failed to set Power - errCode [-71]! [ 1400.685349][ T917] cx231xx 9-1:0.1: cx231xx_init_dev: cx231xx_i2c_register - errCode [-71]! [ 1400.755779][ T917] cx231xx 9-1:0.1: probe with driver cx231xx failed with error -71 [ 1400.792995][ T917] usb 9-1: USB disconnect, device number 55 [ 1401.598665][T17339] netlink: 8 bytes leftover after parsing attributes in process `syz.5.18992'. [ 1403.584420][ T917] usb 9-1: new full-speed USB device number 56 using dummy_hcd [ 1403.743468][ T917] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1403.774046][ T917] usb 9-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 1403.791918][ T5888] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 1403.801658][ T917] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1403.810904][ T917] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12336, setting to 64 [ 1403.828331][ T917] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1403.838266][ T917] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1403.851877][ T917] usb 9-1: Product: syz [ 1403.856085][ T917] usb 9-1: Manufacturer: syz [ 1403.879885][ T917] cdc_wdm 9-1:1.0: skipping garbage [ 1403.885796][ T917] cdc_wdm 9-1:1.0: skipping garbage [ 1403.896004][ T917] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 1403.906060][ T917] cdc_wdm 9-1:1.0: Unknown control protocol [ 1403.971778][ T5888] usb 6-1: Using ep0 maxpacket: 16 [ 1403.983650][ T5888] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1403.995162][ T5888] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1404.009428][ T5888] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1404.019644][ T5888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1404.047826][ T5888] usb 6-1: config 0 descriptor?? [ 1404.346862][ T5823] usb 9-1: USB disconnect, device number 56 [ 1404.713952][ T5888] usbhid 6-1:0.0: can't add hid device: -71 [ 1404.720059][ T5888] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1404.772043][ T5888] usb 6-1: USB disconnect, device number 73 [ 1406.817899][T17485] binder: 17484:17485 ioctl c0306201 200000000940 returned -14 [ 1407.581577][T27581] usb 7-1: new high-speed USB device number 74 using dummy_hcd [ 1407.776775][T27581] usb 7-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1407.792619][T27581] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1407.820530][T27581] usb 7-1: Product: syz [ 1407.831826][T27581] usb 7-1: Manufacturer: syz [ 1407.846930][T27581] usb 7-1: SerialNumber: syz [ 1408.283947][T27581] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1408.311636][T27581] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 1410.039988][T27581] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000040. ret = -EPROTO [ 1410.089583][T27581] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 1410.246143][T27581] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 1410.402503][T27581] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1410.415288][T27581] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1410.465149][T27581] lan78xx 7-1:1.0: probe with driver lan78xx failed with error -71 [ 1410.544462][T27581] usb 7-1: USB disconnect, device number 74 [ 1410.613429][T17598] netlink: 388 bytes leftover after parsing attributes in process `syz.8.19106'. [ 1412.045199][T17633] netlink: 'syz.2.19120': attribute type 4 has an invalid length. [ 1413.326272][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 1413.326291][ T30] audit: type=1326 audit(1763541412.107:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17678 comm="syz.3.19143" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x0 [ 1413.524027][T17690] x_tables: unsorted underflow at hook 2 [ 1415.324890][T17763] netlink: 'syz.6.19180': attribute type 5 has an invalid length. [ 1415.712028][T27583] usb 9-1: new high-speed USB device number 57 using dummy_hcd [ 1415.864560][T27583] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1415.877137][T27583] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1415.949637][T27583] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 1415.967521][T27583] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1415.977253][T27583] usb 9-1: Manufacturer: syz [ 1416.003786][T27583] usb 9-1: config 0 descriptor?? [ 1416.441161][T27583] hid_parser_main: 8 callbacks suppressed [ 1416.441184][T27583] pyra 0003:1E7D:2CF6.0057: unknown main item tag 0x0 [ 1416.487028][T27583] pyra 0003:1E7D:2CF6.0057: unknown main item tag 0x0 [ 1416.501042][T27583] pyra 0003:1E7D:2CF6.0057: unknown main item tag 0x0 [ 1416.518585][T27583] pyra 0003:1E7D:2CF6.0057: unknown main item tag 0x0 [ 1416.539185][T27583] pyra 0003:1E7D:2CF6.0057: unknown main item tag 0x0 [ 1416.570038][T27583] pyra 0003:1E7D:2CF6.0057: unknown main item tag 0x0 [ 1416.582071][T27583] pyra 0003:1E7D:2CF6.0057: unknown main item tag 0x0 [ 1416.609547][T27583] pyra 0003:1E7D:2CF6.0057: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.8-1/input0 [ 1416.857977][T17816] netlink: 'syz.5.19207': attribute type 1 has an invalid length. [ 1416.881786][T17818] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19206'. [ 1416.890936][T17816] netlink: 1 bytes leftover after parsing attributes in process `syz.5.19207'. [ 1417.477216][T17850] netlink: 12 bytes leftover after parsing attributes in process `syz.5.19222'. [ 1418.098842][T17879] netlink: 240 bytes leftover after parsing attributes in process `syz.2.19237'. [ 1418.298644][T27583] pyra 0003:1E7D:2CF6.0057: couldn't init struct pyra_device [ 1418.336776][T27583] pyra 0003:1E7D:2CF6.0057: couldn't install mouse [ 1418.396584][T27583] pyra 0003:1E7D:2CF6.0057: probe with driver pyra failed with error -71 [ 1418.416269][ T199] tipc: Subscription rejected, illegal request [ 1418.467647][T27583] usb 9-1: USB disconnect, device number 57 [ 1418.728906][T17895] fido_id[17895]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory [ 1419.002393][ T5888] usb 6-1: new high-speed USB device number 74 using dummy_hcd [ 1419.182903][ T5888] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1419.211617][ T5888] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1419.234745][ T5888] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1419.253835][ T5888] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 1419.276798][ T5888] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 1419.315345][ T5888] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1419.342981][ T5888] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1419.361360][ T5888] usb 6-1: Product: syz [ 1419.393669][ T5888] usb 6-1: Manufacturer: syz [ 1419.447785][ T5888] cdc_wdm 6-1:1.0: skipping garbage [ 1419.461717][ T5888] cdc_wdm 6-1:1.0: skipping garbage [ 1419.475808][ T5888] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 1419.482606][ T5888] cdc_wdm 6-1:1.0: Unknown control protocol [ 1419.685875][ T5888] usb 6-1: USB disconnect, device number 74 [ 1419.730190][ T30] audit: type=1326 audit(1763541418.507:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17947 comm="syz.3.19269" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x0 [ 1420.228327][T17982] GUP no longer grows the stack in syz.2.19286 (17982): 200000004000-200000005000 (200000001000) [ 1420.240536][T17982] CPU: 0 UID: 0 PID: 17982 Comm: syz.2.19286 Not tainted syzkaller #0 PREEMPT(full) [ 1420.240565][T17982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1420.240579][T17982] Call Trace: [ 1420.240588][T17982] [ 1420.240596][T17982] dump_stack_lvl+0x189/0x250 [ 1420.240633][T17982] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1420.240661][T17982] ? __pfx__printk+0x10/0x10 [ 1420.240678][T17982] ? find_vma+0xe7/0x160 [ 