last executing test programs: 19m42.72082546s ago: executing program 32 (id=3928): setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f0000000200)={0x34f5, {{0xa, 0x4e22, 0x0, @mcast1, 0x3}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}}}, 0x108) close(0x3) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x358, 0x800000000000) 17m32.583481691s ago: executing program 33 (id=5273): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) ioctl$TCXONC(r0, 0x540a, 0x0) write$6lowpan_control(r1, &(0x7f00000007c0)='connect aa:aa:aa:aa:aa:11 0', 0x1b) ioctl$TCXONC(r1, 0x540a, 0x2) ioctl$TCXONC(r0, 0x540a, 0x1) 17m24.19335731s ago: executing program 34 (id=5357): r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000001100)={0x11, 0x8, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) r3 = dup2(r0, r0) write$RDMA_USER_CM_CMD_SET_OPTION(r3, 0x0, 0x0) 15m40.733425857s ago: executing program 35 (id=6354): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040), 0xc) r1 = socket$qrtr(0x2a, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x2, 0x0) connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc) ioctl$sock_qrtr_TIOCINQ(r0, 0x8916, 0x0) writev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1) 15m25.072262402s ago: executing program 36 (id=6457): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000080)="b805000000090200e1490000320f01d9660ff7e31bf7ecec05000000b90000c0fe0fae41dcb50400000000b9800000c00f320908660fc7b20a0000000f300f0826f30fc7b205000000660fc775022e0ffa600c980f320f3566b85700", 0x5c}], 0x1, 0x17, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, 0x0}], 0x1, 0x6bb6c4a5b2d35090, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000340)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13m54.726300627s ago: executing program 37 (id=7213): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x84, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x3}, {0xffff, 0xffff}, {0x4}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x5, 0x5, 0x800, 0x0, 0x1aa2, 0xc}}, {0x4}}]}, @qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x1d, 0x5, 0x2, 0x0, 0x3, 0x4, 0x1}}, {0x6, 0x2, [0x1]}}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x1d4}, 0x8840) sendmmsg(0xffffffffffffffff, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) 13m25.564424669s ago: executing program 38 (id=7396): ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, &(0x7f0000000080)={0x0, 0x1, 0x7, 0x10001, 0x5, "1afa86d32101b58680cdda128ed251c679583d", 0x3f, 0x80000004}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r1, 0x410, &(0x7f0000000080)={0x0, 0x1, 0x6, 0x1fd}) unlink(&(0x7f0000000100)='./file0\x00') close_range(r0, 0xffffffffffffffff, 0x0) 12m52.112919192s ago: executing program 39 (id=7618): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote, 0x0, 0x0, 0x0, 0x3}, 0x20) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}, 0x7, 0x0, 0xff, 0x2}, 0x20) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000180)=""/88, 0x58}], 0x1, 0x8, 0x0) 12m18.159216589s ago: executing program 40 (id=7866): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0x1, 0xe}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x55}, 0xc010) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) 11m12.261163974s ago: executing program 41 (id=8314): mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000008, 0x4010, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) 10m2.420567682s ago: executing program 0 (id=8724): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1, 0x200000005c832, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0xec776000) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000ae000000b703000007000000850000000e000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x45, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, 0x1, 0x1, 0x201, 0x0, 0x0, {0x5, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x20000050}, 0x800) 10m2.14578944s ago: executing program 0 (id=8726): r0 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x2}, 0x18, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000000)={0x10, 0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) mkdir(&(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x80) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1e0) renameat2(0xffffffffffffff9c, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) 10m2.063488259s ago: executing program 0 (id=8727): socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x44014) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4030582b, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000000)={@private2, 0x6, 0x0, 0x0, 0x0, 0xffff, 0x6}, 0x20) 10m1.963793538s ago: executing program 0 (id=8728): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) unshare(0x26020480) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='.\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) 10m0.998130382s ago: executing program 0 (id=8731): r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x40042, 0x21) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x20d01, 0x0) io_setup(0x201, &(0x7f0000000140)=0x0) io_submit(r3, 0x47f, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r2, &(0x7f00000000c0)='!', 0xb7f40, 0x2000}]) 10m0.692846861s ago: executing program 0 (id=8732): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x10, 0x42, 0x44}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000140), 0x1003, r2}, 0x38) 10m0.129591362s ago: executing program 42 (id=8732): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x10, 0x42, 0x44}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000140), 0x1003, r2}, 0x38) 9m45.466549148s ago: executing program 3 (id=8803): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000400)={0x50, 0x0, r1, {0x7, 0x1f, 0x1, 0xffffffff80099070, 0x0, 0x0, 0x5, 0x100000}}, 0x50) umount2(&(0x7f0000000240)='./file0/file0\x00', 0x8) syz_fuse_handle_req(r0, &(0x7f0000008280)="cab1f92d585917232bcfa47f91900c936355a83b5a41f6f43bd8b0d1a1e13674b6a8596a8376e6851e0b96decd071d92ce4887ddad2b82183858d82c7d11948024607d92ec0f1c23a4e755f29fa557d1353a3ced680f530e822eed64b4d1aaf20d1320f3583cadb9dfde95993487f96bc290dc10cfccc5ec8ea864590fc1678b79b0a36c9668b27ae142d22c305496881af0d0546076ec21e31bdab2465010e779e7140036d2b12f59b971792cfed8d07f0b8ae13ee944268f573ec11c1b14d53880a64fd2fdbe981f4d9af8863191efc03a39d5a3f19badf65dd49443297b38bf0c009eafad5879cb78e63b00e961de7d7180941f0d1e87a2635294bcb4619e9d84be1816784325d23fcb9c66388b586c8e719f3edfa2aa37cc3f6511add854c10fe546d1c11f11eeaff24cecc0d47ec8fd336ec08470f06227e4a9410074a3d715eb6a697b04bdfeda0b6753d880d012ef8fada7f4ed649ca214609e31cace9a33937813012e4c1b787d8f71ce9b495a69e5c8810ff9954b7b96743dcdd7e52ebbf526f339d3c8ad2550326d3a396de5ac90787b352feabe013c4044ca813344c97f836851d6daf2de3a8b07a61d1052bd302a641706af7629a042dc2f0374671b287f1325763e1818beba9f7cab9e25d6f8749f7dea4c5ef684723d33938aca32e19b1c6a6237d899fb397e9023764b3f4d6399885533a802e4d3ca76f2e0234ed6d7257f8cebddc900af88cc21ee2816513045e92f71fc8523894d684678f17b5fdb4adeda98fc019c0ba05efeffeff3bbda1d6d84a98002a74237cb8d13cb30d8a9a7e47e4da8273a47df4e6ea53036b5b154b9597e6eb00fcad29ed04a820b1ce807bf1818344122a6f0aac52d24426feeba0af56925cb4a1e70a84251f2b4d4693e689518a0e159647b5b60a62db699a25275520c208652ce4401bb5dcd633e7c889758d3d213f4dbe69c9bb76e80b6e892bb5f5809e042ee5cb1982a2373b1886711d1e68d0bc3d4c9d69ac605432bf84cd81104e77c71cd7c0708244fc9428edd52f8cc8f3023b4c6d3bbad7a9b874111098c4652b34c428a8f789c5e5f3f84354ab7afec1a7b11d2a34771ebad2f15c169a61b431c8a1cca9ca1596fce65242d03814ebf977da9bbde5707b22b5002cce68bd0f6d196df341c96bd0cf0916b8775e75021663ea82c99a90b844cc5f8b6c56b21b1fbbbf6fb40ed0c29ee4ecc2998df2cbe3a4d75025ef73dd9f3aa5bc7aa694fe573a73453c9ff873d0a8840afd91be319181836de45260b4e252394edae58f840858a9b64f0ff37bb1820031e563250e62ceea5a7c4d2cd4d5d10e57176fcf576e774920db06b36ea02f9cae9c1087bd1866fb4bcf7fbf393093b339860a61c61248000a2a1bbc982fa691e311fa1bf2a38afdf08b574eed0df42bdc30c3db7cdcb71687f48070077f91fef93e8e47e248d3e53e8a79fcb5a8f8aa39b3bfa2dd88d5c5840d517ae8c132d423a37a8be3301d62a99753bc72f674205a11850e045430abbdc4e68223a93c76d6d2f1d646af10a15705793e2fc5a532af3dda88f52063a091f1f79cd5a5b23ea7742b149eab1aa43c21c2f15227a1f94b5580adbb1e1c49ade49d6e8b838cff43aa2426651817f479252c8ef7af9e4a5ad33839be6c15b50016c59f13c26cfca796cfc01207acc69e9d3952f6e71c975bc77d5a001f6f6c044770f54d86a4518a4898e3136988d643dd2de907859f0b4d4de2a2d461ba5e05cff49eda86772799b2e7947fdbb89fc5b0347e87f1b9dbb94842cc1457d07f3e0c41342510f5ccb551cdf0fcac1a758041bff75812de1b2abf341ed5f667c9b0581d2c33e0b17f1b46c2287399c62252edb9c1cf2b80b7a1b4c3c903aa4cf5332a2998b9072f61f589ae5df1168f8d18e98fce2bec1d5d876f9757017b73495a4e8f4f2423cde8875aa8c95a9ce180cac6690657b8a70e5541d5ef46575cd74e063759fe4889f4d9737a6c9732f8b7f7836508814093b9bdac5733938e761b3642910d4df0b646c1b9583a502246988e9ab78de3d011e8590e48eadfcdb70c8aad6dfbe1dbd3ef20d9ba393db4e6cf91e3bb4e84883c60dc20ed974a5decde12d3c5a1c9a00999f8eefc244465f518425820b9713cbfc6027f427b9cd8756edec5b3a0301a01ebb12c6d412ee3422aeb8b291619f62f4ce41511156f73e54b5097051ea777af7cb73b36e1274ce1a3892007466cc793eb0515b8984acb99c04c7eaa51e175bd73d99bc0c67c8ea84d808a7906a6ad330ba2c9651b2ab82d0781a969873dcddb068c15b7899fd560a1c3d44b34e81cce079c46fd86522052659e2c3151c79a8ccab1dfcdb91f53ca067ea1b2aa507278e4166e817eb0d7dea67cde1598a1bdb76a8caf82add2b43fdd10bf80b0d2f32365849c425d6ac3d2d88a76378d23961eb96c8422e785ea61f33e4daec02393d51f44b177755749fe84b43f5246d20177800af05752af524265f34f62bd5167fa647d2118aa905a1af53f07e7447bee29675cc23f547339af140c0818aa974ca16da33e767d508e4f56726c7076acce57a9957d08348ef84a39188e800ca44682fccaa9ee1b42e1aaf7738dced1dce3ef2dadfcba2863f36b5f8080ed22539b5176bc2c57e52e4cfde659c1ce9e179c79f85d60ca51c7453dad593190b19a1be8f5c5b0249d70079f10f9d0f07f25a98bd95e6e6f71101842b55347ee008d58522e8f7598c1636c58fd20984a6bb17fd47e7db4bc72854054e7900cac4174cf0b4eda2406842955fd8a2ba00ea4d490dbbab02d659cea4c449d9ee37c8f35daa4740b3273693ee2c1b00965a79d18ad98ae92bf2e1ea84ff1e6181937d38765cb353c6223ead1257d88a8844cb0be17aecc2dd56b78dcd6e2999fe695db248dd68275a5ad0f223a4629b17a040a766b2bd2376d77a422375de14a3daaf4fee92f23ca831452826bc66d0cee2049acbde07bdbb6ce228147f9ed4f9437301e8ca9e1ace0684700e9623a1534212d4c557712a3196d86c86077e97172d7e89436e95e1d7e7629d5bc908e346e504839498890210ca15bea51bb2840f1275d36b99490ff0706aa3ca9e89f33fd99df863acc3bca504c15501ba9d987999ee118f47b7737d2dfe73ab257d680f983da1f5fd5975491ad966989f7b15e76e4e6b1a2987801adb3b7cd4cb1d2c9d0454429c2955643c8fb82ccf8e93051cc10081f8181af0d143deee686f67ec42db1e9914ed047e4bf0006af01028e3839451fa3e17d33586022c63cafaf6d0fc773c96143473316988d32f9943d7477604a27ae4b8a7093bee2cefe10cc02109c748d0676692a2411e5c3b4c4c1b9ac7f9b71a1a7126dacf4615e8c9c3d38f536e8b32e37f406b3dc44db80a00d6e423deec869edb32a411986be1517b6ea45e1f984a6fbd08edb25a305122fe5a90cc46af48ebc36433a1f27f43d85492ea60fd2f43125e7328da93f7aad97f97910112fed7ae7b1785822356a525df1f3ab4637b68d92ecd8d7f234973c686fb11821bb1de5f8459b57892f1dae08aae1924ee60a904d7be6e6611ec3d00002152ab7e0c29c7bf124dbec9a6eff25e619d89c27d187e3ffff63c996c33f4b7e967b607f36a8ac8dba6beb43395c9c9b2e3e36de29b07f9c2d60cdfd1d02813d4e508c56b99405b752758a01cc25bb5436ea1efd52c536fa1d2fb1cd9b1ee006d42b58600be2c1aba59c480cb6e9224d7a4df920598950634033087d3e356f35cd2f8b021d30f4ba79bc60eb6715c6c9bed84648552395cffa97c8cdb8f562f8f127f0e6f86dc61fab11ff782560d88cf2872d0e07a27f38120a0831a93c377298c2ed4fe180eb078422e5f030540fd21ebd414e6c42f1fa5491b5b8fdcada476376732edbfd66e10a475e2c0a43ccf6a41f7879f4577e987695d8d5097f6920fbe2b9ac2cb424de7afded1b5b7db89f3612c487770d58a7bb7517f1fa7a98ff6db3778d40c5f36b27d233a0c18587220f900f4a8e867e33e24c1981acb3445de995132d8fcc58f79ddb1475ba69c464071e95c0707c396c0b1b710cceb51efba5f30a271cd456d5f7216d90b412156ecb01dd41f15ac31980649c5eabc7fbb085a38318d43b0683cba055deb9dde4dc4584935473508837c1023993d50b434b311f126df6a0be0653b97a97bbc9b165098dac8dfd6ed6f033ccf7b32cfa3292296222aebfaec4dcd5066b66be45696067dfab907e2984f1bb6067c170e0617e245c9c09a85a061c4b7e2873ce0571b48d557007d5c7ddf5cc2ffa533e2a3975f3687a6d08a09dc1d285cfed129ec887d70bb5aded429b676c242d57c8f36721bf5732b1f25eced0ffedba7254486c9caab3fb3e0ad3b2dc332a06dadd39e5483a314b1d3086cc198b6b6b272fb56e35e0388b1dcddd484fde0ef9d855ca7bd98ebf0f686cec7d5e37f7b5dffbe4ab28c4422adbaef0c45649b0b830dfff90bbea3b7103ea9dd87d856ba7c5bb485319eecc71acc943c733f489ad72e13b1b232cd1eb4ce87917daad4b0405c9905f7a35501c75332d9acb36057715a6abd0958061fda860c00000000bc9aeac4f47acd022927c381012150fed83a99c2d7b268ff2e1c8d162d3feae2c5bdee747aa10566a94f13d4e1a00a4043bd179310e72ec8e4c68659be77907bba82fc416a72c0d2076821f77e8afdbeac769195a01515ab45ba73ec85a2f8a52146dbbc8d585def095aef4e4491362b596a84d2e9fd0131de2c72b71c4bd239146011eaa209957b2bb3f74bf2f42a17440749688d66a18a9d4a7d1e2bbb34dbb2a45460e69a1ec43467665c59438d35fe9b04a94e408ec4bcf7ba1a25bfc287d6189b65711904be9860f8a68d1bab99eed54890f963caef1fa0179224b650f090f67dca59f1241c2a25bc921d522f61e57d2bad88c057d3f7729499a0391fca3a62b27cc0a9b976da3eef333d88ad128ea757697ffdd50633b66b73ea3ddb565bc3d8780f9c0bb2347551969aaa500e7c030da2a92eb3f78d88b91eb547dba2e9be7ab2aa617f0890c39c73c8c2b35ff7ec529f6b8d08e3fcf2630e454bdb6474185ae72ba69310654c9c0b3ba158fe223954e1d46f9d27b0a4e090b0084918b2964bdcee31d258325b89ef96790ed1df4842b482023f1d22fb3e01280f1c8616153035f10bd65de57c1fa7d5a17e77b12e348bd3019092ef548c5249694168dd24df8a7318eccd779da4f547e9f162f484eb3ab9f5bd196f6b68656725d2624b61d09f73586753a1fb7eeb1721973f8e15522487f1dd1412b0f4846801d1abbfe53b755f15047981b162a1de04d52b4d4762ac877e4d718619e8cdba16df688fe95bdc9a1ee99c21004ba7e72985752d89d6892a4169296703fde314457f014ed89c129a4c83b5bee0bb93cb69a83313442837bc03679ee317cf8d1b908b70fae1b1461a398f310ac073642f954ab39e0eda329a94a5c12cf262ca4a25831dbc10aecf83d9d54776c379c230bb488cd6c9295bc31cfab61eb9b5486726f5c854db8aad2642d4468643f3bc8b25cdc9fda7aad04b06b61b185868a44acd46a0bd8debc1e431f19aeddfa3d0e480949bd361f6c988744acafae954c140192306c3066e8e434f70e8cd67b65a59923d166a95ca5e0515e2059e1f1aa9a74bfd49e4e37638bfa6b6117b790c4ec7f536d046c38f8ab6eedac1713bcb8860a18cac43e9add3c68c3ce5d17fbf76e966afcd3ed7795540650e093d39926f5e3719156baa54307b4f5e934f24951b3644a7657e798525d3f1207b28527a5bcdeb33e296c6c0e9e1757941ddd24a0d15c9a21918514a3143ef3fc2e775345ea10aeba6767686e9cfa646da377e88fd759a33ff20c9b258fd37d063d02fe22f090c5e324b507cd3bc42248a7abb2c7d0b1b85ecb5a67bf53a2f25d139ea523808678942e1588fd677df161b67b563a446a2cc69d9126fbf308258a13fcd6f53d92d9947311e3de4fa5acd7c2684d9eb3b4feb024e05bbf090836d92e30b68df6a7619542c9acbbb69dc73c781bdc7ef4b25c2af77186f493a5038a56508cc56b7085e13f4264e02a2a3bb515e15301371520481302f2367c883a5ac503ae4269cbbc8fb2f0f77ecaea7b8af04bc24aa90f677a72bbecfdb225864714344a8fd1c07ef664abaefe53bd76ba12c8bf45860a316812af87348682ee7005ac6a00523f4313102742ee5502d8c61c3321d1b872780192f4d00b12b38d0aedd34619c42f49b81d7bddc4ca481ed8f448bc3ad98b13f7176748838d623e007a24948480e978b80ce67ec952eca613091ad4f81cd521b2851bb8b2a6b1da0420eca80aecac9c0887988e1f29906c9ce65b990a00f22ba6f115a7a0001f511ec35dbcd401130173fded8b2e23365caf3d6d7c8f404383f16fcd76b17c220f88c1fe96211bd92c5803c63d9537a2ceb258508d9b1d74ca43174eaefd677ed6db63bb3d7712c9558c7879fbe67b7396c721407953db9dad13291f96d7d0290ad56cf1f65ccf58d3f5b8ba1f78f81d86ae0ea50926ff352d73629da44a6d31598dcdcf81355faed4f5a6ad8cc39d4a414b97f193c896bd3c270097cc96e4a5e36ca9a56a27c52a03decc4837d7b008acc1fd2724f97e0e9591afb5de3af3ec5fc16e1bee79098cc94d638375d69ae5065bedaed575e11b1b0a4d1189830856e8d48a6c50bf18cb9f8919fd8a55ad0b2f7d8c096c7f549fec8e1522be0de2a69699afe47e899ac6d5405c08e2e374326808ba76259d85b971dcce55aceed11583603dd280fd15c8e7b206e8bade3f6d83c6041838ea8b489fb9f92ab220ad5d3cd2af3f45cb2df7094d550b2cfea314469943a159e12c01897a7cc42904eeb24cc507e7ce7ffb4d22efdcd5cb5d75975582e14960fb0f2b83cb774faea32dfba7ed0e8b6a749785166cb5c77dde7498f67f7f20d0b85a7fe6e7f8a8e3f95bd795165f36440d84434cef17f81697816030e3a86bf003272ca4868ab935fa0d465fb10637a706c9fd04fa4d4eb421e87aa6628a1d6174833af4dbfceab7fc5989550c0847bf27a5243e3b318fffde95d11cf507bc4e092180dd228df9f89d193a160d50c223309eae580a09f2e78855f17f8ad25c1f5814becdfca7948c7045b242e22d5efab676fe717eb34d2f0fcb77289c8b12caadd2377b7ccdcfab61900971b4a2ac132587174117428739ebb109fa133e483956bd499dfa530cbb3d1df42309f6f0755b043d85776807f25c3b4b518a2274671eb38f3e82ad4397377f85201771877a7cc43b838791a4d4d655ecadf03d8c1687e961c83dbb64c4d54d4b745a3abca7e381a00c6f51f48f6f7ce29ec656d89a1fab216675febedfe6b08c35add5aeb8cf6c0b226d309a222e1783e45e560f6ea64bf7706787f199116341f874321b52b1135830ab8979ae5546aad4ecfdac0045d4d15b4ed2fe26e484793db6aa61d40333355fa96ac5d1b8a5b5fc033475cba14f344007bfd82deb64b5c2eda6c0d528e4de0c21802d6b27554c0e2090f2c4ebd19208ce904cc02756b44bb2f8ebc1d37961c0957a4815487cbf76fdbe1f2b77b563a5663a00952c92579399f7acc1d41d9289ea0345f02f6f760ced802c8e0b14760a43dd04e6c371ceab9f5cb3617cd7ab31457b6821c6a4f34b243fba61f5c553e58ca253d5723382cf5d3f8357347ee2af2d48d86367f993e4b80b849dd3f50b2a89338af97e11b9a796ae2548856cce01334bca0c558e160f16e74699c7eaefd699acdf4d5019bf70f2d9c083f62b5254262f05c01dba59b1779502d3ad310a3039447d730a2cebb1242331a9849921c07336e985a844c55ce6129a650b3fd7cbda52a0cfdf0ef566f24adb8c959e442e9d5663fa16561b185cfb18355863d9b9f91c3829c4b0ba580668402a7a100fcd4a4e901b660863a9537f46e4f36446945e8f62e53e8282ccd7cfe14fca161d7daf592188eb2e11e275f616f4e692db8f318e8fb635d1a2582a3c8ad3050995f4cd810c04b23aaa6b26a2276133b443280f0526c9b1c016a7fdc052eff91d167b2813ec4f868c2da5fd9568da148e0ced0229f415716c1caddba880efa2017a82829125e734b96333da0b15340c149b50be86e3017bdaae3d80ae51c35df37e67684e81b5933cc7bfbe7ef0486d57e3901f9ae3eb1d592eb3fc244ce6555d3d69922dd3dcefecbba207fcbd5144a5ff97bf2216c046348a633284db59c10662350c7484ced762f353cd01a971c88d0eabb68eef856d585e8f5a684dc948b094754362ba8d606f85a755a27895ff5b6b4ea0387574afdf362a43b5535a2838b3f00f24612b9ae47e95f15d8b828efe56152d77871cfda0e0ff9936db3fe9c49f0d0f5ef9b71b81efd2e92d0166a4970254950a51235b66866d5402740adaa584e892572a6f46714704660cfbcaa56cc27cb538a908d1ee2fc7adaa674ce7a717f6e0481a2374f768fa3df8368bf4281bce6f9777f958f36502908d7c921ba745d0cc16b8a9a67f15c26d4b005788b1e90b19cc13f3e925fc14ef31d624c7500710d8f80e5bd4b14dd6bf70c210db6077c69d2d1751fe999442502d3542be12b732e3793e6c5e5c33a15a792ea344b0ed0be1ebb1d4e896e3e62d8d85afad2ae134dabc4f0d3fc719c6245d3bfafa42f0cdc9c0d5c4ba5c20b9da975bfd2f211bee8589ce1dc9652c2c3cee2a5e8a00049e42afe4403a905b60e0dcda1120d32ce36b91719d6308c93dfaa16c23a3b37e88194778be77d5e9e64b39477b76b4644ca32525b73bcf1fd9dc9af7776f2149e368053c58e1c93e1ec4575cb5e0b2da61d5e6b19436f3c095cdb4af4ddfc3364975700e5ff5275f9336b8cb3b959a1cd94f6b9c3a33f35e9ba4b7fea0466edf54e5e2e06a79bd170392c02b09749f3d111ef60baa8016dbf9ba581beab2c43d094add0d7fb7e16f198f3050641255f30a57c3045c1b51dd6e5d65613167596365b9c67aaa36fc89c44fbc4c8c96c328554a63a15511b04692651dd5e30780caf0dfce976c665e7b05fa6143914837bc82fb9d9dc5a1660e28a697e8a0a32eb8db109c5a045243d86ea11847fb64ec450112d77ecba32de418629a4ea2ae3f7ed3625b26def5c19813a6386ab4e43838c1fad3d4e92dfd7d3f98b3cf46d6e20304851899c59661e9639f3ff52fa023114907d930d74d605f3f7c5fd9ebb446d807e96cf3bf3517e369dc98f489026ec035a86f3719e1e50a48c0381f7fd2a7eea1d3a09ef7a0ba50b2ae28c2c955db4761ac005226ebc0c18d108e8ac066371be249b80eed88afee799411a50381cacb2d5164f0827720eb9d11b5cc548c2e145291dfbc5d4f70646dfbca077ce8ad3a3f8c627021295cbef70f5013c53e8fce32116e678a7b1dc535d43b429d330e9193f8de1a6c1da4353a86bc722ef1cffe59a012ff9c5f45b85e55ebdaa6b36a519c544ef8a86095e522d7dfbb9cac41e826fcc4bc676297141195f839ebcd8f64599fb15856960f97bc70d2336507d5060282d0988f354eb757c6f4b0ee77e2c0889e5336633ac28e2651c98e7f2fa4c163f8fc196b6798c1400c46710abed12a33a95afa56c7fe55de0b48cc984c80f6d98d212daeefdbcb457217b3962436e481d70967cab6b0943d5da59021ea9fbebf66e86943e029ef95d46d347b834098e1c8fb4c35d15945bc2e336f74c6c80430ad5fc4f5b9c6b41245ecf151eea90763ce3e09e050ae1c0925fa7a5ddbb7f210226cdcf9ee406041b73a5988646b90ed382d08e7a147078f9de025f5617017ec70f65dd25d7ccdb47ad7209474f4ca461ca46f0afe3cb405c3b72d320016d01b62def93fa4fa5a34df145c526fc497329a9e29ce17a929893f7beb417c88804418271dbeb51115821db4737b9cc467f190209649f543675defbf95640d20cdd124e85788b703213f4e99b4f36b74b5d44b67b7bc995ba133da4ae92f3a3db49c9ec039e0285001fc16760da0d07552e1ad621a4bac6d0b6409316e8a78273b79aa70df0e3ca024336d42c530550be8c68897bfa6a44f595bf5be48f8b25b48825ebcba815db4b3124522bc71e3970dbcafd479a6dab40f745a655cc3f9dd5aeb046d25baaaa160ba21f8b3c0292329ae107483c8caafcd70d041facfbf705dda95370a91879fc0ab9132e3b7b02cad69417178c4f34909df7a373bacb289476c25c901be7b52aabfdfcb3415ef3a565c7de2f0128c63e16984e2e98ad23e06b890f22894ebeceefdb472192e501e2c791232933b52ea4b9c4e9fe3654b8b1e08048fbcf58fada1cd49ca6658ce6ecd12102d90c81eac26090efa36514553abb298f7cf1a43bd6d473c1436b6be9e87445de726cfffb00c72de49db0585d677d5b245e15f9a53b4c258ba2fd67d38afd9ccd0d409c0bad675fcfbc1f4e5166fd1b29203274f758f55a266b8f7c9ec8ef1dd4913727fa392ce6b11baf902ea708adddd836982a609718c1dfb810aee6f21e47c27dc6b4eeebe5fc21aae6fe7d2908679c873e2aa45a1ee14cd7e10586216d5e17cdbfacd4bfedf00b7ba7fc46d4ac90667329ba76b4fcc6b991a55c9ed159a2fb9525c975bc0aa4a291fdde14a78b95adcde52fcb5a893ee7b4df6631b3ed5a9d9d9ebe36c7cedea777a9e67faad7f7004f0a820aeb6636f24685a15d12abc639aab2233b36584670c667f9e7a3fe1195d35b268d1052d5b4c9625dc963640c2c5e6c37d36acc31755b34f3ee2af7b7ba5dbe105322a3741c567c9edd817f6488fe69301b19481fe2e2cf74b19d4b224598b0ce1fa151fa1ef3d69aaeaab397a5eac72e0b969a09b85e3258e891db207393bc281afa93468b29b7e55cc2decf8292fc68e1a02b2faa873a846680992b37a548c8f724c0125027faa58be5b2836206cc34c063b50270d7fc968dab0d38072ca90bdef91119b72ab417d811d2f32bd41e6ab2bc5b5293f92f7a0a4f172bfea5403cd418db95e1a4232f78f6afd3d13978e206d85fa9ebe2abe444db065d03b6169bc9f0dbfc19237a74bd13c1ef844f839b20018fdaf1be6f1a171f6f3ce2205fdcce38330b88ceba0c5eae812e12be99993d265f806e61ec42c9527287967a1c3b27afb1edc35a5d17bb7f4d20ea708c62c9170ba2ab710f2d7f5dca7b33e0f9434cf0b6ee846fc8bc45d39f252ec682732fb090f46032491155d83a30894a259e037e57de7523481bcc2d704d8d728fbdf048df30f7e4861f62b8e63de47b3838b5062ccd2c125bc581024ea76bd4b1f53057f37d329f7861a2a70fd3b6d6fe252a1b892192ed75c585ab809f702e27e237c4aa2dc947585c2086eeaa29c3ff7e02cb7d3a0aa3a8156d2897daa9c45a2e28ba14fd40c8a3a058805e4b5b10641c3c25b9ab80cce83206b13a1e2bc362eb5ab7e0e677c01fc0486aa32862ad0afa4f1cc8496b961a0eec71c26ad107ead599d8ddd59d85adceb3ea442efcf8ed64f4c66547344dc81ef5b6ac102434395203f58d59656d41dcc192774d70f4f2964e304efde831126d402a240325e603347aa43626b5eb69b0", 0x2000, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x90, 0x0, 0xb5, {0x1, 0x0, 0x8001, 0x0, 0xffffffff, 0x2, {0x0, 0xe, 0x0, 0x0, 0x7, 0x0, 0x3, 0x0, 0x0, 0x8000, 0xff, 0x0, 0xee01}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) utime(&(0x7f0000000340)='./file0\x00', 0x0) 9m45.127918091s ago: executing program 3 (id=8805): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write(0xffffffffffffffff, &(0x7f0000000140)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9348bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba", 0x323) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000380)}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x5, 0xff, 0x2}) 9m44.648255518s ago: executing program 3 (id=8806): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000006c0)=ANY=[@ANYBLOB="1201000000000040c41090ea80000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x8, {0x8, 0x0, "392cdaab4a73"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x20, 0x1, 0x3, "c282fe"}, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000000c0)={&(0x7f0000000080)=[{0x7, 0x0, 0x0, 0x0}, {0x2, 0x6a10, 