1420.240719][T17982] __get_user_pages+0x2470/0x2a00 [ 1420.240769][T17982] ? __gup_longterm_locked+0xc63/0x1660 [ 1420.240795][T17982] ? down_read_killable+0x1d1/0x350 [ 1420.240823][T17982] __gup_longterm_locked+0xde4/0x1660 [ 1420.240864][T17982] ? try_grab_folio_fast+0x1bf/0x6a0 [ 1420.240903][T17982] ? gup_fast_fallback+0x1b86/0x22d0 [ 1420.241028][T17982] gup_fast_fallback+0x1d65/0x22d0 [ 1420.241094][T17982] ? __pfx_gup_fast_fallback+0x10/0x10 [ 1420.241117][T17982] ? __mutex_lock+0x335/0x1350 [ 1420.241156][T17982] ? is_valid_gup_args+0x11f/0x200 [ 1420.241189][T17982] ? get_user_pages_fast+0x4d/0xb0 [ 1420.241218][T17982] __iov_iter_get_pages_alloc+0x39f/0xb40 [ 1420.241254][T17982] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 1420.241276][T17982] ? wait_for_space+0x248/0x2d0 [ 1420.241298][T17982] iov_iter_get_pages2+0x5e/0xa0 [ 1420.241328][T17982] __se_sys_vmsplice+0x548/0x10d0 [ 1420.241370][T17982] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 1420.241391][T17982] ? __pfx_futex_wait+0x10/0x10 [ 1420.241474][T17982] ? do_syscall_64+0xbe/0xfa0 [ 1420.241507][T17982] do_syscall_64+0xfa/0xfa0 [ 1420.241534][T17982] ? lockdep_hardirqs_on+0x9c/0x150 [ 1420.241564][T17982] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1420.241585][T17982] ? clear_bhb_loop+0x60/0xb0 [ 1420.241611][T17982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1420.241632][T17982] RIP: 0033:0x7f443698f6c9 [ 1420.241652][T17982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1420.241671][T17982] RSP: 002b:00007f4434bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 1420.241693][T17982] RAX: ffffffffffffffda RBX: 00007f4436be5fa0 RCX: 00007f443698f6c9 [ 1420.241709][T17982] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000006 [ 1420.241723][T17982] RBP: 00007f4436a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1420.241737][T17982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1420.241751][T17982] R13: 00007f4436be6038 R14: 00007f4436be5fa0 R15: 00007f4436d0fa28 [ 1420.241786][T17982] [ 1420.593098][T17990] @: renamed from vlan0 [ 1422.670044][T18074] netlink: 56 bytes leftover after parsing attributes in process `syz.3.19328'. [ 1422.837126][T18083] netlink: 24 bytes leftover after parsing attributes in process `syz.6.19331'. [ 1422.976012][T18083] netlink: 4 bytes leftover after parsing attributes in process `syz.6.19331'. [ 1423.095489][T18097] usb usb8: usbfs: process 18097 (syz.5.19339) did not claim interface 0 before use [ 1423.100244][T18099] netlink: 4 bytes leftover after parsing attributes in process `syz.2.19340'. [ 1423.162340][T18099] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1423.177003][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.184151][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1424.433836][T18136] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 1424.714977][T18144] fuse: Invalid rootmode [ 1425.175842][T18161] netlink: 28 bytes leftover after parsing attributes in process `syz.5.19367'. [ 1426.410984][ T432] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 1427.398084][T18240] netlink: 8 bytes leftover after parsing attributes in process `syz.5.19404'. [ 1430.831346][T18329] sit0: entered promiscuous mode [ 1430.861989][T18329] netlink: 'syz.3.19446': attribute type 1 has an invalid length. [ 1430.869820][T18329] netlink: 1 bytes leftover after parsing attributes in process `syz.3.19446'. [ 1432.032408][T18383] netlink: 28 bytes leftover after parsing attributes in process `syz.5.19470'. [ 1432.193237][ T30] audit: type=1326 audit(1763541430.977:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18392 comm="syz.5.19475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa51898f6c9 code=0x7ffc0000 [ 1432.237995][ T30] audit: type=1326 audit(1763541430.977:1470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18392 comm="syz.5.19475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7fa51898f6c9 code=0x7ffc0000 [ 1432.269855][ T30] audit: type=1326 audit(1763541430.977:1471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18392 comm="syz.5.19475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa51898f6c9 code=0x7ffc0000 [ 1432.417603][T18401] netlink: 'syz.5.19479': attribute type 1 has an invalid length. [ 1432.464205][T18401] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1432.727980][T18416] netlink: 'syz.6.19485': attribute type 13 has an invalid length. [ 1432.768091][T18416] gretap0: refused to change device tx_queue_len [ 1432.853137][T18416] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1433.939632][T18435] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 1434.047056][T18448] netlink: 20 bytes leftover after parsing attributes in process `syz.3.19498'. [ 1434.064132][T18448] netlink: 20 bytes leftover after parsing attributes in process `syz.3.19498'. [ 1434.155041][T18450] usb usb9: usbfs: process 18450 (syz.2.19497) did not claim interface 0 before use [ 1435.434880][ T30] audit: type=1326 audit(1763541434.207:1472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18481 comm="syz.3.19513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1435.543737][ T30] audit: type=1326 audit(1763541434.217:1473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18481 comm="syz.3.19513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1435.601178][ T30] audit: type=1326 audit(1763541434.217:1474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18481 comm="syz.3.19513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1435.686397][ T30] audit: type=1326 audit(1763541434.217:1475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18481 comm="syz.3.19513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1435.736450][ T30] audit: type=1326 audit(1763541434.217:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18481 comm="syz.3.19513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1437.566156][T18557] netlink: 72 bytes leftover after parsing attributes in process `syz.8.19546'. [ 1437.624515][T18560] netlink: 337 bytes leftover after parsing attributes in process `syz.3.19547'. [ 1437.934688][ T30] audit: type=1326 audit(1763541436.717:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18575 comm="syz.3.19554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1438.004246][ T30] audit: type=1326 audit(1763541436.717:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18575 comm="syz.3.19554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1438.062202][ T30] audit: type=1326 audit(1763541436.747:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18575 comm="syz.3.19554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1438.114119][ T30] audit: type=1326 audit(1763541436.747:1480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18575 comm="syz.3.19554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1438.171872][ T30] audit: type=1326 audit(1763541436.747:1481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18575 comm="syz.3.19554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1438.282098][ T30] audit: type=1326 audit(1763541436.757:1482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18575 comm="syz.3.19554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1438.321382][ T30] audit: type=1326 audit(1763541436.757:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18575 comm="syz.3.19554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1438.381578][ T30] audit: type=1326 audit(1763541436.757:1484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18575 comm="syz.3.19554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1438.420065][T27581] hid-generic 0000:0000:0000.0058: unknown