0x1000, &(0x7f0000001700)="14e21d25749b9cdd90129680b5c0500248eb2275aa419523aa69792d84700f30e1d2a9a80003b7d7d58805645a5b9307122df0d3ad8fe1445f43d1597872b0e20b4d75b6047622714aff841e0d6a0fe07e859fab063bd1c02a952e8e84fedb5603aaeb3da28b7cc2a0a9748134f5fa6e0c733af48b93f2c35a7944cb0759f3861691e67659101ddf79a8fdb791b18b4a41be03405e273931dd1790a2aca22b655ae83fb127cc51868f57ce57f940bff7c4647a5d31db311fa5d0a9e89bff78b995ca03dd0d10d935bcf48aca013ea7b6b684cbbdc9fa3eccac1d673ea996569b7ac50ec5371bc2dcc1f97de1fc05901f2ad7fbc3c9a3dcfc0b17669551cb1d53d978c363d8cfc38bdf99ee5ae5b9e64ee27f515ef0ce9d94db3c0cb1578bc1c4762c86bc578b92f7c69c7f99e3fc485786aa03fae6e5a2500eb94b8e7b1a24d0cc0b85bd4663c109c71cdc852001cbaf3225a4037c49828fd3f8e175fc1a9a2bb6e48ab72c3c07ec3c844367dd0b4982a08ebb7a398e9add0b1bb4f60839507b37f2a5179af6fcea9e84421fb68c1e02b0336d6f7220cd620decb01ff4804b2abadfe249346020ca978d547363a5a8e325f3c7de8a1265acbf1aaa00854cc8f54d3fe0e70182748895ad0667b1af9b48d0df913424a49b07f99c11e5c2864403738183d6f404aaddafe01e1f47d7a133ed3a0b64dd70ccc1e61e1f18b52fb450eb8ea24fa80e8b6f18d6ccf7d4138502aeb6b7d0c9a3dffe362b7e88eb4f9bf88052a0037770281483dcd351e5c588f9b1b150ab7d597a198cea417476c1eb478328d97e2e892409d638727fdf3bf6c0dd253332366e4c4b2496606517c6f4e092504b199f192612a16a7896354c1ce217d95a34f8c260b256b6b1c7d8ed3c2b544a36bb7ef0656f66107f0f529c4162a827c553a67c3b5c2e6fdeba91666f294f26e972e695921862910abe890461caaf598ae98405214b5fc61cd9713efbac8e1030696a06d40656349bdff67fbad46987346c7bf345ce02da790dc0a536b1d9b656ea45428415aff654a2964ed185c276c2e1fe2d3687f44082cac2723dfb1b2deb33302ff65b19b5761958752779b465ebd32ada2e3040c1bf67f74dcc1bccb294c4e1a3d89bf3c1f580c69205527c4b0f6afdb63cd531eb1b7de83c6103bfbf7687c63f363b1209cb3d7a07e1161e7feba2220a852f203ccdc44bfd8fd039a0880c01f9f92ce413f1461ffe15d660e3ae3be73cad024fae1bd022f711930f9e95b1c08aba274ed54f95c42145c3d658441ca120407429b29efb2a766c0d6e2ee50bb6678602780af4febc5c16a14ff32966bb68246610440606d8243017ae3a10b7258cf25dcfa32ef9e4bac19c3a4a8b6af704e4df210b2aa41946fbf1c60e9fce6277dde35344fa2f9adfa7e6e54626c90b13a591015f164923e2788b65a4bff6421ef7ce1549b3e66f6a5662efe30b754596dcb675c3b5fc65216a75b9954dec559e62c4de4629701792959cfa5de7b9697caad13804a6b8070a9578d40022036fa893ecb54f0a6255896f4f3dcb2454f793001d5a3222816d2e57cca4c0ce93b1ad7a9e05ec34a2d7d1ff3e86f17052afe0f73058639bdc95baf6952901e725ac105131de23000195abf1c2445f49120b3aa346118f4ac657b068c8ebafd672a5c52a17ac9c317e3720374933a1601b7a03b3ab99d9700cc5b03da8f29a0cc97fe27ac6d089da3c53f50747f0086f0879863e4814816b06e721e616e67105095a5d744af0a11a7c405aa9a3198b62454b9dd30c5331ff8b960a09f70cceb90c5e9d2b07220c1e9f4d84ac28e5f08e44fc63695795312224246b17e473204c757c1a9d33ea10a2ab7b20f6d3fced01c8e09b6d659f5754e9164d446f5351482cfbed925ac88ca73d07d89057ef96e12031a62f882c381accd492858b7c29fe5583eeee19d2d14c7bf695a70c329094f86de0deba60c4542bf0a3ecccf01bb651f5877cebf24ee3626e9a0d73e1386ce5dbe8e6821cf9a0e93df7aeb182bbe710524176b650ddcdc4ce38c68648d652f87d2bf44a547a607d7bc6f070eabcad6215742f97be8b1f8f0ada879d8ca0d6f4062de4c975eb59fd33648916e686ba2f9333ad8c1e64162f272ce5bc6e2a8da72a9bd19dfc8f9c45f3ad6717d2fe9719add1a04c164730bbe8acac58eb3634747483033b4c2813f6c47d9b5a62f6a7b3d0efc139fac32b07dfe508522eff8a447960f9be3e15b5bbf27611bce19cbc633fbe7ec0a99987efc9bd3429b6791b5440a07e93baded5ca1f7f64f6fcae8d243f297445d2e01e8a372bf4746e889f43ec60a564dd87cdb29c600a60a17f7de996d0a5bc0089356bbd863fe72ad7d41fcea059b4ef9906eb6d0413e173043cdb8d6fd59bd2265bf673ad46ec7ca610dea3535fd0e9725e3bf225046b46166a04a6f7c9f936881d374e7b0477615a0e5d430da488fb5a67b44a0170b09f73c58204575ec2ed75ecefa82427ce763099c56a367abf1c682a6ee090f5d06b459d336c54b27e3a2e0dd3652af79bb8321a111c607c39258654f66c26559ef3f800b456ef49d4c4276466eccbc48b63d1ff213a0e37d5ba65ca1329c5fceec33408e4a1eeaaea605992f5159b1a2a4844e1070013cad1f2a9251df9d2b541f76f8679f16ba8a1a0d87e224ecba849e68af38987a9800a76f40443f54f0f6894bbfd1b5d89938f757f3349d29334074da2475e850335441455724bb901f593387204cf0c60fa214197d60ec4fe5c027755256e82bcf801d4ecf33088f838c3167afb94cd926c31a135ee54d09a3237fbda0ed8e484b129be8bb30dda3a47f49217ac04e5bff896d6dfbdd64f577452e80b58a16beada7abb8d5e2ae657d5a9895d40eb07e0edcb9cea2df8a6a6163da7be3d1a5e609e06f99aab899a569ae15766952f854cf83bc545165fd0f3c3e13ec9ec06e13ab9bec01e2498ca75e1ab111d019255e79b5639d195f23f0e826a1951db3380738ca779fc9e85a27db2ec29e05d8ed8a15fe11923640ecaa52aa0772ce3fafdf5a7f4cab3ce429fea260a408e3ec37848e27bcda2fce429fda13e671fff777c5748d2a52a3b25bfe34f15a30906871c03c4dfde9c443c09ed2bab0c54c644708bf4b5001661f68e28f458b104796497f701cae2f3762b5b7d6da74bb6bee7f472f74ab96fe88ab5dafad3b679c4a5a88a41b2b2f3f670931a2171cc66367ba43e74e830ddca2bdb6338e75725e6e5114086aca11784d1d72d4352509a3ce43e66b0d73efa26201eab115d5411c2e4112859d58f16d1f9059ecdfc3c65c4d83c2ad4f3962cfa606041a36255044cf15d3ffda634ad0dccbdf24358dbabe36bc9d0a7b8bf643f758235deedafb684478733f2c6d686d004af9a186b1f43f179ef55db85676d19d13420441e9878e03aea47ca6c1c2f19bb0d64758adc3faf78d1b01d9ce197b525aa25ec64737004a1652641a82b371f51c1da0e985a8411079ae7d5b68804ba3d0ebe2e221a92cdb8af192c948d7e39b0c23672dbe3a48e000e180178bfe6366c7a6be5026348d11c7187026cc9ecb8ba1ee9e24876fdd749a9decf5608253eb07289ad5ae4d03643dc9f60b57f06eb8e2a3765b03c7c9369a209425b9895480cca10f05acc4c2e0977ab98520d2c4ff7ba50e20d3763e9a768c35218604224ac344c925f13e969a99835c1aad254034ab7d5948c6eaea6b7dc37b9b93493d7f324939bcdb51c96eb4bb79b43a3ec5de61b987386abedd0e3a8263aeb6081106a5a4a7b6fd2b47377c6e790a0cb7ecceac4f70283e7857ec175a4068a8a40c7e430ef0f87a7ddd204606d06576e7689f5342c8f05b54fa38415f2cebba5c9bcc2ce74c63878b713e9a8fac8efd9ed1284e3395fa64ffe8dcbae570ef6475cc0d99ae940b26921670748f094ce1abbcb5f691ba94c2162c04e73b959a7960512779d6dff85527d84f34d6dbdadf24c62489d9d34baaeab14a7ced05560cce1fd79b61f8f17b4b5e12a60a4d3244e0fc0a38938b73b108b34227c6ef551c1f5b704d1b4249886fc089231aa76040b57b3b8c756be5ec64a640ee80c1df1879c7fdeadf0bcebb15593b7f763e35bd0b865ae2068e5ec67f100d551fc8ed93ec90c7c922df5c7976ed1e20b02fbc901327b15082746b7d5968cb0a29ada26cdc6de2d2b675a57883477db01724a3a37970d85d67447eb328b489bd40725c6bcadeb0b2a131a3fbb3a962ab707b8a44275cd6c5ce7dfe67c6a30023f8380305cf2be46a52757f71e3039781278c32a256117ce3d10731cf2189a39b8668d7566d0e1768456801dbc25042675b56285deb656d452ac06590963841fdb232446b2ac8a7006ccc04f4d7c63c4c0fb65e2df0592bfaf29fa73bb43b6ef43611c920b847b3a0f6f3a1a84e2a7a5aa7edabf3e79afd5eeb4fd9b965d46b27000007e2a4a07254175b1a32ffc8e40ae48c29df8722aa91513a0f96744be36c03abe7cf018c530be11c2b23895fb7780ea4f9b058dc0c7cd743b2d2a81153aa55d1a5c0b25dfb0629b8759a03f3f24e56345ad7bd0109602c0f3c9052eeb5313bb2b7fce0f8b31187242fd07c9769352704ac9b21a9407a49d99c62c8c1d3f51f1f2192652e028b6d857b29aefe2f7eacf234cae29dd823ea7aa3f7d9df2ae1c18024e6aed4548be4d981bf9c41dfaa7bebefcebf0c515a3145b366c60aa19184371074f9b79254819e47f101d4d2c1aa412fe33c4316da96573104eda48111bcff1ad3e9fde2da8f0dc6395234afee0d72f374ed7e4e556b9bc5c7d45301b5f042671c551f14d43ed394f181b51931f2eaef2cb8c92a4c3762f604e43a45c1103a98e7ef5ece1c9a52a55af496f1eda945e0d8cb0bc4e68764dd23e6cb878e5763b1090bd92927cf20dc12a331347e41c6225b3bedda60721fa4ea4054d27310355cd49faafbd87bfaba41e99e6e3b7f716fc3734bdab99fe5ea9ef089ec890e0498892bf9626349a653034fe6e29414cbbf34ba268e950fc902c4827a08491c4f6f0128d5609ea99ff3373f478f32066533ae578721cbd0538cba64260f201cd857aa9d6fcef29bd541770038a6221d0e8b37c1d07d60d28ff60ea41208cb09ad46ef0f20ad695015d924087525a8adff9170e566e1c3e1c0dce7b2f5d02656e4c96072f4d683bd7d67982826ba5d1c18904281b2544f9494743b29c3a2db64474619f55fd997184c57dddb207645877e6889310b59c0bc319e6986539b37ff7266a9107ebcbbda391d1b5e51262f6c0357a8a40928046798da41f70e58348e49b8d6fbae41f1cb8c4294b3245fc70f3a04d4074a4c4d127b913e9dcd0a61d75740715fc647cbd5bb1973fea7f1fb2df7c4f165386639b70c78fb14a3814865ba8c7192b53cb84d755316b884c86e7d77171c1222359c9dd6205615f478caf4ce6214971a98a8fff0340951dd5b2624c9637953edea08dc28481a48e42dc5413ea0f055d45bdaf64da9a50cc380a5cd3e68398ce75487d4040da2f32356e728d2d6404549e2c6ad6370793992a05c1246a3786cd45f17d970d42d92c9c83e942c8d89fa1416e5dddc95760ffc954d1c942a825d0c2a7ffe494145725c423334a242428723e5e8de726ae0ae364198aaf2f754175ed428479000e17e50171671c31facb7c8dd56e7fc8a6bf710304b2f7d7661a025fa8954c18136def8f570019821f432c566d6afb7d685c59faaa3a7c8300b7d24bccf30a2eef04f8636595eef00c0ca8e50256a932f1"}], 0x2}) 9m41.801706274s ago: executing program 3 (id=8823): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x4) mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x104000, 0x0) 9m41.539245445s ago: executing program 3 (id=8825): r0 = epoll_create(0x1) ppoll(&(0x7f0000000080)=[{r0, 0x9018}], 0x1, 0x0, 0x0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0xf6b1, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x16, 0x1}) io_uring_enter(r2, 0xd44, 0x44c1, 0x7, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x20000003}) 9m40.913431207s ago: executing program 3 (id=8829): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @pic={0x3, 0x7, 0xe1, 0x81, 0x9, 0xd9, 0x40, 0x41, 0xfb, 0x5e, 0xc, 0x0, 0x0, 0x40, 0x1, 0x5}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x5, 0x20, 0x3, 0x0, 0x106c, 0x100, 0x0, 0x80000004000080, 0x0, 0x8, 0xfffffffffffffffe, 0x4, 0x5, 0x8002], 0x1, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 9m40.066494188s ago: executing program 43 (id=8829): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @pic={0x3, 0x7, 0xe1, 0x81, 0x9, 0xd9, 0x40, 0x41, 0xfb, 0x5e, 0xc, 0x0, 0x0, 0x40, 0x1, 0x5}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x5, 0x20, 0x3, 0x0, 0x106c, 0x100, 0x0, 0x80000004000080, 0x0, 0x8, 0xfffffffffffffffe, 0x4, 0x5, 0x8002], 0x1, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8m26.080090388s ago: executing program 7 (id=9211): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x4}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @empty}], 0x10) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x5}, 0x8) sendmsg$inet_sctp(r0, &(0x7f0000000140)={&(0x7f0000000980)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000380)=[{&(0x7f00000001c0)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x4000891) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0xe9, 0x9, 0x7}]}, 0x10) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000001840)=ANY=[@ANYRES32=0x0, @ANYBLOB="ff"], 0x8) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, 0x0, &(0x7f0000000100)) 8m25.900140945s ago: executing program 7 (id=9212): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2da8}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x4, 0x0, 0x2}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 8m25.777869467s ago: executing program 7 (id=9214): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000000)="66b80001c0fe0f23d00f21f866353000000e0f23f82e0fc7bd39ce0f3564660febd836de880700650f8f7300f72f0f20a6baa000b033eef081486387d4"}], 0x45, 0x4a, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8m25.350953349s ago: executing program 7 (id=9216): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x41) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x88000, 0x0) move_mount(r2, &(0x7f0000000380)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x100) 8m24.437188158s ago: executing program 7 (id=9222): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000001d00070f0000ffffffa1000007000000", @ANYRES32=r2, @ANYBLOB="40002700060010"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r5, @ANYBLOB="0000000003120100500012800b00010062726964676500004000028008000500010000000600270000000000080001"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) 8m22.965821976s ago: executing program 7 (id=9227): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d1100"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x3) 8m22.356299308s ago: executing program 44 (id=9227): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d1100"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x3) 6m10.894307282s ago: executing program 1 (id=9875): connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x77c}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f00007ff000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000580000/0x4000)=nil) mremap(&(0x7f0000580000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f00007ff000/0x2000)=nil) close_range(r0, 0xffffffffffffffff, 0x0) 6m10.410722339s ago: executing program 1 (id=9876): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x117, &(0x7f0000000400)={0x0, 0x0, 0x10, 0x0, 0x3a2}, &(0x7f00000001c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r1, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000100000001"], 0x18}, 0x0, 0x40000, 0x1}) io_uring_enter(r2, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) 6m7.651109716s ago: executing program 1 (id=9893): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x4) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000020000001c0012000c000100626f6e64"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001480)=ANY=[@ANYBLOB="4c00000010001fff000000008000000000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00?\x00\x00\b\x00\n\x00', @ANYRES32=r3, @ANYBLOB="240012800b000100627269646765"], 0x4c}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@setlink={0x2c, 0x13, 0x1, 0x70bd29, 0x25dfdbf8, {0x0, 0x0, 0x0, r3, 0x3007, 0x409}, [@IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8804) 6m7.341399744s ago: executing program 1 (id=9894): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000380)='./file0/../file0/../file0/../file0/file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0\x00') 6m7.143293177s ago: executing program 1 (id=9897): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000004940)=[{0x0}, {0x0}], 0x2, 0x0, 0x438}, 0x0, 0x12f4c4729364eade, 0x1}) io_uring_enter(r2, 0x3516, 0xa00100, 0x0, 0x0, 0x0) 6m6.949914574s ago: executing program 1 (id=9899): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f7410262e66f36d0f330f09660f3a0cb90000a6752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x31}], 0x1, 0x4498bda7e2139f37, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x5, 0x40, 0x40, 0x0, 0x3, 0x2004cb, 0x4000000000000000, 0x2, 0x3, 0x0, 0x1, 0x0, 0x2, 0x9, 0x1], 0x80a0000, 0x450}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6m6.671264498s ago: executing program 45 (id=9899): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f7410262e66f36d0f330f09660f3a0cb90000a6752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x31}], 0x1, 0x4498bda7e2139f37, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x5, 0x40, 0x40, 0x0, 0x3, 0x2004cb, 0x4000000000000000, 0x2, 0x3, 0x0, 0x1, 0x0, 0x2, 0x9, 0x1], 0x80a0000, 0x450}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m0.036268363s ago: executing program 8 (id=11124): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x28, 0x5, 0x0) r3 = syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0xc81d, 0x10, 0x4, 0x2cf}, &(0x7f0000000300)=0x0, &(0x7f00000002c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r2, 0x80, &(0x7f00000001c0)=@vsock={0x28, 0x0, 0xffffffff, @host}, 0x0, 0x0, 0x1}) io_uring_enter(r3, 0x47b2, 0x10f9, 0x82, 0x0, 0x48) 1m58.468508557s ago: executing program 8 (id=11129): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfd, 0x7fff8000}]}) capset(0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x3) r4 = eventfd(0x82f8) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0xf000, 0x8000000, 0x0, r4}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x7c, 0xb000, 0x1, r3}) socket$nl_route(0x10, 0x3, 0x0) semtimedop(0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1m58.109325872s ago: executing program 8 (id=11131): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000bc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_handle={0x77682a85, 0x0, 0x1}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@binder={0x73622a85, 0x0, 0x8000000000000001}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x0, 0x0}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000440)={0xfc}) 1m57.974104971s ago: executing program 8 (id=11133): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080) ioctl$LOOP_SET_FD(r3, 0x4c00, r2) ioctl$LOOP_SET_FD(r3, 0x4c05, r3) dup2(r2, r0) 1m57.311626155s ago: executing program 8 (id=11135): r0 = memfd_create(&(0x7f0000000180)=',\xea\xc9t\x8b\xb7\x04\x1d^s^\t5\xa1i\x01\x00\xd4\xd7\x02\x8dmbs\x0f3\x92\'\x94N\b\xe0m\xa4\xe5\x8a0\x05\x00\xa4\xed\x94 \x15YY\xff\xb4\xa2\xa62:\xfa\xf9\xb7\x05q\xa4d\xda0y\xd3\xd6\x98\x9f\x11\n\xf44Q\xff\xff)\xb3|\x04\x00\x00\x80FD\xb8\xc2\x8a\x99Y\xf6:\xfeT\xa1\xb8\xd2%\xa0\xa86C.\x01fkB\xba\x02\xbb\xebZ\x87\x11\xae&\xb0\x87R\x98H\x8d8)\xe9,\xa2\xfa\x7f^\xd1U\x1ajgSe\x8f%\x0e\xf7\xc8\x05\xac\v\xa8\xd38\x83\xd5%\x80,tk\xc8\xf5fe\x1f/\xa96\x8cJ\xb7EO\xd4\xe4r\x8fk\xac\r\x9c\x00\x00', 0x4) ftruncate(r0, 0x7000000) r1 = dup(r0) read$FUSE(r1, &(0x7f00000063c0)={0x2020}, 0xffffffb5) io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) execve(0x0, 0x0, 0x0) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) semctl$SETVAL(0x0, 0x1, 0x10, 0x0) socket$nl_route(0x10, 0x3, 0x0) 1m56.440865419s ago: executing program 8 (id=11138): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x42082, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x200103, 0x0) close(r1) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)=ANY=[@ANYRES16=r1, @ANYRES32=r0]) socket$netlink(0x10, 0x3, 0x4) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r4, 0x0, 0x0, 0x2004c860, &(0x7f00000001c0)={0x11, 0x7, r3, 0x1, 0x3, 0x6, @local}, 0x14) 1m55.69974908s ago: executing program 46 (id=11138): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x42082, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x200103, 0x0) close(r1) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)=ANY=[@ANYRES16=r1, @ANYRES32=r0]) socket$netlink(0x10, 0x3, 0x4) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r4, 0x0, 0x0, 0x2004c860, &(0x7f00000001c0)={0x11, 0x7, r3, 0x1, 0x3, 0x6, @local}, 0x14) 13.95486018s ago: executing program 4 (id=11428): socket(0x1a, 0x80805, 0x1fe) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) waitid(0x2, 0x0, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0xa9, 0x55, 0x8, 0x7, 0x8000003}, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000600000000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0) 11.518782057s ago: executing program 4 (id=11433): pipe(&(0x7f00000007c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0xbdc, &(0x7f00000003c0)={0x0, 0xec25, 0x400, 0x0, 0x24d, 0x0, r2}, &(0x7f00000006c0)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x8, 0x0, &(0x7f0000000140)=[{&(0x7f0000001800)=""/216, 0xd8}, {&(0x7f0000000440)=""/128, 0x80}], 0x2}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) 10.804717627s ago: executing program 2 (id=11436): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x110) openat$fb0(0xffffffffffffff9c, 0x0, 0x22902, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0xc, 0x0, 0x0, 0xff, "810000cc2b000000000000fa25ffff00ffffff"}) r3 = syz_open_pts(r2, 0x141601) fcntl$setstatus(r3, 0x4, 0x102800) write(r3, &(0x7f0000000000)="d5", 0xfffffedf) close_range(r1, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040), 0x0) 10.798791012s ago: executing program 6 (id=11437): mq_open(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x8000013, 0x20000000) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_io_uring_setup(0xcd3, &(0x7f0000000400)={0x0, 0x5889, 0x1000, 0x3, 0xffeffc01}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) socket$pptp(0x18, 0x1, 0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r2, 0x80, &(0x7f00000000c0)=@un=@file={0x0, './mnt\x00'}}) io_uring_enter(r3, 0x3516, 0x483, 0x0, 0x0, 0x0) 10.260272369s ago: executing program 4 (id=11438): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x80000000001, 0x0, 0x1, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r3, 0x4068aea3, &(0x7f0000000180)={0x8f, 0x0, 0x2}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10.244537154s ago: executing program 2 (id=11439): socket$netlink(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0x3fff}, 0xc) r3 = syz_io_uring_setup(0x497, &(0x7f00000003c0)={0x0, 0x465c, 0x800, 0x3, 0x301}, &(0x7f00000004c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r3, 0x40f9, 0x217, 0xa5, 0x0, 0xf5) 8.099205868s ago: executing program 6 (id=11441): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) gettid() ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f0000000380)={0x28, 0x0, 0x0, 0x1d, &(0x7f0000019080)=""/29}) socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x4000) shmctl$IPC_RMID(r2, 0x0) 6.214352938s ago: executing program 2 (id=11444): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x4361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0xffffffffffffff9f, &(0x7f0000000300)={&(0x7f00000000c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_NAT={0x8, 0xb, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f0000000240)="800000800000210ee7decd7a000000008100", 0x12, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r3, 0x1, 0xd8, 0x6, @broadcast}, 0x14) 5.995167134s ago: executing program 4 (id=11445): r0 = socket(0x400000000010, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000800)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x4, 0x1}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 5.825832765s ago: executing program 6 (id=11446): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x40, 0x0, {0x0, r6}}) add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) io_uring_enter(r3, 0x47f6, 0x0, 0x2, 0x0, 0x0) 5.560329387s ago: executing program 2 (id=11447): socket$nl_xfrm(0x10, 0x3, 0x6) syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000000000010811798080000000000010902"], 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) pipe2$watch_queue(&(0x7f0000000040), 0x80) pipe2(&(0x7f0000000080), 0x4800) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 5.437079456s ago: executing program 5 (id=11448): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) connect$unix(0xffffffffffffffff, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x14, 0x0, 0x1, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x40) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.266023586s ago: executing program 9 (id=11449): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x4361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0xffffffffffffff9f, &(0x7f0000000300)={&(0x7f00000000c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_NAT={0x8, 0xb, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f0000000240)="800000800000210ee7decd7a0000000088a8", 0x12, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r3, 0x1, 0xd8, 0x6, @broadcast}, 0x14) 5.153618507s ago: executing program 4 (id=11450): r0 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) syz_usb_disconnect(r0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x3, 0x0, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000000)={0x0, 0x4ec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x5) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 4.657588185s ago: executing program 5 (id=11451): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000e00)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r3}, @flat=@weak_handle={0x77682a85, 0x1001}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) prlimit64(0x0, 0x7, &(0x7f0000000ec0), 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000680)={0x8, 0x0, &(0x7f00000001c0)=[@decrefs={0x40046307, 0x1}], 0x1, 0x1000000000000, &(0x7f0000000340)="cb"}) 4.503833281s ago: executing program 5 (id=11452): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mremap(&(0x7f0000006000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil) r2 = syz_io_uring_setup(0x10d4, &(0x7f0000000000)={0x0, 0x615e, 0x0, 0x0, 0x1000034f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8}) io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0) 4.408944523s ago: executing program 9 (id=11453): r0 = socket$packet(0x11, 0x3, 0x300) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000580)={0x0, 0x2, 