main item tag 0x0 [ 1438.475584][ T30] audit: type=1326 audit(1763541436.757:1485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18575 comm="syz.3.19554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1438.482133][T27581] hid-generic 0000:0000:0000.0058: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1438.498728][ T30] audit: type=1326 audit(1763541436.767:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18575 comm="syz.3.19554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1438.691719][T27583] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1438.857965][T27583] usb 4-1: config 0 has no interfaces? [ 1438.869534][T27583] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1438.906930][T27583] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1438.965983][T27583] usb 4-1: SerialNumber: syz [ 1438.994118][T27583] usb 4-1: config 0 descriptor?? [ 1439.068605][T18614] netlink: 8 bytes leftover after parsing attributes in process `syz.8.19569'. [ 1439.097045][T18614] sit3: entered allmulticast mode [ 1441.394031][T27583] usb 4-1: USB disconnect, device number 41 [ 1441.630436][T18740] fuse: Unknown parameter '%' [ 1441.710446][T18746] binder: 18745:18746 ioctl c018620c 200000000000 returned -22 [ 1442.038265][T18766] netlink: 84 bytes leftover after parsing attributes in process `syz.3.19640'. [ 1442.950596][T18795] team0: Port device team_slave_0 removed [ 1443.424910][T18812] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19657'. [ 1443.796371][T18824] netlink: 8 bytes leftover after parsing attributes in process `syz.3.19662'. [ 1443.827383][T18824] netlink: 56 bytes leftover after parsing attributes in process `syz.3.19662'. [ 1443.884765][T18824] geneve2: entered promiscuous mode [ 1443.891181][T18824] geneve2: entered allmulticast mode [ 1443.901058][ T8828] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1443.925176][ T8828] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1443.945429][T18830] openvswitch: netlink: Missing valid actions attribute. [ 1443.973423][ T8828] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1443.990505][T18830] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1444.000016][ T8828] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1444.373755][T18851] binder: 18850:18851 ioctl c018620b 0 returned -14 [ 1445.151595][ T5888] usb 6-1: new low-speed USB device number 75 using dummy_hcd [ 1445.313927][ T5888] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 1445.323209][ T5888] usb 6-1: config 0 has no interface number 0 [ 1445.329385][ T5888] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1445.334840][T18897] netlink: 156 bytes leftover after parsing attributes in process `syz.6.19698'. [ 1445.357901][ T5888] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 1445.371224][T18897] netlink: 12 bytes leftover after parsing attributes in process `syz.6.19698'. [ 1445.394904][T18897] netlink: 16 bytes leftover after parsing attributes in process `syz.6.19698'. [ 1445.409866][ T5888] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1445.429583][ T5888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1445.453383][ T5888] usb 6-1: config 0 descriptor?? [ 1445.467606][T18876] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1445.482401][ T5888] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1445.485560][T18899] netlink: 'syz.2.19700': attribute type 25 has an invalid length. [ 1445.693464][T18876] binder: 18874:18876 ioctl 4018620d 0 returned -22 [ 1445.782696][ T5888] usb 6-1: USB disconnect, device number 75 [ 1445.788717][ C0] iowarrior 6-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 1446.163874][T18938] netlink: 'syz.6.19717': attribute type 10 has an invalid length. [ 1446.172396][T18938] netlink: 17 bytes leftover after parsing attributes in process `syz.6.19717'. [ 1446.303062][T18942] netlink: 28 bytes leftover after parsing attributes in process `syz.8.19719'. [ 1446.732203][T18952] trusted_key: encrypted_key: master key parameter is missing [ 1446.749794][T18953] loop9: detected capacity change from 0 to 7 [ 1446.849668][ T6183] buffer_io_error: 9 callbacks suppressed [ 1446.849686][ T6183] Buffer I/O error on dev loop9, logical block 0, async page read [ 1446.890716][ T6183] Buffer I/O error on dev loop9, logical block 0, async page read [ 1447.057558][ T6183] Buffer I/O error on dev loop9, logical block 0, async page read [ 1447.101805][ T6183] Buffer I/O error on dev loop9, logical block 0, async page read [ 1447.131121][ T6183] Buffer I/O error on dev loop9, logical block 0, async page read [ 1447.146855][ T6183] Buffer I/O error on dev loop9, logical block 0, async page read [ 1447.161039][ T6183] Buffer I/O error on dev loop9, logical block 0, async page read [ 1447.172497][ T6183] ldm_validate_partition_table(): Disk read failed. [ 1447.179300][ T6183] Buffer I/O error on dev loop9, logical block 0, async page read [ 1447.189548][ T6183] Buffer I/O error on dev loop9, logical block 0, async page read [ 1447.200128][ T6183] Buffer I/O error on dev loop9, logical block 0, async page read [ 1447.210837][ T6183] Dev loop9: unable to read RDB block 0 [ 1447.242421][ T6183] loop9: unable to read partition table [ 1447.252988][ T6183] loop9: partition table beyond EOD, truncated [ 1447.268704][T18953] ldm_validate_partition_table(): Disk read failed. [ 1447.278682][T18953] Dev loop9: unable to read RDB block 0 [ 1447.292323][T18953] loop9: unable to read partition table [ 1447.334167][T18953] loop9: partition table beyond EOD, truncated [ 1447.347460][T18953] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 1447.347460][T18953] ) failed (rc=-5) [ 1448.272182][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 1448.272202][ T30] audit: type=1326 audit(1763541447.047:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18997 comm="syz.3.19744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1448.654915][ T30] audit: type=1326 audit(1763541447.047:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18997 comm="syz.3.19744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1448.687071][ T30] audit: type=1326 audit(1763541447.057:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18997 comm="syz.3.19744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1448.784293][ T30] audit: type=1326 audit(1763541447.057:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18997 comm="syz.3.19744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff753f8f6c9 code=0x7ffc0000 [ 1448.996171][T19016] netlink: 28 bytes leftover after parsing attributes in process `syz.3.19753'. [ 1449.358742][T19036] netlink: 8 bytes leftover after parsing attributes in process `syz.3.19762'. [ 1449.567290][T19044] netlink: 68 bytes leftover after parsing attributes in process `syz.3.19767'. [ 1449.838714][T19062] netlink: 12 bytes leftover after parsing attributes in process `syz.3.19775'. [ 1450.656748][T19091] netlink: 84 bytes leftover after parsing attributes in process `syz.5.19789'. [ 1451.618753][T19119] can: request_module (can-proto-0) failed. [ 1452.551286][ T30] audit: type=1326 audit(1763541451.327:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1452.631582][ T30] audit: type=1326 audit(1763541451.357:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1452.683603][ T30] audit: type=1326 audit(1763541451.357:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1452.747571][ T30] audit: type=1326 audit(1763541451.357:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1452.797132][ T30] audit: type=1326 audit(1763541451.357:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1452.857520][ T30] audit: type=1326 audit(1763541451.357:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1453.281724][ T30] kauditd_printk_skb: 458 callbacks suppressed [ 1453.281742][ T30] audit: type=1326 audit(1763541452.057:1973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1453.381749][ T30] audit: type=1326 audit(1763541452.057:1974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1453.451593][ T30] audit: type=1326 audit(1763541452.057:1975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1453.516538][ T30] audit: type=1326 audit(1763541452.057:1976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1453.570399][ T30] audit: type=1326 audit(1763541452.097:1977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1453.655485][ T30] audit: type=1326 audit(1763541452.097:1978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1453.720285][ T30] audit: type=1326 audit(1763541452.097:1979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1453.784883][T19215] netlink: 148 bytes leftover after parsing attributes in process `syz.8.19850'. [ 1453.804475][ T30] audit: type=1326 audit(1763541452.097:1980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1453.821564][T19215] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 1453.904116][ T30] audit: type=1326 audit(1763541452.097:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1453.970253][ T30] audit: type=1326 audit(1763541452.097:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.2.19828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443698f6c9 code=0x50000 [ 1454.202947][T19233] tipc: Enabling of bearer rejected, failed to enable media [ 1454.315903][T19240] netlink: 24 bytes leftover after parsing attributes in process `syz.3.19861'. [ 1456.348789][T19327] x_tables: duplicate underflow at hook 2 [ 1459.440429][T19454] misc userio: Invalid payload size [ 1459.908330][T19480] netlink: 'syz.3.19975': attribute type 11 has an invalid length. [ 1459.942036][T19480] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.19975'. [ 1460.317730][T19500] xt_CT: No such helper "pptp" [ 1460.459410][T19509] netlink: 8 bytes leftover after parsing attributes in process `syz.3.19989'. [ 1461.311884][T27581] usb 6-1: new high-speed USB device number 76 using dummy_hcd [ 1461.493587][T27581] usb 6-1: config 0 has no interfaces? [ 1461.505211][T27581] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1461.541617][T27581] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1461.549655][T27581] usb 6-1: Product: syz [ 1461.578838][T27581] usb 6-1: Manufacturer: syz [ 1461.592350][T27581] usb 6-1: SerialNumber: syz [ 1461.612548][T27581] usb 6-1: config 0 descriptor?? [ 1462.320933][T19591] IPVS: Error connecting to the multicast addr [ 1462.384334][T27581] usb 6-1: USB disconnect, device number 76 [ 1462.727006][T19605] netlink: 188 bytes leftover after parsing attributes in process `syz.5.20036'. [ 1463.194678][T19621] netlink: 28 bytes leftover after parsing attributes in process `syz.5.20043'. [ 1464.623996][T19685] netlink: 4096 bytes leftover after parsing attributes in process `syz.3.20072'. [ 1464.846447][T19696] netlink: 12 bytes leftover after parsing attributes in process `syz.2.20078'. [ 1466.740667][ T30] kauditd_printk_skb: 1892 callbacks suppressed [ 1466.740685][ T30] audit: type=1326 audit(1763541465.517:3875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19786 comm="syz.8.20120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1466.790193][T27581] usb 7-1: new high-speed USB device number 75 using dummy_hcd [ 1466.820889][ T30] audit: type=1326 audit(1763541465.517:3876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19786 comm="syz.8.20120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1466.869714][ T30] audit: type=1326 audit(1763541465.517:3877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19786 comm="syz.8.20120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1466.940907][T19795] netlink: 156 bytes leftover after parsing attributes in process `syz.3.20124'. [ 1466.950559][ T30] audit: type=1326 audit(1763541465.517:3878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19786 comm="syz.8.20120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1466.950620][ T30] audit: type=1326 audit(1763541465.517:3879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19786 comm="syz.8.20120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1466.950663][ T30] audit: type=1326 audit(1763541465.527:3880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19786 comm="syz.8.20120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1467.043045][T27581] usb 7-1: Using ep0 maxpacket: 16 [ 1467.072020][T27581] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1467.100729][T27581] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1467.133351][T27581] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1467.156845][T27581] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1467.184287][T27581] usb 7-1: Product: syz [ 1467.188497][T27581] usb 7-1: Manufacturer: syz [ 1467.211689][T27581] usb 7-1: SerialNumber: syz [ 1467.375572][T19815] netlink: 'syz.3.20134': attribute type 13 has an invalid length. [ 1467.443779][T27581] usb 7-1: 0:2 : does not exist [ 1467.460962][T27581] usb 7-1: 5:0: failed to get current value for ch 0 (-22) [ 1467.531574][ T917] usb 6-1: new high-speed USB device number 77 using dummy_hcd [ 1467.532574][T27581] usb 7-1: USB disconnect, device number 75 [ 1467.587749][T16322] udevd[16322]: setting owner of /dev/mixer3 to uid=0, gid=29 failed: No such file or directory [ 1467.704878][ T917] usb 6-1: config 0 has an invalid interface number: 182 but max is 1 [ 1467.721602][ T917] usb 6-1: config 0 has no interface number 1 [ 1467.738084][ T917] usb 6-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=9c.af [ 1467.762003][ T917] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1467.777262][ T917] usb 6-1: config 0 descriptor?? [ 1467.926232][T19836] netlink: 12 bytes leftover after parsing attributes in process `syz.3.20144'. [ 1467.989831][ T917] usb 6-1: USB disconnect, device number 77 [ 1469.514351][T19924] netlink: 8 bytes leftover after parsing attributes in process `syz.8.20187'. [ 1469.982012][T19942] batadv_slave_1: entered promiscuous mode [ 1470.044501][T19941] batadv_slave_1: left promiscuous mode [ 1470.847873][ T917] usb 6-1: new full-speed USB device number 78 using dummy_hcd [ 1471.053553][ T917] usb 6-1: config 0 has an invalid interface number: 133 but max is 0 [ 1471.063092][ T917] usb 6-1: config 0 has no interface number 0 [ 1471.107811][ T917] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 1471.118555][ T917] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1471.144050][ T917] usb 6-1: Product: syz [ 1471.189092][ T917] usb 6-1: Manufacturer: syz [ 1471.255235][ T917] usb 6-1: SerialNumber: syz [ 1471.275774][ T917] usb 6-1: config 0 descriptor?? [ 1471.533194][ T917] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected [ 1471.558546][ T917] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81 [ 1471.571589][ T917] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1 [ 1471.580255][ T917] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2 [ 1471.637464][ T917] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1471.768812][ T5888] usb 9-1: new high-speed USB device number 58 using dummy_hcd [ 1471.933574][ T5888] usb 9-1: Using ep0 maxpacket: 16 [ 1471.942358][ T5888] usb 9-1: config 0 has an invalid interface number: 251 but max is 0 [ 1471.950564][ T5888] usb 9-1: config 0 has no interface number 0 [ 1471.958671][ T5888] usb 9-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 1471.978332][ T5888] usb 