0x6}, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00007c2000/0x4000)=nil, &(0x7f00009dc000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000726000/0x13000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f9}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000580), 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) r2 = socket$inet(0x2, 0x80001, 0x84) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x10}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 4.407322463s ago: executing program 6 (id=11454): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [], {0x14}}, 0x28}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x1, @local}, 0x10) connect$inet(r2, &(0x7f0000000280)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@remote, 0x2, 0x6c}, 0x0, @in=@empty, 0x10, 0x5, 0x0, 0xb7}}, 0xe8) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x700) 4.241917943s ago: executing program 9 (id=11455): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newqdisc={0x3c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}, @TCA_RATE={0x6, 0x5, {0xd9, 0xfb}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 3.317839395s ago: executing program 9 (id=11456): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x39b3) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x1b7f, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x0, 0x20002f7}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22}, 0x48) r2 = socket$inet(0x2, 0x80001, 0x84) writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 3.312815681s ago: executing program 2 (id=11457): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000}) close_range(r1, 0xffffffffffffffff, 0x0) socket(0x10, 0x3, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) io_uring_setup(0x6c7e, &(0x7f0000000140)={0x0, 0x0, 0x3000}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000140)=0x6, 0x4) sendto$inet6(0xffffffffffffffff, &(0x7f0000000180)="1a", 0x1, 0x0, 0x0, 0x0) r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) 3.138782525s ago: executing program 2 (id=11458): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000940)=ANY=[@ANYBLOB="400f01"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000240)={0x2c, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000280)={0x0, 0x6}, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) 3.060245986s ago: executing program 9 (id=11459): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003340)=@newtfilter={0x78, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0x2400}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4c, 0x2, [@TCA_BPF_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x8, 0xf2ff, 0x2, 0x9, 0xfffff800, {0x8f, 0x0, 0x10, 0x13b0, 0x200}, {0x10, 0x2, 0x200, 0x1, 0x7, 0x7}, 0x9, 0x7fff, 0x8a}}]}, @TCA_BPF_FD={0x8}]}}]}, 0x78}}, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_usb_connect(0x5, 0x4c, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201100335fe6510ca1a8eb232920102030109023a00010d019002090432a70201039e08090588061000060408082387ac33afe3410725010305f804090507020002040266072501"], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) r4 = fsopen(&(0x7f0000000480)='squashfs\x00', 0x0) fsmount(r4, 0x1, 0x5) syz_usb_control_io$cdc_ncm(r3, &(0x7f00000000c0)={0x14, &(0x7f0000000000)={0x40, 0x5, 0x62, {0x62, 0xb, "d0ee44b867edc4e7d1752ba363b7defe459dc7cc528e3417500a6b3f593432b678e2b9297ccdf280fd3968dcda2b8b4dd7e1f1bae9dabd54e953e46a3bce6d3cd09800277deac753ef4ab32d940d000ac74010d8d5e249a659fc011e6ea587b0"}}, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000400)={0x44, &(0x7f0000000100)={0x0, 0x1, 0x4a, "3431b0be14eb5aaf1ce6dade576a1ccd88bf6680e96638a9da2af3a3d3890a70f915e0f654e08cc142286588deecbce5252a8dd3df10657e5770080f47d28a9bef5037f1c5f9c56fa4d8"}, &(0x7f0000000180)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0xb1}, &(0x7f0000000240)={0x20, 0x80, 0x1c, {0x8e3, 0x3, 0x9, 0x10, 0x4, 0xf, 0x6, 0x1, 0xd887, 0xaa5, 0x3, 0x5ac}}, &(0x7f0000000280)={0x20, 0x85, 0x4, 0xd}, &(0x7f0000000340)={0x20, 0x83, 0x2}, &(0x7f0000000380)={0x20, 0x87, 0x2, 0xfffa}, &(0x7f00000003c0)={0x20, 0x89, 0x2, 0x1}}) syz_usb_disconnect(r3) 2.563415477s ago: executing program 6 (id=11460): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x185) r2 = inotify_init() inotify_add_watch(r2, &(0x7f00000000c0)='.\x00', 0x5000009) socket$inet_smc(0x2b, 0x1, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000f00)=0x7) fallocate(r1, 0x0, 0x1000000, 0x3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x400000) 2.28242009s ago: executing program 5 (id=11461): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00009200000000000000000000000058b200"}) r1 = epoll_create(0x8) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) syz_open_pts(r0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$nl_netfilter(0x10, 0x3, 0xc) close_range(r3, 0xffffffffffffffff, 0x0) 2.148686843s ago: executing program 4 (id=11462): r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r0, 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) flock(r1, 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x10a) flock(r2, 0x2) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x8) flock(r4, 0x1) 1.361725796s ago: executing program 5 (id=11463): r0 = gettid() socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x4, "07000f00007eaba9a208000000706de400000000000000000000008000"}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x8, r2}) ioctl$DMA_BUF_SET_NAME_A(r4, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, &(0x7f0000000040)=0x1) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$audion(&(0x7f0000000040), 0xc, 0x3a1ac660d83823c9) 805.257073ms ago: executing program 5 (id=11464): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) ioctl$TCXONC(r1, 0x540a, 0x2) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x6) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$int_in(r2, 0x5452, &(0x7f0000001080)=0x3) write(r2, &(0x7f0000000080)='g', 0x1) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000140)={0x6, 0x3, 0x6, 0x7fff, 0x1a, "ee1dd756f560f25a63b2f119c3439425ea59d8"}) 273.518751ms ago: executing program 6 (id=11465): ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'syztnl0\x00', &(0x7f0000000100)={'ip6gre0\x00', 0x0, 0x6, 0x10, 0x5, 0x0, 0x8, @remote, @local, 0x700, 0x80, 0x8, 0x9}}) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000100)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000001740)=""/192, &(0x7f0000000140)=""/92}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000001500)={0x28, 0x0, 0x0, @my=0x1}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xeeef0000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x8001) 0s ago: executing program 9 (id=11466): socket$inet(0x2, 0x4000000000000001, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect$cdc_ncm(0x4, 0xd1, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000000) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20000040) r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1}) r1 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) timer_settime(r2, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) kernel console output (not intermixed with test programs): 64.661896][ T4601] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1364.721148][ T4601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1364.838246][ T4601] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1365.062559][ T7610] usb 6-1: USB disconnect, device number 61 [ 1365.107047][T32230] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 1365.114086][T32230] ath9k_htc: Failed to initialize the device [ 1365.151263][ T7610] usb 6-1: ath9k_htc: USB layer deinitialized [ 1365.490208][ T4623] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1365.560453][ T4626] sch_tbf: burst 9 is lower than device lo mtu (65550) ! [ 1365.615458][ T7610] usb 6-1: new high-speed USB device number 62 using dummy_hcd [ 1365.631506][ T4625] netlink: 76 bytes leftover after parsing attributes in process `syz.2.10545'. [ 1365.866105][ T7610] usb 6-1: Using ep0 maxpacket: 32 [ 1365.909722][ T7610] usb 6-1: config index 0 descriptor too short (expected 241, got 72) [ 1365.932198][ T7610] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 1366.128847][ T7610] usb 6-1: New USB device found, idVendor=110a, idProduct=2210, bcdDevice=bd.da [ 1366.168073][ T7610] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1366.271364][ T7610] usb 6-1: config 0 descriptor?? [ 1366.293423][ T7610] mos7840 6-1:0.0: Moschip 7840/7820 USB Serial Driver converter detected [ 1366.566932][ T7610] mos7840 6-1:0.0: probe with driver mos7840 failed with error -71 [ 1366.628369][ T7610] usb 6-1: USB disconnect, device number 62 [ 1367.325519][ T7610] usb 10-1: new high-speed USB device number 22 using dummy_hcd [ 1367.495212][ T7610] usb 10-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1367.505660][ T7610] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1367.514764][ T7610] usb 10-1: Product: syz [ 1367.519901][ T7610] usb 10-1: Manufacturer: syz [ 1367.527708][ T7610] usb 10-1: SerialNumber: syz [ 1367.881611][ T4663] loop5: detected capacity change from 0 to 7 [ 1367.893039][ T2169] Dev loop5: unable to read RDB block 7 [ 1367.900404][ T2169] loop5: unable to read partition table [ 1367.906667][ T2169] loop5: partition table beyond EOD, truncated [ 1367.914606][ T4663] Dev loop5: unable to read RDB block 7 [ 1367.930644][ T4663] loop5: unable to read partition table [ 1367.937763][ T4663] loop5: partition table beyond EOD, truncated [ 1367.944254][ T4663] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1367.974849][ T7610] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1367.997731][ T7610] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 1368.258724][ T4665] kvm: requested 181028 ns i8254 timer period limited to 200000 ns [ 1368.309425][ T4665] kvm: requested 124876 ns i8254 timer period limited to 200000 ns [ 1368.341145][ T4665] kvm: requested 5028 ns i8254 timer period limited to 200000 ns [ 1368.374701][ T4665] kvm: requested 103085 ns i8254 timer period limited to 200000 ns [ 1368.470753][ T4665] kvm: requested 137447 ns i8254 timer period limited to 200000 ns [ 1369.015657][ T1229] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 1369.027153][ T2119] Bluetooth: hci3: command 0x0406 tx timeout [ 1369.186903][ T1229] usb 3-1: Using ep0 maxpacket: 32 [ 1369.207832][ T1229] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 1369.223007][ T1229] usb 3-1: config 0 has no interface number 0 [ 1369.232559][ T1229] usb 3-1: config 0 interface 12 has no altsetting 0 [ 1369.245097][ T1229] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1369.258355][ T1229] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1369.277252][ T1229] usb 3-1: Product: syz [ 1369.281581][ T1229] usb 3-1: Manufacturer: syz [ 1369.298023][ T1229] usb 3-1: SerialNumber: syz [ 1369.318988][ T1229] usb 3-1: config 0 descriptor?? [ 1369.460734][ T7610] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -EPROTO [ 1369.480657][ T7610] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 1369.494495][ T7610] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 1369.511130][ T7610] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1369.521432][ T7610] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1369.542116][ T7610] lan78xx 10-1:1.0: probe with driver lan78xx failed with error -71 [ 1369.562263][ T7610] usb 10-1: USB disconnect, device number 22 [ 1371.383167][ T1229] f81534 3-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 1371.393257][ T1229] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71 [ 1371.412151][ T1229] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 1371.432589][ T1229] f81534 3-1:0.12: probe with driver f81534 failed with error -71 [ 1371.475675][ T1229] usb 3-1: USB disconnect, device number 2 [ 1371.791085][ T4721] binder: BINDER_SET_CONTEXT_MGR already set [ 1371.798367][ T4721] binder: 4719:4721 ioctl 4018620d 200000000100 returned -16 [ 1371.811390][ T4721] binder: BINDER_SET_CONTEXT_MGR already set [ 1371.826844][ T4721] binder: 4719:4721 ioctl 4018620d 200000000040 returned -16 [ 1372.267626][ T3882] bond0: (slave bond_slave_0): interface is now down [ 1372.267710][ T3882] bond0: (slave bond_slave_1): interface is now down [ 1372.280661][ T3882] bond0: now running without any active interface! [ 1372.364960][ T4738] tipc: Failed to remove unknown binding: 66,1,1/0:4102988566/4102988568 [ 1372.365048][ T4738] tipc: Failed to remove unknown binding: 66,1,1/0:4102988566/4102988568 [ 1372.409656][ T3882] bond0: (slave bond_slave_0): link status definitely up, 10000 Mbps full duplex [ 1372.535831][ T3882] bond0: (slave bond_slave_1): link status definitely up, 10000 Mbps full duplex [ 1372.588513][ T3882] bond0: active interface up! [ 1373.196664][T19123] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 1373.405578][T19123] usb 3-1: Using ep0 maxpacket: 8 [ 1373.416801][T19123] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 1373.426336][T19123] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1373.434407][T19123] usb 3-1: Product: syz [ 1373.475834][T19123] usb 3-1: Manufacturer: syz [ 1373.480486][T19123] usb 3-1: SerialNumber: syz [ 1373.506216][T19123] usb 3-1: config 0 descriptor?? [ 1373.716568][T19123] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1374.750644][T19123] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1374.781406][T19123] usb 3-1: USB disconnect, device number 3 [ 1376.913858][ T4829] input: syz1 as /devices/virtual/input/input176 [ 1377.978429][ T4850] syzkaller0: entered promiscuous mode [ 1377.984215][ T4850] syzkaller0: entered allmulticast mode [ 1378.395410][T19123] usb 3-1: new low-speed USB device number 4 using dummy_hcd [ 1378.702660][T19123] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1378.770723][T19123] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 73, setting to 8 [ 1378.787159][T19123] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1378.796480][T19123] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1378.839363][T19123] usb 3-1: config 0 descriptor?? [ 1378.852878][ T4853] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1379.087410][T19123] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1379.286881][T19123] usb 3-1: USB disconnect, device number 4 [ 1379.292831][ C1] iowarrior 3-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19 [ 1380.359813][ T4893] netlink: 'syz.2.10630': attribute type 10 has an invalid length. [ 1383.556989][ T4916] netlink: 52 bytes leftover after parsing attributes in process `syz.8.10637'. [ 1383.603328][ T4916] bridge0: port 2(bridge_slave_1) entered disabled state [ 1383.613154][ T4916] bridge0: port 1(bridge_slave_0) entered disabled state [ 1383.635458][T32230] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 1383.669008][ T4916] netlink: 76 bytes leftover after parsing attributes in process `syz.8.10637'. [ 1383.678942][ T4916] bridge0: port 2(bridge_slave_1) entered blocking state [ 1383.686562][ T4916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1383.694191][ T4916] bridge0: port 1(bridge_slave_0) entered blocking state [ 1383.701456][ T4916] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1383.757667][ T4916] netlink: 52 bytes leftover after parsing attributes in process `syz.8.10637'. [ 1383.794993][ T4916] bridge0: port 2(bridge_slave_1) entered disabled state [ 1383.802418][ T4916] bridge0: port 1(bridge_slave_0) entered disabled state [ 1383.979335][T32230] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 1383.987595][T32230] usb 3-1: config 0 has no interface number 0 [ 1383.995566][T32230] usb 3-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 1384.062553][T32230] usb 3-1: config 0 interface 67 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 1384.106278][T32230] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1384.129081][T32230] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1384.142656][T32230] usb 3-1: Product: syz [ 1384.151663][T32230] usb 3-1: Manufacturer: syz [ 1384.160191][T32230] usb 3-1: SerialNumber: syz [ 1384.186584][T32230] usb 3-1: config 0 descriptor?? [ 1384.192600][ T4912] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1384.218481][ T4912] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1384.257324][T32230] smsc95xx v2.0.0 [ 1384.343804][ T4936] netlink: 12 bytes leftover after parsing attributes in process `syz.9.10644'. [ 1384.920263][ T4912] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1384.956106][ T4912] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1384.985369][ T4936] IPv6: addrconf: prefix option has invalid lifetime [ 1385.196276][T32230] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1385.240164][T32230] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1385.485884][ T30] audit: type=1326 audit(1770636180.625:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4943 comm="syz.6.10648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49f779af79 code=0x7ffc0000 [ 1385.525816][ T30] audit: type=1326 audit(1770636180.655:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4943 comm="syz.6.10648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49f779af79 code=0x7ffc0000 [ 1385.614689][ T30] audit: type=1326 audit(1770636180.665:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4943 comm="syz.6.10648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49f779af79 code=0x7ffc0000 [ 1385.681183][ T30] audit: type=1326 audit(1770636180.665:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4943 comm="syz.6.10648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49f779af79 code=0x7ffc0000 [ 1385.745452][ T30] audit: type=1326 audit(1770636180.685:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4943 comm="syz.6.10648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f49f779af79 code=0x7ffc0000 [ 1385.793770][ T30] audit: type=1326 audit(1770636180.685:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4943 comm="syz.6.10648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49f779af79 code=0x7ffc0000 [ 1385.861846][ T30] audit: type=1326 audit(1770636180.685:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4943 comm="syz.6.10648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49f779af79 code=0x7ffc0000 [ 1385.911832][ T30] audit: type=1326 audit(1770636180.685:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4943 comm="syz.6.10648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49f779af79 code=0x7ffc0000 [ 1385.935914][ T30] audit: type=1326 audit(1770636180.685:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4943 comm="syz.6.10648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49f779af79 code=0x7ffc0000 [ 1385.959290][ T30] audit: type=1326 audit(1770636180.685:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4943 comm="syz.6.10648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f49f779af79 code=0x7ffc0000 [ 1386.686591][T32230] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000038: -71 [ 1386.698405][T32230] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 1386.718960][T32230] usb 3-1: USB disconnect, device number 5 [ 1387.053374][ T4976] netlink: 28 bytes leftover after parsing attributes in process `syz.6.10658'. [ 1387.537714][ T4990] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1388.461144][ T5026] netlink: 56 bytes leftover after parsing attributes in process `syz.5.10676'. [ 1388.470666][ T5026] netlink: 56 bytes leftover after parsing attributes in process `syz.5.10676'. [ 1388.614513][T19125] usb 10-1: new high-speed USB device number 23 using dummy_hcd [ 1388.694284][ T5034] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10679'. [ 1388.886860][T19125] usb 10-1: Using ep0 maxpacket: 32 [ 1388.933142][T19125] usb 10-1: config 0 interface 0 has no altsetting 0 [ 1389.023884][ T5037] netlink: 'syz.5.10680': attribute type 1 has an invalid length. [ 1389.032887][T19125] usb 10-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1389.048998][T19125] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1389.058687][T19125] usb 10-1: Product: syz [ 1389.066258][T19125] usb 10-1: Manufacturer: syz [ 1389.073900][T19125] usb 10-1: SerialNumber: syz [ 1389.086835][T19125] usb 10-1: config 0 descriptor?? [ 1389.206152][ T5041] bond3: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1389.279013][ T5041] bond3: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 1389.327509][ T5041] bond3: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 1389.489427][ T5043] netlink: 10 bytes leftover after parsing attributes in process `syz.2.10682'. [ 1389.505941][T19125] gs_usb 10-1:0.0: Couldn't get device config: (err=-32) [ 1389.526687][T19125] gs_usb 10-1:0.0: probe with driver gs_usb failed with error -32 [ 1391.030879][ T1229] usb 9-1: new high-speed USB device number 38 using dummy_hcd [ 1391.192893][ T1229] usb 9-1: Using ep0 maxpacket: 8 [ 1391.200977][ T1229] usb 9-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 1391.213485][ T1229] usb 9-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 1391.223158][ T1229] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 1391.231649][ T1229] usb 9-1: SerialNumber: syz [ 1391.249186][ T1229] usb 9-1: config 0 descriptor?? [ 1391.260762][ T1229] uvcvideo 9-1:0.0: Found UVC 0.00 device (05ac:8501) [ 1391.269889][ T1229] uvcvideo 9-1:0.0: No valid video chain found. [ 1391.413533][T32230] usb 10-1: USB disconnect, device number 23 [ 1391.852116][T32230] usb 9-1: USB disconnect, device number 38 [ 1391.992738][ T5072] netlink: 12 bytes leftover after parsing attributes in process `syz.6.10692'. [ 1392.722735][ T5079] binder: BINDER_SET_CONTEXT_MGR already set [ 1392.729075][ T5079] binder: 5078:5079 ioctl 4018620d 200000000300 returned -16 [ 1394.301891][ T5097] kvm: pic: non byte write [ 1396.705757][T32230] usb 6-1: new low-speed USB device number 63 using dummy_hcd [ 1396.993050][T32230] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1397.001359][T32230] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1397.014294][T32230] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1397.026378][T32230] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1397.037747][T32230] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1397.052693][T32230] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1397.061439][T32230] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1397.072618][T32230] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1397.085122][T32230] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1397.104143][T32230] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1397.124274][T32230] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1397.138474][T32230] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1397.149783][T32230] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1397.164130][T32230] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1397.176995][T32230] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1397.517024][T32230] usb 6-1: string descriptor 0 read error: -22 [ 1397.543873][T32230] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1397.561521][T32230] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1397.620784][T32230] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1397.948899][ T5163] netlink: 20 bytes leftover after parsing attributes in process `syz.9.10719'. [ 1398.086944][ T5168] input: syz0 as /devices/virtual/input/input177 [ 1398.272316][ T5172] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.10724'. [ 1398.989550][ T5187] binder: BINDER_SET_CONTEXT_MGR already set [ 1398.995629][ T5187] binder: 5186:5187 ioctl 4018620d 2000000000c0 returned -16 [ 1399.004476][ T5187] binder: 5186:5187 unknown command 0 [ 