9-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 1471.999095][ T917] usb 6-1: USB disconnect, device number 78 [ 1472.010118][ T917] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1472.022689][ T5888] usb 9-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 1472.031983][ T5888] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1472.039988][ T5888] usb 9-1: Product: syz [ 1472.047112][ T917] keyspan 6-1:0.133: device disconnected [ 1472.069506][ T5888] usb 9-1: Manufacturer: syz [ 1472.080828][ T5888] usb 9-1: SerialNumber: syz [ 1472.099465][ T5888] usb 9-1: config 0 descriptor?? [ 1472.111011][T19994] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 1472.124144][T19994] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 1472.214304][T27581] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1472.341573][ T5888] asix 9-1:0.251: probe with driver asix failed with error -71 [ 1472.371315][ T5888] usb 9-1: USB disconnect, device number 58 [ 1472.374448][T27581] usb 4-1: config 0 interface 0 altsetting 10 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1472.393909][T27581] usb 4-1: config 0 interface 0 altsetting 10 endpoint 0xB has invalid wMaxPacketSize 0 [ 1472.405846][T27581] usb 4-1: config 0 interface 0 altsetting 10 bulk endpoint 0xB has invalid maxpacket 0 [ 1472.416167][T27581] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1472.425669][T27581] usb 4-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=4c.b3 [ 1472.435710][T27581] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1472.448100][T27581] usb 4-1: Product: syz [ 1472.455117][T27581] usb 4-1: Manufacturer: syz [ 1472.460028][T27581] usb 4-1: SerialNumber: syz [ 1472.470618][T27581] usb 4-1: config 0 descriptor?? [ 1472.480777][T27581] ir_toy 4-1:0.0: required endpoints not found [ 1472.782346][T20025] netlink: 8 bytes leftover after parsing attributes in process `syz.5.20234'. [ 1472.895884][ T30] audit: type=1326 audit(1763541471.677:3881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20030 comm="syz.5.20236" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa51898f6c9 code=0x0 [ 1473.345143][T20051] netlink: 104 bytes leftover after parsing attributes in process `syz.2.20247'. [ 1474.971037][ T5888] usb 4-1: USB disconnect, device number 42 [ 1475.585507][T20145] netlink: 20 bytes leftover after parsing attributes in process `syz.5.20289'. [ 1476.221411][T20177] netlink: 68 bytes leftover after parsing attributes in process `syz.3.20305'. [ 1476.801664][ T5888] usb 6-1: new high-speed USB device number 79 using dummy_hcd [ 1476.863134][T20209] netlink: 'syz.8.20319': attribute type 2 has an invalid length. [ 1476.972227][ T5888] usb 6-1: Using ep0 maxpacket: 16 [ 1476.990901][ T5888] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1477.028019][ T5888] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1477.058809][ T5888] usb 6-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1477.087917][ T5888] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1477.117219][ T5888] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1477.126656][ T5888] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1477.139997][ T5888] usb 6-1: Product: syz [ 1477.151335][ T5888] usb 6-1: Manufacturer: syz [ 1477.158141][ T5888] usb 6-1: SerialNumber: syz [ 1477.268359][ T30] audit: type=1326 audit(1763541476.047:3882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1477.335038][ T30] audit: type=1326 audit(1763541476.047:3883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1477.389463][ T5888] usb 6-1: 0:2 : does not exist [ 1477.401530][ T30] audit: type=1326 audit(1763541476.077:3884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1477.452296][ T5888] usb 6-1: USB disconnect, device number 79 [ 1477.475338][ T30] audit: type=1326 audit(1763541476.077:3885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1477.520742][ T6183] udevd[6183]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1477.536705][ T30] audit: type=1326 audit(1763541476.077:3886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1477.643432][ T30] audit: type=1326 audit(1763541476.087:3887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1477.694128][ T30] audit: type=1326 audit(1763541476.087:3888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1477.762943][ T30] audit: type=1326 audit(1763541476.087:3889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1478.150075][ T30] audit: type=1326 audit(1763541476.087:3890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1478.242790][ T30] audit: type=1326 audit(1763541476.087:3891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1478.273208][ T30] audit: type=1326 audit(1763541476.087:3892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1478.536501][T20262] netlink: 8 bytes leftover after parsing attributes in process `syz.6.20344'. [ 1478.545579][T20262] netlink: 48 bytes leftover after parsing attributes in process `syz.6.20344'. [ 1478.555235][T20262] netlink: 8 bytes leftover after parsing attributes in process `syz.6.20344'. [ 1478.564452][T20262] netlink: 48 bytes leftover after parsing attributes in process `syz.6.20344'. [ 1478.578585][ T30] audit: type=1326 audit(1763541476.087:3893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1478.639834][ T30] audit: type=1326 audit(1763541476.097:3894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1478.855854][ T30] audit: type=1326 audit(1763541476.097:3895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1478.973007][ T30] audit: type=1326 audit(1763541476.097:3896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbcdb58df10 code=0x7ffc0000 [ 1479.069240][ T30] audit: type=1326 audit(1763541476.097:3897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbcdb58df10 code=0x7ffc0000 [ 1479.149682][ T30] audit: type=1326 audit(1763541476.097:3898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1479.247247][ T30] audit: type=1326 audit(1763541476.097:3899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20229 comm="syz.6.20331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcdb58f6c9 code=0x7ffc0000 [ 1479.436099][T20288] xt_hashlimit: max too large, truncated to 1048576 [ 1479.448672][T20288] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 1479.701922][T20299] netlink: 8 bytes leftover after parsing attributes in process `syz.8.20361'. [ 1480.049090][T20314] netlink: 20 bytes leftover after parsing attributes in process `syz.5.20367'. [ 1481.027892][T20358] pim6reg: entered allmulticast mode [ 1481.054532][T20358] netlink: 'syz.5.20388': attribute type 10 has an invalid length. [ 1481.931233][T20399] netlink: 12 bytes leftover after parsing attributes in process `syz.2.20407'. [ 1484.041866][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 1484.041888][ T30] audit: type=1326 audit(1763541482.807:3911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20479 comm="syz.8.20444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1484.096907][ T30] audit: type=1326 audit(1763541482.807:3912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20479 comm="syz.8.20444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1484.123418][ T30] audit: type=1326 audit(1763541482.857:3913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20479 comm="syz.8.20444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1484.146319][ T30] audit: type=1326 audit(1763541482.857:3914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20479 comm="syz.8.20444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1484.169037][ T30] audit: type=1326 audit(1763541482.857:3915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20479 