1399.010878][ T5187] binder: 5186:5187 ioctl c0306201 200000000080 returned -22 [ 1399.032986][ T5187] binder: BINDER_SET_CONTEXT_MGR already set [ 1399.041120][ T5187] binder: 5186:5187 ioctl 4018620d 200000000040 returned -16 [ 1399.395455][T19125] usb 9-1: new high-speed USB device number 39 using dummy_hcd [ 1399.549173][T19125] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1399.585824][T19125] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1399.607091][T19125] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1399.619324][T19125] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1399.641243][T19125] usb 9-1: SerialNumber: syz [ 1399.703458][ T5203] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10733'. [ 1399.887645][T19125] usb 9-1: 0:2 : does not exist [ 1399.930024][T19125] usb 9-1: USB disconnect, device number 39 [ 1399.989506][ T6219] udevd[6219]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1400.064964][T19123] usb 6-1: USB disconnect, device number 63 [ 1400.996023][ T5226] loop4: detected capacity change from 0 to 7 [ 1401.003115][ T5226] loop4: [POWERTEC] p1 p2 p3 [ 1401.014330][ T5226] loop4: p1 start 1600454656 is beyond EOD, truncated [ 1401.033780][ T5226] loop4: p2 start 3796309757 is beyond EOD, truncated [ 1401.062563][ T5226] loop4: p3 start 98621423 is beyond EOD, truncated [ 1401.083624][ T5230] binder: BINDER_SET_CONTEXT_MGR already set [ 1401.115662][ T5230] binder: 5229:5230 ioctl 4018620d 2000000000c0 returned -16 [ 1401.167138][ T5230] binder: BINDER_SET_CONTEXT_MGR already set [ 1401.183794][ T5230] binder: 5229:5230 ioctl 4018620d 200000000040 returned -16 [ 1401.433693][ T5236] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3206951851 (6413903702 ns) > initial count (411158038 ns). Using initial count to start timer. [ 1401.785733][ T5242] tipc: Started in network mode [ 1401.790924][ T5242] tipc: Node identity 6a80c9cd655f, cluster identity 4711 [ 1401.800931][ T5242] tipc: Enabled bearer , priority 0 [ 1401.818047][ T5241] tipc: Resetting bearer [ 1403.775449][T19123] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 1403.955695][T19123] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 1403.975446][T19123] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 7 [ 1403.992295][T19123] usb 3-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00 [ 1404.019841][T19123] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1404.032095][T19123] usb 3-1: config 0 descriptor?? [ 1404.041599][ T5275] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1404.305084][ T5275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1404.317671][ T5275] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1404.328693][T19123] usbhid 3-1:0.0: can't add hid device: -71 [ 1404.334817][T19123] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1404.362967][T19123] usb 3-1: USB disconnect, device number 6 [ 1404.796710][T19125] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 1404.964910][T19125] usb 3-1: Using ep0 maxpacket: 32 [ 1405.000319][T19125] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 129, changing to 11 [ 1405.024275][T19125] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 7 [ 1405.051247][T19125] usb 3-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00 [ 1405.060553][T19125] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1405.089987][T19125] usb 3-1: config 0 descriptor?? [ 1405.115605][T19125] hub 3-1:0.0: bad descriptor, ignoring hub [ 1405.135388][T19125] hub 3-1:0.0: probe with driver hub failed with error -5 [ 1405.532845][T19125] hid-multitouch 0003:0EEF:72C4.00A7: unknown main item tag 0x0 [ 1405.540825][T19125] hid-multitouch 0003:0EEF:72C4.00A7: unknown main item tag 0x0 [ 1405.562909][T19125] hid-multitouch 0003:0EEF:72C4.00A7: unknown main item tag 0x0 [ 1405.589231][T19125] hid-multitouch 0003:0EEF:72C4.00A7: hidraw0: USB HID v0.00 Device [HID 0eef:72c4] on usb-dummy_hcd.2-1/input0 [ 1405.789339][ T5287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1405.802049][ T5287] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1405.839806][ T7609] usb 3-1: USB disconnect, device number 7 [ 1406.771052][ T5290] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10763'. [ 1408.174152][ T5241] tipc: Disabling bearer [ 1408.191847][ T7610] tipc: Node number set to 266324429 [ 1408.196951][ T5296] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10765'. [ 1408.207616][ T5296] bridge_slave_1: left promiscuous mode [ 1408.213384][ T5296] bridge0: port 2(bridge_slave_1) entered disabled state [ 1408.229449][ T5296] bridge_slave_0: left promiscuous mode [ 1408.235368][ T5296] bridge0: port 1(bridge_slave_0) entered disabled state [ 1408.558890][ T5281] netlink: 20 bytes leftover after parsing attributes in process `syz.8.10761'. [ 1409.134972][ T5324] batman_adv: batadv0: Adding interface: dummy0 [ 1409.145769][ T5324] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1409.270147][ T5324] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 1409.496091][T27091] Bluetooth: hci3: command 0x0406 tx timeout [ 1409.828902][ T5340] xt_hashlimit: size too large, truncated to 1048576 [ 1412.923438][ T5370] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1728497071 (13827976568 ns) > initial count (134217856 ns). Using initial count to start timer. [ 1413.431079][ T7610] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 1413.665401][ T7610] usb 6-1: Using ep0 maxpacket: 32 [ 1413.712167][ T7610] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 1413.740202][ T7610] usb 6-1: config 0 has no interface number 0 [ 1413.768857][ T7610] usb 6-1: config 0 interface 184 has no altsetting 0 [ 1413.815903][ T7610] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1413.841495][ T7610] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1413.874642][ T7610] usb 6-1: Product: syz [ 1413.892690][ T7610] usb 6-1: Manufacturer: syz [ 1413.912948][ T7610] usb 6-1: SerialNumber: syz [ 1413.941194][ T7610] usb 6-1: config 0 descriptor?? [ 1413.985464][T32230] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 1414.024315][ T7610] smsc75xx v1.0.0 [ 1414.175487][T32230] usb 3-1: Using ep0 maxpacket: 16 [ 1414.204978][T32230] usb 3-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 1414.235859][T32230] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1414.267623][T32230] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1414.286051][T32230] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1414.318460][T32230] usb 3-1: Product: syz [ 1414.333280][T32230] usb 3-1: Manufacturer: syz [ 1414.353843][T32230] usb 3-1: SerialNumber: syz [ 1414.365449][T19125] usb 10-1: new high-speed USB device number 24 using dummy_hcd [ 1414.565407][T19125] usb 10-1: Using ep0 maxpacket: 32 [ 1414.616177][T19125] usb 10-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1414.626192][T19125] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1414.657179][T19125] usb 10-1: config 0 descriptor?? [ 1414.708278][ T7610] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 1414.724654][ T7610] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1414.737087][T32230] usb 3-1: 0:2 : does not exist [ 1414.749987][T32230] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 1414.793859][T32230] usb 3-1: USB disconnect, device number 8 [ 1414.884292][T19125] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1414.904545][ T6219] udevd[6219]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1414.929886][T19125] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1414.957543][T19125] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1414.978750][T19125] usb 10-1: media controller created [ 1414.998791][T19125] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1415.310325][T19125] az6027: usb out operation failed. (-71) [ 1415.330867][T19125] stb0899_attach: Driver disabled by Kconfig [ 1415.351180][T19125] az6027: no front-end attached [ 1415.351180][T19125] [ 1415.383752][T19125] az6027: usb out operation failed. (-71) [ 1415.390170][T19125] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1415.417805][T19125] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.9/usb10/10-1/input/input178 [ 1415.456294][T19125] dvb-usb: schedule remote query interval to 400 msecs. [ 1415.472150][T19125] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1415.562478][T19125] usb 10-1: USB disconnect, device number 24 [ 1415.744912][T19125] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1416.059331][ T1229] usb 9-1: new high-speed USB device number 40 using dummy_hcd [ 1416.178246][ T7610] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000118: -71 [ 1416.189253][ T7610] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write RX_ADDRH: -71 [ 1416.199563][ T7610] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to set mac address [ 1416.209485][ T7610] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 1416.272205][ T7610] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -71 [ 1416.298427][ T7610] usb 6-1: USB disconnect, device number 64 [ 1416.415700][ T1229] usb 9-1: Using ep0 maxpacket: 8 [ 1416.432414][ T1229] usb 9-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1416.448907][ T1229] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1416.457568][ T1229] usb 9-1: Product: syz [ 1416.462248][ T1229] usb 9-1: Manufacturer: syz [ 1416.471043][ T1229] usb 9-1: SerialNumber: syz [ 1416.490255][ T1229] usb 9-1: config 0 descriptor?? [ 1416.501888][ T1229] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1418.331713][ T5452] loop5: detected capacity change from 0 to 7 [ 1418.344013][ T5452] Dev loop5: unable to read RDB block 7 [ 1418.358817][ T5452] loop5: unable to read partition table [ 1418.365807][ T5452] loop5: partition table beyond EOD, truncated [ 1418.372234][ T5452] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1418.540412][ T1229] gspca_sonixj: reg_w1 err -71 [ 1418.586008][ T1229] sonixj 9-1:0.0: probe with driver sonixj failed with error -71 [ 1418.613733][ T1229] usb 9-1: USB disconnect, device number 40 [ 1420.896157][ T30] kauditd_printk_skb: 60 callbacks suppressed [ 1420.896180][ T30] audit: type=1800 audit(1770636216.025:1172): pid=5482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.10827" name="/" dev="fuse" ino=2 res=0 errno=0 [ 1421.605434][T19125] usb 10-1: new high-speed USB device number 25 using dummy_hcd [ 1421.805378][T19125] usb 10-1: Using ep0 maxpacket: 16 [ 1421.815209][T19125] usb 10-1: config 6 has an invalid interface number: 43 but max is 0 [ 1421.838379][T19125] usb 10-1: config 6 has an invalid interface association descriptor of length 2, skipping [ 1421.864944][T19125] usb 10-1: config 6 has no interface number 0 [ 1421.879559][T19125] usb 10-1: config 6 interface 43 altsetting 170 endpoint 0xC has invalid maxpacket 512, setting to 64 [ 1421.891540][T19125] usb 10-1: config 6 interface 43 has no altsetting 0 [ 1421.909500][T19125] usb 10-1: string descriptor 0 read error: -71 [ 1421.928962][T19125] usb 10-1: New USB device found, idVendor=2304, idProduct=023b, bcdDevice=7b.5c [ 1421.943473][T19125] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1421.991665][T19125] usb 10-1: rejected 1 configuration due to insufficient available bus power [ 1422.031993][T19125] usb 10-1: no configuration chosen from 1 choice [ 1422.077960][T19125] usb 10-1: USB disconnect, device number 25 [ 1423.085739][ T1229] usb 10-1: new high-speed USB device number 26 using dummy_hcd [ 1423.273746][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.282726][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.308888][ T1229] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1423.327099][ T1229] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1423.358186][ T1229] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1423.655448][ T1229] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1423.684286][ T1229] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1423.737426][ T1229] usb 10-1: config 0 descriptor?? [ 1424.184532][ T1229] plantronics 0003:047F:FFFF.00A8: unknown main item tag 0x0 [ 1424.225750][ T1229] plantronics 0003:047F:FFFF.00A8: unknown main item tag 0x0 [ 1424.262974][ T1229] plantronics 0003:047F:FFFF.00A8: unknown main item tag 0x0 [ 1424.280613][ T1229] plantronics 0003:047F:FFFF.00A8: unknown main item tag 0x0 [ 1424.306952][ T1229] plantronics 0003:047F:FFFF.00A8: unknown main item tag 0x0 [ 1424.332063][ T1229] plantronics 0003:047F:FFFF.00A8: unknown main item tag 0x0 [ 1424.355450][ T1229] plantronics 0003:047F:FFFF.00A8: unknown main item tag 0x0 [ 1424.422491][ T1229] plantronics 0003:047F:FFFF.00A8: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 1424.463103][ T1229] usb 10-1: USB disconnect, device number 26 [ 1424.873520][ T5551] fido_id[5551]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory [ 1425.621282][ T7610] usb 10-1: new high-speed USB device number 27 using dummy_hcd [ 1425.858921][ T7610] usb 10-1: Using ep0 maxpacket: 16 [ 1425.868999][ T7610] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1425.880104][ T7610] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1425.903724][ T7610] usb 10-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 1425.933515][ T7610] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1426.012535][ T7610] usb 10-1: config 0 descriptor?? [ 1426.359989][ T5559] bridge0: entered promiscuous mode [ 1426.366478][ T5559] vlan2: entered promiscuous mode [ 1426.581466][ T7610] usb 10-1: USB disconnect, device number 27 [ 1427.094379][ T5574] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3343437945 (53495007120 ns) > initial count (52285443328 ns). Using initial count to start timer. [ 1427.392029][ T5591] kvm: pic: non byte write [ 1428.165955][ T1229] usb 6-1: new high-speed USB device number 65 using dummy_hcd [ 1428.335416][ T1229] usb 6-1: Using ep0 maxpacket: 32 [ 1428.344777][ T1229] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1428.360921][ T1229] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1428.457842][ T1229] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1428.472420][ T1229] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 1428.491134][ T1229] usb 6-1: Product: syz [ 1428.498994][ T1229] usb 6-1: Manufacturer: syz [ 1428.513940][ T1229] hub 6-1:4.0: USB hub found [ 1428.714120][ T1229] hub 6-1:4.0: 2 ports detected [ 1429.592872][ T5635] kvm: pic: single mode not supported [ 1429.592896][ T5635] kvm: pic: level sensitive irq not supported [ 1429.617319][ T5635] kvm: pic: level sensitive irq not supported [ 1429.674354][ T5635] kvm: pic: single mode not supported [ 1429.746303][ T1229] hub 6-1:4.0: hub_hub_status failed (err = -32) [ 1429.803089][ T1229] hub 6-1:4.0: config failed, can't get hub status (err -32) [ 1429.878215][T19123] usb 9-1: new high-speed USB device number 41 using dummy_hcd [ 1430.135417][T19123] usb 9-1: Using ep0 maxpacket: 32 [ 1430.150324][T19123] usb 9-1: config 0 has an invalid interface number: 89 but max is 0 [ 1430.160550][T19123] usb 9-1: config 0 has no interface number 0 [ 1430.167518][T19123] usb 9-1: config 0 interface 89 has no altsetting 0 [ 1430.181272][T19123] usb 9-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 1430.208756][T19123] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1430.229816][T19123] usb 9-1: Product: syz [ 1430.246703][T19123] usb 9-1: Manufacturer: syz [ 1430.262826][T19123] usb 9-1: SerialNumber: syz [ 1430.278508][ T5651] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1430.290510][T19123] usb 9-1: config 0 descriptor?? [ 1430.303585][T19123] em28xx 9-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 1430.450384][T19123] em28xx 9-1:0.89: Video interface 89 found: bulk [ 1430.967142][T19123] em28xx 9-1:0.89: unknown em28xx chip ID (0) [ 1431.859344][T32230] usb 6-1: USB disconnect, device number 65 [ 1431.915785][ T5661] netlink: 16 bytes leftover after parsing attributes in process `syz.9.10880'. [ 1432.365187][T19123] em28xx 9-1:0.89: write to i2c device at 0xa0 failed with unknown error (status=1) [ 1432.387573][T19123] em28xx 9-1:0.89: failed to read eeprom (err=-5) [ 1432.410169][T19123] em28xx 9-1:0.89: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 1432.605369][T19123] em28xx 9-1:0.89: Identified as Terratec Grabby (card=67) [ 1432.623461][T19123] em28xx 9-1:0.89: analog set to bulk mode. [ 1432.645005][T19125] em28xx 9-1:0.89: Registering V4L2 extension [ 1432.684487][T19123] usb 9-1: USB disconnect, device number 41 [ 1432.740169][T19123] em28xx 9-1:0.89: Disconnecting em28xx [ 1432.813147][T19125] em28xx 9-1:0.89: Config register raw data: 0xffffffed [ 1432.828165][T19125] em28xx 9-1:0.89: AC97 chip type couldn't be determined [ 1432.835836][T19125] em28xx 9-1:0.89: No AC97 audio processor [ 1432.884128][T19125] usb 9-1: Decoder not found [ 1432.902807][T19125] em28xx 9-1:0.89: failed to create media graph [ 1433.035374][T19125] em28xx 9-1:0.89: V4L2 device video103 deregistered [ 1433.119353][T19125] em28xx 9-1:0.89: Registering snapshot button... [ 1433.139318][T19125] input: em28xx snapshot button as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.89/input/input179 [ 1433.294701][T19125] em28xx 9-1:0.89: Remote control support is not available for this card. [ 1433.392593][T19123] em28xx 9-1:0.89: Closing input extension [ 1433.417156][T19123] em28xx 9-1:0.89: Deregistering snapshot button [ 1434.086664][T19123] em28xx 9-1:0.89: Freeing device [ 1434.467331][T32230] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 1434.650493][T32230] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1434.663476][T32230] usb 3-1: config 2 has 0 interfaces, different from the descriptor's value: 1 [ 1434.684946][T32230] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 1434.695784][T32230] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1434.704682][T32230] usb 3-1: Product: syz [ 1434.714863][T32230] usb 3-1: Manufacturer: syz [ 1434.719819][T32230] usb 3-1: SerialNumber: syz [ 1436.677955][ T5728] tipc: Failed to remove unknown binding: 66,0,0/0:2788639544/2788639546 [ 1436.695408][ T5728] tipc: Failed to remove unknown binding: 66,0,0/0:2788639544/2788639545 [ 1436.722732][ T5728] tipc: Failed to remove unknown binding: 66,0,0/0:2788639544/2788639546 [ 1436.754897][ T5728] tipc: Failed to remove unknown binding: 66,0,0/0:2788639544/2788639545 [ 1437.440446][ T5739] binder: 5738:5739 ioctl c0306201 2000000003c0 returned -14 [ 1437.773344][T32230] usb 3-1: USB disconnect, device number 9 [ 1438.341496][ T5754] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1441.526113][ T5785] netlink: 'syz.8.10919': attribute type 1 has an invalid length. [ 1441.690469][ T5785] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1441.757208][ T5788] macvlan2: entered promiscuous mode [ 1441.763852][ T5788] macvlan2: entered allmulticast mode [ 1441.791099][ T5788] syz_tun: entered promiscuous mode [ 1441.799829][ T5788] bond2: (slave macvlan2): making interface the new active one [ 1441.911501][ T5796] netlink: 16 bytes leftover after parsing attributes in process `syz.6.10920'. [ 1441.924806][ T5788] bond2: (slave macvlan2): Enslaving as an active interface with an up link [ 1442.735498][T19125] usb 10-1: new high-speed USB device number 28 using dummy_hcd [ 1442.964974][T19125] usb 10-1: Using ep0 maxpacket: 16 [ 1443.007301][T19125] usb 10-1: config 0 interface 0 has no altsetting 0 [ 1443.016830][T19125] usb 10-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 1443.026279][T19125] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1443.034383][T19125] usb 10-1: Product: syz [ 1443.040685][T19125] usb 10-1: Manufacturer: syz [ 1443.052064][T19125] usb 10-1: SerialNumber: syz [ 1443.093684][T19125] usb 10-1: config 0 descriptor?? [ 1443.542847][ T5817] binder: 5814:5817 ioctl c0306201 200000000040 returned -11 [ 1443.925230][T19125] dvb_usb_dtv5100 10-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71 [ 1443.965987][T19125] usb 10-1: USB disconnect, device number 28 [ 1444.606801][T19125] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 1444.765510][T19123] usb 9-1: new high-speed USB device number 42 using dummy_hcd [ 1444.989875][T19125] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1445.001903][T19125] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1445.013477][T19125] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1445.025729][T19125] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1445.052596][T19125] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1445.104138][T19123] usb 9-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1445.125389][T19125] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1445.133958][T19123] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1445.144280][T19125] usb 6-1: Product: syz [ 1445.153925][T19125] usb 6-1: Manufacturer: syz [ 1445.170338][T19123] usb 9-1: config 0 descriptor?? [ 1445.202787][T19125] cdc_wdm 6-1:1.0: skipping garbage [ 1445.213904][T19125] cdc_wdm 6-1:1.0: skipping garbage [ 1445.264733][T19125] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 1445.273110][T19125] cdc_wdm 6-1:1.0: Unknown control protocol [ 1445.305659][ T7610] usb 10-1: new high-speed USB device number 29 using dummy_hcd [ 1445.397929][ T5843] binder: BINDER_SET_CONTEXT_MGR already set [ 1445.485447][ T5843] binder: 5842:5843 ioctl 4018620d 200000004a80 returned -16 [ 1445.509412][T19123] udl 9-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1445.517080][ T5843] binder: 5842:5843 ioctl c018620c 200000000240 returned -1 [ 1445.587434][T19125] usb 6-1: USB disconnect, device number 66 [ 1445.637451][ T7610] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1445.655842][ T7610] usb 10-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1445.675413][ T7610] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1445.711152][ T7610] usb 10-1: config 0 descriptor?? [ 1445.741169][ T7610] pwc: Askey VC010 type 2 USB webcam detected. [ 1445.752762][T19123] [drm] Initialized udl 0.0.1 for 9-1:0.0 on minor 2 [ 1445.775370][T19123] [drm] Initialized udl on minor 2 [ 1445.853104][ T5848] netlink: 'syz.2.10936': attribute type 29 has an invalid length. [ 1445.871177][ T5848] netlink: 'syz.2.10936': attribute type 29 has an invalid length. [ 1445.914098][ T5850] netlink: 'syz.6.10937': attribute type 1 has an invalid length. [ 1445.964122][ T5850] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1445.985621][ T5853] lo: entered allmulticast mode [ 1445.992973][ T5853] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10938'. [ 1446.003458][ T5850] vlan0: entered allmulticast mode [ 1446.010523][ T5850] bond4: (slave vlan0): Opening slave failed [ 1446.025442][ T5852] lo: left allmulticast mode [ 1446.132835][ T7610] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1446.146349][ T7610] pwc: recv_control_msg error -32 req 02 val 2700 [ 1446.171391][ T7610] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1446.181640][ T7610] pwc: recv_control_msg error -32 req 04 val 1000 [ 1446.189335][T19123] udl 9-1:0.0: [drm] *ERROR* Read EDID byte 1 failed err ffffffb9 [ 1446.196170][ T7610] pwc: recv_control_msg error -32 req 04 val 1300 [ 1446.214956][T19123] udl 9-1:0.0: [drm] Cannot find any crtc or sizes [ 1446.222741][ T7610] pwc: recv_control_msg error -32 req 04 val 1400 [ 1446.240021][T19125] udl 9-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1446.246775][ T7610] pwc: recv_control_msg error -32 req 02 val 2000 [ 1446.261831][T19123] usb 9-1: USB disconnect, device number 42 [ 1446.272380][ T7610] pwc: recv_control_msg error -32 req 02 val 2100 [ 1446.281281][T19125] udl 9-1:0.0: [drm] Cannot find any crtc or sizes [ 1446.396935][ T5866] binder: 5858:5866 ioctl c0306201 200000000480 returned -14 [ 1446.487016][ T7610] pwc: recv_control_msg error -71 req 02 val 2500 [ 1446.506281][ T7610] pwc: recv_control_msg error -71 req 02 val 2400 [ 1446.518670][ T7610] pwc: recv_control_msg error -71 req 02 val 2600 [ 1446.548769][ T7610] pwc: recv_control_msg error -71 req 02 val 2900 [ 1446.556209][ T7610] pwc: recv_control_msg error -71 req 02 val 2800 [ 1446.568482][ T7610] pwc: recv_control_msg error -71 req 04 val 1100 [ 1446.576888][ T7610] pwc: recv_control_msg error -71 req 04 val 1200 [ 1446.598193][ T7610] pwc: Registered as video103. [ 1446.623555][ T7610] input: PWC snapshot button as /devices/platform/dummy_hcd.9/usb10/10-1/input/input180 [ 1446.687026][ T7610] usb 10-1: USB disconnect, device number 29 [ 1447.545603][T19125] usb 6-1: new high-speed USB device number 67 using dummy_hcd [ 1447.708753][T19125] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1447.724136][T19125] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1447.760945][T19125] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1447.770654][T19125] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1447.779544][T19125] usb 6-1: SerialNumber: syz [ 1447.785446][ T5885] netlink: 'syz.8.10948': attribute type 1 has an invalid length. [ 1447.866778][ T5889] netlink: 4 bytes leftover after parsing attributes in process `syz.8.10948'. [ 1447.912370][ T5885] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1448.030820][T19125] usb 6-1: 0:2 : does not exist [ 1448.162356][T19125] usb 6-1: USB disconnect, device number 67 [ 1448.390859][ T6219] udevd[6219]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1448.407106][T25354] usb 9-1: new high-speed USB device number 43 using dummy_hcd [ 1448.565783][T25354] usb 9-1: Using ep0 maxpacket: 16 [ 1448.578900][T25354] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 1448.608839][T25354] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1448.638772][T25354] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1448.795412][T25354] usb 9-1: config 0 descriptor?? [ 1448.837661][T25354] usbhid 9-1:0.0: couldn't find an input interrupt endpoint [ 1449.334132][ T5910] netlink: 'syz.6.10956': attribute type 10 has an invalid length. [ 1449.343893][ T5910] netlink: 40 bytes leftover after parsing attributes in process `syz.6.10956'. [ 1449.357764][ T5910] geneve0: left allmulticast mode [ 1449.369903][ T5910] geneve0: entered allmulticast mode [ 1449.379832][ T5910] team0: Port device geneve0 added [ 1449.390001][ T13] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1449.401640][ T13] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1449.423666][ T13] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1449.432833][ T13] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1451.163182][T25354] usb 9-1: USB disconnect, device number 43 [ 1451.557282][ T5932] kvm: requested 186895 ns i8254 timer period limited to 200000 ns [ 1451.633901][ T5932] kvm: requested 154209 ns i8254 timer period limited to 200000 ns [ 1451.657011][ T5932] kvm: requested 72914 ns i8254 timer period limited to 200000 ns [ 1451.678163][ T5932] kvm: requested 186057 ns i8254 timer period limited to 200000 ns [ 1451.744434][ T5932] kvm: requested 9219 ns i8254 timer period limited to 200000 ns [ 1453.362952][T25354] usb 9-1: new full-speed USB device number 44 using dummy_hcd [ 1453.582988][ T5947] netlink: 8 bytes leftover after parsing attributes in process `syz.8.10967'. [ 1453.592333][ T5947] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1453.607265][T25354] usb 9-1: unable to get BOS descriptor or descriptor too short [ 1453.616784][T25354] usb 9-1: unable to read config index 0 descriptor/start: -71 [ 1453.638240][T25354] usb 9-1: can't read configurations, error -71 [ 1457.563781][ T6009] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10984'. [ 1457.647522][ T6008] kvm: pic: single mode not supported [ 1457.647671][ T6008] kvm: pic: single mode not supported [ 1457.657964][ T6008] kvm: pic: single mode not supported [ 1457.665822][ T6008] kvm: pic: single mode not supported [ 1457.707027][ T6008] kvm: pic: single mode not supported [ 1457.729279][ T6008] kvm: pic: single mode not supported [ 1457.754583][ T6008] kvm: pic: single mode not supported [ 1457.829195][ T6008] kvm: pic: single mode not supported [ 1457.844751][ T6014] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1457.873946][ T6008] kvm: pic: single mode not supported [ 1457.874428][ T6008] kvm: pic: single mode not supported [ 1458.278645][ T6025] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1458.311852][ T6023] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 1458.886328][ T30] audit: type=1800 audit(1770636254.025:1173): pid=6052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.10995" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1459.545418][ T30] audit: type=1326 audit(1770636254.665:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6075 comm="syz.2.10998" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa6a319af79 code=0x0 [ 1460.188315][ T6091] netlink: 4 bytes leftover after parsing attributes in process `syz.8.11003'. [ 1461.294028][ T6109] netlink: 20 bytes leftover after parsing attributes in process `syz.6.11008'. [ 1461.602678][ T6114] netlink: 28 bytes leftover after parsing attributes in process `syz.2.11010'. [ 1461.723236][ T6116] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1462.338974][ T6132] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1466.161271][ T6168] tipc: Enabling of bearer rejected, failed to enable media [ 1467.135402][ T5835] usb 9-1: new high-speed USB device number 46 using dummy_hcd [ 1467.331289][ T5835] usb 9-1: Using ep0 maxpacket: 16 [ 1467.355737][ T5835] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1467.380891][ T5835] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1467.527848][ T5835] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1467.555336][ T5835] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1467.564037][ T5835] usb 9-1: Product: syz [ 1467.592607][ T5835] usb 9-1: Manufacturer: syz [ 1467.603121][ T5835] usb 9-1: SerialNumber: syz [ 1467.861416][ T5835] usb 9-1: 0:2 : does not exist [ 1467.893431][ T5835] usb 9-1: 5:0: failed to get current value for ch 0 (-22) [ 1467.958817][ T6207] netlink: 32 bytes leftover after parsing attributes in process `syz.5.11043'. [ 1467.989822][ T5835] usb 9-1: USB disconnect, device number 46 [ 1468.041514][ T6208] netlink: 32 bytes leftover after parsing attributes in process `syz.5.11043'. [ 1468.109772][ T6219] udevd[6219]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1471.832630][ T6266] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1473.165400][T25354] usb 10-1: new high-speed USB device number 30 using dummy_hcd [ 1473.585370][T25354] usb 10-1: Using ep0 maxpacket: 32 [ 1473.596337][T25354] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1473.628485][T25354] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1473.669084][T25354] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1473.805472][T25354] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1473.849048][T25354] usb 10-1: config 0 descriptor?? [ 1474.326284][T25354] savu 0003:1E7D:2D5A.00A9: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.9-1/input0 [ 1474.673006][T25354] usb 10-1: USB disconnect, device number 30 [ 1474.767568][ T6295] fido_id[6295]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory [ 1477.164682][ T6319] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1477.786119][ T5835] usb 10-1: new high-speed USB device number 31 using dummy_hcd [ 1477.975491][ T5835] usb 10-1: Using ep0 maxpacket: 16 [ 1477.988933][ T5835] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1478.008569][ T5835] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1478.031486][ T5835] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1478.040879][ T5835] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1478.049506][ T5835] usb 10-1: Product: syz [ 1478.053904][ T5835] usb 10-1: Manufacturer: syz [ 1478.060999][ T5835] usb 10-1: SerialNumber: syz [ 1478.085453][ T5835] usb 10-1: config 0 descriptor?? [ 1478.097420][ T5835] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1478.115425][ T5835] em28xx 10-1:0.0: Audio interface 0 found (Vendor Class) [ 1478.750862][ T5835] em28xx 10-1:0.0: unknown em28xx chip ID (0) [ 1478.772185][ T5835] em28xx 10-1:0.0: Config register raw data: 0xfffffffb [ 1479.391467][ T5835] em28xx 10-1:0.0: Unknown AC97 audio processor detected! [ 1480.280839][ T5835] em28xx 10-1:0.0: couldn't setup AC97 register 2 [ 1480.307878][ T5835] em28xx 10-1:0.0: couldn't setup AC97 register 4 [ 1480.359047][ T5835] em28xx 10-1:0.0: couldn't setup AC97 register 6 [ 1480.387624][ T5835] em28xx 10-1:0.0: couldn't setup AC97 register 54 [ 1480.399469][ T5835] em28xx 10-1:0.0: couldn't setup AC97 register 56 [ 1480.416840][ T5835] usb 10-1: USB disconnect, device number 31 [ 1481.123064][ T6358] netlink: 'syz.9.11085': attribute type 1 has an invalid length. [ 1481.571572][ T2119] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 1484.295443][ T7610] usb 9-1: new high-speed USB device number 47 using dummy_hcd [ 1484.830121][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.836825][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1484.872380][ T7610] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1484.885477][ T7610] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1484.897620][ T7610] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1484.955035][ T7610] usb 9-1: config 0 descriptor?? [ 1484.986976][ T7610] pwc: Askey VC010 type 2 USB webcam detected. [ 1485.193058][ T6430] loop2: detected capacity change from 0 to 7 [ 1485.221167][ T6430] Dev loop2: unable to read RDB block 7 [ 1485.237587][ T6430] loop2: AHDI p1 p2 p3 p4 [ 1485.274115][ T6430] loop2: partition table partially beyond EOD, truncated [ 1485.320503][ T6430] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1485.377008][ T6430] loop2: p2 start 1700754021 is beyond EOD, truncated [ 1485.385080][ T6430] loop2: p3 start 4294967295 is beyond EOD, truncated [ 1485.398364][ T7610] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1485.471217][ T7610] pwc: recv_control_msg error -32 req 02 val 2700 [ 1485.683310][ T7610] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1485.692119][ T7610] pwc: recv_control_msg error -32 req 04 val 1000 [ 1485.719419][ T7610] pwc: recv_control_msg error -32 req 04 val 1300 [ 1485.734127][ T7610] pwc: recv_control_msg error -32 req 04 val 1400 [ 1485.746178][ T7610] pwc: recv_control_msg error -32 req 02 val 2000 [ 1485.753379][ T7610] pwc: recv_control_msg error -32 req 02 val 2100 [ 1486.007857][ T7610] pwc: recv_control_msg error -71 req 02 val 2500 [ 1486.015971][ T7610] pwc: recv_control_msg error -71 req 02 val 2400 [ 1486.023302][ T7610] pwc: recv_control_msg error -71 req 02 val 2600 [ 1486.031442][ T7610] pwc: recv_control_msg error -71 req 02 val 2900 [ 1486.039266][ T7610] pwc: recv_control_msg error -71 req 02 val 2800 [ 1486.046770][ T7610] pwc: recv_control_msg error -71 req 04 val 1100 [ 1486.053844][ T7610] pwc: recv_control_msg error -71 req 04 val 1200 [ 1486.064127][ T7610] pwc: Registered as video103. [ 1486.095744][ T7610] input: PWC snapshot button as /devices/platform/dummy_hcd.8/usb9/9-1/input/input181 [ 1486.408758][ T7610] usb 9-1: USB disconnect, device number 47 [ 1486.902298][ T6454] kvm: requested 188571 ns i8254 timer period limited to 200000 ns [ 1486.922202][ T6454] kvm: requested 186057 ns i8254 timer period limited to 200000 ns [ 1486.932298][ T6454] kvm: requested 47771 ns i8254 timer period limited to 200000 ns [ 1486.956709][ T6454] kvm: requested 187733 ns i8254 timer period limited to 200000 ns [ 1486.975659][ T6454] kvm: requested 161752 ns i8254 timer period limited to 200000 ns [ 1486.985865][ T6454] kvm: requested 142476 ns i8254 timer period limited to 200000 ns [ 1487.047863][ T6454] kvm: requested 186057 ns i8254 timer period limited to 200000 ns [ 1487.121423][ T6464] loop5: detected capacity change from 0 to 7 [ 1487.150689][ T6464] Dev loop5: unable to read RDB block 7 [ 1487.188506][ T6464] loop5: unable to read partition table [ 1487.208803][ T6464] loop5: partition table beyond EOD, truncated [ 1487.295829][ T6464] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1490.195499][T19123] usb 10-1: new high-speed USB device number 32 using dummy_hcd [ 1490.355863][T19123] usb 10-1: Using ep0 maxpacket: 16 [ 1490.392446][T19123] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1490.464656][T19123] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1490.474431][T19123] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1490.489940][T19123] usb 10-1: Product: syz [ 1490.495147][T19123] usb 10-1: Manufacturer: syz [ 1490.512076][T19123] usb 10-1: SerialNumber: syz [ 1490.535385][T19123] usb 10-1: config 0 descriptor?? [ 1490.544270][T19123] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1490.553872][T19123] em28xx 10-1:0.0: DVB interface 0 found: bulk [ 1491.288757][T19123] em28xx 10-1:0.0: chip ID is em2765 [ 1491.403823][ T3030] syz_tun (unregistering): left allmulticast mode [ 1491.577571][ T3030] bond2: (slave macvlan2): Releasing active interface [ 1491.893052][T19123] em28xx 10-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1491.909042][T19123] em28xx 10-1:0.0: board has no eeprom [ 1492.184820][ T3882] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1492.211589][T19123] em28xx 10-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1492.235345][T19123] em28xx 10-1:0.0: dvb set to bulk mode. [ 1492.245839][T19125] em28xx 10-1:0.0: Binding DVB extension [ 1492.302088][T19123] usb 10-1: USB disconnect, device number 32 [ 1492.322297][T19123] em28xx 10-1:0.0: Disconnecting em28xx [ 1492.471902][T19125] em28xx 10-1:0.0: Registering input extension [ 1492.499138][T19123] em28xx 10-1:0.0: Closing input extension [ 1492.536916][T19123] em28xx 10-1:0.0: Freeing device [ 1492.558762][ T3882] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1492.848865][ T3882] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1492.945405][T19123] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 1493.130599][T27091] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1493.144059][T27091] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1493.153322][T27091] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1493.168637][T27091] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1493.188172][T27091] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1493.308176][ T3882] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1493.325452][T19123] usb 6-1: Using ep0 maxpacket: 16 [ 1493.332988][T19123] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1493.348512][T19123] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1493.360993][T19123] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1493.369698][T19123] usb 6-1: Product: syz [ 1493.382008][T19123] usb 6-1: Manufacturer: syz [ 1493.396346][T19123] usb 6-1: SerialNumber: syz [ 1493.413447][T19123] usb 6-1: config 0 descriptor?? [ 1493.433188][T19123] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1493.448233][T19123] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 1494.017955][ T3882] bridge_slave_1: left allmulticast mode [ 1494.023718][ T3882] bridge_slave_1: left promiscuous mode [ 1494.043288][T19123] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 1494.172115][ T3882] bridge0: port 2(bridge_slave_1) entered disabled state [ 1494.233072][ T3882] bridge_slave_0: left allmulticast mode [ 1494.505163][ T3882] bridge_slave_0: left promiscuous mode [ 1494.521862][ T3882] bridge0: port 1(bridge_slave_0) entered disabled state [ 1494.628879][ T6555] kvm: pic: non byte write [ 1495.256136][ T2119] Bluetooth: hci4: command tx timeout [ 1495.601161][T19123] em28xx 6-1:0.0: read from i2c device at 0xa0 failed with unknown error (status=255) [ 1495.619198][T19123] em28xx 6-1:0.0: board has no eeprom [ 1495.858201][T19123] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1495.883443][T19123] em28xx 6-1:0.0: dvb set to bulk mode. [ 1495.926717][T19125] em28xx 6-1:0.0: Binding DVB extension [ 1495.947750][T19123] usb 6-1: USB disconnect, device number 68 [ 1495.983470][T19123] em28xx 6-1:0.0: Disconnecting em28xx [ 1496.133575][T19125] em28xx 6-1:0.0: Registering input extension [ 1496.179870][T19123] em28xx 6-1:0.0: Closing input extension [ 1496.305651][T19123] em28xx 6-1:0.0: Freeing device [ 1496.799764][ T6587] kvm: requested 134933 ns i8254 timer period limited to 200000 ns [ 1496.810503][ T6587] kvm: requested 196114 ns i8254 timer period limited to 200000 ns [ 1496.941686][ T6587] kvm: requested 78781 ns i8254 timer period limited to 200000 ns [ 1496.964882][ T6588] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3343437945 (53495007120 ns) > initial count (52285443328 ns). Using initial count to start timer. [ 1496.988466][ T6587] kvm: requested 176838 ns i8254 timer period limited to 200000 ns [ 1497.028674][ T6587] kvm: requested 35200 ns i8254 timer period limited to 200000 ns [ 1497.035990][ T6588] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1497.060387][ T6587] kvm: requested 34361 ns i8254 timer period limited to 200000 ns [ 1497.117548][ T6587] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 1497.160910][ T6587] kvm: requested 137447 ns i8254 timer period limited to 200000 ns [ 1497.188484][ T6587] kvm: requested 105600 ns i8254 timer period limited to 200000 ns [ 1497.205797][ T6587] kvm: requested 196952 ns i8254 timer period limited to 200000 ns [ 1497.339819][ T2119] Bluetooth: hci4: command tx timeout [ 1497.610121][ T6598] binder: 6596:6598 ioctl c0306201 200000000280 returned -14 [ 1498.042314][ T3882] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1498.064892][ T3882] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1498.080784][ T3882] bond0 (unregistering): Released all slaves [ 1498.091458][ T3882] bond1 (unregistering): Released all slaves [ 1498.155555][ T7610] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 1498.199338][ T6609] netlink: zone id is out of range [ 1498.204518][ T6609] netlink: zone id is out of range [ 1498.210322][ T6609] netlink: zone id is out of range [ 1498.215771][ T6609] netlink: zone id is out of range [ 1498.221082][ T6609] netlink: zone id is out of range [ 1498.227460][ T6609] netlink: zone id is out of range [ 1498.232902][ T6609] netlink: zone id is out of range [ 1498.238174][ T6609] netlink: zone id is out of range [ 1498.243510][ T6609] netlink: zone id is out of range [ 1498.249422][ T6609] netlink: zone id is out of range [ 1498.497524][ T3882] bond2 (unregistering): Released all slaves [ 1498.719028][ T7610] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1498.743133][ T7610] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1498.789972][ T7610] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1498.800098][ T7610] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1498.808236][ T7610] usb 3-1: Product: syz [ 1498.812611][ T7610] usb 3-1: Manufacturer: syz [ 1498.817466][ T7610] usb 3-1: SerialNumber: syz [ 1498.855733][ T3882] bond3 (unregistering): Released all slaves [ 1499.033504][ T6605] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1499.075024][ T6605] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1499.131998][ T7610] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 1499.165651][ T7610] usb 3-1: USB disconnect, device number 10 [ 1499.250163][ T6541] chnl_net:caif_netlink_parms(): no params data found [ 1499.416089][ T2119] Bluetooth: hci4: command tx timeout [ 1499.759690][ T7610] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 1500.175041][ T7610] usb 3-1: Using ep0 maxpacket: 8 [ 1500.203255][ T7610] usb 3-1: config index 0 descriptor too short (expected 301, got 72) [ 1500.217467][ T7610] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 1500.305348][ T7610] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1500.441443][ T7610] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1500.464161][ T7610] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1500.497585][ T7610] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1500.550471][ T7610] usb 3-1: config 16 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 1500.586101][ T7610] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1500.610071][ T7610] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1500.826760][ T6541] bridge0: port 1(bridge_slave_0) entered blocking state [ 1500.841564][ T6541] bridge0: port 1(bridge_slave_0) entered disabled state [ 1500.876723][ T7610] usb 3-1: usb_control_msg returned -32 [ 1500.892634][ T7610] usbtmc 3-1:16.0: can't read capabilities [ 1500.913508][ T6541] bridge_slave_0: entered allmulticast mode [ 1500.937464][ T6541] bridge_slave_0: entered promiscuous mode [ 1501.038666][ T3882] hsr_slave_0: left promiscuous mode [ 1501.058634][ T3882] hsr_slave_1: left promiscuous mode [ 1501.120452][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.126541][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.132590][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.138604][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.144625][ C0] usbtmc 3-1:16.0: invalid notification: 11 [ 1501.151119][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.158250][ C0] usbtmc 3-1:16.0: invalid notification: 2 [ 1501.164293][ C0] usbtmc 3-1:16.0: invalid notification: 5 [ 1501.170317][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.176508][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.182543][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.188904][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.194885][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.200913][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.206919][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.212931][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.218966][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.224979][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.231039][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.237417][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.243463][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.248634][ T3882] veth1_macvtap: left promiscuous mode [ 1501.249504][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.262650][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.269170][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.275203][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.281218][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.287487][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.293539][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.295456][ T3882] veth0_macvtap: left promiscuous mode [ 