comm="syz.8.20444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1484.220939][ T30] audit: type=1326 audit(1763541482.857:3916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20479 comm="syz.8.20444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1484.275352][ T30] audit: type=1326 audit(1763541482.857:3917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20479 comm="syz.8.20444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1484.283200][T20485] netlink: 8 bytes leftover after parsing attributes in process `syz.5.20445'. [ 1484.325872][ T30] audit: type=1326 audit(1763541482.867:3918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20479 comm="syz.8.20444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1484.397521][ T30] audit: type=1326 audit(1763541482.867:3919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20479 comm="syz.8.20444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1484.478488][ T30] audit: type=1326 audit(1763541482.867:3920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20479 comm="syz.8.20444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff6178f6c9 code=0x7ffc0000 [ 1484.617010][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.632232][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.051799][T27581] usb 6-1: new high-speed USB device number 80 using dummy_hcd [ 1485.201828][T27581] usb 6-1: Using ep0 maxpacket: 32 [ 1485.221007][T27581] usb 6-1: config 0 has an invalid interface number: 196 but max is 0 [ 1485.244455][T27581] usb 6-1: config 0 has no interface number 0 [ 1485.254034][T27581] usb 6-1: config 0 interface 196 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 1485.563048][T27581] usb 6-1: config 0 interface 196 has no altsetting 0 [ 1485.598906][T27581] usb 6-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 1485.611808][T27581] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1485.619925][T27581] usb 6-1: Product: syz [ 1485.631175][T27581] usb 6-1: Manufacturer: syz [ 1485.638485][T27581] usb 6-1: SerialNumber: syz [ 1485.652970][T27581] usb 6-1: config 0 descriptor?? [ 1485.803967][T20541] [ 1485.806331][T20541] ===================================================== [ 1485.813263][T20541] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1485.820742][T20541] syzkaller #0 Not tainted [ 1485.825160][T20541] ----------------------------------------------------- [ 1485.832097][T20541] syz.6.20470/20541 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1485.839916][T20541] ffff8880751f2a98 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1485.848661][T20541] [ 1485.848661][T20541] and this task is already holding: [ 1485.856035][T20541] ffff888077da8468 (&tty->flow.lock){....}-{3:3}, at: start_tty+0x20/0x70 [ 1485.864605][T20541] which would create a new lock dependency: [ 1485.870514][T20541] (&tty->flow.lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1485.878301][T20541] [ 1485.878301][T20541] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1485.887853][T20541] (kbd_event_lock){..-.}-{3:3} [ 1485.887901][T20541] [ 1485.887901][T20541] ... which became SOFTIRQ-irq-safe at: [ 1485.900454][T20541] lock_acquire+0x120/0x360 [ 1485.905161][T20541] _raw_spin_lock+0x2e/0x40 [ 1485.909780][T20541] kbd_event+0xd2/0x3f70 [ 1485.914134][T20541] input_handle_events_default+0xd4/0x1a0 [ 1485.919951][T20541] input_pass_values+0x288/0x890 [ 1485.924998][T20541] input_event_dispose+0x3e5/0x6b0 [ 1485.930185][T20541] input_event+0x89/0xe0 [ 1485.934504][T20541] hidinput_hid_event+0x145e/0x1dd0 [ 1485.939786][T20541] hid_process_event+0x4be/0x620 [ 1485.944810][T20541] hid_report_raw_event+0xe91/0x16d0 [ 1485.950177][T20541] hid_input_report+0x43e/0x520 [ 1485.955113][T20541] hid_irq_in+0x47e/0x6d0 [ 1485.959519][T20541] __usb_hcd_giveback_urb+0x376/0x540 [ 1485.964977][T20541] dummy_timer+0x85f/0x44c0 [ 1485.969569][T20541] __hrtimer_run_queues+0x52c/0xc60 [ 1485.974843][T20541] hrtimer_run_softirq+0x187/0x2b0 [ 1485.980034][T20541] handle_softirqs+0x286/0x870 [ 1485.984877][T20541] __irq_exit_rcu+0xca/0x1f0 [ 1485.989547][T20541] irq_exit_rcu+0x9/0x30 [ 1485.993865][T20541] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1485.999587][T20541] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1486.005648][T20541] lock_acquire+0x58/0x360 [ 1486.010226][T20541] __mutex_lock+0x187/0x1350 [ 1486.014958][T20541] media_device_unregister_entity+0x4c/0x70 [ 1486.021026][T20541] dvb_media_device_free+0x190/0x510 [ 1486.026391][T20541] dvb_remove_device+0x107/0x280 [ 1486.031408][T20541] dvb_unregister_device+0x18/0xa0 [ 1486.036599][T20541] dvb_dmxdev_release+0x4d1/0x640 [ 1486.041717][T20541] dvb_usb_adapter_dvb_exit+0x9a/0x1b0 [ 1486.047263][T20541] dvb_usb_adapter_exit+0x8b/0x240 [ 1486.052454][T20541] dvb_usb_device_exit+0x1b6/0x350 [ 1486.057648][T20541] usb_unbind_interface+0x26e/0x910 [ 1486.063002][T20541] device_release_driver_internal+0x4d9/0x800 [ 1486.069177][T20541] bus_remove_device+0x34d/0x410 [ 1486.074204][T20541] device_del+0x511/0x8e0 [ 1486.078618][T20541] usb_disable_device+0x3e9/0x8a0 [ 1486.083716][T20541] usb_disconnect+0x330/0x950 [ 1486.088473][T20541] hub_event+0x1cf5/0x4a20 [ 1486.092960][T20541] process_scheduled_works+0xae1/0x17b0 [ 1486.098590][T20541] worker_thread+0x8a0/0xda0 [ 1486.103259][T20541] kthread+0x711/0x8a0 [ 1486.107409][T20541] ret_from_fork+0x4bc/0x870 [ 1486.112079][T20541] ret_from_fork_asm+0x1a/0x30 [ 1486.116921][T20541] [ 1486.116921][T20541] to a SOFTIRQ-irq-unsafe lock: [ 1486.123933][T20541] (tasklist_lock){.+.+}-{3:3} [ 1486.123962][T20541] [ 1486.123962][T20541] ... which became SOFTIRQ-irq-unsafe at: [ 1486.136670][T20541] ... [ 1486.136683][T20541] lock_acquire+0x120/0x360 [ 1486.143833][T20541] _raw_read_lock+0x36/0x50 [ 1486.148429][T20541] __do_wait+0xde/0x740 [ 1486.152682][T20541] do_wait+0x1f8/0x510 [ 1486.156842][T20541] kernel_wait+0xab/0x170 [ 1486.161262][T20541] call_usermodehelper_exec_work+0xbe/0x230 [ 1486.167231][T20541] process_scheduled_works+0xae1/0x17b0 [ 1486.172852][T20541] worker_thread+0x8a0/0xda0 [ 1486.177528][T20541] kthread+0x711/0x8a0 [ 1486.181679][T20541] ret_from_fork+0x4bc/0x870 [ 1486.186343][T20541] ret_from_fork_asm+0x1a/0x30 [ 1486.191179][T20541] [ 1486.191179][T20541] other info that might help us debug this: [ 1486.191179][T20541] [ 1486.201395][T20541] Chain exists of: [ 1486.201395][T20541] kbd_event_lock --> &tty->flow.lock --> tasklist_lock [ 1486.201395][T20541] [ 1486.214167][T20541] Possible interrupt unsafe locking scenario: [ 1486.214167][T20541] [ 1486.222475][T20541] CPU0 CPU1 [ 1486.227826][T20541] ---- ---- [ 1486.233174][T20541] lock(tasklist_lock); [ 1486.237413][T20541] local_irq_disable(); [ 1486.244248][T20541] lock(kbd_event_lock); [ 1486.251092][T20541] lock(&tty->flow.lock); [ 1486.258016][T20541] [ 1486.261456][T20541] lock(kbd_event_lock); [ 1486.265952][T20541] [ 1486.265952][T20541] *** DEADLOCK *** [ 1486.265952][T20541] [ 1486.274080][T20541] 6 locks held by syz.6.20470/20541: [ 1486.279356][T20541] #0: ffff888077da80a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1486.289105][T20541] #1: ffff888077da82e8 (&tty->termios_rwsem/1){++++}-{4:4}, at: tty_set_termios+0x138/0x17e0 [ 1486.299397][T20541] #2: ffff888077da80a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1486.308794][T20541] #3: ffff888077da8468 (&tty->flow.lock){....}-{3:3}, at: start_tty+0x20/0x70 [ 1486.317768][T20541] #4: ffff888077da80a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1486.327083][T20541] #5: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1486.336139][T20541] [ 1486.336139][T20541] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1486.346531][T20541] -> (kbd_event_lock){..