1501.299575][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.312115][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.318164][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.324201][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.330234][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.336272][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.342279][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.348290][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.354265][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.365602][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.372118][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.378187][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.384218][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.390290][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.396323][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.402605][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.408689][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.414699][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.420721][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.426752][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.432750][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.438791][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.444803][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.450930][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.456988][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.463524][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.469549][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.475568][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.481577][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.487593][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.493565][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.499653][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.505527][ T2119] Bluetooth: hci4: command tx timeout [ 1501.510939][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.516816][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.522664][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.528554][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.534392][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.540261][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.546131][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.551967][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.557846][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.563690][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.570275][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.576206][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.582117][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.588031][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.593937][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.599874][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.605767][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.611633][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.617502][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.623377][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.629347][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.635195][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.641122][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.646987][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.652854][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.658890][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.664749][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.671218][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.677139][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.683023][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.688891][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.694748][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.700638][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.707123][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.712982][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.718855][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.724696][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.730557][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.736421][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.742262][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.748139][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.753994][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.759866][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.765743][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.771578][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.777935][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.783775][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.789633][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.795503][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.801341][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.807194][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.813026][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.819003][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.824846][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.830720][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.836570][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.842487][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.848349][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.854184][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.860066][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.865939][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.871776][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.874273][ T3882] veth1_vlan: left promiscuous mode [ 1501.878296][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.889323][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.895391][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.901633][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.907681][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.913724][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.919856][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.925927][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.931949][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.937946][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.944023][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.950110][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.956135][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.962154][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.968138][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.974452][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.980550][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.986557][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.992541][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1501.998505][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.004465][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.010447][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.016555][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.022516][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.028476][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.034437][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.040401][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.046362][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.052324][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.058345][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.064330][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.070322][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.079524][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.085910][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.091965][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.098059][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.104132][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.105475][ T3882] veth0_vlan: left promiscuous mode [ 1502.110164][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.121285][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.127340][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.133398][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.142342][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.148604][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.154636][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.160685][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.166755][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.172782][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.179123][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.185748][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.191829][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.198000][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.204093][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.210215][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.216317][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.222378][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.228459][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.234559][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.240619][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.246722][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.252747][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.258801][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.264944][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.270960][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.277066][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.283518][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.290151][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.296264][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.302335][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.308548][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.314636][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.320750][ C0] usbtmc 3-1:16.0: invalid notification: 0 [ 1502.541243][ T7610] usb 3-1: USB disconnect, device number 11 [ 1505.278213][ T3882] team0 (unregistering): Port device team_slave_1 removed [ 1505.368243][ T3882] team0 (unregistering): Port device team_slave_0 removed [ 1506.039720][ T6541] bridge0: port 2(bridge_slave_1) entered blocking state [ 1506.047001][ T6541] bridge0: port 2(bridge_slave_1) entered disabled state [ 1506.054331][ T6541] bridge_slave_1: entered allmulticast mode [ 1506.062990][ T6541] bridge_slave_1: entered promiscuous mode [ 1506.159821][ T6541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1506.274987][ T6541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1506.468166][ T6541] team0: Port device team_slave_0 added [ 1506.483604][ T6541] team0: Port device team_slave_1 added [ 1507.649056][ T6541] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1507.662847][ T6541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1507.785327][ T6541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1507.829031][ T6541] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1507.853528][ T6541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1507.925336][ T6541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1507.950730][ T6700] bridge0: entered allmulticast mode [ 1508.277594][ T6705] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1508.316498][ T6699] team0: Port device macvlan2 removed [ 1508.350098][ T6705] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1508.583878][ T6711] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11180'. [ 1508.598462][ T6541] hsr_slave_0: entered promiscuous mode [ 1508.630619][ T6541] hsr_slave_1: entered promiscuous mode [ 1508.689137][ T79] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1508.703253][ T6711] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11180'. [ 1508.790768][ T79] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1508.801376][ T79] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1508.907589][ T3882] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1508.937805][ T3882] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1508.945374][T25354] usb 10-1: new high-speed USB device number 33 using dummy_hcd [ 1509.069097][ T79] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1509.107526][T25354] usb 10-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1509.121341][T25354] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1509.146025][T25354] usb 10-1: config 0 descriptor?? [ 1509.198153][ T3882] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1509.237527][ T3882] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1509.367105][ T3882] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1509.388111][ T3882] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1509.456005][ T5835] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 1509.589324][T25354] usb 10-1: Cannot set MAC address [ 1509.594998][T25354] MOSCHIP usb-ethernet driver 10-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 1509.595469][ T3882] bond1: (slave netdevsim0): Releasing backup interface [ 1509.610264][T25354] usb 10-1: USB disconnect, device number 33 [ 1509.625505][ T5835] usb 6-1: Using ep0 maxpacket: 32 [ 1509.633860][ T5835] usb 6-1: config 0 has an invalid interface number: 12 but max is 0 [ 1509.648675][ T5835] usb 6-1: config 0 has no interface number 0 [ 1509.677510][ T5835] usb 6-1: config 0 interface 12 has no altsetting 0 [ 1509.687394][ T3882] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1509.706886][ T5835] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1509.716405][ T5835] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1509.724431][ T3882] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1509.744783][ T5835] usb 6-1: Product: syz [ 1509.753185][ T5835] usb 6-1: Manufacturer: syz [ 1509.760700][ T5835] usb 6-1: SerialNumber: syz [ 1509.802465][ T5835] usb 6-1: config 0 descriptor?? [ 1509.823891][ T5835] f81534 6-1:0.12: required endpoints missing [ 1510.012126][ T6679] syz.2.11173 (6679): drop_caches: 1 [ 1510.043429][ T6682] syz.2.11173 (6682): drop_caches: 1 [ 1510.185631][ T30] audit: type=1326 audit(1770636305.315:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6735 comm="syz.2.11183" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa6a319af79 code=0x0 [ 1510.615992][ T5835] usb 10-1: new high-speed USB device number 34 using dummy_hcd [ 1510.824840][ T5835] usb 10-1: Using ep0 maxpacket: 32 [ 1510.837038][ T5835] usb 10-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 1510.848142][ T5835] usb 10-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 1510.863019][ T5835] usb 10-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1510.903630][ T5835] usb 10-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 1510.930956][ T5835] usb 10-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 1510.957153][ T5835] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1510.967456][ T5835] usb 10-1: Product: syz [ 1510.972624][ T5835] usb 10-1: Manufacturer: syz [ 1510.978638][ T5835] usb 10-1: SerialNumber: syz [ 1511.057225][ C0] imon 10-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 1511.093915][ T5835] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/input/input184 [ 1511.128688][ T6751] create_pit_timer: 18 callbacks suppressed [ 1511.128710][ T6751] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1511.182291][ T6751] kvm: pic: non byte read [ 1511.193087][ T6751] kvm: pic: level sensitive irq not supported [ 1511.193906][ T6751] kvm: pic: non byte read [ 1511.224316][ T6751] kvm: pic: level sensitive irq not supported [ 1511.224448][ T6751] kvm: pic: non byte read [ 1511.237646][ T6751] kvm: pic: level sensitive irq not supported [ 1511.237732][ T6751] kvm: pic: non byte read [ 1511.249751][ T6751] kvm: pic: level sensitive irq not supported [ 1511.249946][ T6751] kvm: pic: non byte read [ 1511.295355][ T5835] imon 10-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 1511.310435][ T5835] (id 0x00) [ 1511.540048][ T5835] rc_core: IR keymap rc-imon-pad not found [ 1511.555686][ T5835] Registered IR keymap rc-empty [ 1511.560663][ T5835] imon 10-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 1511.571292][ T5835] imon 10-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 1511.607551][ T5835] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/rc/rc0 [ 1511.634961][ T5835] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/rc/rc0/input185 [ 1511.677342][ T5835] imon 10-1:155.0: iMON device (15c2:ffdc, intf0) on usb<10:34> initialized [ 1512.150011][T25354] usb 6-1: USB disconnect, device number 69 [ 1512.223938][ T6766] imon:send_packet: task interrupted [ 1512.229729][ T6766] imon:send_packet: packet tx failed (-512) [ 1512.238494][ T6766] imon:vfd_write: send packet #1 failed [ 1512.275721][ T6766] imon:send_packet: task interrupted [ 1512.281072][ T6766] imon:send_packet: packet tx failed (-512) [ 1512.353590][ T6766] imon:vfd_write: send packet #0 failed [ 1512.385124][ T6767] imon:display_open: display port is already open [ 1512.408778][ T6766] imon:send_packet: task interrupted [ 1512.422145][ T6766] imon:send_packet: packet tx failed (-512) [ 1512.434661][ T6766] imon:vfd_write: send packet #0 failed [ 1512.450932][ T6766] imon:send_packet: packet tx failed (-32) [ 1512.474578][ T6766] imon:vfd_write: send packet #0 failed [ 1512.503322][ T3882] bond0 (unregistering): (slave bridge2): Releasing backup interface [ 1512.512454][ T5835] usb 10-1: USB disconnect, device number 34 [ 1512.636750][ T3882]  (unregistering): Released all slaves [ 1512.686495][ T3882] bond1 (unregistering): Released all slaves [ 1513.086141][ T3882] bond2 (unregistering): (slave veth3): Releasing active interface [ 1513.122067][ T3882] bond2 (unregistering): Released all slaves [ 1513.632905][ T3882] bond0 (unregistering): Released all slaves [ 1513.760821][ T6784] geneve2: entered promiscuous mode [ 1513.771282][ T3881] netdevsim netdevsim9 netdevsim0: set [1, 1] type 2 family 0 port 49292 - 0 [ 1513.795416][ T3881] netdevsim netdevsim9 netdevsim1: set [1, 1] type 2 family 0 port 49292 - 0 [ 1513.842626][ T3881] netdevsim netdevsim9 netdevsim2: set [1, 1] type 2 family 0 port 49292 - 0 [ 1513.893190][ T3881] netdevsim netdevsim9 netdevsim3: set [1, 1] type 2 family 0 port 49292 - 0 [ 1514.188365][ T6802] binder_alloc: 6799: pid 6799 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1514.285956][ T6805] binder_alloc: 6799: pid 6799 spamming oneway? 2 buffers allocated for a total size of 5120 [ 1514.989100][ T6827] netlink: 'syz.2.11205': attribute type 1 has an invalid length. [ 1515.096253][ T6831] netlink: 28 bytes leftover after parsing attributes in process `syz.2.11205'. [ 1515.204373][ T6827] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1515.215849][ T5835] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 1515.230460][ T6831] bond1: entered promiscuous mode [ 1515.265114][ T6831] bond1: entered allmulticast mode [ 1515.422545][ T3882] hsr_slave_0: left promiscuous mode [ 1515.438898][ T5835] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 1515.454175][ T3882] hsr_slave_1: left promiscuous mode [ 1515.456095][ T5835] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1515.506851][ T5835] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1515.510967][ T3882] veth1_macvtap: left promiscuous mode [ 1515.532901][ T5835] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1515.546078][ T3882] veth0_macvtap: left promiscuous mode [ 1515.568329][ T5835] usb 6-1: Manufacturer: syz [ 1515.596272][ T5835] usb 6-1: config 0 descriptor?? [ 1515.765361][ T5835] rc_core: IR keymap rc-hauppauge not found [ 1515.779712][ T5835] Registered IR keymap rc-empty [ 1515.828502][ T5835] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 1515.869386][ T5835] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input186 [ 1515.934699][ C0] igorplugusb 6-1:0.0: Error: urb status = -32 [ 1516.129968][ T5835] usb 6-1: USB disconnect, device number 70 [ 1520.326104][ T6541] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1520.379431][ T6541] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1520.439180][ T6541] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1520.488569][ T6541] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1520.724684][ T6922] syzkaller0: entered promiscuous mode [ 1520.765622][ T6922] syzkaller0: entered allmulticast mode [ 1520.876217][ T3882] IPVS: stop unused estimator thread 0... [ 1521.065402][ T5835] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 1521.078990][ T6541] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1521.140176][ T6541] 8021q: adding VLAN 0 to HW filter on device team0 [ 1521.168379][ T3882] bridge0: port 1(bridge_slave_0) entered blocking state [ 1521.175625][ T3882] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1521.210998][ T3882] bridge0: port 2(bridge_slave_1) entered blocking state [ 1521.218242][ T3882] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1521.276132][ T5835] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1521.306701][ T5835] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1521.318443][ T5835] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1521.330842][ T5835] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1521.335815][T25354] usb 10-1: new high-speed USB device number 35 using dummy_hcd [ 1521.345436][ T5835] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1521.371225][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1521.395707][ T5835] usb 3-1: config 0 descriptor?? [ 1521.504289][ T6541] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1521.566660][T25354] usb 10-1: Using ep0 maxpacket: 8 [ 1521.599728][T25354] usb 10-1: config 0 has an invalid interface number: 8 but max is 0 [ 1521.615390][T25354] usb 10-1: config 0 has no interface number 0 [ 1521.635135][T25354] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1521.676231][T25354] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1521.689313][T25354] usb 10-1: New USB device strings: Mfr=0, Product=128, SerialNumber=0 [ 1521.722631][T25354] usb 10-1: Product: syz [ 1521.757445][ T6541] veth0_vlan: entered promiscuous mode [ 1521.764953][T25354] usb 10-1: config 0 descriptor?? [ 1521.782333][T25354] iowarrior 10-1:0.8: IOWarrior product=0x1512, serial= interface=8 now attached to iowarrior0 [ 1521.800058][ T6541] veth1_vlan: entered promiscuous mode [ 1521.863840][ T5835] plantronics 0003:047F:FFFF.00AA: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1521.971844][ T6541] veth0_macvtap: entered promiscuous mode [ 1521.994868][ T6948] usb 10-1: USB disconnect, device number 35 [ 1522.001060][ C1] iowarrior 10-1:0.8: iowarrior_callback - usb_submit_urb failed with result -19 [ 1522.069458][ T6541] veth1_macvtap: entered promiscuous mode [ 1522.147012][ T6541] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1522.193725][ T6541] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1522.253477][ T3882] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1522.288164][ T1342] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1522.307772][ T1342] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1522.386107][ T1342] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1522.631689][ T3882] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1522.652725][ T3882] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1522.740494][ T3882] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1522.816991][ T3882] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1523.075366][T32230] usb 10-1: new high-speed USB device number 36 using dummy_hcd [ 1523.236336][T32230] usb 10-1: Using ep0 maxpacket: 16 [ 1523.248591][T32230] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1523.276962][T32230] usb 10-1: config 0 has no interfaces? [ 1523.283473][T32230] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1523.294301][T32230] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1523.314160][T32230] usb 10-1: config 0 descriptor?? [ 1523.859990][ T5835] usb 3-1: USB disconnect, device number 12 [ 1524.088341][ T6948] usb 10-1: USB disconnect, device number 36 [ 1526.183505][ T7002] binder: 6997:7002 ioctl c0306201 200000000440 returned -14 [ 1526.230335][ T30] audit: type=1326 audit(1770636321.365:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7001 comm="syz.6.11232" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f49f779af79 code=0x0 [ 1527.293160][ T7028] netlink: 9 bytes leftover after parsing attributes in process `syz.2.11238'. [ 1527.310037][ T7029] loop2: detected capacity change from 0 to 7 [ 1527.336704][ T7029] loop2: [ 1527.339746][ T7029] loop2: partition table partially beyond EOD, truncated [ 1527.389084][ T7032] netlink: 12 bytes leftover after parsing attributes in process `syz.5.11240'. [ 1527.430695][ T7028] ..0·: renamed from hsr0 (while UP) [ 1527.480100][ T7028] ..0·: entered allmulticast mode [ 1527.505730][ T7028] hsr_slave_0: entered allmulticast mode [ 1527.544147][ T7028] hsr_slave_1: entered allmulticast mode [ 1527.560365][ T7028] net_ratelimit: 44 callbacks suppressed [ 1527.560385][ T7028] A link change request failed with some changes committed already. Interface ..0· may have been left with an inconsistent configuration, please check. [ 1527.889965][ T7053] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11244'. [ 1528.047002][ T7056] veth5: entered promiscuous mode [ 1528.052330][ T7056] veth5: entered allmulticast mode [ 1528.059602][ T7056] bridge1: port 1(veth5) entered blocking state [ 1528.077398][ T7056] bridge1: port 1(veth5) entered disabled state [ 1528.480800][ T7056] bridge1: port 1(veth5) entered blocking state [ 1528.487649][ T7056] bridge1: port 1(veth5) entered forwarding state [ 1528.650478][ T3881] bridge1: port 1(veth5) entered disabled state [ 1528.877805][ T7053] veth7: entered promiscuous mode [ 1528.884060][ T7053] veth7: entered allmulticast mode [ 1528.898001][ T7053] bridge1: port 2(veth7) entered blocking state [ 1528.905046][ T7053] bridge1: port 2(veth7) entered disabled state [ 1528.915133][ T7053] bridge1: port 2(veth7) entered blocking state [ 1528.921684][ T7053] bridge1: port 2(veth7) entered forwarding state [ 1529.152626][ T3881] bridge1: port 2(veth7) entered disabled state [ 1532.789599][ T7104] binder_alloc: 7097: pid 7097 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1532.886394][ T7104] binder_alloc: 7097: binder_alloc_buf size 64768 failed, no address space [ 1533.005577][ T7104] binder_alloc: allocated: 5120 (num: 2 largest: 4096), free: 7168 (num: 1 largest: 7168) [ 1534.291185][ T30] audit: type=1326 audit(1770636329.425:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.5.11262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d9659af79 code=0x7ffc0000 [ 1534.415426][ T30] audit: type=1326 audit(1770636329.425:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.5.11262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d9659af79 code=0x7ffc0000 [ 1534.525359][ T30] audit: type=1326 audit(1770636329.425:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.5.11262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3d9659af79 code=0x7ffc0000 [ 1534.612938][ T30] audit: type=1326 audit(1770636329.425:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.5.11262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d9659af79 code=0x7ffc0000 [ 1534.738172][ T30] audit: type=1326 audit(1770636329.425:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.5.11262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d9659af79 code=0x7ffc0000 [ 1534.785445][ T30] audit: type=1326 audit(1770636329.455:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.5.11262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f3d9659af79 code=0x7ffc0000 [ 1534.859702][ T30] audit: type=1326 audit(1770636329.455:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.5.11262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d9659af79 code=0x7ffc0000 [ 1534.966909][ T30] audit: type=1326 audit(1770636329.455:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.5.11262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d9659af79 code=0x7ffc0000 [ 1535.076396][ T30] audit: type=1326 audit(1770636329.455:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.5.11262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f3d9659af79 code=0x7ffc0000 [ 1535.225811][ T7123] netlink: 28 bytes leftover after parsing attributes in process `syz.4.11258'. [ 1535.225956][ T30] audit: type=1326 audit(1770636329.455:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.5.11262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d9659af79 code=0x7ffc0000 [ 1535.510093][ T7156] syzkaller1: entered promiscuous mode [ 1535.535496][ T7156] syzkaller1: entered allmulticast mode [ 1538.001785][ T7199] kvm: requested 181028 ns i8254 timer period limited to 200000 ns [ 1538.056953][ T7199] kvm: requested 12571 ns i8254 timer period limited to 200000 ns [ 1538.100304][ T7199] kvm: requested 119009 ns i8254 timer period limited to 200000 ns [ 1538.157741][ T7199] kvm: requested 60342 ns i8254 timer period limited to 200000 ns [ 1538.218891][ T7199] kvm: requested 15923 ns i8254 timer period limited to 200000 ns [ 1538.255689][ T7199] kvm: requested 38552 ns i8254 timer period limited to 200000 ns [ 1538.264058][ T7199] kvm: requested 20114 ns i8254 timer period limited to 200000 ns [ 1538.273004][ T7199] kvm: requested 41066 ns i8254 timer period limited to 200000 ns [ 1538.288445][ T7199] kvm: requested 187733 ns i8254 timer period limited to 200000 ns [ 1538.711889][ T7219] binder: transaction release 269 bad handle 1, ret = -22 [ 1539.212430][ T7247] netlink: 'syz.2.11285': attribute type 1 has an invalid length. [ 1539.278371][ T7247] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1539.367051][ T7247] bond2: (slave gretap1): making interface the new active one [ 1539.377192][ T7247] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 1541.653423][ T7291] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1542.457129][T22237] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 1542.697463][T22237] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1542.731909][T22237] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1542.779909][T22237] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1542.793096][ T7312] geneve3: entered promiscuous mode [ 1542.835916][T22237] usb 3-1: config 0 descriptor?? [ 1542.856355][ T7302] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1543.226033][ T7320] kvm: requested 181028 ns i8254 timer period limited to 200000 ns [ 1543.250999][ T7320] kvm: requested 186895 ns i8254 timer period limited to 200000 ns [ 1543.267801][ T7320] kvm: requested 180190 ns i8254 timer period limited to 200000 ns [ 1543.276784][ T7320] kvm: requested 56990 ns i8254 timer period limited to 200000 ns [ 1543.294921][T22237] elan 0003:04F3:0755.00AB: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0 [ 1543.480501][ T7320] kvm: requested 69561 ns i8254 timer period limited to 200000 ns [ 1543.505858][ T7320] kvm: requested 172647 ns i8254 timer period limited to 200000 ns [ 1543.735746][ T7609] usb 3-1: USB disconnect, device number 13 [ 1543.742125][ T7320] kvm: requested 109790 ns i8254 timer period limited to 200000 ns [ 1543.848776][ T7320] kvm: requested 134095 ns i8254 timer period limited to 200000 ns [ 1543.921687][ T7320] kvm: requested 153371 ns i8254 timer period limited to 200000 ns [ 1544.024765][ T7320] kvm: requested 169295 ns i8254 timer period limited to 200000 ns [ 1544.172107][ T7332] fido_id[7332]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1545.971787][ T7359] netlink: 'syz.6.11307': attribute type 1 has an invalid length. [ 1546.145908][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.152552][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.285489][ T7370] netlink: 28 bytes leftover after parsing attributes in process `syz.6.11307'. [ 1546.547747][ T7362] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1546.583961][ T7362] bond5: (slave bond6): making interface the new active one [ 1546.666012][ T7362] bond5: (slave bond6): Enslaving as an active interface with an up link [ 1546.735770][ T7365] bond5: (slave gretap1): Enslaving as a backup interface with an up link [ 1546.805560][T32230] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 1546.890392][ T7370] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1546.965386][T19125] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 1546.977432][T32230] usb 3-1: config 0 has an invalid interface number: 79 but max is 0 [ 1546.996239][T32230] usb 3-1: config 0 has no interface number 0 [ 1547.003133][T32230] usb 3-1: config 0 interface 79 has no altsetting 0 [ 1547.029123][T32230] usb 3-1: New USB device found, idVendor=14aa, idProduct=0226, bcdDevice=fc.92 [ 1547.041636][T32230] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1547.070429][T32230] usb 3-1: Product: syz [ 1547.075424][ T7609] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 1547.093263][T32230] usb 3-1: Manufacturer: syz [ 1547.098937][T32230] usb 3-1: SerialNumber: syz [ 1547.117616][T32230] usb 3-1: config 0 descriptor?? [ 1547.132825][T32230] dvb-usb: found a 'WideView WT-220U PenType Receiver (Typhoon/Freecom)' in warm state. [ 1547.145700][T19125] usb 5-1: Using ep0 maxpacket: 8 [ 1547.173400][T32230] dvb-usb: bulk message failed: -22 (2/0) [ 1547.193781][T32230] dvb-usb: will use the device's hardware PID filter (table count: 15). [ 1547.197116][T19125] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1547.224949][T32230] dvbdev: DVB: registering new adapter (WideView WT-220U PenType Receiver (Typhoon/Freecom)) [ 1547.237723][T19125] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1547.256278][T32230] usb 3-1: media controller created [ 1547.263900][ T7609] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1547.279306][ T7609] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1547.295137][T19125] usb 5-1: Product: syz [ 1547.300508][T32230] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1547.310015][T19125] usb 5-1: Manufacturer: syz [ 1547.314668][T19125] usb 5-1: SerialNumber: syz [ 1547.322679][ T7609] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1547.363740][T32230] usb 3-1: DVB: registering adapter 1 frontend 0 (WideView USB DVB-T)... [ 1547.375150][ T7609] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1547.395638][T19125] usb 5-1: config 0 descriptor?? [ 1547.426899][T32230] dvbdev: dvb_create_media_entity: media entity 'WideView USB DVB-T' registered. [ 1547.450432][T19125] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1547.480657][ T7378] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 1547.493438][ T7609] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1547.728853][T32230] rc_core: IR keymap rc-dtt200u not found [ 1547.734655][T32230] Registered IR keymap rc-empty [ 1547.827008][T32230] rc rc0: WideView WT-220U PenType Receiver (Typhoon/Freecom) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0 [ 1547.846309][ T7378] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1547.858245][ T7378] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1547.870930][T32230] input: WideView WT-220U PenType Receiver (Typhoon/Freecom) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input189 [ 1548.401708][T32230] dvb-usb: schedule remote query interval to 300 msecs. [ 1548.432334][T32230] dvb-usb: WideView WT-220U PenType Receiver (Typhoon/Freecom) successfully initialized and connected. [ 1548.583948][T32230] usb 3-1: USB disconnect, device number 14 [ 1548.978929][T32230] dvb-usb: WideView WT-220U PenType Receiver (Typh successfully deinitialized and disconnected. [ 1550.145461][T19125] gspca_sonixj: reg_w1 err -71 [ 1550.205641][T19125] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 1550.228826][T19125] usb 5-1: USB disconnect, device number 91 [ 1551.107099][T19125] usb 6-1: USB disconnect, device number 71 [ 1551.615946][ T5835] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 1551.825321][ T5835] usb 5-1: Using ep0 maxpacket: 32 [ 1551.891667][ T5835] usb 5-1: config 0 has an invalid interface number: 188 but max is 0 [ 1551.902314][ T5835] usb 5-1: config 0 has no interface number 0 [ 1551.909165][ T5835] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1551.923005][ T5835] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 1551.932543][ T5835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1551.940996][ T5835] usb 5-1: Product: syz [ 1551.946009][ T5835] usb 5-1: Manufacturer: syz [ 1551.950729][ T5835] usb 5-1: SerialNumber: syz [ 1551.968015][ T5835] usb 5-1: config 0 descriptor?? [ 1551.974185][ T7428] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1552.220202][ T7428] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1552.359212][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 1552.359234][ T30] audit: type=1804 audit(1770636347.485:1200): pid=7447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.11321" name="/newroot/536/file1" dev="fuse" ino=1 res=1 errno=0 [ 1552.600134][ T7443] syz.2.11322 (7443): drop_caches: 1 [ 1552.684660][ T7448] syz.2.11322 (7448): drop_caches: 1 [ 1553.997787][ T7443] syz.2.11322 (7443): drop_caches: 1 [ 1555.303939][ T5835] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1555.350204][ T5835] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 1555.391437][ T5835] asix 5-1:0.188: probe with driver asix failed with error -71 [ 1555.435725][ T5835] usb 5-1: USB disconnect, device number 92 [ 1556.109176][ T7487] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11331'. [ 1556.255025][ T7491] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1556.598060][ T7489] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11331'. [ 1556.625826][ T7489] netlink: 20 bytes leftover after parsing attributes in process `syz.4.11331'. [ 1556.707816][ T3503] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1556.717043][ T7489] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11331'. [ 1556.732365][ T3503] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1556.747554][ T7489] netlink: 20 bytes leftover after parsing attributes in process `syz.4.11331'. [ 1556.765645][ T3503] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1556.911710][ T3503] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1557.476924][ T7515] binder: 7513:7515 ioctl c018620c 200000000240 returned -22 [ 1558.054182][ T7522] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 1558.635726][T19125] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 1558.815308][T19125] usb 6-1: Using ep0 maxpacket: 8 [ 1558.832616][T19125] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1558.842021][T19125] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1558.873416][T19125] usb 6-1: Product: syz [ 1558.894023][T19125] usb 6-1: Manufacturer: syz [ 1558.899317][T19125] usb 6-1: SerialNumber: syz [ 1558.920389][T19125] usb 6-1: config 0 descriptor?? [ 1559.137314][T19125] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1560.995508][T19125] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1561.053454][T19125] usb 6-1: USB disconnect, device number 72 [ 1563.761421][ T7562] netlink: 'syz.6.11349': attribute type 1 has an invalid length. [ 1563.880960][ T7564] netlink: 28 bytes leftover after parsing attributes in process `syz.6.11349'. [ 1564.242369][ T5835] usb 10-1: new high-speed USB device number 37 using dummy_hcd [ 1564.417760][ T5835] usb 10-1: Using ep0 maxpacket: 32 [ 1564.459247][ T5835] usb 10-1: config 0 interface 0 has no altsetting 0 [ 1564.492876][ T5835] usb 10-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1564.502208][ T5835] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1564.510505][ T5835] usb 10-1: Product: syz [ 1564.514805][ T5835] usb 10-1: Manufacturer: syz [ 1564.519875][ T5835] usb 10-1: SerialNumber: syz [ 1564.537355][ T5835] usb 10-1: config 0 descriptor?? [ 1565.072595][ T5835] gs_usb 10-1:0.0: Couldn't get device config: (err=-32) [ 1565.163190][ T5835] gs_usb 10-1:0.0: probe with driver gs_usb failed with error -32 [ 1566.295879][ T7562] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR [ 1566.319189][ T7563] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 1567.114268][T32230] usb 10-1: USB disconnect, device number 37 [ 1567.518593][T25354] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 1567.734794][T25354] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1567.755333][T25354] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1567.786153][T25354] usb 6-1: config 0 descriptor?? [ 1569.925728][T19125] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 1570.095400][T19125] usb 5-1: Using ep0 maxpacket: 8 [ 1570.104721][T19125] usb 5-1: config 0 interface 0 altsetting 247 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 1570.132642][T19125] usb 5-1: config 0 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1570.171310][T19125] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1570.187221][T19125] usb 5-1: New USB device found, idVendor=054c, idProduct=09cc, bcdDevice= 0.00 [ 1570.201109][T19125] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1570.230154][T19125] usb 5-1: config 0 descriptor?? [ 1570.382888][T25354] usb 6-1: Cannot set autoneg [ 1570.388241][T25354] MOSCHIP usb-ethernet driver 6-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 1570.422219][T25354] usb 6-1: USB disconnect, device number 73 [ 1570.649472][ T7623] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 1570.669336][T19125] playstation 0003:054C:09CC.00AC: hidraw0: USB HID vff.ed Device [HID 054c:09cc] on usb-dummy_hcd.4-1/input0 [ 1570.832345][ T7652] binder: BINDER_SET_CONTEXT_MGR already set [ 1570.847165][ T7652] binder: 7651:7652 ioctl 4018620d 200000000100 returned -16 [ 1570.860389][ T7652] binder: BINDER_SET_CONTEXT_MGR already set [ 1570.866744][ T7652] binder: 7651:7652 ioctl 4018620d 2000000002c0 returned -16 [ 1570.876334][T19125] playstation 0003:054C:09CC.00AC: Failed to retrieve feature with reportID 18: -71 [ 1570.890321][T19125] playstation 0003:054C:09CC.00AC: Failed to retrieve DualShock4 pairing info: -71 [ 1570.900418][T19125] playstation 0003:054C:09CC.00AC: Failed to get MAC address from DualShock4 [ 1570.932383][T19125] playstation 0003:054C:09CC.00AC: Failed to create dualshock4. [ 1570.982914][T19125] playstation 0003:054C:09CC.00AC: probe with driver playstation failed with error -71 [ 1571.025881][T19125] usb 5-1: USB disconnect, device number 93 [ 1571.057596][ T7650] fido_id[7650]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 1571.177465][ T7660] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11369'. [ 1572.519788][ T7676] syzkaller1: entered promiscuous mode [ 1572.533073][ T7676] syzkaller1: entered allmulticast mode [ 1572.905097][ T7680] syzkaller0: entered promiscuous mode [ 1572.910901][ T7680] syzkaller0: entered allmulticast mode [ 1576.099561][T22237] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 1576.309112][T22237] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1576.325357][T22237] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1576.339242][T22237] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1576.375365][T22237] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1576.384512][T22237] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1576.416754][T22237] usb 3-1: config 0 descriptor?? [ 1577.101922][T22237] plantronics 0003:047F:FFFF.00AD: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1577.388417][ T7721] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1577.413022][ T7721] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1577.489293][ T7721] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1577.506093][ T7721] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1577.574994][ T7609] usb 3-1: USB disconnect, device number 15 [ 1579.591627][ T7753] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11387'. [ 1580.981161][ T7753] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11387'. [ 1581.507985][T19123] usb 10-1: new high-speed USB device number 38 using dummy_hcd [ 1581.715322][T19123] usb 10-1: Using ep0 maxpacket: 32 [ 1581.731830][T19123] usb 10-1: config 0 has an invalid interface number: 67 but max is 0 [ 1581.763195][T19123] usb 10-1: config 0 has no interface number 0 [ 1581.772886][T19123] usb 10-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1581.810458][T19123] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1581.986716][T19123] usb 10-1: Product: syz [ 1581.995418][T19123] usb 10-1: Manufacturer: syz [ 1582.004623][T19123] usb 10-1: SerialNumber: syz [ 1582.050492][T19123] usb 10-1: config 0 descriptor?? [ 1582.062756][T19123] smsc95xx v2.0.0 [ 1582.070417][T19123] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1582.089759][T19123] smsc95xx 10-1:0.67: probe with driver smsc95xx failed with error -22 [ 1582.105837][ T5835] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 1582.336450][ T5835] usb 3-1: Using ep0 maxpacket: 32 [ 1582.570015][ T5835] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 1582.581152][ T5835] usb 3-1: config 0 has no interface number 0 [ 1582.588602][ T5835] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1583.063313][ T5835] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1583.095275][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1583.111389][ T5835] usb 3-1: Product: syz [ 1583.125440][ T5835] usb 3-1: Manufacturer: syz [ 1583.150504][ T5835] usb 3-1: SerialNumber: syz [ 1583.173980][ T5835] usb 3-1: config 0 descriptor?? [ 1583.198087][ T5835] smsc75xx v1.0.0 [ 1584.178437][ T5835] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 1584.196945][ T5835] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1585.189157][T25354] usb 10-1: USB disconnect, device number 38 [ 1586.132122][ T5835] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000011c: -71 [ 1586.145525][ T5835] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write RX_ADDRL: -71 [ 1586.165887][ T5835] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to set mac address [ 1586.231856][ T5835] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 1586.352124][ T5835] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 1586.492798][ T5835] usb 3-1: USB disconnect, device number 16 [ 1587.515714][ T7855] binder_alloc: 7854: binder_alloc_buf, no vma [ 1590.301127][ T30] audit: type=1326 audit(1770636385.435:1201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7884 comm="syz.2.11414" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa6a319af79 code=0x0 [ 1595.594606][ T7961] loop5: detected capacity change from 0 to 7 [ 1595.636863][ T7962] netlink: 'syz.5.11431': attribute type 1 has an invalid length. [ 1595.725833][ T7961] Dev loop5: unable to read RDB block 7 [ 1595.755440][ T7961] loop5: unable to read partition table [ 1595.775513][ T7961] loop5: partition table beyond EOD, truncated [ 1595.781817][ T7961] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1596.169433][ T7959] bond4: (slave gretap1): making interface the new active one [ 1596.213601][ T7959] bond4: (slave gretap1): Enslaving as an active interface with an up link [ 1596.300963][ T7968] vlan2: entered allmulticast mode [ 1596.485857][ T7968] bond4: entered allmulticast mode [ 1596.529761][ T7968] gretap1: entered allmulticast mode [ 1596.739076][ T7968] bond4: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 1597.260024][ T7984] loop8: detected capacity change from 0 to 7 [ 1597.297179][ T7984] Dev loop8: unable to read RDB block 7 [ 1597.314241][ T7984] loop8: unable to read partition table [ 1597.331514][ T7984] loop8: partition table beyond EOD, truncated [ 1597.599962][ T7984] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 1602.365328][ T8032] syzkaller0: entered