-.}-{3:3} { [ 1486.351823][T20541] IN-SOFTIRQ-W at: [ 1486.355882][T20541] lock_acquire+0x120/0x360 [ 1486.362209][T20541] _raw_spin_lock+0x2e/0x40 [ 1486.368532][T20541] kbd_event+0xd2/0x3f70 [ 1486.374595][T20541] input_handle_events_default+0xd4/0x1a0 [ 1486.382135][T20541] input_pass_values+0x288/0x890 [ 1486.388898][T20541] input_event_dispose+0x3e5/0x6b0 [ 1486.395903][T20541] input_event+0x89/0xe0 [ 1486.401958][T20541] hidinput_hid_event+0x145e/0x1dd0 [ 1486.408979][T20541] hid_process_event+0x4be/0x620 [ 1486.415738][T20541] hid_report_raw_event+0xe91/0x16d0 [ 1486.422859][T20541] hid_input_report+0x43e/0x520 [ 1486.429537][T20541] hid_irq_in+0x47e/0x6d0 [ 1486.435680][T20541] __usb_hcd_giveback_urb+0x376/0x540 [ 1486.442956][T20541] dummy_timer+0x85f/0x44c0 [ 1486.449275][T20541] __hrtimer_run_queues+0x52c/0xc60 [ 1486.456285][T20541] hrtimer_run_softirq+0x187/0x2b0 [ 1486.463211][T20541] handle_softirqs+0x286/0x870 [ 1486.469789][T20541] __irq_exit_rcu+0xca/0x1f0 [ 1486.476373][T20541] irq_exit_rcu+0x9/0x30 [ 1486.482437][T20541] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1486.489888][T20541] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1486.497686][T20541] lock_acquire+0x58/0x360 [ 1486.504180][T20541] __mutex_lock+0x187/0x1350 [ 1486.510591][T20541] media_device_unregister_entity+0x4c/0x70 [ 1486.518302][T20541] dvb_media_device_free+0x190/0x510 [ 1486.525399][T20541] dvb_remove_device+0x107/0x280 [ 1486.532152][T20541] dvb_unregister_device+0x18/0xa0 [ 1486.539172][T20541] dvb_dmxdev_release+0x4d1/0x640 [ 1486.546204][T20541] dvb_usb_adapter_dvb_exit+0x9a/0x1b0 [ 1486.553487][T20541] dvb_usb_adapter_exit+0x8b/0x240 [ 1486.560509][T20541] dvb_usb_device_exit+0x1b6/0x350 [ 1486.567567][T20541] usb_unbind_interface+0x26e/0x910 [ 1486.574587][T20541] device_release_driver_internal+0x4d9/0x800 [ 1486.582583][T20541] bus_remove_device+0x34d/0x410 [ 1486.589353][T20541] device_del+0x511/0x8e0 [ 1486.595593][T20541] usb_disable_device+0x3e9/0x8a0 [ 1486.602434][T20541] usb_disconnect+0x330/0x950 [ 1486.608935][T20541] hub_event+0x1cf5/0x4a20 [ 1486.615172][T20541] process_scheduled_works+0xae1/0x17b0 [ 1486.622538][T20541] worker_thread+0x8a0/0xda0 [ 1486.629054][T20541] kthread+0x711/0x8a0 [ 1486.634960][T20541] ret_from_fork+0x4bc/0x870 [ 1486.641371][T20541] ret_from_fork_asm+0x1a/0x30 [ 1486.647948][T20541] INITIAL USE at: [ 1486.651933][T20541] lock_acquire+0x120/0x360 [ 1486.658176][T20541] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1486.665123][T20541] vt_reset_unicode+0x2b/0x160 [ 1486.671626][T20541] reset_vc+0x68/0x1b0 [ 1486.677516][T20541] vc_init+0x70/0x4a0 [ 1486.683225][T20541] con_init+0x385/0x9c0 [ 1486.689113][T20541] console_init+0x10e/0x430 [ 1486.695347][T20541] start_kernel+0x254/0x410 [ 1486.701575][T20541] x86_64_start_reservations+0x24/0x30 [ 1486.708766][T20541] x86_64_start_kernel+0x143/0x1c0 [ 1486.715612][T20541] common_startup_64+0x13e/0x147 [ 1486.722284][T20541] } [ 1486.724893][T20541] ... key at: [] kbd_event_lock+0x18/0xa0 [ 1486.732864][T20541] -> (&tty->flow.lock){....}-{3:3} { [ 1486.738158][T20541] INITIAL USE at: [ 1486.742043][T20541] lock_acquire+0x120/0x360 [ 1486.748099][T20541] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1486.754858][T20541] start_tty+0x20/0x70 [ 1486.760488][T20541] n_tty_set_termios+0xa7c/0x1090 [ 1486.767065][T20541] tty_set_termios+0xda4/0x17e0 [ 1486.773477][T20541] set_termios+0x516/0x6c0 [ 1486.779446][T20541] tty_mode_ioctl+0x47e/0x740 [ 1486.785692][T20541] tty_ioctl+0x9c6/0xde0 [ 1486.791492][T20541] __se_sys_ioctl+0xfc/0x170 [ 1486.797635][T20541] do_syscall_64+0xfa/0xfa0 [ 1486.803697][T20541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1486.811142][T20541] } [ 1486.813641][T20541] ... key at: [] alloc_tty_struct.__key.35+0x0/0x20 [ 1486.822510][T20541] ... acquired at: [ 1486.826299][T20541] lock_acquire+0x120/0x360 [ 1486.830962][T20541] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1486.836332][T20541] stop_tty+0x2f/0x150 [ 1486.840569][T20541] kbd_event+0x2b72/0x3f70 [ 1486.845245][T20541] input_handle_events_default+0xd4/0x1a0 [ 1486.851223][T20541] input_pass_values+0x288/0x890 [ 1486.856513][T20541] input_event_dispose+0x330/0x6b0 [ 1486.861786][T20541] input_inject_event+0x1dd/0x340 [ 1486.867068][T20541] evdev_write+0x2fc/0x480 [ 1486.871653][T20541] vfs_write+0x27e/0xb30 [ 1486.876070][T20541] ksys_write+0x145/0x250 [ 1486.880574][T20541] do_syscall_64+0xfa/0xfa0 [ 1486.885258][T20541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1486.891489][T20541] [ 1486.893800][T20541] [ 1486.893800][T20541] the dependencies between the lock to be acquired [ 1486.893809][T20541] and SOFTIRQ-irq-unsafe lock: [ 1486.907297][T20541] -> (tasklist_lock){.+.+}-{3:3} { [ 1486.912593][T20541] HARDIRQ-ON-R at: [ 1486.916737][T20541] lock_acquire+0x120/0x360 [ 1486.923346][T20541] _raw_read_lock+0x36/0x50 [ 1486.929841][T20541] __do_wait+0xde/0x740 [ 1486.935989][T20541] do_wait+0x1f8/0x510 [ 1486.942055][T20541] kernel_wait+0xab/0x170 [ 1486.948380][T20541] call_usermodehelper_exec_work+0xbe/0x230 [ 1486.956258][T20541] process_scheduled_works+0xae1/0x17b0 [ 1486.963791][T20541] worker_thread+0x8a0/0xda0 [ 1486.970382][T20541] kthread+0x711/0x8a0 [ 1486.976464][T20541] ret_from_fork+0x4bc/0x870 [ 1486.983054][T20541] ret_from_fork_asm+0x1a/0x30 [ 1486.989806][T20541] SOFTIRQ-ON-R at: [ 1486.993949][T20541] lock_acquire+0x120/0x360 [ 1487.000454][T20541] _raw_read_lock+0x36/0x50 [ 1487.006961][T20541] __do_wait+0xde/0x740 [ 1487.013115][T20541] do_wait+0x1f8/0x510 [ 1487.019180][T20541] kernel_wait+0xab/0x170 [ 1487.025531][T20541] call_usermodehelper_exec_work+0xbe/0x230 [ 1487.033434][T20541] process_scheduled_works+0xae1/0x17b0 [ 1487.041424][T20541] worker_thread+0x8a0/0xda0 [ 1487.048107][T20541] kthread+0x711/0x8a0 [ 1487.054186][T20541] ret_from_fork+0x4bc/0x870 [ 1487.060784][T20541] ret_from_fork_asm+0x1a/0x30 [ 1487.067913][T20541] INITIAL USE at: [ 1487.072072][T20541] lock_acquire+0x120/0x360 [ 1487.078670][T20541] _raw_write_lock_irq+0xa2/0xf0 [ 1487.085735][T20541] copy_process+0x224f/0x3c00 [ 1487.092511][T20541] kernel_clone+0x21e/0x840 [ 1487.099078][T20541] user_mode_thread+0xdd/0x140 [ 1487.106112][T20541] rest_init+0x23/0x300 [ 1487.112189][T20541] start_kernel+0x3ae/0x410 [ 1487.118943][T20541] x86_64_start_reservations+0x24/0x30 [ 1487.126345][T20541] x86_64_start_kernel+0x143/0x1c0 [ 1487.133392][T20541] common_startup_64+0x13e/0x147 [ 1487.140257][T20541] INITIAL READ USE at: [ 1487.144756][T20541] lock_acquire+0x120/0x360 [ 1487.151630][T20541] _raw_read_lock+0x36/0x50 [ 1487.158836][T20541] __do_wait+0xde/0x740 [ 1487.165429][T20541] do_wait+0x1f8/0x510 [ 1487.171930][T20541] kernel_wait+0xab/0x170 [ 1487.178623][T20541] call_usermodehelper_exec_work+0xbe/0x230 [ 1487.186857][T20541] process_scheduled_works+0xae1/0x17b0 [ 1487.194741][T20541] worker_thread+0x8a0/0xda0 [ 1487.201675][T20541] kthread+0x711/0x8a0 [ 1487.208080][T20541] ret_from_fork+0x4bc/0x870 [ 1487.215005][T20541] ret_from_fork_asm+0x1a/0x30 [ 1487.222110][T20541] } [ 1487.224765][T20541] ... key at: [] tasklist_lock+0x18/0x40 [ 1487.232741][T20541] ... acquired at: [ 1487.236704][T20541] lock_acquire+0x120/0x360 [ 1487.241378][T20541] _raw_read_lock+0x36/0x50 [ 1487.246157][T20541] send_sigurg+0x12b/0x420 [ 1487.250848][T20541] sk_send_sigurg+0x6c/0x2e0 [ 1487.255607][T20541] queue_oob+0x420/0x4f0 [ 1487.260018][T20541] unix_stream_sendmsg+0xc3f/0xdf0 [ 1487.265297][T20541] __sock_sendmsg+0x21c/0x270 [ 1487.270153][T20541] ____sys_sendmsg+0x52d/0x830 [ 1487.275086][T20541] ___sys_sendmsg+0x21f/0x2a0 [ 1487.279927][T20541] __sys_sendmmsg+0x227/0x430 [ 1487.284769][T20541] __x64_sys_sendmmsg+0xa0/0xc0 [ 1487.289825][T20541] do_syscall_64+0xfa/0xfa0 [ 1487.294497][T20541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1487.300554][T20541] [ 1487.302894][T20541] -> (&f_owner->lock){....