promiscuous mode [ 1602.370885][ T8032] syzkaller0: entered allmulticast mode [ 1603.165823][ T6948] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 1603.564276][ T6948] usb 3-1: Using ep0 maxpacket: 16 [ 1603.571819][ T6948] usb 3-1: config 0 has no interfaces? [ 1603.578013][ T6948] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 1603.595016][ T6948] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1603.602768][ T8049] syzkaller0: entered promiscuous mode [ 1603.636129][ T6948] usb 3-1: config 0 descriptor?? [ 1603.639214][ T8049] syzkaller0: entered allmulticast mode [ 1603.747844][ T8054] binder: transaction release 296 bad handle 1, ret = -22 [ 1603.845367][ T6948] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 1603.937332][ T8043] bond_slave_0: entered promiscuous mode [ 1603.944101][ T8043] bond_slave_1: entered promiscuous mode [ 1603.950945][ T8043] vlan3: entered promiscuous mode [ 1603.956109][ T8043] bond0: entered promiscuous mode [ 1604.027323][ T6948] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1604.038855][ T6948] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1604.054596][ T6948] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1604.106632][T19123] usb 3-1: USB disconnect, device number 17 [ 1604.121496][ T6948] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1604.364781][ T8052] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1604.611881][ T6948] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1605.070010][ T6948] usb 5-1: USB disconnect, device number 94 [ 1605.403377][ T6220] udevd[6220]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1605.655921][ T5835] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 1605.825545][ T5835] usb 3-1: Using ep0 maxpacket: 16 [ 1605.825609][ T6948] usb 10-1: new high-speed USB device number 39 using dummy_hcd [ 1605.833404][ T5835] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1605.854326][ T5835] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1605.970746][ T5835] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1606.005339][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1606.025303][ T6948] usb 10-1: Using ep0 maxpacket: 16 [ 1606.031873][ T5835] usb 3-1: Product: syz [ 1606.056270][ T6948] usb 10-1: unable to get BOS descriptor or descriptor too short [ 1606.057096][ T5835] usb 3-1: Manufacturer: syz [ 1606.093336][ T6948] usb 10-1: config 13 has an invalid interface number: 50 but max is 0 [ 1606.156764][ T6948] usb 10-1: config 13 has no interface number 0 [ 1606.172593][ T5835] usb 3-1: SerialNumber: syz [ 1606.173135][ T6948] usb 10-1: config 13 interface 50 altsetting 167 bulk endpoint 0x88 has invalid maxpacket 16 [ 1606.222848][ T6948] usb 10-1: config 13 interface 50 has no altsetting 0 [ 1606.251783][ T5835] usb 3-1: config 0 descriptor?? [ 1606.273339][ T6948] usb 10-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 1606.294506][ T5835] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1606.303381][ T6948] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1606.336524][ T5835] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 1606.391707][ T6948] usb 10-1: Product: syz [ 1606.412086][ T6948] usb 10-1: Manufacturer: syz [ 1606.451277][ T6948] usb 10-1: SerialNumber: syz [ 1606.494364][ T8075] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22 [ 1606.926186][ T5835] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 1606.947980][ T5835] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 1607.150396][ T6948] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 1607.181640][ T6948] usb 10-1: MIDIStreaming interface descriptor not found [ 1607.417569][ T6948] usb 10-1: USB disconnect, device number 39 [ 1607.591644][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.598187][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.615766][ T5835] em28xx 3-1:0.0: Unknown AC97 audio processor detected! [ 1607.628716][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1607.682814][ T5835] em28xx 3-1:0.0: couldn't setup AC97 register 2 [ 1608.152314][ T5835] em28xx 3-1:0.0: couldn't setup AC97 register 4 [ 1608.176768][ T5835] em28xx 3-1:0.0: couldn't setup AC97 register 6 [ 1608.193734][ T5835] em28xx 3-1:0.0: couldn't setup AC97 register 54 [ 1608.214226][ T5835] em28xx 3-1:0.0: couldn't setup AC97 register 56 [ 1608.254615][ T5835] usb 3-1: USB disconnect, device number 18 [ 1608.386416][ T8092] [ 1608.388778][ T8092] ===================================================== [ 1608.395701][ T8092] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1608.403155][ T8092] syzkaller #0 Tainted: G L [ 1608.409125][ T8092] ----------------------------------------------------- [ 1608.416042][ T8092] syz.5.11464/8092 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1608.423747][ T8092] ffff888027418750 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1608.432472][ T8092] [ 1608.432472][ T8092] and this task is already holding: [ 1608.439838][ T8092] ffff888034701468 (&tty->flow.lock){....}-{3:3}, at: start_tty+0x20/0x70 [ 1608.448400][ T8092] which would create a new lock dependency: [ 1608.454301][ T8092] (&tty->flow.lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1608.462087][ T8092] [ 1608.462087][ T8092] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1608.471587][ T8092] (kbd_event_lock){..-.}-{3:3} [ 1608.471624][ T8092] [ 1608.471624][ T8092] ... which became SOFTIRQ-irq-safe at: [ 1608.484217][ T8092] lock_acquire+0x106/0x330 [ 1608.488844][ T8092] _raw_spin_lock+0x2e/0x40 [ 1608.493458][ T8092] kbd_event+0xd6/0x40d0 [ 1608.497792][ T8092] input_handle_events_default+0xd4/0x1a0 [ 1608.503597][ T8092] input_pass_values+0x288/0x890 [ 1608.508626][ T8092] input_repeat_key+0x41a/0x680 [ 1608.513566][ T8092] call_timer_fn+0x192/0x5a0 [ 1608.518258][ T8092] __run_timer_base+0x652/0x8b0 [ 1608.523207][ T8092] run_timer_softirq+0xb7/0x170 [ 1608.528142][ T8092] handle_softirqs+0x22a/0x7c0 [ 1608.532994][ T8092] __irq_exit_rcu+0x5f/0x150 [ 1608.537668][ T8092] irq_exit_rcu+0x9/0x30 [ 1608.542006][ T8092] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1608.547723][ T8092] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1608.553788][ T8092] _raw_spin_unlock_irqrestore+0x47/0x80 [ 1608.559505][ T8092] rcu_preempt_deferred_qs_irqrestore+0x7b9/0xbc0 [ 1608.566011][ T8092] __rcu_read_unlock+0x83/0xe0 [ 1608.570865][ T8092] unwind_next_frame+0x1aaf/0x23c0 [ 1608.576060][ T8092] __unwind_start+0x5b8/0x760 [ 1608.580825][ T8092] arch_stack_walk+0xe3/0x150 [ 1608.585590][ T8092] stack_trace_save+0xa9/0x100 [ 1608.590446][ T8092] kasan_save_track+0x3e/0x80 [ 1608.595208][ T8092] __kasan_kmalloc+0x93/0xb0 [ 1608.599898][ T8092] __kmalloc_node_noprof+0x55d/0x7f0 [ 1608.605276][ T8092] alloc_slab_obj_exts+0x3e/0x100 [ 1608.610418][ T8092] allocate_slab+0x1cc/0x3a0 [ 1608.615106][ T8092] ___slab_alloc+0xd82/0x1760 [ 1608.619890][ T8092] __kmem_cache_alloc_bulk+0x1ab/0x4d0 [ 1608.625443][ T8092] kmem_cache_alloc_bulk_noprof+0x3f5/0x740 [ 1608.631434][ T8092] __io_alloc_req_refill+0xb4/0x360 [ 1608.636723][ T8092] io_submit_sqes+0xe57/0x2130 [ 1608.641575][ T8092] __se_sys_io_uring_enter+0x2f7/0x2c30 [ 1608.647210][ T8092] do_syscall_64+0xe2/0xf80 [ 1608.651887][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1608.657866][ T8092] [ 1608.657866][ T8092] to a SOFTIRQ-irq-unsafe lock: [ 1608.665140][ T8092] (tasklist_lock){.+.+}-{3:3} [ 1608.665169][ T8092] [ 1608.665169][ T8092] ... which became SOFTIRQ-irq-unsafe at: [ 1608.677818][ T8092] ... [ 1608.677831][ T8092] lock_acquire+0x106/0x330 [ 1608.685098][ T8092] _raw_read_lock+0x36/0x50 [ 1608.689685][ T8092] __do_wait+0xde/0x740 [ 1608.693929][ T8092] do_wait+0x1e7/0x4f0 [ 1608.698088][ T8092] kernel_wait+0xd6/0x1c0 [ 1608.702505][ T8092] call_usermodehelper_exec_work+0xbe/0x230 [ 1608.708491][ T8092] process_scheduled_works+0xaec/0x17a0 [ 1608.714124][ T8092] worker_thread+0xda6/0x1360 [ 1608.718889][ T8092] kthread+0x726/0x8b0 [ 1608.723047][ T8092] ret_from_fork+0x51b/0xa40 [ 1608.727718][ T8092] ret_from_fork_asm+0x1a/0x30 [ 1608.732569][ T8092] [ 1608.732569][ T8092] other info that might help us debug this: [ 1608.732569][ T8092] [ 1608.742790][ T8092] Chain exists of: [ 1608.742790][ T8092] kbd_event_lock --> &tty->flow.lock --> tasklist_lock [ 1608.742790][ T8092] [ 1608.755569][ T8092] Possible interrupt unsafe locking scenario: [ 1608.755569][ T8092] [ 1608.763881][ T8092] CPU0 CPU1 [ 1608.769245][ T8092] ---- ---- [ 1608.774606][ T8092] lock(tasklist_lock); [ 1608.778858][ T8092] local_irq_disable(); [ 1608.785610][ T8092] lock(kbd_event_lock); [ 1608.792456][ T8092] lock(&tty->flow.lock); [ 1608.799393][ T8092] [ 1608.802843][ T8092] lock(kbd_event_lock); [ 1608.807349][ T8092] [ 1608.807349][ T8092] *** DEADLOCK *** [ 1608.807349][ T8092] [ 1608.815492][ T8092] 6 locks held by syz.5.11464/8092: [ 1608.820684][ T8092] #0: ffff8880347010a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1608.830439][ T8092] #1: ffff8880347012e8 (&tty->termios_rwsem/1){++++}-{4:4}, at: tty_set_termios+0x147/0x1800 [ 1608.840815][ T8092] #2: ffff8880347010a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1608.850126][ T8092] #3: ffff888034701468 (&tty->flow.lock){....}-{3:3}, at: start_tty+0x20/0x70 [ 1608.859088][ T8092] #4: ffff8880347010a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1608.868397][ T8092] #5: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1608.877478][ T8092] [ 1608.877478][ T8092] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1608.887899][ T8092] -> (kbd_event_lock){..-.}-{3:3} { [ 1608.893212][ T8092] IN-SOFTIRQ-W at: [ 1608.897290][ T8092] lock_acquire+0x106/0x330 [ 1608.903622][ T8092] _raw_spin_lock+0x2e/0x40 [ 1608.909956][ T8092] kbd_event+0xd6/0x40d0 [ 1608.916023][ T8092] input_handle_events_default+0xd4/0x1a0 [ 1608.923565][ T8092] input_pass_values+0x288/0x890 [ 1608.930591][ T8092] input_repeat_key+0x41a/0x680 [ 1608.937275][ T8092] call_timer_fn+0x192/0x5a0 [ 1608.943692][ T8092] __run_timer_base+0x652/0x8b0 [ 1608.950372][ T8092] run_timer_softirq+0xb7/0x170 [ 1608.957073][ T8092] handle_softirqs+0x22a/0x7c0 [ 1608.963658][ T8092] __irq_exit_rcu+0x5f/0x150 [ 1608.970066][ T8092] irq_exit_rcu+0x9/0x30 [ 1608.976126][ T8092] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1608.983580][ T8092] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1608.991382][ T8092] _raw_spin_unlock_irqrestore+0x47/0x80 [ 1608.998839][ T8092] rcu_preempt_deferred_qs_irqrestore+0x7b9/0xbc0 [ 1609.007103][ T8092] __rcu_read_unlock+0x83/0xe0 [ 1609.013691][ T8092] unwind_next_frame+0x1aaf/0x23c0 [ 1609.020623][ T8092] __unwind_start+0x5b8/0x760 [ 1609.027126][ T8092] arch_stack_walk+0xe3/0x150 [ 1609.033624][ T8092] stack_trace_save+0xa9/0x100 [ 1609.040213][ T8092] kasan_save_track+0x3e/0x80 [ 1609.046710][ T8092] __kasan_kmalloc+0x93/0xb0 [ 1609.053121][ T8092] __kmalloc_node_noprof+0x55d/0x7f0 [ 1609.060225][ T8092] alloc_slab_obj_exts+0x3e/0x100 [ 1609.067076][ T8092] allocate_slab+0x1cc/0x3a0 [ 1609.073580][ T8092] ___slab_alloc+0xd82/0x1760 [ 1609.080081][ T8092] __kmem_cache_alloc_bulk+0x1ab/0x4d0 [ 1609.087369][ T8092] kmem_cache_alloc_bulk_noprof+0x3f5/0x740 [ 1609.095087][ T8092] __io_alloc_req_refill+0xb4/0x360 [ 1609.102106][ T8092] io_submit_sqes+0xe57/0x2130 [ 1609.108705][ T8092] __se_sys_io_uring_enter+0x2f7/0x2c30 [ 1609.116247][ T8092] do_syscall_64+0xe2/0xf80 [ 1609.122573][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1609.130287][ T8092] INITIAL USE at: [ 1609.134266][ T8092] lock_acquire+0x106/0x330 [ 1609.140505][ T8092] _raw_spin_lock_irqsave+0x40/0x60 [ 1609.147437][ T8092] vt_reset_unicode+0x2b/0x1a0 [ 1609.153940][ T8092] reset_vc+0x68/0x1b0 [ 1609.159740][ T8092] vc_init+0x70/0x4a0 [ 1609.165458][ T8092] con_init+0x377/0x6a0 [ 1609.171358][ T8092] console_init+0xfc/0x3e0 [ 1609.177518][ T8092] start_kernel+0x226/0x3d0 [ 1609.183762][ T8092] x86_64_start_reservations+0x24/0x30 [ 1609.190964][ T8092] x86_64_start_kernel+0x143/0x1c0 [ 1609.197812][ T8092] common_startup_64+0x13e/0x147 [ 1609.204490][ T8092] } [ 1609.207074][ T8092] ... key at: [] kbd_event_lock+0x18/0xa0 [ 1609.214965][ T8092] -> (&tty->flow.lock){....}-{3:3} { [ 1609.220276][ T8092] INITIAL USE at: [ 1609.224172][ T8092] lock_acquire+0x106/0x330 [ 1609.230240][ T8092] _raw_spin_lock_irqsave+0x40/0x60 [ 1609.237001][ T8092] start_tty+0x20/0x70 [ 1609.242630][ T8092] n_tty_set_termios+0xa7c/0x10c0 [ 1609.249219][ T8092] tty_set_termios+0xdb3/0x1800 [ 1609.255630][ T8092] set_termios+0x566/0x710 [ 1609.261605][ T8092] tty_mode_ioctl+0x4a6/0x7d0 [ 1609.267847][ T8092] tty_ioctl+0x9c5/0xde0 [ 1609.273651][ T8092] __se_sys_ioctl+0xfc/0x170 [ 1609.279804][ T8092] do_syscall_64+0xe2/0xf80 [ 1609.285868][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1609.293322][ T8092] } [ 1609.295816][ T8092] ... key at: [] alloc_tty_struct.__key.35+0x0/0x20 [ 1609.304576][ T8092] ... acquired at: [ 1609.308396][ T8092] _raw_spin_lock_irqsave+0x40/0x60 [ 1609.313935][ T8092] stop_tty+0x2f/0x150 [ 1609.318179][ T8092] kbd_event+0x2ec1/0x40d0 [ 1609.322868][ T8092] input_handle_events_default+0xd4/0x1a0 [ 1609.328756][ T8092] input_pass_values+0x288/0x890 [ 1609.333871][ T8092] input_event_dispose+0x330/0x6b0 [ 1609.339153][ T8092] input_inject_event+0x1dd/0x340 [ 1609.344352][ T8092] evdev_write+0x325/0x4c0 [ 1609.348945][ T8092] vfs_write+0x29a/0xb90 [ 1609.353372][ T8092] ksys_write+0x150/0x270 [ 1609.357881][ T8092] do_syscall_64+0xe2/0xf80 [ 1609.362558][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1609.368621][ T8092] [ 1609.370941][ T8092] [ 1609.370941][ T8092] the dependencies between the lock to be acquired [ 1609.370950][ T8092] and SOFTIRQ-irq-unsafe lock: [ 1609.384455][ T8092] -> (tasklist_lock){.+.+}-{3:3} { [ 1609.389762][ T8092] HARDIRQ-ON-R at: [ 1609.393912][ T8092] lock_acquire+0x106/0x330 [ 1609.400415][ T8092] _raw_read_lock+0x36/0x50 [ 1609.406912][ T8092] __do_wait+0xde/0x740 [ 1609.413073][ T8092] do_wait+0x1e7/0x4f0 [ 1609.419140][ T8092] kernel_wait+0xd6/0x1c0 [ 1609.425472][ T8092] call_usermodehelper_exec_work+0xbe/0x230 [ 1609.433403][ T8092] process_scheduled_works+0xaec/0x17a0 [ 1609.440948][ T8092] worker_thread+0xda6/0x1360 [ 1609.447626][ T8092] kthread+0x726/0x8b0 [ 1609.453691][ T8092] ret_from_fork+0x51b/0xa40 [ 1609.460271][ T8092] ret_from_fork_asm+0x1a/0x30 [ 1609.467038][ T8092] SOFTIRQ-ON-R at: [ 1609.471188][ T8092] lock_acquire+0x106/0x330 [ 1609.477688][ T8092] _raw_read_lock+0x36/0x50 [ 1609.484183][ T8092] __do_wait+0xde/0x740 [ 1609.490366][ T8092] do_wait+0x1e7/0x4f0 [ 1609.496437][ T8092] kernel_wait+0xd6/0x1c0 [ 1609.502859][ T8092] call_usermodehelper_exec_work+0xbe/0x230 [ 1609.510752][ T8092] process_scheduled_works+0xaec/0x17a0 [ 1609.518310][ T8092] worker_thread+0xda6/0x1360 [ 1609.525000][ T8092] kthread+0x726/0x8b0 [ 1609.531099][ T8092] ret_from_fork+0x51b/0xa40 [ 1609.537701][ T8092] ret_from_fork_asm+0x1a/0x30 [ 1609.544479][ T8092] INITIAL USE at: [ 1609.548553][ T8092] lock_acquire+0x106/0x330 [ 1609.554970][ T8092] _raw_write_lock_irq+0x3d/0x50 [ 1609.561818][ T8092] copy_process+0x2199/0x3980 [ 1609.568406][ T8092] kernel_clone+0x248/0x870 [ 1609.574818][ T8092] user_mode_thread+0x110/0x180 [ 1609.581581][ T8092] rest_init+0x23/0x300 [ 1609.587649][ T8092] start_kernel+0x380/0x3d0 [ 1609.594075][ T8092] x86_64_start_reservations+0x24/0x30 [ 1609.601445][ T8092] x86_64_start_kernel+0x143/0x1c0 [ 1609.608472][ T8092] common_startup_64+0x13e/0x147 [ 1609.615324][ T8092] INITIAL READ USE at: [ 1609.619823][ T8092] lock_acquire+0x106/0x330 [ 1609.626694][ T8092] _raw_read_lock+0x36/0x50 [ 1609.633545][ T8092] __do_wait+0xde/0x740 [ 1609.640045][ T8092] do_wait+0x1e7/0x4f0 [ 1609.646462][ T8092] kernel_wait+0xd6/0x1c0 [ 1609.653179][ T8092] call_usermodehelper_exec_work+0xbe/0x230 [ 1609.661420][ T8092] process_scheduled_works+0xaec/0x17a0 [ 1609.669317][ T8092] worker_thread+0xda6/0x1360 [ 1609.676342][ T8092] kthread+0x726/0x8b0 [ 1609.682753][ T8092] ret_from_fork+0x51b/0xa40 [ 1609.689691][ T8092] ret_from_fork_asm+0x1a/0x30 [ 1609.696802][ T8092] } [ 1609.699469][ T8092] ... key at: [] tasklist_lock+0x18/0x40 [ 1609.707369][ T8092] ... acquired at: [ 1609.711340][ T8092] _raw_read_lock+0x36/0x50 [ 1609.716020][ T8092] send_sigio+0x101/0x370 [ 1609.720528][ T8092] dnotify_handle_event+0x169/0x440 [ 1609.725903][ T8092] fsnotify+0x168e/0x1ae0 [ 1609.730406][ T8092] __fsnotify_parent+0x50d/0x620 [ 1609.735606][ T8092] notify_change+0xc55/0xf40 [ 1609.740373][ T8092] do_truncate+0x1c2/0x250 [ 1609.744969][ T8092] vfs_truncate+0x4b4/0x540 [ 1609.749651][ T8092] do_sys_truncate+0xf1/0x1c0 [ 1609.754516][ T8092] __x64_sys_truncate+0x5b/0x70 [ 1609.759547][ T8092] do_syscall_64+0xe2/0xf80 [ 1609.764221][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1609.770288][ T8092] [ 1609.772614][ T8092] -> (&f_owner->lock){....}-{3:3} { [ 1609.777916][ T8092] INITIAL USE at: [ 1609.781905][ T8092] lock_acquire+0x106/0x330 [ 1609.788239][ T8092] _raw_write_lock_irq+0x3d/0x50 [ 1609.794911][ T8092] __f_setown+0x67/0x370 [ 1609.800893][ T8092] fcntl_dirnotify+0x3f9/0x6a0 [ 1609.807400][ T8092] do_fcntl+0x77e/0x1a20 [ 1609.813380][ T8092] __se_sys_fcntl+0xc8/0x150 [ 1609.819705][ T8092] do_syscall_64+0xe2/0xf80 [ 1609.825963][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1609.833593][ T8092] INITIAL READ USE at: [ 1609.838008][ T8092] lock_acquire+0x106/0x330 [ 1609.844683][ T8092] _raw_read_lock_irqsave+0x48/0x60 [ 1609.852047][ T8092] send_sigio+0x38/0x370 [ 1609.858460][ T8092] kill_fasync+0x24d/0x4d0 [ 1609.865053][ T8092] lease_break_callback+0x26/0x30 [ 1609.872244][ T8092] __break_lease+0x741/0x1b80 [ 1609.879095][ T8092] do_dentry_open+0x73a/0x1420 [ 1609.886036][ T8092] vfs_open+0x3b/0x340 [ 1609.892274][ T8092] path_openat+0x3486/0x3e20 [ 1609.899035][ T8092] do_filp_open+0x22d/0x490 [ 1609.905717][ T8092] do_sys_openat2+0x12f/0x220 [ 1609.912564][ T8092] __x64_sys_open+0x11e/0x150 [ 1609.919417][ T8092] do_syscall_64+0xe2/0xf80 [ 1609.926098][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1609.934161][ T8092] } [ 1609.936744][ T8092] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1609.945675][ T8092] ... acquired at: [ 1609.949559][ T8092] _raw_read_lock_irqsave+0x48/0x60 [ 1609.954924][ T8092] send_sigio+0x38/0x370 [ 1609.959339][ T8092] kill_fasync+0x24d/0x4d0 [ 1609.964021][ T8092] lease_break_callback+0x26/0x30 [ 1609.969223][ T8092] __break_lease+0x741/0x1b80 [ 1609.974075][ T8092] do_dentry_open+0x73a/0x1420 [ 1609.979007][ T8092] vfs_open+0x3b/0x340 [ 1609.983246][ T8092] path_openat+0x3486/0x3e20 [ 1609.988017][ T8092] do_filp_open+0x22d/0x490 [ 1609.992695][ T8092] do_sys_openat2+0x12f/0x220 [ 1609.997541][ T8092] __x64_sys_open+0x11e/0x150 [ 1610.002477][ T8092] do_syscall_64+0xe2/0xf80 [ 1610.007157][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1610.013234][ T8092] [ 1610.015659][ T8092] -> (&new->fa_lock){....}-{3:3} { [ 1610.020802][ T8092] INITIAL USE at: [ 1610.024703][ T8092] lock_acquire+0x106/0x330 [ 1610.030779][ T8092] _raw_write_lock_irq+0x3d/0x50 [ 1610.037282][ T8092] fasync_remove_entry+0xf1/0x1c0 [ 1610.043878][ T8092] sock_fasync+0x85/0xf0 [ 1610.049681][ T8092] __fput+0x8a5/0xa70 [ 1610.055311][ T8092] fput_close_sync+0x11f/0x240 [ 1610.061635][ T8092] __x64_sys_close+0x7e/0x110 [ 1610.067874][ T8092] do_syscall_64+0xe2/0xf80 [ 1610.073948][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1610.081400][ T8092] INITIAL READ USE at: [ 1610.085726][ T8092] lock_acquire+0x106/0x330 [ 1610.092226][ T8092] _raw_read_lock_irqsave+0x48/0x60 [ 1610.099419][ T8092] kill_fasync+0x199/0x4d0 [ 1610.105836][ T8092] lease_break_callback+0x26/0x30 [ 1610.112898][ T8092] __break_lease+0x741/0x1b80 [ 1610.119575][ T8092] do_dentry_open+0x73a/0x1420 [ 1610.126339][ T8092] vfs_open+0x3b/0x340 [ 1610.132413][ T8092] path_openat+0x3486/0x3e20 [ 1610.139002][ T8092] do_filp_open+0x22d/0x490 [ 1610.145505][ T8092] do_sys_openat2+0x12f/0x220 [ 1610.152179][ T8092] __x64_sys_open+0x11e/0x150 [ 1610.158849][ T8092] do_syscall_64+0xe2/0xf80 [ 1610.165349][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1610.173240][ T8092] } [ 1610.175735][ T8092] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1610.184405][ T8092] ... acquired at: [ 1610.188204][ T8092] _raw_read_lock_irqsave+0x48/0x60 [ 1610.193573][ T8092] kill_fasync+0x199/0x4d0 [ 1610.198171][ T8092] __start_tty+0x18c/0x220 [ 1610.202757][ T8092] start_tty+0x2b/0x70 [ 1610.206994][ T8092] n_tty_set_termios+0xa7c/0x10c0 [ 1610.212196][ T8092] tty_set_termios+0xdb3/0x1800 [ 1610.217218][ T8092] set_termios+0x566/0x710 [ 1610.221806][ T8092] tty_mode_ioctl+0x4a6/0x7d0 [ 1610.226652][ T8092] tty_ioctl+0x9c5/0xde0 [ 1610.231068][ T8092] __se_sys_ioctl+0xfc/0x170 [ 1610.235833][ T8092] do_syscall_64+0xe2/0xf80 [ 1610.240517][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1610.246582][ T8092] [ 1610.248903][ T8092] [ 1610.248903][ T8092] stack backtrace: [ 1610.254791][ T8092] CPU: 1 UID: 0 PID: 8092 Comm: syz.5.11464 Tainted: G L syzkaller #0 PREEMPT(full) [ 1610.254812][ T8092] Tainted: [L]=SOFTLOCKUP [ 1610.254819][ T8092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1610.254828][ T8092] Call Trace: [ 1610.254835][ T8092] [ 1610.254842][ T8092] dump_stack_lvl+0xe8/0x150 [ 1610.254862][ T8092] __lock_acquire+0x2a94/0x2cf0 [ 1610.254889][ T8092] ? kill_fasync+0x199/0x4d0 [ 1610.254907][ T8092] lock_acquire+0x106/0x330 [ 1610.254925][ T8092] ? kill_fasync+0x199/0x4d0 [ 1610.254945][ T8092] ? ldsem_down_read_trylock+0x13d/0x1b0 [ 1610.254964][ T8092] ? tty_ldisc_ref+0x1c/0x90 [ 1610.254980][ T8092] _raw_read_lock_irqsave+0x48/0x60 [ 1610.254994][ T8092] ? kill_fasync+0x199/0x4d0 [ 1610.255012][ T8092] kill_fasync+0x199/0x4d0 [ 1610.255030][ T8092] ? kill_fasync+0x53/0x4d0 [ 1610.255048][ T8092] ? __pfx_n_tty_write_wakeup+0x10/0x10 [ 1610.255068][ T8092] __start_tty+0x18c/0x220 [ 1610.255083][ T8092] start_tty+0x2b/0x70 [ 1610.255097][ T8092] n_tty_set_termios+0xa7c/0x10c0 [ 1610.255119][ T8092] ? __pfx_n_tty_set_termios+0x10/0x10 [ 1610.255138][ T8092] tty_set_termios+0xdb3/0x1800 [ 1610.255154][ T8092] ? __pfx_tty_set_termios+0x10/0x10 [ 1610.255179][ T8092] set_termios+0x566/0x710 [ 1610.255194][ T8092] ? __pfx_set_termios+0x10/0x10 [ 1610.255213][ T8092] ? tty_ldisc_ref_wait+0x25/0x70 [ 1610.255229][ T8092] ? __ia32_sys_rt_sigreturn+0x7dc/0x8e0 [ 1610.255254][ T8092] tty_mode_ioctl+0x4a6/0x7d0 [ 1610.255269][ T8092] ? __pfx_tty_mode_ioctl+0x10/0x10 [ 1610.255283][ T8092] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 1610.255307][ T8092] ? n_tty_ioctl_helper+0x84/0x4d0 [ 1610.255321][ T8092] ? __pfx_n_tty_ioctl+0x10/0x10 [ 1610.255340][ T8092] tty_ioctl+0x9c5/0xde0 [ 1610.255357][ T8092] ? __pfx_tty_ioctl+0x10/0x10 [ 1610.255372][ T8092] __se_sys_ioctl+0xfc/0x170 [ 1610.255393][ T8092] do_syscall_64+0xe2/0xf80 [ 1610.255408][ T8092] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1610.255423][ T8092] ? clear_bhb_loop+0x60/0xb0 [ 1610.255439][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1610.255454][ T8092] RIP: 0033:0x7f3d9659af79 [ 1610.255469][ T8092] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1610.255482][ T8092] RSP: 002b:00007f3d97398028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1610.255500][ T8092] RAX: ffffffffffffffda RBX: 00007f3d96816090 RCX: 00007f3d9659af79 [ 1610.255511][ T8092] RDX: 0000200000000140 RSI: 0000000000005402 RDI: 0000000000000004 [ 1610.255521][ T8092] RBP: 00007f3d966316e0 R08: 0000000000000000 R09: 0000000000000000 [ 1610.255531][ T8092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1610.255540][ T8092] R13: 00007f3d96816128 R14: 00007f3d96816090 R15: 00007f3d9693fa48 [ 1610.255555][ T8092]