}-{3:3} { [ 1487.308377][T20541] INITIAL USE at: [ 1487.312364][T20541] lock_acquire+0x120/0x360 [ 1487.318685][T20541] _raw_write_lock_irq+0xa2/0xf0 [ 1487.325357][T20541] __f_setown+0x67/0x370 [ 1487.331336][T20541] fcntl_dirnotify+0x3fa/0x6a0 [ 1487.337838][T20541] do_fcntl+0x6d0/0x1910 [ 1487.343832][T20541] __se_sys_fcntl+0xc8/0x150 [ 1487.350166][T20541] do_syscall_64+0xfa/0xfa0 [ 1487.356402][T20541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1487.364022][T20541] INITIAL READ USE at: [ 1487.368427][T20541] lock_acquire+0x120/0x360 [ 1487.375131][T20541] _raw_read_lock_irqsave+0xaf/0x100 [ 1487.382581][T20541] send_sigio+0x38/0x370 [ 1487.388985][T20541] dnotify_handle_event+0x169/0x440 [ 1487.396608][T20541] fsnotify+0x1814/0x1a80 [ 1487.403099][T20541] __vfs_setxattr_noperm+0x4f1/0x660 [ 1487.410555][T20541] vfs_setxattr+0x16b/0x2f0 [ 1487.417219][T20541] filename_setxattr+0x274/0x600 [ 1487.424937][T20541] path_setxattrat+0x364/0x3a0 [ 1487.431971][T20541] __x64_sys_lsetxattr+0xbf/0xe0 [ 1487.439075][T20541] do_syscall_64+0xfa/0xfa0 [ 1487.446097][T20541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1487.454164][T20541] } [ 1487.456914][T20541] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1487.465848][T20541] ... acquired at: [ 1487.469726][T20541] lock_acquire+0x120/0x360 [ 1487.474388][T20541] _raw_read_lock_irqsave+0xaf/0x100 [ 1487.479852][T20541] send_sigio+0x38/0x370 [ 1487.484262][T20541] kill_fasync+0x24d/0x4d0 [ 1487.488845][T20541] sock_wake_async+0x137/0x160 [ 1487.493863][T20541] sock_def_readable+0x3bb/0x550 [ 1487.498966][T20541] queue_oob+0x452/0x4f0 [ 1487.503374][T20541] unix_stream_sendmsg+0xc3f/0xdf0 [ 1487.508649][T20541] __sock_sendmsg+0x21c/0x270 [ 1487.513498][T20541] ____sys_sendmsg+0x52d/0x830 [ 1487.518430][T20541] ___sys_sendmsg+0x21f/0x2a0 [ 1487.523285][T20541] __sys_sendmmsg+0x227/0x430 [ 1487.528136][T20541] __x64_sys_sendmmsg+0xa0/0xc0 [ 1487.533147][T20541] do_syscall_64+0xfa/0xfa0 [ 1487.537825][T20541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1487.543878][T20541] [ 1487.546187][T20541] -> (&new->fa_lock){....}-{3:3} { [ 1487.551307][T20541] INITIAL USE at: [ 1487.555196][T20541] lock_acquire+0x120/0x360 [ 1487.561343][T20541] _raw_write_lock_irq+0xa2/0xf0 [ 1487.567837][T20541] fasync_remove_entry+0xf1/0x1c0 [ 1487.574415][T20541] sock_fasync+0x85/0xf0 [ 1487.580222][T20541] __fput+0x8a2/0xa70 [ 1487.585762][T20541] task_work_run+0x1d4/0x260 [ 1487.591910][T20541] exit_to_user_mode_loop+0xe9/0x130 [ 1487.598747][T20541] do_syscall_64+0x2bd/0xfa0 [ 1487.604898][T20541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1487.612343][T20541] INITIAL READ USE at: [ 1487.616662][T20541] lock_acquire+0x120/0x360 [ 1487.623154][T20541] _raw_read_lock_irqsave+0xaf/0x100 [ 1487.630432][T20541] kill_fasync+0x199/0x4d0 [ 1487.636842][T20541] sock_wake_async+0x137/0x160 [ 1487.643644][T20541] sk_send_sigurg+0x1f1/0x2e0 [ 1487.650413][T20541] queue_oob+0x420/0x4f0 [ 1487.656645][T20541] unix_stream_sendmsg+0xc3f/0xdf0 [ 1487.663743][T20541] __sock_sendmsg+0x21c/0x270 [ 1487.670412][T20541] ____sys_sendmsg+0x52d/0x830 [ 1487.677164][T20541] ___sys_sendmsg+0x21f/0x2a0 [ 1487.683829][T20541] __sys_sendmmsg+0x227/0x430 [ 1487.690579][T20541] __x64_sys_sendmmsg+0xa0/0xc0 [ 1487.697416][T20541] do_syscall_64+0xfa/0xfa0 [ 1487.703916][T20541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1487.711906][T20541] } [ 1487.714389][T20541] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1487.723058][T20541] ... acquired at: [ 1487.726854][T20541] lock_acquire+0x120/0x360 [ 1487.731517][T20541] _raw_read_lock_irqsave+0xaf/0x100 [ 1487.736972][T20541] kill_fasync+0x199/0x4d0 [ 1487.741581][T20541] __start_tty+0x18c/0x220 [ 1487.746199][T20541] start_tty+0x2b/0x70 [ 1487.750435][T20541] n_tty_set_termios+0xa7c/0x1090 [ 1487.755645][T20541] tty_set_termios+0xda4/0x17e0 [ 1487.760671][T20541] set_termios+0x516/0x6c0 [ 1487.765250][T20541] tty_mode_ioctl+0x47e/0x740 [ 1487.770098][T20541] tty_ioctl+0x9c6/0xde0 [ 1487.774508][T20541] __se_sys_ioctl+0xfc/0x170 [ 1487.779298][T20541] do_syscall_64+0xfa/0xfa0 [ 1487.783973][T20541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1487.790048][T20541] [ 1487.792372][T20541] [ 1487.792372][T20541] stack backtrace: [ 1487.798270][T20541] CPU: 1 UID: 0 PID: 20541 Comm: syz.6.20470 Not tainted syzkaller #0 PREEMPT(full) [ 1487.798295][T20541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1487.798307][T20541] Call Trace: [ 1487.798318][T20541] [ 1487.798326][T20541] dump_stack_lvl+0x189/0x250 [ 1487.798357][T20541] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1487.798379][T20541] ? __pfx__printk+0x10/0x10 [ 1487.798400][T20541] validate_chain+0x1f05/0x2140 [ 1487.798428][T20541] __lock_acquire+0xab9/0xd20 [ 1487.798447][T20541] ? kill_fasync+0x199/0x4d0 [ 1487.798467][T20541] lock_acquire+0x120/0x360 [ 1487.798482][T20541] ? kill_fasync+0x199/0x4d0 [ 1487.798506][T20541] _raw_read_lock_irqsave+0xaf/0x100 [ 1487.798529][T20541] ? kill_fasync+0x199/0x4d0 [ 1487.798548][T20541] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1487.798573][T20541] kill_fasync+0x199/0x4d0 [ 1487.798592][T20541] ? kill_fasync+0x53/0x4d0 [ 1487.798611][T20541] ? __pfx_n_tty_write_wakeup+0x10/0x10 [ 1487.798641][T20541] __start_tty+0x18c/0x220 [ 1487.798663][T20541] start_tty+0x2b/0x70 [ 1487.798684][T20541] n_tty_set_termios+0xa7c/0x1090 [ 1487.798704][T20541] ? __pfx_n_tty_set_termios+0x10/0x10 [ 1487.798721][T20541] tty_set_termios+0xda4/0x17e0 [ 1487.798743][T20541] ? __pfx_tty_set_termios+0x10/0x10 [ 1487.798774][T20541] set_termios+0x516/0x6c0 [ 1487.798795][T20541] ? __pfx_set_termios+0x10/0x10 [ 1487.798817][T20541] ? tty_ldisc_ref_wait+0x25/0x70 [ 1487.798843][T20541] tty_mode_ioctl+0x47e/0x740 [ 1487.798865][T20541] ? __pfx_tty_mode_ioctl+0x10/0x10 [ 1487.798884][T20541] ? tty_ldisc_ref_wait+0x25/0x70 [ 1487.798905][T20541] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 1487.798929][T20541] ? n_tty_ioctl_helper+0x8e/0x340 [ 1487.798950][T20541] ? __pfx_n_tty_ioctl+0x10/0x10 [ 1487.798967][T20541] tty_ioctl+0x9c6/0xde0 [ 1487.798989][T20541] ? __pfx_tty_ioctl+0x10/0x10 [ 1487.799012][T20541] __se_sys_ioctl+0xfc/0x170 [ 1487.799034][T20541] do_syscall_64+0xfa/0xfa0 [ 1487.799059][T20541] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1487.799075][T20541] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1487.799092][T20541] ? clear_bhb_loop+0x60/0xb0 [ 1487.799110][T20541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1487.799127][T20541] RIP: 0033:0x7fbcdb58f6c9 [ 1487.799145][T20541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1487.799161][T20541] RSP: 002b:00007fbcdc3f3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1487.799181][T20541] RAX: ffffffffffffffda RBX: 00007fbcdb7e6090 RCX: 00007fbcdb58f6c9 [ 1487.799194][T20541] RDX: 0000200000000140 RSI: 0000000000005402 RDI: 0000000000000004 [ 1487.799205][T20541] RBP: 00007fbcdb611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1487.799216][T20541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1487.799227][T20541] R13: 00007fbcdb7e6128 R14: 00007fbcdb7e6090 R15: 00007fbcdb90fa28 [ 1487.799245][T20541] [ 1488.130820][T27581] ipheth 6-1:0.196: Unable to find endpoints [ 1488.144098][T27581] usb 6-1: USB disconnect, device number 80